Precaution and bats

The ‘precautionary principle’ is frequently invoked in arguments about both security and the environment, but remains enduringly controversial. No matter how it is formulated, it has to do with probabilities and thresholds for action. Sometimes, it is taken to mean that there need not be proof that something is harmful before it is restricted: for instance, in the case of genetically modified foods. Sometimes, it is taken to mean that there need not be proof that something be beneficiail before it is done: for example, with organic foods. Sometimes, it has to do with who gets the benefit of the doubt, in the face of inconclusive or inadequate scientific data.

This article from Orion Magazine provides some interesting discussion of how it pertains to health threats generally, with an anecdote about rabid bats as an illustrative example.

I am not sure if there is all that much of a take home message – other than that people behave inconsistently when presented with risks that might seem similar in simple cost-benefit terms – but the article is an interesting one.

Peering into metal with muons

When cosmic rays collide with molecules in the upper atmosphere, they produce particles called muons. About 10,000 of these strike every square metre of the earth’s surface each minute. These particles are able to penetrate several tens of metres through most materials, but are scattered to an unusual extent by atoms that include large numbers of protons in their nuclei. Since this includes uranium and plutonium, muons could have valuable security applications.

Muon tomography is a form of imaging that can be used to pick out fissile materials, even when they are embedded in dense masses. For instance, a tunnel sized scanner could examine entire semi trucks or shipping containers in a short time. Such tunnels would be lined with gas-filled tubes, each containing a thin wire capable of detecting muons on the basis of a characteristic ionization trail. It is estimated that scans would take 20-60 seconds, and less time for vehicles and objects of a known configuration.

Muons have also been used in more peaceful applications: such as looking for undiscovered chambers in the Pyramids of Giza and examining the interior of Mount Asama Yama, in Japan.

APEC joke motorcade

By now, most people will have heard about the prank pulled off at APEC by the Australian television show The Chaser’s War on Everything. In short, they managed to get a fake motorcade of black cars with Canadian flags on them through two checkpoints and within ten metres of the hotel where President Bush was saying – all this during the heaviest security Sydney has ever seen, and while a man dressed as Osama bin Laden was in one of the cars. Previously, they managed to convince various film studios and embassies in Australia to allow them to bring a huge wooden horse into their secure compounds. Naturally, it was full of sword wielding men in silly period costumes. They also have a series of sketches where men dressed as stereotypical tourists manage to wander into all manner of secure areas, while people in traditional Arab garb get stopped within minutes.

All told, I think this prank is pretty funny. It also demonstrates how a bunch of circling helicopters and huge steel fences aren’t much good for security when the people you hire are muppets and the procedures you employ are half-baked. The fake passes that got them through both the ‘Green Zone’ and more secure ‘Red Zone’ checkpoints are hilarious.

Web abuse

Rideau Canal

Spam is terribly frustrating stuff, partly because of how it is inconvenient and partly because of how it is a cancer that wrecks good things. (See previous: 1, 2, 3) The ideal internet is a place of free and honest communication. Spammers create the need for extensive defenses and scrutiny which take time to maintain and diminish that openness and spontaneity.

If you think the spam in your email inbox is bad, just consider yourself lucky that you do not also have to deal with comment and trackback spam on two blogs, a wiki, YouTube videos, and a half dozen secondary places. There are even phony marketing bots on Facebook now: keep your eyes peeled for ‘Christine Qian’ and ‘her’ ilk.

In the end, while decentralized approaches to spam management are time consuming and annoying, they are probably better than centralized systems would be. With the latter, there is always the danger of the wholesale manipulation and censorship of what is able to find its way online, or be transmitted across the web.

A closer look at the War Museum controversy

Still pondering the controversy about the display in the Canadian War Museum, I decided to go have a look at it first-hand. On the basis of what I saw, I am even more convinced that the display is fair and balanced, and that it should not be altered in response to pressure from veterans.

Here, you can see the panel in question in its immediate surroundings:

An Enduring Controversy, and surroundings

This is one small part of a large area discussing the air component of the Second World War. A shot with a narrower field of view shows the controversial panel itself more clearly:

Enduring Controversy

Here is a large close-up shot of the panel text. Nearby, a more prominent panel stresses the deaths of Canadian aircrew and the degree to which aerial bombing “damaged essential elements of the German war effort.” This alternative panel is located right at the entrance to this section of the museum.

