Posts tagged networks
CU Boulder study finds racial ‘hierarchy of bias’ drives decision to shoot armed, unarmed suspects
Oct 24th
Both the police and student subjects were most likely to shoot at blacks, then Hispanics, then whites and finally, in a case of what might be called a positive bias, Asians, researchers found.
In the first study of its kind, Joshua Correll, Bernadette Park and Charles M. Judd of CU-Boulder’s Department of Psychology and Neuroscience and Melody Sadler of San Diego State University examined how police and a group of undergraduate subjects decide whether to shoot or not to shoot “suspects” in a multi-ethnic environment.
“Most studies on the subject of stereotyping and prejudice look at two (ethnic) groups, usually in isolation. It’s always one group against another group,” said Correll, a CU graduate who joined the faculty in August after a stint at the University of Chicago.
“But as the country becomes more ethnically diverse, it’s more and more important to start thinking about how we process racial and ethnic cues in a multicultural environment,” he said.
As with previous studies into the question, data were gathered from subjects playing a “first person shooter” video game, in which figures of varying ethnicity — Caucasian, Asian, Hispanic and African-American — pop up, either “armed” with a weapon or another benign object, such as a cell phone.
Participants — 69 CU-Boulder undergraduates and 254 police officers — had to make quick decisions as to which figures posed a “threat” and shoot them. The police officers were recruited from two-day training seminars in Florida, New Mexico and Washington and represented numerous jurisdictions from 11 states.
The research demonstrates how persistent cultural stereotypes are, Correll said. Even students who displayed little bias when interviewed demonstrated otherwise when faced with a split-second decision.
“I may not believe it personally, but I am exposed to stereotypes constantly through media or social networks … (such as) the idea that young black men are dangerous,” he said. “Those associations can have an influence on my behavior even if I don’t believe them.”
The study found that police were considerably more accurate than students at correctly identifying a genuinely threatening suspect, as opposed to those brandishing a cell phone or wallet, perhaps a reflection of training. But officers were still influenced by the target’s race — an influence that may derive from the officers’ “contacts, attitudes and stereotypes,” Correll said.
For example, police who endorsed more violent stereotypes about Hispanics and those who overestimated the prevalence of violent crime in their districts demonstrated more bias to shoot Hispanic targets. That raises the question of whether police are responding to real-world threats — and whether that means some ethnic groups really are more likely to be armed and dangerous than others.
“That is a very sensitive question, whether or not (police officers’) reactions are based on some kind of truth. Is this police officers responding to reality on the ground? The short answer is, we don’t know,” Correll said. “But this research almost demands that we ask that question.”
The researchers’ recent findings were published in the Journal of Social Issues. The work was funded by a grant from the Russell Sage Foundation.
In 2007, Correll (then at the University of Chicago), Sadler (then at CU-Boulder), Park and Judd collaborated with the Denver Police Department on a widely cited study that found police officers were less influenced than the general public by racial bias and less likely than the general population to make a decision to shoot at African-American suspects wielding a benign object.
-C
Boulder renewed as a Platinum Bicycle Friendly Community by the League of American Bicyclists
Oct 19th
Across the U.S., bicycling is on the rise – thanks in part to communities like Boulder taking steps to make riding easy, accessible and safe. Today, the League of American Bicyclists (LoAB) announced the latest round of Bicycle Friendly Communities (BFC) and renewed Boulder’s standing as a Platinum Bicycle Friendly Community. The Platinum award recognizes Boulder’s continued commitment to improving conditions for bicycling through investments in education, infrastructure, policies and promotion.
“We are excited that Boulder recognizes that simple steps to make biking safe and comfortable pay huge dividends in civic, community and economic development,” said League President Andy Clarke. “Bicycling is more than a practical, cost-effective solution to many community challenges – it’s a way to make Boulder a place where people don’t just live and work, but thrive.”
The BFC program is revolutionizing the way communities evaluate quality of life, sustainability and transportation networks by allowing them to measure their progress toward improving bicycle-friendliness. The free program provides a roadmap for building a Bicycle Friendly Community and the application process itself has become a rigorous educational tool.
In September, the league announced the “Diamond” level designation to raise the bar for communities like Boulder to move beyond Platinum. The LoAB will visit Boulder in December to conduct an audit and work with the local cycling community on creating clear goals to achieve Diamond status. The primary measure of Diamond designation is the number of people riding and community satisfaction. The five levels of the award – diamond, platinum, gold, silver and bronze – provide a clear incentive for communities to continuously improve.
“Boulder’s Platinum designation renewal recognizes many years of sustained effort by the community, city staff and local policy makers,” said Director of Public Works for Transportation Tracy Winfree. “It is a great accomplishment and celebrates the community’s commitment to bicycle friendliness. Given the City of Boulder’s ethic of ‘continuous improvement,’ we appreciate the league’s challenge for communities like Boulder to reach beyond Platinum to the new Diamond designation.”
Since the BFC program’s inception, more than 500 communities have applied and there are now 242 Bicycle Friendly Communities in 47 states across America. To learn more about the Bicycle Friendly Communities, visit www.bikeleague.org/community.
[includeme src=”http://c1n.tv/boulder/media/bouldersponsors.html” frameborder=”0″ width=”670″ height=”300″]
Cookie Monster zaps your files Web developers read this Boulder
Nov 14th
Programming and human factors
by Jeff AtwoodNov 13, 2010
The Firefox add-in Firesheep caused quite an uproar a few weeks ago, and justifiably so. Here’s how it works:
- Connect to a public, unencrypted WiFi network. In other words, a WiFi network that doesn’t require a password before you can connect to it.
