Category: Security

Security is immunity from the will of others.

Flex your rights: anonymity

Being able to speak anonymously on the internet is an important right, in this age of increasingly constant surveillance. Because of organizations like the NSA, GCHQ, and Canada’s CSE, we can never know when our private conversations are actually being intercepted.

One tiny way to push back is to continue to be bold in asserting the importance of freedom of speech, even what circumstances compel that right to be used anonymously.

To leave anonymous comments on this site, just use whatever made-up name you like, including ‘anonymous’. If you use anon@sindark.com as your email address, you will get an anonymous logo beside your comment.

None of this is intended as an endorsement of the amorphous group ‘Anonymous‘.

Open thread: Libya

I haven’t had time to write anything about the ongoing situation in Libya, but I thought it would be worthwhile to have a discussion thread on the topic.

How do people interpret what is happening? As a democratic uprising? As a civil war? As a combination of the two?

What, if anything, should the international community do? Would imposing a no-fly zone be legal? Would it be a good idea?

Radio frequency ID security

Contact-free cards and authentication tokens have become common. These are the sort of things that you put close to a reader on the wall in order to open a door or perform a similar function. People use them to get into parking garages and offices, and even credit cards now allow you to pay without swiping or inserting your card. Of course, all this creates new security risks. All of these cards can be read at a moderately long distance with inexpensive hardware, which is one reason why it is a bit crazy that these chips are being put into passports. Furthermore, cloning these radio frequency identification (RFID) tags is often quite easy.

Your standard RFID tag is just a little chip with an antenna. When it receives a signal on a particular frequency, it chirps out its name. The card reader says: “Any RFID tags out there?” and it says: “12345678abc” or whatever string it contains. The string is transmitted in clear text, and it is always the same. Anyone with a device that can program RFID tags can easily copy it. These sorts of tags exist all over the place. An office tower might have a database listing the code inside the RFID tags used by each employee. It would then check the database each time someone used a card, to make sure the number was on the list.

This system can easily be attacked. Just stand outside a building with an appropriate antenna and recording equipment and you can capture the code from each person’s tag as they go in. You can then copy whichever you like to make your own access card.

More sophisticated tags use a challenge-response authentication protocol. That means they take an input value, perform a mathematical operation on it, and generate a response which they transmit. For instance, an absurdly simple rule would be something like ‘multiply input by two’. Then, the reader would say: “3” and any card that replied “6” would be accepted as valid. These tags tend to require a battery to run their computing hardware, so they are relatively rare.

This is harder to attack. You need to figure out what the rule is, and they are often cryptographic. That being said, the cryptography used is often either proprietary (which usually means ‘bad’) or out of date. With access to a few tags and some knowledge, it may well still be possible to reverse-engineer the algorithm being used and clone tags.

In addition, this kind of system can be attacked in real time, using a man-in-the-middle attack. Suppose I am in line at the grocery store, about to pay. I take out a dummy wireless credit card, while I have an antenna concealed in my jacket sleeve. The clerk’s RFID reader sends a challenge request, which my antenna picks up. I then re-broadcast that request with more power, so that all the tags nearby chirp up. Suddenly, everyone in line who has a wireless card is offering to pay for your groceries. Re-broadcast one of those responses back to the clerk’s card reader and you suddenly have free groceries. I suspect something similar would work with the more high-security access cards used by some offices.

Not all cloning is necessarily malicious. Phones are increasingly sophisticated radio transmitters and receivers. They can transmit voice calls on various frequencies, as well as access WiFi networks and interface with Bluetooth devices. Somebody should make a phone that can transmit and receive on the common frequencies used by RFID cards. Software could then be used to record the contents of a person’s existing cards. Instead of carrying one fob for your car, one card for work, one embedded in your transit pass, and a credit card, you could just program the functionality of all those RFID tags into one device.

Of course, doing such a thing would reveal how easy it is to copy RFID cards in the first place. That’s all it would be doing, however – making it obvious. Anybody who is malicious and capable can already copy these cards, though consumers often assume that they are secure (like they assume their cell phone calls cannot easily be intercepted by moderately resourceful crackers). By revealing how insecure most wireless authentication technologies are, this cell phone software could play an important role in raising awareness, and maybe even lead people to pressure politicians to get rid of those stupid wireless passports.