If anyone wishes to comment to the museum staff, I recommend emailing or calling Dr. Victor Rabinovitch, the President and CEO. His contact information, along with that of other members of the museum directorate, is available on this page.

Random numbers

Truly random numbers are hard to find, as patterns tend to abound everywhere. This is problematic, because there are times when a completely random string of digits is necessary: whether you are choosing the winner of a raffle or generating the one-time pad that secures the line from the White House to the Kremlin.

Using random radio crackle, random.org promises to deliver random data in a number of convenient formats (though one should be naturally skeptical about the security of such services). Another page, by Jon Callas, provides further information on why random numbers are both necessary and surprisingly tricky to get.

This comic amusingly highlights another aspect of the issue.

Encrypting personal communication

Statue outside the National Archives

Personal use of encrypted communication is yet another example of so-called ‘network effects.’ (These have been mentioned previously: 1, 2, 3.) The basic idea is that the more widespread certain technologies become, the more useful they are to everyone using them. The most commonly cited examples are telephones and fax machines; back when only a few people had them, they had limited utility. You would need alternative channels of communication and you would waste time deciding which one to use and exchanging instructions about that with other parties. Once telephones became ubiquitous, each one was a lot more powerful and convenient. The same can be said for email addresses.

Good free software exists that allows the encryption of emails at a level where it would challenge major organizations to read them. While this may not protect an individual message that falls under scrutiny, it changes the dynamic of the whole system. It is no longer possible to filter every email passing along a fibre-optic cable for certain keywords, for instance. You would need to crack every one of them first.

Making the transition to the routine use of encryption, however, requires more effort than the adoption of telephones or email. While those technologies were more convenient than their predecessors, encryption adds a layer of difficulty to communication. You need to have the required software, key pairs generated, and passphrases. It is possible to make mistakes and encrypt things such that you can never access them again.

As such, there is a double barrier to the adoption of widespread communication encryption: people must deal with the added difficulties involved in communicating in this way and with the problem that hardly anyone uses such systems now. If there is nobody out there with whom you can exchange PGP encrypted messages, you aren’t too likely to bother with acquiring and using the software. It is entirely possible that those two constraints will prevent widespread adoption for the foreseeable future.

One nice exception to this rule is Skype. Users may not know it, but calls made over Skype are transmitted in encryption form, very considerably increasing the difficulty of intercepting them. The fact that users do not know this is happening greatly increases the level of usage (you cannot avoid using it). While such systems may well not be as secure as explicit encryption efforts undertaken by senders and recipients, they may be a useful way to increase overall adoption of privacy technology. Such ‘invisible encryption’ could also be usefully incorporated into stores of personal data, such as the contents of GMail accounts.

PS. For anyone who decides to give PGP a try, my public key is available here.

Footprints all over the web – Google Web History

Red brick facade and fire escapes

When I am online, I usually have at least one Google service open. At home, I usually have a Google Mail window open at all times, as well as Google Calendar. At work, it is only the latter. What I didn’t know until today is that whenever you are logged into your Google account, Google is tracking your web usage through a system called Web History. Accessing the system allows you to ‘pause’ the recording and even delete what is already there. While the listings disappear from your screen, there is good reason to doubt whether they vanish from Google’s records.

It is common knowledge that Google saves every search query that gets input into it, and does so in a way that can be linked to an individual computer. The web history service, however, has more troubling implications. Whether you are at work, at home, or at an internet cafe, you just need to be logged into any Google service for it to be operating. Since more than one computer can be logged into a Google account at once, and there is no indication on either machine that this is happening, anybody who gets your password can monitor your web usage, as well as your email and any other Google services you use. Given how common keyloggers have become, this should worry people.

One very helpful feature Google could implement would be the option to show when and where you last logged into your account. That way, if someone has been peeking at your email from London while you have been in Seattle, you know that it may be time to change your password. Also desirable, but much less likely to happen, would be a requirement that services like GMail store your information as an encrypted archive. Even if the encryption was based on your password and a relatively weak cipher, it would make it impractical for either Google or malicious agents with access to their information storage systems to undertake the wholesale mining of the information therein.

The final reason for which this is concerning has to do with cooperation between companies and governments. It is widely rumoured that companies including Microsoft and Yahoo have helped the Chinese government to track down and prosecute dissidents, by turning over electronic records held outside China. Given the increasingly bold snooping of both democratic and authoritarian governments, a few more layers of durable protection built into the system would be prudent and encouraging.