Category: National

  • Wikileaks, First Amendment, Espionage, Information Security

    I’ve been having some lively discussions surrounding Wikileaks’ release of United States diplomatic cables on November 28, 2010. I seem to be confusing some people with my arguments and statements. I intend to clear this up.

    For the record:

    • I support Wikileaks’ publication of the diplomatic cables. However that information came into their hands, their right to release the content falls squarely under the First Amendment1 (either Freedom of the Press or Freedom of Speech, take your pick) in my opinion.
    • I support the Government’s right, as designated by Congress under various acts, to prosecute any illegal activity that led to Wikileaks’ possession of the cables.

    Those two positions are distinct, and not necessarily contradictory, which seems to be the main point of contention in my conversations. Yes, it’s possible that persons within Wikileaks have committed acts which may qualify as illegal under our various espionage and security laws. But those persons and Wikileaks still remain separate.

    The devil is in the details, of course, and I have a sneaking suspicion that the details will be worked out in the courts for next several years. I’m a firm believer in our system of government so I have faith that things will work out for the best.

    I should add a further stipulation, though:

    • I do not support the government if it uses its position as big dog to suppress the release of information that, while embarrassing, may serve to better educate those of us in the Republic that pay attention and want to make informed decisions.

    The information is out. It is now ours, John and Jane Q. Public’s, to deal with and ingest. If the government doesn’t like that, it should have done a better job of hanging on to it. Advocating for Wikileaks to be designated a Terrorist Organization is not upholding the fundamentals our country was founded upon.

    This will Happen Again

    This incident may have marked a turning point for the government. This may be the final wakeup call that information security isn’t what it used to be. The revelation of these internal memos of the State Department are going to embarrass us internationally and there will be plenty of spadework by Secretary Clinton and whoever her successor ends up being2. The wakeup call, however, isn’t that the information needs to be secured even more tightly, until it screams and bleeds, but for it to be managed in a manner that allows for the balance of maximum security along with maximum utility3 acknowledging all the while that in the information era, this type of leak is impossible to prevent.

    I am not a government employee. I’ve never been in the military. I do not work in a high-security environment. I make these statements to display the breadth of my ignorance on how the government likely treats its classified and secret information on a day to day basis. I do know that secure communications are the foundation of any activity, be it governmental work, military action, or just chatting about your mother in law. However, the Wikileaks posting isn’t about communications so much as archival storage, access controls and trust.

    I don’t see how it’s possible to prevent the type of action that led to the release of the Afghan and Iraq war diaries as well as these diplomatic cables. The size of the releases strongly argues that whoever was responsible4 had access to a large database where these documents could be acquired. This wasn’t some random whistleblower who sent a stolen company memo to the newspaper; this was a person with access and means. If the person had been higher in the chain of responsibility and the government has similar controls and databases for its top secret and other communications, who knows what we’d be seeing right now.

    This is Hard to Prevent

    As I alluded to above, about the balance between security and utility, the easiest way to make sure that no unauthorized person gets access to these types of documents is to ensure that no one has access. That’s not practical of course. We send our diplomats far foreign to liaise with their counterparts and to report back to the government. Without the reports coming back and being read by the decision makers, there’s not much point in sending them in the first place. We aren’t in the grand age of sail anymore where diplomats often had plenipotentiary powers because of the time gap in communications. Today’s diplomats are hooked into the central government 24/7 and communiqués need to flow for useful decisions to be made.

    All of the communications could be encrypted, of course, but then the problem of access control rears its head. Who, precisely, gets to send and receive the messages? How are they stored and accessed? Encryption alone wouldn’t have prevented the release of the cables because the alleged leaker probably had the access required. Encryption and database management will help prevent outside agencies from taking the communications, but it seems we’re doing all right on that front already.

    An important point to remember is that while “encryption” is a nice buzzword, it’s not useful in a lot of applications. Last year there was a big flap in the media about the Taliban in Afghanistan being able to access the unencrypted video feed from Predator drones flying missions. This was a big yawn because that sort of real-time tactical information is of strictly limited utility to the adversary and the effort required to secure it is well in excess of the possible harm that could come of someone listening in. Encryption has costs, too. Some of them are excessive.