I mean really, does that have any non-evil uses at all? A passport clerk can easily scan a barcode or swipe a magnetic strip. Making them readable at a distance only helps spies and criminals. How easy would it be to build a bomb and connect it to a machine that constantly scans the vicinity for wireless-equipped passports? You could program it to explode when more than a set number of nationals of any country you dislike are within a particular distance. Alternatively, criminals could take advantage of chatty radio passports to identify promising targets for mugging.

Selling F15s

Does it strike anyone else as strange and somewhat objectionable that the United States is selling the F-15 attack aircraft to Saudi Arabia? Before being supplanted with the F22 and F35, the F15 had unmatched capabilities. As such, you need to wonder whether the United States would be better off keeping sales of the old plane restricted and being less bothered about developing new generations of attack aircraft during an era where they already possess complete air superiority.

A cynical perspective is that this all comes down to the arms industry. They can’t sell F-15s to the United States anymore, so they want new customers. Even better, they know that the United States will feel threatened by F15s in the hands of potentially unstable regimes like Saudi Arabia, and that the US will respond by purchasing more F22, F35s, and other hardware.

It’s like a gun shop that sells its newest weapons only to its best customers, but progressively makes each new weapon available to anyone with the cash. That keeps the best customers locked on an upgrade pathway and keeps weapon designers in business. Unfortunately, it also makes the world a riskier place, and wastes substantial resources that could be better applied to reducing poverty or building a more sustainable society.

Intrusion detection systems

One side of computer security is keeping people from getting unauthorized access: choosing good passwords, patching software to protect against known exploits, etc. But when you reach a more advanced level than that, intrusion detection systems (IDS) become an important way of detecting and mitigating attacks. These systems monitor the functioning of a computer system or account and produce some sort of alert if suspicious activity is ongoing.

For example, GMail includes a rudimentary IDS. It allows users to check whether anyone is logged into their account from another location. If you check the list and see only your home IP address and your phone, everything is probably fine. If some random IP address from Berlin or Mumbai or Tokyo is on there, someone has probably compromised your account.

IDS can be much more sophisticated than this. While GMail calls upon the user to keep an eye on things manually, automated systems can flag suspicious activity and produce warnings. A classic example would be a computer in a distant country accessing your GMail via POP3 and starting to download the entire contents of your archive. That is super suspicious and – if you are someone like Sarah Palin – potentially career-ending.

The same goes, naturally, for a situation where some random army private starts accessing and downloading thousands of diplomatic cables. Say what you will about the ethics of Wikileaks, but from a computer security perspective there should have been an IDS that spotted that aberrant pattern.

Attackers always get more sophisticated and their attacks always improve. As a consequence, those who want to defend computer systems must keep raising their own game by implementing sophisticated security strategies. Deploying IDS both on personal computers and within cloud services like GMail is one way in which people can become aware of breaches in time to stop them from becoming too severe. It’s never comfortable to learn that you are dealing with an intruder, but it is much better to have that awareness than to continue blindly forward while they persist in nefarious activities.

P.S. Does anyone know of a good IDS for Macs? Given how many people are on always-on internet connections these days, and given that all operating systems have security flaws that take time to fix, operating an IDS on one’s personal computer is probably a good security trade-off. Indeed, I am planning to set up a second system unconnected to the internet, next time I buy a new desktop machine. It is axiomatic that any computer connected to the internet is vulnerable.

Security in prisons

For the good of society at large, it does make sense to isolate some particularly dangerous people from the general population. At the same time, society has an obligation to manage imprisonment in a sensible way, including by avoiding the vindictive temptation to make prisons themselves Hobbesian jungles in which those who are incarcerated have no personal security, and only bad examples to follow. Rather than locking up more and more people in worse and worse conditions, we should lock up fewer and treat them better. The probable result of that is less cost and harm to society, along with a chance at genuine rehabilitation for those who do commit crimes.

Sending non-violent offenders to prison doesn’t really make any sense. This is particularly true when it comes to non-violent drug criminals: a class that includes ordinary users, but also producers and smugglers. Treating drugs as a criminal problem only makes them more problematic for society by making them a lucrative racket for organized crime groups, and by ensuring that those who operate in this business can only settle disputes through violence. As with alcohol and gambling, society should recognize that prohibition causes more harm than good and undertake a transition from a drug policy founded on criminal law to one founded on evidence-based medicine and harm reduction.

Similarly, having prisons in which inmates fear for their personal safety doesn’t make sense. Living with that kind of stress simply has to be harmful to the human mind, and likely to exacerbate whatever issues led to their imprisonment in the first place. When someone is branded with a criminal record and ‘ex-convict’ status, it already becomes hard enough for them to sustain themselves and any dependents financially in the future. Adding traumatic years of fear and violence to that can only worsen things.

