It’s almost Easter, and I stumbled upon an early Easter egg: the Dutch govt recruitment website http://www.werkenvoornederland.nl/ includes, at least on the homepage, /static_shared/pd/scripts/egg.js containing a Konami code. Visit the site and press Up, Up, Down, Down, Left, Right, Left, Right, B, A. The browser now fetches and executes remote javascript: http://kottke.org/plus/misc/asteroids.js. I don’t now whether this egg –which dates back to at least 2009– is known-and-intended to be at this government website or that its presence indicates sloppy Copy/Paste development. Fortunately it seems that egg.js is not included in the part of the website where applicants manage their resume and personal data, and the remote code stays remote unless the 10-key sequence is typed. But that would be a weak argument against the unnecessary exposure.

Als geïnteresseerde buitenstaander van DigiD(-gerelateerde) dingen op het web viel mij het volgende op. Ik weet niet of dit bekend en geaccepteerd restrisico is, of dat dit nog onbekend was.

1. Ben ik geadopteerd? Log in op mijn.overheid.nl, kijk bij GBA > Meer persoonlijke gegevens > Familie > Meer ouder gegevens en kijk of “Ingangsdatum familiebetrekking” (GBA-kolom 2.62.10/3.62.10) gelijk is aan je geboortedatum. Zo nee? Misschien moet je eens met je ouders gaan praten. Zo ja: misschien ben je niet geadopteerd (of, evenwel mogelijk, een systeemfout of variaties in gegevensverwerking tussen gemeenten). De beschrijving van die kolom luidt:
   

   “Datum waarop uw officiële band (dit heet ook wel de familierechtelijke betrekking) met uw ouder is ontstaan. Meestal is de begindatum uw geboortedatum. Hebben uw ouders een geregistreerd partnerschap? Dan staat hier de datum waarop een van uw ouders u erkend heeft. Bent u geadopteerd? Dan staat hier de adoptiedatum.”

   FACT CHECK NEEDED. Zelf ben ik niet geadopteerd en bij mij komt dit veld overeen met mijn geboortedatum. Kan iemand die weet dat ie geadopteerd is dit ajb verifiëren? (Stuur me e-mail op koot[APENSTAARTJE]cyberwar[PUNT]nl –> ik vermeld geen namen op dit blog!)

2. Ik blijk geadopteerd en nu ben ik boos op mijn ouders. Probeer identiteitsfraude! Log in op mijn.overheid.nl en ziedaar het BSN – en geboortedatum geboorteplaats, volledige naam maar die wist je zo ook wel – van je ouders, kinderen, partner en/of ex-partner.
3. Ik weet alleen iemands BSN en geboortedatum. Hoe achterhaal ik meer? Via https://theoriereservering.cbr.nl/! Vul BSN en geboortedatum in, typ de CAPTCHA over en je krijg volledige persoonsnaam en geboorteplaats cadeau! Onvoldoende voorwaarde voor DigiD-fraude maar niettemin nuttig voor dat doel. Let wel, op zondagochtend even niet frauderen – op 10 april 10:30 stond deze mededeling op die website:
   

   “Het systeem is momenteel gesloten. De openingstijden zijn van maandag t/m zaterdag van 6:00 tot 23:30 uur en op zondag van 13:00 tot 23:30 uur.”

4. Hoe weet ik of een BSN en DigiD-gebruikersnaam combinatie klopt? Via https://applicaties.digid.nl/wachtwoordherstel/instellen! Vul de te testen BSN en gebruikersnaam in, vul onzin in bij Herstelcode en klik Verder. Als de combinatie NIET klopt krijg je een andere melding dan wanneer ie WEL klopt. Handig toch?
5. Tijdens registratie op mijn.overheid.nl wordt gevraagd naar mijn e-mailadres en GSM-nummer (optioneel), en worden die geverifieerd. Zijn mijn GSM-nummer en e-mailadres nu gekoppeld aan mijn BSN? Ja, goed gezien! Hoewel ongetwijfeld bedoeld voor goede dienstverlening, is het moeilijk ontkennen dat er een behoefte zal zijn die kwalitatief goede -want door de burger zelf geverifieerde- informatie (BSN + GSM-nummer + e-mailadres) te gebruiken bij zaak- en  fenomeenonderzoek zoals NFI’s Kecida-afdeling (KEnnisCentrum voor Intelligente DataAnalyse) dat uitvoert met methoden uit sociaal-netwerk analyse (.pdf) en data profiling (.pdf). Dat is niet per definitie slecht of goed, maar transparantie en democratische controle zijn dan geen luxe.

