Not too long ago I considered a concept called the Last ID, which would be a universal identification and authentication system initiated by the US State Department. As many people have noted, there are purportedly millions of people around the globe who perceive their stake in American government seriously enough to wish they could vote in American elections. I suspect that some of this is a result of the paranoia endemic in the viral vectors of Bush Derangement Syndrome, but certainly it does make some sense independent of that propaganda. So I promoted the idea:
Three movies come to mind when I think about how difficult it is to find ones family in war, Blood Diamond, Schindler's List and Hotel Rwanda. Forget about American civil liberties for a moment and think about what an enormous service to the world it would be if we went made a huge locator database for every human on the planet. I'm willing to suggest that a proper system wold be of tremendous benefit to humanity if it were done with the LLP concept in mind. That is to say you could absolutely and positively identify people but that through LLP, the people themselves would be in control of the associations known to the system of authentication.
And with that control of associations in mind, Fernandez of Belmont reports the following:
A paper in an Australian policy journal has proposed letting citizens choose their degree of relationship to the State in proportion to the degree to which they intend to be dependent on its assistance or guidance. Recalling Ronald Reagan’s famus dictum that ‘The nine most terrifying words in the English language are, “I’m from the government and I’m here to help,” ’ the authors propose that people be free to choose either to declare their dependence on the state — in which case they may be told what to do — or opt to be relatively independent so that in most cases, the government would simply get out of their lives. The need is urgent, because if something isn’t done, an increasingly intrusive government will simply consume all available free energy.
As Fernandez astutely recognizes, as soon as we opt out of citizenship, well everything breaks. I mean what if you're a welfare guy who doesn't want to spend a dime on "Reagan's Army" aren't you dependent on the army anyway? And what if you're a rich guy who doesn't want to spend a dime on "Carter's Welfare", aren't you dependent on those millions as well? If the state can't compel, it cannot rule, it cannot protect. There are only very limited ways that second-class citizenship can work, and practically speaking we already have it through the tangle of loopholes that are our lack of enforcements.
This is a consideration with regard to the applicability of
voluntary association in a national identification system - if you
allow opt out, people will probably hedge their way out of as many
obligations as possible. In which case you are going to have the kind
of situation in which banks might find themselves - lending out money
they don't actually possess based upon their assumptions about how much
people would withdraw at any time. What is the liquidity of obligation?
Now that I am pretty much officially thinking like an old man, I will speculate about a particular fear. That fear is that America becomes a military dictatorship. Why? Because only men like John McCain understand and respect the idea of sacrifice for higher purposes.
Two things have to fail of course. One is the moral courage of the elites that run things today, and two is the belief by the military in the sanctity of the Constitution. I think we're a long way from both of these situations, but I may be looking at the wrong indicators. So my fear may or may not be justified and the threat is not clear or present. The problem is that I keep seeing the same things Gerard does, and I get fed up.
I want to hate the lazy slobs of our public and retreat to some corner where sweet reason if not prevailing is at least present in heaping gobs. Why do I feel more and more like Colonel Jessup?
One of the implications left hanging in the discussion of habeas corpus and a reasonable right to security in my proposal of a domestic intelligence organization similar in charter to MI5 is this, the regularization of surveillance.
The basic problem with injunctions against surveying known innocents and protecting those same innocents from local threats is that the latter requires the former. Let us take an analogy of toddlers at the playground.
Most of us are familiar with the dreaded parental duty of taking kids to the park. It is a dreaded duty because it requires that parents generate a new set of skills, which is to be able to see when and if your kids are getting into trouble without obsessing and driving yourself or the kids crazy in the process. I have three kids which are very close in age and so I have been tested to the limit. You take them to the playground and let them go and then you go sit on a bench and try to get some peace and quiet. Every minute or so, you look up to find out if your kid is still doing the relatively safe thing they were doing a minute ago or if they've wandered towards the edge of danger. This is surveillance.
As a part of this surveillance, you're also watching other people's kids who may be playing by other sets of rules. For example, if your kids are not permitted climb trees or are unskilled at the task, you have to watch out for kids who do, as they will seduce your kids into this dangerous fun. Two of my kids are adept, one is a little slower. I have watched other parents go Defcon 1 when they find my kids have treed their kids. I know my kids don't curse, so I watch out for kids who do. Same thing with throwing sand, losing shoes, etc etc. A good parent knows how diligent to be and when to intervene, when to panic, when their instructions will be followed or defied. A bad parent leaves their kids unsupervised. Then again, this depends upon the threat level. Are the swings full? Is there a teenager spinning the merry-go-round at 100 RPM? Are kids going up the slide the wrong way? Are you the only parent? The dynamism of this situation is extraordinary. Just ask any parent.
Sooner or later you get good, and your kids grow their own sense of security. But that only happens because you have a big fat history of surveillance to know the little things that end up being big things. Soon you can spot a trouble-maker kid in 20 seconds.
The problem with America's domestic surveillance is that we don't really have any, and because we want some, we are suddenly forced into a situation rather like having your cousin Pookie watch over the kids for you in the park. He doesn't have the skills. If you want to understand when abnormal activity is happening over a communications medium, you have to know what normal activity is. In other words unless the watchdogs have established some kind of baseline as to what non-terrorist activity looks like over our nation's telecommunications networks, we are hard-pressed to find out what terrorist activity looks like. It is a fundamental conundrum that must be resolved.
It seems to me that the solution is to develop a protocol for our own MI5 that allows them to look and holds their information in escrow of some sort. The problem isn't what the Bush Administration is doing, it's that too many people simply don't trust them to do what it is they do. We've had a series of FISA reforms since this problem broke, and the Administration has almost always gotten their way each time. That's because nobody in Congress, rightly, wants to be held responsible for foot-dragging on the connect-the-dots enterprise. Quite frankly, I don't like the broken firewalls and the hugeness of Homeland Security. So I say create something relatively new and let it do what needs to be done.
Like most of you, I read today in two different ways that the Kennedy family has annointed Barack Obama as the heir to American Camelot.
Caroline Kennedy writes in 'A President Like My Father';
I have spent the past five years working in the New York City public schools and have three teenage children of my own. There is a generation coming of age that is hopeful, hard-working, innovative and imaginative. But too many of them are also hopeless, defeated and disengaged. As parents, we have a responsibility to help our children to believe in themselves and in their power to shape their future. Senator Obama is inspiring my children, my parents’ grandchildren, with that sense of possibility.
...I have never had a president who inspired me the way people tell me that my father inspired them. But for the first time, I believe I have found the man who could be that president — not just for me, but for a new generation of Americans.
As you know, I happen to think that in many ways the comparison is apt. That puts me in the class of fuddy-duddies who would have said that Kennedy was too young and inexperienced to run this nation. But you can't deny that he appeals to the young - just like the Beatles.
You know what scares the bejeesus out of me? Not that Obama wins, but that he wins and gets assassinated, just like JFK. This country would go completely bananas. Absolutely, positively apeshit. The level of domestic chaos following the untimely death of President Obama would make me want to pack my stuff and move to...hmmm... Omaha to wait it out with the guys at Berkshire Hathaway.
Now I remember what was on CNN last evening when I went to Friday's. It was a poll to see whether or not people believed it was unconstitutional for polling workers to ask for ID when people go to vote.
Well you should know that this is one of those long lingering boogie men that haunt the minds of your more loopy civil libertarians - that it echoes of the racist discrimination of the Jim Crow South. Now there was some constitutional amendment, I think, or other such federal case that was made out of this matter, and it had gone to the back burner, rather like interracial marriage. But of course like interracial marriage, some people just never get over their poor home training.
Now I don't know much about the average level of self-esteem in the average African American but I've seen paranoia in action. Don't laugh. It's a sobering thing. I've also seen racial profiling up close and personal. In fact, I've experienced my share. So believe me when I tell you that it is not far from consideration that the very idea of being asked for ID at a voting booth is liable to move people into diatribe mode about setting the race back to slavery days. With any luck, my lighting rod will pick up such very arguments. (If not I'll google a blog or two and trackback).
If I were a Baptist preacher in Los Angeles, I would offer the following sermon:
You know I'm right.
If you don't know me by now,
You will never ever really know me.
-- Kenny Gamble & Leon Huff
I can't decide whether or not it is good for me to be famous. But my preliminary conclusion is that it is bad, primarily because fame is something you cannot manage. That is, fame for the average person is bad because the average person cannot manage it. But for the celebrity, fame is good.
Sunday, I took Boy up to Six Flags Magic Mountain. The best ride there is called Tatsu. We waited in line for 2 hours before we got our thrill on. During that time, we were chatted up by Michael and Suzanne. Michael is in Hollywood, he's an actor and producer and it wasn't 10 minutes before he handed me his card. Suzanne is a train the trainer at JPL, I got hers too. It was a cool and wide ranging conversation about everything from 50 meter objects hitting Mars, rodeo poker, pilots in North Carolina to NASCAR family dynasties to the movie Four Brothers to hoodies with eye-holes. We also talked a lot about the software and film industries. What I love and hate about Hollywood folks is that they are dysfunctionally over-sociable. Every conversation comes back around to The Business, and that's how people in entertainment get work. Parties are marketing opportunities. It permeates your life. And so I get their business cards and websites and IMDB listing quickly, as opposed to conversations with normal people In which I never get such information.
Hollywood folks are prepared for stardom and fame. They have a way of living on the very edge of it, of being teased by it, of nursing it. They see it in a different way, I think, than the rest of it. And the ones who survive have to manage it well. Similarly, I have had to manage fame in being a notable blogger and on-air personality. I pay very close attention to how I'm known, why I'm known and most importantly, how I would deal with the possibility that I could become very well known. So when I talk about identity, I pay close attention to how I have changed mine as an online persona over the years, and how actors and celebrities have a close or far distance from the way they are known.
An actor has become a different thing, I think in our society. The discipline has been transformed over the 20thC, as has the nature of celebrity and fame. It has to do with the pervasiveness of media and the extent to which an actor is perceived as being authentic. I'd like to use the term 'actor' almost interchangeably with 'agent'. Not agent as in talent agent, but more like secret agent. An actor is a person but an actor has a role. An actor's credibility, his fame comes from the success of portaying that role. The success accrues to the root person for something that may or may not have anything to do with who the person actually is. The actor, unlike an agent, does not set out to deceive his audience against their interests, but the efforts are similar. It is a confidence game.
Nulan has an interesting take on being in the world but not of the world, and I immediately think of subversion of hegemony. Subversion is not implicit in living off the grid, but the matter of the social contract is deep within the presumptions of dropping out or participating in some subculture or alternative lifestyle. There are inevitable political costs to social independence.
This brings me back to fame and identity, belonging and the social contract. How much does fame help or hinder? People want to claim R Kelly. People want to claim Benazir Bhutto. Name recognition and the familiarity with an accepted credible act is the currency. Both Kelly and Bhutto know how to parlay and manage that fame regardless of the acts of the person. They are big enough to compartmentalize and they manage that well. They get the benefit of a doubt. They are influential enough to merit a double standard, which they have earned in the eyes of millions.
I think this is a unique skill that is being brought forth in contemporary times - to have legends and multiple titles and mythologies associated with one's persona. I always look towards myth and the history of kings and rulers in anticipating the things that wealthy and powerful people in America will expect for themselves, some portion of which will trickle down. We didn't always, in the broad middle class, have credit but the expansion of the American economy meant that would come. So manipulations of identity are coming down the pike to American whales, and then to the upper-middle class.
My association with Hollywood folks will help me understand the vicissitudes of fame management and my tech background will help me understand what's up with managing virtual selves. It should be an interesting combination. I'll be blogging on it this year.
A month or so ago, I chanced upon a website that advocated a new kind of contract between persons. They called it a limited liability persona. It was a very cool thing and I think it's the future of identity. At least I hope so.
Part of the problem with identity theft these days is that ultimately it all boils down to a few small keys and then you're busted. Most of your most significant IDs are keyed by your mother's maiden name and your social security number. Most people should know by now that there are duplicates. It also doesn't take much to forge a number. The idea that's cool about the LLP is that you can establish your own authentication independently of every other kind of contract you have.
When it comes to a national ID, there's a certain amount of paranoia and ignorance. It's probably something I should get involved in a bit more in. I checked out a video not long ago - the guy from Sxip talked about identity 2.0, but that whole conversation seems to have disappeared, or at least some of the experts have gone to secret projects. It rather reminds me of the time several years ago when we were talking about micropayments and the 'impossibility' of setting up that thing which has become PayPal. There's a certain inevitability to it, you just don't know where it's going to come from.
I had a conversation with myself the other day merging the four factors, GWOT, LLP, Immigration and Identity Theft all into one.
One of the interesting things I discovered is that one of the reasons we know there are about 12 million illegal immigrants living in the US is because the credit bureaus know. They keep databases and they share databases. Let's think about the capability right now, and let's do it in terms of voter fraud. In approximately 30 seconds, from a million locations, I can create a connection that talks to some number of computers and gets 40 bucks out of my bank account. I'm not talking about ATMs, I'm talking about cash registers. I have a PIN, I have a 16 digit ID number, I have an expiration date and a three digit code on the back of the card for additional validation. Your kids and my kids are used to getting gift cards that just sit in large displays at the local supermarket ready to be activated for 25 bucks worth of iTunes downloads. That's kind of like the LLP, it is a persona you create just for the purposes of music downloads, and the security system allows you to activate it for a preset maximum. There are never going to be concerns about duplicate numbers on gift cards. You just use big numbers.
