Category: Security

Security is immunity from the will of others.

Bright-Sided

From Oprah to New Age philosophy, ‘positive thinking’ has become a hugely influential movement in business circles, the religious sphere, in pop medicine, and elsewhere. In Bright-Sided: How the Relentless Promotion of Positive Thinking Has Undermined America, Barbara Ehrenreich makes the case that the movement is poorly thought out and damaging. Her arguments are convincing, especially when it comes to situations where positive thinking is used to blame the victim when they suffer as the result of developments beyond their control: be it the movement towards corporate downsizing (which corresponded with the rise of motivational speakers in the workplace) or the unjustified assertion that cancer patients are responsible for their own worsening or recovery, on the basis of the mental attitudes they maintain.

Ehrenreich highlights how relentless optimism leads to dangerous groupthink, in which risks are downplayed and those who raise legitimate worries are sidelined. She provides ample evidence that these factors played a role in the inflation of the global house price bubble, and have continued to have important economic and political effects. These include the weird state of deluded isolation in which society’s richest people now reside. She also spends considerable time discussing the warped theology in which god is seen as a sort of mail-order service, happy to send you whatever good things (houses, cars, promotions) you are able to ‘manifest’ for yourself, simply by fervently desiring them.

Positive thinking involves a weird reversal, when it comes to dealing with risks. They cease to be external (concern that your company might fire you to improve their short-term profitability) and become entirely internal (fears about what your state of mind might do to you). It is also tied fundamentally to the notion that happiness is not most important in itself, but rather insofar as it influences events: “Nothing underscores the lingering Calvinism of positive psychology more than this need to put happiness to work – as a means to health and achievement, or what the positive thinkers call ‘success.'” The former tendency puts people in danger of worrying about the wrong things, while the latter strategy puts them at risk of seeking to achieve particular outcomes in nonsensical ways. That is especially dangerous when it comes to making big purchases on credit, firm in your belief that the universe will provide you with the means of dealing with it later.

Ehrenreich’s points are well-taken, though the book can be a bit tedious to read at times. There are also some partial contradictions. It is repeatedly asserted that there is no medical evidence that thinking positively improves health outcomes, yet it is taken as plausible that George Beecher was able to speed his demise through negative thinking. In the course of her analysis on the medical evidence, Ehrenreich claims to be “not in a position to evaluate” evidence that those with a positive outlook may have some protection against heart disease, but is seemingly happy to evaluate research on other illnesses that confirms her hypothesis.

All told, Ehrenreich makes important points about the poisonous institutional culture that accompanies an excessive focus on positivism – and the view that individuals are almost entirely responsible for what happens to them. Her concluding call for ‘realistic’ thinking is certainly appropriate enough, though perhaps she does not go far enough in suggesting how the empire of positive thinking she has mapped the outlines of might be deconstructed. As the world continues to grapple with real problems, magical thinking cannot be a substitute for dispassionate analysis, risk management, and contingency planning. How we get from our world to one more like that, however, remains mysterious.

Overreacting to fears of terrorism

Writing for Salon.com, pilot Patrick Smith makes some excellent points about the breathless paranoia we now display about terrorism:

What has become of us? Are we really in such a confused and panicked state that a person haplessly walking through the wrong door can disrupt air travel nationwide, resulting in mass evacuations and long delays? “The terrorists have won” is one of those waggish catch-alls that normally annoy me, but all too often it seems that way. Our reactionary, self-defeating behavior has put much at stake — our time, our tax dollars and our liberties.

In fact, over the five-year span between 1985 and 1989 we can count at least six high-profile terrorist attacks against commercial planes or airports. In addition to those above were the horrific bombings of Pan Am 103 and UTA 772, the bombing of an Air India 747 over the North Atlantic that killed 329 people, and the saga of TWA Flight 847.

Here in this proclaimed new “age of terrorism,” we act as if the clock began ticking on Sept. 11, 2001. In truth we’ve been dealing with this stuff for decades. Not only in the 1980s, but throughout the ’60s and ’70s as well. Acts of piracy and sabotage are far fewer today.