    It’s Within Your Power to Secure Your Email Communications

    If this stuff makes you a bit paranoid about people reading your emails and letters, good! It’s always good practice to envision what people would think if they received a copy of the email you are writing. The rule of thumb when I was in college was: “What would you think if this were printed on the front page of the newspaper.” This rule has changed a bit for me after I received my Professional Engineer’s license to: “What would you think if this were read into evidence in a court of law.” Those rules are excellent ones to follow but we can’t use them to rule our lives or else we’ll never have electronic communications that are candid and frank. You know, the ones that actually get to the point and get things done. Fortunately or unfortunately, electronic communications are becoming an important (perhaps key) part of our interpersonal and interbusiness relationships now, email being the prime means.

    Of course, email is one of the most unsecured communication methods that exist. There are numerous ways to tap into your email stream, the easiest of which is to steal your computer. Even if you maintain everything in the cloud, numerous servers process and copy (and archive) the emails that go through them. All of this is retrievable through legal and illegal means.

    I advocate that we all should encrypt our day to day emails5, especially between parties where disclosure of that information would lead to embarrassment, lawsuits, or worse. I’ve written about this in the past and even have a tutorial on how I went about it. If you want to exchange secure emails with me, it’s not difficult. Just click through the link and learn. I regularly apply an electronic signature to my emails7, which doesn’t do anything for security per se, but you can be sure that the email is from me, or from someone in possession of my passphrase. It’s only one more step, on your end, for you to receive encrypted emails from me, and to send them in return. Then we can discuss Aunt Gladys without worrying about Nephew Jim reading the emails while we’re stupefied on thanksgiving turkey.

    None of this prevents the legal system from requiring you to give up your passphrase and disclose those encrypted emails—subpoenas are a pain that way—but it will prevent unauthorized disclosure of information that you wish to remain private and/or secret.6

    The End

    How do I wrap up this essay? I’ve opined in several directions. Perhaps dangerously so. I think we’ll just throw this out there and see what happens. Enjoy. My email is at the top of the blog page but it would be better to respond on this posting.


    1: In the United States alone, of course.
    2: Yes, I think there will be fallout for at least 6 years
    3: Easiest way to secure these cables would be to never send them, or even write them, but then they would not be very useful. The balance of security/utility is something that individual organizations/people have to work out.
    4: Allegedly a U.S. Soldier named Bradley Manning
    5: This is also good practice for avoiding suspicion if you ever need to start protecting your communications from someone. If you are being watched and suddenly all the emails you’re exchanging with your friend Bob are encrypted, there might be some suspicion that “something is going on”. If you encrypt all your communications as a matter of course, this information tidbit is removed.
    6: Hard drive encryption programs such as Truecrypt say that you can securely hide a portion of your hard drive in such a manner that you would be able to give up a passphrase to “an adversary” (in this case, I envision a subpoena) yet still maintain a separate encrypted area that contains your real information, with a different passphrase, undetected. There are arguments about whether or not that would work. If you’re really really paranoid or want to apparently comply with the court order yet still maintain secret information, I recommend checking it out.
    7: Which may have caused you to click through to this link because you received some odd text in a message from me.

  • Big Picture does Mount St. Helens

    I remember St. Helens. I did a science project in 3rd grade about it.

    I would love to see what this site looks like today, 30 years after the eruption.

  • Beloit College Mindset List

    The 2008 Beloit College Mindset list is up. If you’ve never heard of this, it’s a list of facts and bullet points about the “traditional student” (~age 18) who is beginning college this fall.

    For example:

    19 films have never been X rated, only NC-17.
    20 The Warsaw Pact is as hazy for them as the League of Nations was for their parents.

    and

    31 They have never been able to color a tree using a raw umber Crayola.
    32 There has always been Pearl Jam.

    It’s a great list. I suggest reading it entirely.