UPDATE 2012-01-18: related news, found via @LiberationTech: U.S. Congress May Soon Take Questions From The Great State Of Social Media

Disclaimer: I have not been educated in public policy or politics.
In Wiki Government (2009), author Beth Simone Noveck discusses how technology can benefit democracy when used for citizen participation, working toward a more open model of decision-making. The Dutch government is currently running a two-year pilot program at www.internetconsultatie.nl in which all ministries (are said to) consult the public about at least 10% of their legislative proposals (I don’t know how they measure the “10%”). Although I highly appreciate this pilot as a step toward a (more) participatory democracy, I hope its successors at the level of both Dutch ministries and Dutch municipalities will make sure to take into account Noveck’s lessons-learned described in chapter 8 (citation):

1. Ask the right questions: The more specific the question, the better targeted and more relevant the responses will be. Open-ended: “What do you think of x?” questions only lead to unmanageable and irrelevant feedback.
2. Ask the right people: Creating opportunities for self-selection allows expertise to find the problem. Self-selection can be combined with baseline participation requirements.
3. Design the process for the desired end: The choice of methodology and tools will depend on the results. But the process should be designed to achieve a goal. That goal should be communicated up front.
4. Design for groups, not individuals: “Chunk” the work into smaller problems, which can easily be distributed to members of a team. Working in groups makes it easier to participate in short bursts of time and is demonstrated to produce more effective results.
5. Use the screen to show the group back to itself: If people perceive themselves to be part of a minimovement, they will work more effectively together across a distance.
6. Divide the work into roles and tasks: Collaboration requires parceling out assignments into smaller tasks. Visualizations can make it possible for people to perceive the available roles and choose their own. Wikipedia works because people know what to do.
7. Harness the power of reputation: Organizations are increasingly using bubbling-up techniques to solicit information in response to specific questions and allowing people to rate the submissions.
8. Make policies, not websites: Improved practices cannot be created through technology alone. Instead, look at the problem as a whole, focusing on how to redesign internal processes in response to opportunities for collaboration.
9. Pilot new ideas: Use pilot programs, competitions, and prizes to generate innovation. 
10. Focus on outcomes, not inputs: Design practices to achieve performance goals and metrics. Measure success.

In addition: could anything be learned from www.derdekamer.net and www.democratiespel.nl ? I’d be very happy to read your comments!

Bill Blunden‘s paper “Manufacturing Consent and Cyberwar” (.pdf), written for the Lockdown 2010 conference, deserves more attention and discussion, IMHO. Obviously referencing “Manufacturing Consent: The Political Economy of the Mass Media” (1988) by Edward S. Herman and Noam Chomsky, Blunden discusses the dangers of “offense is the best defense” crisis mentality, (mis)attribution of attacks and weakly-founded claims about (future) threats by security firms and media; which altogether may resemble the propaganda model after, updating it to the current realm of discourse, one replaces Herman/Chomsky’s “anti-communist” filter with perhaps a more generally apocalyptic “FUD” filter (better suggestions are welcome). The paper is well-written. Its abstract:

Over the past year, there have been numerous pieces that have appeared in the press alluding to the dire consequences of Cyberwar and the near existential threat that it represents to the United States. While these intimations of destruction can seem alarming at first glance, closer scrutiny reveals something else. Ultimately, the gilded hyperbole of Cyberwar being peddled to the public is dangerous because it distracts us from focusing on actual threats and constructive solutions. Pay no attention to the man behind the curtain says the ball of fire named Oz. In this presentation, I’ll pull back the curtain to expose the techniques being used to manipulate us and the underlying institutional dynamics that facilitate them.

Slides (.pdf) are available as well.

(PS: yes I see the irony of posting "Cyberwar = Propaganda" on "blog2.cyberwar.nl/")

In 1996, Alan Sokal gained notoriety for getting his (intentionally) bullshit paper “Transgressing the Boundaries: Toward a Transformative Hermeneutics of Quantum Gravity” published in the cultural studies journal Social Text. This has become known as the ‘Sokal affair‘. In “Fashionable Nonsense: Postmodern Intellectuals’ Abuse of Science” (1997), physicists Alan Sokal and Jean Bricmont explain why Sokal’s parody paper is bullshit and identify the (probably undesirable) conditions of (mostly French) postmodernist thinking that (probably) made it possible for the parody paper to get accepted in a journal. Excellent book. The affair demonstrated unwarranted disqualification of scientific methods as a result of overly relativistic “anything goes”-thinking and unjustified and often improper use of concepts from mathematics, physics and logic.

