Archive for November, 2010
I am torn on the latest dump from Wikileaks. On the one hand, the United States needs to be able to conduct its dealings on a world stage with the security standbys of “integrity, confidentiality and availability.” Diplomats need to be able to prove they are who they are, have confidential communications with other parties, and do so securely. This is basic security: they need to be able to have the dealings they need to have, no matter the content, without fear of unauthorized prying eyes. Otherwise, it is very difficult for people who have to have sensitive conversations as a routine part of their job to have these sensitive conversations. A government needs to work behind closed doors from time to time to function properly.
On the other hand, this is the same United States government that wants to read my email and see me naked if I want to fly to Detroit. I want to have sensitive conversations too.* I want to not have the government peer at my daughter’s body “for her own good.” I find my sympathy a bit limited. When I see heads of state complaining of feeling their privacy has been violated, I want to give them a Club Membership and a Beanie. It has a propeller. Welcome to the Club: it’s nice of over here.
We live in a data-centric world and, if data wants anything, it wants to be free. It’s like pollution: pour a little into a stream and the whole fish stock is contaminated. We generate so much data even on a daily basis as individual human beings that simply attempting to analyze it all or even record it is currently prohibitive.** Data is just noise, for the most part; a denial of service attack on our higher brain functions. To do anything with data, it has to be correlated and sifted and sorted. To get the right data across the right functions, the data has to be, above everything else, shared.
This is where the government is way behind the curve. Most of the three-letter agencies have been working in absolute silence for their entire existence. But now, data has to be shared to make any sense of it. There’s just too much data coming from too many points and it all needs to make sense. And going from a full confidentiality environement to one with availability of data is actually and honestly a hard problem. Data is going to get everywhere. It is going to leak. It is going to pour out the cracks. This is what data does.
Hard problems are hard.
The DoD immediately banned USB drives***. Lots of people started screaming and yelling about espionage or treason****. There’s a few hair shirts. From what I have seen — and I admit I haven’t sat down to read the cables, only the NYT summaries of the cables — there’s nothing really amazing or breathtaking in there. The Chinese Government attacked Google. People think Iran getting the Bomb is Bad. I have seen people yelling with hands clutched over their chests that it will end transparency in government — although this is staggeringly unlikely. The government is not particularly transparent to begin with; that’s the entire point.
So ANYWAY, To Sum Up, My feelings in Exciting Bullet Point Form:
* When journalists get juicy information they publish it. Where they get it doesn’t matter. As long as it’s verifiable, it gets published. That’s what journalists do. Or at least they did once upon a time. And not all foreign journalists are super nice to the People In Power.
* … and this is healthy, because Democratic Governments really and truly need an adversarial press to keep it honest. This is why we have enshrined the freedom of speech and the freedom of the press as some of our highest cultural ideals. The government needs to be exposed and of course a government will do anything they can to repress information that got out of their control. That is what governments do. These sort of things are good for governments. It’s like getting a flu shot. Sure, yeah, we’ll have a few months of retrenching but it might make some people think. It is the job of the people to keep their elected officials plausibly honest and it is the job of journalists to pour data into the heads of the people.
* And it is not like foreign countries are going to stop hosting systems with Wiki software. In fact, it’s kinda fun! Except for the DDOS parts; those are a little annoying.
* Meanwhile, the Federal Government is learning what lots of us in industry have learned: defending data while still making it usable and useful and safe is really freaking hard.***** What do I always say? Security is hard and encryption is slow. Yes, I absolutely believe that people who need AIC should get AIC while sharing data between two parties. Yes, I feel the State Department should be able to work in a confidential atmosphere. Yes, I feel this is important for the security of the United States. But see points A, B and C, above.
* There’s a balance to be struck between what the governments can do and what the people know. We need to rediscover that balance.
* Ta-da! Behold what the Slashdot crowd and security crowd has been yelling about for years: privacy is important. And not just for people in the public sector. For everyone. FBI back doors into ISPs and unauthorized wiretapping and tracking cookies and naked scanners and you name it. Privacy is important. It is. It really is.
* Sure, I can. I know how. It’s not that difficult but it is time consuming and nonstandard and key sharing/rotation is annoying.
** Although, dear God, who knows for how long. I can run a MySQL DB on my laptop and mine hundreds of gigs of data. I can buy a T from Best Buy. A T! And I made a fool out of myself in graduate school asking: “Why would you ever need a T of space?” Why indeed.
*** Yeah. Well, good luck with that. Physical security of teeny devices that can look like bananas or coke cans is a bit challenging. I hear the TSA has some new machines to search people for plastics, I guess. I would fill all the USB ports with rubber cement but I know that’s really not workable because it blows up service contracts.
**** Not sure how treason works with a foreign citizen living in a foreign country but whatever. We don’t let details get in the way of a good soundbyte.
