Category: Security

Security is immunity from the will of others.

1958 climate change video

Boing Boing came up with quite a find today: a video from 1958 that is both amusing and full of relatively accurate information about climate change. Entitled “The Unchained Goddess,” it was produced as an episode of the Bell Telephone Hour.

As I have described before, the idea that climate change only entered the realm of scientific knowledge within the last few years is quite mistaken. Notice also how the announcer in the video is concerned about emissions of “six billion tonnes per year of carbon dioxide.” The figure today is closer to forty billion.

The Code-Breakers

For those with a serious interest in the history and practice of cryptography, David Khan’s The Code-Breakers: The Comprehensive History of Secret Communication from Ancient Times to the Internet provides an enormous mass of knowledge. The scope of the 1200 page book is vast: covering everything from the earliest ciphers to the origins of public key cryptography in detail. It is probably fair to say that the period best covered is that between the Middle Ages and the Second World War, though the sections covering the decoding of Egyptian hieroglyphics and Linear B are also detailed and skilfully written. Those interested primarily in the contemporary practice of cryptography – or those seeking a more concise text – would be well advised to consider the books by Simon Singh and Bruce Schneier on the topic.

Khan’s book excels in actually describing how various cryptographic systems work, as well as how they were broken. For the most part, his analysis is factual and dispassionate. The sole exception is in the period covering the Cold War, in which his ire against the Soviet Union and those Americans who turned into traitors for it are acute. At times, the book gets into an excessive amount of detail about the bureaucratic organization of different cipher bureaus: including lengthy sections about how various wartime bodies were reorganized. In most cases, the book does not provide much biography on the men and women involved, though exceptions exist in the case of some of the most eminent or interesting cryptographers. The book does provide an interesting discussion of the history of writing on cryptography, including the impact that major publications had on the development of the field and its comprehension within society at large. Kahn also does a good job of debunking some of the many spurious claims that have been made about ‘revolutionary’ and ‘unbreakable’ cryptosystems that people have invented: stressing how the making of cryptographic systems is a realm of abstract mathematics, while the breaking of such systems is a gritty and practical exercise.

In addition to covering the techniques of cryptography and cryptanalysis themselves, the book covers many related security issues: including physical security, invisible inks, elements of spycraft, decisions about how to use information gleaned through cryptanalysis, and the use of broken cryptographic systems to transmit fake or confusing information. The book also covers the relationships between cryptographic work and the activities it is supporting. An especially intriguing section details the efforts of the American navy to combat rum smuggling during the prohibition era. Ships with floating cryptoanalytical laboratories provided vital intelligence to interception vessels, just as other cryptanalysis had helped re-direct U-boats away from German submarines during the Second World War. The book covers an enormous variety of code systems, ranging in use and sophistication. These include diplomatic and commercial systems, high level military systems used between major installations, systems for vehicles, trench codes for those on the front lines, and more. The most abstract section of the book contemplates communication between human beings and extraterrestrials, covering questions about how we could recognize alien communication, as well as mathematical steps through which a comprehensible discourse could potentially be established.

For those interested in actually breaking codes and ciphers themselves, the book provides detailed information on techniques including frequency analysis, factorization attacks of the kind used against polyalphabetic substitution ciphers, and the index of coincidence. It also provides a lot of information on the weak ways in which cryptography is often used and the kinds of errors that have allowed for key breaks into previously unreadable cryptosystems. While it would not be especially useful for attacking modern computerized cryptographic systems, it would provide some guidance for those seeking to break into amateur or puzzle-type cryptographic challenges.

The Code-Breakers may well be the most comprehensive cryptographic history available, though it is far less detailed in its description of post-Cold War cryptosystems than some of its more concise recent contemporaries. For those wishing to gain an appreciation for how cryptography emerged, the role it played for most of human history, and the techniques that have been employed to guard and attack messages, this is an ideal place to turn.

