Apr 17, 2015

RFIDs, Encryption, and Stop Rules... Oh My!

This post is about one facet of how people think, or don't think. It is about programming. It is about stupidity built into the human mind.

Every programmer knows what a stop rule is. They may not know it by that name. I learned that particular name in an AI (Artificial Intelligence) class and found that it applied to people as well as programs.

Unless you are using gotos (you evil vile fiend) every loop in every program has a stop rule a rule that tells the loop when it is done. If you have done any AI work you know that every search algorithm has at least two stop rules and usually more, one that stops the search when it has found what it is looking for, another that stops the search when it is determined that it cannot find what it is looking for, and usually one more that stops the search when it has run for as long as you want it to run. There are a lot of other examples from AI.

At some point in my life I noticed that people also use stop rules. I found that every one, including me, are not aware that they have stop rules. We are all terrible at noticing when they kick in. I've been watching myself for stop rules for around 40 years and I still run into stop rules that I did not know I had.

Here is an example: I used to work for a woman who, oddly enough, I did not like. Not because she was female, I usually get a long well with female managers, but because you could not argue with her. She was always correct. But, she could not explain why she was correct. If she believed something was true then it was true.

One day in a faculty meeting she told us all that the syllabus for a class is a contract. That surprised me. A syllabus does not meet any of the basic requirements of a contract. I asked her how a syllabus could be considered a contract. I asked if there was a special law or a precedent that made it a contract? She told me again that it is a contract. I have noticed that when people hit a stop rule they get a particular look on their faces and a specific tone to their voices and at that point you might as well just move on. She was showing all the standard signs. So I dropped the subject.

Then she said that you cannot change a contract. She said that a contract is a contract and can not be changed. Well, I laughed. I have spent a lot of time in business, I have written large parts of contracts, I have read many contracts. I have read books on contract law. I have talked at length with lawyers about contracts. I know that contracts can be changed. Most contracts even have a set of clauses that set out a procedure for changing the contract. But, all contracts can be changed by mutual agreement of the parties to the contract.

I blurted out that of course you can change a contract. She reiterated that "A contract is a contract and can not be changed". I started to argue with her and give examples but the look I got told me that that was a very bad idea. So, I just ignored what she said and made sure that my syllabi always included a clause stating that the syllabus was subject to change at any time and without notice.

(I actually had a student try to extort a better grade by threatening to turn me in for changing my syllabus. I told him to read the clause at the bottom. The clause that said that the syllabus was subject to change at any time and without notice. He read it and he shut up. Funny, some students will do anything to get a good grade except for doing the work.)

The first time I noticed the stop rule effect was just after I took an AI class in college. I was, I believe, a senior. I was never a freshman, but I was a senior for several years. I had just been called an atheist, a term I find rather puzzling. I was trying to explain to this fellow that the fact that we did not share the same conception of God did not make either of us atheists. (But that is a subject for a blog I most likely will never write.) In the middle of this discussion he blurted out that "to prove God does not exists you would have to be everywhere at the same time". That left me staring at him and then I tried to explain what I was not trying to disprove the existence of God. He said exactly the same thing but with his eyes unfocused and his voice in a fixed but forceful tone. I tried to ask him why he thought that I was trying to disprove the existence of God. I even pointed out that you cannot prove a negative. He shouted that phrase at me and turned red. I stepped back and pointed out that I was not trying to prove anything about God, I was trying to explain my conception of God. He screamed the statement at me, turned purple, and put his fist in my face. I backed up some more and asked him what was going on. He snapped out of it, and calmed down, it was like he had never even noticed what he was doing. It was like something out of a bad horror movie. He was possessed by that phrase. His whole mind locked up when his thought process lead him to that stop rule.

Then there was the friend who had seen an advertisement for artificial star sapphires. In the ad all the sapphires were the same size. I could not convince him that size was not part of the definition of "star sapphire". He didn't believe me even when I showed him a star sapphire of a different size. He told me that I was not showing him a star sapphire because it was too small to be a star sapphire.

There was also the case of a friend who told me that you could not write a compiler in Basic. Kind of an odd discussion.... I had made the off hand remark that you could write a compiler in any language. He said what he said to prove me wrong. Well, you can write a compiler in Basic. I had to ask a lot of questions to figure out where he got that "fact".

It turned out that to him Basic was one of the two implentations of the language that ran on our mainframe. And, to him a compiler was defined as a program that could call the machine specific, OS specific, system call used to write UNIVAC style linkable code to a file. To him nothing else was a compiler. The language he called Basic did not allow you to make that system call. Therefore, you could not write a compiler in Basic.

