Security – Page 33 – a sibilant intake of breath

An apology for Alan Turing

In addition to being one of the most notable mathematicians and computer scientists in British history, Alan Turing played a key role in cracking German codes during the Second World War. Despite the importance of his contribution, and the role intelligence from the Government Communications Headquarters (GCHQ) played in helping the allies in the Battle of the Atlantic, Turing was subsequently persecuted by the British authorities for being homosexual.

Turing was stripped of security clearance, criminally prosecuted for consensual sex with another man, chemically castrated with estrogen injections, and eventually driven to depression and suicide.

Recently, a petition was launched insisting that the “British Government should apologize to Alan Turing for his treatment and recognize that his work created much of the world we live in and saved us from Nazi Germany. And an apology would recognize the tragic consequences of prejudice that ended this man’s life and career.” An apology for both his specific treatment and the general persecution of homosexuals seems entirely in order. Hopefully, the government will bow to the petitioner’s request, despite Turing not having any surviving family to apologize to.

While writing a historical wrong is a valid reason for issuing an apology, the incident is also not without contemporary relevance. Just look at the continued policy within the US armed forces to dismiss gay linguists from the military. Once again, people making a significant contribution to national security are being discriminated against on the basis of characteristics that are none of their government’s business.

[Update: 10 September 2009] Admirably, British Prime Minister Gordon Brown issued an apology to Alan Turing: “While Turing was dealt with under the law of the time and we can’t put the clock back, his treatment was of course utterly unfair and I am pleased to have the chance to say how deeply sorry I and we all are for what happened to him. Alan and the many thousands of other gay men who were convicted as he was convicted under homophobic laws were treated terribly. Over the years millions more lived in fear of conviction.” The full statement is on the Prime Ministerial website.

FOGBANK and American fusion bombs

The United States may have forgotten how to make FOGBANK: a critical component in at least some thermonuclear weapons. FOGBANK is an ‘interstage material’ that gets turned into a superheated plasma by the detonation of the ‘primary’ fission bomb, helping to ignite the ‘secondary’ fusion reaction.

Some speculate that FOGBANK resembles aerogel. Others describe efforts to re-learn how to make it.

Securing the City

Christopher Dickey’s Securing the City: Inside America’s Best Counterterror Force – the NYPD describes the evolution of New York’s counterterrorism capabilities following the 2001 attacks against the World Trade Centre. Much of the responsibility is attributed to Raymond Kelly, who still serves as Police Commissioner, and David Cohen, his intelligence chief. Key among the changes was the development of much greater intelligence capabilities: everything from officers posted with federal agencies and overseas to developing a broad array of linguists, radiation detection systems, and advanced helicopter optics. All in all, the NYPD developed capabilities to become a mini-CIA, while also strengthening their policing and tactical capacity. All this was done in the face of considerable bureaucratic resistance, particularly from the federal agencies who felt their role was being subverted by the new developments.

Much more than Fred Burton’s book, Securing the City considers the checks and balances associated with greater police power. For instance, Dickey discusses the intelligence operations against people protesting the Republican National Convention in New York in 2004. Dickey also makes passing reference to torture and rendition (without considering the ethics of either at length), as well as surveillance and entrapment-type operations where intelligence officers pretend to help advance terrorist plots, so as to incriminate the others involved. Dickey comes to the general conclusion that the new NYPD capabilities are justified, given the situation in which the city finds itself. He does, however, worry if those capabilities will be properly maintained as budgetary pressures tighten, or when Kelly and the other key architects leave.

Some of the book’s chapters break out from the broad narrative to discuss specific topics, such as weapons of mass destruction or the dangerousness of ‘lone wolf’ operatives who operate independently and without the links to others that make most attackers detectable. While such treatment does make sense, the placement of the chapters can make the book feel a bit randomly assembled at times. Similarly, long italic passages (several pages long) are annoying to read. One other complaint is that the book includes a massive number of names, which can be difficult to keep track of. A listing of ‘characters’ with a brief description of the importance of each would be a nice addition to the front materials.

