Monday 25 February 2013

Can I have a reaction?

After broadcasting some terrible news the TV presenter in the studio would turn to me and say: Can I have a reaction? What sort of reaction? Should I burst into tears, faint, or perhaps punch him on the nose for juxtaposing a human tragedy with a banal question? The interviewer, of course, wants a thought, a comment, or an observation:  instant words of wisdom cast in the form of a spontaneous reply. They want something more than a mere reaction, at the speed of a reflex.

Perhaps, without intending it, they are making a fundamental point. The essence of a living organism is its ability to react to its environment. We test the injured and unconscious for their reactions. The extremely useful Glasgow Coma Scale (Teasdale and Jennet 1974) was created to measure the level of consciousness after head injury, and is now widely used in emergency medicine and intensive care. When I was doing my thesis on brain damaged children in the late sixties we simply recorded the period of unconsciousness, without specifying how that was established. The scale is very simple, and is based on motor reactions (“from makes no movements” to “responds to commands”) verbal production (“makes no sounds” to “converses normally”) and those windows into the soul, the eyes (“does not open eyes” to “opens eyes spontaneously”).

So, if we have the misfortune to be severely injured, the decision to switch off the machine keeping us “alive” will be based on our reactions, though nowadays that includes the reactions that can be determined by brain scans alone.  I think, therefore I am.

However, in ordinary healthy life we can do more than just react. We can react fast. Survival depends upon it. Had I the power, dear reader, to make the chair you are sitting in drop instantly by a mere one inch, you would show an almost instant startle response. In about a quarter of a second you would find that the message from your bottom (no chair present) was much more interesting than even my riveting comments. Your eyes would have widened in surprise, your arms extended and you would be ready for action, so ready that you would probably have stopped all the non-essential bodily systems, and have prepared yourself for extreme action. Useful things, rapid reactions.

How fast can we react? There are many ways to measure one’s reactions.  The BBC has a reaction time test amusingly based on firing tranquilizer darts into sheep:
but there are many others, and this one is based on a traffic light, which has more face validity:  
This morning my reactions (on the sheep test) have taken an average of 0.29 seconds, and the best I have achieved in the last two weeks is 0.2128

Before going further with the decimal points, I should warn you that my results were less good when using the standard laptop keyboard (perhaps the keys are getting worn out through over-use) and much quicker with a new wireless mouse, which is probably far more sensitive. So, be aware of measurement errors, and find the most sensitive system you can.

However, I can take only partial comfort from my reaction times, because my main interest is determining how quickly I can react as a driver. These computer game test results have to be corrected because of a historical decision taken at the beginning of the motor car age. Early horse drawn coaches had hand operated brakes, though they were hardly immediate. The operator had to wind a handle which applied the brake to the wheel. Apart from handle, the main “brake” was also hand operated, in the sense of the alarmed coachman pulling back on the horse’s reins. Much quicker, but not particularly effective if the coach was racing downhill.

When designers of horseless carriages tried to decide where to put all the controls on the new-fangled motor car, they found that drivers had their hands full with the steering wheel and the gears. Also, to get the braking effect it was far better for the driver to step with full force on the mechanical pedal.  Hence the brake pedal was put on the floor, where it has remained.

With the rise of servo-assisted systems that placement was almost irrelevant by the eighties, but cultural habits tend to persist.  Most studies of driver’s reaction times show that foot/pedal reaction times at about 0.4 or 0.5 are twice as long as hand/button reaction times.  To make things worse, even those times are achieved only when drivers know that their reactions are about to be measured. Real life emergencies come without warning. Under the more realistic conditions of sustained driving, it takes about 1.2 seconds for drivers to move their foot from accelerator to brake pedal.

It is time to provide a brake function on the steering wheel. The most ecologically valid system would probably be to measure the force with which drivers push down on the steering wheel when trying to stop, which is part of the startle response and the wish to push back from the approaching hazard.  It would be necessary to avoid false activations of the brake system, but that can be worked on by adjusting the sensitivity of the system. In brief, the emergency stop function must come back to the hand, where reactions are faster.

Away from the peculiarities of the motor car, what can be made of simple reaction times?  A great deal, seems to be the answer. It some ways it is one of the world’s simplest IQ tests. See a target: respond. Not too intellectually challenging. The task is easy to teach to just about any conscious person, without any fancy instructions. It is easy to administer rewards, encouraging even those with learning difficulties to participate. It is a real scale with a real zero, and every microsecond counts as much as any other microsecond, which in S.S.Steven’s (1946)  theory of scale types is a ratio scale, the most quantitative of quantitative scales.

So, how well does reaction time predict intelligence? Correlations of about 0.3 are found for simple reaction time, and a larger 0.49 for more complex choice reaction tasks. Why should the faster reactors be brighter, and the brighter participants faster? One simple unifying theme is that if you have a faster central processor you can solve simple problems (reaction time tasks) faster, and solve complex problems to a higher standard because you have more mental time to work through the solutions.