In all these cases I had run into stop rules. A stop rule of the mind is a phrase, concept, or fact that you can not think past. It is like an axiom in geometry. Only more so. What happens is that when the mind gets to a certain area of thought instead of thinking through the concept and reexamining the existing evidence, the mind dredges up an existing fixed concept and returns that as an unquestionable absolute FACT. Running into the stop rule ends all further thought.

You also see stop rules in expert systems. You need them to stop evaluation of patterns in the knowledge base. Stop rules are used to block circular search that leads to infinite loops.

Some stop rules are dangerous. One of the most dangerous stop rules in computing is the idea of encryption. So many people think that if something is encrypted it is "safe". This is not true and it leads to some absurd beliefs and behaviours.

The other day I was talking to a customer service rep at Time Warner Cable who asked me why I don't autopay my monthly bill. I told him the truth. I told him that I do not trust his company to keep my information private. All of my other monthly bills are paid automatically. But, not that one. I don't trust them. His reply was to tell me that they keep all their records encrypted. I commented that encryption is only as good as the security applied to the keys. If they are doing what he said they are doing the keys were available from each and every one of their database servers. In other words, keeping records encrypted doesn't necessarily add any security. The encrypted data is only as secure as the keys.

Encryption is a major stop rule. If you want something to be secure, just encrypt it! Once you decide to encrypt, your security problems are solved! No. No. Not at all. Even encrypted data can be understood without decrypting it. Don't believe me? Look up how passwords are stored. They are encrypted and the plain text is erased, only the crypto text is retained. When you type in your password it is encrypted and the new piece of crypto text is checked to see if it matches the crypto text of the password that is on file. The stored password is never decrypted.

So, finally I get to RFIDs. Radio Frequency IDs are a big thing. Some people have them under their skin right now. A lot of pets have RFIDs. RFIDs are used to prevent shop lifting. If you put them on shipping boxes they are great for keeping track of where things are in a warehouse and great for making sure that a box gets on the right truck. They even put them in US passports. But, they were expected to be much bigger than that. Much much bigger than they are. And, it all comes down to encryption.

You see, retailers wanted to put RFIDs inside every product. Not just in the packaging, in the product. Your toilet paper would have an RFID that identified it as toilet paper. Your laptop would have an RFID that identified it as a laptop. I believe that the plan was to encrypt the SKU (Stock Keeping Unit) of each product, place that information into an RFID chip and then build the chip into each product.

Why would retailers want this to happen? Imagine shelves that read RFIDs. Each shelf in a store would "know" what was on the shelf. It would know how many items were on the shelf. If someone picks one up and puts it on the wrong shelf, well that shelf would tell the system what happened and someone could be sent out to move it back. If the shelf becomes empty then someone can be sent out to restock the shelf.

It gets better than that. Lets say you have electronic signage on each shelf. The shelf can look up the product and display the name of the product and its current price. No more paying people to change signage. No more bar codes either. You do not need them if you have RFIDs.

The retailers were even talking about doing away with check out. Just walk out the door and the price of everything you took out of the store would be automagically deducted from your bank account. Of course they would know what you carried in and what you carried out so they could make sure they didn't charge you for the clothes you wore into the store.... I never did hear what they were planning to do if you didn't have enough money in the bank to pay for your purchases. Drop a cage on you?

There are a few problems with the plan... You walk into a store, buy a new diamond ring, and leave. Ok, a guy in a car with a few dollars worth of hardware scans you as you leave the store, follows you home and relieves you of the diamond. Or, you are walking along with a new laptop in your backpack and someone with a few dollars worth of hardware pings your RFIDs and steps out of the shadows and relieves you of the back pack.

They were talking about putting RFIDs in US currency. That would let the bad guys count the money in your pocket and decide who is worth robbing...

Hey! no problem say the RFID peddlers. The info on the RFID is encrypted! The bad guys can't read it! No. Not true. Not at all. Remember passwords?

You see, to make this work there has to be a database that maps crypto text to plain text. It must exist. To do an RFID based transaction you have to read the crypto text from an RFID. Then you have to pass it to something that gives you the real SKU. That SKU is then used to look up the price. Even if there is no way to decrypt the SKU stored inside the product you still have to be able to get the real SKU from the encrypted SKU. That implies the existence of a database that contains all the SKUs and the matching crypto text. That database would be worth a lot to the bad guys. That database has to exist no matter what kind of information is stored in the RFID. That means that no matter how good the security is around that database someone will sell it.

The alternative to the database is to have copies of the decryption keys spread all over the world. Which we can count on being secure for oh, maybe ten minutes?

