I have a little background in user authentication. I wrote my undergrad CS honors thesis on Secrecy and Authentication. If you search Google hard enough you can even find mentions of the Seberry & Jones Scheme for implementing subliminal channels. I held a provisional patent with Sydney University on a biometric user authentication method based on typing style in 1985/6. The method turned out not to be original, has been re-invented multiple times since then, and was even somehow published as new years later in CACM.

I therefore feel eminently qualified to speculate on what user authentication might look like in a world with no free will.

Note that I don’t care whether free will exists or not, and I certainly don’t want to waste my time thinking or talking about it. But if it doesn’t exist, then the following user authentication algorithm does exist. We couldn’t implement it, but it would certainly exist and it’s fun to consider instead of doing real work.

When a computer needs to verify who you are, it tells you to move the mouse around randomly for as long as you like. Or to just bang on the keyboard. The kind of thing you do when you’re generating randomness for the construction of a PGP/GPG key.

But if there’s no free will then it’s not random.

So the algorithm can just look up what you did in a big table to see who you are. As two users could conceivably do the same thing, it probably needs a little more information, like the time of day and your IP address – neither of which you’d have any control over either.

That’s it. No need for anything fancy, just a lookup table. No-one would ever fail to be recognized, no-one would ever be mistaken for someone else, there’d be no identity theft, etc. Even if you just sat there and did nothing for a while the machine would know exactly who you were. You could always log in by just briefly doing nothing at all, and then continuing. The length of time you did nothing for would betray you.

All totally absurd, of course, and thinking about it quickly becomes highly circular. Just like the rest of the debate.

As you were.

Tonight I carried a pocketknife with a 5cm blade onto a plane in Paris.

At the Le Web conference, the bag they handed out to attendees had a really nice pocketknife in it courtesy of Six Apart. It’s silver, very solid construction, with 11 blades including scissors, screwdriver, corkscrew, etc. It’s not a cheap knife. It’s totally different from any other conference giveaway I’ve ever seen, and I’ve seen a few.

It’s also a pretty odd thing to hand to a bunch of travelers who are in town for 2 days, many of whom will not be checking baggage on their flights. I imagine the bins at CDG will have a fair number of fancy knives in them tonight. But not mine.

I’m not a security threat on an airline. A pocketknife buried in my carry-on bag stashed in an overhead locker probably doesn’t make the flight less safe. You could argue it makes it safer, if you were inclined to argue about it. I’m reminded of a comment Ana made after 9/11. She said the pilot should have a button in the cockpit. In case of hijack the pilot pushes the button and a compartment containing a baseball bat slides open beside every (window seat) passenger.

I don’t agree that if someone gives me a present in Paris that I need to surrender it to the airport authorities because I might be a terrorist. I’m clearly not a terrorist, even if the airport security doesn’t know it. So I put the knife into my carry-on and went through security with no problem at all.

There are plenty of studies, done by people like the TSA, where they test security at airports. The results are invariable dismal, with the checkers missing something like 75% of the weapons and bomb-making materials going through security. If they can get away with it, then why can’t I? Plus I had a plausible excuse – that I had thrown my conference stuff into my bag without thinking. The knife was still in a cardboard box, obviously brand new. And I guess I half wanted to see what would happen if they did find it.

I also don’t bother taking out my toothpaste and deodorant and putting them in a plastic bag. That just seems stupid too and so I decided not to do it. It’s even more ridiculous when you realize that security are basically relying on people to do as they’re told, take out their liquids, put them in a plastic bag, etc. If you don’t, they don’t see it on the scanner. Or maybe they do see something (is a tube of toothpaste highly characteristic when seen in a scanner? I don’t know). What kind of security is that? All the complying regular people are highly inconvenienced, forced to throw things away, find plastic bags, buy tiny amounts of things, just so they can show security that they’re carrying a tube of toothpaste. And what do the terrorists do? If they wanted to commit a crime involving liquids of some form they’d probably just put it in a regular commercial tube of some kind and put that in a plastic bag. They’d breeze through security. The whole thing is designed to limit liquid quantity. Leaving your liquid in your carry-on is probably the best way to indicate you’re not a terrorist. If they do open your bag, which happens to me from time to time, you can say you made a mistake, weren’t thinking, were rushing to the airport, etc.

So there you go, I’m probably a terrorist and I just don’t know it yet. Rules are made to be broken, etc. Most especially if you know for a fact that they do not and should not apply to you. I know, I know, I’m probably reckless or even stupid to do this, and it probably doesn’t work to fight stupidity with stupidity, but… I don’t feel like doing what I’m told in this case. It’s like having a job with a stupid boss. Unbearable.