Showing posts with label privacy. Show all posts
Showing posts with label privacy. Show all posts

29 January 2015

Is Time Money, or is Money Time?


James Wallman
You may or may not know that this last week has been wild, because on January 23rd, a gentleman named James Wallman had an article on the BBC Magazine based on his book, Stuffocation, and mentioned me. (I'm also cited in the book.) The citation was for one of my history lessons, "The $3,500 Shirt", which I gave regularly in my Western Civ and World History classes when it came time for the Industrial Revolution talk. I also shared it with several people, including Mr. Wallman, and here on SleuthSayers on June 6, 2013.

After the citation in BBC Magazine, the article got a few hits. (!!!) It also got a few comments. Some people simply could not (perhaps would not?) believe that clothing could be that expensive. Most of time their quarrel was with my multiplying the time spent making the shirt by current minimum wage, saying that didn't show how little people were paid back then, and so the shirt would be much cheaper. Which, in terms of cash paid out, is absolutely true. BUT not when it comes to the amount of time: time-wise, it was infinitely more expensive. Because for most of history, labor (time) was what counted, more than money:
Father took out a round, big silver half-dollar. He asked, "Almanzo, do you know what this is?" "Half a dollar," Almanzo answered. "Yes. But do you know what half a dollar is? It's work, son… You know how to raise potatoes, Almanzo?… Say you have a seed potato in the spring, what do you do with it?" "You cut it up. … Then you harrow - first you manure the field, and plow it. Then you harrow, and mark the ground. And plant the potatoes and plow them, and hoe them. You plow and hoe them twice… Then you dig them and put them down cellar." "Yes, and then you pick them over all winter, you throw out the little ones and the rotten ones. Come spring, you load them up and haul them here to Malone, and you sell them. And if you get a good price son, how much do you get to show for all that work? How much do you get for a bushel of potatoes?" "Half a dollar," Almanzo said. "Yes," said Father. "That's what's in this half-dollar, Almanzo. The work that raised half a bushel of potatoes is in it." Almanzo looked at the round piece of money that Father held up. It looked small, compared to all that work.
— Laura Ingalls Wilder, Farmer Boy, pp. 182-184.
Work is important. Work is time. How much a penny or a dollar is worth changes over time; but the number of hours in a day don't. And you don't get the whole 24 hours to do anything you want: you have to sleep, eat., etc. So if you subtract 8-10 hours a day for all those other things (sleep, eating, bathroom, washing, travel to and from work, etc.), what you have left is 14-16 hours a day to work, play, live. Thanks to the Industrial Revolution, most of us (at least in the Western world) don't have to spend 12+ hours a day at hard physical labor, so we have a tendency to think in terms of money (how much did it cost?) rather than time (how long did it take?), but, as I say, that wasn't the way people used to think about things.

Here are a couple of ways to look at things:

First, the Shirt, and then I want to move on to such fun things as criminals and celebrities. First off, some weavers and spinners gave me some more exact figures (I under-figured for spinning; over-figured for weaving), so here goes:
Note how long the shirt is.

To make a shirt entirely by hand - and we're going to go with 25 gauge for a decent, but coarse shirt - we start with the spinning. 25 ÷ threads per inch × 36 inches wide × 8 yards (shirts were longer then) = 7200 warp yards, plus about the same for weft = 14,400 yards of thread; divided by 30 yards per hour = 480 hours. The weaving (which I admit I over-estimated in the original) requires about 20 hours including 10 hours minimum for set up – stretching the warp, setting up and threading the loom – and then another 8-10 for weaving. And the sewing, which I still say would take 7 hours, including finishing all the seams. So the new figures are:
Spinning - 480 hours
Weaving - 20 hours
Sewing - 8 hours
Total: 508 hours of labor to make a shirt.
This still doesn't include things like buttons, or the needle and thread to sew the shirt, nor the labor that went into raising/processing the linen, cotton, or wool.

