Apparently as many as 80% of people surveyed did not trust Gates in 2004 when he announced that spam would be gone by 2006. An article in today’s ZDNet suggests that within 30 days that number might jump to as high as 100%:

Bill Gates’ prediction of January 2004 that spam would be “a thing of the past” within two years has virtually no chance of coming true, according to security company Sophos this week.

Beware those who say “security will happen by x date”. True security is far more complex and subject to uncertainties than a short-term objective such as a functionality enhancement. Moreover, there are usually so many influential factors that it is better to say “security will have x control in place by y date” and predict a resultant soft “decline” rather than any “absolute” or “total” eradication.

ZDNet put it slightly differently when they covered the original announcement.

John Cheney, chief executive of email security firm BlackSpider Technologies, which conducted the survey, said the results show that the industry doesn’t perceive Microsoft as a security authority, despite its chairman’s enthusiasm for the task

To his credit, at least Gates did not land on the roof of Symantec in 2004 for a photo-op in front of a “Mission Accomplished” banner.

Quantum announced that they think 2006 will finally be a good year to market security for tape backups. They just announced that they will be ready in the first quarter of 2006 to provide an authentication (locking) mechanism tapes:

Quantum’s DLTSage Tape Security is a firmware feature designed into its newest DLT tape drives that uses an electronic key to prevent or allow reading and writing of data on to a tape cartridge.

Sounds interesting. The two big hurdles to encryption on tape have been how to handle key management and the performance hit. With key management integrated first, Quantum still has to generate some buzz about performance. They mentioned it briefly in their DLTSage announcement, but it sounds like they are still working on what to do with the technology in an appliance they acquired:

The DataFort appliance provides wire-speed, transparent encryption and access controls for disk and tape storage systems, delivering best-in-class security, performance and key management for heterogeneous storage environments. In addition to the joint sales and marketing efforts with Decru, Quantum also plans to offer tightly integrated encryption and security management capabilities within its product line.

Quantum could be hinting that their encryption appliances will give way to a more integrated solution, which sounds like a reasonable and well-worn approach to enhancing big company legacy products with innovation via acquisitions. If the integration is successful I expect we will find ourselves without any good reason not to encrypt at the block-level, especially on recovery systems. Until then, it seems we must continue file-level encryption prior to backup.

So, is a lock on a tape worth the hassle? It does not comply with breach-notification laws and yet introduces risk of lost keys, so there’s no real ROI there, but it does pre-stage the backup processes with tighter authentication. And that may be worthwhile if you can ensure that time spent on key management now will help reduce the cost of encryption down the road (when performance is a truly dead issue).

Donohue and Levitt are somewhat famous for their bold claim, published in the May 2001 edition of the Quarterly Journal of Economics, that legalized abortion has reduced crime.

The Economist just put forward an amusing update that discusses a Federal Reserve Bank of Boston working paper and counter-claim that is based on a re-test of the data and analysis of the computer code used by Donohue and Levitt:

Messrs Foote and Goetz have inspected the authors’ computer code and found the controls missing. In other words, Messrs Donohue and Levitt did not run the test they thought they had—an “inadvertent but serious computer programming errorâ€?, according to Messrs Foote and Goetz

Fixing that error reduces the effect of abortion on arrests by about half, using the original data, and two-thirds using updated numbers. But there is more. In their flawed test, Messrs Donohue and Levitt seek to explain arrest totals (eg, the 465 Alabamans of 18 years of age arrested for violent crime in 1989), not arrest rates per head (ie, 6.6 arrests per 100,000). This is unsatisfactory, because a smaller cohort will obviously commit fewer crimes in total. Messrs Foote and Goetz, by contrast, look at arrest rates, using passable population estimates based on data from the Census Bureau, and discover that the impact of abortion on arrest rates disappears entirely.

I look forward to the question of this programming “error” being addressed by Donohue and Levitt. It does not seem to refute the premise of their conclusion outright as much as question the methodology and provide an opportunity to fix a control and re-run the tests themselves.

The big question, of course, is still whether there are controls that have a direct relationship to reducing crime and at what cost.

On-Track has released their annual report on the top ten data disasters. It is a serious business, and OnTrack has built quite a reputation for saving the day(ta):

10. PhD Almost an F – A PhD candidate lost his entire dissertation when a bad power supply suddenly zapped his computer and damaged the USB Flash drive that stored the document. Had the data not been recovered, the student would not have graduated.

He must have been in a state of shock — “Teacher, the electricity ate my homework”.

4. Drilling for Data – During a multi-drive RAID recovery, engineers discovered one drive belonging in the set was missing. The customer found the missing drive in a dumpster, but in compliance with company policy for disposing of old drives, it had a hole drilled through it.

Can we please see the top tep without the remarkable recoveries included (just the failures)? That would be more interesting, I think. Or, as the infamous WWII story goes, if you are going to better-protect your pilots you should review planes that were shot down rather than just the ones that returned.