Lessons that are suggested to be drawn (page 185-189):

1. It’s a good idea to know what one is talking about (don’t apply concepts you don’t understand);
2. Not all that is obscure is necessarily profound (strive for easy-to-understand language);
3. Science is not a “text” and can’t be analyzed in a purely verbal manner;
4. Don’t ape the natural sciences or its “paradigm shifts” (e.g. between probabilist and determinist theories);
5. Be wary of argument from authority (this can’t be repeated enough);
6. Specific skepticism should not be confused with radical skepticism (“scientific theory X is bogus” versus “all scientific theories are bogus”);
7. Be aware that ambiguity may be (ab)used as subterfuge.

Questions to ask when reading/reviewing a scientific paper:

1. What questions does the paper address?
2. What are the main conclusions of the paper?
3. What evidence supports those conclusions?
4. Do the data actually support the conclusions?
5. What is the quality of the evidence?
6. Why are the conclusions important?

I suggest the following subquestions:

• If the paper contains a hypothesis, is it falsifiable?
• (How) Is the work reproducible? (what would you need to reproduce it?)
• What does the paper contribute to the existing body of knowledge?
• Are the applied methods explained, valid and reliable? (e.g. statistical tests)
• Are the limitations of the work acknowledged?

In his book God: The Failed Hypothesis, Victor J. Stenger defined the following five “Conditions for Considering Extraordinary Claims”:

1. The protocols of the study must be clear and impeccable so that all possibilities of error can be evaluated. The investigators, not the reviewers, carry the burden of identifying each possible source of error, explaining how it was minimized, and providing a quantitative estimate of the effect of each error. These errors can be systematic—attributable to biases in the experimental set up—or statistical—the result of chance fluctuations. No new effect can be claimed unless all the errors are small enough to make it highly unlikely that they are the source of the claimed effect.
2. The hypotheses being tested must be established clearly and explicitly before data taking begins, and not changed midway through the process or after looking at the data. In particular, “data mining” in which hypotheses are later changed to agree with some interesting but unanticipated results showing up in the data is unacceptable. This may be likened to painting a bull’s-eye around wherever an arrow has struck. That is not to say that certain kinds of exploratory observations, in astronomy, for example, may not be examined for anomalous phenomena. But they are not used in hypothesis testing. They may lead to new hypotheses, but these hypotheses must then be independently tested according to the protocols I have outlined.
3. The people performing the study, that is, those taking and analyzing the data, must do so without any prejudgment of how the results should come out. This is perhaps themost difficult condition to follow to the letter, since most investigators start out with the hope of making a remark- able discovery that will bring them fame and fortune. They are often naturally reluctant to accept the negative results that more typically characterize much of research. Investigators may then revert to data mining, continuing to look until they convince themselves they have found what they were looking for.3 To enforce this condition and avoid such biases, certain techniques such as “blinding” may be included in the protocol, where neither the investigators nor the data takers and analyzers know what sample of data they are dealing with. For example, in doing a study on the efficacy of prayer, the investigators should not know who is being prayed for or who is doing the praying until all the data are in and ready to be analyzed.
4. The hypothesis being tested must be one that contains the seeds of its own destruction. Those making the hypothesis have the burden of providing examples of possible experimental results that would falsify the hypothesis. They must demonstrate that such a falsification has not occurred. A hypothesis that cannot be falsified is a hypothesis that has no value.
5. Even after passing the above criteria, reported results must be of such a nature that they can be independently replicated. Not until they are repeated under similar conditions by different (preferably skeptical) investigators will they be finally accepted into the ranks of scientific knowledge.

These conditions are desirable in any claim of knowledge; there is a time for unrestricted creativity (preceding ‘the’ scientific method) and there is a time for rigor (practicing ‘the’ scientific method). Would it be a good idea, a bad idea, or simply impossible to expect such conditions to be met by any scientific discipline? Which claims or disciplines are unable to meet these conditions, and (how) do they provide reliable knowledge? Although I tend to agree with Paul Feyerabend‘s statement in “Against Method” (1975) that “The idea that science can, and should, be run according to fixed and universal rules, is both unrealistic and pernicious” (page 295), I can’t imagine how to achieve reliable knowledge without at least falsification (condition 4) and reproducibility (condition 5).