Fungible Convictions

(Before I continue with this post: Go Katie! Our friend Katie has just gone into labor—it’s early, so she hasn’t left for the hospital yet. But push that sucker out! Good luck, and be safe in the snow!)

Paired with my interest in telecommunications law is electronic security. My favorite parts of Cory Doctorow’s wonderful novel Little Brother were the digressions about (un)secure networks, circles of trust for encryption keys, and encryption software.

So while I’ll frequently experiment with security tools for my own computers, one pitfall with each tool is the requirement that I depend on my own brain to remember a password….

A key feature of good security is plausible deniability: if my laptop were stolen or hacked, my sensitive data would be more secure if its data were not only encrypted but also if it were impossible to tell the encrypted data even exists. A spectrum showing the least secure file to most secure file would, presuming a secure network connection, look something like this:

• Unprotected file on a harddrive
• Password-protected/encrypted file on a harddrive
• Password-protected/encrypted file stegonographically disguised as/in another file of a different type and size
• Password-protected/encrypted file stegonographically disguised as/in another file of a different type and size but with no evidence that the harddrive contains a such a tool to disguise files

That last bullet point provides full plausible deniability. Not only is your data hidden but there’s no evidence you ever had the tool to hide sensitive data. It would be like sending a coded letter via U.P.S. without anyone being able to know U.P.S. ever came to your house or subsequently delivered your letter.

But my weak link—not for security per se but for making the whole thing practicable—is the fact that I have little confidence in always remembering which file is disguised and even perhaps what my tough password is.

Around the time my memory went in 2007, I had recently installed TrueCrypt on my work computer to encrypt a lot of my data. At the time I thought it prudent: I was working with research written by people in east Africa who, if they were identified, could be in some danger. (Not a likely occurrence that a Ugandan would hack my computer, but I considered it a best practice.) When it was clear that my health would keep me out of the office for several months, Tufts brought in a freelancer…who, of course, couldn’t access any of the files she needed. But because of my short-term memory loss, I couldn’t remember my TrueCrypt password. It was only when I felt well enough—a week or two out of the hospital—to go into the office and sit at my desk that my muscle memory (I guess?) recalled my password. I copied the files to the desktop, and I uninstalled TrueCrypt.

I learned three lessons:

1. TrueCrypt, to its programmers’ credit, works exactly as advertised.
2. For me to have had full plausible deniability, Tufts never should have been able to tell I’d encrypted anything. (It was easy to tell: every morning I had launched TrueCrypt to decrypt and mount my hidden file, so TrueCrypt was not only in my Programs folder but was my frequently used programs menu.)
3. But the key lesson, obvious as it sounds: Security is only as strong as your ability to store your password(s) in your own head.

And that’s where I’m stuck. A perfect example. I’m about to test out KeePass Password Safe to store the various passwords I use, as it’s less-than-ideal to use variations on one single password for everything you do. However, doing so requires me to still remember a lot. It’s not too big a deal to label a username/password combo as “Email” in KeePass and still know which webmail service I use. It’s a smidge more troublesome to label something “Banking,” as anyone seeing KeyPass would then know I use online banking. But then it’s very problematic when I try to obscure, say, multiple financial accounts. It would be dumb to label them “Bank of America-Checking” and “Merril Lynch-401(k)” of course. But what about two savings accounts with different institutions? To obscure the names of “Bank of America-Savings” and “ING-Savings”, you’d end up having to remember what non-descriptive nicknames refer to which accounts (“Savings account 1″ and “Savings account 2″). It gets tougher for accounts that you rarely use—savings accounts are a good example, as many people set up a direct deposit with their employer and then don’t think about accessing that account for months.

Which takes us back to the fact that to obscure all the information about a password—the password itself but also which site or service that password unlocks—you need a program like KeePass to hide them all. Yet KeePass’s database of passwords is itself protected by a single master password:

KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database.