Imagine the Karachi attack happening tomorrow. Imagine TWA 847 happening tomorrow. Imagine six successful terror attacks against commercial aviation in a five-year span. The airline industry would be paralyzed, the populace frozen in abject fear. It would be a catastrophe of epic proportion — of wall-to-wall coverage and, dare I suggest, the summary surrender of important civil liberties.

What is it about us, as a nation, that has made us so unable to remember, and unable to cope?

The message is similar to that of the excellent essay “Milksop Nation,” which won an Economist essay contest in 2002. Namely, that we do a poor job individually of assessing risks. We obsess over rare risks in which malicious actors want to do us harm, and we downplay common risks that are enormously more likely to injure or kill us. Worse, our political systems amplify our fears to the point of absurdity.

One thing we certainly need are people with the clear-sightedness and bravery to point out that we are fearful about the wrong things, and that we have real, pressing problems that we ought to be concentrating on instead.

Fight censorship, join TOR

Google’s decision to challenge the Chinese government on their censorship policy is a bold one. It remains to be seen whether it will end up doing more harm or good. In the mean time, there is at least one thing that ordinary computer users can do in order to fight censorship around the world: set up a TOR relay. TOR is a project that allows for anonymous internet browsing through a system called onion routing. It is maintained by the Electronic Frontier Foundation.

By setting up a relay, you allow people whose internet access is censored by their governments to access sites that would otherwise be blocked; you also facilitate important democratic processes, such as the actions of whistleblowers. The process of installation is relatively simple, and you can easily cap how much of your bandwidth is given over to the TOR network. By sharing a bit of your bandwidth, you could be helping out human rights activists in China or Myanmar, or just helping some ordinary computer user circumvent annoying restrictions imposed from above. Systems like TOR help the internet to retain some of its vast potential, even in the face of fearful governments that want to control it or shut it down.

One thing to watch out for is that acting as a webserver may be forbidden by your internet service provider (ISP). I checked with mine (TekSavvy), and they have no objections to customers running any kind of webserver, provided they stay within their bandwidth limits.

People interested in this sort of thing may also want to learn about Project Honeypot – a distributed mechanism for fighting spammers.

Pro-photography protest in London

Yesterday’s pro-photography protest in London was rather encouraging. Amateur and professional photographers came together to protest the restrictions and harassment of photographers that has developed in response to concerns about terrorism. The protest follows a European Court of Human Rights ruling that police don’t have the right to indiscriminately search people, just because they are taking photos. The “I’m a photographer, not a terrorist” campaign has objected specifically to police using Section 44 of the UK’s Terrorism Act to harass photographers. High-profile recent incidents include “7 armed police detaining an award winning architectural photographer in the City of London, the arrest of a press photographer covering campaigning santas at City Airport and the stop and search of a BBC photographer at St Paul’s Cathedral and many others.”

In addition to creating art and a historical record, photography has an important role to play in keeping security entities accountable for their actions. As I have said before, photography is an important mechanism for maintaining oversight over the police and private security forces. Restrictions on photograpy allow for power to be used with less oversight, probably leading to more incidents of abuse and fewer cases in which abusers are punished. Indeed, it has been shown repeatedly that only photo or video evidence is sufficient to produce convictions for police brutality. In short, restricting photography makes us less safe.

Both casual photographers and those with a more substantial connection to the practice should be aware of their rights as photographers, and be willing to stand up when people try to bully them out of taking pictures. The British campaign has produced a pocket sized card outlining what rights individuals have when stopped by a police officer. I have been meaning to print off and laminate a card with the relevant sections of Canadian law, for use next time someone insists that taking photos in public spaces is forbidden.

Primer on website security

Smashing Magazine has put up a good article introducing some of the most common security vulnerabilities in websites. They are all things that site administrators should at least be aware of – including those who never actually touch code, but rely on something like WordPress to sort it out for them. Some of the attack types described include SQL injection, cross-site scripting (including the vulnerability of JavaScript), path traversal, cross-site request forgery, remote file inclusion, phishing, and clickjacking.