***** I know this initiative has been going on for a while now, actually.
Security conferences are a little microcosms of the security industry mindset. Everyone herds excitedly to the talks with the new, big, lurid hacks because offense is super sexy. We all ooh and aah as someone with a Powerpoint deck demonstrates some explosive breach of known security. Then the talk is over and immediately we’re herded to the vendor aisle where the vendors shlep an array of expensive pieces of hardware. Seen the attack? Now here’s the countermeasure! It will only cost you $100,000 and several hundred man-hours to get up and working but you don’t want to be subject to that attack you just saw, did you? The CTOs and CEOs, many with MBAs instead of engineering degrees, shake hands, watch demonstrations, take cards, promise to make calls because this hoopy new equipment will stop that very scary new attack because wow was that scary. They have room in their budgets, they promise.
As a security professional, my brain isn’t wired right. I love hot new attacks. I find them fascinating. I read about them obsessively. I should be working but no, I’m reading some new way to take out a database with a well crafted command. But I’m also an engineer and I know that an offensive demonstration sells expensive, and somewhat dubious, defense hardware and defense is big business. Yeah, you need a big heap of hardware these days to run a secure network, I’m not claiming you don’t, but I also know that the sexy new attack may also be mitigated, not with another $100,000 expenditure, but with a few hours of expert code review. I have a dollop of doubt gleaned from many years of experience.
But that doesn’t stop the anxious CTO or CEO who has a mandate and, instead of doing threat modeling and risk analysis, wants to fix the problem quick with a new piece of hardware because wow that Powerpoint deck was pretty scary. Everyone get to work! Plug this in! Make system changes! So it goes. It keeps us all employed.
Terrorism is a physical security problem that cannot be stopped at the gates of an airport. If a terrorist has reached an airport, the terrorist has breached many layers of other security — real security and law enforcement. It is far too late. The system has failed. At that point, only three things mitigate the attack: reinforced doors on airplanes, passengers who will not be cowed, and people who blow themselves up are generally not the sharpest tack in the pile.* That’s it and those goals have been achieved. Past that, putting money into police and emergency response would be useful. It’s a crime and like any crime it’s essentially random; it’s an externality whose real risk probability is low. If you have 300 million fliers and 1 terrorist, then you deal with the problem when it happens because searching for the real risk at the point of entry is futile.**
Logic and good engineering dictates we model for high probability risks when securing our systems and work to mitigate those risks. However, the Powerpoint deck for global terrorism offensive attacks is super hot: it shows buildings blown up and dead people in the streets and bodies and planes crashing into buildings. It’s damn scary. Worse, it makes the stakeholders unelectable if such a thing comes to pass. Non-engineers sitting in elected or appointed office look at those Powerpoint decks and Get the Fear. They then walk out down the aisles of vendors afterward and they say: “I will take one of everything.”
The TSA is not a security organization. They don’t serve any real security purpose. Other people in other government organizations deal with the real work. No way can people hired from ads off the back of pizza boxes and given 40 hours of web-based instruction know what to do if they encountered an actual terrorist. That’s absolutely absurd. The threat model shows the probability of an actual terrorist in an airport line instead of, say, just mailing the bomb, is infinitesimally low. It’s an acceptable risk to put non-security personnel in security positions. It makes for a great government work project in a recession. And wouldn’t a terrorist with an actual live bomb just blow himself up in one of those backscatter machines?
The TSA does serve a very important purpose to the Federal Government: Marketing. They market security. They have SIGNS. And UNIFORMS. They give people Very Meaningful Looks. They stand around in airports with big machines that go bloop like great big advertisements full of warm fuzzy safety. They market for elected leaders who want to show they are keeping us all safe. They’re like the election time TV advertisements except with groping. Go through the bloop machine! Don’t you feel safer now?
Take off shoes, take off jackets, throw out liquids, get pat downs, go through scanners — none of it serves any actual purpose except to sell to a jittery public who feasts on capitalist marketing a feeling of security because real security is hard and doesn’t always succeed. That’s the hard truth the public will not accept: we are unable to defend against all risks. It’s not physically possible. But the Government will give you a pleasant illusion. To sell warm fuzzy non-offensive security when faced with a real (if lame) attempt, the TSA must buy more machines that go bloop because someone in a suit watched a very scary Powerpoint deck indeed and some smiling vendor was standing with their card right outside the demonstration. If they don’t install the machines that go bloop, what do they do?
Funny thing, the Government, under money pressures, now has to provide a strategic, risk-based assessment of their security countermeasures starting Real Soon Now. The machines that go bloop and the new security measures must be in place before the risk-based models go in. The TSA has not turned in any risk assessments of the new machines to the GAO to justify the purchases and they won’t because the risk of finding someone real with their current operation is so tiny and the risk of something going wrong with the machines is so much greater that the purchase can’t be justified. But they don’t need risk assessments because, at the core, the mission isn’t security.
