“The Environment: A Cleaner, Safer, Healthier America”

Milan Ilnyckyj on the Alexandra Bridge, Ottawa

A book I am reading at present – Joseph Romm‘s Hell and High Water – drew my attention to an essay on climate change written by Frank Luntz, a political consultant who worked to oppose the regulation of greenhouse gasses.

The leaked memo, entitled “The Environment: A Cleaner, Safer, Healthier America,” provides a glimpse into the strategies of climate delayers that is both informative and chilling:

“The scientific debate is closing [against us] but not yet closed. There is still a window of opportunity to challenge the science…

Voters believe that there is no consensus about global warming within the scientific community. Should the public come to believe that the scientific issues are settled, their views about global warming will change accordingly…

Therefore, you need to continue to make the lack of scientific certainty a primary issue in the debate.”

The cynicism of it all is astounding. To see something as vital as climate change treated as a superficial, partisan rhetorical battle is extremely dispiriting.

The actual document is also oddly unavailable online. I had to use the Wayback Machine to find a PDF of the original leaked document. I am hosting it on my own server to aid people in locating it in the future. Clearly, I cannot vouch for its veracity personally. That said, articles in The Guardian and on George Monbiot’s site accept the document as genuine.

Telecom immunity and the rule of law

Black lagoon pinball machine

A recent article in Slate discusses how legal policy in the United States should be fixed in the post-Bush era. There are many things in it with which I wholeheartedly disagree. Perhaps the most egregious case is in relation to providing immunity to telecom firms that carried out illegal wiretaps for the administration. Jack Goldsmith argues:

Private-industry cooperation with government is vital to finding and tracking terrorists. If telecoms are punished for their good-faith reliance on executive-branch representations, they will not help the government except when clearly compelled to do so by law. Only full immunity, including retroactive immunity, will guarantee full cooperation.

I think the bigger danger here is providing a precedent that firms can break the law when asked by the administration, then bailed out afterwards. Only fear of prosecution is likely to make firms obey the law in the first place. Providing immunity would invalidate the concept of the rule of law, and open the door to more illegal actions carried out by the executive branch. “Full cooperation” is precisely what we do not want to encourage.

If government wants to intercept the communication of private individuals, it must be a policy adopted through the due course of law. People need to know what it involves (though not necessarily the details of exactly how it works), who supported it, and how those supporters justified the choice. Greater security from terrorism at the cost of a more opaque and lawless state is not a good tradeoff. Company bosses should fear that they will be the ones in the dock when evidence emerges of their engaging in criminal acts, regardless of who asked them to do so. The alternative is more dangerous than the plots that warrantless wiretapping sought to foil.

Impersonate Germany’s interior minister

Wolfgang Schauble, Germany’s interior minister and a big fan of fingerprint-based security, is getting a personal experience with limitations in the technology. A German hacker group called Chaos Computer Club has gotten hold of his fingerprint and distributed 4,000 plastic copies along with issues of Die Datenschleuder magazine.

This highlights several major weaknesses in such technology. These include the fact that the readers can be manipulated: either physically or electronically. They also include the fact that a biometric token can never be revoked. Unlike locks and passwords, which can be replaced once they are known, a person’s fingerprints and retinal scans basically cannot be changed.

I have written about problems with biometric security before.

Green energy ‘war’

5 on a fence

A new blog written by a former California energy commissioner chooses to discuss the fight against climate change as a ‘war.’ At one level, this reflects the silly American tendency to discuss non-military problems using military language: the War on Drugs, the War on Poverty, etc. At another, the choice reflects the serious disjoint between what most people have publicly accepted about climate change and what the problem really involves.

The public consensus seems to be: climate change is happening and it will have some bad effects. Technology and consumer choices will probably deal with it. Hybrids and fluorescent lights for all! Some of the big issues missed in this viewpoint are:

  • Stabilizing greenhouse gas concentrations is a massive undertaking. It requires deep cuts (50-95%) in emissions from all countries, rich and poor alike.
  • Time is of the essence. Stabilizing at an atmospheric concentration likely to avoid catastrophic impacts probably requires global emissions to peak within the next ten years and fall dramatically within the next forty.
  • Once concentrations are stabilized, continued effort and restraint will be required to maintain that. Human emissions will need to be kept in balance with natural absorption of carbon dioxide forever.
  • Abrupt or runaway climate change could completely undermine the basis for the global economy. Potentially, it could even make the planet uninhabitable for human beings for thousands or millions of years.

Referring to the situation as a war does have some potential benefits. People expect sacrifice and the suspension of normal ways of operating during wartime. The lower quality of light from fluorescent bulbs seems less significant when the future of humanity is at stake; the same goes for bans on short-haul flights or inefficient cars. At the same time, there are huge problems with the war analogy. Wars end. While it is possible that we will eventually have such excellent zero-emission technology that the world’s coal reserves and tropical forests will not tempt us, that seems a distant prospect.

What this underscores is the degree to which climate change is a challenge of an altogether new and different type for humanity. It’s one that our previous ideas about collective action, the ethics of an individual in society, and the cooperation of sovereign entities need to grow to accommodate. While the seriousness and focus sometimes applied to warfare will surely be required, the metaphor probably ultimately distorts more than it clarifies.

