Category: Security

Security is immunity from the will of others.

Oil 101

Twigs and branches

Written essentially in the style of a textbook, Morgan Downey’s Oil 101 moves systematically through the major areas of knowledge required for a basic understanding of the global petroleum industry. These include:

  • The history of oil use, including predictions about the future
  • The chemistry of crude oil
  • Exploration for and production of oil
  • Refining
  • Petrochemicals
  • Transporting oil
  • Storing oil
  • Seasonal demand variation, pricing, and oil markets

Downey covers each in a clear and informative manner, though he sometimes delves into a greater level of detail than most amateurs will prefer. For instance, some of the forays into chemistry are at a level of sophistication well above what casuals readers are likely to retain. That said, the book is laid out in a highly structured way, so it is easy to gloss over technical portions without losing track of the overall structure of the text.

One thing the book strongly demonstrates is the enormous amount of expertise and capital that have been developed within the petroleum industry. For instance, the section on how offshore oil platforms are constructed and operated shows what an astonishing number of things can be executed deep underground, from a steel platform above the ocean’s surface: everything from horizontal and vertical drilling to the assembly of steel pipes (cemented in place), the use of explosives, the installation of automatic or remote-controlled valves, the injection of acids and chemicals, etc. The discussion of refining and transport technologies and infrastructure is similarly demonstrative of sustained investment and innovation. While it is regrettable that all of this effort has been put into an industry that is so climatically harmful, it does suggest that humanity has a great many physical and intellectual resources to bring to bear on the problem of finding energy. As more and more of those are directed towards the development of renewable energy options, we have reason to hope that those technologies will improve substantially.

The final portion of the book, about oil prices and forward oil markets, was the least interesting for me, as it deals with complex financial instruments rather than matters of chemistry, geology, etc. Still, for those who are seeking to understand how oil prices are established, as well as what sorts of financial instruments exist that relate to hydrocarbons, these chapters may be useful. Downey does provide some practical advice to those whose organizations (companies, countries, etc) are exposed to changes in oil markets: “The decision not to hedge [Buy financial products that reduce your exposure to a risk of major price changes] should be an active decision. Management should clearly inform investors why they decide to face the full volatility of the oil market when they have an opportunity to manage the risk.” Managing such risks on an individual level has been discussed here before.

All told, this book is well worth reading for all those who are curious about the energy basis for global civilization, why it is established the way it is, and some of the key factors that will determine which way it goes. Downey is a low-key proponent of the peak oil theory. He argues that reserves, especially in OPEC, are inflated and that a peak and bell-shaped drop-off in production are inevitable: probably between 2005 and 2015, provided depletion occurs globally at about the same rate as it did in the United States following their peak in 1970. For those hoping to grasp the implications of that projection, as well as those hoping to plan for a world based on other forms of energy, the information contained in this book is both valuable and well-presented.

International domain names

Yellow backlit leaves with gradiant sky

This month, the Internet Corporation for Assigned Names and Numbers (ICANN) approved domain names written using non-Latin scripts, such as Cyrillic and Kanji. While this is an appropriate recognition of the international character of the internet, I worry that there will be serious problems with both usability and security.

Starting with usability, many people will soon be in the position of being unable to input the universal resource locater (URL) for various websites using their existing keyboard. On-screen keyboards are an option, but they are annoying to use and there will be confusion regarding characters that look identical (or nearly so) yet actually differ.

The latter problem leads to the major security concern: namely, that people will use identical looking characters (homographs) to trick users into thinking they are actually at a different site. For instance, someone could register ‘sindark.com’ where the lower-case ‘a’ is the Unicode character U+0430 (from the Cyrillic alphabet), rather than the identical-looking Unicode character U+0061 (from the Latin alphabet).

This isn’t much of a threat for a blog, since people don’t enter sensitive information here, but it might make attacks against banks and commerce sites even easier than at present. The designers of web browsers are considering various methods for countering this threat – such as highlighting non-Latin characters somehow, or creating blacklists of fake sites – but it seems virtually certain that at least a few scams will succeed before good solutions are developed.

