Open thread: ballistic missile defence

An episode involving missile defence* from the West Wing holds up very well today. The craggy old American chief of staff is in favour, out of fear of what rogue regimes might do to America. The British ambassador is opposed because it’s impractical, violates international law, and risks worsening the global nuclear weapons situation.

I can see why people like the idea of being able to stop a few missiles launched by North Korea or Iran, or by a rogue commander somewhere. At the same time, I think the dangers of a nuclear arms race make the development and deployment of such a system unwise, even if the major technological hurdles could be overcome. It’s the classic security dilemma: you build something meant to make you safer, potential opponents interpret it as making them less safe (by reducing the credibility of their deterrent) so they build expensive countermeasures. In the end, everyone has wasted money on the race and everyone ends up less safe. It could also tempt decision-makers into recklessness, based on false confidence that the system will nullify any response to their aggression.

We should be working to de-alert and dismantle the nuclear arsenals of the authorized nuclear powers under the Non-Proliferation Treaty. Against that backdrop, resisting proliferation to new nuclear states would be more plausible.

* I don’t mean defending things like aircraft carriers from ballistic missiles. I mean systems to protect domestically-located military facilities and population centres from ballistic missile attack, probably with nuclear weapons.

Ellsberg’s broad conclusion

Yet what seems to be beyond question is that any social system (not only ours) that has created and maintained a Doomsday Machine and has put the trigger to it, including first use of nuclear weapons, in the hands of one human being – anyone, not just this one man, still worse in the hands of an unknown number of persons – is in core aspects mad. Ours is such a system. We are in the grip of institutionalized madness.

Ellsberg, Daniel. The Doomsday Machine: Confessions of a Nuclear War Planner. Bloomsbury; New York. 2017. p. 332 (italics in original)

AI + social networks + unscrupulous actors

Charlie Stross’s talk at the 34th Chaos Communications Congress highlights risks associated with artificial intelligence technologies in combination with factors like geolocation, the engineering of content online to produce emotional responses, and people with malicious objectives from manipulating elections to harassing women seeking abortions.

It’s worth watching, and starting to think about what sort of regulatory and technological barriers might be erected to such abuse.

Google’s Advanced Protection: no support for old mobile devices

Google has warned me that: “We believe that attackers backed by certain states may be attempting to compromise your account or computer”. There’s a good chance this is because of the Stratfor hack, though it may also be for anti-pipeline/activism related reasons.

For a couple of years now, I have been using the two-factor authentication (2FA) option they offer, in which you need to enter your password as well as a rapidly-changing passcode from a smartphone app in order to access your account. I also keep a close eye on the access logs they provide under “Last account activity” and “Details” at the bottom of the GMail screen. Having 2FA turned on means someone with just your password cannot access your account. This is valuable for many reasons. If you recycle passwords between different accounts, a breach in one place might spread to another. Attackers may also use phishing (setting up a real-looking login page and tricking you into entering your login credentials) to steal a password.

Since the security of my Google account is so important, I bought two physical access tokens and joined their free Advanced Protection Program. Now to login I need my password and one of the keys. It also adds other security enhancements, like a more complex process for recovering an account which you have been locked out from. The keys aren’t Google-specific, so I may eventually be able to use them to authenticate myself to other important accounts as well.

Advanced Protection has already involved some headaches. I generally prefer Firefox because of its open source community and because it seems to have the most extensions for blocking ads, controlling which scripts run on websites, and protecting privacy. With Advanced Protection, I can now only use Google services through Chrome.

Even more of a hassle is that Google Calendar no longer works on the Apple-made Calendar app on my iPhone and iPad. I can’t even use the Google Calendar app because my iPhone is too old to run a version of iOS new enough to be supported. On my iPad, I installed the Smart Lock app which is meant to log me into the GMail, Google Calendar, and YouTube apps. Unfortunately, it produces only an endless loop. A login window comes up, I enter my username and password, I authenticate using the Bluetooth token and… it kicks me right back to entering my username. It’s a fairly old iPad and not running the newest iOS either, so perhaps that’s the problem.