Faster reactors also live longer. It may be that they have solved the problem of living: don’t smoke, don’t overeat, don’t drink too much, and don’t take stupid risks. Perhaps so. Yet the most recent research suggests that, helpful as intelligence may be in life, it is not directly responsible for extending lifespans. Much of the intriguing correlation between intelligence and lifespan can be explained by simple reaction times.   It seems that if you have fast reactions you probably have a good nervous system, which means you probably have other bodily systems which are good as well. You have System Integrity. You are like a car which was made on a good day: all systems are present and correct, because all the operators were paying attention to their assembly tasks.

So, armed with my reaction times, I will now try to calculate my remaining lifespan. This may take some time, because searching the relevant literature for the predictive equations takes longer than shooting a dart at a BBC sheep.

Sunday 10 February 2013

The Wisdom of Crowds or Single Authors?

It is hard to recommend one single book which gives a balanced overview of intelligence research. Although there is much to enjoy in Sternberg’s Handbook of Intelligence, you will see (review below) that I feel that readers should not rely on it for an even-handed review of the field. I found its emphasis on multiple intelligences out of line with the total body of research findings, and its chapters on race and intelligence unsatisfactory.

So, what can I recommend? The answer raises a generic issue: is multiple or single authorship the best approach? Multiple authors, as in a handbook, give a wide range of views, high levels of expertise in each topic, and high topicality, as each expert mentions their latest findings and ideas. Of course, some of the contributors will be more expert than others. If the editor makes a particular selection (and it would be hard not to, if one was human) this would distort the reader’s perception of received wisdom. The deck would have been stacked. Single authors, on the other hand, bring their expertise and judgment to the whole field, and assess it with more uniform standards. If they can establish trust in the early chapters one might be willing to be led by them through all intelligence topics, like Dante relying on Virgil to guide him through the underworld of the inferno. A tall order. A single author may also stack the deck. Yet, if a guide has been particularly reliable in the early phases of a journey, why change horse in mid-stream?

In my experience of joining colleagues for an after-conference dinner, the probability of finding somewhere to eat is inversely proportional to the number of participants. Once one factors in vegetarians, gluten intolerants, people who have already agreed to meet other delegates whose names they cannot remember, and those who have very clear, but competing, notions of the best place to go, much of the evening is wasted. On that basis, I would like to simplify matters by choosing single author volumes. I will start with two, and may add more later.

A good recommendation for beginners is “Intelligence: A very short introduction” by Ian J. Deary, Oxford University Press, 2001.  (Contents: g, ageing and intelligence, genes and environments, does intelligence matter, rising IQs, consensus views on intelligence). In its favour, Ian Deary is one of the field’s most prominent researchers, and thus a highly dependable guide. Against it, 2001 is now a long time ago, as far as intelligence research goes. Time for an updated volume?

How about the equivalent of a handbook, in the form of a single author volume? Earl Hunt is a veteran intelligence researcher. When I was teaching psycholinguistics in the 1970’s I knew him (probably from reading Resnick’s 1976 The Nature of Intelligence) only as E.B.Hunt, who published on cognition and memory. Unusually for an intelligence researcher he was primarily an experimentalist, at ease with mathematics and interested in computer and mathematical simulations of intellectual abilities. He taught Physics for a while, generally a reassuring accomplishment.

His approach to intelligence is notably balanced. Human Intelligence, by Earl Hunt,  Cambridge University Press 2011 (Contents: Tests, theories, taking intelligence beyond psychometrics, the mechanics of intelligence, intelligence and the brain, the genetic and environmental bases of intelligence, the use and demography of intelligence). He commonly concludes that in the big debates the main protagonists have gone well beyond what can safely be concluded from the data. He is quick to pounce on authors who show selective attention to data, quietly suggesting that they are acting as attorneys rather than scientists. Helpfully, he explains key concepts in tutorial fashion, and is willing to spend time clarifying arguments, signalling where the methodological pitfalls lie before jumping in with an opinion, though he does not evade a final judgment. His section on race and intelligence is very balanced, and pays due regard to what we do not know. Some readers will find him too cautious, and no-one can command agreement on their coverage of all topics, but readers will be informed without being misled, and will be wisely guided into a complex and fascinating subject. 

Friday 1 February 2013

Username ? Password?

Some psychological concepts are hard to communicate. Either that, or psychologists are so prone to jargon that they fail to communicate even very simple ideas. Whatever the reason, it is hard to explain security/access trade-offs, particularly without drawing graphs.

Currently the Web is set up to provide as much security as possible “to keep you and your data safe”. You already know the routine: you are first asked to set up a username. This is not your name, which would be too easy, but the name given to you by the service provider. They may sometimes send you a username, which will not be a name but a string of digits and letters. Sometimes they let you choose your own, and give you helpful hints, such as combining your surname with your initials and your birth date. Other websites allow you to use your email address. Incidentally, when you try to login again later on, none of these websites will give you a clear indication which of these conventions they have adopted. All this, for your security. If they had the decency to remind you on the front website page which sort of username they wanted, it would be easier for you to remember it.

