Day: 15 June 2008

Not cricket? Of course it is

I love cricket. [As if you haven’t noticed]. Been a fervent follower of the game for over 40 years, been privileged to watch may great cricketers during that time.

The years haven’t been short of controversy. The first I can remember was the D’Oliviera incident in 1968, when the South African tour was cancelled after Basil was included in the touring squad. Then there was the World Series Cricket breakaway, the Packer controversy as it was called. We’ve had questions about Tony Greig’s fielding position, Murali’s double-jointedness (leading to his exceeding the elbow extension and flexion limits that most cricketers have never heard of) , Paul Adams’s Frog in a Blender action, Lever’s use of vaseline.

We’ve had Ponting’s bat, Dravid’s ball, Brearley’s helmet (see Q517), all kinds of weird and wonderful things. We’ve even had the Trevor Chappell underarm incident.

We’ve had the limited-overs game introduced and then get more and more limited, as 60 became 50 and now we have 20.

In all that time, I have never seen a more stupid controversy than this one:

Kevin Pietersen has introduced a new stroke into cricket lore. He faces a bowler right-handed, and then, as the ball is released, switches stance and grip to become a left-hander, then sweeps the ball into oblivion past the boundary ropes, for six.

I watched him do this today, twice, as England played New Zealand. Absolutely amazing strokes, great talent, great timing, great strength. And then I heard about the controversy. [While I had read about it briefly over the last year or so, I had dismissed the arguments].

What is the controversy? That Pietersen starts with a right-hand-grip on the bat and then switches to a left-hand grip, and that this places the bowler at a disadvantage.

Pfui, as Nero Wolfe was wont to say. Double Pfui.

Here’s why:

1. The stroke of the reverse sweep has been around for a very long time. Hanif Mohammed is credited with having “invented” it, though some people say it was his brother Mushtaq. Hanif is known to have used the stroke in January 1958, over 50 years ago, in an “away” Test match, against one of the best teams in the world, the West Indies.

2. The “disadvantage” the bowler is placed under is apparently all to do with field placements. Law 41.5, The Fielder deals with onside limitations and potential no-balls. Law 36, the LBW rule, is focused on the definition of the offside.

3. The controversy is apparently around the use of the phrase “striker’s stance at the moment the ball comes into play for that delivery” in the LBW law, and in the phrase “at the instant of the bowler’s delivery” in the Fielder rule

Pfui again. The reverse sweep has been around for 50 years, and it was in use for a very long time before anyone had the talent and power and timing to use it for a boundary, much less a six. Pietersen has moved the standards even higher by having the sheer effrontery (and magical ability) to change his grip and not just his stance.

The two Laws being cited are laws that apparently came into place to correct other weaknesses in the aftermath of controversy, such as the Bodyline tour. If we have to change the law to state that the batsman is considered RHB or LHB based on what he declares himself to be as he takes up his initial stance at the start of his innings, then so be it.

But claim that he’s breaking the law, or that his stroke is illegal? Puh-leease. Nobody said it was illegal when Gatting failed to pull it off, with abysmal consequences, here.

What Pietersen is doing is playing cricket. Gloriously. If, as a result of KP trying the reverse sweep while changing hands, he is out LBW as a left-hander, then let’s have him given out. If, as a result of KP trying the reverse sweep while changing hands, he misses altogether, who is going to claim a no-ball? The umpire’s not going to call it. KP’s not going to ask for it. Maybe critics think that the bowler’s going to no-ball himself?

Enough of this guff.

Musing about Wounded Knee and Wikipedia and the US Open

As a child and as a boy, I’d heard about the Battle of Wounded Knee, about Sitting Bull and about Big Foot, but as seen through the eyes of cowboy comics illustrators. My real knowledge about the battle didn’t amount to much as a result.

Today, reading newspaper reports about Tiger Woods and the US Open, I decided I wanted to know more about it, and quite naturally I went to Wikipedia. I found it intriguing that I did not go first to Google, and thought about why. I decided that there was a class of information where I considered Wikipedia to be my first stop; that this class was characterised by something I could not find anywhere else.