  • I-35W Bridge Collapse, Minneapolis

    If you look at any news feed in the US, whether it’s internet, cable, network, newspaper, whatever, I’m sure you’re aware of the bridge collapse in Minneapolis/St. Paul of the Interstate 35W bridge over the Mississippi river. At the moment, there is no report on a cause, and they are still recovering cars from the river this morning. I35W Bridge The Interstate bridge is the one on the left in this image (taken from Google Maps! thanks, Google) with eight lanes of traffic. I can’t find a reliable estimate on the daily traffic across this bridge; several sources note “between 100,000 and 200,000 vehicles per day” which is a bunch of crap. That’s such a huge range, it’s worthless. If I were forced to guess, I’d say the traffic on this bridge was around 150,000 vpd, but that is just a guess.

    Discounting the trauma of this incident, the impact upon traffic patterns between St.Paul and Minneapolis will be huge. Interstates are built to provide the maximum mobility (ability to move long distances at speed with high numbers of vehicles per lane per hour) while the roadway next to it in the image above will be designed to permit a great deal more access (ability to link to adjacent routes and properties) which cuts down on the number of vehicles that can traverse the roadway within a given amount of time. I’m glad I don’t live on that roadway right now, it has just doubled its traffic, at least.

    Once the recovery of vehicles and victims is complete, I will be interested to see how the Minnesota DOT handles the reconstruction of this bridge. There was a recent similar disaster on I-40 across the Arkansas river which killed 14 and closed I-40 for 2 months. That collapse was due to a barge collision with a bridge pier. From what I can see in the images at this website, I think there may be more involved with the reconstruction in this case, not helped by the location which is in the center of a large urban area. I doubt that the I-35W bridge was up to the current standards for bridge construction since it was constructed in 1967. Usually, putting together plans for a bridge such as this one would take at least a year, but MDOT does not have that sort of time.

    I don’t currently know where the reports are, but I seem to recall that of all the tens of thousands of bridges in the US, about 50% are considered structurally deficient like this one was. “Structurally Deficient” does not mean “In danger of imminent collapse” but it does mean that the bridge in question should be upgraded or replaced on an expedited basis. Unfortunately, given the state of transportation funding across the nation, many bridges on the deficient list are being ignored due to money constraints. Also, keep in mind that the list of deficient bridges includes every single bridge in the country, including those ancient log bridges on a dirt road in the boonies. The National Highway System is usually maintained in a better-than-average condition than county roads.

    More food for thought: The same list of deficient infrastructure includes dams and levees, which have a much greater chance of causing serious harm or death if they collapse.

  • More Suspicious Devices in Boston

    Another scurrilous bomb plot is foiled in Boston. This suspicious device was detonated by the Boston Police Department.
    A Traffic Counter is mistaken for a Bomb

    Here is the original story.

    Here is a video of it being detonated.

    Looks like I’m out of a job! Either that or we’ll have to navigate through new layers of bureacratic oversight before placing traffic counters. At the moment, there are none, generally, and traffic counting firms can place counters wherever they want. This leads to quick turnaround times for needed information, which is good! Now, I forsee three-month waiting periods and police escorts for the people placing the counters.

    Woo hoo. I love living in a post 9-11 world.

  • Know Your Neighbors

    Befriend your neighbors or something like this might happen to you.

    This man was dead for a year before he was discovered. That’s just wrong.

  • Eating FrankenCows

    The FDA has released its draft assesment of the safety of cloned animals entering the human food supply. They are inviting public comment for the next 90 (89, today) days.

    I don’t intend to read this thing, but I will skim it. If only to see what people are concerned about. How can an animal that is born from a mother-animal, grow, eat, and evetually die, be unsafe when it comes to eating it? That’s not a rhetorical question. What are the risks? I’m very curious.

  • Requeim for a Civil Defense Logo

    The Old and New American civil defense (emergency management) logos

    FEMA et al have released a brand new logo to replace the old Civil Defense logo initially adopted in 1939.

    Quoting the NY Times:

    The CD insignia, which the association called “a relic from the cold war,” was eulogized by Richard Grefé, the executive director of the American Institute of Graphic Arts.

    “The old mark fits in the same category of simplicity and impact occupied by the London Underground map,” Mr. Grefé said.

    I must be missing a historical allusion. Is a map of the London Underground a simple and impactful object?

    Please, if I’m missing what this means, inform me…