Emergent Chaos
The Washington Times reports that the State Department is going to be producing "passport cards" for people who regular travel by car or boat to/from Canada, Mexico and Carribean.
About the size of a credit card, the electronic-passport card displays a photo of the user and a radio frequency identification (RFID) chip containing data about the user. The State Department announced recently that it will begin producing the cards next month and issue the first ones in July.
That's right RFID just like booklet style passports. Only it won't be encrypted and it won't be shielded. It will even be "vicinity" aka long range RFID, so the very intent is to read them from a distance. While the card isn't supposed to have any personal information on it, it will link back to a database that does contain personal information. I for one don't have a lot of confidence that that database can be kept properly secure.
Security specialists told The Washington Times that the electronic-passport card can be copied or altered easily by removing the photograph with solvent and replacing it with one from an unauthorized user.
And if that wasn't bad enough only about 10% of border sites will actually have readers:
Kelly Klundt, a spokeswoman for U.S. Customs and Border Protection, said the deployment of passport card readers to the largest and busiest 39 border-entry points was intended to expedite travel. The more than 300 remaining points of entry without passport card scanners are in remote locations, and officials will visually inspect passport cards at those entry points, she said.
Joel Lisker, a former FBI agent who spent 18 years countering credit-card fraud at MasterCard, said the new cards pose a serious threat to U.S. security. "There really is no security with these cards," he said.
So there you have it. Once again the government is engagins in security theater rather than actual security.
[Image from: http://www.uspasscard.com/]
Bookmark this post:
As part of its regular "risk management" service, which provides screening, tracing, and identity and background checks on potential clients or trading partners, MicroBilt will now offer a "watch list" service that checks these individuals against 63 different lists from 35 sources, including OFAC, the FBI, and Interpol, Bradley says. ("Companies May Be Held Liable for Deals With Terrorists, ID Thieves", DarkReading)I say more than 63 because some unknown number are secret. The poor souls who find themselves on these lists have, in essence, no recourse. Convincing 35 or more agencies that their presumption of your guilt is incorrect might, in theory, be possible. In reality, the agency has no reason to do anything but drag its feet: there are no penalties to them for declaring you guilty. In contrast, a failure to put your name on the list risks them not having prevented you from your future thoughtcrime.
But there's hope. And it's not in MicroBilt's stock price (MicroBilt is a subsidiary of First Advantage). Rather, it's in the courage of a judge, who ruled that any American who has been routinely detained because they are on a watch list knows that they are on a list, and thus the government's 'State Secrets' privilege isn't applicable:
since the government admits it has stopped the six men and two women more than 35 times, federal Magistrate Judge Sidney Schenkier of the United States Northern Illinois District Court dismissed that argument. Instead he found that the government "failed to establish that, under all the circumstances of this case, disclosure of that information would create a reasonable danger of jeopardizing national security." (" Court: Government Must Reveal Watch-List Status to Constantly Detained Americans," Wired's excellent 27B-6 Mk IIa blog)
Bookmark this post:
You see, the CIA apparently uses the less dangerous version of "waterboarding" -- not the Spanish Inquisition method, but the technqiue popularized by the French in Algeria, and by the Khmer Rouge -- involving the placing of a cloth or plastic wrap over or in the person's mouth, and pouring or dripping water onto the person's head. That's the civilized version of waterboarding -- the benign, anodyne, variant of the water treatment, the kind carefully administered by professionals. We would never dream of the barbaric practice of actually forcing the water into the nose and mouth.Go read "The Underdeveloped Jurisprudence of the Forcing/Pouring Distinction" and wonder how the next President is going to avoid prosecution.
Bookmark this post:
Al-Jazeera broadcast on Thursday an audiotape on which a voice identified as Osama bin Laden declares "Iraq is the perfect base to set up the jihad to liberate Palestine."So I'm wondering, have there been fake messages?The voice calls on "Muslims in neighboring countries" to "do their best in supporting their mujahedeen brothers in Iraq."
