42 comments

[ 3.3 ms ] story [ 83.8 ms ] thread
No one expects the Spanish Inquisition!
(comment deleted)
While I understand the meme, I would like people to stop saying it each time something related to Spain is in the news.
It seems marginally more apt here, as the ostensible goal of the Spanish Inquisition was to seek out truth (the real goal was more a pogrom, of course...)

And the Spanish Inquisition, of course, famously used other dubious interrogation techniques.

(comment deleted)
Spanish police has a history of struggling with technology. For instance, a hacking group was able to expose the personal data of 5400 police officers a few years ago, including password hashes, with some weak passwords among them [1]

[1] https://www.cybersecurity-help.cz/blog/131.html

A "lie detector" isn't "technology" it's an interrogation technique masquerading as technology. It's basically just a means of saving money because the guy who would be playing the bad cop can be out doing other cop things.
"Veripol works by identifying words and phrases that linguistic studies have shown to be identifiers of possible lies, Ms Queralt said. For example, using many adjectives or refusing to describe a scene are considered hints that a complainant is lying."

The article is about a sentiment analysis application used by Spanish police, and how trusting it as a lie detector could be a bit of a stretch. It could be argued that sentiment analysis and related techniques are not 100% bonkers, but it seems to be unclear at the moment.

From my experience humans currently perform much better at sentiment analysis and related techniques than computers. Computers have the advantage of scale, but this seems like a field where training actual humans on similar techniques would create much better results.
In recent years, I have been conditioned so that every time I hear the words "Believe me" I know the persons is lying.
Spain has a history of struggling with technology. Even with a very strong tech professional community the country has problems figuring out what to do with that incredible resource.

The reasons are economic. To build vacation apartments for locals and foreigners is a big business and the tourism industry is easier to understand and has less risk (until 2020 I guess) than the tech industry. So, politic and industry leaders are not interested in tech.

Luckily that is changing with many international companies creating offices in the country to take advantage of the existing talent and, as a side effect, inspiring more locals to work in the tech industry.

I love the country's easy tax collection system, and many other public technologies. But, there is still too many misconceptions.

I will not get into the historical reasons (also related to agriculture and politics) that made tech difficult to penetrate in Spain.

Anti-intellectualism also has been rampant in the arts. Many people equated being educated to understand art (literature, painting, wine tasting) and despise technology.

I am hopeful with a new generation growing to understand better technology, and if the current circumstances should have a positive side, to be wary of a tourism focused economy.

That police struggles with tech, is just on of many situations that older generations still struggle with a technology that learned to see as a lesser subject than others.

Since western states were mostly hostile to such tech groups, the willingness to cooperate might be inhibited.

On the other hand there are quite a few reasons to despise tech in its current state because it is connected to larger predatory companies.

I think, that doesn't do Spain totally justice, or maybe it depends on the region. Not to say that you are wrong, and a lot certainly can be improved, but a couple of things that impressed me (not being from Spain):

- Use of x.509 user certificates to access many government services online. - Getting a government ID right away at the appointment (from the police of all places) - FTTH 600Mbit/s symmetrical. Three days after ordering it. - Digital health record (At least in some regions)

But then, Spain has also some of the poorest regions of Europe. And from what I heard, aristocrats own large areas of land.

The digitalization is work in progress and there are some hit or miss. I'm a Spaniard that currently lives in another (richer) EU country so that gives me some contrast on what is being done well and what needs to be improved.

- Use of x.509 is nice but the installation process is tricky for non-experts (the root certificates are not trusted by your OS or browser) and yearly the root certificates need to be changed for reasons that escape my understanding. Usually root certificates should have longer lives, but somehow every year I have to update them. Are they being compromised?!?

- The government ID process is a breeze in comparison with other EU countries and quite cheap in comparison, too. The ID card is itself a smart card with your certificates (this is quite common in the EU). The newest ID card also has NFC and can be used to authenticate with government institutions with your phone, quite neat!

- FTTH penetration is quite nice, indeed. Internet prices are also reasonably low and internet packs don't have bullshit restrictions on downloads.

- One of the quirkiest/funniest examples of a digitalization miss was dealing with the notary on a recent house purchase of a family member. After everything was done we received a copy from the notary with the official documents of the property registration, which included as an annex a printed XML with the GML detailing the limits of the property. When I asked for the digital version of said XML we received a PDF with a scan of said XML. I laughed and desisted in my effort to obtain the .xml file. It shows that things are headed in the right direction but there are some hiccups when the rubber meets the road, in this case the notary or its secretary were technologically illiterate and did not receive any formation on how to handle this type of documents.

