Security – Page 35 – a sibilant intake of breath

Crime fighting with DNA ‘family searches’

Over at Slate, there is an interesting and somewhat frightening article about the use of DNA in law enforcement in the United States. As in the UK, the US is now collecting DNA from many people who have been arrested, and retaining the samples even from those never charged or convicted. The next step along this path of DNA surveillance seems to be ‘family searches.’ Here, police look for near matches between crime scene DNA and people in their database. When they find a near match, they investigate that person’s family members.

This is worrisome for many reasons. As the article explains, “courts could well be troubled by the open-ended idea that once you’re arrested and cleared, the state can subject you and future generations of your family members to permanent genetic surveillance.” It is quite shocking really. These days, people are getting arrested for such trivialities as taking photos of major landmarks. The idea that this would then subject their entire family to future police DNA surveillance seems deeply illiberal. The article also makes the point that the DNA kept on file may be re-examined later to test for other traits: for instance, if genes that predispose people to committing rape or murder are discovered. Finally, the article mentions some of the major racial implications of the policy: given the high rates of arrest and incarceration in the African American community, members of that ethnic group are unusually likely to be subject to police surveillance via family searches.

Maintaining a functioning justice system in an era of rapidly changing technologies is a huge challenge. Arguably, search and surveillance are the most worrisome new issues. The automation of both means that huge databases can be maintained tracking emails, cell phone locations, DNA, and much else besides. These databases will inevitably be accidentally leaked and intentionally abused. Just another reason why governments are far more dangerous than terrorists.

Given the popularity of being ‘tough on crime,’ it is easy to see why many people favour a system that sacrifices privacy in exchange to a higher chance of catching criminals. There are certainly arguments on both sides. DNA can help to free the wrongfully convicted, as well as increase the conviction rate for crimes like rape, when the justice system generally does a rotten job of catching perpetrators. Arguably, the fairest system would be to put everyone’s DNA on file. At least that way people would be receiving equal treatment. Of course, that requires putting even more trust and power in the hands of governments and security services that have too often abused it in the past.

Legalizing drugs

In a recent leader and briefing, The Economist has reiterated its support for worldwide drug legalization. They argue that, while legalization will certainly bring problems of its own, it is better than another century of failed attempts at prohibition. All told, the case is a very strong one. Legalization could bring with it government control: tax revenues, funds to treat addicts, quality control of products, and public information. Legalization would bring the problem into the open, as well as allow the billions of dollars spent on anti-drug policing and prisons to be put to better uses. In their leader, the magazine makes the surprising suggestion that the participation of legitimate drug companies in the development and improvement of recreational drugs could make them safer.

Legalization could also undercut organized crime, the body that probably benefits most from the current arrangement. That, in turn, would cut down on the crime associated with an illegal trade. Legalization would also suspend the situation in which governments criminalize large segments of their own population. The point is made that Barack Obama could easily have ended up in prison for his youthful experiments with cocaine. Certainly, prison sentences for drug use have the capacity to ruin what would otherwise be excellent lives by stigmatizing those who receive them and exposing them to one of the most intolerable social environments that exist within secure states.

An interesting rebuttal is offered to the idea that looser drug laws turn more people into drug users and addicts. Comparisons of otherwise similar states (harsh Sweden and laxer Norway, for instance) suggest that laws have little impact on the level of drug-taking in society. Under a legal regime, there would also be an opportunity to dispel misinformation about drugs. Certainly, the arguments that politicians have sometimes made about the ‘extreme’ danger of marijuana undermine their credibility when talking about substances that are genuinely far more dangerous.

In short, drug legalization does seem to offer the prospect of weakening the connections between many different harmful phenomenon: from the way in which poppy eradication is undermining peacemaking efforts in Afghanistan to the way in which the poor are more likely to go to jail for drug offences than their richer fellow citizens. While it would be asking too much for governments to take the plunge and legalize everything instantly, it may not be too much to hope for gradual progress in that direction, with a growing emphasis on harm prevention and a more evidence-based approach to policing, lawmaking, and judicial decisions.

Threats from war and climate change

Some threats to society strike people as so severe they justify employing large numbers of people, at taxpayer expense, to mitigate them. Chief among these is probably the danger that foreigners will try to kill us. Largely to combat this, Canadians pay for 65,251 active military personnel and 24,300 reservists. We also contribute a bit more than 1% of our gross domestic product.

At best, the operation of these institutions will leave us as well off as we are now. The money spent on bombs and military vehicles is primarily expended so as to minimize the risks associated with being attacked (though domestic industry and humanitarian concern are also factors).