Resource types and the resource curse

As discussed before, the ‘resource curse’ hypothesis holds that the presence of valuable resources can sometimes reduce the security of states, since it offers up a prize to anyone capable of seizing them. A bit of recent research has added nuance to the picture. By looking at the long-running civil war in Columbia, the authors were able to look at periods when coffee (a labour intense crop) and oil (a capital intense crop) rose and fell in value:

Using newspaper reports of violent skirmishes in 950 Colombian municipalities between 1988 and 2005, Dube and Vargas find that when coffee prices went up, violence went down in locations where a large fraction of land area was under coffee cultivation. When coffee prices fell, however, as they did by almost 70 percent in the late 1990s, violence in coffee areas rose dramatically. The researchers estimate that an additional 500 deaths may have resulted from the increased conflict that came from lower coffee prices. The opposite was true for oil: It was higher prices that intensified conflict in areas with productive oil wells or pipelines. (Since both coffee and oil prices are traded in global markets, it is unlikely that price increases were caused by panicking commodities traders spooked by increased civil-war violence in Colombia.)

One suggestion that arises is not unfamiliar: establish strong governance regimes in states with capital intensive resources. It is far better to be like Norway, using resource income transparently and putting aside a share of the oil revenues for the benefit of future generations, than like Nigeria, long mired in conflict as different groups compete for resource wealth.

On the labour intensive side, the proposal is a bit more novel: provide international aid to stabilize commodity prices in conflict-prone states. There are those who argue that a 50% drop in coffee prices helped cause the Rwandan genocide. Surely, the economic cost of temporarily bolstering commodity prices in delicate states is less than the probable cost of re-establishing security and resuming development after an internal conflict. The difference between the economic cost and the moral cost of inaction is probably greater still.

Is runaway climate change possible?

One aspect about the possibility of runaway climate change needs to be clarified. The basic mechanism through which it could take place is akin to a feedback loop in a sound system: a small initial warming gets amplified through a feedback, producing more warming in a manner that itself generates even more warming. For such a loop to occur, the feedback effect needs to be quite strong.

Stefan–Boltzmann’s law expresses this mathematically. For an intuitive appreciation, consider the difference between bank lending and a nuclear chain reaction. In an idealized case, a bank would draw from the savings of customers to make a loan. The recipient of that loan might then put part of it in the bank, and the bank may then make additional loans on the basis of that. The total lending of the bank becomes larger than the original loan, but to a non-infinite extent. By contrast, each time an atom of uranium splits in a runaway chain reaction, it releases neutrons that cause more than one other atom to split as well. The result is a reaction occurring at an ever-increasing rate.

It is quite possible that genuine runaway climate change is not possible on Earth – that the existing feedbacks are of the bank lending rather than the nuclear blast variety. That being said, the possibility of warming itself producing further warming remains extremely worrisome. It wouldn’t require ever-escalating temperatures for climate change to be globally devastating. Quite probably, any warming of more than 5˚C would deserve the adjective. The most credible climatic models project approximately that level of warming by 2100, if emissions continue to increase at the present rate.

Covert way to collect samples

A clever way to learn who in a town is making bombs: start a laundromat, send coupons to every house that are marked to identify each, then test the clothes and bedding for residue from explosives or explosive precursors. You can start with coupons specific to each street, then move to another set numbered for each house once the proper streets are identified.

Apparently, the British used this tactic against the IRA.

As with many security-related things, I learned about it from Bruce Schneier’s blog.

Building a low-carbon political consensus

In order to begin a sustained transition to a low-carbon global economy, the following things need to occur:

  • Political parties and the public at large must accept that stabilizing climate means eventually eliminating net emissions.
  • They must understand what the on-the-ground ramifications of this are.
  • A price for carbon must be established, with mechanisms for international trading.
  • Climate policies must become more rigorous over time, regardless of who is in power.
  • Climatic stability must become an axiom of all political ideologies accepted by parties likely to gain power in major emitting states.
  • Emissions reductions must take place both during times of strong economic growth and during times of economic difficulty.

Getting to that point, and doing so fast enough to prevent more than 2°C of mean temperature change, will be very challenging indeed – even if the actual sensitivity of the climate to greenhouse gasses is at the low end of the probable range.