But, then, the bad guys do not need to buy the database. They can build it themselves. Just walk through a store and collect encrypted SKUs from the products on the shelves. If that isn't practical just buy or steal products and collect their encrypted SKUs. Pawn shops and fences would get a whole new revenue stream from collecting and selling databases of encrypted SKUs paired with product descriptions.

(Techies tend to think of criminals as stupid technophobes while at the same time worrying about how to defend against the next hacker attack. Truly twisted thinking.)

The development and testing of schemes for putting an RFID inside every product you buy went on for quit a few years. It took that long for someone to point out how bogus the idea was. It took about 6 months for the whole idea to collapse after the flaw in their thinking was pointed out. Years of work went into this screwy idea because the concept of encryption is a powerful stop rule. For years not one person figured out that just encrypting the information did not solve the security problems. I have talked to some of the people who took part in that project and they are very intelligent people. But, they never noticed the problem. They were blocked by a stop rule called "encryption". They accepted it as a solution without thinking it through.

Stop rules are dangerous. How many do you have? Are you even aware that you have them?

I can guarantee that you have them. You would probably go insane without them. You see, people believe that their stop rules are all facts. Most people do not question facts. It has been said, apparently by several different famous people that "Everyone is entitled to their own opinions, but they are not entitled to their own facts". What I have learned is that, everyone has their own facts.

Think about this simple stop rule: "2+2=4". That is something I hope you learned in grade school. It is difficult to add 2 and 2 if you have not memorized this stop rule. Oh, you could count on your fingers to two, and then do it again, and then count the fingers you touched, the result will be 4. But then, knowing how to count depends on memorized stop rules er... facts. If you had to rederive, reinvent, or reexamine all your stop rules every time you use them you would go nuts. But, then you would have to be insane to do that in the first case. There is no difference in the mind between stop rules and facts. Facts are the bedrock of our verbal thinking system.

Just for fun let's try to think past a stop rule. Let's challenge a basic fact. Can you imagine that 2 plus 2 is not equal to 4? Could it ever be that the sum of 2 and 2 is 1? Well, yes it can. If we are talking about modulo 3 arithmetic then it is always the case that 2 plus 2 is equal to 1. Funny, we just went "past" a fact and found an alternative that is also true, but not the same.

What if 2 is not even a number? What if all numbers are pairs of what we call numbers? In that case 2 is not a number but (2,0) and (1,3) are numbers. Well sure, if you have learned much math at all you will see those as coordinates on a plane and think I am talking about vector math, right? In this case I am talking about toroidal math. The first value is modulo N (say N=3 just for grins and giggles) and the second value is modulo M (say M=5) and we have pairs of values that designate points on the surface of a torus. Wow, all that from just questioning a single well established fact known to every grade school child in the world. If we are able to go there we see that 2 plus 2 is not always equal to 4. We see that 2 all by itself is not necessarily a number. And, we see that we can do arithmetic bound to the surface of a torus.

What do you have if you use 3 values to represent a value and use modulo arithmetic on all three values? You get hypertoroidal arithmetic. You would be doing arithmetic bound to the surface of a hypertorus.

We are dependent on using memorized facts to do our thinking. If we get some of them wrong, and especially if we cannot question them even when our facts are challenged, we can go through our lives using facts/stop rules that do not correspond to reality. We are forced to go through our lives with no chance of discovering anything new. We can never have the joy of realizing that much of what we know is wrong. We cannot advance toward greater understanding of ourselves or the Universe.

Looking into this peculiar phenomenon I have learned some interesting information. First off, we (all humans) tend to avoid any information that contradicts our existing stop rules. We even seek out information that seems to back up our existing stop rules. This phenomenon is called "confirmation bias" and has been well studied for quite a while now. I have to admit I see this in myself. It is why I laugh at people who quote Fox News and treat anything I hear on the BBC as gospel. (Ok, not quite...)

Another interesting thing about this phenomenon is that the way we look at facts is one of the four known axes of human personality. As far as I have been able to find out this idea originates with Carl Jung and has been refined by Myers & Briggs in their theory of personality types. What they call the iNtuitive - Sensing (NS) axis is all about our attitudes toward facts. To a person on the intuitive end of the axis all facts are evidence of underlying principles. This person can not see the trees for the forest. The other end, the so called sensing end, treats facts as facts, absolute unchallengeable rules that stand on their own. This is the person who can not see the forest for the trees. This indicates that some people are more likely to be affected by false stop rules and more resistant to modifying them than other people.

