Security – Page 47 – a sibilant intake of breath

Problems with government databases

By now, everyone has probably heard about the data loss debacle in the United Kingdom. The British government lost the child benefit records for 25 million people. These records include addresses, dates of birth, bank account information, and national insurance numbers. In total, 40% of the British population has been exposed to the risk of identity theft.

Obviously, this should never have happened. One government agency requested some anonymized data for statistical purposes. Instead, a different department sent them the whole dataset in an unencrypted format. Encrypting the discs would have made it nearly impossible for thieves to access the data; anonymizing the data would have made such theft unprofitable. The failure to do either is the height of idiocy, but it is probably what we need to expect from the civilian parts of government when it comes to data security. Security is hard; it requires clever people with good training, and it requires oversight to ensure that insiders are competent and not cheating. People who are naive and naturally helpful can always be exploited by attackers.

In response to this situation, two sets of things need to be done. The first is to correct the specific failures that cause this kind of problem: require encryption of sensitive documents in transit, limit who has access to such sensitive databases, and tighten the procedures surrounding their use. The second is to limit the amount of such data that is available to steal in the first place. That could involve using paper records instead of digital ones – making mass theft dramatically harder to accomplish. It may also involve not creating these kinds of huge databases, as useful as they may seem when working properly.

It is fair to say that there will always be people out there able to break into any information that a large number of civil servants have access to. This would be true even if all civil servants were capable and virtuous people, because a lot of the best computer talent is applied to breaking flawed security systems. Given that bureaucrats are human, and thus subject to greed and manipulation, the prospects for keeping a lid on government data are even worse. Acknowledging the realities of the world, as well as the principle of defence in depth, suggests that limiting the volume of data collected and held by all governments is an appropriate response to the general security risks highlighted by this specific incident.

Cell phone eavesdropping

Analog cellular phones are absurdly vulnerable to eavesdropping. Anyone with a radio that can be tuned to the frequency used by a particular phone can listen to all calls being made, and anyone with a transmitter that would operate on that frequency can make calls that will be billed to the subscriber’s account. At a church sale while I was in elementary school, a friend of mine picked up a radio scanner capable of monitoring nearby cell calls for $20. Things improved with digital cell technology, notably the GSM standard common in Europe and the CDMA standard used in North America. As well as allowing more efficient usage of radio spectrum, the digital technologies made it such that someone with nothing more than a radio could no longer make or overhear calls.

GSM phones, the more common sort globally, employ a number of cryptographic features. The first is the use of a SIM card and a challenge-response protocol to authenticate the phone to the network. This ‘proves’ that calls are being made by the legitimate account holder and not by someone impersonating them. GSM can also utilize encryption between the phone and base station as a form of protection against interception.

Unfortunately, a design flaw in the GSM standards somewhat undermines the value of the latter. While the phone must prove to the network that it is authentic, no such thing is required in the other direction. As such, anyone with the resources and skill can build a machine that looks like a cell phone tower, from the perspective of a phone. The phone will then dutifully begin encrypting the conversation, though with the malicious man in the middle monitoring. The device impersonating a cell tower to the phone impersonates a phone to a real cell tower, allowing the person using the phone to make calls normally, ignorant of the fact that their communications are being monitored.

Of course, anyone who has access to the phone company’s network can do all this and more. This includes law enforcement personnel conducting legal surveillance with warrants. Unfortunately, it also includes potentially unscrupulous people working for the cell phone company and anyone with the capability to break into their networks.

SONAR and modern naval warfare

Arguably, submarines are the greatest threat to a modern carrier battle group. Aircraft can be detected at long range using over the horizon RADAR and picket ships. Subs generally need to be located using SONAR, though magnetic anomaly detection can sometimes locate them as well.

Warm surface waters are separated from the chilly bulk of the ocean by a layer called the themocline. The fact that this layer reflects sound makes SONAR based detection across it highly challenging: especially when the contact is something as quiet as a modern hunter-killer submarine. It is possible to use active sonar (the pinging thing from movies), but the sound produced by such systems reveals your position to others for a distance ten times greater than the effective detection range of the device. It also horribly damages the ears of whales, especially when used at crazy amplitudes like 250 decibels.

One way to deal with the thermocline problem while still using undetectable passive SONAR is to use a towed variable depth sonar array. For a ship, that would be pulled along beneath the thermocline. For a sub, it would probably be deployed above the layer. Another approach is to exploit convergence zones. Because of the nature of water under pressure, sound gets reflected off the ocean floor and back to the surface at intervals of 61 km. Sounds originating in one place can thus be best detected at points forming concentric circles.

