Security & Intelligence

Exterminate

Ok, I’m slacking. The top 10 movies of 2007 will be posted this Sunday. In the mean time, I leave you with this anti-terrorism suggestion from Charlie Stross (and yes, I’m posting this a few months late, but it’s still funny):

The solution to protecting the London Underground from terrorist suicide bombers can be summed up in one word: Daleks. One Dalek per tube platform, behind a door at the end. Fit them with cameras and remote controls and run them from Ken Livingstone’s office. Any sign of terrorism on the platform? Whoosh! The doors open and the Dalek comes out, shrieking “exterminate!” in a demented rasp reminiscent of Michael Howard during his tenure as Home Secretary, only less merciful.

The British are trained from birth to know the two tactics for surviving a Dalek attack; run up the stairs (or escalator), or hide behind the sofa. There are no sofas in the underground, but there are plenty of escalators. Switch them to run upwards when the Dalek is out, and you can clear a platform in seconds.

Suicide bombers are by definition Un-British, and will therefore be unable to pass a citizenship test, much less deal with the Menace from Skaro.

Heh.

Link Dump

Various links for your enjoyment:

  • The Order of the Science Scouts of Exemplary Repute and Above Average Physique: Like the Boy Scouts, but for Scientists. Aside from the goofy name, they’ve got an ingenious and hilarious list of badges, including: The “my degree inadvertantly makes me competent in fixing household appliances” badge, The “I’ve touched human internal organs with my own hands” badge, The “has frozen stuff just to see what happens” badge (oh come one, who hasn’t done that?), The “I bet I know more computer languages than you, and I’m not afraid to talk about it” badge (well, I used to know a bunch), and of course, The “dodger of monkey shit” badge. (“One of our self explanatory badges.”). Sadly, I qualify for less of these than I’d like. Of course, I’m not a scientist, but still. I’m borderline on many though (for instance, the “I blog about science” badge requires that I maintain a blog where at least a quarter of the material is about science – I certainly blog about technology a lot, but explicitely science? Debateable, I guess.)
  • Dr. Ashen and Gizmodo Reviews The Gamespower 50 (YouTube): It’s a funny review of a crappy portable video game device, just watch it. The games on this thing are so bad (there’s actually one called “Grass Cutter,” which is exactly what you think it is – a game where you mow the lawn).
  • Count Chocula Vandalism on Wikipedia: Some guy came up with an absurdly comprehensive history for Count Chocula:

    Ernst Choukula was born the third child to Estonian landowers in the late autumn of 1873. His parents, Ivan and Brushken Choukula, were well-established traders of Baltic grain who– by the early twentieth century–had established a monopolistic hold on the export markets of Lithuania, Latvia and southern Finland. A clever child, Ernst advanced quickly through secondary schooling and, at the age of nineteen, was managing one of six Talinn-area farms, along with his father, and older brother, Grinsh. By twenty-four, he appeared in his first “barrelled cereal” endorsement, as the Choukula family debuted “Ernst Choukula’s Golden Wheat Muesli”, a packaged mix that was intended for horses, mules, and the hospital ridden. Belarussian immigrant silo-tenders started cutting the product with vodka, creating a crude mush-paste they called “gruhll” or “gruell,” and would eat the concoction each morning before work.

    It goes on like that for a while. That particular edit has been removed from the real article, but there appears to actually be quite a debate on the Talk page as to whether or not to mention it in the official article.

  • The Psychology of Security by Bruce Schneier: A long draft of an article that delves into psychological reasons we make the security tradeoffs that we do. Interesting stuff.
  • The Sagan Diary by John Scalzi (Audio Book): I’ve become a great fan of Scalzi’s fiction, and his latest work is available here as audio (a book is available too, but it appears to be a limited run). Since the book is essentially the diary of a woman, he got various female authors and friends to read a chapter. This actually makes for somewhat uneven listening, as some are great and others aren’t as great. Now that I think about it, this book probably won’t make sense if you haven’t read Old Man’s War and/or The Ghost Brigades. However, they’re both wonderful books of the military scifi school (maybe I’ll probably write a blog post or two about them in the near future).

Intellectual Property, Copyright and DRM

Roy over at 79Soul has started a series of posts dealing with Intellectual Property. His first post sets the stage with an overview of the situation, and he begins to explore some of the issues, starting with the definition of theft. I’m going to cover some of the same ground in this post, and then some other things which I assume Roy will cover in his later posts.

