Category: International

  • Wikileaks, First Amendment, Espionage, Information Security

    I’ve been having some lively discussions surrounding Wikileaks’ release of United States diplomatic cables on November 28, 2010. I seem to be confusing some people with my arguments and statements. I intend to clear this up.

    For the record:

    • I support Wikileaks’ publication of the diplomatic cables. However that information came into their hands, their right to release the content falls squarely under the First Amendment1 (either Freedom of the Press or Freedom of Speech, take your pick) in my opinion.
    • I support the Government’s right, as designated by Congress under various acts, to prosecute any illegal activity that led to Wikileaks’ possession of the cables.

    Those two positions are distinct, and not necessarily contradictory, which seems to be the main point of contention in my conversations. Yes, it’s possible that persons within Wikileaks have committed acts which may qualify as illegal under our various espionage and security laws. But those persons and Wikileaks still remain separate.

    The devil is in the details, of course, and I have a sneaking suspicion that the details will be worked out in the courts for next several years. I’m a firm believer in our system of government so I have faith that things will work out for the best.

    I should add a further stipulation, though:

    • I do not support the government if it uses its position as big dog to suppress the release of information that, while embarrassing, may serve to better educate those of us in the Republic that pay attention and want to make informed decisions.

    The information is out. It is now ours, John and Jane Q. Public’s, to deal with and ingest. If the government doesn’t like that, it should have done a better job of hanging on to it. Advocating for Wikileaks to be designated a Terrorist Organization is not upholding the fundamentals our country was founded upon.

    This will Happen Again

    This incident may have marked a turning point for the government. This may be the final wakeup call that information security isn’t what it used to be. The revelation of these internal memos of the State Department are going to embarrass us internationally and there will be plenty of spadework by Secretary Clinton and whoever her successor ends up being2. The wakeup call, however, isn’t that the information needs to be secured even more tightly, until it screams and bleeds, but for it to be managed in a manner that allows for the balance of maximum security along with maximum utility3 acknowledging all the while that in the information era, this type of leak is impossible to prevent.

    I am not a government employee. I’ve never been in the military. I do not work in a high-security environment. I make these statements to display the breadth of my ignorance on how the government likely treats its classified and secret information on a day to day basis. I do know that secure communications are the foundation of any activity, be it governmental work, military action, or just chatting about your mother in law. However, the Wikileaks posting isn’t about communications so much as archival storage, access controls and trust.

    I don’t see how it’s possible to prevent the type of action that led to the release of the Afghan and Iraq war diaries as well as these diplomatic cables. The size of the releases strongly argues that whoever was responsible4 had access to a large database where these documents could be acquired. This wasn’t some random whistleblower who sent a stolen company memo to the newspaper; this was a person with access and means. If the person had been higher in the chain of responsibility and the government has similar controls and databases for its top secret and other communications, who knows what we’d be seeing right now.

    This is Hard to Prevent

    As I alluded to above, about the balance between security and utility, the easiest way to make sure that no unauthorized person gets access to these types of documents is to ensure that no one has access. That’s not practical of course. We send our diplomats far foreign to liaise with their counterparts and to report back to the government. Without the reports coming back and being read by the decision makers, there’s not much point in sending them in the first place. We aren’t in the grand age of sail anymore where diplomats often had plenipotentiary powers because of the time gap in communications. Today’s diplomats are hooked into the central government 24/7 and communiqués need to flow for useful decisions to be made.

    All of the communications could be encrypted, of course, but then the problem of access control rears its head. Who, precisely, gets to send and receive the messages? How are they stored and accessed? Encryption alone wouldn’t have prevented the release of the cables because the alleged leaker probably had the access required. Encryption and database management will help prevent outside agencies from taking the communications, but it seems we’re doing all right on that front already.

    An important point to remember is that while “encryption” is a nice buzzword, it’s not useful in a lot of applications. Last year there was a big flap in the media about the Taliban in Afghanistan being able to access the unencrypted video feed from Predator drones flying missions. This was a big yawn because that sort of real-time tactical information is of strictly limited utility to the adversary and the effort required to secure it is well in excess of the possible harm that could come of someone listening in. Encryption has costs, too. Some of them are excessive.