If I were president, the first thing I would do is to initiate a worldwide census. I would direct the State Department to publish all of the kinds of persons we recognize and start keeping tabs. One of the great difficulties we have in dealing with the War on Terror is that we haven't dealt with a couple realities. Consider them:
1. Detention is the Ultimate Solution
As Edward Luttwak points out, all guerrilla wars, urban or rural (urban guerrilla is a common euphemism, meaning terrorist) can be won by detaining every human being who might possibly be an enemy, holding them securely until the war is over and the winner is clear, and then releasing them without punishment. Like, duh, man. Which has more negative impact on innocent civilians: internment in a civilized detention center, or involvement in a civil war?
...The insurgents require the population to act in a certain way -- support, sympathy, intimidation, sometimes just reaction to provocation, you know? And if you can take that reaction of the population away from them, it's extremely difficult for them to achieve anything.
That's why the surge is not only a matter of putting extra troops into the country, it's what they do when they get there. And what they're doing is going into areas and not leaving. And they sit with the population, partner with them, help them defend themselves. Keep the enemy away. Prevent them from coming back. And if you like, restructure the environment to hard-wire the insurgent out of it.
Three movies come to mind when I think about how difficult it is to find ones family in war, Blood Diamond, Schindler's List and Hotel Rwanda. Forget about American civil liberties for a moment and think about what an enormous service to the world it would be if we went made a huge locater database for every human on the planet. I'm willing to suggest that a proper system wold be of tremendous benefit to humanity if it were done with the LLP concept in mind. That is to say you could absolutely and positively identify people but that through LLP, the people themselves would be in control of the associations known to the system of authentication.
Now for the purposes of GWOT and Immigration, I imagine that there would be certain absolutes built into the system - which represents the capacity to replicate authentication that we have today. The best ID anyone has, or any garden variety civilian has, is a national passport. That's the thing that is recognized worldwide. So perhaps as a minimum, in the Last ID, your nation of citizenship and all things that State Departments attach to that, would be retained. IE I would have no control, when identifying myself, that I would reveal my nationality and consequently my status with my home country - all the stuff that an immigration control agent would have at customs. But whether or not I wish to give permission to associate my credit report or medical records would be entirely up to me.
Ultimately, the cost of not doing this is what we are up against.
Americans will have a very low tolerance, given the openness of our
society, to domestic terrorism should it rise above a certain point. I
have every expectation that we will, for the sake of security, submit
to a regime of national identification which supercedes the present
system, warts and all.
Fish entertains paranoid fantasy in his continuing docu-drama of the great evil conspiracy of white supremacy. This week the stars are Francis Cress Welsing, the grand dame of the crackpot racial theorists, the woman who wrote the worst book I ever read. And even more wacky, he goes all the way to the Planet of the Apes. I guess he's going to have to get all that out of his system.
In the spirit of racial paranoia, I picked out a few discussions around the 'sphere to see what folks are talking about tangential to those things and people that might destroy our precious bodily fluids.
That should keep you busy.
Me? I'm going camping up at Big Bear Lake. Practice my redneck survival skills. Then it's off to Redmond to meet the great poobahs of the Borg. I wonder if they are as scary as I've always heard...
Richard Posner's proposal for a CT Circuit prompted me to say the following in substance:
Given a choice between countering terror and protecting civil liberties, most courts in the US will protect civil liberties. That is because most judges in the US don't know much about countering terror, and judges tend to talk what they know. He suggests that what we need is a Counterterrorism Court.
It is clear that our criminal courts and FBI are unsuited to properly investigate and prosecute possible domestic terrorists.
It seems to me that it is most important to be proactive in this manner before we start writing law under duress. The import of this discussion is supposed to be, how do we avoid bastardization of law and misapplication of war powers in the wake of domestic terror attacks. If you don't like the Patriot Act, then the answer is to come up with something better.
There is no question, considering COINTELPRO that domestic radicals and subversives can be infiltrated. But it's rather common knowledge that the FBI was exceeding its mandate in that regard. So too Posner asserts that their charter did not allow them to exploit the potential of their infiltration of the Florida cell wrt bombing the Sears Tower. Once they infiltrate and develop evidence that can result in a criminal prosecution, they're done. It isn't within their ability or charter to connect dots back to kingpin organizations.
We shut down the mob with RICO. We don't have such tools to deal with domestic terror. We have the capacity but not the organization.
When the British are cited for having London as the most surveilled city in the world with their 'Ring of Steel', people often forget that their MI5 is a domestic spying organization. MI5 of course has the experience as do Londoners of dealing with car bombs in the city on a regular basis during the decades long conflict with the Irish Republican Army. We have no such experience.
There are many folks who argue reasonably, among the many more who do not, that the Executive branch has gotten out of hand. As well, there is a theory that the GWOT should be a 'police action'. So Posner's suggestion should be welcome to those who are interested in total victory as well as those who continue to sweat bullets over the Bush Administration's troubles over FISA warrants.
In the past week, Congress has, according to the anti-war crowd, caved in on new legislation surrounding the matters about warrantless wiretaps in pursuit of terror investigations. This is primarily because, as every one of their arguments I have seen plainly state, that crowd fears political reprisals. All of the FISA squawkers keep thinking that Bush is just a heartbeat away from Nixonian dirty tricks. I can understand a bit of cynicism, but this has descended into paranoia. There is one single significant civil liberties violation that has taken place under Ashcroft and Gonzales, and that is the Hamdan case which was eventually, if not promptly, checked by the Supreme Court. We have entered a period in which the President isn't even allowed to fire at will employees without raising a cloud of suspicion.
As an aside, I have not been following the inquisition of Gonzales, but it occurs to me that without the benefit of a doubt, there are very few people who could stand up to the level of harassment he has been getting at the hands of Congress. I worry about having people in office who are so calculating that they could. Then again, I think Janet Reno accorded herself with an order of magnitude more finesse than Gonzales, and I trusted her.
But what's clear again is that the Congress is ineffective in doing anything constructive in law that assists in victory over Al Qaeda on an independent basis. Instead they have spent all of their time countering executive orders and frameworks of dealing with matters like the definitions of enemy combatants, advanced interrogation techniques, funding of armor for the troops, the legality of GTMO, the Plame investigation and of course FISA, all of which they have lost.
But the problem with all of this SIGINT interception is my guess about how the process might actually work. To be in compliance with the law, which seems insufficient, and to use technology properly which is non-trivial is something that seems very difficult, inherently difficult to know. For example, the difference between the word 'concerning' and 'direct' as Kevin Drum notes, can make a big difference in the scope of data to be processed, whether or not one is alarmed at potential political hijinks.
From my observations of the technical aspects of this job, I understand that the more data that is selected, the less effective data mining techniques will be. My guess is that the NSA have more data than they effectively deal with and that they are archiving it until somebody comes up with a better mousetrap. If I were a betting man, I'd look at something like Hbase. Anyway, I'd be very interested to know about the methodology and that makes a difference.
Lets say, for example, you have the capacity to pull everything during a period of high chatter. That would be easier to do than to maintain a set of filters at the distributed points in your collection system. On this principle it works a little like your Google Mail. You get all the spam and you are able to hold it in your possession until you physically clear it. This gives you the opportunity to review all of that stuff you believe has a high probability of being spam in case some of it is not. If your best-guess filters toss out all spam at your collection points then you increase your number of unknown unknowns. Without filtering at collection points you can possess a large pool of data, and yet without investigating its contents, process it with a smart set of tags. You can then connect some dots based on the smart tagging and reduce your potential set of data to a more reasonable size. Again this is like labeling your Google Mail by doing a search on the To:, From: and Date: fields but not on the content.
Now to do voice recognition on the content, I think that would essentially require a warrant, which is different from wiretaps, because wiretaps aren't discrete. A telephone conversation may or may not be 'loaded' with actionable information. In an ordinary telephone wiretap you can only listen for and use stuff surrounding key words and I believe you can only possess the key sections of the conversation. Surely the FISA and all 'wiretap' laws are the basis upon which SIGINT must conform. These would be easy to circumvent as phone caller. I could play a game of treasure hunt, setting up times and phone numbers that send parts of a complete message in a series of phone calls. And of course as a cryptanalyst at NSA I couldn't know this was being done without access to greater sets of data.
Again, I'm only scratching the surface with my conjecture, but I know a great deal about how the changing of one word in a system requirement alters the way the technology is applied to a problem, and the technologist always knows where the holes are before the people writing the specs do. By the time rigorous protocols for users of the system are in place, any number of realities may have changed. So my sympathies are with the DBAs of course - the tech people who have to maintain these monstrously huge repositories (hmm, and suddenly I realized why Lee, my good buddy is so jazzed about the random access voicemail downloads he gets pushed to his iPhone), who know where they might look but are restricted from looking.
But SIGINT is only a partial solution as Posner and now I understand. The greater problem is the lack of judges America has with experience in dealing with these kinds of cases. Surely there are more than three judges in this country who can assist in the GWOT. It doesn't take a genius to figure out that the FISA approval process is a bottleneck, whether it's retroactive or not. The more focus that the political opposition gives to this FISA stuff, the more we are vulnerable.
The executive and activists on their behalf wouldn't need to bear such paranoid or well-motivated scrutiny if the other branches of government had credible victories of their own.
Richard Clarke's Breakpoint is a thriller of bizarre proportions. Reading it on the heels of Michael Crichton's Next makes me feel that perhaps there certain fairly interesting ideas out there that makes the future full of interesting possibilities. It is one of the more entertaining books I've read this year. I recommend it.
Richard Clarke is another person whose material contributions to the country have been completely obliterated by the politics of vicious ripping and staunch defending of the Bush Administration. As I parse back through a large number of unfinished posts, this pattern is emerging - details that have become politically insignificant as the MSM, opposition, loyalists and blogosphere move their debates to new ground.
These days Petraeus is about to become another symbolic goat or hero in the same way. I am rather ashamed at how juvenile our democracy can become.
The number one thing that the CIA did that became known as the 'Family Jewels'? Well, you still can't know. But you can know a lot of the other things. My guess is that the worst possible thing that might be revealed is some complicity in the murder of King, X, Kennedy or Kennedy and probably through complicity with the FBI's complicity with local police. Which is to say perhaps some sources, but more likely methods were intentionally leaked from CIA to FBI and such info found its way into the wrong hands which acted in effective ways they otherwise could not.
This is my speculation given the 12 pages I've read of the newly declassified Family Jewels document released this week by the CIA.
The Roselli thing seems to be rather old news, or at least a secret that wasn't very well kept. There was plenty of Wikipedia on that guy long before the disclosure of this document. Basically , everybody knew in some way that the CIA was trying to kill Castro. No big deal in that release.
So where was Nosenko's jail. Hmmm. GTMO? Anyway, here's a guy out there debunking (for profit?) various aspects of the Nosenko legend. If I were particularly interested, I'd take an MD5 of that webpage and see if it changes within the next year.
The Mockingbird project seems almost tame considering the kinds of things that Chomsky would suggest that the CIA does or has done with respect to manufacturing consent. When I first read that book, I was convinced that the CIA was up to having plants at the NYT who were deep, deep undercover. And to tell you the God's honest truth there was always something about Jack Valenti that made me suspect that he was up to a lot more than he let on.
All of this divulging is good, of course. There will certainly be people who will take the time and effort to get through this large document to adjust their understanding of various CIA dirty laundry. But as various folks pick through it, I am brought to mind of the various firewalls that AG Ashcroft mentioned during his testimony about 'connecting the dots' and Homeland Security. I thought he was being particularly scrupulous in an environment of fingerpointing and political spin. The interests that enjoyed portraying the government as corrupt and stupid, especially those who find 'military intelligence' an oxymoronic joke appeared ever so willing to bulldoze those firewalls in the days of Ashcroft's complaint. That these revelations of piercing that veil remain high on the list of CIA faux pas (is 'faux' plural and singular?) suggests to me that these firewalls are taken very seriously.
But it also suggests to me that like the NSA, there are probably other agencies which "do not exist" who are less restrained. The AGs office must certainly know. We don't do jack without attorneys.
Also one more thing. I remain fascinated by the potentials of 'proprietaries' and cutout organizations. Consider this claim about the Ford Foundation.
By the late 1950s the Ford Foundation possessed over $3 billion in assets. The leaders of the Foundation were in total agreement with Washington's post-WWII projection of world power. A noted scholar of the period writes: "At times it seemed as if the Ford Foundation was simply an extension of government in the area of international cultural propaganda. The foundation had a record of close involvement in covert actions in Europe, working closely with Marshall Plan and CIA officials on specific projects" (Ibid, p.139). This is graphically illustrated by the naming of Richard Bissell as President of the Foundation in 1952. In his two years in office Bissell met often with the head of the CIA, Allen Dulles, and other CIA officials in a "mutual search" for new ideas. In 1954 Bissell left Ford to become a special assistant to Allen Dulles in January 1954 (Ibid, p. 139). Under Bissell, the Ford Foundation (FF) was the "vanguard of Cold War thinking".
One of the FF first Cold War projects was the establishment of a publishing house, Inter-cultural Publications, and the publication of a magazine Perspectives in Europe in four languages. The FF purpose according to Bissell was not "so much to defeat the leftist intellectuals in dialectical combat (sic) as to lure them away from their positions" (Ibid, p. 140). The board of directors of the publishing house was completely dominated by cultural Cold Warriors. Given the strong leftist culture in Europe in the post-war period, Perspectives failed to attract readers and went bankrupt.
