Category: Security

Security is immunity from the will of others.

Open thread: Canada and Afghan detainees

As anyone who reads the news knows, it has been alleged that many detainees passed on by Canadian troops to elements of the government of Afghanistan were subsequently tortured, and that the government of Canada was aware of this likelihood. If true, that could represent a violation of Canadian and/or international law on the part of both those who gave the orders to continue making the transfers and those who actually carried them out. Knowingly passing along a prisoner to an authority that will torture and abuse them is a violation of the Geneva Conventions, but it is not yet fully known what Canadian troops and officials knew or believed prior to making these transfers.

The latest development is a reversal of position by Walter Natynczyk, Canada’s Chief of the Defence Staff. He now accepts that a man was taken into custody by Canadian soldiers in 2006 and subsequently severely beaten by Afghan interrogators.

Given that Canada cannot single-handedly reform the Afghan government and security services, this raises the question of how Canadian troops should be dealing with anyone who they capture during the course of Canada’s ongoing involvement in that country. Given that Afghanistan won’t be turning into a liberal-democratic state governed by the rule of law anytime soon, how should Canadian forces deployed there behave in the future?

Military assessments of climate change

In his scrupulously evenhanded book What’s the Worst That Could Happen? A Rational Response to the Climate Change Debate, Greg Craven makes reference to four different assessments of climate change conducted by organizations with a link to the American military. All conclude that climate change is a serious problem, and that actions must be taken to mitigate it.

The first is the 2008 National Intelligence Assessment, drafted by 16 U.S. intelligence agencies including the CIA, FBI, and NSA. While the report itself is classified, the chairman said that climate change could disrupt US access to raw materials, create millions of refugees, and cause water shortages and damage from melting permafrost.

Another is a 2003 Pentagon study: An Abrupt Climate Change Scenario and Its Implications for United States National Security: Imagining the Unthinkable. It considers a worst-case but plausible scenario, and concludes that abrupt climate change could destabilize the geopolitical environment:

In short, while the US itself will be relatively better off and with more adaptive capacity, it will find itself in a world where Europe will be struggling internally, large number so [sic] refugees washing up on its shores and Asia in serious crisis over food and water. Disruption and conflict will be endemic features of life.

It also argues that “with inadequate preparation, the result [of abrupt climate change] could be a significant drop in the human carrying capacity of the Earth’s environment.”

The third report is from the Center for Naval Analyses. Their “blue-ribbon panel of retired admirals and generals from the Army, Navy, Air Force, and Marines” produced the report National Security and the Threat of Climate Change. It calls climate change “potentially devastating” and advises that the risks to national security will “almost certainly” get worse if mitigation action is delayed. It also stresses how we don’t require 100% certainty about the precise seriousness of a threat before it starts making sense to address it.

The last report was drafted by two national security think tanks: the Center for Strategic and International Studies and the Center for a New American Security. Their 2007 report is titled: The Age of Consequences: The Foreign Policy and National Security Implications of Global Climate Change. Their team included the head of the National Academy of Sciences, one Nobel laureate economist, a former CIA director, a former presidential chief of staff, climatologists, and others. They concluded that current projections from climate models are “too conservative” and that “at higher ranges of the [warming] spectrum, chaos awaits.” The authors conclude that an effective response would have to occur in less than a decade “in order to have any chance” of preventing irreversible disaster.”

The only fair conclusion that it seems possible to reach about these reports is that they have been ignored. If American policy-makers and members of the general public accepted these conclusions – and interpreted them with the seriousness accorded to matters of national security – we would not be seeing so much doddering around before meaningful action is taken. While the military does have an incentive to scare people, since doing so likely increases their funding, Craven is probably right to claim that the overall bias of these organizations is towards economic strength rather than environmental protection. That, and the calibre of the individuals associated with these reports, seems to provide good reason for taking them seriously.

Note that the issue of climate change and security has been discussed here previously.