I think most people have an intuitive understanding of what intellectual property is, but it might be useful to start with a brief definition. Perhaps a good place to start would be Article 1, Section 8 of the U.S. Constitution:

To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries;

I started with this for a number of reasons. First, because I live in the U.S. and most of what follows deals with U.S. IP law. Second, because it’s actually a somewhat controversial stance. The fact that IP is only secured for “limited times” is the key. In England, for example, an author does not merely hold a copyright on their work, they have a Moral Right.

The moral right of the author is considered to be — according to the Berne convention — an inalienable human right. This is the same serious meaning of “inalienable” the Declaration of Independence uses: not only can’t these rights be forcibly stripped from you, you can’t even give them away. You can’t sell yourself into slavery; and neither can you (in Britain) give the right to be called the author of your writings to someone else.

The U.S. is different. It doesn’t grant an inalienable moral right of ownership; instead, it allows copyright. In other words, in the U.S., such works are considered property (i.e. it can be sold, traded, bartered, or given away). This represents a fundamental distinction that needs to be made: some systems emphasize individual rights and rewards, and other systems are more limited. When put that way, the U.S. system sounds pretty awful, except that it was designed for something different: our system was built to advance science and the “useful arts.” The U.S. system still rewards creators, but only as a means to an end. Copyright is granted so that there is an incentive to create. However, such protections are only granted for “limited Times.” This is because when a copyright is eternal, the system stagnates as protected peoples stifle competition (this need not be malicious). Copyright is thus limited so that when a work is no longer protected, it becomes freely available for everyone to use and to build upon. This is known as the public domain.

The end goal here is the advancement of society, and both protection and expiration are necessary parts of the mix. The balance between the two is important, and as Roy notes, one of the things that appears to have upset the balance is technology. This, of course, extends as far back as the printing press, records, cassettes, VHS, and other similar technologies, but more recently, a convergence between new compression techniques and increasing bandwidth of the internet created an issue. Most new recording technologies were greeted with concern, but physical limitations and costs generally put a cap on the amount of damage that could be done. With computers and large networks like the internet, such limitations became almost negligible. Digital copies of protected works became easy to copy and distribute on a very large scale.

The first major issue came up as a result of Napster, a peer-to-peer music sharing service that essentially promoted widespread copyright infringement. Lawsuits followed, and the original Napster service was shut down, only to be replaced by numerous decentralized peer-to-peer systems and darknets. This meant that no single entity could be sued for the copyright infringement that occurred on the network, but it resulted in a number of (probably ill-advised) lawsuits against regular folks (the anonymity of internet technology and state of recordkeeping being what it is, this sometimes leads to hilarious cases like when the RIAA sued a 79 year old guy who doesn’t even own a computer or know how to operate one).

Roy discusses the various arguments for or against this sort of file sharing, noting that the essential difference of opinion is the definition of the word “theft.” For my part, I think it’s pretty obvious that downloading something for free that you’d normally have to pay for is morally wrong. However, I can see some grey area. A few months ago, I pre-ordered Tool’s most recent album, 10,000 Days from Amazon. A friend who already had the album sent me a copy over the internet before I had actually recieved my copy of the CD. Does this count as theft? I would say no.

The concept of borrowing a Book, CD or DVD also seems pretty harmless to me, and I don’t have a moral problem with borrowing an electronic copy, then deleting it afterwords (or purchasing it, if I liked it enough), though I can see how such a practice represents a bit of a slippery slope and wouldn’t hold up in an honest debate (nor should it). It’s too easy to abuse such an argument, or to apply it in retrospect. I suppose there are arguments to be made with respect to making distinctions between benefits and harms, but I generally find those arguments unpersuasive (though perhaps interesting to consider).

There are some other issues that need to be discussed as well. The concept of Fair Use allows limited use of copyrighted material without requiring permission from the rights holders. For example, including a screenshot of a film in a movie review. You’re also allowed to parody copyrighted works, and in some instances make complete copies of a copyrighted work. There are rules pertaining to how much of the copyrighted work can be used and in what circumstances, but this is not the venue for such details. The point is that copyright is not absolute and consumers have rights as well.

Another topic that must be addressed is Digital Rights Management (DRM). This refers to a range of technologies used to combat digital copying of protected material. The goal of DRM is to use technology to automatically limit the abilities of a consumer who has purchased digital media. In some cases, this means that you won’t be able to play an optical disc on a certain device, in others it means you can only use the media a certain number of times (among other restrictions).