The collaboration isn't shocking, and today we already know what's up with Sciafe and Right Radio. But you gotta admit it's a bold, if not particularly effective idea whose time will inevitably return.
For about the fourth time, I have put together a PGP arrangement. As usual, I wonder if there is anything at all that I know which is worth protecting and communicating. I know that there is, the problem is that there is nobody worth communicating it to.
Not long ago I wrote in my Normblog interview:
I confess that I am drawn to spies and, to a lesser extent, priests. They hold in their heads ideas that are worth killing and dying for, and yet unlike writers and intellectuals of other sorts, they are restrained by ethical virtues from gaining any notoriety, wealth or respect from the dissemination of said ideas. Anyone can blurt the beautiful and be blessed, but there is nothing so frighteningly powerful, I think, as an idea whose time may very well never come. They are the reverse of us who clamour for glory and vindication.
The other day, NPR was interviewing a physicist who had recently become curator of the LA Natural History Museum. I think she is bound to turn that stately place into another popular, bright something-a-torium with a McDonalds. But I tend to think she is not the proper physicist. That is to say, nuclear secrets are the most haunting creation of the last 100 years. They are obscured by their own inherent complexity and by extraordinarily well-funded aparatuses of security. I would think that a proper physicist would spend as much time as possible in close proximity to those touchstones. But she struck me as a pure scientist in search of order and wonder and discovery. I might be defective in my attraction to the forbidden fruits of the world's most highly guarded mysteries.
In my own profession I have been astounded by the lack of security. I basically have had access to the financial data for every company I've worked for for the past 20 years. None of them have ever employed a system to keep that data out of the hands of IT personnel. It's a strange thing when you think about it, you trust the implementation of security to people who should actually never have access to the thing which you are securing. It's a small problem that might have been addressed somewhere but not often, and maybe not well.
So I conclude that I don't know jack.
There is no inherent value in anything. Somebody has to desire it. Then that means somebody has to be aware of it. Part of the difficulty in security is that people have to recognize that something is of value to someone else before it is secured. And unless there is some kind of healthy market for contraband, most valuables are not really valuable. It's the old paradox which is that it's much harder to get 50K in cash than it is to get 5 million in bonds, because everybody knows what to do with 50k in cash but only a few know what to do with 5 million in bonds. The bond market may have high barriers to entry, but I seriously doubt that bond traders are scrutinized as thoroughly as people asking for a second on their house. But what do I know, I can't get either. The point stands however, I'll use a different example. It's easier for me to bum 20 for lunch off a colleague than for an actual bum to get spare change. It's all about the exchange.
So what might be secured is not secured because nobody understands the value. Conversely some things that are obviously valuable and secured are difficult to sell because markets are small and illicit. How might one go about selling corporate secrets, for example? I think it's something that perhaps only attorneys understand, living as closely as they do to what is and is not prosecutable.
There's another interesting twist on this subject which is the value of knowledge. That has to do with the ability of a resume to convey what is true about one's experience and knowledge, versus what is valuable about one's experience and knowledge. My current resume only goes back to 1988, but it could go back to 78. I can't know what I might gain or lose by exposing that part of my life. Indeed how much of one's life is for sale in a resume? I think I lack the one thing that would make some of the details irrelevant, which is a Summa from an Ivy League. That kind of BA would be just fine for my temperament.
There's a fundamental aspect of intelligence and privilege which defines our meritocracy and corrupts it. That is that smart people get to do what they want to do. They don't get proper scrutiny. And yet when they do, we kind of hate it don't we? It didn't matter how qualified Paul Wolfowitz' girlfriend was, nor how much money she could have objectively made with her skills anywhere in the world. Everybody got to have a turn at bat when she became a political pinata.
They say it's not what you know but who you know. The problem is that when you get to know a lot about something, there are fewer and fewer 'whos' to know. It's easy to get trapped in a hierarchy of knowledge that restricts your ability to cash in on your knowledge. Often it's necessary. You must build value into something by keeping everybody in the loop at a low cost with low liquidity until it's time to sell.
It starts with 09 and ends with C0. It's a 128bit key that unlocks, given the proper software, all encrypted HD DVDs and Blu Ray discs. I was made aware of it just this morning, not quite by accident, but because I'm a news junkie and I have software agents that find stuff for me. Given that, it only took me a couple minutes to find the code I need to crack the AACS protection scheme. I'm not going to publish it, that would be unethical, like publishing Richard McBeef or Nick Berg's beheading. But it is a fascinating thing.
In the latest battle between the hackers and the hacked, the hackers have won. But the hackers should win because this is a war over the right to know. Interestingly enough, here in my ancient hotel with only 20 channels of television, this parallels an episode of Dr. Phil that I was forced to watch last night out of pure boredom. Some chick and some dude were on an episode of 'Is this Normal?', which I imagine to be a regular segment for Dr. Phil. And the chick was obsessing over whether or not the dude was cheating on her. So she would text him 80 times a day to see where he was, demanded his passwords to his PC, checked all of his personal and work email, checked to see how much gas he used in his car and even checked the position of the passenger seat in his car. She was hacking him obsessively because she desperately needed a daily assurance that he wasn't cheating. There was basically no trust in the relationship. She felt she had a right to know.
Besides the fact that dude was a total doormat it's clear that the provocation was the chick's fault. But in the case of hackers, their provocation is necessary. That's because, as was shown in the DeCSS case, students need to be able to communicate security. Now simply because it's widely known that classrooms are hacked for the sake of DVD piracy doesn't mean you can restrict that speech. Part of the outrage, if any, that will ensue from the decisions of Digg and others to stand by the free speech argument is that relatively few people pay attention to other hacked classrooms.
Given a healthy or morbid obsession, everything can be hacked. You should always assume that somebody somewhere wants to hack you, what you know and what you do. But the crazy part is, like the obsessive chick, they really don't want to leave you.
Obligatorily, I think it's unethical for me to publish the number because I'm not involved in the business or avocation of teaching security or low level programming, but I think it's clearly ethical for those who are.
I walked all over Philly today. I still don't know all the places I've been.
I started at my hotel and went around the corner to The Bourse. A bunch of kids were out of school evidently. I couldn't find a sweatshirt appropriate for my collection. So I circled the place a couple times. then I headed downstairs to the little bookshop. I figured they could tell me where I could get to a public internet place. None of the branches of the Philadelphia Public Library shows up on Google Maps, and me without a functional air card or power cord for my laptop. That was at Fourth and Ranstead. She said the library was at 7th and Chestnut. OK. Easy enough.
So I headed out and wound up at the Mall. I decided to snap some pictures since this time I brought the Olympus. I walked around the Liberty Bell building and acted suspiciously in front of the guards. I don't know why I do that, but whenever I enter a security situation, I start evaluating the security. There were guards on every corner and I got pictures of most of their positions without looking as if I was. Actually, I think the security is pretty good around Independence Hall and the Liberty Bell. From what's visible however, a determined assailant team could do damage. Anyway. I got a phone call and handled some business as I walked around the Liberty Bell building. Then I headed up to 7th.
At 7th there was no library, but there was a police station. So I went into the lobby and asked for directions. The library was half a block north. There were three officers in the substation. One had his feet up on the desk.
The library was closed earlier that week because of a broken water pipe but it was open and I sat down to the terminal. I needed a library card, but they gave me a visitors pass after eyeballing my California drivers license. The pin code was 5688. I logged on. There was a 33 minute timer. My assignment was to find a FedEx code to send to the Spousal Unit in order for her to mail a borrowed laptop (the one whose high quality wireless and battery life would have obviated this trip to the library) back to the vendor. The desktop was wrapped in a secure wrapper and I pulled up IE. The connection was so pitifully slow that it took me about 20 minutes to do just a few things. I couldn't even use Google chat for a moment. But I did get the addresses of some real internet cafes. I put them in the Treo and booked up.
Next thing I need is a little lunch, so I stopped at a Quiznos. My destination was the Cosi at 12th and Walnut. According to the website I found, this was an internet Cafe. I got there, but it was basically just like the other Cosis I'd seen. A coffee shop with big comfy chairs. So I snapped some pictures. The other locations were way over at U Penn and not within walking distance, so I'd need some cash. I looked up Bank of America. Walnut and Broad. Good. I can walk there.
At Walnut and Broad, there is no B of A, but there is a Wachovia, a huge one. I walk in singing Sade and check out the huge slabs of marble. Nice. Looks like a bank. I get 80 bucks and curse under my breath for having to pay the 2.50 fee. This time it's getting kind of cold, and I'm still just wearing a t-Shirt under my ski jacket. The wind is cutting me up. Fortunately, there's a Banana Republic across the street and today is payday. What the heck.
While I'm shopping, Spence calls me up. I'll probably be hooking up with him tomorrow or Sunday in Baltimore. That's going to be off the hook. Meanwhile I got me a sweater. So now I'm warm and am heading towards Rittenhouse Square. I snapped many pictures on the way including two of my favorite joints, Mahogany and Alfa. By the time I got to the square my camera hand was frozen stiff. I took a few more of Trinity Church which was closed and continued down towards my destination, the Ants Pants Cafe on South Street near 22nd.
I turned the wrong way on 22nd, and for some reason I thought that Ants Pants was near U Penn. So I ended up all the way over at Race Street before I pulled out the Palm and tried to get my bearings. I thought I was going West but I was going North. Now I'm at the Franklin Institute. What? I grab a cab and 7 bucks later I'm at Ants Pants. It's 4pm and they're closing. It's just a coffee shop hole in the wall, not a real internet cafe. Crap. I buy a coffee and head towards Digital Age. That's got to be the right place. 1818 S 13th Street right? That's a hike from 22nd and South Street. But I start hiking.
By the time I get to Passyunk and 13th, I can tell that this cafe does not exist. Now my feet hurt, and I'm pissed. So I head back to Broad Street where at least I know that I'm only a few minutes away from a cab. So I cab it back to my office and I write this.
Ahh. that's better. Safe indoors. Warm. Found. Speaking of which, it's time to go watch Amazing Grace...
From Schneier, you might be a terrorist if..
You're on the Blacklist Download terrorist_exclusion_list.pdf . Here are a few of the enemy orgs:
1. Abu Nidal Organization (ANO)
2. Abu Sayyaf Group
3. Al-Aqsa Martyrs Brigade
4. Ansar al-Islam
5. Armed Islamic Group (GIA)
6. Asbat al-Ansar
7. Aum Shinrikyo
8. Basque Fatherland and Liberty (ETA)
9. Communist Party of the Philippines/New People's Army (CPP/NPA)
10. Continuity Irish Republican Army
11. Gama’a al-Islamiyya (Islamic Group)
12. HAMAS (Islamic Resistance Movement)
13. Harakat ul-Mujahidin (HUM)
14. Hizballah (Party of God)
15. Islamic Jihad Group
16. Islamic Movement of Uzbekistan (IMU)
17. Jaish-e-Mohammed (JEM) (Army of Mohammed)
18. Jemaah Islamiya organization (JI)
19. al-Jihad (Egyptian Islamic Jihad)
20. Kahane Chai (Kach)
21. Kongra-Gel (KGK, formerly Kurdistan Workers' Party, PKK, KADEK)
22. Lashkar-e Tayyiba (LT) (Army of the Righteous)
23. Lashkar i Jhangvi
24. Liberation Tigers of Tamil Eelam (LTTE)
25. Libyan Islamic Fighting Group (LIFG)
26. Moroccan Islamic Combatant Group (GICM)
27. Mujahedin-e Khalq Organization (MEK)
28. National Liberation Army (ELN)
29. Palestine Liberation Front (PLF)
30. Palestinian Islamic Jihad (PIJ)
31. Popular Front for the Liberation of Palestine (PFLF)
32. PFLP-General Command (PFLP-GC)
34. Real IRA
35. Revolutionary Armed Forces of Colombia (FARC)
36. Revolutionary Nuclei (formerly ELA)
37. Revolutionary Organization 17 November
38. Revolutionary People’s Liberation Party/Front (DHKP/C)
39. Salafist Group for Call and Combat (GSPC)
40. Shining Path (Sendero Luminoso, SL)
41. Tanzim Qa'idat al-Jihad fi Bilad al-Rafidayn (QJBR) (al-Qaida in Iraq) (formerly Jama'at al-Tawhid wa'al-Jihad, JTJ, al-Zarqawi Network)
42. United Self-Defense Forces of Colombia (AUC)
I wonder if I get in trouble for having these words on my computer.
DMC is not devastating mic control in this case. It's Disproportionate Minority Contact - a regime that seeks to answer with statistical reporting the following questions.
Now here's the opening qualification taken directly from the same manual. I'm going to put it in bold so that you don't overlook it.
It is important to note what is not included at this stage: any attribution about the reasons for the differences. Therefore, the identification phase of information neither describes the reasons for any differences that occur nor creates strategies to reduce those differences.
In other words, although they can say with great precision that they are observing race, they cannot and will not say at all whether or not they are observing racism. So therein may be answers to what and perhaps how, but not why? Except that why is a presumption that plays into the politics of counting noses by race anyway. Essentially people are invited to speculate why and your guess is as good as mine.