Dickey is harshly critical of the Iraq war, arguing that is was a distraction that undermined American security. He also argues that the ‘Global War on Terror’ was deeply misguided: “dangerously ill-conceived, mismanaged, and highly militarised.” He is also critical of Rudolf Guliani, who he accuses of taking credit for the successes of others, as well as making poor decisions of his own. His general position on the risk of terrorism is an interesting one. Basically, he thinks the capabilities of Al Qaeda and their sympathizers to carry out attacks in the U.S. has been exaggerated, as demonstrated by just how inept most of the post-9/11 plots were. Nevertheless, he sees the consequences of a terrorist attack as being so severe that even dubious plans being made by incompetent terrorists need to be tracked down and broken up. He repeatedly cites the example of the first World Trade centre bombing, where an inept group failed to advance their aims until Ramzi Yousef joined them and carried their operation to completion. Because of this, he agrees with Burton in thinking that terrorism cannot be treated primarily as a criminal matter. The standard of collecting courtroom-usable evidence is too high to disrupt plots early and effectively, while maintaining the covert capacity to do so again.

Overall, Securing the City is a worthwhile read for those with an interest in security, intelligence, or policing. It’s a nice demonstration of the global importance of some cities in the present age, and the special characteristics of New York. In particular, he praises the role of immigration in the city, citing it as one of the reasons why the NYPD was able to assemble such a diverse and effective capability. Those wanting more context in which to think about the strategic, tactical, and ethical issues surrounding modern terrorism would be well served by giving this book a read.

Ghost: Confessions of a Counterterrorism Agent

I became aware of Fred Burton through the free weekly defence briefings put out by STRATFOR, his current employer. They stand out from other media reports, both as the result of the details they focus on and the thrust of their overall analysis. While I wouldn’t bet heavily on them being entirely correct, they do play a useful counterbalancing role when read alongside media stories that are generally rather similar.

Ghost describes Burton’s history with the Diplomatic Security Service (DSS) between 1986 and 1993, with an epilogue in 2004. Burton’s work involved collecting intelligence, investigating plots and attacks, protecting diplomats, and so forth. He goes into detail on several of the investigations he was involved in, including the assassination of Pakistani President Muhammad Zia-ul-Haq and the capture of Ramzi Yousef. He also describes some of the tactics and strategies employed by the DSS, as well as by other law enforcement and intelligence agencies. These include the operation of motorcades, cover techniques, and countersurveillance: a tactic he claims special credit for deploying in the protective services.

The book’s greatest strength lies in the details it includes, on everything from the character of different intelligence agencies to equipment used to various sorts of tradecraft. While the breathless descriptions can sometimes feel like the content of a mediocre spy novel, the detailed technical discussions offer insight into how clandestine services actually operate. Of course, it is virtually certain that security and secrecy led to parts of the book being incomplete or distorted. Still, it has a candid quality that makes it an engrossing read. One interesting perspective offered is on the connections between different states and terrorist groups: particularly the relationship between Iran and Hezbollah; between the Palestinian Liberation Organization (PLO), Yasser Arafat, and various terrorist groups; as well as the ways in which modern terrorist tactics evolved from those developed by Black September, the group that carried out the massacre at the 1972 Munich Olympics.

At times, the book’s language is overwrought, especially when Burton is discussing the innocence of the victims of terrorism and the ‘evil’ nature of those who commit it. His reflections on his own ethical thinking may be genuine, but seem somewhat hackneyed and unoriginal at the same time. He never portrays American intelligence or police services as having any flaws, with the exception of when bureaucrats get overly involved and stop brave and effective agents from doing their work well. No consideration is given to the abuses that can occur when effective oversight is not present. Burton is also unrelentingly hostile towards the media: accusing them of offering superficial analysis and being eager to divulge information that undermines the clandestine efforts of intelligence organizations. The book is also a bit too well sprinkled with cliches, such as decisions being made and information being assessed ‘above Burton’s pay grade.’ In general, Burton seems a bit too willing to assume that all US intelligence agents are working on the side of the angels and that oversight and accountability can only hamper their efforts.

One interesting passage mentions how little time was required to circumvent the encryption on Yousef’s laptop. This makes me wonder what sort of algorithm had been employed and how it was implemented, as well as the techniques used by those breaking the encryption. I suspect that the actual encryption algorithm is not what was overcome, at least not through some brute force means. It is far more likely that they were able to compromise the password by comprehensively searching through the data on hand, including temporary files and perhaps contents of RAM. It does you little good to have a hard drive encrypted with AES-256 if it is possible to recover or guess the key in a short span of time.

In general, the book is one I recommend. It has a good authentic feel to it and includes some unusual perspectives and operational details. Burton’s personal dedication, as well as that of the agents he serves with and admires, is both convincing and commendable.