Imagine spending 480 hours to make enough thread to weave a shirt. No wonder Ellen Rollins said "The moaning of the big [spinning] wheel was the saddest sound of my childhood. It was like a low wail from out of the lengthened monotony of the spinner's life." (Jack Larkin, The Reshaping of Everyday Life, p. 26) And that would be 480 hours "fitted in", because almost no woman (luckily!) could spend an entire working week (72 hours in pre-Industrial times) doing nothing but weaving. She had chores to do, like cooking, cleaning, dairying, weeding, minding children, etc. No matter what price she got for that yarn, she would undoubtedly have felt like Almanzo - a pretty small sum for that much work.

480 hours: that's 7 weeks' work in pre-Industrial times; 12 weeks' work in today's Western working world. What do you have around your house that costs that much? That costs three months' worth of your time, of your year? A shirt? How many shirts, at that rate, could you actually afford, considering you also have to pay for rent and food? And could get no credit?

Now you have some idea of what most people were up against before the Industrial Revolution. (And why the first thing the industrial revolution produced was cloth, and why the first inventions were spinning machines.)
St-aethelthryth.jpg NOTE: one thing about medieval objects, they were, for the most part extremely well-made. Things lasted. I have read of a hand woven linen sheet lasting 100 years. (Of course, well-cared for linen only gets better – more supple and soft – with successive washings and bleachings.) And they didn't waste anything. Everything was darned, mended, cut down, reused, repurposed, recycled, you name it. (Most of the Victorian poor bought or received their clothing second hand.) But there was cheap stuff, too: the ribbons and gee-gaws that were sold at the annual St. Audrey's Fair in medieval England got cheaper and cheaper until, by the 17th century, "tawdry" had become a synonym for "cheap, gaudy and showy".
Back to hours and time. Today we calculate almost everything in terms of money, how to get it, how to increase it, how to spend it, save it, bank on it… But money is only a symbolic representation of labor, of time. (There isn't any currency, at least in the Western world, that has any intrinsic value.) Perhaps our obsession with money is that it buys us time - or does it?

Not always. Exhibit 1: Criminals.

Quite simply, most criminals don't understand why people work. Why exchange all those hours of hard labor when you can get money so much easier by stealing, conning, forging, robbing, or even killing for it? Much less time, much less effort. Of course criminals ignore the endless mental planning and rehearsing - the obsession - that is their life. They ignore the fact that the $20,000,000 heist is literally one in 20,000,000, and is probably not going to be theirs. They ignore the immense effort and hardship that a life of crime requires. And they most definitely ignore the fact that, if caught (as so, so, so many are), they will give ALL their time for the crime, spending years, if not their entire life, on 24/7 watch with no privacy at all.

Of course no one reading this would give up all their time for something as stupid as crime. So I give you Exhibit 2: Celebrities.

Celebrities - including royalty, athletes, movie stars, rock stars, CEOs, and some politicians - live a lifestyle of fabulous wealth and almost unlimited access to anything the celebrity wants. But, they pay for that with ALL their time. A celebrity is never off-stage. Paparazzi are omnipresent. Phones are tapped. (Ask Rupert Murdoch.) National Enquirer has their hairdressers and stylists on speed-dial. So the exchange is everything for everything. What's left of the person underneath the celebrity? If everything is public, is there any private person there? People have been wondering for centuries if there was anyone under the mask of Louis XIV. What was under Norma Desmond's mask but the hunger for more?

The hunger for more: for more time, more money, more fame, more stuff, more, more, more… Well, we've got the machines, and we've got the stuff, but now everyone complains how they don't have enough time. So what are you willing to spend your time on? What can you afford to spend your time on? What is worth your time?

04 August 2013

PINs and Passwords, Part 1


Needles…
More often than you might imagine, financial institutions deploy inadequate security protection, the type of inadequacy where the word ‘woefully’ often finds itself used. I don’t know how much Discover has beefed up its on-line security since I last owned a card, but its password protection was weaker than some porn sites (so I’m told, ahem). It took Capital One and Washington Mutual a while to come up to speed, but my present bank still allows only a ten character password.