Me? I was trolling for data. It is my job actually to make the meaning of such numbers plain and accessible, so I may as well have some fun doing it. The problem is that this data is dirty. They don't say that in so many words, they say it with too many words. Take the following paragraph as an example:
Studying More Jurisdictions and More Categories of Youth and Offenses
States may use the basic RRI method described above to extend the number of jurisdictions to be studied, subdivide the types of youth being studied, and subdivide the types of offenses (and other features) being studied to broaden their analysis of DMC issues. Each such refinement adds analytic power and specificity to the search for ways in which to address DMC issues. A few examples of such refinements would include separate identification analysis for males and females or for older and younger age groups. The logic that jurisdictions might use to justify such endeavors would be that there is some additional contact risk that attaches to younger (or older) male youth. Likewise, jurisdictions might add additional stages to the basic RRI model to track the implementation of specific additional statutory provisions such as the application of determinate sentencing or of automatic transfers to adult court for some offenses. For such policies to be fruitful for analysis, states would have to demonstrate that the policies actually apply to a substantial number of youth. In a similar fashion, it might be feasible to conduct the RRI analyses separately for various classes of offenses, such as those involving crimes against persons, property, drug offenses or public order. Again, the need is to ensure that a sufficient number of cases are processed to make the search for patterns potentially fruitful. If one is engaged in analysis of subsets of offenses, it is also necessary to recognize that the processes of plea-bargaining and diversion programming may lead to situations in which the classification of an offense changes as the case proceeds through the systems.
In short they know race but they don't know gender. They also don't know crime, nor do they have a good taxonomy for the crimes. They don't know age, nor do they have a taxonomy for aging. They don't have attributes for charges or sentencing.
Now it's true that a brother like me gets 250 an hour building analytical systems. Now you know why I get no municipal government work. Their data is weak. You cannot make sound analytical decisions on data this dirty and arbitrarily qualified. I know that sounds like a dismissal but you do grow a sense about these things after 20 years in the business. More's the pity. It almost wants to make me join Connorly.
Connorly's quest of eliminating all racial data collection is fraught with the peril of knowing to little and disabling analysis altogether. Yet there is the peril on the other side which is that of 'knowing' too much about very dense and well-qualified data sets. These aren't data these are people. And as much as I'd love to march every human on the planet through a 48 byte universal identifying system I know that runs the serious risk of treating people like things we think we can all too easily abstract. Of course there are greater risks in the world, and somehow I think we'll end up doing that anyway.
I'm for adding more and more data to a singly authenticatable person. This one of the reasons I don't blog anonymously. And I think people should be able to assume multiple pseuds which link (under their control) to their root, unchangeable one.
When you really recognize how difficult it is to get simple demographic information correct it makes you wonder how much we think we know about each other's digital information is just wrong, wrong, wrong.
(from the archives, originally c. October 2001 )
I posted this over three years ago and it came out long before that. It's probably a good thing to review it. Snopes says that this is the real deal, so it's probably still good advice.
One of my original angles on surviving the threat had to do with my basic understanding that in a crisis, people accellerate what they already do, and that experts are not likely to change their behavior. However the people, having no prior experience or knowledge, are most likely to change their behavior. Consequently, the best way to leverage the power of the US would be in terms of self-defense, IE millions of Americans doing something slightly different. (Like buying tube socks or duct taping windows). But seriously, an immunized public is the greatest defense against assymetrics. The theory is that if one terrorist can do X, than one civilian can do 1/x.
A Soldier's Viewpoint on Surviving Nuclear, Chemical and Biological Attacks
From: SFC Red Thomas (Ret)
Armor Master Gunner
Unlimited reproduction and distribution is authorized. Just give me credit for my work, and, keep in context.
Since the media has decided to scare everyone with predictions of chemical, biological, or nuclear warfare on our turf I decided to write a paper and keep things in their proper perspective. I am a retired military weapons, munitions, and training expert.
Lesson number one: In the mid 1990s there were a series of nerve gas attacks on crowded Japanese subway stations. Given perfect conditions for an attack less than 10% of the people there were injured (the injured were better in a few hours) and only one percent of the injured died.
60 Minutes once had a fellow telling us that one drop of nerve gas could kill a thousand people, well he didn't tell you the thousand dead people per drop was theoretical.
Drill Sergeants exaggerate how terrible this stuff was to keep the recruits awake in class (I know this because I was a Drill Sergeant too). Forget everything you've ever seen on TV, in the movies, or read in a novel about this stuff, it was all a lie (read this sentence again out loud!). These weapons are about terror, if you remain calm, you will probably not die. This is far less scary than the media and their "Experts," make it sound.
Chemical weapons are categorized as nerve, blood, blister, and Incapacitating agents. Contrary to the hype of reporters and politicians they are not weapons of mass destruction they are "area denial," and terror weapons that don't destroy anything. When you leave the area you almost always leave the risk. That's the difference; you can leave the area and the risk but soldiers may have to stay put and sit through it and that's why they need all that spiffy gear.
These are not gasses, they are vapors and/or air borne particles. The agent must be delivered in sufficient quantity to kill/injure, and that defines when/how it's used. Every day we have a morning and evening inversion where "stuff," suspended in the air gets pushed down. This inversion is why allergies (pollen) and air pollution are worst at these times of the day.
So, a chemical attack will have it's best effect an hour of so either side of sunrise/sunset. Also, being vapors and airborne particles they are heavier than air so they will seek low places like ditches, basements and underground garages. This stuff won't work when it's freezing, it doesn't last when it's hot, and wind spreads it too thin too fast. They've got to get this stuff on you, or, get you to inhale it for it to work. They also have to get the concentration of chemicals high enough to kill or wound you. Too little and it's nothing, too much and it's wasted.
What I hope you've gathered by this point is that a chemical weapons attack that kills a lot of people is incredibly hard to do with military grade agents and equipment so you can imagine how hard it will be for terrorists. The more you know about this stuff the more you realize how hard it is to use.
We'll start by talking about nerve agents. You have these in your house, plain old bug killer (like Raid) is nerve agent. All nerve agents work the same way; they are cholinesterase inhibitors that mess up the signals your nervous system uses to make your body function. It can harm you if you get it on your skin but it works best if they can get you to inhale it. If you don't die in the first minute and you can leave the area you're probably gonna live. The military's antidote for all nerve agents is atropine and pralidoxime chloride. Neither one of these does anything to cure the nerve agent, they send your body into overdrive to keep you alive for five minutes,
after that the agent is used up. Your best protection is fresh air and staying calm.
Listed below are the symptoms for nerve agent poisoning:
Sudden headache, Dimness of vision (someone you're looking at will have pinpointed pupils), runny nose, excessive saliva or drooling, difficulty breathing, tightness in chest, nausea, stomach cramps, twitching of exposed skin where a liquid just got on you.
If you are in public and you start experiencing these symptoms, first ask yourself, did anything out of the ordinary just happen, a loud pop, did someone spray something on the crowd? Are other people getting sick too? Is there an odor of new mown hay, green corn, something fruity, or camphor where it shouldn't be? If the answer is yes, then calmly (if you panic you breathe faster and inhale more air/poison) leave the area and head up wind, or, outside.
Fresh air is the best "right now antidote." If you have a blob of liquid that looks like molasses or Kayro syrup on you; blot it or scrape it off and away from yourself with anything disposable. This stuff works based on your body weight, what a crop duster uses to kill bugs won't hurt you unless you stand there and breathe it in real deep, then lick the residue off the ground for a while. Remember they have to do all the work, they have to get the concentration up and keep it up for several minutes while all you have to do is quit getting it on you/quit breathing it by putting space between you and the attack.
Blood agents are cyanide or arsine which effect your blood's ability to provide oxygen to your tissue. The scenario for attack would be the same as nerve agent. Look for a pop or someone splashing/spraying something and folks around there getting woozy/falling down. The telltale smells are bitter almonds or garlic where it shouldn't be. The symptoms are blue lips, blue under the fingernails rapid breathing.
The military's antidote is amyl nitride and just like nerve agent antidote it just keeps your body working for five minutes till the toxins are used up. Fresh air is the your best individual chance.
Blister agents (distilled mustard) are so nasty that nobody wants to even handle it let alone use it. It's almost impossible to handle safely and may have delayed effect of up to 12 hours. The attack scenario is also limited to the things you'd see from other chemicals. If you do get large, painful blisters for no apparent reason, don't pop them, if you must, don't let the liquid from the blister get on any other area, the stuff just keeps on spreading. It's just as likely to harm the user as the target. Soap, water, sunshine, and fresh air are this stuff's enemy.
Bottom line on chemical weapons (it's the same if they use industrial chemical spills); they are intended to make you panic, to terrorize you, to heard you like sheep to the wolves. If there is an attack, leave the area and go upwind, or to the sides of the wind stream. They have to get the stuff to you, and on you. You're more likely to be hurt by a drunk driver on any given day than be hurt by one of these attacks. Your odds get better if you leave the area. Soap, water, time, and fresh air really deal this stuff a knock-out-punch. Don't let fear of an isolated attack rule your life. The odds are really on your side.
Nuclear bombs. These are the only weapons of mass destruction on earth. The effects of a nuclear bomb are heat, blast, EMP, and radiation. If you see a bright flash of light like the sun, where the sun isn't, fall to the ground! The heat will be over a second. Then there will be two blast waves, one out going, and one on it's way back. Don't stand up to see what happened after the first wave; anything that's going to happen will have happened in two full minutes.
These will be low yield devices and will not level whole cities. If you live through the heat, blast, and initial burst of radiation, you'll probably live for a very, very long time. Radiation will not create fifty foot tall women, or giant ants and grass hoppers the size of tanks. These will be at the most 1 kiloton bombs; that's the equivalent of 1,000 tons of TNT.
Here's the real deal, flying debris and radiation will kill a lot of exposed (not all!) people within a half mile of the blast. Under perfect conditions this is about a half mile circle of death and destruction, but, when it's done it's done. EMP stands for Electro Magnetic Pulse and it will fry every electronic device for a good distance, it's impossible to say what and how far but probably not over a couple of miles from ground zero is a good guess. Cars, cell phones, computers, ATMs, you name it, all will be out of order.
There are lots of kinds of radiation, you only need to worry about three, the others you have lived with for years. You need to worry about "Ionizing radiation," these are little sub atomic particles that go whizzing along at the speed of light. They hit individual cells in your body, kill the nucleus and keep on going. That's how you get radiation poisoning, you have so many dead cells in your body that the decaying cells poison you.
It's the same as people getting radiation treatments for cancer, only a bigger area gets radiated. The good news is you don't have to just sit there and take it, and there's lots you can do rather than panic. First; your skin will stop alpha particles, a page of a news paper or your clothing will stop beta particles, you just gotta try and avoid inhaling dust that's contaminated with atoms that are emitting these things and you'll be generally safe from them.
Gamma rays are particles that travel like rays (quantum physics makes my brain hurt) and they create the same damage as alpha and beta particles only they keep going and kill lots of cells as they go all the way through your body. It takes a lot to stop these things, lots of dense material, on the other hand it takes a lot of this to kill you.
Your defense is as always to not panic. Basic hygiene and normal preparation are your friends. All canned or frozen food is safe to eat. The radiation poisoning will not effect plants so fruits and vegetables are OK if there's no dust on em (rinse em off if there is). If you don't have running water and you need to collect rain water or use water from wherever, just let it sit for thirty minutes and skim off the water gently from the top. The dust with the bad stuff in it will settle and the remaining water can be used for the toilet which will still work if you have a bucket of water to pour in the
Finally there's biological warfare. There's not much to cover here. Basic personal hygiene and sanitation will take you further than a million doctors. Wash your hands often, don't share drinks, food, sloppy kisses, etc., .... with strangers. Keep your garbage can with a tight lid on it, don't have standing water (like old buckets, ditches, or kiddie pools) laying around to allow mosquitoes breeding room. This stuff is carried by vectors, that is bugs, rodents, and contaminated material. If biological warfare is so easy as the TV makes it sound, why has Saddam Hussein spent twenty years, millions, and millions of dollars trying to get it right? If you're clean of person and home you eat well and are active you're gonna live.
Overall preparation for any terrorist attack is the same as you'd take for a big storm. If you want a gas mask, fine, go get one. I know this stuff and I'm not getting one and I told my Mom not to bother with one either (how's that for confidence). We have a week's worth of cash, several days worth of canned goods and plenty of soap and water. We don't leave stuff out to attract bugs or rodents so we don't have them.
These people can't conceive a nation this big with this much resources. These weapons are made to cause panic, terror, and to demoralize. If we don't run around like sheep they won't use this stuff after they find out it's no fun. The government is going nuts over this stuff because they have to protect every inch of America. You've only gotta protect yourself, and by doing that, you help the country.
Finally, there are millions of caveats to everything I wrote here and you can think up specific scenarios where my advice isn't the best. This letter is supposed to help the greatest number of people under the greatest number of situations. If you don't like my work, don't nit pick, just sit down and explain chemical, nuclear, and biological warfare in a document around three pages long yourself. This is how we the people of the United States can rob these people of their most desired goal, your terror.
So there's this place, you know, called the Salt Pit, you know? No you didn't know. You couldn't know, but now you know. Well, click here and you'll know. You'll know 'that', you can guess 'why', but you'll never know 'how' or 'to what extent'. That's why they call them secret prisons.