WPA cracked in 60 seconds

WPA is a more secure encryption system for wireless networks than the older WEP system, which was notoriously vulnerable. Now, Japanese researchers have devised an attack that cracks WPA networks using the Temporal Key Integrity Protocol (TKIP) algorithm quickly and easily. So far, WPA2 and WPA using AES are not vulnerable to the attack. On past form, it seems likely that those will eventually become vulnerable to rapid compromise, as well.

The broader point this demonstrates is how attacks always get better and never get worse. As such, the longer any particular system has been deployed, the less likely it is to be secure. Threat analysis needs to be ongoing, and accompanied by the patching and replacement of vulnerable systems. Both because of improving computer power and new mathematical developments, this is especially true when it comes to cryptography. As MC Frontalot explains (in a song that references rainbow tables), “you can’t hide secrets from the future with math.”

Open thread: peak oil

The basic idea of the peak oil hypothesis is that global oil production will follow a bell-shaped curve over time, and that we are somewhere near the top of the bell. Once it is passed, a steep decline in output is expected, probably alongside quickly rising prices. The bell-shaped progression is one that has been observed in individual countries that have seen their output peak, including the United States. The Oil Drum is probably the premier website discussing the peak oil possibility.

A world with swiftly falling hydrocarbon availability and rising prices would have numerous economic and geopolitical consequences, from rising food prices to a probable scramble for alternative fuels. That being said, not everyone finds the peak oil theory convincing. Some argue that improved technology will allow us to tap ever-more-unconventional sources of hydrocarbons. Some argue that, rather than falling off sharply, global production will go into a long plateau phase. Others argue that the emergence of alternative fuels – such as biofuels – will fill the gap associated with falling production easily.

What do readers here think? Are we likely to see a sharp contraction in global oil output in coming decades? If so, what would the consequences be? (We already talked about hedging against the possibility.) What effect will new technologies have on this, and what consequences does it have for climate change outcomes and policy-making?

(On one side note, some economists who I’ve spoken to expect carbon pricing to seriously decrease the demand for oil by 2030 – to the point where global prices collapse and unconventional reserves such as the Athabasca oil sands are not worth exploiting. What do people think of that possibility?)

Built-in antivirus for OS X

Rumours are circulating that Apple’s Snow Leopard OS will include antivirus capabilities. This is a welcome development. While OS X rightly has a good reputation for security, there is no commercial operating system that is immune from malware. In addition to malware that targets OS X itself, there are also exploits based around flash, Adobe PDFs, and even specific pieces of hardware.

Adding antivirus protection might be a bit of a public relations blow to Apple, which has cultivated a false sense that there is no malware that affects Macs. Nevertheless, it is a good security move. Indeed, the server version of OS X has included such capabilities for some time.

Why climate change could be catastrophic

The basic equation of climate change is simple enough: add greenhouse gases to the atmosphere and you warm the planet. Of course, there are endless complications in areas like changes in precipitation, sea level, etc.

There are, however, a relatively small set of reasons for which climate change could potentially enormously problematic, or even a civilizational threat. That is to say, one that has the capacity to eliminate or virtually eliminate civilizations with the major characteristics of being industrial, such as level of technological advancement and share of the population whose primary vocation is farming.

The probability of all of these is unknown, and may be very low. Still, they bear consideration when we are deciding how precautionary an approach we should take when it comes to reducing emissions. Also, more than one of these could happen simultaneously.

1) It could happen very quickly

While the normal order of business for climatic changes seems to be gradual change, there is some evidence that it is possible to cross some threshold and experience massive sudden changes. An example would be the mass melting of icecaps in Greenland and Antarctica, producing several metres of sea level rise in a matter of decades. Rapid sea level rise (albeit perhaps not to that degree) has happened before, as the result of other ‘forcings’ that affect the climate system.

More rapid change would be harder to adapt to than slower change. Rather than having to make gradual changes to how we grow food, use water, etc, we would be confronted with the immediate necessity of making big, expensive, and politically difficult changes.

2) It could take place to an extreme extent

The ultimate extreme – seeing our oceans boil away and the planet turn into a burning hell like Venus – is probably impossible. That being said, a much less dramatic change could still strain the ability of human beings to cope. There is a general consensus that warming of more than 2°C would be ‘dangerous’ and that each additional degree would heighten problems such as agricultural failure and lack of access to fresh water.

A business-as-usual course of greenhouse gas emissions that takes atmospheric concentrations to over 1000 ppm by 2100. If climate sensitivity is high (say, 8°C) then the warming that results could average 25°C above pre-industrial levels, worldwide (with more warming in high latitudes). That would surely cause massive agricultural problems and leave many areas uninhabitable. Even with sensitivity at the high end of the IPCCs probable range (4.5°C), 1000 ppm conditions could generate warming of over 15°C.