My understanding is that bin Laden's manner of speaking, his words and phraseology, are quite unusual and hard to capture. What's more, it doesn't make sense for his followers to fake messages from him. As a leader who inspires through his words, the authenticity of those words is very important. It doesn't jibe with my (admittedly limited) understanding to think that anyone would fake a message from him.
I understand that the intelligence community would like us to believe that they're on the verge of catching him, that he might be dead, and that he can't get messages out of his base in Pakistan's Waziristan region.
But why does the media play along? Is there a problem with fake messages, or an expectation that there might be?
Bookmark this post:
After weathering days of criticism from Germany over a spectacular tax evasion case, Liechtenstein — sometimes seen as the inspiration for the satirical novel from the 1950s about a tiny Alpine principality that declared war on the United States — is digging in for what may be a prolonged battle to defend its lucrative tradition of banking secrecy against what it views as attacks from a giant neighbor.Of course, Germany, and the other large nations would like to pretend this is about fraud, not competition for business. They'd like the smaller nations to harmonize their tax codes, and prevent the messy chaos of having to compete on their laws. Countries such as Liechtenstein offer alternatives, and act as a brake on the unfettered invasions of privacy that otherwise intrude on all our lives.
This isn't about Liechtenstein above all others, it's about diversity. It's about diversity in approaches to taxation leading to diversity of choices. It would be stereotyping to assert that the orderly Germans or the bureaucratic French don't like Liechtenstein solely because it's different. Really, it's because few governments have any appreciation of, or love for liberty.
Governments and their employees focus on their goals and their (always enlightened) rules. This isn't about Liechtenstein putting itself above others, but allowing people to put their own self-interest ahead of that of the functionaries and bureaucrats.
Some chaos emerges, and we think it's a fine thing.
Bookmark this post:
In a May, 2006 post entitled Codename: Miranda, I joked about having my grocery purchases linked to another Chicagoan due to poor schema design.
There, I joked about buying:
... granola, yogurt, hummus -- the healthy stuff which probably alerts Admiral Poindexter's Bayesian classifier to my fifth-column status.
Maybe this wasn't jocular after all, as a Congressional Quarterly article (referred to by Ryan Singel) reports:
Like Hansel and Gretel hoping to follow their bread crumbs out of the forest, the FBI sifted through customer data collected by San Francisco-area grocery stores in 2005 and 2006, hoping that sales records of Middle Eastern food would lead to Iranian terrorists.The idea was that a spike in, say, falafel sales, combined with other data, would lead to Iranian secret agents in the south San Francisco-San Jose area.
I hope Miranda is not in Gitmo as a result of my healthy eating habits.
Bookmark this post:
Privacy advocates obtained database records showing that the government routinely records the race of people pulled aside for extra screening as they enter the country, along with cursory answers given to U.S. border inspectors about their purpose in traveling. In one case, the records note Electronic Frontier Foundation co-founder John Gilmore's choice of reading material, and worry over the number of small flashlights he'd packed for the trip.In related lying news, last week it came out that Director of National Intelligence McConnell lied to the Senate about wiretaps.The breadth of the information obtained by the Gilmore-funded Identity Project (using a Privacy Act request) shows the government's screening program at the border is actually a "surveillance dragnet," according to the group's spokesman Bill Scannell.
"There is so much sensitive information in the documents that it is clear that Homeland Security is not playing straight with the American people," Scannell said. (Wired News, "U.S. Airport Screeners Are Watching What You Read.")
If this was a political blog, we'd analyze the trend. Since we're all about information security, and pirates I'll just say that in an environment where the security measures are unclear and scary, you can expect users to behave in strange ways.
Bookmark this post:
The FBI runs what they call "Fusion Centers" for intelligence sharing. There's a fascinating quote in the Washington Technology article, "Boeing to staff FBI Fusion Center:"
"As a police chief of the 19th largest city in the nation, and in possession of a top secret clearance, by law I cannot set foot unescorted in the National Counter Terrorism Center, let alone have direct access to even the most benign information," Kerlikowske said.So, dear FBI: Fusion requires critical mass, and it creates risks. If you re-design to eliminate all those risks, you end up without any chance of fusion.