Rainbow tables

Transit archway

I have previously written about one-way hash functions and their importance for cryptography. Recapping briefly, hash functions take some data (a password, a picture, a file, etc) and pass it through a mathematical algorithm. This produces an output with two special features. First, it should be very difficult to find two pieces of data that produce the same output (collisions). Second, it should be very difficult to work backwards from the hashed version to the original. By ‘very difficult,’ I mean ‘challenging for a government with cryptoanalysts and millions of dollars worth of hardware.

Rainbow tables are a novel way of reversing hash functions. Basically, these consist of massive databases of hash and plaintext data. Rather than trying to calculate back from the hash you have to the password you want, you can use the hash in combination with the latter to get the password quite quickly. Since many applications and operating systems use hashed passwords to increase security, having access to rainbow tables could make them significantly easier to compromise.

This is just another example of how math-based security is constantly challenged by evolving technology and falling prices. Being able to afford enough storage for rainbow tables alters the security of hash functions generally. MC Frontalot definitely had it right when he argued that: “You can’t hide secrets from the future with math.”

PS. As with slugs, the best defence against rainbow tables probably consists of using salt.

Vozrozhdeniya Island

Fire escape

One disturbing consequence of the shrinking Aral Sea is that Vozrozhdeniya Island is now connected to the mainland. Between 1948 and 1991, the island was home to a secret Soviet biological weapons testing ground. Weaponized agents tested include anthrax, tularemia, brucellosis, the black plague, typhus, smallpox, and botulism. Animals on whom tests were conducted include horses, monkeys, sheep, donkeys, and rats.

The Aral Sea has essentially vanished because the Amu and Syr Rivers were redirected by the USSR to irrigate rice and cotton fields. Hopefully, the new connection between the disease island and the Kazakh and Uzbek coasts will not permit organisms to escape on rats or fleas, or criminal or terrorist groups to gain access to infectious materials.

In 2002, a team from the American Defense Threat Reduction Agency eliminated between 100 and 200 tonnes of anthrax, over a three month period.

Two perspectives on air power and insurgency

These two articles provide contrasting views on the use of air power by coalition forces in insurgency situations, such as those in Afghanistan and Iraq:

The first is much more personal, written by a woman who spent months living with soldiers in the Afghan valley where the campaign is ongoing. It does a good job of capturing the chaos and violence being endured by coalition soldiers, as well as the psychological toll of doing so. The second is more removed and – unsurprisingly – more straightforwardly critical.

Both do a good job of setting up questions about how to ethically, legally, and effectively use air power when fighting insurgent wars. At the end, it’s pretty clear that no unproblematically ‘good’ answers to them exist.

Adding Dennis the Menace to the crime bank

Apparently, Scotland Yard wants schools to collect DNA samples from five year old children who “exhibit behaviour indicating they may become criminals in later life.” While there are plenty of reasons for opposing the Orwellian scheme, the more interesting implication is that the police think they can anticipate criminality in adulthood on the basis of the behaviour of five year olds. If so, to what extent can we consider a predisposition towards criminal behaviour to be a manifestation of an individual’s choices? The premise behind our justice system is that people generally commit crimes as an act of will, and it is the wilful disobedience of law that is being punished. If the police believe that crime can largely predicted on the basis of problematic behaviour beginning in childhood, it calls into question the overall validity of our concept of what crime and criminals are.

The Art of Intrusion

Ottawa war memorial

I bought Kevin Mitnick‘s book largely out of nostalgia for elementary school days involving 2600 Magazine and a phone system that still used in-band signaling. While it does demonstrate that computer hacking skills don’t translate brilliantly into writing ability, it is a quick and interesting read for security-inclined nerds.

The lesson for the general public is that decent security is very hard to achieve; there are just too many avenues of attack. When dealing with something as complex as a corporate or government network, there will virtually always be some obscure forgotten modem, some employee who can be tricked, some wireless signal that can be intercepted. Faced by opponents with sufficient time, resources, and risk aversion, pretty much any network is likely to fail.

Of course, that doesn’t mean we should throw up our hands and ignore security. It remains possible to stop many breaches, to notice the ones that happen, to limit the damage they do, and to improve our chances of catching those who pulled them off. For those whose business it is to do such things, the Mitnick book may provoke a bit of new thinking. For interested amateurs, it provides a decent glimpse into the real character of computer hacking: an activity apparently more akin to patient, precise occupations like archeology than to fast-paced daredevil stunts like those in Hackers or The Matrix. Overall, Bruce Schneier is more interesting and a better writer, but Mitnick has a lot more focus on (and perhaps more access into) the blackhat community.

Oyster cards cracked

A while ago, I posted on how the Mifare RFID system had been reverse-engineered. Now, it seems that the Oyster Cards used in the London Underground have been cracked. Painstaking microscope work and a weakness in the encryption algorithm employed were enough to compromise the system – allowing cards to be cloned and arbitrarily modified. Given how fares for one-way trips run from £4.80 (C$9.58) for Zone 1 and 2, off peak, to £11.30 (C$22.55) for Zones 2 – 8 + Watford Junction at peak time, you can be sure that there will soon be a lucrative underground market in cloned cards and passes.

It goes to show how when you are deploying such an expensive and extensive system, you cannot trust the vendor to simply provide secure products. Robust external evaluation is necessary. Furthermore, you had better be sure to design the system such that a problem that does emerge can be contained and acceptable cost. Hopefully, that will prove true of the London system.