My stance on the TSA is well known. I don’t like such obvious wastes of money, and I especially don’t like it with machines that go bloop and may or may not cause skin carcinoma. Nate Silver has an interesting article on the hidden costs of extra airport security. But next time you go through security, you should ask for a Coke with your grope — at least with a Coke, you get a Coke!
I have more stuff, about how security has a customer service and customer expectations model to it, about how the TSA needs to think of itself as a customer service organization first, about how the entire organization has to be rethunk, but this post has gone on long enough. The TSA is here to stay. They provide too much CYA to lawmakers to ever disband. But to save us all money, they should just pull the plugs on the machines and send us all through. It will help with global warming, at least. If they unplugged the machines, would you ever be able to tell?
Here’s the recruitment pizza box. You can find it a bunch of places.
Threat Level’s discusson on TSA training. 40 hours of web based instruction and 60 hours on the job!
Here’s the GAO report I cite. I cannot find if their position has changed but as far as I can tell, no risk management study has been completed.
* If you think strapping a bomb to your nads is smart then I have some equipment I can sell you!
** The argument here is “but the attack is huge.” Yes, that’s possible, but the point stands: if the terrorist gets on the plane there are bigger problems with the system.
My rating: 3 of 5 stars
Don DeLillo won the National Book Award for White Noise in 1985. Theoretically, as marked as our Great Minds as a Great American Novel, I should be very for this book. I picked it up because I am a fiend for all things David Foster Wallace and I know he had an ongoing professional relationship with Don DeLillo and took some of the craft of his dialogue for Infinite Jest from this novel.
So why didn’t I love it?
It’s a couple of things. The Kindle edition has a double space between each paragraph which throws off the flow of the dialogue which, I’m sure, was a mitigating factor. Some of the black comedic assessments of our media culture seem dated simply because they were so prescient. (A friend recently pointed out that science fiction that fails to come true is fascinating; science fiction that does is cliche. Think of the 20 page digression on SSH in Cryptonomicon. It was certainly interesting for its time and a pointless digression today.) Partly because the book seems, in the end, like it is trying to be a meaningful meditation on modern existence and it tries too hard.
Jack (J.A.K.) Gladney is a professor at a small midwestern college in Hitler Studies. He and his current wife Babette have numerous children from previous marriages. One day there is an enormous industrial spill — the Airbourne Toxic Event — where they all pile in the car and flee. During which, Jack is infected with a small dose of industrial compound and is informed that, some day in the future, it will kill him. Maybe not today, maybe not tomorrow, but someday. Eventually. The last half of the book is consumed with Babette’s addiction to a drug Dylar, Jack’s obsession with the way Babette acquires the Dylar and the Dylar itself, and Jack’s obsession with death.
So we have the big themes: rampant consumerism (lots of scenes in the grocery store), death, more death, media saturation, underground conspiracies, the family, and violence.
Not really for everyone, no. White Noise is a black satire. It is humorous in places, and has some incredible bits of craft in imagery and language. I found myself highlighting some of the better and more interesting passages. But in the end, the story didn’t hang together as well as it could. This novel is definitely Your Milage May Vary.
My rating: 4 of 5 stars
The Windup Girl by Paolo Bacigalupi is the Coen Brothers meets Blade Runner.
It’s the 23rd century and global warming has run amok. The great cities of the world are under water. Enormous corporate conglomerates genetically manipulate strains of wheat and rice to feed the world while extorting the last bit of cash and blood. Countries incessantly war over resources. Genetically created diseases ravish societies. And the Japanese genetically generate the New People, their perfect servants to support a rapidly aging and non-replenishing society.
Set in Bangkok, Thailand, the book follows the stories of four main characters “Song of Ice and Fire”-like: Anderson Lake, the American ‘calorie man’ coming for Thailand’s stock of genetic diversity, Hong Seck a Chinese Refugee from the US, Jaidee Rojjanasukchai a “white shirt” Tiger of Bangkok who works for the ministry that polices the health of the country and Emiko, a discarded “windup,” a genetically modified human turned into the perfect servant but now without a master.
The four main plotlines sort of wander along telling four parallel stories that cross over and intersect and explode in exciting ways while exploring this science fiction future of ecological devastation. This is not an uplifting or positive book — it is /very/ Coen Brothers where people are generally awful in an ever increasing tide of awfulness until the plot explodes on everyone in a mess of fiasco.
It definitely does move. As a book, it is well written, if not meandering at times. The problem is that the plot does meander and some of the stories don’t feel terrifically satisfying. The story of Emiko the Windup Girl is by far the best of the four stories in the book but the other three tend to fall flat at times without drive.
I knock it one star for occasionally losing its point. As a science fiction book its a thinker. A downer, but a thinker.