On Wikileaks

I am torn on the latest dump from Wikileaks. On the one hand, the United States needs to be able to conduct its dealings on a world stage with the security standbys of “integrity, confidentiality and availability.” Diplomats need to be able to prove they are who they are, have confidential communications with other parties, and do so securely. This is basic security: they need to be able to have the dealings they need to have, no matter the content, without fear of unauthorized prying eyes. Otherwise, it is very difficult for people who have to have sensitive conversations as a routine part of their job to have these sensitive conversations. A government needs to work behind closed doors from time to time to function properly.

On the other hand, this is the same United States government that wants to read my email and see me naked if I want to fly to Detroit. I want to have sensitive conversations too.* I want to not have the government peer at my daughter’s body “for her own good.” I find my sympathy a bit limited. When I see heads of state complaining of feeling their privacy has been violated, I want to give them a Club Membership and a Beanie. It has a propeller. Welcome to the Club: it’s nice of over here.

We live in a data-centric world and, if data wants anything, it wants to be free. It’s like pollution: pour a little into a stream and the whole fish stock is contaminated. We generate so much data even on a daily basis as individual human beings that simply attempting to analyze it all or even record it is currently prohibitive.** Data is just noise, for the most part; a denial of service attack on our higher brain functions. To do anything with data, it has to be correlated and sifted and sorted. To get the right data across the right functions, the data has to be, above everything else, shared.

This is where the government is way behind the curve. Most of the three-letter agencies have been working in absolute silence for their entire existence. But now, data has to be shared to make any sense of it. There’s just too much data coming from too many points and it all needs to make sense. And going from a full confidentiality environement to one with availability of data is actually and honestly a hard problem. Data is going to get everywhere. It is going to leak. It is going to pour out the cracks. This is what data does.

Hard problems are hard.

The DoD immediately banned USB drives***. Lots of people started screaming and yelling about espionage or treason****. There’s a few hair shirts. From what I have seen — and I admit I haven’t sat down to read the cables, only the NYT summaries of the cables — there’s nothing really amazing or breathtaking in there. The Chinese Government attacked Google. People think Iran getting the Bomb is Bad. I have seen people yelling with hands clutched over their chests that it will end transparency in government — although this is staggeringly unlikely. The government is not particularly transparent to begin with; that’s the entire point.

So ANYWAY, To Sum Up, My feelings in Exciting Bullet Point Form:

* When journalists get juicy information they publish it. Where they get it doesn’t matter. As long as it’s verifiable, it gets published. That’s what journalists do. Or at least they did once upon a time. And not all foreign journalists are super nice to the People In Power.

* … and this is healthy, because Democratic Governments really and truly need an adversarial press to keep it honest. This is why we have enshrined the freedom of speech and the freedom of the press as some of our highest cultural ideals. The government needs to be exposed and of course a government will do anything they can to repress information that got out of their control. That is what governments do. These sort of things are good for governments. It’s like getting a flu shot. Sure, yeah, we’ll have a few months of retrenching but it might make some people think. It is the job of the people to keep their elected officials plausibly honest and it is the job of journalists to pour data into the heads of the people.

* And it is not like foreign countries are going to stop hosting systems with Wiki software. In fact, it’s kinda fun! Except for the DDOS parts; those are a little annoying.

* Meanwhile, the Federal Government is learning what lots of us in industry have learned: defending data while still making it usable and useful and safe is really freaking hard.***** What do I always say? Security is hard and encryption is slow. Yes, I absolutely believe that people who need AIC should get AIC while sharing data between two parties. Yes, I feel the State Department should be able to work in a confidential atmosphere. Yes, I feel this is important for the security of the United States. But see points A, B and C, above.

* There’s a balance to be struck between what the governments can do and what the people know. We need to rediscover that balance.

* Ta-da! Behold what the Slashdot crowd and security crowd has been yelling about for years: privacy is important. And not just for people in the public sector. For everyone. FBI back doors into ISPs and unauthorized wiretapping and tracking cookies and naked scanners and you name it. Privacy is important. It is. It really is.


* Sure, I can. I know how. It’s not that difficult but it is time consuming and nonstandard and key sharing/rotation is annoying.

** Although, dear God, who knows for how long. I can run a MySQL DB on my laptop and mine hundreds of gigs of data. I can buy a T from Best Buy. A T! And I made a fool out of myself in graduate school asking: “Why would you ever need a T of space?” Why indeed.

*** Yeah. Well, good luck with that. Physical security of teeny devices that can look like bananas or coke cans is a bit challenging. I hear the TSA has some new machines to search people for plastics, I guess. I would fill all the USB ports with rubber cement but I know that’s really not workable because it blows up service contracts.