What was this unique thing? A notice that said “The neutrality of this article is disputed“. Sure, I’ve known about Wikipedia’s NPOV principles, and about the use of such notices. What I hadn’t appreciated was how important that notice was. What I hadn’t appreciated was that, for some classes of information, I would go to Wikipedia in preference to other places because of the willingness of Wikipedia to point out its own provisionality.

Anyway. I found the article on Wounded Knee fascinating, and spent some time wandering around related articles.

Talking about wounded knees, apparently Tiger Woods has never failed to win a major after ending the third round with a share of the lead. He’s meant to be recovering from knee surgery; watching him play yesterday, one begins to wonder what it would really take to defeat him when he decides he wants to win. Amazing player.

Some weeks ago I let you know that I’m a big fan of Camilo Villegas. Good to see him performing well (he’s lying 6th), this is the best I’ve seen him do at a major, and I’m going to be rooting for him tonight. Defeating Tiger in this mood is going to take something special from someone, and Camilo has the capacity. Every time he stands at the tee he’s thinking birdie or eagle. All he has to do is improve his driving accuracy, and he could be a contender.

What does bad look like? And related questions

I was in conversation with an old colleague, Sean Park, a few days ago; with a little bit of luck, we’ll be able to spend a little time together next week in San Francisco, at Supernova. During the conversation, this post by Chris Skinner came up.

First, a few disclaimers.

One, I am not against cyberlibertarians. I count many cyberlibertarians as my friends. In fact I’d even let my daughter marry one. Some people think I am a cyberlibertarian. And I don’t argue with them.

Two, despite all that, I signed up with the UK Border Agency IRIS scheme as soon as I could, use it regularly, and will probably sign up with its equivalent for the US and Europe as soon as I can. So I am not against the technology.

Three, I like what Bruce Schneier has to say about many things, and particularly about things to do with security. This liking predates (by a long way) and is completely unconnected with, our becoming colleagues much later. [Incidentally, we have never met, either as colleagues or before then, although we’ve been in the same room quite a few times. Maybe this will change, we’re both at Supernova.]

Having said all that.

There’s identity and there’s identity. “Identity” covers things I assert about myself, things that only I can assert about myself. It covers things that others assert about me, things that only others can assert about me. It also covers things that I assert, but where my assertion is weak unless it is backed up by someone or something else.

When I say that I like Grateful Dead or Traffic or Crosby Stills Nash and Young or John Mayall or Jim Croce, I am asserting something about myself. A last.fm audioscrobbler attached to iTunes can see whether my listening habits match my stated likes, but it cannot say what I like. That is for me to say. When a bank says that I have a credit rating of X, they are asserting something about me that I cannot assert about myself. When a government gives me a token to help me assert who I am (such as a passport or a driving licence), the government is doing something I couldn’t do as well.

So there’s identity and there’s identity. It’s all the rage, it’s the happening thing, there are now more people working in the identity space than in call centres worldwide. [Doesn’t it feel like that to you?].

And, as Chris Skinner says, it looks like biometrics will become more important, more dominant, more pervasive. Shivers down spine. Collywobbles. Paroxysms of sweat. I begin to get a teensy weensy bit concerned.

Why? Not because I think someone’s going to gouge my eye out and re-use it. Not because I think that someone’s going to chop my finger off. [Yes, there are times and there are places where this can and probably will happen, but in this conversation I consider the Chopping Off argument to be a Red Herring.]

I’ve been concerned about the use of biometrics in everyday life for a few decades now. Nearly 30 years ago, when I worked for Burroughs Corporation, we had a division that manufactured ATMs. And I remember seeing a presentation where people queued up to a hole in the wall to draw money, presented their eyeballs to an even smaller hole in the wall, had their retinas scanned before the hole vomited out cash. And I thought to myself, who designs these things? Who imagines that someone would actually do this? Did they talk to anyone, any would-be customers?