The CIA has been hiding and interrogating some of its most important al Qaeda captives at a Soviet-era compound in Eastern Europe, according to U.S. and foreign officials familiar with the arrangement.
The secret facility is part of a covert prison system set up by the CIA nearly four years ago that at various times has included sites in eight countries, including Thailand, Afghanistan and several democracies in Eastern Europe, as well as a small center at the Guantanamo Bay prison in Cuba, according to current and former intelligence officials and diplomats from three continents.
Out here in the amature paranoia zone, we had an inkling that such things existed. I mean, why wouldn't they? Astute paranoids can google this number N4476S and find interesting yet inconclusive facts. It's hard to hide aircraft.
Be all that as it may, we at Cobb expected as much. And I hope people start taking Posner's advice more seriously. Because you cannot just say to the world that you're going to bring people tp justice, if you don't eventually bring them. So as long as we take prisoners, which in and of itself is an act of moral, civilized behavior, we're going to have to keep certain folks incommunicado. Sounds fair to me.
Clearly, the transparency of the American system is admirable. No wonder we have so many dissidents. They get their day. Oh and one more thing before knees start jerking. Congress knew.
Judge Richard Posner has made a rather startling insight in his podcast with Glenn Reynolds. It is a very simple idea to understand, and that is that given a choice between countering terror and protecting civil liberties, most courts in the US will protect civil liberties. That is because most judges in the US don't know much about countering terror, and judges tend to talk what they know. He suggests that what we need is a Counterterrorism Court. Something akin to what the French have is what I interpret, but I may be wrong. I'm not particulary fond of the nomenclature of an Inquisitorial Court, but then neither am I particularly sanguine about the prospects for a purely executive solution to terror.
I have argued that I expect that the more terrorist trials we hold in this country the better we will get at it. If the GWOT is to be refocused as an international police action we are going to have to do a better job of investigating. Posner opines that the FISA Court is really too narrowly focused on SIGINT to be broadly effective. I agree.
It is also becoming clearer to me that between what we have at Gitmo, old treaties, the Hamdan decision, it's a patchwork. I think there is a strong case for a new type of circuit court with new powers of investigation to handle the kinds of cases we are likely to encounter with Jihadists and non-state actors going forward. I think those who have, even under the influence of BDS, suggested that there is too much Executive power arrogated by GWBush are backing into the truth. I say that the Congress clearly isn't doing a decent enough job, and that anybody with gripes about Gitmo should be behind a new sort of judiciary power.
Everything is not war. War powers are not properly defined by precedent. GWB's lattitude given the mistakes of Iraq have wasted life and resources. Posner is onto something.
So what kind of confidence can we have that a special court will focus on terror suspects and not be especially corrosive of civil liberty? Is Posner someone we could trust in this regard? If not, then who? Are having new powers assigned to the judiciary a road to hell? Is the French model worthy of emulation? Or will we just shoot Osama in the head and be done with it - ie a take no prisoners attitude towards Jihadism.
I am particularly fond of Bush's phrasing of bringing the enemy to justice. The same old justice won't do.
I'm reading about the Spanish Civil War and trying to understand it because it has been said that there are parallels to the recent conflict in Lebanon. Here's the thing about Spain.
Although the British government proclaimed itself neutral, its diplomats in Spain urged support for the Nationalists. Britain froze all Spanish assets, an act that affected primarily the loyalist side because the government had transferred its gold reserves to Britain for safe keeping at the start of the war. Similarly, the Anglo-French arms embargo hit the Republicans disproportionately and did not prevent the Nationalists from getting weapons from Italy and Germany. Britain also discouraged activity by its citizens supporting the Republicans. The last Republican prime minister, Juan Negrín, hoped that a general outbreak of war in Europe would compel the European powers (mainly Britain and France) to finally help the republic, but World War II would not commence until months after the Spanish conflict had ended. Ultimately neither Britain nor France intervened to any significant extent. Britain supplied food and medicine to the Republic, but actively discouraged the French government of Léon Blum from supplying weapons.
Where does American money go when our Republic is in jeopardy? I don't think I've thought of that scenario before. I mean our money isn't gold, it's 'numbers' in 'bank accounts'. But who is doing the backup to tape of the zillions of transactions? Lay that aside for a moment, and we'll get back to it.
The extent to which America is rich depends on our ability to transact. That is to say $30,000 in the bank feels good because we know that at any minute we can go purchase that new car. It matters that it's fungible. It doesn't matter to us if it's a money order, cashier's check, cash, credit card, credit union loan or backed out of home equity. It's fungible. And that is all consumer goods and services I'm talking about upon which a significantly large part of our GDP is based. But what is it? It's people paying a premium for Green Giant peas & pearl onions instead of the store brand. How much of our economic security is based on the meager but marketing-driven differences between plain-wrap and premium? If Americans actually sacrificed luxury and disposable-income type items, a zillion dollar economy would disappear.
It's a frightening thing to consider what our domestic world would be like if we didn't have so many millionaires who made their fortunes on suntan lotion or cheap sunglasses (echoing Neil Simon's Wax Fruit King from 'Come Blow Your Horn') What would it take to get us culturally focused on national unity? I would greatly fear that hypno-toad.
But really. Where does the real money in real accounts go if the paperwork disappears? To the courts? New obligations materialize? Does the Army commandeer assets to keep moving? Is it gold? Diamonds?
Granted, we probably don't have to think about these things. But if there is an Islamic Bomb in our future, perhaps we do. I'm sure somebody already has, but what was the answer?
There's a bunch of fretting over the presentability of Crazy A's new blog. Well let me pre-empt the biggest bomb he can drop on American citizens and the West. What he can do, or anyone could conceivably do to undermine confidence of the American electorate in their government. That is to divulge American state secrets discovered by Iran.
Imagine a scenario in which some information about which the American insurgents at Kos or Firedoglake (for gratuitous example) were being widely denounced by the political powers that be, us. Let's say they argued in moonbatese that the Downing Street Memo for example was proof positive of some debatable point. We go back and forth with our various accusations of treachery and then Boom, the head of the Iran drops a hot document onto his blog that provides corroboration. It would be an incredibly bold and destructive move, one that could further destabilize the chatting classes of the West. We already have ingrown mistrust of government and the mainstream media, what if our fears were confirmed by the enemy? What if the enemy becomes a more reliable source of transparency than our own government? What if, in order to keep our loyalty, our government had to lie about the truth other governments were divulging?
It could happen.
The full title to this blog post is 'Mel Gibson, Police Melodrama and the Declining Significance of Jury Trials', which is my way of parsing this very important paragraph over at Thought, Word & Deed.
There is more to this than is being discussed in the mainstream media. It is why the mass media is not a source of news or information, but a source of US policy imperatives. Those imperatives do NOT indicate clearly what the US intends to do, but they do indicate what the US wants people to believe.
That paragraph is not referring to Mel Gibson but rather some speculation about hidden motives in an energy war between China and the US. The gist: Hezbollah may not be the tip of an Islamic spear as far as the US is really concerned, rather it's all about China's new energy business with Iran that is the subtext. So if the headlines are full of blather about anti-semitism of Mel Gibson, it's all about preparing Americans to support Israel.
But I'm not so much worried about an energy war with China as I am the possible disintegration of the court system. Is our desire for swift justice so achy breaky that we swarm over scribbled police reports in order to pontificate? Uh.. yeah. So Christopher Hitchens is declaring him guilty and Disney executives are declaring him not guilty. That's the real trial that's going on here, forget what the cops and attorneys and court think this is about.
If you think that's not scary, then try to ignore the story. If you're reading this blog, you're already too well informed, so count the number of times and angles from which it drones.
What if you could do this in the real world?
Electronic Arts has announced that it has confiscated approximately 15 trillion gold pieces from within its long running PC massively multiplayer online role-playing game (MMORPG) Ultima Online, which the company claims was obtained “through the abuse of bugs or exploitation of game mechanics”.
In relation to this, in a statement posted on the game's official website, the company noted that it has canceled over 180 user accounts that it found connected to the accumulation of what EA referred to as “dirty money.”
USA Today has been duped. They are now retracting their claims after retracing their steps. Apparently, they cannot come up with any evidence of a contractual agreement between the accused telcos and the NSA.
Based on its reporting after the May 11 article, USA TODAY has now concluded that while the NSA has built a massive domestic calls record database involving the domestic call records of telecommunications companies, the newspaper cannot confirm that BellSouth or Verizon contracted with the NSA to provide bulk calling records to that database.
Now if I was a spymaster at the NSA and it was my job to give the agency plausible deniability, this would be a happy day for me. And you can be sure that if Arthur Andersen can shred records for Enron, the spymasters who may have arranged to suck the data out of the telcos are an order of magnitude more stealthy.
What I've learned from reading Kolb is that there are pros in the world of stealth that know how to make money rather untraceable. And it seems to me that one of the first things one would do in order to make such trails hard to find is to use proprietaries and cutouts. A proprietary is a company that does the business for an agency like a subcontractor. A cutout is a person that does a job but doesn't necessarily know who he is doing it for. Then of course there are just theives for hire or blackmail. Somebody who does a bit of dirty work and then is gone.
So here's how you do it. Maybe. You set up a company, say in Italy. It's a telecom and you buy the super sniffing hardware and software. You get your engineers to customize the software. You fold the company and disperse the assets to a cutout. The cutout's well-insured building burns down and the insurance claim says 'electonic equipment'. Now the asset is effectively destroyed. Only it didn't. It just disappeared and what burned in the fire was an ordinary PBX.
Next you find out interesting places where contractors and subcontractors have access to ports of entry into telecom and one day one of the normal contractors is out sick and your replacement dude puts in the wires. 'Out sick' means maybe he accidently got a flat tire and the 'dispatcher' said don't worry we'll send another guy.
Now you've got the super hardware in place, you've got the deniability on the actual asset sold by the legitimate sniffer company. Now you paper up your front-end. Which is to say, you make official overtures to try and accomplish through above board channels what you've already secretively done. This insulates both parties whether or not such overtures are accepted. If they are, all the better, you have a second source with which to validate your secret source.
I would be ashamed and embarrassed if our intelligence organizations weren't clever enough to jack USA Today and the NYT. So let the NYT have its moment of treacherous glory. Remember, the more incompetent the CIA appears, the more dangerous it actually becomes.
I am Chloe.
Everyday at work, and sometimes during lunchtime on my Treo and often at home, I am working IT systems to the bone. I'm usually the guy who understands what's going on in the log files and other strange places where users and developers don't go. I swear just the other day, I was looking to see if a particular employee tasked to our project was responsible for erasing data in one of our many databases. I was getting an IM from the guy who asked for this information just as said employee was walking into my office.
Maureen Dowd is right about one thing. There's a whole lot of rebooting going on. But these systems are far more capable, sophisticated and flaky than most people can even think of understanding.
At the moment I am struck about how those interpreting the '24' fantasy of CTU as a club against the awkward reality of the FBI and their inability to connect the dots. For the sake of hypocrisy, I hope these aren't the same people who grumble aloud about domestic surveillance. When it comes to domestic surveillance, critics seem to think the intelligence agencies are capable of panoptic evil, ie spying on you and me and knowing who is on our friends and family calling plan. But when it comes to finding Osama, the intelligence agencies are bumbling Keystone Kops of the first order.
I was thinking about the difference inserting an anonymizing lookup table in the middle of a downselect for terror suspects or other data mining targets. In theory, such a thing is relatively simple. In practice, it's just another moving part. As we in the systems business know, everything that can go wrong, will go wrong, and the more moving parts you have, the more likely something is to go wrong, the harder it's going to be to figure out what went wrong, and the more difficult it is to fix when it does. Beyond that, when things go wrong, the temptation is always to fix, rather than redesign and rebuild. That's what gets us systems guys in trouble.
But anybody who watched the famous hacker qualification scene in the film 'Swordfish' knows the kinds of situations that we systems people are put in when somebody wants something done NOW. If you haven't, suffice it to say that the pressure can be enormous, and often unrealistic.
So it came as no surprise that one of the earlier versions of the domestic surveillance programs did indeed have the provision for anonymization of records to be searched but the idea was dropped. But the simple insertion or deletion of such anonymization procedures isn't all that has to be done when a functional decision is made to go one way or another. There are consequences of being willfully blind in a system designed to find thing for you.
I've gone through a bunch of crap recently with Bank of America. Apparently they are yet another in the line of dupes who have been namejacked. I hereby invent the meme, namejack, btw. 'Identity Theft' is so legalese. And so, about a month ago I discover that all of my cards have been locked and I suddenly was trasported back to 1982 when there were no ATMs and on Friday you had to get to the bank with your checkbook in hand so that you'd have enough cash to get through the weekend. The problem was that nobody told me about it until I was running late for work one day trying to get my car out of the shop.
The guy runs my ATM and it rejects. What? Admittedly 900 bucks isn't peanuts, but I had more than double that when I checked the account by phone just before the Spousal Unit dropped me off. I can't explain it, I don't know what's going on, I'm just standing there like a putz in front of the guy with greasy hands. And quite frankly, let me tell you something, I'd trade places with homeboy in a heartbeat. Think about it, he's got a parking lot full of Benzs and BMWs right on Pacific Coast Highway in Manhattan Beach. He doesn't work weekends, and it took him a day to turn around my 900 dollar job, netting him some 400 odd in labor. It's like being a ski instructor in Vail. Anyway, I decide to use the company expense card which has no ceiling, and then I get by butt chewed out for that one month later.