Another little known fact about fusion: stuff goes in, stuff comes out. What you've got there is a black hole.
Via Global Guerrillas, "QUOTE: Security Dysfunction." Image from Western Washington University Planetarium.
Bookmark this post:
So reports Haft of the Spear, in "You'll Share and You'll Like It!"
The Homeland Security and Justice departments have spent $893 million on information-sharing networks in the last two years but still do not have effective networks in place, according to a report from the Government Accountability Office.Admittedly, there are more problems in sharing intelligence data than there are in sharing breach data. The fear of change runs deep, as does our unwillingness to give up control of the little bits of data we can see. It would be funny, if it wasn't so painful.
Bookmark this post:
On Dave Farber's list, Brock Meeks pointed us to a delightful Facebook Smackdown. Brock says,
What do Facebook, the CIA and your magazine subscription list have in common? Maybe more than you think...http://www.albumoftheday.com/facebook/
Trust me, it's worth the look.
And indeed it is worth looking at, along with Patrick Schitt's contribution of the background documentation.
I found the "smackdown" a refreshing antidote to much recent discussion about young adults and their attitudes about privacy. Perhaps some of it is hyperbolic; anyone associated with the Internet back in the days when it was the Arpanet has similar ties. But let's look at the larger issue.
Over the last year or so, there's been a theme going around the media about how kids today are much more comfortable with personal information out on the net. There have been dramatic news stories about it and I have had the privilege of seeing a few panels at universities about that subject amused by the walking oxymorons -- well-known privacy activists -- who participate.
The continued democratization of personal information is not an unalloyed desirable thing, but it also a fact of life. At lunch yesterday, I snorted something about how if you can't find the home address of anyone sitting at the table in less than five minutes, then your search-fu needs brushing up.
Many of those stories and discussions have had as an implicit or explicit theme that old people (those who got their first email address during, not after, the dot-com boom) can learn something from these young adults. However, young adults are well-known for risk-taking behavior. They get drunk, drive fast, take drugs, sleep around, put their hearing at risk, and do many other things that older people do not do (or don't do anymore). The mainstream media has credulously swallowed the notion that not caring about privacy is youthful wisdom rather than youthful indiscretion.
Many young adults wake up one morning with a pounding headache, fuzz on their tongue, a wretched feeling in the gut that they'll learn one day is acid reflux, the distressing feeling that they are not comfortable with the place nor manner in which they woke up, and the feeling that they may have done some things that it's perhaps better that they don't know they did. Over time, this leads to behavior modification.
When one is suffering from a hangover, one often says intemperate or hyperbolic things about that which got one in that state. Even if the Facebook Smackdown contains hyperbole, I view it as a Netizen Hangover.
Facebook has a privacy and information use policy that is skewed slightly to Facebook over its users. In a normal state of mind, one might respond to this with, "yeah, whatever" particularly if one is of an age that "yeah, whatever" is part of one's active vocabulary. If one has the unpleasant feeling that one has made a fool of oneself in public, the response might be, "ZOMGWTFPWNED!" Facebook also has investment connections that could get either the two previous responses.
This hangover plots some points and draws lines between them. During a hangover, one might forget that just because one can draw a line between two points, one isn't obligated to draw a line between them. Furthermore, when one does those little connect-the-dots puzzles, order is important; that's why they put numbers by the points.
As one holds one's coffee with both trembling hands while tending that hangover -- Facebook can do pretty much anything they want with all the information in it, and there are few degrees of separation between Facebook and the parts of the government that want to find bad guys through data mining, the thought that Facebook might get you on the no-fly-list doesn't sound unreasonable. It's easy to wonder between sips if one's internship will be in Gitmo. Are they mining Facebook to look for bad guys? Probably not. Could they? Sure.