    It’s Within Your Power to Secure Your Email Communications

    If this stuff makes you a bit paranoid about people reading your emails and letters, good! It’s always good practice to envision what people would think if they received a copy of the email you are writing. The rule of thumb when I was in college was: “What would you think if this were printed on the front page of the newspaper.” This rule has changed a bit for me after I received my Professional Engineer’s license to: “What would you think if this were read into evidence in a court of law.” Those rules are excellent ones to follow but we can’t use them to rule our lives or else we’ll never have electronic communications that are candid and frank. You know, the ones that actually get to the point and get things done. Fortunately or unfortunately, electronic communications are becoming an important (perhaps key) part of our interpersonal and interbusiness relationships now, email being the prime means.

    Of course, email is one of the most unsecured communication methods that exist. There are numerous ways to tap into your email stream, the easiest of which is to steal your computer. Even if you maintain everything in the cloud, numerous servers process and copy (and archive) the emails that go through them. All of this is retrievable through legal and illegal means.

    I advocate that we all should encrypt our day to day emails5, especially between parties where disclosure of that information would lead to embarrassment, lawsuits, or worse. I’ve written about this in the past and even have a tutorial on how I went about it. If you want to exchange secure emails with me, it’s not difficult. Just click through the link and learn. I regularly apply an electronic signature to my emails7, which doesn’t do anything for security per se, but you can be sure that the email is from me, or from someone in possession of my passphrase. It’s only one more step, on your end, for you to receive encrypted emails from me, and to send them in return. Then we can discuss Aunt Gladys without worrying about Nephew Jim reading the emails while we’re stupefied on thanksgiving turkey.

    None of this prevents the legal system from requiring you to give up your passphrase and disclose those encrypted emails—subpoenas are a pain that way—but it will prevent unauthorized disclosure of information that you wish to remain private and/or secret.6

    The End

    How do I wrap up this essay? I’ve opined in several directions. Perhaps dangerously so. I think we’ll just throw this out there and see what happens. Enjoy. My email is at the top of the blog page but it would be better to respond on this posting.


    1: In the United States alone, of course.
    2: Yes, I think there will be fallout for at least 6 years
    3: Easiest way to secure these cables would be to never send them, or even write them, but then they would not be very useful. The balance of security/utility is something that individual organizations/people have to work out.
    4: Allegedly a U.S. Soldier named Bradley Manning
    5: This is also good practice for avoiding suspicion if you ever need to start protecting your communications from someone. If you are being watched and suddenly all the emails you’re exchanging with your friend Bob are encrypted, there might be some suspicion that “something is going on”. If you encrypt all your communications as a matter of course, this information tidbit is removed.
    6: Hard drive encryption programs such as Truecrypt say that you can securely hide a portion of your hard drive in such a manner that you would be able to give up a passphrase to “an adversary” (in this case, I envision a subpoena) yet still maintain a separate encrypted area that contains your real information, with a different passphrase, undetected. There are arguments about whether or not that would work. If you’re really really paranoid or want to apparently comply with the court order yet still maintain secret information, I recommend checking it out.
    7: Which may have caused you to click through to this link because you received some odd text in a message from me.

  • Coke Going Down?

    Two volunteers at a British Alternative Film cinema are replacing the familiar taste of Coca Cola with a home-grown variety.

    They object to Coke’s business practices so they don’t serve the beverage, however people keep asking for it. They’ve spent two years trying to work out a substitute.

    Read all about it. Go them!

  • Atomic Vacation

    Today is the anniversary of the first combat use of a nuclear weapon. Hiroshima, Japan was destroyed by “Little Boy”, a gun-method uranium weapon with an approximate yield of 12 kilotons of TNT (for comparison, the largest weapon ever detonated was a 50 megaton hydrogen fusion weapon, 4,000 times greater). As an event to remember, it’s definitely of mixed emotion. On the one hand, it helped to end World War II quicker, and with fewer casualties; on the other hand, it was a horrific incident that caused humongous suffering amongst the population. It can be (and has been) argued that although the use of two atomic weapons on Japan was devastating in their individual explosive yields and lasting after-effects, the suffering and devastation caused by all of the conventional bombing and fire-bombing during the war was much higher. I’m not going to choose a side on this one. I’d have to study it a lot more.

    One of the things I regret not doing while I lived in Texas was to visit the Trinity Site, the location of the first test of an atomic weapon. It is located on the grounds of White Sands Missile Range, and is therefore not open to the public except for two days a year: the first Saturdays of October and April. Whatever your opinions regarding nuclear weapons, the location is significant historically, militarily, and from an engineering standpoint.

    A while back, a person from League City, Texas, chronicled his radioactive vacation. It’s worth the read.

  • Ziggurat Con! Support the Troops!