**** Not sure how treason works with a foreign citizen living in a foreign country but whatever. We don’t let details get in the way of a good soundbyte.

***** I know this initiative has been going on for a while now, actually.

Viva la New York

It looks like maybe, possibly, a Pakistani naturalized citizen decided, for reasons unknown, to buy a 1993 Nissan off craigslist for cash (sneaky!), drive it into Manhattan, and try to light it on fire in Times Square. Reasons why will come out in the next few weeks, I’m sure, but for now those are the facts reported in the Major Newspapers of Note.

Had this happened somewhere that was not New York, or if it was being handled by DHS instead of the NYPD, right now it would be:

OH MY GOD OH MY GOD OH MY GOD IT WAS A TERRORIST ATTACK A HORRIBLE TERRORIST ATTACK WE MUST LOOK LIKE WE ARE DOING SOMETHING RIGHT NOW SO EVERYONE WHO DRIVES A NISSAN MUST BE PULLED OVER AND SEARCHED! NO ONE IS ALLOWED TO WEAR ANY SHOES! OR HATS! OR LEFT GLOVES! AND NO ONE MAY FERTILIZE THEIR GARDENS WITH FERTILIZER FROM LOWES/HOME DEPOT EVER AGAIN BECAUSE HE USED FERTILIZER OH MY GOD!!!!*

QUICK BOMB A COUNTRY WITH BROWN PEOPLE IN IT!

You get the idea. No more mid-sized SUVs from the mid-90s allowed in downtown Manhattan. No one allowed to wear socks on Tuesday. Threat Level elevated to puce. And that ruling would never, ever be rescinded. Because We Are At War.

Instead it happened in New York, the only city in the nation to have undergone a real, actual, and very terrible terrorist attack. And two guys running hot dog carts saw the vehicle smoking and reported it to a mounted police officer. And the mounted police officer called it in. Reasonable measures were taken. The police went to the tape. They arrested the guy trying to get on a plane to Dubai**. He’s being charged. And life has gone on.

Sure there are jerks saying we shouldn’t Mirandize an American Citizen (I am looking at you, Sen. McCain) which is, well, illegal. But this is it, and it is how it should be. The point of terrorism is to cause terror. If terrorism only instills light mockery and a slight shrug, the enemy is defanged. The enemy will have to find some new way to inflict damage on America.

“Dude,” New York says. “We’ve seen your worst and we’re not afraid of you.”

And I still think the Twin Towers should be rebuilt exactly as they were — except 1 story taller.

* You must be doubly searched if you are a) brown or b) in Arizona. You must be tripley searched if you are both brown and in Arizona.
** Can you look more guilty?

How To Destroy Physical Evidence

How to destroy physical evidence: Eat the drive.

In a bold and bizarre attempt to destroy evidence seized during a federal raid, a New York City man grabbed a flash drive and swallowed the data storage device while in the custody of Secret Service agents, records show. Florin Necula ingested the Kingston flash drive shortly after his January 21 arrest outside a bank in Queens, according to U.S. District Court filings.

Maybe there’s a rule for getting away with the evidence by ingesting it in the new Leverage RPG. Although the hospital trip and having it manually removed from one’s GI tract is a little harsh — unless the data is that awesome.

Fear Inc.

A very nice essay about US Fear culture from TomDispatch called Fear Inc. It is a nice analysis of the 9/11 that never ends, the US fear culture, and who profits.

Newsweek is running a similar sentiment. Maybe the news media has gotten their teeth on a newer, and more interesting, story: how we have all been spent into bankruptcy by make-believe fear mongering.

A Terrorist Does Not Have To Set Off The Bomb

More boring Crotch-Bomber stuff. Once it’s out of my system I will move on to other things. I promise!

The terrorist does not have to set off a bomb.

All a terrorist has to do is create terror.

The Crotch-Bomber was spectacularly successful if not, in hindsight, bizarrely stupid. He managed to throw the TSA into a complete tizzy, send the US Government off into spasms of hysteria, have the President of the United States have to “do something fast” and, best of all, get us to care about terrorists in general again and Al-Qaeda in specific. New, enormous investments will be placed in dubious technological equipment (because technology solves all problems). Everyone will be trained to Worship the Machine because the Machine Keeps Us Safe from Terrorists. Our society becomes less Free. We give up more freedoms and rights and dignities to feel “safe.” We profile people who might look dark skinned or might be naggingly Muslim again.

These sort of things don’t seem to happen when the US economy is at its peak but down at the trough where little disruptions in the infrastructure have giant ripples. Almost as if someone watches the news and says, “Let’s do this. It seems like a great time.” Disrupt a weak economy by making people more afraid to fly? Spectacular!