> yearly the root certificates need to be changed for reasons that escape my understanding

It is not needed yearly. The validity is 4 years for "personal" certificates: https://www.sede.fnmt.gob.es/preguntas-frecuentes/problemas-...

> (the root certificates are not trusted by your OS or browser

You can use the Automatic Configurator. Just run the "Configurador FNMT-RCM.". It should help your less tech savvy acquaintances.

> we received a copy from the notary with the official documents of the property registration, which included as an annex a printed XML with the GML detailing the limits of the property.

That's funny, but I agree it is a missed opportunity.

Thanks for the tips and clarifications.

> It is not needed yearly. The validity is 4 years for "personal" certificates:

Indeed, the "personal" certificate is invalidated each 4 years and you have to visit the police to get a new one.

What I meant is that the root (or subordinates) certificates of the FNMT are revoked with a surprisingly high frequency. With "yearly" I mean that roughly every year I have to see what's up with the certificates on my dad's computer as he complains he cannot log in anymore to AEAT, at first I assumed he misconfigured something but nope it's the public certificate of the root or subordinate CAs that have to be changed as the previous ones are revoked. This is done with a noticeably higher frequency than needed.

This has happened several times and always leaves me baffled as what could be the reason.

> I mean that roughly every year I have to see what's up with the certificates on my dad's computer as he complains he cannot log in anymore to AEAT, at first I assumed he misconfigured something but nope it's the public certificate of the root or subordinate CAs that have to be changed as the previous ones are revoked

Are you sure? As far as I know, your OS doesn't need to recognise the root certificate to authenticate yourself towards a web-server, the web-server needs to know it.

At least when I was working with client certificates, I was working with a self-signed one, and I didn't need to register my CA, I just dropped it with the web-server, which was doing the validation.

I tried it now with a MacOS, and the certificate is marked as not trusted, but I can present it to the server, and it validates it.

> Indeed, the "personal" certificate is invalidated each 4 years and you have to visit the police to get a new one.

As I read it, you can renovate it online 60 days before expiry: https://www.sede.fnmt.gob.es/en/certificados/persona-fisica/...

Also rather with the AEAT, if you prefer.

> The government ID process is a breeze in comparison with other EU countries and quite cheap in comparison, too.

That's true for the spanish national's ID (the DNI) but for foreigners, even EU ones, it's a huge pain. I've lived in a couple of EU coutries and only Spain asked EU members for a special card (NIE), private health insurance, bank account details, etc

I'm sorry you had that experience. I find those requirements reasonably acceptable, they are there to ensure you are not a burden to the social welfare system. Spain has universal healthcare, if you go to an emergency room with a problem they will give you medical attention no payment details asked. I'm guessing you arrived to Spain without a work contract and hence to obtain a residence they required you to have a private insurance to ensure you are not moving to Spain to receive medical attention (there were some cases decades ago of americans coming to Spain for hip surgeries and the like).

If it makes you feel any better, it can be much worse. I present to you Belgium's bureaucracy! Obtaining residence in Belgium includes circular dependencies (you need bank account and work contract to obtain residence, you need residence to obtain bank account). Multiple visits to the administration for different steps. A visit by the Police to your house (usually during work-hours), including inviting them over to snoop around. And the entire process takes between 6 to 12 months due to the slowness of everything. If you switch from one town to another you have to re-register again (a quicker process that still requires a visit to the town hall) and another visit by the Police to snoop around again.

oh yeah, that sounds painful as well!

My experience in the UK and Germany (as a EU citizen and pre-brexit UK) has been that you get there and that's it, you can rent a house you can register with the doctor. There's no special card, there's no police involved. It's how I'd expect the idea of free movement within the EU to work.

I understand the problem with people coming to Spain to just get a surgery but surely for a EU citizen it could be simpler since the idea is that we all have the same rights. I don't think the health system in Spain is much different to the NHS where there's no payment involved.

> Use of x.509 user certificates to access many government services online

You are right. That's the part about "easy tax collection system, and many other public technologies".

But, even in big cities, the people with money are technology uneducated. Many of them tried to move to tech before the dot-com bubble. But to move money from hosing to tech was the worse investment ever. 5 yeas later the tech stocks were worthless while housing was booming. Bad timing, but the result is that investors saw tech as too high risk, and hosing as a safe ever increasing investment.

> Spain has also some of the poorest regions of Europe

That is true, but I do not see that as part of the problem. Madrid and Barcelona are in the top 5 metropolitan areas of Europe. There is limitless potential in that cities.

Mainly foreign investments is using that potential. That is the reason I moved to Sweden, I wanted to be closer to where the important decisions are taken. And Swedish companies are really kind on empowering employees, it is way worse with countries were top down management is more prevalent.