3) It could become self-sustaining

The climate system contains a number of positive feedback effects, where warming causes a change that produces more warming. Examples include sea ice melting to reveal more heat-absorbing ocean, melting permafrost releasing methane, and tropical forests drying out and burning.

If the natural world began to regularly emit more greenhouse gasses than it was removing from the atmosphere, even cutting human emissions to zero would not prevent further climate change. Our only options would be various forms of geoengineering: air capture to remove greenhouse gasses directly from the atmosphere, or techniques to alter how the planet absorbs and reflects solar radiation.

If there is a threshold beyond which runaway climate change begins, humanity might find itself trapped between facing an unknown level of warming (to stop only when the system finds a new equilibrium) or taking the desperate step of trying to actively engineer the climate.

4) It could foster conflict

Even without any of the scenarios above, it is plausible that climate change could kick off major conflicts. Bangladesh and Florida could be permanently submerged. Major river systems could see massively decreased flows. Major famines could result, etc.

If the climate changes experienced were abrupt, the danger of conflict would be further heightened, as states made desperate attempts to cope and populations relocated.

In the end, our best chance for dealing with climate change is for states to begin cooperating when they still have a good amount of time and lots of resources to direct at the issue. Also, when their will to cooperate isn’t being reduced by Hobbesian tensions. By investing reasonable amounts now in transforming our energy system and protecting carbon sinks – as well as by creating increasingly powerful incentives to reduce greenhouse gas emissions – states can not only prevent the scenarios above from occurring, they can also switch the energy basis of their society from dirty and unsustainable fossil fuels towards renewable forms of energy that can be relied upon indefinitely.

[Update: 4 February 2009] Here is a post on the danger of self-amplifying, runaway climate change: Is runaway climate change possible? Hansen’s take.

Consequences of fear and unchecked state power

A recent editorial on America’s sex crime laws is a nice demonstration of how the protection of the individual from the unjust application of power by the state is one of the most important kinds of human security. Pursuing criminal charges against teenagers who have sex with other teenagers – and even those who send explicit images of themselves to one another – is a lunatic way for the state to apply the law. Rather than protecting anyone, such a petty act of over-enforcement can seriously wreck the lives of those the law was intended to protect: especially when they end up on life-long public sex offender registries that do not specify what led to their initial arrest. All this becomes even more dangerous as the state gets more and more power to observe the lives of its citizens, shrinking the extent of formally private spheres (such as correspondence) where it would not previously have been watching.

It certainly bears remembering that the state is a beast that walks with a heavy, and sometimes clumsy, step. That’s something that must be borne in mind especially when the population is especially afraid of a nebulous threat, such as sex criminals or terrorists. Failing to appreciate that the application of state power can cause profound harm, as well as protection, to human security is what produces injustices like torture, Guantanamo Bay, the internment of those of Japanese descent during the Second World War, and so forth. When people are afraid, they care little about the rights of those they fear; equally damagingly, they show little appreciation for how harsh new approaches undermine the very systems they are established with the intention of protecting. Set upon the wrong course, the state is a far more dangerous entity than any terrorist organization.

Finally, there is the well-reasoned furour about the RCMP performing its own criminal investigations on officers. In any large organization, most people will act to preserve the interests of the group – even at the expense of committing injustices against outsiders. They will naturally give the benefit of the doubt to their colleagues, and they will also share loyalty with those risking their lives for the same purposes. To have any credibility, investigations into such organizations must be conducted by outsiders with independence and a strong mandate to investigate and expose wrongdoing.

Ophcrack and Windows passwords

As mentioned before, rainbow tables are a mechanism that can be used to reverse hash functions, revealing information that was intended to be hidden. For instance, they can take the hashed contents of a Windows password file and turn them into a password you can use. This limitation largely exists because Windows does not use the technique of ‘salting,’ which would make rainbow tables unmanageably large. Unix-based operating systems, like Mac OS X, have been salting passwords since the 1970s.

Ophcrack is a piece of free software that exploits precisely this vulnerability. As explained here, it comes as a bootable CD, which can be used to circumvent the password on a Windows XP, Vista, or 7 computer.

Among other things, this means that having a password-protected user account isn’t an adequate way to protect your data from anyone who can get their hands on your computer: from customs agents to burglars. If you have anything sensitive in there, it would be sensible to further protect it with some strong encryption.