Calendar sharing across devices including my phone is pretty essential for me, but I also want to do everything possible to protect my GMail account. For that reason, I have switched to Apple’s iCloud calendar-sharing system, which works on both my Macs, my iPhone, and my iPad. Maybe when my ancient iPhone 4 finally dies and I replace it with something that runs a modern version of iOS I will be able to get Smart Lock to work.

Modern board games

Here are a couple of interesting journalistic accounts of complex modern board games:

They both emphasize games that seek to accurately model military conflicts, particularly “A Distant Plain“, which is about the post-2001 intervention in Afghanistan.

A few years ago, I tried to convince the student government (Lionel Massey Fund, or LMF) at Massey College into buying a game called “Persian Incursion” which sought to model an Israeli attack against the Iranian nuclear weapons program. They rejected the proposal as too expensive and controversial. It would be interesting to try a game like this sometime, but no board game café where I have asked yet has carried them.

Pullman on authoritarianism and eroded democracy

Along with The Good Man Jesus and the Scoundrel Christ, Phillip Pullman’s essay “Malevolent voices that despise our freedoms” must be one of his most radical pieces of writing. It corresponds to his general concern about lack of oversight over powerful institutions and speaks out powerfully against the authoritarianism that can arise in parallel with public fear:

And the new laws whisper:

We do not want to hear you talking about truth

Truth is a friend of yours, not a friend of ours

We have a better friend called hearsay, who is a witness we can always rely on

We do not want to hear you talking about innocence

Innocent means guilty of things not yet done

We do not want to hear you talking about the right to silence

You need to be told what silence means: it means guilt

We do not want to hear you talking about justice

Justice is whatever we want to do to you

And nothing else

One early passage in his new novel La Belle Sauvage evokes a similar theme:

She tried to keep a steady pace. She had nothing to fear from the police, or from any other agency, except like every other citizen she had everything to fear. They could lock her up with no warrant and keep her there with no charge; the old act of habeus corpus had been set aside, with little protest from those in Parliament who were supposed to look after English liberty, and now one heard tales of secret arrests and imprisonment without trial, and there was no way of finding out whether the rumors were true. (p. 153–4)

Authors like Pullman and Margaret Atwood play a valuable societal role in drawing attention to such dangers: that fear will drive us to hand over control to unaccountable entities and that a drift toward dystopia is possible. Among all the dangers we face, we mustn’t forget the nightmares the state is capable of imposing.


Pros and cons of Google’s advanced protection

I see enormous appeal in Google’s new advanced protection system for accounts. It requires a physical token to access your account, adds further screening of attachments, and has a much tougher account recovery process for anybody who legitimately loses access to their own account. It augments the security provided by their two-factor smartphone app by reducing the risk of someone using an attack against your phone as a way to steal the second factor.

Two problems are keeping me from signing up right away. First, it requires that you buy a Bluetooth token as well as a USB token. I much prefer to avoid wireless communications if possible, and I don’t want a delicate device that needs regular battery charging to carry around. The two tokens together cost about $50, and as an extra pain the Bluetooth token seems to be a pair to order via Amazon in Canada. Second, it forces you to access your account through Google’s Chrome browser, which seems unnecessarily restrictive and monopolistic.

Responding to violence intelligently

The often-excellent NPR Planet Money podcast (which ran an earlier episode about “Freeway” Rick) had two notably engaging recent segments.

One included an interesting account of the data-analysis-decision-action cycle in intelligence work, specifically when deciding if an assailant is an enemy counterintelligence agent or drug-addled mugger.

The other discussed policy and incentive problems in the area of kidnapping and ransom, including Canada’s supposed policy of not paying ransoms and prohibiting families from doing so.

Each is well worth a listen.

Fourth rule of the internet

A somewhat obvious rule of internet security to add to the first three:

  1. Against a sophisticated attacker, nothing connected to the internet is secure.
  2. Everything is internet now.
  3. You should probably worry more about being attacked online by your own government than by any other organization.
  4. Sensitive data about you is largely on the computers of other people who care little about your security.

Equifax is getting lots of attention right now, but consider also Deloitte, Adobe, Stratfor, Blizzard, LinkedIn, DropBox, Ashley Madison,, Snapchat, Adult Friend Finder, Patreon, Forbes, Yahoo, and countless others.

As Bruce Schneier points out, the only plausible path to reduce such breaches is for governments to make them far more painful and costly for corporations.