Problems with SONAR are much worse in shallow waters, where high levels of noise from animals, waves, and tide noise make passive SONAR pretty useless. As such, modern navies avoid such waters as much as possible and behave as though they have already been detected by enemy forces whenever forced to operate within them.

The Bottom Billion

Paul Collier‘s slim and informative volume is true to my recollection of the man from Oxford. The Bottom Billion: Why the Poorest Countries are Failing and What Can Be Done About It is engaging, concise, and powerfully argued. It is also unsparing in its criticism. Collier explains that the ‘developing world’ consists of two groups of states: those experiencing sustained growth and thus seeing their standard of living converging with those in the rich world and those that are ‘stuck’ in poverty, with stagnant growth or absolute decline.

Poverty traps

The ‘stuck’ states – where the world’s poorest billion inhabitants are concentrated – are trapped in one of four ways: by conflict, natural resources, being landlocked with bad neighbours, and by bad governance. States can be trapped in more than one simultaneously and, even when they escape, there are systemic reasons for which they are unusually likely to fall back into one. The discussion of the traps is particularly informative because of how quantitative methods have been used in support of anecdotal arguments.

Not only are ‘bottom billion’ states unusually likely to suffer from conflict, corruption, and similar problems, but some of the most important paths to growth used by states that have already escaped poverty are closed to them. To grow through the export of manufactured goods, you need both low wages and economies of scale. Even if wages in Ghana are lower than those in China, China has the infrastructure and the attention of investors. The presence of export-driven Asian economies makes it harder for ‘bottom billion’ states to get on a path to development.

Solutions

Collier’s proposed solutions include aid, military intervention, changes to domestic and international laws and norms, and changes to trade policy. Much of it is familiar to those who have followed development debates: the problems with agricultural tariffs, the way aid is often used to serve domestic interests rather than poverty reduction, corruption within extractive industries, and the like. His most interesting ideas are the five international ‘charters’ he proposes. These would establish norms of best practice in relation to natural resource revenues, democracy, budget transparency, postconflict situations, and investment. Examining them in detail exceeds what can be written here, but it is fair to say that his suggestions are novel and well argued. He also proposes that ‘bottom billion’ states should see import tariffs in rich states immediately removed for their benefit. This is meant to give them a chance of getting onto the path of manufacture-led growth, despite the current advantages of fast-growing Asian states. His idea that states that meet standards of transparency and democracy should be given international guarantees against being overthrown in coups is also a novel and interesting one.

Position in the development debate

Collier’s book is partly a response to Jeffrey Sachs’ much discussed The End of Poverty: Economic Possibilities for Our Time. Sachs pays much more attention to disease and has more faith in the power of foreign aid, but the two analyses are not really contradictory. Together, they help to define a debate that should be raging within the international development community.

Collier’s treatment is surprisingly comprehensive for such a modest volume, covering everything from coups to domestic capital flight in 200 pages. The approach taken is very quantitatively oriented, backing up assertions through the use of statistical methods that are described but not comprehensively laid out. Those wanting to really evaluate his methodology should read the papers cited in an appendix. Several are linked on his website.

Environmental issues

Environmental issues receive scant attention in this analysis. When mentioned, they are mostly derided as distractions from the real task of poverty reduction. It is fair enough to say that environmental sustainability is less of a priority than alleviating extreme poverty within these states. That said, the environment is one area where his assertion that the poverty in some parts of the world is not the product of the affluence in others is most dubious. It is likely to become even more so in the near future, not least because of water scarcity and climate change.

Climate change receives only a single, peripheral mention. This is probably appropriate. Surely, the effects of climate change will make it harder to escape the traps that Collier describes. That doesn’t really change his analysis of them or the validity of his prescriptions. The best bet for very poor states is to grow to the point where they have a greater capacity to adapt and will be less vulnerable to whatever the future will bring.

‘Nuclear weapons sharing’ in Europe

One obscure but troubling legacy of the Cold War is the American nuclear weapons that are deployed in Belgium, Italy, and the Netherlands under NATO nuclear weapons sharing agreements. The arsenals consist of 150 B61 gravity bombs held in US custody, apparently for the enduring purpose of deterring a Soviet/Russian tank invasion of Europe. The bombs can be tailored to different yields: with different versions capable of producing explosions with between 0.3 and 340 megatonnes of power. In total, about 3,155 of these bombs were made, with between 1,200 and 1,900 still in service worldwide. A 1994 variant has a hardened casing and can be used as a nuclear bunker buster.

Apparently, these weapons were in place during the negotiation of the 1970 Nuclear Non-Proliferation Treaty and two arguments were privately maintained about why this usage is not in contravention of the treaty. The first was that, since the bombs were under American control, they had not been illegally transferred from a nuclear-weapons state to a non-nuclear weapon state in violation of Article I of the Treaty. The second was that the weapons would not be used “unless and until a decision were made to go to war, at which the treaty would no longer be controlling.”