Bank of America was at least being proactive, the problem was that they got to the Spousal Unit before they got to me. Now we're enrolled in some scam that cost us 200 bucks. She, like millions of others, forgot to opt out. So I had to spend an hour on the phone getting my online banking running again. So today they hit me again, proactively, and force me to change my password.
I did so, using one generated by Schneier's PasswordSafe, which is one of the best pieces of software on Windows. Just to make sure, I thought of a cool idea. I wobbled over to another machine (thinking about caches here) and entered the password into Google Search. I figure if Google never heard of it, I'm probably pretty safe, considering that every published password cracklist is on the web, and Google has likely seen it.
You may remember the old George Carlin joke. He said, "I'm going to say a combination of words that you've never, ever heard before. Listen. You've never heard anybody say this: I'm going to take this red hot iron poker and stick it up my ass." It's true of course. Before that moment at the comedy club, I'd never heard anyone say that. But it's a good way to remember that if you're going to use non-generated passwords, you should at least Googlewhack it to be on the safe side. BUT. Don't do it on a machine that you own, or at least wipe the local cache on your browser.
Then again, if you're a glutton for punishment and want to get namejacked, go ahead and stick that hot iron poker of a stupid password.. Nobody is safe.
So the guys and I are standing in line at the Subway waiting for the tatooed slackers behind the counter to be done with the sandwich-making for the 3 people who have been in front of us for 15 minutes. The subject turns to the NSA in the news today. I fall back on a couple old saws.
Back in the Bubble days, we went through all this privacy crisis about cookies and who knew what about your websurfing habits. So since I was a sales guy I had to put the whole thing in terms of money and risk - things I figured my audience would understand. So I repeat them today, bottom line, the government doesn't want to invade your privacy half as much as you think they do, and you couldn't stop them if they did want to. The question lies primarily in understanding what your value is as a target of investigation.
So the cookies, credit cards and fear objection to shopping online went a little something like this (recall that this was when Orbitz was a startup). Your travel agent (that almost extinct creature) has all kinds of information about you. Multiple credit card numbers, what kind or rental car you like, what kind of food you like on the plane, what hotels you prefer, your home address and all that. If you're a business traveller, you'll spend thousands and thousands of dollars with this person that you will never see in your life. Now admit it, have you ever in life met your travel agent? So the question was, how much do you think companies pay to get information out of your travel agent? The answer is basically nothing. You volunteer up all that information for something called 'frequent flyer miles'. You (your company) basically has to spend about $20,000 for you to get something worth about $500. That's a real economy.
So my killer question was, how much do you think anybody is going to spend to find out information about you if you're just spending $300 a year online at Barnes & Noble? Very little. You're not worth it. If anybody is going to cheat you out of your cretid card info, it's going to be that pissed off waiter getting paid minimum wage who watches you wolf down that gourmet meal at the restaurant when you under tip.
The other thing I pull out of my hat was my experience with Safeway. Now this was several years ago so I think I can break the silence. But basically they told us that all of that shopping cart data that was attached to your personal ID was collected, but it was too damned expensive to process. They had terabytes and terabytes of data but all the compute time it took to mine it for potential savings based upon the gathered information was so expensive in terms of expertise that it wasn't worth it to try and process it. They told us to shutup about it because they wanted their competitors to believe that they actually were doing it so that the competitors would buy the same huge Sun servers and Oracle software that didn't work for them. They just sat on top of the data and squirreled it away in hopes that someday data mining techniques and supercomputing would get cheap enough to do it. Safeway basically should have done what Walmart did, just forget marketbasket analysis and customer profiling and deal with basic supply and demand for the purposes of smarter pricing. Profiling is a much more difficult problem.
It might surprise you to know that there about an average of 16 thousand murders every year in the US. And I think it's reasonable to believe that NYC's clearance rate of about 2/3rds is probably typical. Considering the massive amount of resources America's largest city has to offer it is probably parallel to the federal effort at anti-terrorism. So here is another factor to deal with. If there are about 5000 unsolved murders in the US every year what can be predicted about the amount of terrorism we might foil, and given that we don't pre-empt them, how many terrorists will get away with murder? For the sake of argument, imagine that the Department of Homeland Security is twice as good at their job as the NYPD. That means we could expect that 17% of all terrorists will escape.
Anybody who watches Law & Order knows about LUDs. Anytime somebody is murdered, the first thing the detectives do is go to the phone company and get the records of who the last person was that the deceased talked to. They don't have the content of those conversations, just what number, who that person is who owns the number (but not any proof that the owner was the one talking) and how long the call was. According to what I've seen, a warrant isn't required in real life. And yet even with this tool, a maximum of about 70% of murder investigations are solved.
I would add one more talking point to this discussion which is obvious. The telephone companies already have this information. What rights do they have to it? What contract might have been breached in selling or giving away that information about your phone calls? What is the dollar value of that transfer of information and how much is it worth it to mine data about you?
Long ago when online banking first came to us, I envisioned a new kind of entity. I assumed that people would trust banks to be trustees for their digital deposits. I thought there might be a such thing as a digital safe deposit box in which you might secure your bits. It hasn't happened. The technology appropriate for that has been decentralized and you can do it yourself. However there isn't much protection easily applicable to your phone and other communications. What I think is needed is some kind of attorney-client privilege shield, the kind that hasn't been broken often, for such matters. One presumes that Google might have done well by the expectation of privacy geeks online, that may or may not be. But what is clear is that people have not been willing to pay for security in a way that might sustain such a bank as I envisioned, and it is unlikely to become a recognizeable business any time soon. It will just be something that geeks know for the benefit of geeks but won't be successfully commercialized. At some point it could be, but how much would you pay?
To be snarky about it, I should ask what protections those people whining most loudly about their privacy concerns have taken to safeguard themselves. I ask those who bleat in fear of global warming why they haven't moved north to Canada. In the end, despite their complaints, they realize it's just not warm enough yet, besides moving would be too expensive. I say likewise the NSA isn't invasive enough and there's no money in it.
OK so I just wrote about how I thave a good amount of confidence that we'er going to survive a nuke or two on our major cities. Well, not explicitly, but I implied it. And I'm pretty sure that cancer is not going to kill us all off - in fact it makes us tougher. But what if there were something even more insidious and potentially deadly out there?
I am starting to discover what people think about me. My mind is fertile and lots of ideas are capable of taking root and growing there. In other words, my head is full of steer manure. As if I didn't have enough to concern me, and old buddy I met here in Vegas has got something growing under his fingernails that he scratched into me. Nanobiotech.
Nano who? OK here's the deal and we'll go straight to the scary part. What if you were a mad scientist bent on destruction? With nanobiotech you could conceivably manuafacture Marburg in your garage. Or if you were bored and a tiny bit more clever, you could give the Bird Flu virus just the kick it needs to be transformed into something that passes from birds to humans. Not that it would necessarily be deadly in the communicable form, but you certainly wouldn't take the blame. Most of the planet already thinks it is inevitable. Play god by doing science.
The problem of the 21st century is what to do with the power that will soon trickle down to elite cliques. There used to be a time when the kind of doing that got respect and power in this world, was the doing done by very large organizations. If you wanted to accomplish something of significance and note in the world, you had to have a several hundred million dollars and several hundred bureaucrats, logicians and assorted henchmen at your command. Well that's still the case, except that there are a lot more individuals who have those kinds of resources at their disposal, and it is not altogether clear that they are as well regulated by the force of nations any longer. Of course there are billionaires in the mix too. This level of player is not so well tethered by the would-be Leviathans of society. And while human beings are still meatbags with particular weaknesses, a couple cliques with people like Mark Rich or George Soros in them can wreak interesting havoc.
Since we still live in an era of Scientific Animism, a general belief in progress and riches can collude with self-interest in dangerous ways. What if Bill Gates and a few of his best buds decided that we really need cloned sheep? What's a couple billion in research dollars? Not only a drop in the ocean of big governments but multinationals and global drug traders too.
So we know that there is ability out there. We could argue about motive forever. The bottom line is that sooner or later, especially if we elect another born-again pro-lifer who despises medical research of the godlike variety, some non-government entity is going to start engineering some very small potentially very dangerous microbes. I'm not paranoid, but I'm not falsely secure either. Government doesn't make it better, but it makes it slower so more people can figure out what's going on. In the case of nanobiotechnology, maybe that's the best thing.
Islam isn't the only force for radical change in this world which can spliter off into unhinged areas. Every billionaire and his tribe, every multi-millionaire and his country club / yacht club / health club contingent is a medium-sized disaster waiting to happen. They'll call it investment in biotech..
A question of legality.
In the news today is the revelation that the NSA has been using something called a Narus 6400, which I take to be a very high capacity and fully programmable packet sniffer, to intercept massive amounts of data from AT&T and one presumes, a bunch of carriers in order to persue the President's initiative on connecting the dots.
We know that Congress has been briefed and we have the assurances of key 'critters that the scope of these investigations, while pushing the envelope of the FISA warrant protocol, is most certainly aimed at terrorists and their associates. So while there are plenty of folks who appear permanently outraged, an interesting question did pop up over at Kevin Drum's joint.
Data mining means what you do with the data after you've collected it. You use statistical analysis and other techniques to discover relationships and patterns, on the basis of which you can take further action.
Where did you get the data? That's what is at issue. They giot the data illegally without a warrant. THEN they used data mining to narrow the scope of their privacy invasion, so that they could get more data illegally without a warrant.
Kevin Drumfuk, the ex marketing guy, knows enough about marketing to be dangerous. By dismissing all this as "data mining" he has led countless other moderates to be relatively unconcerned about this NSA thing -- except for the technical issue of Bush not obtaining warrants for the deeper penetration.
It was logically clear from the beginning why Bush didn't go for the warrants. He couldn't, because the evidence he would have had to use to justify the warrants had been illegally obtained in the first place, by wide-scale and indiscriminate wiretapping. Whether they used sophisticated data miningh strategies or just plain common sense mdoesn't matter. It was illegal from the word go.
Once you cut through the screaming, the question boils down to this. If you're tasked with catching and skinning only blue fish, is it legal to use a net that catches every colored fish? The common sense answer is (whether or not the legal answer is) that so long as you throw the other fish back, it doesn't matter. Or does it?
What little I know about domestic surveillance I learned chasing down some arguments about how the LAPD or FBI might deal with a drug dealer, as well as when the discussion was on Carnivore. Basically, when you tap the wire you tap the entire wire - ie you use the big net. While you listen, and tape, the only part of the conversations that are admissible in court are those relevant to charge. So part of the data mining question is not so much whether or not the Narus box is located at AT&T's central switches, but what volume of data they are sending back to NSA, in other words the collection protocol.
Forget the instrumentality for a moment. If I were the NSA, I would allow the box to be remotely programmed so that if I have a new target profile, I wouldn't have to send a tech to each site. I would also take the smallest reasonable amount of data out of the switch center to make my searches more efficient (reduce the data mining universe and insure against false positive hits) and to reduce my legal liability for eavesdropping. Not to mention that the more data that travels from AT&T to the NSA, the less relatively secure it is.
Drum's nemisis is arguing that NSA is collecting an un-audited & ungodly amount of data from which to mine nuggets of terrorist conspiracy, and that Republicans will necessarily keep a huge amount of this data for their own nefarious and corrupt purposes.
The disconnect between the NSA and the Republicans is something that lots of whiners blithely pave over. NSA professionals are of a different breed than GOP apparatchiks, let us keep that in mind. But here's where it gets interesting.
If I were the NSA, I would want to reverse-engineering Narus' technology. Why rent the cow when you can own the farm? The question on Narus' liability would depend a bit on whether or not its machine was doing all it was supposed to do, and if NSA hacks it and makes it grab more than it should, then Narus could be in trouble. But if the NSA had a reputation for doing such dirt, it would be difficult for them to ever get outside help, and I seem to recall that they were trying to improve their ability to leverage tech that wasn't invented there. Clearly EMC has done alright for itself (and it comes as no surprise that they own VMWare when you think about it). Still, the NSA's interest in domestic surveillance is basically 4 years old.
An interesting discussion about recently confirmed cold fusion is going on over at Slashdot. Here's a real gem that puts some nuke fears into perspective. I never really thought about what quality nukes a terrorist might actually get their hands on.
Modern nuclear weapons are around 1 MT, usually a bit less, as that's the optimal size for a weapon you can target accurately. The larger nukes of old were designed to crack silos with a near miss, were extremely expensive for their mission, and were taken out of service long ago. If a terrorist gets a nuclear weapon, it's either going to be a sub-MT military weapon, or a quite a bit smaller "home made" fission only device (modern nukes are pretty sophisticated fusion-pumped-fission devices).
Let's do the math [nuclearweaponarchive.org]. A 1 MT nuke detonated at optimal blast height will knock down residential structures at a radius of 10 km, more solid buildings at 7 km, and at 5 km knock down reinfored buildings and kill people outright from the blast (and all other effects, such as high doses of radiation, have smaller radii). A surface blast would have a far smaller effect. The only real point of a surface blast is to generate radioactive fallout (an air blast generates surprisingly little, though it would still hinder clean-up and rebuilding).