Personally, I hope browser manufacturers offer users the option of disabling non-Latin domain names entirely, until such a time as some desirable content appears on sites that don’t use them and mechanisms to prevent abuse have been demonstrated successfully.

The Secret Sentry

Two red leaves

Less famous than the Central Intelligence Agency (CIA), the American National Security Agency (NSA) is actually a far larger organization. It also provides the majority of the intelligence material provided to the president daily. Matthew Aid’s The Secret Sentry: The Untold History of the National Security Agency tracks the history of the organization between the end of the Second World War and the recent past. While the book contains a fair bit of interesting information, it suffers from some significant flaws. Notably, it is very thin on technical detail, not written with a neutral point of view, and not always effective at putting the role of intelligence in context.

Aid’s book contains virtually no technical information on the main work of the NSA: codebreaking and traffic analysis. Confusingly, it doesn’t even clearly indicate that a properly implemented one-time-pad (OTP) is actually an entirely secure method of communication, if not a very convenient one. For those hoping to gain insight into the past or present capabilities of the NSA, this book is not helpful. It does provide some historical background on when the US was and was not able to read codes employed by various governments, but does not explore the reasons why that is. Is certainly doesn’t consider the kind of non-mathematical operations that often play a crucial role in overcoming enemy cryptography: whether that is exploiting mistakes in implementation, or ‘black bag’ operations where equipment and materials are stolen. On all these matters, David Khan’s book is a far superior resource. Personally, there is nothing I would rather know about the NSA than how successfully they can break public key encryption systems of the kind used in web browsers and commercial encryption software.

The Secret Sentry consists largely of brief biographies of NSA directors interspersed among accounts of the numerous conflicts with which the NSA has been involved. The most extensively described of these are the Vietnam War and the ongoing conflicts in Afghanistan and Iraq. The information on the Gulf of Tonkin incident is quite interesting, given the ways in which it shows how intelligence can be misused by politicians spoiling for a fight (as obviously happened again with Iraq in 2003). Indeed, some of the best information in the book concerns how intelligence can be both badly and poorly used. For example, it discusses how keeping sources and methods secret makes intelligence less credible in the eyes of those making choices partly based upon it. At the same time, having sources and methods revealed reduces the likelihood that current intelligence techniques will continue to work. On the politics surrounding intelligence, it was also interesting to read about how the NSA was involved in bugging UN officials and representatives during the lead-up to the 2003 invasion of Iraq. The book is also strong when it comes to providing examples of policy-makers ignoring intelligence advice that conflicts with what they want to believe – as well as explanations of why there was no prior warning before major events like the fall of the Soviet Union, the Yom Kippur War, or September 11th, 2001. Rather, it describes how the various bits of information that would have gone into such warnings were not pieced together and properly understood in time.

The book contains a number of errors and unclear statements that I was able to identify. In addition to the aforementioned matter of the cryptosecurity of the OTP, I think it is wrong to say that the 1983 marine barracks bombing in Lebanon was the world’s largest non-nuclear explosion. The Minor Scale and Misty Picture tests were larger – as was the Halifax Explosion. The term JDAM refers to a guidance kit that can be attached to regular bombs, not a kind of bunker buster. Also, GPS receivers determine their locations by measuring the amount of time signals from satellites take to reach them – they are not devices that automatically broadcast their own location in a way that can be triangulated by others. These errors make me fairly confident that the book contains others that I was not able to identify.

The book also has a somewhat perplexing structure. Roughly chronological, it is written in the form of little vignettes with headings. An example of the way this can seem disjointed is found in the chapter on the Reagan and Bush Senior administrations. One one page, it describes the tenure of William Odon as NSA director. It then jumps into short description of America’s signals intelligence (SIGINT) satellite technology at the time. Then, before the page is done, it jumps to the topic of Ronald Pelton selling NSA secrets to the Soviets. One sometimes gets the sense that the order of these chapter sub-units was jostled after they were written. Terms and abbreviations are sometimes explained well after their first use, and sometimes not at all. Bewilderingly, the Walker-Witworth spy ring is mentioned only in passing, in a single sentence, and yet is included in the index.

