Security – Page 47 – a sibilant intake of breath

An idea for reducing electoral fraud

When it comes to elections, there are a number of different kinds of attacks against the voting process that should concern us. Excluding things like bribing and threatening voters, we need to worry about votes not getting counted, votes getting changed, and votes being inappropriately added. In the first case, an unpopular government may remove opposition supporting ballots from ballot boxes in marginal constituencies. In the second, they might alter or replace ballots, converting opposition votes to government ones. In the third, they might simply add more ballots that support the government.

A relatively simple measure could protect against the first two possible attacks. When a person votes, they could be given a random string of characters. One copy would get printed on their ballot, another would be theirs to keep. Then, once the ballots had been tabulated, a list could be posted on the internet. Sorted by electoral district, it would list the various options people could have chosen, the total number of people who chose each, and a list of the random strings that each person brought home. The importance of the random string is that it preserves the integrity of the secret ballot. Because each string is generated using a random number generator, no string can be tied to an individual. Only the copy given to the voter allows them to check that their vote was properly counted.

Under this system, if I voted for Candidate A and got the string “GHYDMLKNDLHFL,” I could check the list under Candidate A on the website and ensure that my vote was counted for the right person. If my vote hadn’t been counted, my string wouldn’t be anywhere on the list. If it had been miscounted, it would appear in the wrong place. People who found themselves in that situation could complain to the electoral authority, the media, and foreign observers.

The system remains vulnerable to an attacker adding new ballots in support of their candidate, but only to a certain degree. Provided there are some independent observers watching the polling station, the approximate number of people who voted can be pretty easily determined. If the number of votes listed on the website is well in excess of that number, it can be concluded that fraud has occurred.

None of this is any good against a government truly committed to rigging an election; they will always be able to brush off complaints from foreigners and the media, and they will rig the electoral authority. At the same time, it would make rigging more difficult and increase public confidence in the electoral system in any state that implements it. Being able to see your vote listed in the appropriate place may also make elections feel more concrete and personal.

The system does create some new risks. Attackers might force voters to share their random string. If they did so, they could determine who an individual voted for: a worrisome prospect in situations where people could be threatened to vote in one way or another. Likewise, having confirmation that a vote went one way or the other could make vote-selling a bigger problem. With a standard ballot, there is no way to know whether a paid voter actually voted the way they were paid to vote. These additional risks should be borne in mind in the context of any particular election or state. In some cases, they could make the dangers of this approach outweigh its benefits. In most places, however, I suspect it would be beneficial and relatively inexpensive.

Some previous posts on electoral security:

Conditional support for our troops

Walking through the Rideau Centre yesterday, I came upon a cart selling t-shirts with various slogans on them. Beside the silly Che Guevara stuff was one shirt that caught my attention. In white letters on a red background it said “Support our Troops.” Under that were both a maple leaf and the flag of the United Nations.

It struck me as admirably post-nationalistic. We recognize the sacrifices made by members of the armed forces, but also that their conduct needs to be bounded by international law. While the sentiment is admirable, it sits uncomfortably with the reality of how ignorant most Canadians seem to be about what we are doing in Afghanistan. People really think we are mostly building bridges and distributing big bags of rice. The reality of the all-out war in which we are committed is very different.

That is not necessarily to say that we shouldn’t be fighting the Taliban along with our NATO allies; it is simply to highlight that Canadian governments manipulate the perception of Canada as a ‘peacekeeping nation’ to keep people from looking too closely at what our armed forces really do. The degree to which many people seem happy to continue to believe in the peacekeeping myth just because it makes them feel good is also problematic.

A few thoughts on climate justice

A couple of articles at Slate.com address the issue of ‘climate justice.’ This is, in essence, the question of how much mitigation different states are obliged to undertake, as well as what sort of other international transfers should take place in response to climate change. The issue is a tricky one for many reasons – most importantly because anthropogenic greenhouse gas emissions constitute a unique experiment that can only be conducted once. If we choose the wrong collection of policies, all future generations may face a profoundly different world from the one we inherited.