So yes, in theory, a terrorist with a high-quality military nuke (let's imagine a few were sold out of the old USSR armory, and somehow still worked today (the tritium would have to be replaced, which is quite technical, but lets imagine a scientist came with the bomb)) could sit a couple of kilometers off the coast and destroy some structures along the coast. Good for psycological impact, but not much else, and insanely expensive to carry out. A 50 kt fission bomb, a far more likely scenario for a terrorist, would have less than 40% of the blast radius of the high quality military bomb, and would probably need to be within 1 km to be effective.
A surface blast over *land* is what a terrorist wants, because the radioactive fallout would cause a world of hurt. You'd get very little of that even 1 km off the coast, and even a ship at a dock would produce far less fallout than a bomb 1 km inland. It's *definitely* worth checking for nukes at ports of entry: the threat just goes down very fast as the bomb moves away from land.
The Nuclear Weapon Archive is extrarodinarily cool.
When I was a California teenager, I used to roller disco. In fact I was about as good in that as in most things I do - the lower upper middle class. Which means that I was good enough to be an extra in a first rate deal. Always mindful of such matters at the ridiculous age of 19, I often made it a habit to hang out at Venice Beach and Hollywood Blvd. As a measure of my own vanity and success at roller disco, I would perform and get people to take pictures of me. These would be tourists of course, locals would recognize me, and I would always be welcome to hang out with the cool guys and girls as we skated our way into that particularly Californish oblivion. Somehow I am reminded of this by the Cameo song 'Shake Your Pants' as well as 'Gloria' by Laura Branigan.
But I was also reminded of this by my trip to Hollywood the other night as I found myself in the viewfinder of half a dozen folks with digital cameras. And I wasn't even showing off. Everybody has got digital cameras it seems. Outside of your home, it's the big bad public boys and girls. Be prepared for reality TV. I'm quite adjusted to this reality because I recognize my ability, abetted by Google and you lovely trackbackers and readers, to create a self-portrait which is better than the average Joe. That is to say while it would take a bunch of you a while to figure out what my zipcode was in 1993, it's actually published somewhere in mdcbowen.org. And because mdcbowen.org has been growing steadily for over a decade, it would take quite a bit of disinformation to destroy the public record I have created about myself. I'm not saying that it would be impossible, but that it would have to be a professionally done job, a contract of non-trivial figures would be required to undo what I have done in public.
Since I am a member of the Bear Flag League and the Conservative Brotherhood, for example, it would be particularly difficult to make the case against my character as a domestic terrorist. Hell, people believe that I follow and defend George W. Bush blindly.
But what if? What would I have to do in order to be the target of the kinds of extra-FISA spying that is going on these days? What kind of finger has to point me out? It would certainly be more than a random happenstance. What keeps me safe from the prying eyes of the government? Nothing. Absolutely nothing. I understand this. I know that every code I know everything I am could be put under a microscope. You might say that I am paranoid about it, but I think it would be more appropriate to say that I am Jewish about it. I understand that there is an almighty power that certainly capable and willing to judge everything I have ever done in my life. Whether it is God or the Government makes little difference to the extent that I discipline myself to be exactly what I intend to be. That is to say, my belief that I will ultimately be called into account for my life is a self-directed kind of thing.
It's facile to say that only terrorists should be afraid. We should all be mindful of whether our laws are just and whether they are followed whether or not our own personal privacy is at risk. I'm all for the disclosure that Congress is forcing upon the Administration. It's about time that they do their job, and while they're posing and being shrill, they are doing a decent job in giving us all something more to chew on. Nevertheless what is at the bottom of all this war on terrorism is a matter of character. Some people who believe they are only accountable to God and not to their neighbors have decided to hide their character and intent. They are, not like young American teens, shameless and wanting to be seen and admired by everyone. No they carry secret burdens and secret shames and are trying to conduct their business in secret. But we're all watching and listening and trying to ferret out those who would destroy our society and peace. Everybody has a camera. Everybody is being watched. What if the enemy is us?
In the end there's only one way to find out. Follow your suspicions and clues and expose the motives and intents of your suspects. It means everyone may be called into account. There's no better case for improving one's character than that.
I try not to go through life with my jaw dropped, but I have to admit there are some awesome things to marvel at. Today I have marveled at the pretense of objectivity by Nina Totenberg and the whole NPR staff that pre-empted Terri Gross with their idiotic 'Special Report' on the Intelligence Hearings. I marveled at the arrogance of those Congresscritters who do nothing all day but suck up to lobbyists and their wacko constituents instead of really bothering to get into the guts of understanding how the President is actually approaching FISA. The nerve of their speculation!
Not too many people are blogging about E0 12333 (in plain sight), but I hope some (like Bloggledygook) get into the thick of it. Because if Leahy isn't going to moderate his mouthing off about the NSA professionals and Administration lawyers blindly breaking the law, and if NPR isn't going to be reasonable in their coverage we're going to have to do some fisking. The way they were pushing Gonzales all over the map like W had gone apeshit was really embarrassing.
But there are astonishingly good things to marvel at as well. Today I found this essay which I hope people all over the 'sphere gang-tackle. It's great! O would it I were Instapundit. Hmm.
The only point to death is a point you make yourself. You make your death have meaning by giving your life meaning. You give your life meaning by choosing a project to accomplish, or by accepting as your own a project given to you by others or by God. That's it; but that's everything. The young marines who have died in Iraq did not die pointless deaths or meaningless deaths.
Definitely read the entire piece and find a way to spit once again in the face of Joel Whatshisname. You see we live in a country where there is a huge population of loud people with access to mass communications who are mentally and morally incapable of understanding the honor due soldiers who fight in defense of our liberty. So you can hardly expect them to see the value in electronic surveillance. If there is a sliver of a law they could use to decapitate executive leadership, they'll use it.
I wonder if they would dedicate their lives to it.
Basically, it's outmoded and requires an overhaul.
My father was the adminstrative assistant to a Congressman on the House Intelligence Committee at the time FISA was enacted in 1978. I was and am familiar with the public and Congressional debate on FISA at that time. I was engaged in the private practice of law at that time and so able to follow the details.
My brief conversations with my father and his boss about FISA taught me that Congress was determined to head off future domestic abuses of what was then perceived as the NSA's rapidly growing eavesdropping ability. They didn't care at all about "foreign communications" - those into or out of the U.S. The Executive Branch was adamant about Congress not touching the NSA's surveillance of foreign communications, and Congress didn't care at all about that so the Executive Branch got its way there.
He has more at Volokh.
As Drezner suggests, the administration should throw this back to the Congress and get an updated statute. There's no way the President should be breaking the law, and this one is broken.
The problem with me is that I've done roller disco at Venice Beach and breakdancing at an awards banquet. The rest of you might be more easily embarrassed by con-men and blackmailers. So if you think you may have surfed some porn and that Google might know something about it, you might want to anonymize your Google cookie. I find it difficult to give a gnat's gonads, but it might just be that I'm not paranoid in the proper dimensions. I worry a lot more about people finding out that I might have bad breath.
Those of you on the inside of the bubble may have already been there, and I may adjust my habits in due time. In the meantime here's the link.
I hereby punch myself in the nose and admit that I have been taken in by viral marketing. All that Dave Chappelle business is clever marketing hype for a new Charlie Murphy movie. But now I'm not even sure that it's a real movie.
Trust no one. Especially not friends who send you IMs in the middle of the night with hot news about Dave Chappelle.
Let the record show that the last page was not there two days ago. At least that's my source's excuse. My excuse? I write too much.
If I ever see Charlie Murphy, that fool owes me a beer.
I must confess that although most of my passion about the Plame Affair is spent, the idea that Karl Rove is the dealer of dirt makes for a healthy bashing. I say whomever did it should go down, but I won't get particularly purturbed if it doesn't happen. Part of the reason has to do with the complexity of the shield privileges and my orientation towards technology.
I always believed that some private companies or entities (and I had always thought it would be banks until I realized how wealthy and powerful ISPs have become) would do the public a great favor by providing digital escrow accounts. The basic idea was for an individual to be able to do the 'swiss banking' thing with their digital data.
Anyway, cut to the chase, here's what I'm looking for. I am looking for bloggers and cypherpunks to come up with a way to shield and serve whistleblowers, and I want Pajamas Media to be the place. If you don't trust Time or the MSM, trust the blogosphere.
Now the only question is how.
I am fascinated by Wall Street bond trading and nuclear weapons. You can talk about these things all your life and never really understand them. I am also fascinated by remote places on the globe, not because they are particularly hostile, but because they are remote. So this evening by chance navigation by way of Google Earth and Alamogordo, NM, I have arrived at a Russian nuclear test site. It's an island called Novaya Zemlya.
Chances are you've never heard of the place before. I know I haven't. And yet isn't that extraordinary? The biggest explosions in the history of mankind, these nukes. But none of us know where they happened or might be happening.
Do you rembmer when the Kursk went down in the Barents Sea? It's still there. Makes you wonder what else is out there.
Despite all the guns out there, chances are, you're not going to get shot. Despite all the credit cards you have, chances are your identity is not going to get stolen.
I've been a little lax on following up on the many interests I've cultivated in my life, among them security and paranoia. So I've only vaguely heard tell of Bank of America's loss of private information to crackers and identity fraudsters. But I'm not really worried.
Back in the days, before the internet bubble, our division got into a lot of PR hot water over the matter of privacy. I had a nicely complex argument that shot down most arguments against our cookies and weblog inspections that went a little something like this. You need to take into consideration the value of your information. Why would a thief buy $500 tools to steal a $50 item? And while it may be true that part of the value of these recent identity theft break-ins is the size of the theft, sooner or later there has to be a fence value for each one. What is, indeed, the value of you mother's maiden name?
I've been thinking about what the value of my writing on the internet for the past 12 years has been. I've always assumed that some poor graduate student would have to troll through it after I'm gone to make some anthropological sense of the contribution of the post-civil rights black middle class. But more recently, especially since my mother says I confess too much, I've been thinking about its value to my own children. After all, they're probably the only ones who really care enough to read more than a little bit. I don't tell people to read my blog, and I don't often mention that I do blog, but I think that most of my friends know about it - and don't read it. I know that my mother is the only family member that reads Cobb on the regular. Such facts, combined with the fact that my IQ is right about at the same level as my FICO score, I don't particularly worry about my identity being stolen.
I have several issues with 'action at a distance', and so while I am often the first to indulge in the latest technological goody, I am far from being dependent or overly respectful of all this stuff. I know how fragile it is and how wrong it can be.
Since I'm not cheating on my wife or stealing from my employer or blackmailing anyone, I can see no particular enemies looking to do me in. When you think of the guns and violence, we know that people are generally killed by people they know for reasons that don't take long to figure out. It's likely to be your own son who is out joyriding in the family sedan. Because it's a family sedan, it's not so attractive to professional thieves. My identity is no Mercedes Benz, at least my identity as tied to financial data about me in hackable computers somewhere. But if there is dirt doable to me, it would most likely be by an insider. Did I spend 200 bucks on a dinner in Salt Lake City? My wife would kill me if she found out. That's my kind of worry. (Actually it was only 74 bucks).
So considering the massive amount of information about me through my blog, and who knows what the google archive has via google groups, there's a lot to know, but little to do. What's the motivation? How is the information valued? Moe importantly, how does it get fungible? Which is to say, where is the fence? What is the eqivalent of a pawn shop for the last four digits of your social security number? What do you care if your eyeglasses perscription falls into the wrong hands?
Still, I'd be a bit more comfortable if we had the option to generate our own passwords and identifyers. PGP with a picture and a signature would be plenty. Some joint like the UPS Store (where my favorite Notary Public can be found) or Kinkos could provide this service to customers - live authentication. Banks would be uniquely qualified to do similar things. In fact, I could see a privatized national ID system coming to fruition sooner than a Federal one, and I'd be all for it. Until then, all my business is in the street, and who cares?
Emmitt Louis Till died about 50 years ago, but it has been decided that his body should be exhumed in order to discover new forensic evidence which might lead to others who might have participated in his killing.
In a related story, a registered Oklahoma sex offender was not captured in a Georgia arrest because of a 'failure' to match his fingerprints with all of his known aliases in the FBI database.
People keep mumbling about national ID cards and drivers license requirements. All three subjects are fueling the fire for construction of the American Panopitcon.
Since I'm a civil libertarian, as is most of the Old School, considering that it was our Civil Rights Movement that gave birth to that infrastructure, I have my reservations about panoptic security. That means that I recognize the tension between liberty and security. If I remember correctly, Patrick Henry didn't say "Give me security and give them death." I think we're on the same side of the fence.
And yet the more we try to get justice 50 years late, by using new techologies, the more we tip the balance towards building the perfect system of security. Sure murder is murder and there is not statute of limitations on that, but such matters cannot be taken in isolation. The proper legacy of Emmitt Till is not to be found in a murder conviction, but the moral conviction his death fired in 1950s America. To ask more of Till's dead body is to enable the panoptic forces.
Gladwell's best aphorism of 'Blink' comes to me in the form of the notion of panoptics and chess. Those who argue that enabling the electronic eyes ears and noses of the Justice Department (or the Defence Department or the Intelligence Services) will make us win, because we'll be able to see and hear everything. But consider a chess game. Surely there is nothing you can't see in a chess game. But does seeing everything help you win? No. You cannot see what your opponent is thinking. All you know are the moves he has made in the past.
Surely providing for our security is more complex than a chess game and it's better to see than to be blind. But there are limits at which the price of seeing is not worth the marginal benefit of security. We should be more robust in ourselves and stop wishing for intervention under all circumstances.