For those who run websites but know nothing about coding, there are three take-home messages:

  1. Update your software, to ensure that security holes get patched as they emerge. If you are still running WordPress 1.5, you have a big problem.
  2. Keep an eye out for weird behaviours. Are links appearing on your site that you didn’t put there? If so, there is a good chance it has been compromised.
  3. Remember: the internet is a dangerous place. Running a Mac doesn’t mean you’re safe from malware and other sorts of attacks. Neither does running a virus scanner or avoiding dodgy websites. If you have information you want to keep private, keep it encrypted. If you have data you don’t want to lose, back it up.

Sadly, the great majority of people are annoyingly indifferent about security these days. It seems like a couple of my friends always have their MSN or Facebook accounts taken over by spammers, and others are content to let their blogs fill up with spam comments. Such recklessness makes the internet a worse place, and it would be appreciated if people who choose to engage online do so with a bit more diligence and respect.

Surviving climate change

The failure of Copenhagen and other climate change setbacks raise the real possibility that the world will continue to obsess over trivialities, missing the big picture until it is too late to prevent radical change. As such, we need to at least contemplate the possibility of seeing more than 4˚C of mean global temperature rise within our lifetimes, with all the radical effects that might accompany that.

As individuals, what kind of strategies could permit that? Warming is likely to be far more pronounced in the higher latitudes than in more temperate ones. Sea levels are likely to rise significantly, while summer snowpack and glaciers are likely to vanish. Crops that have been well suited to regions for all of human history may no longer grow where they used to. How can someone with no intention of having children maximize their odds of living decently in a world we are so actively undermining? What should those who have reproduced (or are considering doing so) take into consideration, above and beyond that?

For the sake of this planning exercise, it is worth considering outcomes that are plausible and serious, even if they are more unlikely than likely. After all, there are a lot of powerful feedback mechanisms that haven’t yet been incorporated into climate models. It is also worth remembering that even business-as-usual projections, based on emissions continuing to grow at the present rate, involve projected warming of over 5˚C by the end of the century, making the planet far hotter than at any time in human history.

Note that this has been partly discussed here before.

Military fuel use and climate

One of the organizations taking possible future fossil fuel scarcity most seriously is the American military. The Air Force is investigating how to make jet fuel from coal or natural gas. Meanwhile, the other branches of the military are looking for ways to reduce their fuel bills and vulnerability to fuel shortages. There is plenty of reason to do so, given that American forces are using about one million gallons of fuel per day each in Afghanistan and Iraq, and the cost per gallon in the most remote locations can run as high as US$400. The average cost for a gallon of fuel at a forward operating base is about US$15.

Some efforts being made include insulating tents, installing ‘smart grids’ on military bases, increasing usage of renewable forms of power, and investigating ways to use wastes for energy. As with other attempts to reduce fossil fuel dependence, there is no guarantee that these efforts will prove to be beneficial overall from a climatic perspective. If the Air Force manages to produce biofuels that are suitable for use in aircraft, have a decent energy return on investment, and do not compete with food crops, they may develop products and processes with considerable civilian applicability, and potential to mitigate greenhouse emissions. If, instead, they just perfect the oil German and Japanese trick of turning coal into liquid fuel, they may end up making the problem much worse. The very last thing humanity needs is another excuse to burn coal, when we really ought to be working out strategies to leave all that planet-warming carbon safely underground.

Of course, militaries are fundamentally hugely wasteful and destructive things. If we do manage to make a global transition to zero-carbon forms of energy, it seems probable that the world’s various armed forces will be the most resistant to accepting any restrictions on their emissions or fuel use. Much will depend on whether we can find energy sources that are actually cheaper and better than fossil fuels, or whether we manage to content ourselves with inferior options that don’t generate the same sort of climatic risks. In the first case, militaries may largely shift to low-carbon technologies on their own accord. In the latter case, prodding them into environmental responsibility may prove extremely difficult, especially if ongoing climate change has helped to make the world a less geopolitically stable place.