If we accept Stern’s estimate of a five gigatonne level for sustainable global emissions, that works out to about 760kg of carbon dioxide equivalent per person on Earth. Releasing just 36kg of methane would use up an entire year’s allotment, as would just 2.5kg of nitrous oxide. One cow produces about 150kg of methane per year. Right now, Canada’s per-capita emissions are about 24,300kg, when you take into account land use change. American emissions are about 22,900kg while those of India and China are about 1,800kg and 3,900 respectively. Because of deforestation, Belize emits a startling 93,900kg of CO2e per person.

The questions of fairness raised by the situation are profound:

Should states with shrinking populations be rewarded with higher per capita emissions allowances?
Should states with rising populations likewise be punished?
Should developing states be allowed to temporarily overshoot their fair present allotment, as developed states did in the past?
To what extent should rich states pay for emissions reductions in poor ones?
To what extent should rich states pay for climate change adaptation in the developing world?

It may well be that such questions are presently unanswerable, by virtue of the fact that answers that conform with basic notions of ethics clash fundamentally with the realities of economic and political power. We can only hope that those realities will shift before irreversible harmful change occurs. Remember, cutting from 24,600kg to 760kg per person just halts the increase in the atmospheric concentration of CO2. The level of change that will arise from any particular concentration remains uncertain.

Another vital consideration is how any system of international cooperation requires a relatively stable international system. While it is sometimes difficult to imagine countries like China and the United States voluntarily reducing emissions to the levels climatic stability requires on the basis of a negotiated international agreement, it is virtually impossible to imagine it in a world dominated by conflict or mass disruption. It is tragically plausible that the effects of climate change could destroy any chance of addressing it cooperatively, over the span of the next thirty to seventy years.

The eradication of smallpox

On this day in 1979, the World Health Organization certified that smallpox had been eliminated from the wild. It was probably the only intentional extinction in human history, and it was a considerable boon to the human race. The disease is an atrocious one, and it took a heavy toll across history. Notably, it caused much of the death associated with the arrival of Europeans in North America.

The extinction raises a number of questions. One is whether it will ever be repeated. We came close with polio. Very few people would mourn the elimination of tuberculosis, malaria, or AIDS. Worldwide eradication requires global coordination – something very hard to bring about when territories exist outside the control of any state. Think of the tribal areas bordering Pakistan and Afghanistan.

Another issue has to do with smallpox itself. It was horrifically destructive to the First Nations because they lacked any of the immunity conferred by prior exposure. Now, the whole world is in essentially the same boat. An intentional or accidental release of the weaponized smallpox produced by many states could thus cause of devastating global pandemic. It rather makes one wish we had never turned it into a weapon in the first place.

AXA lock flaw

In a situation somewhat similar to the bump key vulnerability, another serious mechanical lock flaw has been found, this one affecting a popular kind of Dutch bicycle lock.

I found this by means of an interesting blog about mechanical locks.

‘Green’ fuel for military jets

There has recently been a fair bit of media coverage discussing an announcement from the United States Air Force that they are trying to use 50% synthetic fuel by 2016. The Lede, a blog associated with the New York Times, seems to misunderstand the issue completely. They are citing this as an example of the Air Force “trying to be true stewards of the environment.” There is no reason for which synthetic fuels are necessarily more environmentally friendly than petroleum; indeed, those made from coal are significantly worse.

The actual fuel being used – dubbed JP-8 – is made from natural gas. Air Force officials say they eventually intend to make it from coal, given that the United States has abundant reserves. This inititative is about symbolically reducing dependence on petroleum imports, not about protecting the environment. The German and Japanese governments did the same thing during the Second World War, when their access to oil was restricted. Furthermore, it is worth stressing that efforts by militaries to be greener are virtually always going to be window dressing. The operation of armed forces is inevitably hugely environmentally destructive: from munitions factories to test ranges to the wanton fuel inefficiency of aircraft afterburners, the whole military complex is about as anti-green as you can get.

People should be unwilling to accept superficial claims that installing some solar panels and building hybrid tanks is going to change that.

Problems with government databases

By now, everyone has probably heard about the data loss debacle in the United Kingdom. The British government lost the child benefit records for 25 million people. These records include addresses, dates of birth, bank account information, and national insurance numbers. In total, 40% of the British population has been exposed to the risk of identity theft.