To be blunt, DRM sucks. For the most part, it benefits no one. It’s confusing, it basically amounts to treating legitimate customers like criminals while only barely (if that much) slowing down the piracy it purports to be thwarting, and it’s lead to numerous disasters and unintended consequences. Essential reading on this subject is this talk given to Microsoft by Cory Doctorow. It’s a long but well written and straightforward read that I can’t summarize briefly (please read the whole thing). Some details of his argument may be debateable, but as a whole, I find it quite compelling. Put simply, DRM doesn’t work and it’s bad for artists, businesses, and society as a whole.

Now, the IP industries that are pushing DRM are not that stupid. They know DRM is a fundamentally absurd proposition: the whole point of selling IP media is so that people can consume it. You can’t make a system that will prevent people from doing so, as the whole point of having the media in the first place is so that people can use it. The only way to perfectly secure a piece of digital media is to make it unusable (i.e. the only perfectly secure system is a perfectly useless one). That’s why DRM systems are broken so quickly. It’s not that the programmers are necessarily bad, it’s that the entire concept is fundamentally flawed. Again, the IP industries know this, which is why they pushed the Digital Millennium Copyright Act (DMCA). As with most laws, the DMCA is a complex beast, but what it boils down to is that no one is allowed to circumvent measures taken to protect copyright. Thus, even though the copy protection on DVDs is obscenely easy to bypass, it is illegal to do so. In theory, this might be fine. In practice, this law has extended far beyond what I’d consider reasonable and has also been heavily abused. For instance, some software companies have attempted to use the DMCA to prevent security researchers from exposing bugs in their software. The law is sometimes used to silence critics by threatening them with a lawsuit, even though no copright infringement was committed. The Chilling Effects project seems to be a good source for information regarding the DMCA and it’s various effects.

DRM combined with the DMCA can be stifling. A good example of how awful DRM is, and how DMCA can affect the situation is the Sony Rootkit Debacle. Boing Boing has a ridiculously comprehensive timeline of the entire fiasco. In short, Sony put DRM on certain CDs. The general idea was to prevent people from putting the CDs in their computer and ripping them to MP3s. To accomplish this, Sony surreptitiously installed software on customer’s computers (without their knowledge). A security researcher happened to notice this, and in researching the matter found that the Sony DRM had installed a rootkit that made the computer vulnerable to various attacks. Rootkits are black-hat cracker tools used to disguise the workings of their malicious software. Attempting to remove the rootkit broke the windows installation. Sony reacted slowly and poorly, releasing a service pack that supposedly removed the rootkit, but which actually opened up new security vulnerabilities. And it didn’t end there. Reading through the timeline is astounding (as a result, I tend to shy away from Sony these days). Though I don’t believe he was called on it, the security researcher who discovered these vulnerabilities was technically breaking the law, because the rootkit was intended to protect copyright.

A few months ago, my windows computer died and I decided to give linux a try. I wanted to see if I could get linux to do everything I needed it to do. As it turns out, I could, but not legally. Watching DVDs on linux is technically illegal, because I’m circumventing the copy protection on DVDs. Similar issues exist for other media formats. The details are complex, but in the end, it turns out that I’m not legally able to watch my legitimately purchased DVDs on my computer (I have since purchased a new computer that has an approved player installed). Similarly, if I were to purchase a song from the iTunes Music Store, it comes in a DRMed format. If I want to use that format on a portable device (let’s say my phone, which doesn’t support Apple’s DRM format), I’d have to convert it to a format that my portable device could understand, which would be illegal.

Which brings me to my next point, which is that DRM isn’t really about protecting copyright. I’ve already established that it doesn’t really accomplish that goal (and indeed, even works against many of the reasons copyright was put into place), so why is it still being pushed? One can only really speculate, but I’ll bet that part of the issue has to do with IP owners wanting to “undercut fair use and then create new revenue streams where there were previously none.” To continue an earlier example, if I buy a song from the iTunes music store and I want to put it on my non-Apple phone (not that I don’t want one of those), the music industry would just love it if I were forced to buy the song again, in a format that is readable by my phone. Of course, that format would be incompatible with other devices, so I’d have to purchase the song again if I wanted to listen to it on those devices. When put in those terms, it’s pretty easy to see why IP owners like DRM, and given the general person’s reaction to such a scheme, it’s also easy to see why IP owners are always careful to couch the debate in terms of piracy. This won’t last forever, but it could be a bumpy ride.