Now consider climate change: probably the greatest threat facing humanity in the foreseeable future. I can’t tell you exactly how many taxpayer-funded agents are working on the problem, but it is certainly a very small fraction of the armed forces total. Should that number not be increased, so as to bring the allocation of resources more closely in line with the suite of threats we face? The case becomes even stronger when you recognize that climate change workers (say, people performing free building retrofits) have all the advantages of soldiers, plus additional benefits. Climate change mitigation is a humanitarian activity – the faster we bring emissions down to a sustainable level, the less suffering will occur in future generations worldwide due to the effects of climate change. Climate change mitigation and adaptation can have domestic economic benefits: not only do efficient buildings have lower year-on-year costs for heating, cooling, and lighting but they may also make those who live and work in them happier and more productive.

The idea of employing, say, 10% as many people to fight climate change as to fight foreigners is not entirely unproblematic. Providing free retrofits might undercut the businesses that perform such operations for profit now. That being said, I am sure careful policy design could minimize such problems. The biggest hurdle to overcome is the psychological block between facing the threat of climate change and employing people to combat it. Actually, rather than a block it might be more accurately referred to as the absence of a connection, between where our likely societal problems lie and where our societal resources are being directed.

Admittedly, you could achieve many of the same outcomes through market liberal climate strategies, such as carbon taxes and cap-and-trade schemes. The potential advantage of doing it through government labour is that the market liberal policies are hard to implement: firms often oppose them tooth-and-nail and convince voters that they will cause economic harm to them personally. Given the strength of entrenched interests, it would take remarkable political will to deploy the kind of market mechanism that would produce the required change at an acceptable pace.

Some outstanding questions jump to mind. Would a public climate change service be sensible or useful? What would such a service do? How could unfair competition with the private sector be addressed? Is there a politically feasible way to achieve the same outcomes with fewer problems or lower costs? All of these seem worth debating.

Note also that if you extend the 10% logic to the United States and China, you are talking about huge numbers of mitigation workers. The American armed forces comprise about 1.5 million people, with that many again in reserves. The US spends more than 4% of GDP on them. China has 2.25 million active personnel and 800,000 reservists. They spend about 1.7% of their GDP on them.

Monbiot now conditionally supporting nuclear

In his book Heat, George Monbiot rejects nuclear fission as a low-carbon source of electricity: arguing that it is unacceptably dangerous, and that we could make do without it. In a recent column on his website, he makes it clear that he has joined the ranks of those willing to reluctantly consider nuclear, on the simple grounds that he is so deeply concerned about climate change.

He does, however, have some conditions:

Its total emissions – from mine to dump – are taken into account
We know exactly how and where the waste is to be buried
We know how much this will cost and who will pay
There is a legal guarantee that no civil nuclear materials will be diverted for military purposes.

The first of these is important, but a fairly low hurdle. If there wasn’t good evidence that the life cycle emissions of nuclear are low (though they are not zero), it wouldn’t be getting the kind of attention it has been. The second matter is mostly a matter of not-in-my-backyard (NIMBY) syndrome. Nobody wants a nuclear waste dump in their area, though everyone knows that a safe dump will basically resemble: a deep and well-sealed hole in some very geologically stable rock. The fourth requirement may be a reasonable bar for states with pre-existing nuclear weapons capability, but it is a bit much to expect from states that lack that capacity and face threatening neighbours. In all likelihood, more civilian nuclear power will mean more states with nuclear weapons, a few decades out.

The third issue is the most uncertain: the cost of nuclear power. Regrettably, no government out there actually has the spine to make polluters pay the true cost of their carbon dioxide emissions. Likewise, no government seems to be willing to forego the political opportunities involved in subsidizing technologies like nuclear fission and carbon capture and storage. In all probability, more nuclear will result in taxpayers and electricity consumers subsidizing the mistakes of governments and energy utilities. It may also produce a clunky, dangerous, and expensive infrastructure that was slower to come online and less effective than focusing on conservation, efficiency, and renewables would have been. All that being said, the inevitable costs may be justified as a precaution. If it does become brilliantly clear to the public that climate change requires urgent action – to the extent that people are willing to accept the rapid decommissioning of coal plants – having nuclear as an option might be an important way to facilitate the route forward. Given the risks of climate change, its low-carbon status may also be worth the inevitable accidents and contamination.

I admit that this is an issue where my thoughts remain divided. That being said, barring some big unforeseen change, I think we can definitely expect to see Canada’s nuclear reactors replaced with new ones, during the next few decades, at the very least. The post later today will provide some further thinking on the issue.

The ‘SSL strip’ exploit

The Secure Sockets Layer (SSL) is one of the world’s most important forms of commercial encryption. It is the public key system generally employed by e-commerce websites like Amazon, in order to prevent payment details from being intercepted by third parties. At this week’s Black Hat security conference in Washington, details were released on an exploit that takes advantage of the weak way in which SSL is implemented in secure (HTTPS) websites.