The poor regions are going to need help form the most developed ones. But, that is not possible if the economy of large cities is also based in tourism.

Remove London from the UK and you will see what I mean. The UK is a rich country, but it starts in London. Spain is poor because Madrid and Barcelona (and other big cities) are not using their citizens full potential.

This is hardly unique to Spain, we just saw BlueLeaks expose the password hashes of 29,000 Northern California police employees alone, other targets may have exposed more.
Spanish police has a history of struggling with technology because someone once hacked an insurance cooperative for police officers? Now that's a leap
Other examples of cyber incidents are:

The time Anonymous hacked some unofficial Spanish police forums, leaking up to 11k records. [1]

The recent incident where a Zoom event called "Cybersecurity and online privacy" attended by Spanish police and civil guard members was hacked. After taking over, the attackers streamed child pornography. [2]

[1] https://www.abc.es/tecnologia/redes/abci-hackean-policia-nac...

[2] https://www.elespanol.com/omicrono/software/20200514/confere...

1 and 2 were, once again, not managed by the Spanish police. 1 is an independent forum, 2 was a contractor that offered online courses to everybody who asked.

Show me an incident where the police were actually hacked. (I am not saying it has not happened, just that your proof is not proof of anything)

Spanish bodies rarely manage their information systems themselves - this is not just related to police, all public servants work with applications built by private companies.

Usually, consulting firms such as Indra and Deloitte build and maintain them after getting publicly available contracts.

You make a good point because Spanish public servants have probably never had their own systems hacked, since pretty much all the stuff they use has been built by consulting firms or contractors.

Phineas Fisher had a nice video* around that time. Wonder if same leak.

* https://m.youtube.com/watch?v=oI_ZhFCS3AQ

This is another leak. Some or all autonomous communities in Spain have their own police (similar to state police in the US), with Catalan police being one of the largest.

This leak reminds me of the time a Russian group launched a bot campaign to destabilize Spain and support Catalan independence, with enough success to be called out by the Spanish defence minister [1]

[1] https://www.voanews.com/europe/spain-warns-russias-catalonia...

The efficacy is not unclear. Polygraph is junk science.
This tool analyzing the words, not physiological indicators that is polygraph.
The article is not about polygraph
false insurance claims for phones have become a sport to some degree, but I would not accept to be scrutinized by an algorithm that can only ever calculate an approximation.

I hope cases where it says the accuser does lie are still investigated. Otherwise this would be a serious neglect from the state.

It also doesn't help in finding the perpetrators. I think this is money being wasted to be honest.

I think the criticism is particularly bad since it doesn't even address the issues of lie detectors. 'Bias' might work in a headline and for emotional discussion, but there is little substance to it as it cannot be measured.

Unrealiability can often be a feature to police, as it is with field test kits and drug dogs. The false positive rate makes them a good tool to provide plausible cover for further police action. By simply running enough unreliable tests or letting the dog sniff long enough, it is practically guaranteed that they can find at least one reason to justify their action.

Same thing with other junk science like bite mark forensics. If you need someone convicted, show it to 10 "experts" and one of them will say they match beyond reasonable doubt.

>In a twist of questionable logic, the researchers claim that, because about four in five robbery cases remain unsolved, the real number of false complaints must be higher.

There are no unsolved cases, just false complaints! The power of AI!

In reality only solving 1 in 5 reported robberies probably means at best one in two robberies even gets reported to police. Unless you need a police report for an insurance payout, what's the point in going through the hassle of reporting the crime if it's unlikely to lead anywhere.
(comment deleted)
Imagine going to your Product Director at Startup with this information and saying "Oh, those customers just aren't real. We don't need to worry about them". You would be probably be put on probation immediately on track to be remediated.
Of course they do, it gives them a good pretext to abuse their power even more than they already do.
This comes quite unexpectedly. I resist the joke about the Spanish Inquisition.
What will these crazy cop organizations think of next?
I wonder what a diagram of incentives and responsibilities of a contemporary police force would look like.

In terms of responsibilities, there is actual enforcement of the law, and there is investigating crimes (there maybe more responsibilities too).

A lie-detector would be a part of the "investigating crimes" section. One could argue that it is a "labor-saving device", but a similar argument can be made for it being an "evidence-creation" device. However, both characterizations yield a common concern: the outcome.

What are the outcomes of a criminal investigation?

For each outcome, what are the costs and who pays each cost? Is that cost the desired cost given the outcome?

True positive

True negative

False positive

False negative

Given we are talking about crimes, there may be more than one way to get to each of the four outcomes above.