Interestingly enough, distributers of digital media like Apple and Yahoo have recently come out against DRM. For the most part, these are just symbolic gestures. Cynics will look at Steve Jobs’ Thoughts on Music and say that he’s just passing the buck. He knows customers don’t like or understand DRM, so he’s just making a calculated PR move by blaming it on the music industry. Personally, I can see that, but I also think it’s a very good thing. I find it encouraging that other distributers are following suit, and I also hope and believe this will lead to better things. Apple has proven that there is a large market for legally purchased music files on the internet, and other companies have even shown that selling DRM-free files yields higher sales. Indeed, the emusic service sells high quality, variable bit rate MP3 files without DRM, and it has established emusic as the #2 retailer of downloadable music behind the iTunes Music Store. Incidentally, this was not done for pure ideological reasons – it just made busines sense. As yet, these pronouncements are only symbolic, but now that online media distributers have established themselves as legitimate businesses, they have ammunition with which to challenge the IP holders. This won’t happen overnight, but I think the process has begun.

Last year, I purchased a computer game called Galactic Civilizations II (and posted about it several times). This game was notable to me (in addition to the fact that it’s a great game) in that it was the only game I’d purchased in years that featured no CD copy protection (i.e. DRM). As a result, when I bought a new computer, I experienced none of the usual fumbling for 16 digit CD Keys that I normally experience when trying to reinstall a game. Brad Wardell, the owner of the company that made the game, explained his thoughts on copy protection on his blog a while back:

I don’t want to make it out that I’m some sort of kumbaya guy. Piracy is a problem and it does cost sales. I just don’t think it’s as big of a problem as the game industry thinks it is. I also don’t think inconveniencing customers is the solution.

For him, it’s not that piracy isn’t an issue, it’s that it’s not worth imposing draconian copy protection measures that infuriate customers. The game sold much better than expected. I doubt this was because they didn’t use DRM, but I can guarantee one thing: People don’t buy games because they want DRM. However, this shows that you don’t need DRM to make a successful game.

The future isn’t all bright, though. Peter Gutmann’s excellent Cost Analysis of Windows Vista Content Protection provides a good example of how things could get considerably worse:

Windows Vista includes an extensive reworking of core OS elements in order to provide content protection for so-called “premium content”, typically HD data from Blu-Ray and HD-DVD sources. Providing this protection incurs considerable costs in terms of system performance, system stability, technical support overhead, and hardware and software cost. These issues affect not only users of Vista but the entire PC industry, since the effects of the protection measures extend to cover all hardware and software that will ever come into contact with Vista, even if it’s not used directly with Vista (for example hardware in a Macintosh computer or on a Linux server).

This is infuriating. In case you can’t tell, I’ve never liked DRM, but at least it could be avoided. I generally take articles like the one I’m referencing with a grain of salt, but if true, it means that the DRM in Vista is so oppressive that it will raise the price of hardware… And since Microsoft commands such a huge share of the market, hardware manufacturers have to comply, even though a some people (linux users, Mac users) don’t need the draconian hardware requirements. This is absurd. Microsoft should have enough clout to stand up to the media giants, there’s no reason the DRM in Vista has to be so invasive (or even exist at all). As Gutmann speculates in his cost analysis, some of the potential effects of this are particularly egregious, to the point where I can’t see consumers standing for it.

My previous post dealt with Web 2.0, and I posted a YouTube video that summarized how changing technology is going to force us to rethink a few things: copyright, authorship, identity, ethics, aesthetics, rhetorics, governance, privacy, commerce, love, family, ourselves. All of these are true. Earlier, I wrote that the purpose of copyright was to benefit society, and that protection and expiration were both essential. The balance between protection and expiration has been upset by technology. We need to rethink that balance. Indeed, many people smarter than I already have. The internet is replete with examples of people who have profited off of giving things away for free. Creative Commons allows you to share your content so that others can reuse and remix your content, but I don’t think it has been adopted to the extent that it should be.

To some people, reusing or remixing music, for example, is not a good thing. This is certainly worthy of a debate, and it is a discussion that needs to happen. Personally, I don’t mind it. For an example of why, watch this video detailing the history of the Amen Break. There are amazing things that can happen as a result of sharing, reusing and remixing, and that’s only a single example. The current copyright environment seems to stifle such creativity, not the least of which because copyright lasts so long (currently the life of the author plus 70 years). In a world where technology has enabled an entire generation to accellerate the creation and consumption of media, it seems foolish to lock up so much material for what could easily be over a century. Despite all that I’ve written, I have to admit that I don’t have a definitive answer. I’m sure I can come up with something that would work for me, but this is larger than me. We all need to rethink this, and many other things. Maybe that Web 2.0 thing can help.

Update: This post has mutated into a monster. Not only is it extremely long, but I reference several other long, detailed documents and even somewhere around 20-25 minutes of video. It’s a large subject, and I’m certainly no expert. Also, I generally like to take a little more time when posting something this large, but I figured getting a draft out there would be better than nothing. Updates may be made…

Update 2.15.07: Made some minor copy edits, and added a link to an Ars Technica article that I forgot to add yesterday.