Plausibly, reducing the prison population by excluding non-violent offenders could allow for more resources to be devoted to each prisoner who remains. These could allow for greater personal security, through measures like reducing over-crowding, and for genuine rehabilitation programs focused on things like addressing existing addiction problems and developing skills that are in demand in job markets.

The idea that criminals are bad people who deserve to be punished for their wickedness probably belongs in the Middle Ages. As we learn more about human psychology, we learn that people are profoundly influenced by the environments they inhabit and that people respond in predictable ways to circumstances like stress and deprivation. Rather than seeing criminals as wicked individuals who should be expelled from society to the greatest possible degree, I think it makes sense to have a bit more pragmatism and compassion and to establish systems that minimize the harmfulness of crime while giving criminals better options.

Oversight over institutions of armed power

On Yes, Prime Minister, a character describing a situation in which a document was leaked discusses the difference between what you do when you really want to find the source of a leak and what you do when it is all just for show. When it is for show, he says, you conduct a leak inquiry. If it is for a serious investigation, you call in ‘Special Branch’.

Reading through the Wikipedia entry on ‘Special Branch’ gave me a bit of pause. It seems like the term is used to refer to two different types of sub-organizations, within broader security structures like national police forces and armies.

Outward intelligence gathering

One sort of Special Branch is the macho Jack Bauer sort that wears flak jackets and drops in on terrorists from helicopters. They are also the ones with the machines for listening to private phone calls and reading private emails, back doors into supposedly confidential databases, and other such legally dubious trickery.

Having some kind of organization of this sort is important – especially for keeping genuinely dangerous things like biological and nuclear weapons away from terrorists. At the same time, giving such an organization an increasingly broad mandate just increases the risk that the organization itself will become abusive, or that the intelligence it collects will be used for inappropriate purposes.

There has to be some kind of meaningful, outside, civilian scrutiny of such organizations. If they are allowed to sit up at the top of the chain deciding who can trust who, we cannot allow them to be a secretive band of unknown people. It may render them less effective as an intelligence organization, to be subject to civilian oversight, but it is ultimately important for the security of society that this be so.

Quite possibly, governments shouldn’t have any organizations that they are not prepared to appear before a fairly elected legislature (in secret, perhaps) and answer detailed questions about.

Internal oversight

The other sort of Special Branch answers the question: Quis custodiet ipsos custodes? They are a response to the reality that organizations like armies and police forces attract bullies – people who are themselves attracted to power. At times, such people will abuse that power. That danger is increased enormously when the people are put within structures that will protect them, regardless of what they do. If the police force protects officers who use excessive force, their violent tendencies are likely to get worse.

Having a Special Branch to check for this kind of corruption in the rest of the service makes a lot of sense, and is an important check on police power. After all, a bad police officer is a scary thing. They are armed with weapons and power, and the judge will almost always take their word for how a situation went (unless there are photos or a video).

Changing balance

On Yes, Prime Minister, I think they were talking about the internal sort of Special Branch, looking for wrongdoing within powerful organizations. These days, I fear the outward-looking type of Special Branch has grown more powerful by comparison, partly by capitalizing on the fear people have of terrorism (despite the tiny chance of being a victim).

When people are fearful of non-governmental forces, they can easily err and make the government overly mighty. People also need to maintain in their minds the corresponding fear of abuse by government itself. The government is so powerful that it can do considerable harm by accident, and its control over information is such that we may never really know what accidents or abuse have taken place.

Terrorists can kill some innocent civilians – maybe a lot if they get hold of something dangerous. But the police can create a police state. They can seize the government with one of their own by force, if the other institutions of the state become weak enough. We need independent people watching over them more than we need them to be looking into the local radical cell.

House of Cards

House of Cards is a British television series available on Netflix.ca. It is like an evil version of Yes, Minister – documenting the functioning of British politics, but with a much darker and more brutal tone. For example, the Prime Minister uses the SAS to carry out assassinations which are blamed on the IRA; security personnel murder unarmed civilians with impunity; and extensive cover-ups are successfully undertaken.

It’s the sort of show political junkies might appreciate, though I think it is probably less true to life overall than its more light-hearted equivalent.