Until the US Government, and the TSA in particular, understands they need to model their security against real threats that generate terror and stop trying to stop every threat in the history of time as it flows forward and backward, they will never stop people trying to smuggle non-functioning bombs in their crotch. Threat Modeling is not just for software systems! It’s for breakfast, lunch and dinner! Figure out what the threats are and stop the threats. Define the threats, define the objectives of the threats, and secure against those problems. Don’t spend loads of money on new technological devices and inconvenience millions and millions of people. Not only will security at airports become far more efficient but the entire system will become safer. Fight the threat, not the dream. Stop securing against yesterday’s pathetic attack. Stop being afraid! Come on, folks. Real engineering, please. No more faith-based security.

That no one will put up with a terrorist action on an airplane any more makes us far more safer than any technological gadgets or buckets of money we toss into the Department of Homeland Security. DHS is a big money pit that spends money on garbage with no clear mandate, management, or budget oversight. Now they want to buy more toys. Say no. Go for the low-tech solution: If you would jump on a guy trying to light his crotch on fire, raise your hand. Give everyone kindles, because they double as bludgeoning devices.

I say, scrap the machines down to reasonable search, remove the tantalizing target of the security lines through optimization, stop looking at people’s shoes, give up the worthless but intrusive random searches of senior citizens and give all stewardesses some serious martial arts training. Or tasers. Would you light your crotch on fire if that nice lady who just gave you a Coke could rip your arms off? Or taser you in the face?

What’s the threat? Someone waving a gun/bomb/knife around on board. What’s the solution? Strengthen the doors on the cockpits and teach cabin crew to kick ass.

Intent and Forensics

Because of the Crotch-Bomber, all the talk around terrorism, and the current freakout at Newark International Airport, I’m going to babble a little bit about security and crime here and there. Feel free to ignore me for a few days until I get back to talking about something more important like Muse albums.

Someone dumb commits an act.

The political establishment yells: “Something must be done! Something has to be done! Why hasn’t anything been done!” The techs and the geeks and the weirdos and the cops go: “We can only do so much!” Unless a suspect is already under suspicion for an attempted act it is coming asymptotically close to impossible to divine the intent to commit a crime out of the line noise of the universe. Human beings during the course of their daily lives generate noise. Computers collect noise, sift noise, and raise easily ignored false positives on noise. Other computers analyze the sifted noise. It’s still noise.

The legal system cannot prosecute for a crime someone is going to commit. No one computer system can sift enough data and no one can read enough tarot cards to divine the future and see the act that someone, somewhere, is going to do at some time. Even if a Certified Good Guy ™ knows someone, somewhere, has intent to commit a crime because of intelligence, the intent to commit the crime is not the crime. Reality is a random number generator.

Post facto, following the forensic trail blazes a big white line through the noise. Of course the weaknesses in the system are clear now! Why didn’t anyone see all the weaknesses in a hugely complex global system before it broke down once in 11 billion times! Why were these holes, which are quite clear now, not addressed by all the smart people involved in international terror and crime, immigration services, the US government, all foreign governments worldwide, and the airlines? Someone must do something! Why isn’t anyone doing something?

Real security is a tower defense game, not unlike Plants vs. Zombies. Zombies come at you in a big shambling horde and you have to layer your flowery defenses so that you eliminate the threat at the perimeter. Layer defenses so if a zombie happens to sneak past your perimeter defenses they’re schpocked appropriately. We do this in the computer world with IDS and firewalls and SEIM and log correlation and encryption and all sorts of other fun electronic toys, all which generate noise.

Rational people stand back and say: now that we have a forensic trail from a crime actually committed instead of trying to predict what will happen, what is the actual risk and how were the defensive systems penetrated? The actual odds of one passenger carrying one bomb one one plane — a bomb unlikely to go off or do any serious harm — shows how impressive the defenses truly are. The system, as Janet Napolitano unfortunately blurted out before being forced to recant, actually does work. The real risk is very low; it is unlikely adding more layers will actually lower risk. Beef up the perimeter defenses (immigration layer), treat the act as the crime it is (intent to murder), let the cops do their jobs and move on.

But we have this forensics trail and we have a hot political issue so something must be done. Near certainly after all the reviews of the system are conducted the rational response is to accept that neither computers nor humans can pick out intent out of the vast amounts of intelligence noise hovered up by the systems. Yet we will do draconian and expensive things anyway to make people “feel better.” This is the core of security theater: we have forensics on the crime and can reconstruct the trail, so now we are going to secure against that attack we know about at enormous cost. But we still cannot divine intent with our magic witching wands.

I am going to pimp David Brooks today who makes a very similar argument today in the New York Times.