Link Dump

I’ve been quite busy lately so once again it’s time to unleash the chain-smoking monkey research squad and share the results:

  • The Truth About Overselling!: Ever wonder how web hosting companies can offer obscene amounts of storage and bandwidth these days? It turns out that these web hosting companies are offering more than they actually have. Josh Jones of Dreamhost explains why this practice is popular and how they can get away with it (short answer – most people emphatically don’t use or need that much bandwidth).
  • Utterly fascinating pseudo-mystery on Metafilter. Someone got curious about a strange flash advertisement, and a whole slew of people started investigating, analyzing the flash file, plotting stuff on a map, etc… Reminded me a little of that whole Publius Enigma thing [via Chizumatic].
  • Weak security in our daily lives: “Right now, I am going to give you a sequence of minimal length that, when you enter it into a car’s numeric keypad, is guaranteed to unlock the doors of said car. It is exactly 3129 keypresses long, which should take you around 20 minutes to go through.” [via Schneier]
  • America’s Most Fonted: The 7 Worst Fonts: Fonts aren’t usually a topic of discussion here, but I thought it was funny that the Kaedrin logo (see upper left hand side of this page) uses the #7 worst font. But it’s only the logo and that’s ok… right? RIGHT?
  • Architecture is another topic rarely discussed here, but I thought that the new trend of secret rooms was interesting. [via Kottke]

That’s all for now. Things appear to be slowing down, so that will hopefully mean more time for blogging (i.e. less link dumpy type posts).

Travelling Link Dump

I’ll be on vacation this week, so Kaedrin compatriots Samael and DyRE will be posting in my stead, though they may not be able to post tomorrow. In any case, here are some links to chew on while I’m gone.

  • Bruce Schneier Facts: In the style of the infamous Chuck Norris Facts, some enterprising folks have come up with facts for security expert Bruce Schneier. “Bruce Schneier only smiles when he finds an unbreakable cryptosystem. Of course, Bruce Schneier never smiles.” and “There is an otherwise featureless big black computer in Ft. Meade that has a single dial with three settings: Off, Standby, and Schneier.” Heh, Cryptonerd humor.
  • Khaaan! [via the Ministry]
  • Neal Stephenson Q&A (.ram Real Video): I hate Real Player too, but it’s worth it to see the man in action. It’s from a few years ago, but it’s great stuff.
  • I Smell a Mash-Up: James Grimmelmann notes the irony of Weird Al Yankovic’s new song entitled Don’t Download This Song (available for free download, naturally) that parodies the RIAA’s anti-downloading efforts.
  • How to read: Nick Hornby tells us to read what we like:

    It’s set in stone, apparently: books must be hard work, otherwise they’re a waste of time. And so we grind our way through serious, and sometimes seriously dull, novels, or enormous biographies of political figures, and every time we do so, books come to seem a little more like a duty, and Pop Idol starts to look a little more attractive. Please, please, put it down.

    And please, please stop patronising those who are reading a book – The Da Vinci Code, maybe – because they are enjoying it.

    For a start, none of us knows what kind of an effort this represents for the individual reader. It could be his or her first full-length adult novel; it might be the book that finally reveals the purpose and joy of reading to someone who has hitherto been mystified by the attraction that books exert on others. And anyway, reading for enjoyment is what we should all be doing.

    …The regrettable thing about the culture war we still seem to be fighting is that it divides books into two camps, the trashy and the worthwhile. No one who is paid to talk about books for a living seems to be able to convey the message that this isn’t how it works, that ‘good’ books can provide every bit as much pleasure as ‘trashy’ ones.

That’s all from now. I hope everyone has a great week. I now leave you in the capable hands of the guest bloggers, Sam & DyRE….

Operation Solar Eagle

One of the major challenges faced in Iraq is electricity generation. Even before the war, neglect of an aging infrastructure forced scheduled blackouts. To compensate for the outages, Saddam distributed power to desired areas, while denying power to other areas. The war naturally worsened the situation (especially in the immediate aftermath, as there was no security at all), and the coalition and fledgling Iraqi government have been struggling to restore and upgrade power generation facilities since the end of major combat. Many improvements have been made, but attacks on the infrastructure have kept generation at or around pre-war levels for most areas (even if overall generation has increased, the equitable distribution of power means that some people are getting more than they used to, while others are not – ironic, isn’t it?).