The tool – called ‘SSL strip’ – is based around a man-in-the-middle attack, where the system for redirecting people from the insecure to the secure version of a web page is abused. By acting as a man-in-the-middle, the attacker can compromise any information sent between the user and the supposedly secure webpage. The author of the exploit claims to have used it to steal data from PayPal, GMail, Tickermaster, and Facebook – including sixteen credit card numbers and control of more than 100 email accounts.

This kind of vulnerability has always existed with SSL because it is difficult to be certain about where the endpoints of communication lie. Rather than having a secure end-to-end connection between Amazon and you, there might be a secure connection between you and an attacker (who can read everything you do in the clear), and then a second secure connection between the attacker and Amazon.

To some extent, the problem can be mitigated through technical means (as described in the linked article). Beyond that, the question arises of what constitutes adequate precautions, from both a legal and a personal standpoint, and who should pay the costs associated with data breaches and fraud.

[Update: 23 February 2009] The slides from the original presentation about SSL Strip are available here and here. Both servers are under a fair bit of strain, due to all the popular interest about this topic, so it may be tricky to access them during the next few days.

[Update: 25 February 2009] SSL Strip can actually be downloaded on Marlinspike’s website.

[Update: 5 November 2009] One thing I think these SSL exploits (and others described in comments below) demonstrate is that we cannot rely completely on technical means to avoid fraud and theft online. There is also a role to be played by laws on liability and other means.

Webs of trust in academic publishing

Public key cryptography was a breakthrough because of the many new types of secure communication it suddenly permitted: most importantly, between people who do not have a trusted channel through which to exchage a symmetric key. Instead, it permits each partner to make a public key widely available, as well as use the public keys of others to encrypt messages that only they can decrypt.

One avenue of attack against this kind of system is for an attacker to make a public key available that they pretend belongs to someone else. For instance, you mighy try to impersonate a government or industry figure, then have people send sensitive materials to you inadvertantly. One way to prevent this kind of attack is to use key signing: an approach employed by both the commercial software PGP and the free GPG alternative. With key signing, you produce a web of trust, in which people use their own secret keys to vouch for the validity of public keys posted by others. That way, if I trust Bob and Bob trusts Jim, I can adopt that trust transitively.

GPeerReview is a system intended to extend this trust function to the review of academic work. Reviewers produce comments on documents and sign them with their keys. These comments can include different levels of endorsement for the work being scrutinized.

It is difficult to know whether the level of academic fraud that takes place justifies this sort of cryptographic response, but it seems like a neat idea regardless. Providing secure mechanisms for people to prove who they are and that things are properly attributed to them is increasingly important as technology makes it ever-easier for nefarious individuals to impersonate anyone in front of a wide audience.

Hiding Nobel Prize medals

Recently, I came across an interesting anecdote about the history of Nobel prizes: specifically, those that were awarded to James Franck (for work on quantum physics) and Max von Laue (for discovering x-ray crystal diffraction). Fearful of confiscation by the Nazis, both scientists illegally sent their medals to Niels Bohr in Copenhagen, for safe keeping. Franck then fled from Germany to America, prior to the Nazi invasion of Denmark in 1940.

At the time, sending the medals out of Germany was a very serious crime and, since they were engraved with the names of their recipients, Bohr feared what would happen to them if the medals were found by the occupying army. Fearful that the invaders would find and confiscate the medals, Bohr eventually passed the medals to the chemist George de Hevesy, who subsequently dissolved both Franck and von Laue’s medals in acid (aqua regia, specifically). He was able to hide the resulting black solution from the Nazi invaders and, after the war, the gold was precipitated out of the solution and sent to Stockholm to be re-forged into medals by the Swedish Academy. Bohr had previously sold his own medal at a charitable auction earlier that year.

In 1943, de Hevesy himself won a Nobel Prize in Chemistry, for work on using isotopes to trace chemical processes.

NGOs and armed actors

One of the more regrettable developments in international relations in recent years has been the intentional targeting of humanitarian relief organizations, and all the complexities that derive from that. Sometimes, aid groups are presented with difficult choices between accepting protection from an army – and, in so doing, losing part of their claim to neutrality – or disengaging from a conflict zone in which they could otherwise do a lot of good.

Edwina Thompson, a friend of mine from Oxford, has written a report on the problem for World Vision International: Principled Pragmatism: NGO engagement with armed actors. To those interested in armed conflict and humanitarian assistance, it is worth taking a look at.

In the concluding section, the report identifies existing gaps in efforts to manage civilian-military relations. It also provides recommendations to the international community, donors, and NGOs.

Three passages from Payback

There are three further elements of Margaret Atwood’s Payback that seem in keeping with the themes of this blog, and the current conversations here. I am not going to comment on them excessively, since I think they provoke enough thinking in themselves.