The latter argument strikes me as exceptionally weak – as does the general rationale for maintaining these weapons. The existing arsenals of American submarine launched missiles, land-based ICBMs, nuclear-equipped bombers, and nuclear cruise missiles would seem sufficient to serve any conceivable purpose for which these bombs might be used. I am also willing to bet that your average Belgian, Italian, or Dutch citizen isn’t too pleased to have the things within their borders.

Banning photography reduces our security

Yet another story has surfaced about the authorities being overly heavy handed in response to photography. This time, it a Japanese man threatened and detained because he was taking photos from the window of a moving train. There are two important responses to this trend. The first is to stress that it is useless for security purposes. If there is a situation in which taking a photo would help a terrorist to achieve their objectives, no enforceable anti-photo policy will deter them. Anyone willing to plan or undertake a terrorist attack will be able to tolerate any punishment that could conceivably be imposed for taking photos. They are also likely to be able to take photos in a way that will not be noticed: either with sneaky hidden cameras or with a simple camera phone or by developing an awareness of when the authorities are watching. Banning photography in places like vehicles and bridges punishes photography enthusiasts and serves no security purpose.

Secondly, the ability to take photographs is an important check against the abuse of authority. Without the infamous videotape, it is likely that the Rodney King beating would never have received public attention and that the officers involved would have been able to lie their way out of the situation. Similar abuses, such as the inappropriate use of tasers, have been appropriately documented because people present had the capability and initiative to make a recording. Photos, videos, and other recordings can provide a vital record of interactions with authority: both allowing people whose rights are abused to provide evidence and allowing frivolous claims to be dismissed. A security force that is serious about good conduct and oversight has nothing to fear and much to gain from a bit of public surveillance.

More generally, banning photography is symptomatic of the demise of open society. While there are legitimate security risks that exist and reasonable steps that should be taken to protect against them, reducing oversight and individual liberty both undermines the very things we are trying to protect and creates new risks of abuse at the hands of modern society’s burly new enforcers.

[Update: 15 November 2007] This post on Classical Bookworm, about a recent incident at the Vancouver airport, highlights how important it is for private citizens to be able to record the actions of police and other security officials.

Pakistan’s state of emergency

While I cannot speak on them with any particular knowledge or authority, it does seem that the unfolding events in Pakistan generate some ominous possibilities within the region. A recent Stratfor briefing argues that:

Whether Musharraf himself survives is not a historically significant issue. What is significant is whether Pakistan will fall into internal chaos or civil war, or fragment into smaller states. We must consider what that would mean.

One can only begin to imagine how the Middle East would change if Pakistan disintegrated. It’s a nuclear power bordering a huge but relatively fragile democracy, as well as Iran and Afghanistan. Furthermore, that exists in the context of the Iranian drive for nuclear weapons, the weakness of the Afghan federal government, and. the possibility of the breakup of Iraq (as well as a Turkish attack against the northern Kurdish region). Even for a region that has frequently been in turmoil, this is quite a confluence of events.

Given the context, it is unsurprising that climate change is not the top priority in Pakistan, though the inevitable disruption a changing climate will bring in future decades does seem likely to exacerbate tensions in this part of the world.

Gladwell on criminal profiling

Malcolm Gladwell, author of The Tipping Point and Blink, has an interesting article in the most recent New Yorker debunking police profiling of violent offenders. He basically argues that their methods are unsound, but that this is concealed by the same kind of cheap psychological tricks used by telephone psychics. In particular, the article discusses a set of tactics described by Ian Rowland: a magician and the author of a book on cold reading.

The tactics included focus on calculated vagueness, exploitation of known or highly probable information, and mechanisms for reducing the chances of being decisively proved wrong. The last of those is particularly crucial, as it can allow you to retain your reputation despite the inevitability of making some incorrect guesses.

Be advised that the article has graphic content.

Reliable Replacement Warheads

Since July 16th, 1945 the United States has been a nuclear power. The first American thermonuclear weapon was detonated in 1952. During the span of the Cold War, tens of thousands of hydrogen bombs were assembled and mounted inside artillery shells, torpedoes, submarine launched missiles, cruise missiles, land-based ICBMs, and aircraft-mounted bombs. Now, these weapons are starting to age and a debate has emerged on what should be done with them.

Many of these weapons are highly complex. A standard submarine-based missile has a conical warhead. Inside is a uranium casing that serves to contain the original blast until a maximum amount of fission has occurred. At the bottom of that casing is a ‘pit’ of plutonium which is at a sub-critical density. Around that is a casing of brittle, toxic, neutron-reflecting beryllium. Inside it may be a cavity containing tritium and deuterium gas (in the case of a “boosted” primary). Around the beryllium outer sphere is a shell of high explosives designed to explode with fantastic precision, crush the plutonium pit to supercritical density, and initiate the fission reaction.