Attacks on the infrastructure have presented a significant problem, especially because some members of the insurgency seem to be familiar enough with Iraq’s power network to attack key nodes, thus increasing the effects of their attacks. Consequently, security costs have gone through the roof. The ongoing disruption and inconsistency of power generation puts the new government under a lot of pressure. The inability to provide basic services like electricity delegitimizes the government and makes it more difficult to prevent future attacks and restore services.

When presented with this problem, my first thought was that solar power may actually help. There are many non-trivial problems with a solar power generation network, but Iraq’s security situation combined with lowered expectations and an already insufficient infrastructure does much to mitigate the shortcomings of solar power.

In America, solar power is usually passed over as a large scale power generation system, but things that are problems in America may not be so problematic in Iraq. What are the considerations?

  • Demand: One of the biggest problems with solar power is that it’s difficult to schedule power generation to meet demand (demand doesn’t go down when the sun does, nor does demand necessarily coincide with peak generation), and a lot of energy is wasted because there isn’t a reliable way to store energy (battery systems help, but they’re not perfect and they also drive up the costs). The irregularity in generation isn’t as bad as wind, but it is still somewhat irregular. In America, this is a deal breaker because we need power generation to match demand, so if we were to rely on solar power on a large scale, we’d have to make sure we have enough backup capacity running to make up for any shortfall (there’s much more to it than that, but that’s the high-level view). In Iraq, this isn’t as big of a deal. The irregularity of conventional generation due to attacks on infrastructure is at least comparable if not worse than solar irregularity. It’s also worth noting that it’s difficult to scale solar power to a point where it would make a difference in America, as we use truly mammoth amounts of energy. Iraq’s demands aren’t as high (both in terms of absolute power and geographic distribution), and thus solar doesn’t need to scale as much in Iraq.
  • Economics: Solar power requires a high initial capital investment, and also requires regular maintenance (which can be costly as well). In America, this is another dealbreaker, especially when coupled with the fact that its irregular nature requires backup capacity (which is wasteful and expensive as well). However, in Iraq, the cost of securing conventional power generation and transmission is also exceedingly high, and the prevalence of outages has cost billions in repairs and lost productivity. The decentralized nature of solar power thus becomes a major asset in Iraq, as solar power (if using batteries and if connected to the overall grid) can provide a seamless interruptible supply of electricity. Attacks on conventional systems won’t have quite the impact they once did, and attacks on the solar network won’t be anywhere near as effective (more on this below). Given the increased cost of conventional production (and securing that production) in Iraq, and given the resilience of such a decentralized system, solar power becomes much more viable despite its high initial expense. This is probably the most significant challenge to overcome in Iraq.
  • Security: There are potential gains, as well as new potential problems to be considered here. First, as mentioned in the economics section, a robust solar power system would help lessen the impact of attacks on conventional infrastructure, thus preventing expensive losses in productivity. Another hope here is that we will see a corresponding decrease in attacks (less effective attacks should become less desirable). Also, the decentralized nature of solar power means that attacks on the solar infrastructure are much more difficult. However, this does not mean that there is no danger. First, even if attacks on conventional infrastructure decrease, they probably won’t cease altogether (though, again, the solar network could help mitigate the effects of such attacks). And there is also a new problem that is introduced: theft. In Iraq’s struggling economy, theft of solar equipment is a major potential problem. Then again, once an area has solar power installed, individual homeowners and businesses won’t be likely to neglect their most reliable power supply. Any attacks on the system would actually be attacks on specific individuals or businesses, which would further alienate the population and decrease the attacker’s. However, this assumes that the network is already installed. Those who set up the network (most likely outsiders) will be particularly vulnerable during that time. Once installed, solar power is robust, but if terrorists attempt to prevent the installation (which seems likely, given that the terrorists seem to target many external companies operating in Iraq with the intention of forcing them to leave), that would certainly be a problem (at the very least, it would increase costs).
  • Other Benefits: If an installed solar power network helps deter attacks on power generation infrastructure, the success will cascade across several other vectors. A stable and resilient power network that draws from diverse energy sources will certainly help improve Iraq’s economic prospects. Greater energy independence and an improved national energy infrastructure will also lend legitimacy to the new Iraqi government, making it stronger and better able to respond to the challenges of rebuilding their country. If successful and widespread, it could become one of the largest solar power systems in the world, and much would be learned along the way. This knowledge would be useful for everyone, not just Iraqis. Obviously, there are also environmental benefits to such a system (and probably a lack of bureaucratic red-tape like environmental impact statements as well. Indeed, while NIMBY might be a problem in America, I doubt it would be a problem in Iraq, due to their current conditions).

