Category: Security

Security is immunity from the will of others.

Disorder and bad behaviour

Research conducted by Kees Keizer of the University of Groningen has demonstrated that the willingness of people to litter and steal increases when they are in disorderly surroundings. When experimental subjects were exposed to law- or rule-breaking, they were significantly more willing to litter, trespass, and steal. This is suggestive of how even relatively subtle cues in our surroundings and the behaviour of other people can affect our behaviour, perhaps in ways we aren’t consciously aware of.

One could certainly theorize about the social and evolutionary roles of such behaviour. When an individual is in an orderly situation, the costs associated with rule-breaking may be higher. It is clearer that they are making an individual contribution to the problem, and the absence of other violations suggests that enforcement exists and is effective. Conversely, those surrounded by disorder often have more of a need to fend for themselves, as well as less of a risk of being singled out and punished.

It would be quite interesting to see this kind of research extended, and some of its conclusions used to create new policies. The kind of harmful anti-social activities that could theoretically be combated seem very numerous: from the corruption of government officials to insider theft in the workplace to the dumping of toxic materials in parks or bodies of water. While this study provides no direct evidence that modifying the environments in which people find themselves can alter their behaviour, it does seem plausible and worth looking into.

Drug tests and false penises

In another drug war skirmish, the owners of a company selling fake penises and urine for beating drug tests have pleaded guilty to charges of conspiracy in an American federal court. The situation demonstrates how any security situation generates countermeasures. Banning outside alcohol from football games led to the Beerbelly, just as submarine warfare led to aerial sub-hunting patrols and new convoy techniques. Of course, some threats and responses are higher-risk than others.

Surely, none are worthy of concerted government attention than ferreting out the recreational marijuana users (as opposed to the users of legal alcohol) from within the workforce.

Oil tanker captured off Somalia

Yesterday, Somali pirates seized a Saudi Arabian oil supertanker, carrying about two million barrels of oil. It is a tangible demonstration of just how insecure marine traffic in some parts of the world has become. According to the Associated Press, “piracy is considered the most lucrative work in Somalia.” It is estimated that pirates have taken in $30 million in ransoms this year.

As discussed here before, piracy is a growing challenge for private shipping firms and the world’s navies. In the end, maritime insecurity derives from the lack of security on land. Pirates need means to acquire arms and recruits, as well as means to collect and launder ransoms and sell stolen goods. In the end, it is just another reason for which failed and failing states are of global concern.

New developments in spam

Remarkably, it seems that 70% of the world’s spam emails were originating from an American firm called McColo. On November 11th, two American internet service providers cut them off from the web, leading to the huge drop in the global volume of spam. It is estimated that 90% of spam messages are actually sent by computers that have been compromised by viruses, which makes it a bit surprising that such a drop could be generated by disconnecting one firm. Clearly, it is a network that needed central direction to operate. Those that emerge as successors will probably be more robust, located in more unpoliced jurisdictions, or both.

While the respite is likely to be temporary, the situation may reveal some useful information on the practice and economics of spam. This unrelated paper (PDF) examines the latter. The researchers infiltrated a segment of the Storm Botnet and monitored its activity and performance. On the basis of what they observed and estimates of the rest, they concluded that the botnet earned about 3.5 million dollars a year by selling pharmaceuticals. While that isn’t an inconsiderable sum, I suspect it is less than is being spent by companies combatting the flood of spam messages themselves.

Celebrating soldiers, celebrating peace

The problematic nature of Remembrance Day has been covered twice here already, in 2006 and 2007. My question for today is this: would it be better to have two separate holidays, one of which is unambiguously pacifist and committed to recognizing the horrible character of war, and another in which the sacrifices of veterans are marked?

The first occasion would mostly be about civilians, since theirs is the primary experience of contemporary war. The second would still need to address difficult questions about why sacrifices on one side were more noble than those on the other, as well as what kind of conduct we should consider acceptable or laudable in war.

Spying on North American weather

Most weather systems in the Atlantic move from west to east. As a result, the Allies had a tactical advantage during the Second World War. Their weather stations in North America provided information that was useful for making plans in the Atlantic and European theatres of war.

The Germans made a creative effort to alter that balance by secretly planting a weather station in Labrador. The automated station was transported by U-boat and installed under cover of fog. Unfortunately for the Germans, the station only operated for a few days and the U-boat sent to repair it got sunk.

You can see the weather station on display at the Canadian War Museum, which is free on Thursday evenings.

Protecting the new president

Alongside general jubilation about the Obama victory, a number of my friends have expressed their concern about Obama’s personal safety. That certainly seems like a legitimate concern. Four American presidents have been assassinated while in office, and every president since Nixon has faced at least one attempt (though levels of credibility vary). During his victory speech on election night, most people probably noticed the transparent bulletproof barriers set up around the podium.