The Climatic Research Unit’s leaked emails

160 megabytes worth of emails – ostensibly from the University of East Anglia’s Climatic Research Unit – have apparently been obtained by hackers and posted online. Being emails between colleagues, they are written in a less formal style than public documents. Some blogs and news sources critical of the mainstream scientific view are hailing the emails as proof of poor practice within the scientific community, or evidence that the consensus view on climate change is incorrect or an intentional fabrication. Various climate change blogs have put up responses to the whole event and to those allegations:

Firstly, it isn’t clear that these emails contain evidence of any wrongdoing. Secondly, it hasn’t been established whether the documents are all genuine and unaltered. Thirdly, and most importantly, the consensus on anthropogenic climate change is bigger than any one specific institution. It is based on multiple lines of evidence that support the same conclusions – something that cannot be said about alternative hypotheses, such as that nothing is happening or that observed warming is not mostly being caused by greenhouse gasses.

RealClimate probably has the best analysis on the significance of all this:

More interesting is what is not contained in the emails. There is no evidence of any worldwide conspiracy, no mention of George Soros nefariously funding climate research, no grand plan to ‘get rid of the MWP’, no admission that global warming is a hoax, no evidence of the falsifying of data, and no ‘marching orders’ from our socialist/communist/vegetarian overlords. The truly paranoid will put this down to the hackers also being in on the plot though.

Instead, there is a peek into how scientists actually interact and the conflicts show that the community is a far cry from the monolith that is sometimes imagined. People working constructively to improve joint publications; scientists who are friendly and agree on many of the big picture issues, disagreeing at times about details and engaging in ‘robust’ discussions; Scientists expressing frustration at the misrepresentation of their work in politicized arenas and complaining when media reports get it wrong; Scientists resenting the time they have to take out of their research to deal with over-hyped nonsense. None of this should be shocking.

It’s obvious that the noise-generating components of the blogosphere will generate a lot of noise about this. but it’s important to remember that science doesn’t work because people are polite at all times. Gravity isn’t a useful theory because Newton was a nice person. QED isn’t powerful because Feynman was respectful of other people around him. Science works because different groups go about trying to find the best approximations of the truth, and are generally very competitive about that. That the same scientists can still all agree on the wording of an IPCC chapter for instance is thus even more remarkable.

That said, you can be sure that climate change delayers and deniers will be milking these emails for years – using them to continue to cast doubt on the strength of the scientific consensus about climate change. Thankfully, it does seem as though the world’s political elites are increasingly aware of the strength of the scientific consensus and the incoherence of the views of those who deny it.

[Update: 3 December 2009] Nature has posted an editorial about this whole incident. It makes reference to two open archives of online climate data – maintained by the IPCC (http://www.ipcc-data.org) and the US National Climatic Data Center (http://www.ncdc.noaa.gov/oa/ncdc.html).

[Update: 14 December 2009] Newsweek has printed a comprehensive evaluation of the significance of the CRU emails, written by Jess Henig of FactCheck.org. It concludes that the emails sometimes “show a few scientists in a bad light, being rude or dismissive” but that the emails do not undermine the IPCC consensus, and that: “E-mails being cited as “smoking guns” have been misrepresented.”

[Update: 20 June 2010] Wrap-up video on the CRU emails

The Khalid Sheikh Mohammed trial

A number of recent articles have provided interesting commentary on the upcoming trial of alleged 9-11 plotter Khalid Shheikh Mohammed in an American federal court:

Given everything that has already happened, it is very hard to see how this can have a good outcome. The trial cannot be fair – since there have been so many rights and due process violations, and no impartial jury can be found – and the precedent seems highly likely to make bad law.

Slate contributor David Feige is probably right in summing up the likely outcome:

In the end, KSM will be convicted and America will declare the case a great victory for process, openness, and ordinary criminal procedure. Bringing KSM to trial in New York will still be far better than any of the available alternatives. But the toll his torture and imprisonment has already taken, and the price the bad law his defense will create will exact, will become part of the folly of our post-9/11 madness.

Given the situation they inherited, the Obama administration may not be able to do any better. Still, it is worrisome to think what the future consequences of this may be.