- Install Firefox and the Firesheep add-in.
- Wait. Maybe have a latte while you’re waiting.
- Click on the user / website icons that appear over time in Firesheep to instantly log in as that user on that website.
Crazy! This guy who wrote Firesheep must be a world-class hacker, right?
Well, no. The work to package this up in a point-and-click way that is (sort of) accessible to power users is laudable, but what Firesheep actually does is far from magical. It’s more of an art project and PR stunt than an actual hack of any kind. Still, I was oddly excited to see Firesheep get so much PR, because it highlights a fundamental issue with the architecture of the web.
The web is kind of a primitive medium. The only way websites know who you are is through tiny, uniquely identifiying strings your browser sends to the webserver on each and every click:
GET / HTTP/1.1
Host: diy.stackexchange.com
Connection: keep-alive
User-Agent: Chrome/7.0.517.44
Accept-Language: en-US,en;q=0.8
Cookie: diyuser=t=ZlQOG4kege&s=8VO9gjG7tU12s
If-Modified-Since: Tue, 09 Nov 2010 04:41:12 GMT
These are the typical sort of HTTP headers your browser sends to a website on every click. See that little cookie in bright red? To a website, that’s your fingerprint, DNA, and social security number all rolled into one. Some part of the cookie contains a unique user ID that tells the website you are you.
And guess what? That cookie is always broadcast in plain text every single time you click a link on any website. Right out in the open where anyone — well, technically, anyone who happens to be on the same network as you and is in a position to view your network packets — can just grab it out of the ether and immediately impersonate you on any website you are a member of.
Now that you know how cookies work (and I’m not saying it’s rocket surgery or anything), you also know that what Firesheep does is relatively straightforward:
- Listen to all HTTP traffic.
- Wait for HTTP headers from a known website.
- Isolate the part of the cookie header that identifies the user.
- Launch a new browser session with that cookie. Bam! As far as the target webserver is concerned, you are that user!
All Firesheep has to do, really, is listen. That’s pretty much all there is to this “hack”. Scary, right? Well, then you should be positively quaking in your boots, because this is the way the entire internet has worked since 1994, when cookies were invented.
So why wasn’t this a problem in, say, 2003? Three reasons:
- Commodity public wireless internet connections were not exactly common until a few years ago.
- Average people have moved beyond mostly anonymous browsing and transferred significant parts of their identity online (aka the Facebook effect).
- The tools required to listen in on a wireless network are slightly … less primitive now.
Firesheep came along at the exact inflection point of these three trends. And mind you, it is still not a sure thing — Firesheep requires a particular set of wireless network chipsets that support promiscuous mode in the lower level WinPcap library that Firesheep relies on. But we can bet that the floodgates have been opened, and future tools similar to this one will become increasingly a one-click affair.
The other reason this wasn’t a problem in 2003 is because any website that truly needed security switched to encrypted HTTP — aka Secure HTTP — long ago. HTTPS was invented in 1994, at the same time as the browser cookie. This was not a coincidence. The creators of the cookie knew from day one they needed a way to protect them from prying eyes. Even way, way back in the dark, primitive ages of 2003, any banking website or identity website worth a damn wouldn’t even consider using plain vanilla HTTP. They’d be laughed off the internet!
The outpouring of concern over Firesheep is justified, because, well, the web’s cookie jar has always been kind of broken — and we ought to do something about it. But what?
Yes, you can naively argue that every website should encrypt all their traffic all the time, but to me that’s a “boil the sea” solution. I’d rather see a better, more secure identity protocol than ye olde HTTP cookies. I don’t actually care if anyone sees the rest of my public activity on Stack Overflow; it’s hardly a secret. But gee, I sure do care if they somehow sniff out my cookie and start running around doing stuff as me! Encrypting everything just to protect that one lousy cookie header seems like a whole lot of overkill to me.
I’m not holding my breath for that to happen any time soon, though. So here’s what you can do to protect yourself, right now, today:
- We should be very careful how we browse on unencrypted wireless networks. This is the great gift of Firesheep to all of us. If nothing else, we should be thanking the author for this simple, stark warning. It’s an unavoidable fact of life: if you must go wireless, seek out encrypted wireless networks. If you have no other choices except unencrypted wireless networks, browse anonymously — quite possible if all you plan to do is casually surf the web and read a few articles — and only log in to websites that support https. Anything else risks identity theft.
- Get in the habit of accessing your web mail through HTTPS. Email is the de-facto skeleton key to your online identity. When your email is compromised, all is lost. If your webmail provider does not support secure http, they are idiots. Drop them like a hot potato and immediately switch to one that does. Heck, the smart webmail providers already switched to https by default!
- Lobby the websites you use to offer HTTPS browsing. I think we’re clearly past the point where only banks and finance sites should be expected to use secure HTTP. As more people shift more of their identities online, it makes sense to protect those identities by moving HTTPS from the domain of a massive bank vault door to just plain locking the door. SSL isn’t as expensive as it used to be, in every dimension of the phrase, so this is not an unreasonable thing to ask your favorite website for.
This is very broad advice, and there are a whole host of technical caveats to the above. But it’s a starting point toward evangelizing the risks and responsible use of open wireless networks. Firesheep may indeed have broken the web’s cookie jar. But it was kind of an old, beat up, cracked cookie jar in the first place. I hope the powers that be will use Firesheep as incentive to build a better online identity solution than creaky old HTTP cookies.
Posted by Jeff Atwood