Then, they ask you to provide a password. At this stage, you enter your favourite password, which you use with all websites, in the way that you use your name with all your friends. This procedure is frowned upon by web security experts, who tell you to alter your passwords. Anyway, you enter your password (having written it down somewhere so that you can remember it when you enter the website again, a practice also frowned upon by security experts) and the website rejects your efforts. At that late stage, triumphantly, they tell you that, as far as they are concerned (for your safety) you must use upper and lower case letters, and/or some numbers, and/or some punctuation marks, and/or a certain password length. You end up with a password you have never used before, which you write down somewhere. The passwords are assessed for strength, and not for memorability. Memorability is suspect.

Naturally, when you return to the website a month later, to check a bill or to re-order something, you hit a blank wall. You recall neither the username nor password. You have lost access. You try some of your usual combinations, all of which are rejected. Access is then permanently blocked. Now you have to go through a tedious routine to try to regain access, possibly providing answers to key questions you have been asked for security purposes, answers you have already forgotten.

Of course, the problem lies in security experts not considering the limits of human memory. Our own names are so dear to us that an EEG will show a blip if our names are called quietly while we are soundly asleep. We even mistakenly “recognise” our names in ambiguous sounds. We cherish our names. Usernames and passwords are not so familiar. We do not over-learn them. Websites provide us with very few contextual cues, of the sort we can use when we go on a real journey, and start recognising familiar roads on the way to a rented holiday cottage we visited three years before. So our memory for passwords is poor, unless we can use a favourite.

Even then, some websites most definitely do not want you to remember and re-use your well-remembered password. Bad security. So every 3 months they ask you to change it. UCL follows this routine. Even more bossily, they reject any new password which is too like your last password, and they have the ultimate say as to what counts as too similar. Distressingly, there are no rewards for choosing a strong password in the first place.

Is there a way out of this trap, in which we are denied access to our own filing cabinets and our own internet front doors?

Some argue for technical solutions: iris recognition, finger print recognition, code generating devices and so on. This somewhat misses the point, because the basic problem remains: if you set security requirements too high, access will be made too difficult. This would also apply to devices, because they too have error rates. Notice how often iris recognition devices fail. People have been spooked by worst case scenarios into demanding too restrictive barriers to entry, and applying them too generally.

We need to balance the cost of a security breach against the cost of losing access. Set security too high (as at present) and access is frequently lost. Set access too high and security may be compromised. Ideally, we would follow the simple equation: Risk = probability of an event X consequences. We do not have good estimates of risk, and only partial and entirely personal estimate of consequences. Money can be made by security providers from frightening people about internet insecurity. Less money can be made arguing for easier access.

One approach would be to grade the security/access trade-offs into three categories: high, medium and low. 

In the High category would be bank accounts, credit cards, and anything else you decided you personally wanted to put into that category.

In Medium would be entry to most websites offering things for sale, because no payments could be made without later hitting High security payment barriers (the secure payment website http area).

In Low security would be most other sites, including all the social media in which the purpose is to communicate to the world what you are eating, drinking and, possibly, thinking. Why demand high security if your inter-personal behaviour is low security?

Notice some of the advantages of this categorisation: the consumer gets to choose. You could elect to have everything at High security levels, and use a password generator for most of your sites. Some banks provide these devices, which only generate passwords when you enter your own PIN number, and the pass code must be entered within a minute. Three failures and you are locked out of your own piggy bank.

Another approach would be for websites to reward you for choosing stronger passwords. They could let you keep them forever (or for precisely the thousands of years of computer time it would take to crack them). Sites could be labelled clearly with their security requirements (not just the padlock symbol and https later on) so that you knew what levels of security the provider demanded before you provided a username to use the website. I certainly don’t want to think up new usernames and passwords for a plumbing website. If they won’t very clearly accept my own offers, I will shop elsewhere.

The current system infantilises us. It assumes we have to be protected, and cannot make any judgments about risk. It is also a blame game: unwilling to ever be sued for poor security, providers place the onus on us to manage entry, and regard our loss of access as our own fault. It is akin to airline security requirements, in which no airline is allowed to openly state that it will do spot checks on its passengers, using whatever risk estimates it likes, in return for faster access to planes.

Edward Teller, the father of the Hydrogen bomb, understood the security/access dilemma. He argued the extreme case, which is that nuclear weapons scientists in the US should not be hampered by security restrictions (which severely inhibit scientific cross-fertilisation) but should be able to discuss whatever they like, thus creating such a ferment of innovation and manufacturing prowess that the open society would always surge ahead of its enemies.

At a more prosaic level, most of us are willing to protect our houses with one, or at the most two front door keys. We know that determined burglars can always use a JCB bulldozer if they want to break down a door, or even a wall.

So: “No pretty-good security without pretty-good access”.