Obviously, this should never have happened. One government agency requested some anonymized data for statistical purposes. Instead, a different department sent them the whole dataset in an unencrypted format. Encrypting the discs would have made it nearly impossible for thieves to access the data; anonymizing the data would have made such theft unprofitable. The failure to do either is the height of idiocy, but it is probably what we need to expect from the civilian parts of government when it comes to data security. Security is hard; it requires clever people with good training, and it requires oversight to ensure that insiders are competent and not cheating. People who are naive and naturally helpful can always be exploited by attackers.

In response to this situation, two sets of things need to be done. The first is to correct the specific failures that cause this kind of problem: require encryption of sensitive documents in transit, limit who has access to such sensitive databases, and tighten the procedures surrounding their use. The second is to limit the amount of such data that is available to steal in the first place. That could involve using paper records instead of digital ones – making mass theft dramatically harder to accomplish. It may also involve not creating these kinds of huge databases, as useful as they may seem when working properly.

It is fair to say that there will always be people out there able to break into any information that a large number of civil servants have access to. This would be true even if all civil servants were capable and virtuous people, because a lot of the best computer talent is applied to breaking flawed security systems. Given that bureaucrats are human, and thus subject to greed and manipulation, the prospects for keeping a lid on government data are even worse. Acknowledging the realities of the world, as well as the principle of defence in depth, suggests that limiting the volume of data collected and held by all governments is an appropriate response to the general security risks highlighted by this specific incident.

Cell phone eavesdropping

Analog cellular phones are absurdly vulnerable to eavesdropping. Anyone with a radio that can be tuned to the frequency used by a particular phone can listen to all calls being made, and anyone with a transmitter that would operate on that frequency can make calls that will be billed to the subscriber’s account. At a church sale while I was in elementary school, a friend of mine picked up a radio scanner capable of monitoring nearby cell calls for $20. Things improved with digital cell technology, notably the GSM standard common in Europe and the CDMA standard used in North America. As well as allowing more efficient usage of radio spectrum, the digital technologies made it such that someone with nothing more than a radio could no longer make or overhear calls.

GSM phones, the more common sort globally, employ a number of cryptographic features. The first is the use of a SIM card and a challenge-response protocol to authenticate the phone to the network. This ‘proves’ that calls are being made by the legitimate account holder and not by someone impersonating them. GSM can also utilize encryption between the phone and base station as a form of protection against interception.

Unfortunately, a design flaw in the GSM standards somewhat undermines the value of the latter. While the phone must prove to the network that it is authentic, no such thing is required in the other direction. As such, anyone with the resources and skill can build a machine that looks like a cell phone tower, from the perspective of a phone. The phone will then dutifully begin encrypting the conversation, though with the malicious man in the middle monitoring. The device impersonating a cell tower to the phone impersonates a phone to a real cell tower, allowing the person using the phone to make calls normally, ignorant of the fact that their communications are being monitored.

Of course, anyone who has access to the phone company’s network can do all this and more. This includes law enforcement personnel conducting legal surveillance with warrants. Unfortunately, it also includes potentially unscrupulous people working for the cell phone company and anyone with the capability to break into their networks.

SONAR and modern naval warfare

Arguably, submarines are the greatest threat to a modern carrier battle group. Aircraft can be detected at long range using over the horizon RADAR and picket ships. Subs generally need to be located using SONAR, though magnetic anomaly detection can sometimes locate them as well.

Warm surface waters are separated from the chilly bulk of the ocean by a layer called the themocline. The fact that this layer reflects sound makes SONAR based detection across it highly challenging: especially when the contact is something as quiet as a modern hunter-killer submarine. It is possible to use active sonar (the pinging thing from movies), but the sound produced by such systems reveals your position to others for a distance ten times greater than the effective detection range of the device. It also horribly damages the ears of whales, especially when used at crazy amplitudes like 250 decibels.