This whole assembly exists to initiate fusion in the ‘secondary,’ located higher in the outer uranium casing. The material that undergoes fusion – usually lithium deuteride – is wrapped around another sphere of uranium and is, in turn, wrapped in more uranium. All this is to create the largest possible yield in a relatively small and light package. The small size and conical shape allow eight or more of these devices to be placed on a single missile and then independently targeted once that missile is at the height of its ascent.

The 2008 budget allocated $6.5 billion for the maintenance of the American nuclear stockpile. That consists of 9,900 assembled warheads – 5,700 of them deployed operationally. In addition to these, about 7,000 plutonium pits are stored at the Pantex Plant in Amarillo, Texas. As the weapons age, concerns are developing about their reliability. They all contain high explosives, toxic chemicals, and corrosive agents. While it is possible to upgrade many of the non-nuclear components and replace them with more stable variants, the newly assembled bombs could not legally be tested: potentially leaving military commanders in doubt about their usability.

That is, in essence, the core of the ongoing debate about the Reliable Replacement Warhead (RRW). The program would begin by refurbishing 100 kiloton W76 warheads, which is already undergoing a less ambitious retrofitting. The hope is that the program can produce weapons with long durability and lower maintenance costs, and be able to do so without requiring full-scale tests of the devices, as were conducted in Nevada and the Marshall Islands during the Cold War. I won’t get into the details of the debate here. More than sufficient information exists online and in recent newspapers and magazines. What is less frequently considered are some of the aspects of international law relevant to nuclear weapons.

The whole program should remind people about an oft-forgotten element of the Nuclear Non-Proliferation Treaty. Everyone remembers the bit about signatories without nuclear weapons pledging not to acquire them. People forget that the treaty also obliges existing nuclear powers to reduce their arsenals as part of an overall progression towards de-nuclearization. Upgrading your nuclear arsenal to endure further decades of operational status is hardly consistent with this requirement. It also signals to other states that the United States continues to consider operationally deployed nuclear weapons an important part of their overall military strategy.

Individuals and organizations contemplating a sizable RRW program might also do well to re-read the Advisory Opinion on the Legality of the Threat or use of Nuclear Weapons set down by the International Court of Justice. While such legal considerations are relatively unlikely to affect whatever decisions are made in relation to the RRW, examining the status of the law can be a good way to reach decisions about the respective rights and obligations of states.

Some carbon capture and storage numbers

For the period between now and 2030, the International Energy Agency predicts that energy demand will grow 1.7% annually. The also predict that 85% of the new demand will be met using fossil fuel generation: including a doubling of coal power output from 1,000 gigawatts to 2,200 gigawatts. Given the retirement of old plants, this is a net growth of 1,400 gigawatts of coal capacity. 1,200 of those gigawatts are likely to be conventional coal technologies, while the remaining 200 are expected to be Integrated Gasification Combined Cycle (IGCC) plants.

Since the Industrial Revolution got started in 1750, humanity has released about 150 gigatonnes of carbon dioxide into the atmosphere. This has increased the carbon dioxide concentration of the atmosphere from 280 parts per million to 380. Most scientists and economists agree that avoiding really dangerous climatic effects requires that emissions be stabilized between 450 and 550ppm. Last year, emissions were about 27.2 gigatonnes.

From the period when they are built until the time when they are slated for retirement, these new coal plants will emit 140 gigatonnes of carbon. One mechanism that has been emphasized for dealing with this is carbon capture and storage (CCS): whereby the carbon dioxide contained in the fossil fuels is re-buried once the energy in the fuels has been used.

According to Lynn Orr, director of the Global Climate and Energy Project at Stanford, using a quantity of infrastructure equal to that presently used to extract oil, we could sequester about 14% of humanity’s fossil fuel related emissions. That is about half the combined output from large factories and power stations – the kind of facilities where CCS is most likely to be used. According to an article in Nature, $80 billion dollars of investment per year would be sufficient to capture “several million tonnes of carbon per year.” Burying gigatonnes will presumably cost several orders of magnitude more.

If any meaningful CCS is to occur, those 1,400 gigawatts of new power stations must be built with at least the capability to be easily upgraded to use the technology. This is easier to do with IGCC plants than with conventional coal, though only four plants of the former sort have ever been built. Once power plants have the capability to employ CCS, it will be a matter of internalizing the social costs of carbon to the extent that it becomes more commercially appealing to sequester that to emit.