    There will be a game con in Iraq. It will be attended by military personnel and civilian contractors. They need stuff.

    I haven’t yet figured the easiest way to contribute, but don’t let that stop you! Go to the link above and help out.

  • Internet to the Rescue!

    A man watches his house being burglarized from across the globe. Alerts police. Laughs hysterically…

    Gacked from Back 80 Loop.

  • Driving without Regulation!

    Gacked from Matt Rosenberg’s Geography Blog is a story of traffic regulation by non-regulation.

    Basically it boils down to this: There are too many signs on the roads and most are not seen, respected, or understood by drivers*. It would be safer to remove all regulatory signs from the roadways and allow drivers to navigate under looser constraints.

    The theory says that if drivers need to pay more attention to where they are going, and how they will get there, they will process more stimuli than if they depend on striping and signage. This should lead to fewer collisions due to heightened awareness. So far, according to the linked article, it seems to be working in some european locations.

    But wait! Transportation isn’t only about safety. If you wanted to be perfectly safe on the road, you’d stay home and never enter your vehicle. To quote the Texas Department of Transportation’s mission statement, they invest in “providing safe, effective and efficient movement of people and goods.” Transportation is necessary for commerce, and the amount of commerce is directly related to the amount of “stuff” that gets moved around. Providing an unregulated driving environment may reduce collisions (it has) but it will probably also reduce the amount of stuff that can be moved through that unregulated zone.

    I don’t see this being some sort of panacea. Under certain circumstances it will work, I’m sure, but it must be carefully coordinated with community planning and with the design of the transportation network. High-speed, high-capacity routes like the interstate system in America, which are designed for high throughput “of people and goods” require specific regulation. Lower-speed, lower-capacity collectors and local roads would be much more appropriate for this experiment. Some sort of “small town America” would be ideal, but only if you don’t have a US 1 running through the center of town. Of course, if you live in a subdivision, you may already experience what is going on here. I’ve been in many with no stop signs or striping, merely the understanding that you’re not supposed to t-bone your neighbor at 50 mph on the way to work.

    Also, journalism as usual isn’t quite hitting the mark with what is written. I don’t think the linked story details the rules behind this no-rules approach. For example, the picture in the article shows Drachten, Netherlands, which is converting its remaining signalized intersections to roundabouts, which have very definitive rules of travel, if you want them to work correctly. Striping is key, and I don’t think people would take kindly to you going around backwards. The article also mentions that Drachten has scrapped “more than half” of their signs. Well, I could probably go out today and scrap 50% of the signs on the roads in Cobb County Georgia without affecting a single black-and-white regulatory sign. Pay attention on your next drive and see how many signs are littered along the roads. And don’t include the ones that are put up by private concerns, just the highway signs. There are hundreds, and it would be easy to get rid of a number of them immediately.

    Bottom line: There are many ways of doing things with respect to transportation infrastructure. No one solution works everywhere. The “waves and nods” approach might work in Drachten but it might be a disaster in Los Angeles, California. Careful consideration of the impacts a transportation project or initiative might have is necessary to avoid costly mistakes. Be involved in the transportation project development in your neck of the woods and you might push your muncipality/county/state into doing something a bt more in line with what your community wants.

    *This is FACT! If you don’t believe me, tell me what this sign means. OM3 Sign from Roadways in the US If you get it right (and I haven’t already told you and you’re not in the transportation field, I’ll give you a prize. Like your very own blog entry or something…) Many research studies have shown that drivers will ignore signs they feel are unnecessary, like absurdly low speed limits or unwarranted stop signs. Also, in dense environments with numerous regulatory signs, guidesigns, advertisements, roads, lane changes, pedestrians, and other stimuli needing the driver’s attention, the most important signs (such as STOP) are not necessarily the ones a driver will “see”. Unfamiliar drivers will tend to make late decisions in these areas, leading to inappropriate responses such as lane-crossing and sudden stops.

  • Day of Quotes

    I love reading news stories and finding some gem of a quote deep inside. For example, with respect to the French Goverment’s policy of selling various historical properties to reduce maintenance budgets and pay down the national debt: (gacked from the NY Times)

    Many investors buy with only a vague idea of how they will use the property, and the finance ministry says the government does not care.

    “They won’t have the right to destroy it, or paint it red, or build a tower in the garden,” said one official at the Ministry of Finance, who could not be named because of ministry rules. “But they can use it for a bordello as long as they obey zoning laws.”

    Zoning laws rule!