The Secret Service is certainly taking the threat seriously. According to a Stratfor briefing, Obama got a security detail earlier than any other candidate and, by the end of his campaign, it had grown to the size of a full presidential protection team – unprecedented for a candidate, and a significant strain on the manpower of the service.

Given the likelihood that Obama will be targeted by white supremacists or others – as well as the colossal impact his assassination would likely have – I certainly don’t envy the Secret Service at this point in time. While they have plenty of resources to provide physical protection, as well as identify and break up conspiracies, the risk from disciplined and capable lone wolf operators is impossible to eliminate while maintaining public appearances. Even with the assistance of the FBI, CIA, NSA, etc, there will be a measure of luck involved in ensuring that future close contact with the public does not produce disaster.

NIST hash competition

Several times, the American government has held open competitions to create new cryptographic standards. Important examples include the Data Encryption Standard (DES) selected in 1976 and the Advanced Encryption Standard (AES) chosen in 2001. As mentioned before, the hunt is now on for a new hash function. These are one-way forms of encryption that play a number of vital roles, such as making it possible to save only encrypted versions of passwords in password databases that might be compromised.

Bruce Schneier, who made an unsuccessful bid for his TwoFish cipher to be accepted as the AES, is now part of the team that has created the Skein Hash Function for the ongoing National Institute of Standards and Technology competition. The function is based around a successor to TwoFish called, unsurprisingly, Threefish. All entries must be submitted by tomorrow and will be publicly scrutinized over the next four years or so. The result should be a more secure successor to the SHA hash functions.

Massive anti-terror database contemplated in the UK

British Transport Secretary Geoff Hoon has been saying some worrisome things about terrorism, security, and civil liberties. He is backing a plan to create a massive database of mobile and internet communications, for purposes of fighting terrorism. One worrisome aspect is the suggestion that it would be used to deal with “terrorists or criminals.” Technologies initially justified as an extreme measure necessary to fight terrorism will always spread to more banal uses, with a greater scope for abuses.

Indeed, that is the biggest issue that needs to be weighed against the possible terror-fighting capacity of such databases. They will inevitably be abused. Furthermore, governments are far more dangerous than terrorists, both when they are acting in malicious ways and when they are trying to be benign. Modern history certainly demonstrates that, while the power of terrorists to inflict harm is considerable, the ability of states to do so is extreme.

Previously:

Martin Hellman on the risk of nuclear war

Despite the end of the Cold War, there remains some possibility of a major nuclear exchange between some combination of those world powers with more than a couple of hundred nuclear weapons. Such an outcome could arise through accident or miscalculation, unauthorized launch, or simply through the progressive stressing of the situation, in a manner akin to the Cuban Missile Crisis in 1962, the Yom Kippur War of 1973, of the Able Archer exercise in 1983.

Martin Hellman – one of the three civilian inventors of public key cryptography – has written a piece describing some statistical ways through which we could contemplate the risk of global nuclear war, as well as evaluate it relative to other threats. As a near-term nightmare scenario, the massive use of nuclear weapons surely exceeds the threat posed by climate change: climatic change across a decade is highly abrupt, whereas the time between the decision to use nuclear weapons and the generation of mass casualties would likely be only minutes.

Based on the frequency with which near misses have taken place, Hellman argues that the perpetuation of the current global nuclear situation carries a 1% per year risk of mass nuclear exchange. He estimates that this exceeds the risk of living beside a nuclear power plant by 1000 to 1 and has a clever rhetorical device for making that concrete:

Equivalently, imagine two nuclear power plants being built on each side of your home. That’s all we can fit next to you, so now imagine a ring of four plants built around the first two, then another larger ring around that, and another and another until there are thousands of nuclear reactors surrounding you. That is the level of risk that my preliminary analysis indicates each of us faces from a failure of nuclear deterrence.

Surely, if his estimate is anywhere near correct, all the ongoing concern about new nuclear power plants should be superseded more than one thousandfold by concern about the state of security in the face of nuclear war. After all, everybody lives with the risk associated with global thermonuclear war and nuclear winter. Only those living fairly close to nuclear power plants bear acute risks associated with meltdowns.

Hellman’s warning is akin to the one repeatedly sounded by former US Defense Secretary Robert McNamara, who himself revised the American nuclear warplan for the Kennedy administration in 1963. In both cases, the suggestions are similar: work to reduce the number of weapons, increase the time required for anybody to use them, and avoid the complacent belief that the lack of explosive accidents or attacks since the Second World War proves them to be impossible.