[Update: 12 February 2010] Due to the opposition he has encountered, Obama has abandoned plans to give KSM a civilian trial in New York. Disappointing.

Oil 101

Twigs and branches

Written essentially in the style of a textbook, Morgan Downey’s Oil 101 moves systematically through the major areas of knowledge required for a basic understanding of the global petroleum industry. These include:

  • The history of oil use, including predictions about the future
  • The chemistry of crude oil
  • Exploration for and production of oil
  • Refining
  • Petrochemicals
  • Transporting oil
  • Storing oil
  • Seasonal demand variation, pricing, and oil markets

Downey covers each in a clear and informative manner, though he sometimes delves into a greater level of detail than most amateurs will prefer. For instance, some of the forays into chemistry are at a level of sophistication well above what casuals readers are likely to retain. That said, the book is laid out in a highly structured way, so it is easy to gloss over technical portions without losing track of the overall structure of the text.

One thing the book strongly demonstrates is the enormous amount of expertise and capital that have been developed within the petroleum industry. For instance, the section on how offshore oil platforms are constructed and operated shows what an astonishing number of things can be executed deep underground, from a steel platform above the ocean’s surface: everything from horizontal and vertical drilling to the assembly of steel pipes (cemented in place), the use of explosives, the installation of automatic or remote-controlled valves, the injection of acids and chemicals, etc. The discussion of refining and transport technologies and infrastructure is similarly demonstrative of sustained investment and innovation. While it is regrettable that all of this effort has been put into an industry that is so climatically harmful, it does suggest that humanity has a great many physical and intellectual resources to bring to bear on the problem of finding energy. As more and more of those are directed towards the development of renewable energy options, we have reason to hope that those technologies will improve substantially.

The final portion of the book, about oil prices and forward oil markets, was the least interesting for me, as it deals with complex financial instruments rather than matters of chemistry, geology, etc. Still, for those who are seeking to understand how oil prices are established, as well as what sorts of financial instruments exist that relate to hydrocarbons, these chapters may be useful. Downey does provide some practical advice to those whose organizations (companies, countries, etc) are exposed to changes in oil markets: “The decision not to hedge [Buy financial products that reduce your exposure to a risk of major price changes] should be an active decision. Management should clearly inform investors why they decide to face the full volatility of the oil market when they have an opportunity to manage the risk.” Managing such risks on an individual level has been discussed here before.

All told, this book is well worth reading for all those who are curious about the energy basis for global civilization, why it is established the way it is, and some of the key factors that will determine which way it goes. Downey is a low-key proponent of the peak oil theory. He argues that reserves, especially in OPEC, are inflated and that a peak and bell-shaped drop-off in production are inevitable: probably between 2005 and 2015, provided depletion occurs globally at about the same rate as it did in the United States following their peak in 1970. For those hoping to grasp the implications of that projection, as well as those hoping to plan for a world based on other forms of energy, the information contained in this book is both valuable and well-presented.

International domain names

Yellow backlit leaves with gradiant sky

This month, the Internet Corporation for Assigned Names and Numbers (ICANN) approved domain names written using non-Latin scripts, such as Cyrillic and Kanji. While this is an appropriate recognition of the international character of the internet, I worry that there will be serious problems with both usability and security.

Starting with usability, many people will soon be in the position of being unable to input the universal resource locater (URL) for various websites using their existing keyboard. On-screen keyboards are an option, but they are annoying to use and there will be confusion regarding characters that look identical (or nearly so) yet actually differ.

The latter problem leads to the major security concern: namely, that people will use identical looking characters (homographs) to trick users into thinking they are actually at a different site. For instance, someone could register ‘sindark.com’ where the lower-case ‘a’ is the Unicode character U+0430 (from the Cyrillic alphabet), rather than the identical-looking Unicode character U+0061 (from the Latin alphabet).

This isn’t much of a threat for a blog, since people don’t enter sensitive information here, but it might make attacks against banks and commerce sites even easier than at present. The designers of web browsers are considering various methods for countering this threat – such as highlighting non-Latin characters somehow, or creating blacklists of fake sites – but it seems virtually certain that at least a few scams will succeed before good solutions are developed.