The first is her list of possible responses to major crises. You can “Protect Yourself, Give Up and Party, Help Others, Blame, Bear Witness, and Go About Your Life.” In the context of climate change, it seems like we are all engaging in a particular combination of these behaviours. It is worth contemplating if it is the right one. She doesn’t really discuss how there is a prisoner’s dilemma at work here. If nobody else addresses problems, protecting yourself or partying are your best options. If you can convince others to cooperate, you can help others and get on with your life.

The second is her description of an international approach to climate change mitigation:

[G]lobal warming has been dealt with at a global summit during which world leaders gave up paranoia, envy, rivalry, power-hunger, greed, and debate over who should start cutting down the carbon footprint first and rolled up their sleeves and got with it.

While that is a very appealing vision for how developed and rapidly developing states might behave, it does seem appropriate to recall that, in many places, the reduction of extreme poverty and insecurity is a more urgent task. Let Canada, China, and the United States learn how to run a zero carbon society, before calling on Sudan or Afghanistan to do so.

The third is a hypothetical response the American president could have given to the September 11th attacks:

We have suffered a grievous loss – a blow has been struck at us that was motivated by an obsessive desire to harm us. We realize that this was the work of a small group of fanatics. Other nations might bomb the stuffing out of the civilian population where those fanatics are at present located, but we recognize the futility of such an action. Nor will we accuse any bystander nation of having been involved. We realize that acts of vengeance recoil upon the heads of the inventors, and we do not wish to perpetuate a chain reaction of revenge. Therefore we will forgive.

The quote is an interesting one. For me, the last sentence somewhat clashes with the rest. It is one thing to say: “We will not take this fight to those who did not start it.” It is quite another to say that we will not respond directly to those who did, while being careful to spare the innocent. While it is on the fringe of what is imaginable that the United States might have responded to Al Qaeda through international cooperation and the vigorous efforts of law enforcement and the courts, it doesn’t seem either moral or believable that they would not respond in some way to those who were directly involved.

Payback: Debt and the Shadow Side of Wealth

This series of lectures, published in book form, shows Margaret Atwood at her lively best. It is reminiscent of James Burke’s series ‘Connections,’ in which he traces a seemingly random path through history, choosing the most interesting and unexpected road at every juncture. In some ways, Atwood’s consideration of debt occurs in an even richer world, since it includes literature, mythology, and religion among the kind of paths that can be followed.

The first section of the book examines debt in a historical and conceptual way: considering different kinds of debt (financial, moral, spiritual, etc) as well as different modes of repayment. It considers the ethics of being a borrower and a lender, as well as the consequences that can arise for those who happen to be near either. Atwood’s examination highlights how lenders can err both in being too harsh on their debtors and in being too stingy with their money – both the vicious loan shark and the penny-pinching miser are culpable. The book discusses revenge as a special form of debt repayment, as well as the complexities that arise when debts are being incurred by states and princes. All this is made quite entertaining by the cleverness of the connections being identified, and the teasing and humorous tone of the narration.

The second section is an exposition of our current state of deep indebtedness, and a recognition that the greatest and most threatening of those debts are ecological. While Atwood’s updated Scrooge story includes asides on the unjustness of the World Bank and IMF, as well as the risks associated with fiat currencies, her primary concern is with the wanton destruction of the natural world that has been accelerating since the industrial revolution. She singles out overfishing, biofuels, deforestation, overpopulation, soil depletion, and climate change as examples, painting a general picture of extreme human recklessness. The redemptive vision is one based around neo-hippie victory: renewable power, an international agreement to stop climate change, and organic food for all.

The concluding story feels a bit trite, really. Any corporate baron paying the slightest bit of attention would already be jaded about the messages from the ghosts Atwood’s Scrooge Nouveau receives. That said, and while the literary merits of the first section exceed those of the second, it is appealing that this is a book of action as well as contemplation. It is hard not to agree with the thrust of Atwood’s argument. By all means, let’s increase the fairness of the global financial system and curb humanity’s self-destructive ways. This book contributes to that project by provoking a great deal of thought about the symbolism and meanings of debt. We will need to look beyond it for concrete ideas about how to overthrow or convert those who favour the status quo and thus bring about a sustainable (appropriately indebted) new order.

I say ‘appropriately indebted’ because the book makes a strong case that we can never really be out of debt. As social entities, there are always tallies of obligation between us, and nobody can ever be said to be sitting perfectly at the balance point of these transactions. Indeed, given the way they are denominated in different currencies (honour, favours, wealth), seeking such an outcome is hopeless. What we can attain is the position of borrowing and lending rightly, with forgiveness and an awareness and concern about the consequences for those around us and the wider world.

In any case, the book is highly topical, informative, and makes for a quick and rewarding read. It is telling that, while other books have been sitting around my apartment for months, I received this one in the mail yesterday and finished it today.