In researching this issue, I came across a recent study prepared at the Naval Postgraduate School called Operation Solar Eagle. The report is excellent, and it considers most of the above, and much more (in far greater detail as well). Many of my claims above are essentially assumptions, but this report provides more concrete evidence. One suggestion they make with regard to the problem of theft is to use an RFID system to keep track of solar power equipment. Lots of other interesting stuff in there as well.

As shown above, there are obviously many challenges to completing such a project, most specifically with respect to economic feasibility, but it seems to me to be an interesting idea. I’m glad that there are others thinking about it as well, though at this point it would be really nice to see something a little more concrete (or at least an explanation as to why this wouldn’t work).

Encrypted Confessions

Bruce Schneier points to an AP story about a convicted child-molester and suspected murderer who used cryptography to secure his tell-all diary:

Joseph Duncan III is a computer expert who bragged online, days before authorities believe he killed three people in Idaho, about a tell-all journal that would not be accessed for decades, authorities say.

Duncan, 42, a convicted sex offender, figured technology would catch up in 30 years, “and then the world will know who I really was, and what I really did, and what I really thought,” he wrote May 13.

Schneier points out that such cases are often used by the government to illustrate the dangers of allowing regular people to encrypt data. “How can we allow people to use strong encryption, they ask, if it means not being able to convict monsters like Duncan?”

Schneier does a good job pointing out a few reasons why, but he dances around one of the most obvious: If Duncan thought the diary would be readable now, he never would have written it. His goal was a delayed release. He wanted to wait 30 years before the details of his confession were known. I guess it was an attempt to secure some sort of perverted legacy. But he never would have done so if he thought it would be released now (and used against him).

Encryption didn’t allow him to commit the crimes, nor did it allow him to cover up the crime, as the data was encrypted under the assumption that it could not be broken for 30 years (which seems to be to be an unwise assumption, but look who we’re talking about here). Indeed, since it is quite possible that the authorities will break the diary in the short term, you could even argue that encryption is actually helping the authorities prosecute the man (as he wouldn’t have written the diary in the first place if he knew it would be broken so quickly). Could the fact that he knew he could encrypt a confession contribute to his motivation for the crimes? I doubt it, but stranger things have happened.

All technology is a double edged sword: they have good and bad uses and they’re used by honest citizens and criminals alike. Except, as Schneier notes, the good usually outweighs the bad for almost all technologies.

Magic Security

In Harry Potter and the Half-Blood Prince, there are a number of new security measures suggested by the Ministry of Magic (as Voldemort and his army of Death Eaters have been running amuk). Some of them are common sense but some of them are much more questionable. Since I’ve also been reading prominent muggle and security expert Bruce Schneier’s book, Beyond Fear, I thought it might be fun to analyze one of the Ministry of Magic’s security measures according to Schneier’s 5 step process.

Here is the security measure I’ve chosen to evaluate, as shown on page 42 of my edition:

Agree on security questions with close friends and family, so as to detect Death Eaters masquerading as others by use of the Polyjuice Potion.

For those not in the know, Polyjuice Potion allows the drinker to assume the appearance of someone else, presumably someone you know. Certainly a dangerous attack. The proposed solution is a “security question”, set up in advance, so that you can verify the identity of the person in question.

  • Step 1: What assets are you trying to protect? The Ministry of Magic claims that it’s solution is to the problem of impersonation by way of the Polyjuice Potion. However, this security measure essentially boils down to a form of identification, so what we’re really trying to protect is an identity. The identity is, in itself, a security measure – for example, once verified, it could allow entrance to an otherwise restricted area.
  • Step 2: What are the risks to those assets? The risk is that someone could be impersonating a friend or family member (by using the aforementioned Polyjuice Potion) in an effort to gain entrance to a restricted area or otherwise gain the trust of a certain group of people. Unfortunately, the risk does not end there as the Ministry implies in its communication – it is also quite possible that an attacker could put your friend or family member under the Imperious Curse (a spell that grants the caster control of a victim). Because both the Polyjuice Potion and the Imperious Curse can be used to foil an identity based system, any proposed solution should account for both. It isn’t known how frequent such attacks are, but it is implied that both attacks are increasing in frequency.
  • Step 3: How well does the security solution mitigate those risks? Not very well. First, it is quite possible for an attacker to figure out the security questions and answers ahead of time. They could do so through simple research, or through direct observation and reconnaissance. Since the security questions need to be set up in the first place, it’s quite possible that an attacker could impersonate someone and set up the security questions while in disguise. Indeed, even Professor Dumbledore alludes to the ease with which an attacker could subvert this system. Heck, we’re talking about attackers who are most likely witches or wizards themselves. There may be a spell of some sort that would allow them to get the answer from a victim (the Imperious Curse is one example, and I’m sure there are all sorts of truth serums or charms that could be used as well). The solution works somewhat better in the case of the Polyjuice Potion, but since we’ve concluded that the Imperious Curse also needs to be considered, and since this would provide almost no security in that case, the security question ends up being a poor solution to the identity problem.
  • Step 4: What other risks does the security solution cause? The most notable risk is that of a false positive. If the attacker successfully answers the security question, they achieve a certain level of trust. When you use identity as a security measure, you make impersonating that identity (or manipulating the person in question via the Imperious Curse) a much more valuable attack.
  • Step 5: What trade-offs does the security solution require? This solution is inexpensive and easy to implement, but also ineffective and inconvenient. It would also requires a certain amount of vigilance to implement indefinitely. After weeks of strict adherence to the security measure, I think you’d find people getting complacent. They’d skip using the security measure when they’re in a hurry, for example. When nothing bad happens, it would only reinforce the inconvenience of the practice. It’s also worth noting that this system could be used in conjunction with other security measures, but even then, it’s not all that useful.