This page gives a best guess at the percentage of people in the US with the 16 different personality types. (I should point out that there are an infinite number of possible personalities within the 16 general types.) According to that page roughly 73% of people in the US are on the S, facts is facts, end of the spectrum. That means that almost 3/4ths of the people in the US have a natural resistance to changing their views. They accept facts (stop rules) as unchallengeable nuggets of pure truth that cannot change. That is why in the US someone who changes their mind when faced with new facts is called a "Flip Flopper" and can't get elected. Learning and changing your opinions goes against most people's basic nature. No wonder our schools focus on memorization instead of learning. No wonder that so many are suspicious of science...

Unexamined stop rules, facts that are not facts, cause irrational behaviour. Most people like it that way.

I started out to talk about how unchallenged stop rules, that is, unexamined assumptions, lead to bad decisions, even to irrational behavior. I hope I have done that. I hope if you read this far you got something useful out of it.

Since I have referenced Myers & Briggs I feel that I must come clean and tell you that my Myers Briggs type is INTP. If you look up INTPs you'll find that we are rather odd ducks:

We make up about 3% of the population but are about 7% of all software developers.




5 comments:

  1. Thank you for your thoughtful piece from your fellow INTP software developer.

    ReplyDelete
    Replies
    1. Good to hear from you!

      I had my nose rubbed in the prevalence of INTPs in software development one evening when I was teaching a game programming class. I like to get to class at least half an hour before it is supposed to start. A student came in early and we got talking about the MBTI. Turns out he had just found out that he was an INTP. Hey! I'm one too! How cool is that?

      Well, the next guy wandered in and asked what we were talking about and it turns out that he too was an INTP.

      The punchline is that out of nearly 30 students all but one was an INTP. The odd man out was an INTJ. Turns out that INTJs are as rare as INTPs, about 3% of the population, but they make up 29% of software developers.

      Delete
  2. Minor nit: passwords are very rarely encrypted, but they are often conatenated with a salt, and passed through a one-way hash function -- and then the resulting hash and salt is stored. One *could* store passwords encryped, and some systems do that (to a certain extent), eg: kerberos.

    I wonder if those percentages differ around the world (eg: with the general structure of the school system?).

    ReplyDelete
  3. Ya know? I almost mentioned that, with pre, post, and even infix salts. But, since I thought it would just add complexity and get away from the point I was trying to make, and because one way hashes are, at least to me, a form of encryption. I didn't do it.

    As to your question about school systems, I can't answer that. I have noticed that I make distinctions that other people do not. In this case your make a distinction that I do not make. Part of that is the N versus S difference I mentioned in the post. But, I know that a number of personal cases are the result of having a specific professor or using a specific text book. I spent a large part of my life implementing programming languages. I did not learn from the famous dragon book. I had to read the damn thing so that I could even talk to other language implementers. Not just so that we had a common vocabulary, but so that I could understand why they were doing such stupid stuff. We were just taught differently at different Universities pretty much all from the US.

    By the way, if you always use the same salt, or the same salt algorithm, which you must if you want to generate the same result when given the same input, a requirement for passwords, does using a salt actually increase security? Or rather, does it decrease security by exposing the hash to cracking based on a known common pattern? I know that is used to help break encryption. And, of course, there is no such thing as a one way hash. There are asymmetric hashes that are very very asymmetric which are called one way hashes. But no true one way hashes.

    Funny story, during the battle of Leyte Gulf Admiral "Bull" Halsey got really pissed off because of a salt added by a cypher clerk. The message asked where his task force was. The salt was "The world wonders?".

    Thank you for your comment

    Grumpy

    ReplyDelete
  4. Interesting idea. Now that you point it out I am starting to see it in many places. Usually on discussion boards. In the one I was reading earlier 'c is unsafe' seems to be one people get stuck on. Ignoring how useful the language is and the other side ignoring that yeah it is a language that lets you get into trouble real fast (I have reasons why people do that but that would be a whole different discussion).

    To your point with RFID. The *idea* is cool (heck I would love to shop that way). But most people who build things do not think like criminals. They have presupposed ideas about criminals. Then they do not think like someone stuck in a meeting who wants to get a raise and willing to mess over all their customers. They think like someone who is building something. Why would you destroy something?!

    However, your point is also a dangerous one to hold onto and could be easily misinterpreted. You could end up so flexible you do not decide on anything. Sometimes you have to say 'ah screw it go for it' or 'you know this is a really bad idea, stop'. In your RFID case you could argue they didnt have the right halt conditions to even see they could be making a large mistake. This is either due to deliberate blindness or missing information.

    ReplyDelete