The cases brought against protesters in NYC during the Republican National Convention have had a stunning failure rate of 91% according to this story in the NYTimes.
I take this one at face value as further evidence of what the decentralization of technology will enable citizens to accomplish independent of large slow traditional organizations. This is clearly smartmobbery, which can be a good thing. On the other hand, it can start an escalation in the sophistication with which red-handed authorities handle their tech. I predict the upper hand will remain with the crowds for the forseeable future.
Apart from the fact that I am doing it between 9pm and 2am, my quest to master elements of electronic security are very good for me.
When I took my first full-time job in 1979, it was at the radio department at Fedco La Cienega. As much as it's possible to be something of a local celeb, it was a very cool job to have back in those days. Hmm. I do need to do some more writing about those days. At any rate, I spent a lot of time at the high end audio concession and had a serious case of audiophilia, traces of which infect me to this day. What astounded me was that I discovered that there were turntables which didn't wear out records or skip. In my entire life up until that point, I took it as the nature of the beast that eventually all vinyl records skip and that you need to tape coins onto the tonearm so they wouldn't. Then I started learning about the subtlties of tracking force, anti-skate and the rest of turntable physics and I began to understand a new dimension. I soon purchased a Dual 440 and showed off the fact that I could play records upside down. Freaked people out, and underscored my lust for the technology. These days I am lusting after the unattainable beauty of perfect security. I'm actually starting to have dreams about it.
I've gotten my GnuPG working through Enigmail and a crufty little tray app called WinPT, but I'm digging the CLI. I've also been coming up with a series of code schemes to assist me. As I continue on this quest, several aspects of security are becoming clearer to me - to the point at which the hitherto impenetrable language is actually starting to make sense. But that means bigger questions.
This magnetar story is incredible.
A huge explosion halfway across the galaxy packed so much power it briefly altered Earth's upper atmosphere in December, astronomers said Friday.
No known eruption beyond our solar system has ever appeared as bright upon arrival.
But you could not have seen it, unless you can top the X-ray vision of Superman: In gamma rays, the event equaled the brightness of the full Moon's reflected visible light.
OK what does this mean. It means a couple things. If there were a neutron star that flashed like this somewhere in this galaxy, we'd be dead. No only that, since gamma rays and light and all that fun stuff travels at the same time, there would be no warning. Warning would be impossible. One side of the planet would get fried immediately, and depending on how long the flare was so would the other. Then if all of our best scientists and equipment were to survive, it would take them two months to figure out what happened.
Just yesterday I downloaded cfv, a cool CLI tool for win32 that gives me some version checking stuff. I'm going to build a general purpose thingy that helps me build some automatic versioning tools and tripwire stuff. There are plenty of applications for it and I'm going to try to work it to make a secure file system, which is to say one that allows me to eyeball a log of changed files on a daily basis, extra coolness eh?
Anyway, the cfv package hosts a myriad of hash functions which are of varying length and sophistication. I'm a bit paranoid, now that I mention it, of the PGP 8.1 version that I got from PGP.com because its signature file has a dead or revoked key and the pgp keyserver isn't very responsive. I'm beginning to think that PGP itself is a honeypot. So my trust of hash functions has come pretty much down to MD5. But even so, since I use SlavaSoft's HashCalc, I had some interest in SHA1 since its result is a little bit longer. (This by the way made me think of whether or not that's what Google or other websites use to make an ID cookie...) Either way, it appears that it's now broken. This means work for security guys everywhere. Flight to quality. Must be nice.
In English from Frobnicator:
Yes, they found a way to break the hash function. But as the parent said, it does not mean it's suddenly invalid. Sure, the group found a way to break the algorithim, but look at According to TFA a collision can be found in about 2**69 hash operations. That's 590295810358705651712 attempts before they can find a match, as opposed to the 2**80 (1208925819614629174706176) that was expected before the paper. While the paper means it is orders of magnitude less work, it still means a lot of work for the attacker. Lets look at two relevant examples: disc images and passwords. Lets say I have an ISO disk image. I hack it, and want to modify some of the 'junk' bits using their algorithm. I'd still need to perform 590295810358705651712 hash operations on that image. Computing the hash of a disc is a slow operation. That's not something I could do in a day, week, or even a few months. Perhaps if I had a massivly parallel computer available, I could do it, but not as an individual. For a password, hopefully your system would lock the account long before there are that many failed login attempts. However, if your attacker has that kind of resources, you can assume it is feasable for them to find a hash collision. That's really only significant for governments, multi-national organizations, and other major enterprises, but not for most people.
So down here on earth, it's not a big deal, especially for those of us who don't shred all our trash.
IBM's new Cell chip could be revolutionary.
"It’s hard to avoid the conclusion that Cell processors will have an extraordinarily secure but cumbersome memory model. For each main-memory access, the processor would have to consult four lookup tables... Three of those tables are in DRAM, which implies slow off-chip memory references; the other table is in the DMA controller’s SRAM. In some cases, the delays caused by the table lookups might eat more clock cycles than reading or writing the actual data. The patent hints that some keys might unlock multiple memory locations or sandboxes, perhaps granting blanket permission for a rapid series of accesses, within certain bounds."
The Cell chip promises to destroy spam, viruses and spyware. That's the good news. The bad news is that here we have the makings of the beginning of the end of file sharing, basically the ability to put DRM security into hardware.
While it's certainly true that security schemes like DVD decoding can be 'chipped', those are rare individuals who can. The ability to short circuit the memory model of the CPU is going to be a rarer quality still. So, practically speaking, once Cell chips are common, the world loses the power of the masses to overcome industry security.
This is yet another indication to me that we are coming closer to the surveillance society, that more and more of our activities can and will be monitored. There are many ways out, but not for the urbane. Some other time, I will talk about life off the grid, which I predict will be the return of the rugged 70s, which was actually a pretty interesting time in its own right. But now, let's consider life in the grid.
The promise of grid computing is delicious, and the Cell processor will be a great enabler of that. A moment's consideration suggests to me that somehow, there are going to be fingerprints on processes. In certain ways this too is very exciting. For those of you who are less technically inclined, think of it this way. If you are using windows, if you bring up the task manager, you can see all of the programs your computer is using, sorta. Notice the difference between 'Applications' and 'Processes'. As I write this I show 9 applications running, which corresponds exactly to the number of windows open on my desktop. But when I pop over to Processes, I show 76. One of the things Unix guys (like me) fuss about is that some of these processes can be made invisible to Windows. There might be 10 or 20 more running that I don't know about. That's a simple definition of spyware, and it's a big security hole in Windows. In Unix and Linux systems a command called 'ps' gives a much more comprehensive view. That is, unless your kernel has been hacked.
The general solution to knowing what exactly is running on your machine is 'fingerprinting'. There are algorithms called 'hashes' that can uniquely identify that every bit in a collection of bytes are in the right place and order. The one I like is called MD5. You could take a huge file, say a 10GB picture of yourself, and change one pixel on a nose hair and MD5 will generate a completely different fingerprint of it. The security tool ZoneAlarm maintains a table of hashes for every program that your computer allows to talk to the internet. But a more advanced kind of security program would have fingerprints of every process that your CPU runs at all. Digital Rights Management extends this concept to certain types of data as well. Whereas ZoneAlarm gives the authority for allowing or restricting programs to you personally, DRM would have third parties determine that authority.
The Cell chip facilitates such matters by having its own unique ID which can be checked. It doesn't take long for a database guy like me to add two plus two. If you think online registration of programs you buy is a pain, imagine the day when it's done for you whether you like it or not. That's what DRM architecture is all about, and the backdoors will only be in hardware, or at least that's the plan the way I would plan it.
The great exciting advantage of this is that I could conceivably authorize my mother's computer, with her permission, to help me crunch some numbers. In fact, I could join a computing pool and authorize some fingerprinted programs and/or data to be run simultaeously by the group.
Now here's the killer, which I never thought of until this moment. I could create a program within which is some encrypted data, that can only run on processors I designate. I could, in effect, create my own DRM scheme. 'I' meaning Al Qaeda. Of course, there will always be 'old' computers and those who don't run Cell processors, and there will conceivably be ways to disassemble code compiled for Cell use only, so there will always be ways to crack the uncrackable. But this is just one more escalation in the complexity of modern computing. It's like an arms race.
I just wasted a perfectly good 2 hours at US Search looking up random people in my contacts list. I found every one of them. It's rather astounding that so much information is available, and yet when you really think about it, it's not so much at all. It's only because I know the people that I know that any of the information is correct. If I didn't know the people at all, I'd take more of the information presented as credible. They say that the test of intelligence is knowing what to discard. True.
I'm buying Schneier's book on IT security, 'Secrets and Lies' to get myself up to date on some basic concepts of security. As well I'm thinking about Ricky Jay and different kinds of confidence games. There's so little we actually know about people, and so many people out there. I am finding at this point in my life that I'm feeling a bit like a teen - that everybody else is having fun with everybody else except me. Only this time I know that people are very disconnected.
Every time I think about the old demographic chestnut that about half of the people in the US are born, live and die within a 50 mile radius it makes me think about Foucault's ideas about sex and proximity. We only think that we are falling in love with the right person, but our experience is far too limited. We love the one we're with, and we try to change them, and we resign ourselves. I'm comfortable with all that, except now I know where several of my ex-girlfriends live. A little knowledge is a dangerous thing.
But we are getting better about understanding the connections between people. For example, I had no idea that there was a difference between the sexual activity of teens and adults.
Still I didn't pay the 40 bucks it costs to deliver the details for any of my foundlings, which illustrates a principle about privacy. It costs time, effort and money to invade someone's privacy. No security analysis is useful without a cost/benefit analysis. What your information is worth to somebody else is usually a whole lot less than what it's worth to you, so little in fact that it may not be worth going after, even when it's in plain sight.
Lastly, I want to give a plug for HUMINT. I really have a ball watching '24' and shows like that. Go Jack.
Don't believe the hype.
I spoofed this analysis eight ways to Sunday. If this is the state of the art, we've got another generation to go before we can do even basic stuff. This thing is so pathetically bad, I don't even know why they bother. It may as well be random.
I'm creating a Circle of Trust.
The spousal unit as well as at least two others have expressed concern for my bumpy black butt as I take it to the Far East. As well, I will be involved in some high finance as someone close to pure capitalists and dealmakers in what is ostensibly a communist and repressive society. I like the quote I recently read that the heads of the Chinese government are 30% Communist and 70% Sopranos. So it makes sense for me to watch my back.
But that is also true in any circumstance and it is part of a theme I will be repeating as my review of the film 'Hotel Rwanda' takes shape this week. Anonymity can be deadly.
So I will endeavor to implement various features of, for lack of a better term, a cell-based distributive circle of confidants, starting with those of you who comment here at Cobb. You know me, literarily, and have access to my Cobbian style and voice.
I hear tell that one of my new associates, being the scion of international wealth and power, will have access to goods of eye-popping capability. So it makes me drool a bit to be in the company of those who literally have to read science fiction in order to get excited about what is possible, because they've seen everything that actually exists in physical form on Earth. Me, I get excited about stuff like the Mac Mini, and Tivo To Go. While it still makes me feel clever that I can reasonably debug the plot devices on 24, I know there are people, John Lee, for example, who may have already been bored by cloning cellphones and hacking bluetooth linking protocols. So at some point I may have access to some real-deal executive security insights. But for now PGP will suffice. Plus it's cheap, if not free.
Starting with you all, I'd like to update my network of PGP folks. I think PGP is a start unless you have better ideas.
I wonder if there are any cypherpunks out there who might be able to clarify my interpretation that Clinton took all commercially available crypto off the US Munitions List in 2000. That's what this seems to say, but I'm just looking for a quick abstract.
UPDATE: I think it's pretty obvious here...
SUMMARY: This rule amends the Export Administration Regulations (EAR) to allow the export and reexport of any encryption commodity or software to individuals, commercial firms, and other non-government end-users in all destinations. It also allows exports and reexports of retail encryption commodities and software to all end-users in all destinations. Post-export reporting requirements are streamlined, and changes are made to reflect amendments to the Wassenaar Arrangement. This rule implements the encryption policy announced by the White House on September 16 and will simplify U.S. encryption export rules. Restrictions on terrorist supporting states (Cuba, Iran, Iraq, Libya, North Korea, Sudan or Syria), their nationals and other sanctioned entities are not changed by this rule.
You've got to be brilliant or crazy or a bit of both to take on the CIA singlehandedly. The bigger question is whether you can survive the success or failure of such an endeavor. All in all, the odds are against you, and now another David lies dead in the shadow of Goliath.
It was a suicide according to this article, but it might be more appropriately called a collective execution. Webb long ago lost the support of the profession, despite his willingness to go the extra mile to make his case.
The publication of his book 'Dark Alliance' set a lot of tongues wagging and eyebrows raising. But in the end it didn't prove enough to be the kind of damnation CIA haters would prefer or vindication CIA suckups desired. It showed a complicated and convoluted series of events with plenty of dirt and blame to go around. In the end, I believe that his profession abandoned him.
Webb's job may someday be internalized by massive organizations. Investigations of the sort he embarked upon over continents and years are the only way anyone can find out what goes on aside from those directing operations. In a publicly funded organization we have a right to know, even if most of us would prefer not to know.
Webb's death reminds us that there remain high prices to pay for the burden of unwelcome knowledge. Truth serves no man.