If a bank left the keys in their door at night or even left it unlocked, you could hardly blame the curious– or the wicked– for coming inside and wandering around. But that’s happened in the on-line financial world. Institutions lobby for harsh penalties, but their rantings and ravings are meant to detract attention from their own failings.

But a third party is involved, you, the customer. What do you have in your wallet?

From the aspect of a consumer, we can use the following to protect ourselves. From the standpoint of crime writers, we can use the information below to plot clues within a story.

… and PINs

Think about your PIN number, ‘PIN’ singular because most people use one for everything, even their security alarm code. And past behavior suggests people will continue using an easily exposed code even after reading an article like this.

But wait. Doesn't a 4-digit PIN imply guessing one is only a 1-in-10,000 chance?

Not at all. Knowing a little about you (Social Security Number, birth date, etc.) might help hackers, but the PINs and alarm codes of one in four customers can be reduced to sixteen or so numbers.

Does yours begin with 1? Or 19?

The vast majority of PIN numbers begin with 1 or 0. If yours starts with 1, you’ve reduced the possibilities from 10,000 to 1000. If 19, your herd's shrunk to 100.

Do you use the internationally ubiquitous top N° 1 PIN? 1234? Or another of the popular sequential variants, 4321, 5678, 6789?

Does your number begin with 19xx, perhaps a date? The possible numbers are now one hundred, probably a lot less, maybe twenty possibilities if you’re young and eighty possibilities if you aren’t, but a few more if the number represents month-and-day (MMDD) or day-and-month (DDMM). Popular dates that go beyond birthdays include George Orwell's literary 1984 and historical years 1492 and 1776.

Take 2486, which has two strikes against it: It not only comprises semi-sequential even numbers, but it's also a visual pattern, a diamond on a keypad. Other popular visuals are a square (1397), a cross (2046), an X (1937), and the most popular of all, a straight line down the middle (2580). Visual patterns produce deceptively random-looking numbers, but statistics demonstrate they offer little security. And let's face it: Security and convenience find themselves at odds with each other.

'heat' map

statistical moiré
PIN-stripes

Using graphing tools and such visuals as 'heat maps', researchers can determine less than obvious patterns. Some stand out like stars in the sky while others exhibit a warp and woof of woven fabric revealing unconscious human subtleties we're unaware of.

People love couplets, paired digits such as 1010, 1212, the ever-popular 6969, Intel’s 8080, or that Zager and Evans song, 2525. Even when not using 9898 or 2323, people exhibit a preference for pairs one numeric step apart such as 2389 (2-3,8-9) or 5478 (5-4,7-8)) instead of 2479 or 5668. Perhaps we still hear childhood chants in our head from when we learned to count.

A few users exhibit a distinct lack of imagination, to wit: 0001. Others look to pop culture for inspiration, especially fans of James Bond (0007 or 0070), Star Trek (1701), or George Lucas (1138). The 1980s hit 867-5309 peaked at #4 on both the Billboard Hot 100 chart and the hottest 7-digit PIN list.

Some people can’t be bothered at all: 0000, 1111, 2222, 9999, etc. These same overall patterns persist with PINs longer than four digits although people tend to pick phone numbers when forced to select 7-digits, thus adding artificial randomization to the mix.

The problem with guessable PINs surprisingly worsens when customers are forced to use additional digits, moving from about a 25% probability with fifteen numbers to more than 30% (not counting 7-digits with all those phone numbers). In fact, about half of all 9-digit PINs can be reduced to two dozen possibilities, largely because more than 35% of all people use the all too tempting 123456789. As for the remaining 64%, there's a good chance they're using their Social Security Number, which makes them vulnerable. (And as we know, Social Security Numbers contain their own well-known patterns.)