The Secret Sentry shows a lack of objectivity that becomes more acute as it progresses, culminating in tirades against the 2003 invasion of Iraq and the NSAs controversial domestic wiretap program. While there are certainly grounds for criticizing both, it is arguably the role of a historian to provide facts and analysis, rather than moral or legal judgments. It is also a bit odd to see the attack of one American armoured vehicle as ‘tragic’ while the destruction of large Iraqi military formations is discussed only in factual terms. It would also have been welcome for the book to include more information on how those outside the United States have perceived the NSA, and the SIGINT capabilities of states not allied with the US.

Perhaps a second edition will eventually correct some of this book’s flaws. That would be welcome, since the topic is an important one. While the record of the NSA at providing useful intelligence is checkered, it is almost certainly the most capable SIGINT organization in the world today. Its future actions will have implications for both the privacy of individuals and for geopolitics and future conflicts.

The military importance of space

Cluster of security cameras

Given that unmanned aerial vehicles (UAVs) are not yet particularly autonomous, for the most part, they are generally operated remotely by people. Apparently, the transmission system and encryption used between UAV operators in Nevada and the drones they are piloting in Afghanistan and Pakistan introduces a 1.7 second delay between commands being given and responses being received. As a result, take-off and landing need to be handled by a team located within the theatre of operations, since these activities require more nimble responses. The Broad Area Maritime Surveillance system being considered by the US Navy will require much more dynamic communication capabilities, of the sort that can probably only be conveniently provided from orbit.

This is just one example of the way in which the operation of armed forces – and especially the American armed forces – is increasingly dependent on their capabilities in space. From communications to intelligence to navigation, satellites have become essential. That, in turn, makes the capability to interfere with satellites highly strategic. The umbrage taken by the US and others to the 2007 Chinese anti-satellite missile test is demonstrative of this. The test also illustrates the major dangers associated with creating debris in orbit. If enough such material was ever to accumulate, it could make the use of certain orbits hazardous or impossible. The 2009 Iridium satellite collision is a demonstration of how debris clouds can also arise from accidental events, which will become both more common and more threatening as more and more assets are placed in orbit. That crash created about 600 large pieces of debris that remain in Low Earth Orbit.

In the next few decades, we will probably see a lot of development where it comes to the weaponization of space, including (quite probably) the placement of offensive weapons in orbit, the proliferation of ground-based weapons that target satellites, and the deployment of weapons intended to counter those weapons (a significant secondary purpose for ballistic missile defence technologies

Rentier states and costly petrochemical investments

Many oil producing states rely upon revenues associated with that resource to finance themselves, particularly when it comes to social spending. This sits awkwardly beside the fact that the era of cheap and easy oil is ending. As such, states seeking to maintain output will face some very tricky choices. To prevent a collapse in exports, they will need to invest much more (making the oil industry less of a support to state coffers). They may also need to reduce or eliminate the degree to which they subsidize petroleum products like gasoline for the local population.

None of this is the kind of thing that keeps governments secure. Indeed, a government that pursues the economically prudent course of investing in long-term capacity might find itself threatened by others who would rather skip the investment to keep things rolling nicely in the present. All that adds another worrisome dimension to the nexus of energy security and global politics. It is especially hard to see how states like Saudi Arabia – where the entire social, political, and economic system depends on money from oil exports – will adapt to a world where maintaining their output becomes more and more costly and challenging.

Google’s new malware notifications

In a welcome move, Google will now be sending detailed information to people whose websites have been infected with malware. This occurs frequently when people use old versions of content management systems like WordPress or Joomla. Attackers use known security flaws to add their own code to vulnerable sites: spreading viruses, stealing information, manipulating search engines, and so on.

Given how many blogs get started and abandoned – and how many bloggers lack the technical savvy to identify and remove infections themselves – this should help make the web a bit safer.

What does the internet know about you?