It will probably require the rout of the small but highly effective climate change denial industry. In addition, it will require a jump in public imagination to being able to imagine an attractive low-carbon future. Either alternative or in addition, it will also required increased awareness of just how bad climate change could be. The Meteorological Office of the United Kingdom predicts that a business-as-usual course of emissions until 2050 would lead to 5.5°C to 7.1°C of temperature increase by 2100. For context, the IPCC projects that a temperature rise of 3.5°C to 7.1°C would place 48% to 100% of all species at risk of extinction. My guess is that the upper bound doesn’t include microorganisms, but it would still be pretty frightening if it only included multi-cellular beings. For the same temperature range, the predicted likelihood of “initiating irreversible melt of the Greenland ice sheet” is 85% to 100% and the “percentage of mortality in tolerant coral species” is 90% to 100%.

Here’s hoping that political consensus comes together soon… The frequent refrain of ‘balancing’ economic growth with environmental protection becomes insane when these kinds of ecological consequences are possible.

Attacking encrypted bitmaps

Just because your photos are encrypted, it doesn’t seem that you can count on them to be totally unreadable to someone without the key. The attack only seems to work against bitmap images, so those secret JPGs, PNGs, and GIFs should be safe for now. This is because most types of files contain significantly more entropy than bitmaps. That is to say, there is a lot more redundant information in a BMP file than there is in something compressed. Even in the case of the vulnerable images, the technique can only produce “the outline of a high-contrast image.”

Once again, it proves the statement that ‘you can’t hide secrets from the future with math.’ Cryptographic attacks – and the resources available to attackers – will only keep increasing over time.

Video explaining runaway climate change

I have often spent time thinking about the danger of a tipping point into runaway climate change – particularly about the ways in which the concept can be conveyed to non-experts in a comprehensible manner. This eleven minute video does a good job. The script, with peer-reviewed references and additional information is at wakeupfreakout.org.

Here are some related prior posts:

I discovered the video linked above through this Gristmill post.

[Update: 4 February 2009] Here is a post on the danger of self-amplifying, runaway climate change: Is runaway climate change possible? Hansen’s take.

Hackers in the Large Hadron Collider

Apparently, hackers managed to take control of a website related to the Compact Muon Solenoid Experiment: one of the five detectors within the Large Hadron Collider (LHC). This isn’t terribly surprising, since high profile websites get vandalized reasonably frequently. What is rather more disturbing is that the hackers were apparently “one step away” from the control system of the detector itself. While I don’t know the details of the design, not connecting the computers that control the machine to the internet would seem like an elementary precaution. Not connecting them to publicly accessible web servers, even more so.

Apparently, the beams circulating in the LHC will eventually have as much kinetic energy as an aircraft carrier going 12 knots – all concentrated into bunches circling the accelerator 11,000 times per second. Preventing outside access to the control systems for the sensors that will make sense of all the data seems like common sense, even if the output from those sensors is getting sent around the world for analysis.

Naomi Oreskes, climate science, and the JASON group

The JASON Defense Advisory Group consists of top-notch American scientists who carry out requested research on behalf of the American government during the summer months. Past areas of research have included adaptive optics of the kind used to remove atmospheric distortions from telescope images, a system for communicating with submarines using very long radio waves, missile defence, and more.

Back in 1979, the JASONs looked into the issue of climate change – concluding that the atmospheric concentration of carbon dioxide could double by 2035, causing an increase in the mean temperature of the oceans and atmosphere. Despite not having any climatological background, they constructed their own mathematical model to approximate the relationships between greenhouse gas emissions, atmospheric concentrations, temperature changes, sea level rise, and other phenomena. Unlike many of their other non-classified reports, “The Long Term Impact of Atmospheric Carbon Dioxide on Climate” doesn’t seem to be readily available online. Nonetheless, some information on both the report and the JASONs is included in this Times article by Naomi Oreskes: the woman most famous for her 2004 Science article “Beyond the Ivory Tower: The Scientific Consensus on Climate Change,” in which she demonstrated that disagreement about the fundamentals of climate change existed in the media, not within the scientific literature.

The Times article, the Science paper, and the available JASON reports all make for informative reading.