Prosecuting high-level Western war criminals

Writing in the Ottawa Citizen, Dan Gardner argues convincingly that the admission of former President Bush that he ordered people tortured makes him a war criminal who can be prosecuted as such:

Do laws apply to the United States and its president as they do to other nations and men? On the weekend, Swiss officials were very nearly forced to answer that explosive question. Depending on George W. Bush’s travel schedule, Canadian officials could be put on the spot next.

In his memoirs, published late last year, and in subsequent interviews, Bush explicitly said he ordered officials to subject terrorism suspects to waterboarding and other torture techniques. The fact that he had done so wasn’t much of a surprise. There was already heaps of evidence implicating the Bush administration, up to and including the president. What was shocking was that Bush admitted it. He even seemed to boast about it. “Damn right,” he said when Matt Lauer asked whether he had ordered waterboarding.

Gardner goes on to recognize that Bush is unlikely to actually be charged by any state, given how much doing so would probably harm that state’s bilateral relationship with the United States.

Under the terms of the United Nations Convention Against Torture and Other Cruel, Inhuman and Degrading Treatment or Punishment (UNCAT), an official doesn’t need to engage in torture directly to be in contravention. The torture needs to happen at “the instigation of or with the consent or acquiescence of a public official or other person acting in an official capacity”.

By that standard, there are probably a lot of war criminals around. It’s not clear whether President Obama has stopped all American-initiated interrogation techniques that constitute torture. Similarly, given what is known about the Afghan security services, it is quite possible that officials from states including Canada have violated international law by handing over prisoners to people who were likely to torture them (potentially violating Part II of the Third Geneva Convention).

In a related story, British journalist George Monbiot has helped to establish a bounty for those who attempt to arrest former British Prime Minister Tony Blair for committing war crimes.

Now or Never

Tim Flannery’s slim book Now or Never: Why We Need to Act Now to Achieve a Sustainable Future does not mince words, when it comes to describing the seriousness of the situation humanity now finds itself in, with regards to the diminishing capacity of the planet to sustain human flourishing:

There is no real debate about how serious our predicament is: all plausible projections indicate that over the next forty to fifty years humanity will exceed – in all probability by about 100 percent – the capacity of Earth to supply our needs, thereby greatly exacerbating the risk of widespread starvation, or of being overwhelmed by our own pollution.

Flannery, previously known for his book The Weather Makers, describes the latest climatic science as detailed by James Hansen before scoping out some of the options that exist for mitigating its seriousness, if humanity acts quickly enough.

Flannery is also forthright on the matter of just how difficult it will be to prevent unacceptable amounts of climate change – hinting (but never saying directly) that geoengineering may be required. The book places a strong emphasis on the possibility of drawing carbon dioxide from the air and into biological sinks, and considers the role that carbon markets and offsets could play in driving such actions. It does not adequately consider the issue of certainty, however. To be really worthwhile, the carbon needs to be removed from the atmosphere indefinitely – something that cannot really be ensured by planting trees (which could burn or be cut down) or enriching soils with carbon (which could be re-released).

All in all, I wasn’t hugely impressed with Flannery’s argument. He seemed overly focused on defending livestock agriculture, too bullish on pyrolysis and biochar as sequestration techniques, and overly eager to attribute intentions to nature. At many points, Flannery brings up the Gaia Hypothesis, which I think is often dangerously misleading in its implications. There is no reason to believe the Earth ‘prefers’ one state or another, or that it will always respond to shocks by moving back in the direction of how it was. Rather, there is evidence from the paleoclimatic record that when the climate system is pushed aggressively enough, it can swing into dramatic new states, in a way that could be profoundly hostile for humanity and most of the planet’s other species.

One of the most interesting aspects of the book is the inclusion of responses written by prominent individuals including Peter Singer (who very effectively rebuts Flannery’s argument that meat eating isn’t too problematic) and Bill McKibben. In his response, Gwynne Dyer neatly responds to some of the book’s Gaia language, while also making a key overall point:

Whether you want to dress [knowing human manipulation of the climate] up as human beings becoming the consciousness of Gaia, or just see us as the same old self-serving species we always were, we are taking control of the planet’s climate. This billions-strong human civilization will live or die by its success in understanding the global carbon cycle and modifying it as necessary to preserve our preferred climate.

Those key points – the seriousness of the risk of climate change and the importance of taking action in response – have not yet really been absorbed by either the general public or the world’s political elite. If that is to change in time for the very worst possible outcomes to be avoided, that needs to change quickly. By helping to publicize those key facts, Flannery certainly seems to be helping that process, even if there are valid criticisms that can be raised against some of his perspectives and proposed responses.