Crush the Cell

Covered bridge at night, Vermont

Michael Sheenan’s Crush the Cell: How to Defeat Terrorism Without Terrorizing Ourselves covers ground that overlaps with that of Ghost: Confessions of a Counterterrorism Agent and Securing the City. Namely, the history of Al Qaeda in relation to the United States, and the question of what sort of policies the United States should adopt in response to terrorism. Sheehan brings an insider’s perspective, having served as New York’s Deputy Commissioner for counterterrorism. While Sheehan provides a lot of information and tries to argue a few key points, the book succeeds more as a source of raw information than as a source of analysis. In particular, Sheehan fails to fully justify his views that Al Qaeda will fizzle out in a few decades, and fails to provide a comparative justification for why targeting cells is the most effective way of undermining terrorist plots while avoiding unwanted secondary effects.

Sheehan covers a number of important and interesting topics: methods for counterterrorism, intelligence, and law enforcement; the (limited) competence of Al Qaeda operatives; the risks that arise then officials practice ‘cover your ass’ security; the significance of weapons of mass destruction; torture and human rights; and the importance of not granting terrorists the psychological advantages that arise when we allow ourselves to be terrorized. In the last of those, he echoes a point well-made by Bruce Schneier. Sheehan also provides an insider’s perspective on the controversial rebuilding of the former World Trade Center site, including why construction has been so slow to begin.

Among the three books I have recently read on this subject, Securing the City probably provides the most insight into effective counterterrorism strategies developed and deployed in New York, while Ghost may be the most compelling personal account (though one lacking in balance). Crush the Cell occupies a middle territory – worth reading for those who want even more details and examples than they have found from other sources, but probably not essential reading for those only moderately interested in the subject.

The torture prorogation?

It was bad enough to prorogue Parliament to avoid an election, but doing the same to try to silence questions about Canada’s role in torturing detainees is far more dubious. As an article in the Ottawa Citizen explains:

When Harper prorogued last fall it was to avoid a vote of non-confidence. This time, it will be to avoid something possibly far more serious — Parliamentary censure of the government, the banishment or imprisonment of Harper and some of his ministers, or the RCMP being asked to execute a Speaker’s warrant.

While the torture allegations are being treated as a partisan issue, I don’t think that is the appropriate frame of view. This is an issue of international law, human rights, and how Canada is going to conduct itself in international military operations. The precise manner in which Canada should deal with detainees and other governments is one that should be scrutinized by Parliament (and, if necessary, the courts) and that scrutiny should occur where Canadians have the opportunity to observe it.

Our procedures for military oversight also need to be examined, to evaluate the question of whether key information is being properly routed up through military and civilian command structures.

[Update: 25 January 2010] This whole situation generated a considerable amount of protest: 200,000 or so coast to coast.

Intercepting UAV video

Metal steps

In an unexpected development in the contest between insurgents and drone-wielding western armies, it seems that cheap software is capable of intercepting video feeds from UAVs, and that this is being put to use in Afghanistan, Iraq, and Pakistan. This is done using software like SkyGrabber, which is available online for about $25.

Insurgents with radio gear and the software cannot control the drones, but they can see what the Americans consider to be worth watching, work out where convoys are located, etc. The US is apparently working on improving the encryption used by the drones, in order to make it harder to intercept and interpret their communication. You wouldn’t think it would be so difficult to put chips on the drones that are capable of applying strong symmetric or public key encryption algorithms to outgoing communications. And as for bandwidth on the network, few contemporary encryption algorithms produce ciphertext that is substantially larger than plaintext; as such, the burden of transmission should be about the same with or without strong encryption.

Partly, all this is an illustration of how the security of a whole chain of operations can be compromised by the weakest components – especially when other components in the system will reduce their security level for the sake of compatibility. Just as it is problematic to have card readers for chip and PIN cards that will fall back to using the magnetic strip when the chip doesn’t work, it is problematic to have a drone communications network in which a few non-upgraded components degrade the quality of encryption across the entire link.

Making the transmissions more directional, and employing other techniques like frequency hopping, could also reduce the vulnerability of UAVs to both cryptanalysis and simple traffic analysis. Drones operating off satelite uplinks could be set up to broadcast overwhelmingly upward, where signals are unlikely to be intercepted. More autonomous drones that can operate independently and transmit information in short bursts might also be more resistant to interception. While the Taliban can’t be too advanced in their cryptographic capabilities, you can be sure that competing navies will be tryingt to get into the drone-based Broad Area Maritime Surveillance (BAMS) system the US Navy is building.