To reemphasize, the greater the number of digits required, the more predictable selections become. Why? Why does the problem worsen with additional digits? As people are forced to use more digits, I hypothesize they react by falling back on easy-to-recall patterns such as sequences. Someone might remember 3791, but they won't easily recall 379114928, and they may reason 123456789 is as difficult as any other number.

PIN-pricks

The bad guys know these things. They don’t need high-speed analysis engines or intensive code-cracking software. They know the numbers and work the odds. As often as not, they can hack into an account– or your house or your medical files or your life– within moments.

Armed with only four possibilities, hackers can crack 20% of all PINs. Allow them no more than fifteen numbers, and they can tap the accounts of more than a quarter of card-holders.
PIN-ups
If you absolutely cannot remember little used numbers and carry a reminder, at least code the number in some way.
• Some take a cue from old-fashioned costing codes that used alphabet substitution for digits: I=1, J=2, K=3, …
• Roman numerals might be another idea, e.g, 2009=MMIX.
• One handy method is to subtract your PIN from 9999 and write that down. When you need your PIN, you simply subtract the code from 9999 again. (For those who know hexadecimal (base 16: 0-1-2-3-4-5-6-7-8-9-A-B-C-D-E-F), this geeky technique is even more effective: Where F is 15, subtract your PIN from FFFF, e.g, 9531=6ACE. I used this method to label keys in an apartment complex: 1422B=EBDD4.)

Your job– you should choose to accept it– is to make breaking into your account as difficult as possible, not that institutions tell you what you really need to know: Their usual advice is to cover ATM and store keypads with your hand. Don’t tell anyone your PIN. Don’t write it on a stick-em and carry it in your billfold.

But you can do a lot more than that: Make your number as difficult to guess as possible.

PIN-wheel

So what numbers are rarely used? Generally, the higher the first digit, the less common the password. Of the ten least used PINs, four start with 8, two with 9, and two with 6. Just don’t blow your efforts with 8888 or 8000, or 9999 or 9000.

Tip: Sure, you want a number you can remember. Toward that end, I suggest picking an easy four letter word (or a word with the same number of letters as the number of PIN digits) you can remember, say ‘easy’ itself. Look at E-A-S-Y on a telephone keypad and you’ll see the letters correspond to 3279, which breaks the most obvious patterns. Reverse the digits if you like to make the combination harder. If your ATM doesn't show letters, then open your cell phone. See more tips in the box at right.

PIN-points

In the following table* of the twenty most used numbers, it becomes painfully obvious any baddie who’s learned only the first four or five most popular numbers can suck the money out of one in five ATM accounts. With a crib sheet of these twenty numbers, he can boost his takings to 27%.

Most Common PIN Numbers
rank PIN freq %
1 1234 10.713
2 1111 6.016
3 0000 1.881
4 1212 1.197
5 7777 0.745
6 1004 0.616
7 2000 0.613
8 4444 0.526
9 2222 0.516
10 6969 0.512
11 9999 0.451
12 3333 0.419
13 5555 0.395
14 6666 0.391
15 1122 0.366
16 1313 0.304
17 8888 0.303
18 4321 0.293
19 2001 0.290
20 1010 0.285

Least Common PIN Numbers
rank PIN freq %
9981 9047 0.001161
9982 8438 0.001161
9983 0439 0.001161
9984 9539 0.001161
9985 8196 0.001131
9986 7063 0.001131
9987 6093 0.001131
9988 6827 0.001101
9989 7394 0.001101
9990 0859 0.001072
9991 8957 0.001042
9992 9480 0.001042
9993 6793 0.001012
9994 8398 0.000982
9995 0738 0.000982
9996 7637 0.000953
9997 6835 0.000953
9998 9629 0.000953
9999 8093 0.000893
10000 8068 0.000744
* Credit for this table and the heat maps goes to math mensch and privacy professional, Nick Berry.

PIN-out

Now go forth and protect thy accounts. And drop me a line if you use these clues in your own stories.