It seems to me that this isn’t a very effective security measure, especially when you consider that the attacker is likely a witch or wizard. This is obviously also apparent to many of the characters in the book as well. As such, I’d recommend a magic countermeasure. If you need to verify someone’s identity, you should probably use a charm or spell of some sort to do so instead of the easily subverted “security question” system. It shouldn’t be difficult. In Harry Potter’s universe, it would probably amount to pointing a wand at someone and saying “Identico!” (or some other such word that is vaguely related to the words Identity or Identify) at which point you could find out who the person is and if they’re under the Imperious Curse.

Security Theater

In response to Thursday’s terrorist attacks in London, the United States raised the threat level for mass transit. As a result, the public saw “more police officers, increased video surveillance, the presence of dogs trained to sniff for bombs and inspections of trash containers around transit stations.”

This is a somewhat sensible reaction, on numerous levels (though, ironically, not as much with respect to security). First, there is a small increase in security, but it also struck me as being more effective as a piece of security theater. In the NY Times article reference above, a police officer carrying a submachine gun is pictured. One of Kaedrin’s 3 loyal readers wondered if that was really necessary. The truth is that it probably didn’t provide much in the way of extra security, but often security decisions are made by those who have an agenda that encompasses more than just security. In Bruce Schneier’s excellent book Beyond Fear, he calls this sort of thing security theater.

In 1970, there was no airline security in the U.S.: no metal detectors, no X-ray machines, and no ID checks. After a hijacking in 1972 … airlines were required to post armed guards in passenger boarding areas. This countermeasure was less to decrease the risk of hijacking than to decrease the anxiety of passengers. After 9/11, the U.S. government posted armed National Guard troops at airport checkpoints primarily for the same reason (but were smart enough not to give them bullets). Of course airlines would prefer it if all their flights were perfectly safe, but actual hijackings and bombings are rare events whereas corporate earnings statements come out every quarter. For an airline, for the economy, and for the country, judicious use of security theater calmed fears… and that was a good thing.

I wonder if the submachine gun the police officer was carrying was loaded? I would assume it actually wasn’t, as a submachine gun is about the worst thing you could use on a crowded mass transit system.

The important thing to note here is that security decisions are often based on more than just security considerations. As security theater, Thursday’s heightened alert level reduced public anxiety. On a more cynical level, it’s also an example of politicians and businesses hedging their bets (if an attack did come, they could at least claim they weren’t caught completely off-guard). Sometimes, those in power have to do something quickly to address a security problem. Most people are comforted by action, even if their security isn’t improved very much as a result. However, as Schneier notes, security theater is largely a palliative measure. In a world where security risks are difficult to judge, security theater can easily be confused with the real thing. It’s important to understand such actions for what they are. At the same time, it should also be noted that such actions do provide some value, often extending beyond the realm of security (which can be important too).

Update: Minor additions and grammar changes.

Update 7.22.05: John Robb notes the added cost (i.e. the monetary cost, the inconvenience, the civil liberties etc…)of the extra security measures implemented as a result of the recent attempts in London, and how the costs have spread throughout the US. Robb also notes that Schneier himself has commented on the specific measure of searching bags. To clarify my comments above, I think the value provided by Security Theater is, at best, a short term value, depending on your perspective. Is that value worth the added costs? If you’re a leader or politician, probably. If you’re a commuter, probably not. Politicians and other leaders usually have a different agenda than commuters, and they’re the ones making the decisions.