So we’re back to the beginning: using one password to control everything. If someone can acquire that one KeePass password, if they can successfully threaten you, they likely know which banks, webmail, etc. you use. That information isn’t too helpful separately, but together it tells a lot about a person. And KeePass itself, like TrueCrypt, isn’t hidden (the best thing to do it keep them on a USB, though that comes with similar problems), so there’s no plausible deniability that you’re not hiding something from someone.

Does anyone therefore know: is it possible to be 100% “secure in your person and effects” if you can’t trust your “person” to remember all your passwords?

Sounds familiar:

Even more remarkably, Patrick didn’t become ordained until after his amnesia was already in full force. How does he do it? By being a techno-geek! In Patrick’s words, his computer and his iPhone are “the equivalent of a motorized wheelchair for a quadriplegic”. Like Leonard, the protagonist in Memento, Deacon Patrick uses a system of notes and reminders. But a body has only so much room for tattoos; the Deacon prefers Mac OS, and, especially, a pair of software programs called Curio, a kind of mind-mapping software that allows Patrick to draw diagrams of interconnected thoughts and Evernote, a bit of software that allows Patrick to access and enter his notes anywhere, anytime. (I myself use Evernote, and it was through them that I learned of Patrick).

Yet another in a long line of memory crutches is Evernote:

Evernote allows you to easily capture information in any environment using whatever device or platform you find most convenient, and makes this information accessible and searchable at any time, from anywhere.

While I’m back to normal for remembering things I need to remember, I’ve pretty much come to terms with my bad mind for remembering passing images and ideas and requests from Lindsay.

Cuz of that, I’m trying out Evernote as a way to combine different mnemonic tools—everything from Flickr to my cell phone camera to (literally) mail. The benefit of Evernote is its half-decent text recognition feature. So while my Macbook webcam doesn’t have a high enough resolution for Evernote to pick up small words in the photo below, it gets the big stuff rather well, such as when I searched for the name of the traveler insurance company I’m using for my trip to Chicago next week:

Or if I can’t remember the name of that Malbec I liked the other night, Evernote handles that too:

But perhaps the best benefit of Evernote is that it might finally oblige me to improve my handwriting. Of the note below, it could recognize only a single word:

Which brings me to the GREAT IDEA notebook. Probably the awesomest thing I’ve ever spent $5 on. The note right’chere is what I scribbled while watching the Sox the other night but didn’t want to leave the living room to type it up. I turned it into the “Happy Remy Day” post the next day.

A lot of people have been asking—now that the end of chemo is just a few weeks away—how my memory is doing. I’d be asking the same thing in their position, but I’ve learned over the last months that memory comes in different forms. Not short-term versus long-term, which is how my doctors even talk about it. I’m thinking about a memory for facts, for events, for names and faces, for locations. My memory has returned to something near normal for facts and events. But for names and locations—not so much.

Where it’s most pronounced is my sense of direction. I used to think of sense of direction as, yeah, a sense. But it’s really about memory, about being able to call an intersection to mind, or a neighborhood layout, or a storefront that somehow gets associated with all the metadata of the roads and stores around it. I prided myself on being able to get anywhere in the places I’ve lived—Boston, the D.C. area, Winston-Salem. I was the person others asked for short-cuts, who guided cab drivers my first night in a new city. But when I was in D.C. over Christmas, I couldn’t remember how to get anywhere, not even in the direct vicinity of my dad’s house. The mental map of the area I had grown up in had faded, and I had no idea how to get to the very bar my friends and I had been meeting at every trip home for six years.

In response, I did what I’ve been doing a lot lately: finding a technological crutch. In this case, I fired up Flickr and started placing a backlog of photos on a map so that I could remember those intersections, those neighborhood layouts, those storefronts, with some help.

It had a great side-effect. It reminded me of how many things about Boston I love and how much fun I’ve had over the last five-and-a-half years.