One way to deal with the thermocline problem while still using undetectable passive SONAR is to use a towed variable depth sonar array. For a ship, that would be pulled along beneath the thermocline. For a sub, it would probably be deployed above the layer. Another approach is to exploit convergence zones. Because of the nature of water under pressure, sound gets reflected off the ocean floor and back to the surface at intervals of 61 km. Sounds originating in one place can thus be best detected at points forming concentric circles.

Problems with SONAR are much worse in shallow waters, where high levels of noise from animals, waves, and tide noise make passive SONAR pretty useless. As such, modern navies avoid such waters as much as possible and behave as though they have already been detected by enemy forces whenever forced to operate within them.

The Bottom Billion

Paul Collier‘s slim and informative volume is true to my recollection of the man from Oxford. The Bottom Billion: Why the Poorest Countries are Failing and What Can Be Done About It is engaging, concise, and powerfully argued. It is also unsparing in its criticism. Collier explains that the ‘developing world’ consists of two groups of states: those experiencing sustained growth and thus seeing their standard of living converging with those in the rich world and those that are ‘stuck’ in poverty, with stagnant growth or absolute decline.

Poverty traps

The ‘stuck’ states – where the world’s poorest billion inhabitants are concentrated – are trapped in one of four ways: by conflict, natural resources, being landlocked with bad neighbours, and by bad governance. States can be trapped in more than one simultaneously and, even when they escape, there are systemic reasons for which they are unusually likely to fall back into one. The discussion of the traps is particularly informative because of how quantitative methods have been used in support of anecdotal arguments.

Not only are ‘bottom billion’ states unusually likely to suffer from conflict, corruption, and similar problems, but some of the most important paths to growth used by states that have already escaped poverty are closed to them. To grow through the export of manufactured goods, you need both low wages and economies of scale. Even if wages in Ghana are lower than those in China, China has the infrastructure and the attention of investors. The presence of export-driven Asian economies makes it harder for ‘bottom billion’ states to get on a path to development.

Solutions

Collier’s proposed solutions include aid, military intervention, changes to domestic and international laws and norms, and changes to trade policy. Much of it is familiar to those who have followed development debates: the problems with agricultural tariffs, the way aid is often used to serve domestic interests rather than poverty reduction, corruption within extractive industries, and the like. His most interesting ideas are the five international ‘charters’ he proposes. These would establish norms of best practice in relation to natural resource revenues, democracy, budget transparency, postconflict situations, and investment. Examining them in detail exceeds what can be written here, but it is fair to say that his suggestions are novel and well argued. He also proposes that ‘bottom billion’ states should see import tariffs in rich states immediately removed for their benefit. This is meant to give them a chance of getting onto the path of manufacture-led growth, despite the current advantages of fast-growing Asian states. His idea that states that meet standards of transparency and democracy should be given international guarantees against being overthrown in coups is also a novel and interesting one.

Position in the development debate

Collier’s book is partly a response to Jeffrey Sachs’ much discussed The End of Poverty: Economic Possibilities for Our Time. Sachs pays much more attention to disease and has more faith in the power of foreign aid, but the two analyses are not really contradictory. Together, they help to define a debate that should be raging within the international development community.

Collier’s treatment is surprisingly comprehensive for such a modest volume, covering everything from coups to domestic capital flight in 200 pages. The approach taken is very quantitatively oriented, backing up assertions through the use of statistical methods that are described but not comprehensively laid out. Those wanting to really evaluate his methodology should read the papers cited in an appendix. Several are linked on his website.

Environmental issues

Environmental issues receive scant attention in this analysis. When mentioned, they are mostly derided as distractions from the real task of poverty reduction. It is fair enough to say that environmental sustainability is less of a priority than alleviating extreme poverty within these states. That said, the environment is one area where his assertion that the poverty in some parts of the world is not the product of the affluence in others is most dubious. It is likely to become even more so in the near future, not least because of water scarcity and climate change.

Climate change receives only a single, peripheral mention. This is probably appropriate. Surely, the effects of climate change will make it harder to escape the traps that Collier describes. That doesn’t really change his analysis of them or the validity of his prescriptions. The best bet for very poor states is to grow to the point where they have a greater capacity to adapt and will be less vulnerable to whatever the future will bring.