Through my friend Antonia, I discovered the Personas project over at MIT. The creators claim that it is “a critique of data mining, revealing the computer’s uncanny insights and inadvertent errors.” Putting in my name yields lots of results, though less information than a simple Google search. Indeed, it is probably what Google turns up when we enter our names that should concern us most. The MIT project is more about nice visuals than about providing a comprehensive precis on someone, based on publicly accessible information.

Even so, it’s a neat little thing to try out, especially if you have a rare or unique name.

The Year of the Flood

Electrical warning sign

Margaret Atwood’s The Year of the Flood is a parallel story to her prior novel, Oryx and Crake. Set in two time periods with two narrators, it fills in a bit more of the dystopian world she created: one where the bulk of the horrors presented emerge primarily from the exploitation of genetic engineering and a return to gangsterism and anarchy. Climate change is part of it all, but definitely doesn’t have a prominent role among the causes of human downfall. While the book does expand the reader’s view into that world in interesting ways, it is ultimately less satisfying as a piece of speculative fiction. Nonetheless, it is well worth reading, for those interested in imagining the ways in which humanity might continue to develop.

In some ways, this is a female retelling of the previous story. The two narrators are both women, separated by a generation, and most of the key happenings centre around their treatment as women and engagement with other woman. This world certainly isn’t a pretty one, in that regard, with almost all men as enemies and a terrible lack of personal security for almost anyone. This is a book that will have parents enrolling their daughters in karate lessons and, perhaps, rightly so. Being able to defend yourself is clearly important, when the future is uncertain. At the outset, the two narrators can be somewhat hard to distinguish, but as the book progresses at least one of them develops a distinct and interesting perspective and approach.

The Year of the Flood incorporates many of Atwood’s favourite issues and motifs of late, including sex, debt, religion, corruption, and the nature and corporate manipulation of human desires. Along with being interweaved with Oryx and Crake, this book is connected with Atwood’s recent non-fiction writing on debt. It certainly explores the question of ecological debts and the responsibility of human beings towards nature. In Atwood’s world, humanity has filled the world with splices and custom creatures, while allowing almost all of the planet’s charismatic megafauna – from gorillas to tigers – to become extinct. The God’s Gardeners, the cult the novel focuses on and whose hymns it reproduces, have beautified the environmentalists of the 20th and 21st centuries, despite how their efforts have apparently failed, at least insofar as conserving nature goes. Humanity has certainly been able to endure as an industrial and consumerist society in Atwood’s world, which means they must have learned to be more effective than we are at securing resources sustainably and disposing of wastes likewise.

The novel’s plot involves rather too many improbable meetings – so many as to make Atwood’s fictional world extremely small. People run into members of their small prior groups far too easily, and sometimes make implausible jumps from place to place. In some cases, connections with characters from the previous novel feel trivial and unnecessary. A few of the motivations of the characters are unconvincing. All in all, this book rests against the structure of Oryx and Crake, sometimes adding to it in interesting ways, sometimes stressing the integrity of the amalgamation. The strongest portion of this novel is definitely what it reveals about the dynamics of small community groupings in times of danger. When it comes to broader questions about society and technology, it tends to treat those as already covered or not of enormous interest.

The plausible nature of Atwood’s dystopia remains disturbing. Indeed, it is difficult to imagine some of the elements of these stories not coming to pass within the next few decades. In particular, it seems all but certain that we will use new genetic technologies to go even farther towards exploiting animals, building on the already impressive record modern factory farms have on that front. One prediction I have doubts about – but which is common in science fiction – is the decline of the power and influence of states. Sure, corporations have become powerful; nevertheless, governments push them around easily and frequently when they have a strong reason for doing so. To a considerable extent, corporate power is reflective of the fact that many states find it agreeable to delegate at this time.

Even so, Atwood’s depiction of relative security inside corporate bubbles and relative insecurity outside is one with considerable contemporary relevance, when it comes to the kind of societies and situations in which people find themselves today. The contrast is revealing both in terms of the impact on the lives of those on either side of the divide and in terms of suggesting what kind of political, economic, and military structures exist to maintain the distinctions between outsiders and insiders, safe lives and unsafe ones.