Personally, I hope browser manufacturers offer users the option of disabling non-Latin domain names entirely, until such a time as some desirable content appears on sites that don’t use them and mechanisms to prevent abuse have been demonstrated successfully.

The Secret Sentry

Two red leaves

Less famous than the Central Intelligence Agency (CIA), the American National Security Agency (NSA) is actually a far larger organization. It also provides the majority of the intelligence material provided to the president daily. Matthew Aid’s The Secret Sentry: The Untold History of the National Security Agency tracks the history of the organization between the end of the Second World War and the recent past. While the book contains a fair bit of interesting information, it suffers from some significant flaws. Notably, it is very thin on technical detail, not written with a neutral point of view, and not always effective at putting the role of intelligence in context.

Aid’s book contains virtually no technical information on the main work of the NSA: codebreaking and traffic analysis. Confusingly, it doesn’t even clearly indicate that a properly implemented one-time-pad (OTP) is actually an entirely secure method of communication, if not a very convenient one. For those hoping to gain insight into the past or present capabilities of the NSA, this book is not helpful. It does provide some historical background on when the US was and was not able to read codes employed by various governments, but does not explore the reasons why that is. Is certainly doesn’t consider the kind of non-mathematical operations that often play a crucial role in overcoming enemy cryptography: whether that is exploiting mistakes in implementation, or ‘black bag’ operations where equipment and materials are stolen. On all these matters, David Khan’s book is a far superior resource. Personally, there is nothing I would rather know about the NSA than how successfully they can break public key encryption systems of the kind used in web browsers and commercial encryption software.

The Secret Sentry consists largely of brief biographies of NSA directors interspersed among accounts of the numerous conflicts with which the NSA has been involved. The most extensively described of these are the Vietnam War and the ongoing conflicts in Afghanistan and Iraq. The information on the Gulf of Tonkin incident is quite interesting, given the ways in which it shows how intelligence can be misused by politicians spoiling for a fight (as obviously happened again with Iraq in 2003). Indeed, some of the best information in the book concerns how intelligence can be both badly and poorly used. For example, it discusses how keeping sources and methods secret makes intelligence less credible in the eyes of those making choices partly based upon it. At the same time, having sources and methods revealed reduces the likelihood that current intelligence techniques will continue to work. On the politics surrounding intelligence, it was also interesting to read about how the NSA was involved in bugging UN officials and representatives during the lead-up to the 2003 invasion of Iraq. The book is also strong when it comes to providing examples of policy-makers ignoring intelligence advice that conflicts with what they want to believe – as well as explanations of why there was no prior warning before major events like the fall of the Soviet Union, the Yom Kippur War, or September 11th, 2001. Rather, it describes how the various bits of information that would have gone into such warnings were not pieced together and properly understood in time.

The book contains a number of errors and unclear statements that I was able to identify. In addition to the aforementioned matter of the cryptosecurity of the OTP, I think it is wrong to say that the 1983 marine barracks bombing in Lebanon was the world’s largest non-nuclear explosion. The Minor Scale and Misty Picture tests were larger – as was the Halifax Explosion. The term JDAM refers to a guidance kit that can be attached to regular bombs, not a kind of bunker buster. Also, GPS receivers determine their locations by measuring the amount of time signals from satellites take to reach them – they are not devices that automatically broadcast their own location in a way that can be triangulated by others. These errors make me fairly confident that the book contains others that I was not able to identify.

The book also has a somewhat perplexing structure. Roughly chronological, it is written in the form of little vignettes with headings. An example of the way this can seem disjointed is found in the chapter on the Reagan and Bush Senior administrations. One one page, it describes the tenure of William Odon as NSA director. It then jumps into short description of America’s signals intelligence (SIGINT) satellite technology at the time. Then, before the page is done, it jumps to the topic of Ronald Pelton selling NSA secrets to the Soviets. One sometimes gets the sense that the order of these chapter sub-units was jostled after they were written. Terms and abbreviations are sometimes explained well after their first use, and sometimes not at all. Bewilderingly, the Walker-Witworth spy ring is mentioned only in passing, in a single sentence, and yet is included in the index.