There was my first job out of grad school, at Houghton Mifflin, where I made some of my best friends in Boston and had the chance to be in Back Bay five days (and a few nights) a week:

Related, there’s the Houghton Mifflin corporate box, tickets to which the execs would give away several times a year in a free raffle (I won twice):

There’s my introduction to Orthodox Christianity and my confirmation—and the public worship on Good Friday when my entire church walks through/blocks the middle of Central Square, confusing the heck out of every driver who’s never seen it before:

And I met my fiancee in Boston, while she was living up the street from the North End’s Purity Cheese Shop, a front business for a long-time reputed mob underboss. (Her Italian landlady, by the way, is the most remarkable Bostonian I’ve ever met. Nancy was single-handedly responsible for making sure the North End wasn’t crushed under the weight of the Big Dig.):

Having photos and a map as a memory aid—it’s just another thing that I can be thankful for.

An article of mine is going up on fadtastic Wednesday about developing web design’s sense of touch, its vocabulary of the tactile.

But the piece was my filtration, through designers’ eyes, of a larger concern, something that I—and I bet of bunch of you—have been struggling with for years. Namely, it’s this contradiction: though I am dedicated—financially, practically, professionally—to cities and to media, why are my happiest memories, well, arcadian? Why can’t I remember any of the books I read on the subway the last four years but can remember the book I read at a lakehouse ten years ago (it was The Zimmermann Telegram by Barbara Tuchman)? Why can’t I picture the houses of my old city neighborhood, where I lived in for nine years, but can picture, perfectly, the gravel road and diseased walnut tree and fresh grass clippings of my friend’s old house in rural Virginia, where I spent a few long weekends—not to mention the smell of her dad’s sculpting tools, the sound of his voice as he told his story about a violin passed amongst soldiers in Italy in World War II, the way the sun and the windows conspired to keeping you from sleeping in, and the way my friend’s 120-pound golden retriever washed himself paws over ears, like a cat. I have trouble picturing my friend in our old apartment—we were roommates for two years—but place her in my mind in her family’s house, and she couldn’t be more clear.

What am I losing by being bound to the city?

Or, more generally, in a city, where distraction doesn’t exist because one would have to, at some point, be distracted from something that one was actually focused upon, how many opportunities for strong memory am I missing? In the country, I remember. In the city, I forget.

Let me return to the word media. In the city—that is, in my everyday life—my experience of the world is mediated electronically, largely. I make dinner plans with my girlfriend over Google Talk. I e-mail the most important report I’ve ever made to a guy I’ve never seen, who will post it online for my boss’s colleagues in Africa to read. I discover it was hot today by watching the local news. Electronic media connects, but almost by definition it needs space to work. This is where the sense of touch comes in. . . .

Touch is the first degree, if you will, of communication. No message is less mediated. You punch someone, or you stroke their head, and the meaning is both clear and immediate. It is also indelible. On the other hand, when kind words arrive via instant message, they could fade as fast as you can x-out the window.

The next degree of mediation is your immediate space, the tiny slice of the world that you touch, smell, taste, see, and hear. It’s tiny, but it’s the most packed with meaning.

In degrees beyond immediate space, all experience is electronically mediated.

The problem for memory, at this point, is the loss of focus. Everything electronic is divisive—not only does it split a person’s attention but it necessarily opens a gap between a person and their surroundings.

Some may argue (it was certainly argued in the fringes of my writing program) that lack of focus in one’s experience of the world results in never-before-seen perceptions of the world. Add up a term paper on Nietzsche, a snippet of Sopranos dialogue, and a sample from KRS-1 and you’ve got yourself a swell new account of life, one no one’s ever seen before.

It’s a forgettable account, though—a paper tiger of a memory. The only memories strong enough to sustain us are ones we build with our own hands, the ones we touch. That’s what web design needs to move towards, as I argue on fadtastic. But it’s what, I think, I want to move towards in my life—to find an unmediated space, to create an environment in which good, strong memories can happen.