If you want to understand the pros and cons of biometrics, you must read this article in ACM by Bruce. So what if it’s almost a decade old, the points he makes still hold true. It’s an expansion and improvement on an another note by him, written a year earlier in his Crypto-Gram newsletter.

Here are some excerpts:

  • [B]iometrics work well only if the verifier can verify two things: one, that the biometric came from the person at the time of verification, and two, that the biometric matches the master biometric on file. If the system can’t do that, it can’t work
  • Biometrics are unique identifiers, but they are not secrets. You leave your fingerprints on everything you touch, and your iris patterns can be observed anywhere you look.
  • Once someone steals your biometric, it remains stolen for life; there’s no getting back to a secure situation.
  • Biometrics are powerful and useful, but they are not keys. They are not useful when you need the characteristics of a key: secrecy, randomness, the ability to update or destroy.
  • [B]iometrics are necessarily common across different functions. Just as you should never use the same password on two different systems, the same encryption key should not be used for two different applications. If my fingerprint is used to start my car, unlock my medical records, and read my electronic mail, then it’s not hard to imagine some very unsecure situations arising.

As a frequent traveller, I am happy to use biometrics-based processes when it mean my immigration and security queues are shortened significantly. IRIS has been a boon for me.

But if my bank asked me to start using iris recognition based schemes, I would probably change bank.

Why?

Now you must be used to people tritely asking you “So what does good look like to you?” [What an appalling question. Why can’t they ask you what you want? I’m old and patient now, so I forgo the temptation to “throw them under that question”, a la that other appalling phrase “throw them under the bus”. Who thinks this unadulterated crap up anyway?]

So humour me for a second and allow me to use the phrase “What does bad look like?” When I use IRIS, “bad” means that someone has managed (a) to get a copy of my iris as stored in some humongous central database somewhere (b) convinced some hardware and software in a booth that he/she is me returning to the UK. Depending on my actual travelling status, that may throw up some conflicts and errors, and the worst that could happen is that I spend some time sorting out the mess when I next pass through. But the facts will be on my side, and I don’t live in a police state. People may be appalled by CCTV Britain, by Guantanamo Bay, by 42 day detentions, but none of that is as scary as The Emergency was to me in 1975-77. Not even close.

It’s not as if someone can leave my iris behind at a crime scene. If someone finds my eyeball rolling around alongside a corpse, the chances are the corpse is me. if someone leaves a photograph of my iris behind as a calling card, not even the Keystone Cops will assume that I’m the likely perpetrator.

So bad doesn’t look too bad in many of these cases.

When it comes to banking, it’s a different story. Bad can look bad. If you’d like a humorous way of finding out why, listen to this clip by Mitchell and Webb. [Oh the humanity. Worth listening to for that line alone.]

We already use biometrics for banking, the common-or-garden signature is a biometric, particularly if you start analysing pressure and time and emphasis and all that jazz. People have tried to forge signatures, and if electronic signatures become more common, then I am sure that people will try even harder to forge signatures.

I try and adapt to changes in the environment around me. For example I think about where I want to use my credit or debit cards so as to minimise the risk of cloning, and avoid the places where I think the risk is high. If my bank said I could use iris recognition in order to withdraw cash, I wouldn’t sign up. I would use other ways. if they said that it was the only way, I would use other banks. Simple as that.

It doesn’t mean that I am against the use of biometrics. Rather, I am against the use of biometrics in environments where the weaknesses of biometrics overwhelm the strengths. As stated before, I use biometrics to enter the UK. And I would be happy to use biometric locks in my front door, as Xeni Jardin refers to here.

As Bruce says in that article, if someone wanted access to my house, they can make a surreptitous copy of my key or throw a rock through my window. They don’t have to cut my finger off.

Biometrics aren’t bad. Biometric banking is already here, as in the use of signatures. But we need to think hard about allowing increased use of biometrics in banking. Because bad could then look very bad.

Let’s be careful out there.