The Secret Sentry shows a lack of objectivity that becomes more acute as it progresses, culminating in tirades against the 2003 invasion of Iraq and the NSAs controversial domestic wiretap program. While there are certainly grounds for criticizing both, it is arguably the role of a historian to provide facts and analysis, rather than moral or legal judgments. It is also a bit odd to see the attack of one American armoured vehicle as ‘tragic’ while the destruction of large Iraqi military formations is discussed only in factual terms. It would also have been welcome for the book to include more information on how those outside the United States have perceived the NSA, and the SIGINT capabilities of states not allied with the US.

Perhaps a second edition will eventually correct some of this book’s flaws. That would be welcome, since the topic is an important one. While the record of the NSA at providing useful intelligence is checkered, it is almost certainly the most capable SIGINT organization in the world today. Its future actions will have implications for both the privacy of individuals and for geopolitics and future conflicts.

The military importance of space

Cluster of security cameras

Given that unmanned aerial vehicles (UAVs) are not yet particularly autonomous, for the most part, they are generally operated remotely by people. Apparently, the transmission system and encryption used between UAV operators in Nevada and the drones they are piloting in Afghanistan and Pakistan introduces a 1.7 second delay between commands being given and responses being received. As a result, take-off and landing need to be handled by a team located within the theatre of operations, since these activities require more nimble responses. The Broad Area Maritime Surveillance system being considered by the US Navy will require much more dynamic communication capabilities, of the sort that can probably only be conveniently provided from orbit.

This is just one example of the way in which the operation of armed forces – and especially the American armed forces – is increasingly dependent on their capabilities in space. From communications to intelligence to navigation, satellites have become essential. That, in turn, makes the capability to interfere with satellites highly strategic. The umbrage taken by the US and others to the 2007 Chinese anti-satellite missile test is demonstrative of this. The test also illustrates the major dangers associated with creating debris in orbit. If enough such material was ever to accumulate, it could make the use of certain orbits hazardous or impossible. The 2009 Iridium satellite collision is a demonstration of how debris clouds can also arise from accidental events, which will become both more common and more threatening as more and more assets are placed in orbit. That crash created about 600 large pieces of debris that remain in Low Earth Orbit.

In the next few decades, we will probably see a lot of development where it comes to the weaponization of space, including (quite probably) the placement of offensive weapons in orbit, the proliferation of ground-based weapons that target satellites, and the deployment of weapons intended to counter those weapons (a significant secondary purpose for ballistic missile defence technologies

Rentier states and costly petrochemical investments

Many oil producing states rely upon revenues associated with that resource to finance themselves, particularly when it comes to social spending. This sits awkwardly beside the fact that the era of cheap and easy oil is ending. As such, states seeking to maintain output will face some very tricky choices. To prevent a collapse in exports, they will need to invest much more (making the oil industry less of a support to state coffers). They may also need to reduce or eliminate the degree to which they subsidize petroleum products like gasoline for the local population.

None of this is the kind of thing that keeps governments secure. Indeed, a government that pursues the economically prudent course of investing in long-term capacity might find itself threatened by others who would rather skip the investment to keep things rolling nicely in the present. All that adds another worrisome dimension to the nexus of energy security and global politics. It is especially hard to see how states like Saudi Arabia – where the entire social, political, and economic system depends on money from oil exports – will adapt to a world where maintaining their output becomes more and more costly and challenging.

Google’s new malware notifications

In a welcome move, Google will now be sending detailed information to people whose websites have been infected with malware. This occurs frequently when people use old versions of content management systems like WordPress or Joomla. Attackers use known security flaws to add their own code to vulnerable sites: spreading viruses, stealing information, manipulating search engines, and so on.

Given how many blogs get started and abandoned – and how many bloggers lack the technical savvy to identify and remove infections themselves – this should help make the web a bit safer.