Nonetheless, there are many lessons one learns as one gets older. Every generation learns something new that they have to carefully explain to their kids ("I'm not ashamed of what I did, but really, I recommend thinking twice or three times before doing what I did.") A cavalier attitude to privacy may end up on that list sooner than we think.
Bookmark this post:
...terrorism suspects from atypical backgrounds are becoming increasingly common in Western Europe. With new plots surfacing every month, police across Europe are arresting significant numbers of women, teenagers, white-skinned suspects and people baptized as Christians -- groups that in the past were considered among the least likely to embrace Islamic radicalism.So reports the Washington Post, in "Terrorists Proving Harder to Profile." Of course, this is unsurprising to anyone who's read "Who Becomes a Terrorist and Why."The demographics of those being arrested are so diverse that many European counterterrorism officials and analysts say they have given up trying to predict what sorts of people are most likely to become terrorists. Age, sex, ethnicity, education and economic status have become more and more irrelevant.
Those who haven't will simply demand more and more information, in the vain hopes that something useful will come out if you pour enough garbage in.
Photo: "Due," by Fotoharing, with no implications: it's simply a cool photo of a profile.
[Update: added a word, in italics, to that last sentence.]
Bookmark this post:
The Inspector General (IG), U.S. Department of Justice, has issued a report delineating audit findings identifying significant deficiencies in NSL recordkeeping and reporting processes. This determination is quite troubling and inexcusable.Troubling and inexcusable? Well, you'd expect me to disagree. More important is that FBI DIRECTOR Robert Mueller doesn't go that far. NPR said he accepted the findings were basically accurate, and the Washington Post reports in "Lawmakers Vow Hearings on FBI Errors:"
While acknowledging that the inspector general's report identified "serious problems," Mueller offered assurances that "the number of abuses is exceptionally small" compared to the overall number of national security letters, and he asserted that "no one has been damaged" by the shortcomings.So, Mueller says that the report identifies real problems. Lormel calls the report
And my liberties are damned well at risk when the FBI runs rampant, even if they don't happen to step on people's toes as they do it. Lormel's assertions that it's ok to break the law as long as no one is hurt don't hold water when the FBI is investigating criminals. They shouldn't hold water when it's the FBI breaking the law.
Update: The associated press report is headlined "Gonzales, Mueller Admit FBI Broke Law," and the the report is at "A Review of the Federal Bureau of Investigation’s Use of National Security Letters."
Update 2: changed 'it' to 'the report' for clarity.
Bookmark this post:
The New York Times has an article "U.S. Presents Evidence of Iranian Weapons in Iraq." It contains this gem:
They said that at least one shipment of E.F.P.’s was captured as it was being smuggled across the border from Iran into southern Iraq in 2005. The precise machining, the officials said, is another feature that links the weapons to Iran. “We have no evidence that this has ever been done in Iraq,” a senior United States military official said.Let's examine that. First, Iran is not known for its exports of precise machinery, the way, say, Germany, Switzerland, or Sweden are. Second, even if Iran were known for precision machining, so are other countries. The fact that precision machine work was done may demonstrate that, say, Syria wasn't involved. It doesn't demonstrate that Iran was involved. Finally, the absence of evidence is not evidence of absence. Iraq has long had strong weapons engineering. The country is clearly in anarchy. The fact that the US hasn't found evidence of something in Iraq is non-evidentiary.
The BBC has pictures they attribute to the US briefing. Do the Iranians use European numbers on their munitions? (European numbers are often called Arabic numerals, but that's a reference to the 0-9 and places, not the typographic symbols used. See the Wikipedia entry on Arabic numbers, which shows a distinct "Eastern Arabic-Indic" numbering system, subtitled "Persian and Urdu.") Which means that the numbers from Iran should perhaps read "٨١mm," and "٣-٢٠٠٦" respectively.