The novel is also disturbing in terms of the acquiescence of aware consumers towards the monstrous things the corporations populating this universe are doing. If people today are mostly happy not to think twice about what is in a Chicken McNugget, would they really go along with the blatant recycling of corpses into food in the future? The degree to which Atwood’s world doesn’t grate too much against our aesthetic expectations is suggestive, in this regard. We now expect corporations to largely get away with whatever they think people will tolerate, and we expect little from one another when it comes to outrage.

All told, the book is an interesting expansion upon Atwood’s previous novel, but it does not match the original in terms of the importance of the message or the crafting of the story. In that sense, it is akin to Orson Scott Card’s Ender’s Shadow: set around the events of his magnificent Ender’s Game, and told from a new perspective. While it provided some pleasing new details for fans of the series, it was an engaging but secondary contribution.

Unmanned aerial vehicles

Muskrat (Ondatra zibethicus), in Mud Lake, Ottawa

In most of the world’s militaries – and even in paramilitary groups like Hezbollah – drones and unmanned aerial vehicles (UAVs) are playing increasing roles in combat and intelligence gathering. They are running ahead of convoys in Afghanistan and Iraq to try to spot or jam improvised explosive devices (IEDs). Even as far back as the first Gulf War, they were being used by battleships to target fire from naval guns. Some Iraqi troops even surrendered to them.

Some even go so far as to say that the era of manned fighter aircraft is drawing to a close, and that the American F-22 may be their last such craft. They can be more manoeuvrable than manned craft, since the physical limitations of pilots are no longer an issue. This is an increasingly serious problem as surface-to-air missiles continue to become faster, more advanced, and more widely employed. Due to not being limited by pilot fatigue, UAVs can also have a much more enduring presence. Missions lasting several days have already been undertaken, and future vehicles may be able to remain airborne for weeks or even months. The US Navy has a ‘Broad Area Maritime Surveillance (BAMS)’ program, which aims to provide intelligence coverage of most of the world’s strategic ocean areas, with vehicles capable of loitering for 24 hours.

Of course, the new technologies raise issues beyond military strategy. The ethics of programming machines that employ lethal force will probably become an increasingly important element of international law.

Obama changing tack on missile defence

In a surprising announcement, it seems that the United States may give up plans to put RADAR sites and/or interceptors in Poland and the Czech Republic. These sites would have been ideally suited to track and intercept ballistic missiles launched towards the United States from Iran. This is a reversal of the position President Obama adopted in April, when he gave a speech in Prague. The most plausible reason for the shift is an accommodation with Russia, which has always staunchly opposed US ballistic missile defence (BMD) plans, and which holds key levers when it comes to Iran and nuclear technologies. Notably, the sites in Poland and the Czech Republic would not be especially well placed to aid in the interception of Russian missiles, which would anyhow be too numerous and sophisticated to be plausibly neutralized through a BMD system.

The shift probably signals both the resurgence of Russia as a regional power and the decline of American flexibility that has accompanied ongoing involvement in Iraq and Afghanistan. The US may also be reckoning that it is a better strategic move to try to block Iranian acquisition of nuclear weapons, with Russian help, than to try to field a system to destroy deployable versions of these weapons if and when they exist. Iran’s successful satellite launch in February suggests that they could develop nuclear-capable missiles with a long-range capacity, provided they are able to sufficiently miniaturize their nuclear weapons: an undertaking that proved very challenging even for the United States.

While Poland and the Czech Republic are usefully positioned between Iran and the east coast of North America, Japan is best positioned between North Korea and the west coast. Given the strength of the US-Japanese alliance, and the domestic concern about North Korea and China in Japan itself, it seems likely that the Pacific version of the BMD system will continue to develop. When I visited USNORTHCOM, the US Strategic Space Command, and NORAD, all of their missile defence examples concerned North Korean launches.

[Update: 4:24pm] To clarify the above, it seems the American plan was to put X-band RADAR facilities in the Czech Republic and ten SM-3 interceptor missiles in Poland.