Scaling away from the details, two other points I'd like to make. First, I understand that Iran has been engaging in military action against the United States since the inception of the state, the kidnapping of US diplomats, to the Marine barraks bombing on through today. I think that we need a strategic response to Iranian belligerence. That no more means war than a strategic response to the Soviet Union meant war. Furhter, our conduct of the war in Iraq puts a high bar on thinking through what our response would entail and how it would result in better liklihood of a better outcome. However-and here's the second point-the utterly shoddy job done by US intelligence before the current mess in Iraq means that US intelligence must be held to a higher standard, and what's presented, at least as relayed by the New York Times, passes for prejudice and sloppy thinking, not intelligence work.
Bookmark this post:
Thanks to manfromlaramie for finding this.
Bookmark this post:
The NYT reports, "Rough Treatment for 2 Journalists in Pakistan" and indeed reporting is dangerous in countries where they do not respect the sort of basic rights we in the civilized world have championed for nigh 800 years.
However, a computer was seized, sources were roughed up and possibly jailed or killed:
Come on. You don't have crypto? You've never heard of PGP (to name the obvious famous one)? That's so easy to find I won't even paste in the link. I hope when you get a new laptop you'll consider protecting your sources.Since then it has become clear that intelligence agents copied data from our computers, notebooks and cellphones and have tracked down contacts and acquaintances in Quetta.
All the people I interviewed were subsequently visited by intelligence agents, and local journalists who helped me were later questioned by Pakistan’s intelligence service, the Inter-Services Intelligence.
Bookmark this post:
Robert Anton Wilson Defies Medical Experts and leaves his body @4:50 AM on binary date 01/11.All Hail Eris!
On behalf of his children and those who cared for him, deepest love and gratitude for the tremendous support and lovingness bestowed upon us.
(that's it from Bob's bedside at his fnord by the sea)
RAW Memorial February 07
date to be announced
There are too many reasons why RAW was important. One of the ones most relevant to this jazz combo is that in Illuminatus! he and Robert Shea concern themselves with the problem of loss of liberty in the face of terrorist threat. (And they even use those words.) One of the things they discuss as part of the plot is the unwitting alliance between the authorities and the terrorists. It is only because of the terrorists that repressive authority can make repression palatable. And the repression itself makes the terrorists more than mere whackos.
It's a roller-coaster ride of a book (meaning bumpy and thrilling), but every bit as important as We, Gravity's Rainbow, or Animal Farm.
Edit (11 Jan 2007, 17:57):
See also Quinn Norton's missive on 27B Stroke 6.
Bookmark this post:
The BBC reports that
Modern measuring methods proved that Liechtenstein's borders are 1.9km (1.2 miles) longer than previously thought.The border has been changed in some of the more remote corners of the mainly mountainous state, which has now grown in size by 0.5sq km (123 acres).
Black Unicorn tattoo by Monique's Euro Tattoo and Piercing Studio.
Bookmark this post:
It may seem hard to believe, but a nuclear-armed power has made peace with al-Qaeda. I know, with the Bush administration's stunning competence, as demonstrated in the aftermath of Katrina, in keeping gas below a dollar a gallon, in containing Iraq while keeping North Korea from getting nuclear weapons, it's hard to believe that they'd miss something important like a nuclear ally signing a peace treaty with the Taliban and Al-Qaeda.
Go read "Pakistan's Peace Deal with Terrorist Factions a Major Blow to U.S.," at the CounterTerrorism blog. Go read "Pakistan Cuts and Runs From Waziristan." When you're done, wonder which of the party faithful will be getting the Medal of Freedom for our stunning success in convincing al Qaeda to get a territorial base which we can bomb, just as soon as our military gets dis-entangled from Iraq.
Speaking of Iraq, see "Situation Called Dire in West Iraq" in the Washington Post, and Michael Froomkin's "Political Stalemate in the Iraq Endgame."
See also the Wikipedia articles on Waziristan and the recent troubles there.
Bookmark this post:
