Motto: The surest way to get a reputation for being a trouble maker these days is to go about repeating the very phrases that the Founders used in the struggle for independence.
-- C.A. Beard
Disclaimer: The editor speaks only for himself, and sometimes
even he is wrong.
email Serge
Anon ftp site
News Archives
Standard disclaimers apply. In addition, the author makes no
guarantees concerning the grammatical accuracy of his writing.
Submitted text files must be in raw or compressed (.Z, .gz or PK Zip)
ASCII. Image files must be in jpg.
On last month's Fix;
the answer to last month's Fix,
"Govnr. Jeb Bush just repealed a Florida Scarlet Letter Law. It
required a woman putting up a child for
adoption to list the father - and if she was not sure - to list
all sexual partners. So, should the woman have to
inform the father of her intention to give up the baby?"
is
This is another interesting paradox courtesy of Roe v. Wade. A pregnant women can choose to abort a pregnancy without any input from anyone, including the father (or in the case of a pregnant minor - even her parents). But, should she decide to carry the baby to term, the mother is subject to no end of interventions from the father, state, etc.
The idea that choosing death should have no legal consequences, but choosing life for the child is a legal landmine, is another not so subtle reminder of how far towards Sodom this nations' morality has slid.
Shooting Ourselves in the Foot
Grandiose Schemes for Electronic Eavesdropping May Hurt More Than
They Help
By Robert X. Cringely
Whom do you trust? If you are a policeman, you trust the police. How much information is enough? When it comes to the electronic gathering of intelligence information, it appears that no amount of information is enough. These two concepts have collided in America with the result that creating the very capability of gathering electronic intelligence is putting all of us in greater danger. The supposed cure may be worse than the disease. Maybe -- and only maybe -- we know a little more about what the bad guys in our society are doing, but it is coming at what might be a horrible cost. And a big part of the problem is that if you are a policeman, you trust the police.
The Federal Bureau of Investigation administers the Communications Assistance to Law Enforcement Act (CALEA), which was passed by Congress in 1994. CALEA was a response to advances in digital communications. It was a way for law enforcement and intelligence agencies to go beyond old-fashioned phone taps and listen in on mobile phone calls, pagers, the Internet and any other form of electronic messaging that might be used by enemies of the state. CALEA made the phone companies and pager companies and Internet companies responsible for building into their equipment the capability to tap all types of communications on the order of a judge or -- in the case of foreign surveillance -- of the U.S. Attorney General. Every telephone switch installed in the U.S. since 1995 is supposed to have this surveillance capability, paid for, by the way, with $500 million of your tax dollars. Not only can the authorities listen to your phone calls, they can follow those phone calls back upstream and listen to the phones from which calls were made. They can listen to what you say while you think you are on hold. This is scary stuff.
But not nearly as scary as the way CALEA's own internal security is handled. The typical CALEA installation on a Siemens ESWD or a Lucent 5E or a Nortel DMS 500 runs on a Sun workstation sitting in the machine room down at the phone company. The workstation is password protected, but it typically doesn't run Secure Solaris. It often does not lie behind a firewall. Heck, it usually doesn't even lie behind a door. It has a direct connection to the Internet because, believe it or not, that is how the wiretap data is collected and transmitted. And by just about any measure, that workstation doesn't meet federal standards for evidence integrity.
And it can be hacked.
And it has been.
Israeli companies, spies, and gangsters have hacked CALEA for fun and profit, as have the Russians and probably others, too. They have used our own system of electronic wiretaps to wiretap US, because you see that's the problem: CALEA works for anyone who knows how to run it. Not all smart programmers are Americans or wear white hats. We should know that by now. CALEA has probably given up as much information as it has gathered. Part of this is attributable to poor design and execution, part to pure laziness, part to the impossibility of keeping such a complex yet accessible system totally secure, and part because hey, they're cops, they're good guys. Give 'em a break. Have a donut.
This vulnerability is never discussed in public because it is an embarrassment to law enforcement and because the agencies that pay for CALEA don't want its vulnerability to be known. That might compromise national security. Alas, national security is already compromised by the system itself, and the people who might take advantage of the vulnerability have known about it for years. Only we are kept in the dark.
In a sense I think the problem comes down to the "dumbing down of IT." The biggest problem with CALEA is the people managing it. They don't know it needs to be secured. This column, for example, will be widely distributed, but will have no impact whatsoever on the folks it should because they simply won't get it.
I suspect the people actually running the system know a bit more and probably have suggested it from time to time. Like many government systems, you can't fix it until you're TOLD to fix it, and you won't be told to fix it until there is funding. And the funding will usually be accompanied by explicit instructions on how to fix it, right or wrong. In the corporate world IT has been under attack and downsized for years. Forget training. Forget expertise. There is a belief that by just buying a firewall, you solve all your security issues. If you have a firewall, why do you need to have someone track and install all those security patches on all your computers? Many of IT's biggest problems are simply repeats of past problems. Through this "dumbing down" process we've lost the ability to stop the cycle.
Even if CALEA were secure, it would still be a danger because of its capability to do what are called "roving wiretaps." Old-fashioned wiretaps did just that, they tapped wires, but today's criminals and terrorists are mobile. They use throwaway cell phones and conference calls and 800 numbers to mask their communications so CALEA targets the criminal, not the phone line. This means that CALEA effectively taps every phone that is connected at any time to the roving subject. Phone conversations can be followed from line to line and each of those phone lines becomes, at least for a while, a target. Dozens, hundreds, thousands of numbers can get swept up and recorded whether it is a conversation with a lawyer, a priest, or a journalist.
That's what led me to this story. In the Lacie Peterson murder case in California, thousands of Scott Peterson's phone conversations were recorded using CALEA technology. Some of those conversations were between Peterson and his lawyer, some between Peterson and the press. None of them were with me. I have no idea whether Scott Peterson is guilty or innocent, and it doesn't matter at all to this column. What matters is that a few days ago 176 new phone conversations were "discovered."
How do you "discover" a recorded phone conversation in a totally automated system? If you can discover a conversation, then you can also lose one a la Rosemary Woods and the famous 17-minute gap in that Watergate tape. The whole system becomes suspect and subject to abuse.
And abuse does happen. In the late 1990s the Los Angeles Police Department conducted illegal wiretaps with CALEA technology involving thousands of phone lines and potentially hundreds of thousands of people at a time when the official annual report on wiretaps compiled by the Department of Justice said L.A. was conducting an average of around 100 wiretaps per year. Illegal convictions were obtained, property was illegally confiscated, civilian careers and lives were ruined, yet nobody was punished.
But wait, there's more! CALEA represents mid-90s thinking about electronic intelligence, but now we have the Patriot Act that goes so much further. And we have a program at the Defense Advanced Projects Research Agency called Total Information Awareness. I am sorry to quote so extensively from a DARPA document (unclassified), but you need to get a sense of the epic scope of this proposal, which sounds like Big Brother to me:
"OBJECTIVES: (1) Development of revolutionary technology for
ultra-large all-source information repositories and associated
privacy protection technologies.
(2) Development of collaboration, automation, and cognitive aids
technologies that allow humans and machines to think together about
complicated and complex problems more efficiently and
effectively.
(3) Development and implementation of an end-to-end, closed-loop
prototype system to aid in countering terrorism through prevention by
integrating technology and components from existing DARPA programs
such as: Genoa, EELD (Evidence Extraction and Link Discovery), WAE
(Wargaming the Asymmetric Environment), TIDES (Translingual
Information Detection, Extraction and Summarization), HID (Human
Identification at Distance), Bio-Surveillance; as well as programs
resulting from the first two areas of this BAA and other programs."
"Repository Issues: The National Security Community has a need for very large scale databases covering comprehensive information about all potential terrorist threats; those who are planning, supporting or preparing to carry out such events; potential plans; and potential targets. In the context of this BAA, the term "database" is intended to convey a new kind of extremely large, omni-media, virtually-centralized, and semantically-rich information repository that is not constrained by today's limited commercial database products -- we use "database" for lack of a more descriptive term. DARPA seeks innovative technologies needed to architect, populate, and exploit such a database for combating terrorism. Key metrics include the amount of total information that is potentially covered, the utility of its data structures for data entry and use by humans and machines in searching and browsing, data integration, and capability to automatically populate, and the completeness, correctness, and timeliness of the information when used for predictive analysis and modeling in exploiting the information in these repositories. It is anticipated this will require revolutionary new technology."
"The database envisioned is of an unprecedented scale, will most likely be distributed, must be capable of being continuously updated, and must support both autonomous and semi-automated analysis. The latter requirement implies that the representation used must, to the greatest extent possible, be interpretable by both algorithms and human analysts. The database must support change detection and be able to execute automated procedures implied by new information. Because of expected growth and adaptation needs, the effective schema must be adaptable by the user so that as new sources of information, analytical methods, or representations arise, the representation of data may be re-structured without great cost. If distributed, the database may require new search methods to answer complex, less than specific queries across physical implementations and new automated methods for maintaining consistency. The reduced signature and misinformation introduced by terrorists who are attempting to hide and deceive imply that uncertainty must be represented in some way. To protect the privacy of individuals not affiliated with terrorism, DARPA seeks technologies for controlling automated search and exploitation algorithms and for purging data structures appropriately. Business rules are required to enforce security policy and views appropriate for the viewer's role."
"The potential sources of information about possible terrorist activities will include extensive existing databases. Innovative technologies are sought for treating these databases as a virtual, centralized, grand database. This will require technologies for automatically determining schemas, access methods and controls, and translation of complex English language queries into the appropriate language for the relevant databases."
"DARPA currently has on-going research programs aimed at language translation, information extraction from text, and multi-modal biometric technologies. These component technologies will be used to feed the Information Awareness database but must be augmented by other technologies and new sources of information to dramatically increase the coverage of counter-terrorism information. These other technologies include but are not limited to innovative new methods of database integration, structured information authoring, and exploitation of integrated data streams. Non-traditional methods of identifying and monitoring terrorist activity are anticipated. Populating a database with information derived from masked or deceptive behavior by an adversary is a challenging technical problem. DARPA invites new ideas for novel information sources and methods that amplify terrorist signatures and enable appropriate response."
"Collaboration, Automation And Cognitive Aids Issues: DARPA will be developing technology to support collaborative work by cross-organizational teams of intelligence and policy analysts and operators as they develop models and simulations to aid in understanding the terrorist threat, generate a complete set of plausible alternative futures, and produce options to deal proactively with these threats and scenarios. The challenges such teams face include the need to work faster, overcome human cognitive limitations and biases when attempting to understand complicated, complex, and uncertain situations, deal with deliberate deception, create explanations and options that are persuasive for the decision maker, break down the information and procedural stovepipes that existing organizations have built, harness diversity as a tool to deal with complexity and uncertainty, and automate that which can effectively be accomplished by machines so that people have more time for analysis and thinking. Emphasis needs to be placed on ease of use, adaptation to the user who is often not a scientist or engineer, and implicit encouragement to use the tools to make the users' tasks easier."
"DARPA is seeking innovative technology for automating some of the team processes; augmenting the human intellect via tools that assist teams thinking together, tools that do some of the thinking for people, and tools that support human/machine collaboration in the cognitive domain; and for providing a rich environment for collaboration across existing hierarchical organizations while maintaining the necessary accountability and control. DARPA envisions that the human teams using its system will be drawn from multiple organizations spanning state, local, and federal government. Thus, there will be the need to permit collaboration across organizational-boundaries while providing control and accountability and connection back to the central systems of each participating organization. Technology will be required to support the entire life cycle of such teams. Key challenges include knowledge management/corporate memory, declarative policy generation and context-based enforcement, business rules and self-governance, and planning and monitoring team processes."
"The goals for automation technology include speeding the front-end processes of gathering, filtering, and organizing information and assimilating its content without having to read all of it. On the back-end of the process, technology is needed to automate or semi-automate the generation of efficient and persuasive explanations, and to maintain consistency within a large, distributed multi-media knowledge base. Technology is also required to make the tools and the collaborative environment itself more efficiently used by humans by making it aware of user context and preferences and smart and adaptive to optimize the user experience. DARPA seeks technology to aid the human intellect as teams collaborate to build models of existing threats, generate a rich set of threat scenarios, perform formal risk analysis, and develop options to counter them. These tools should provide structure to the collaborative cognitive work, and externalize it so that it can be examined, critiqued, used to generate narrative and multi-media explanations, and archived for re-use."
Back to Cringely: How, exactly, are they going to automate the protection of our privacy?
No sane person is in favor of terrorism or lawlessness. But at a time when intelligence agencies are under fire for being not very intelligent, when our leaders are sometimes in too big a hurry to cast blame and take credit, we are building huge information gathering systems that we can't completely control, we can't completely validate, that can be turned against us by our enemies, and that can ultimately be used to justify, well, anything.
It might be a good idea to think twice about this before we shoot ourselves in the foot.
none this month
-- Sen. John Kerry on Meet the Press 13 July 2003, denying that he had any part in releasing the photo showing he and Lennon at a peace rally. But the photo is still up at the Kerry for President Web Site.
1. Bainbridge Island, July 14: Local Ed Viesturs climbed the 12'th highest mountain in the world to remove an asterisk. Ed is on a mission to duplicate the feat of Reinholt Messner to climb the world's 14 tallest peaks without use of bottled oxygen. The 44 year old went up the Himalayan Broad Peak a second time, becuase the first time he was brought up 70 feet shot due to unstable snow. The record books called it a near summit. Now the asterisk is removed.
2. Seattle, July 10; You may recall from the news last year that Springer, the baby orphan Orca, was a regular site off of Vashon Island and got to be freindly with boaters and ferry riders. The state biologists tried to reunite her with her native pod, apparently without success. Surprise! The Feds and Candian officials moved SPringer into the waters of her native Pod and this summer she has been adopted by a 16 year old "aunt" off Vancouver Island who is strongly discouraging Springer from playing with any more ferries.
1. Sacremento, July 15: Shortly after the last govnr election, it came to light that incumbent (and reelection winner) Gray Davis had hidden certain facts about the state of Californias finances. Turns out that the state is even more broke then thought, and there has been a groundswell effort to commence a recall election. Only 800,000 signature were needed on the recall petition, but over 1.1 million were collected. However, Davis and his supporters - in a delay tactic, are suing each district in the state to re-verify every signature.
1. Cincinatti, July 15: Fans of the show will be pleased to know
that Jerry Springer, former Mayor of this city and star of his
"reconciliation based" TV show, will be running for the US Senate in
2004. Mr. Springer says his close contact with people on the street
has given him a unique "beyond the beltway" perspective.
1. June 30: In a landmark 5/4 decision, the US Supreme Court has essentially overturned the 14'th Amendment right to equal protection under the law regardless of race, religion, etc. In two separate cases from the University of Michigan, an undergrad sued for being denied admission, and a law student for the same reason. The undergrad's denial was upheld, because in the court's view the Univ. should not have a formula (in this case adding 20 points to the score of the admission form) for assigning special race privelages. However, the law student was found to have a valid case, because the law dept's admission process of more subjective and only uses race in a vague way to contribute towards "diversity". Justice Sandra Day O'Connor, speaking for the majority, said that the Federal GOvt. has a vested interest in promoting diversity, but may not use quotas in furthering Affirmative Action goals.
The minority decision rightly held that this reasoning was without merit.
Ed: I've always wondered how those job application forms can
say on them, "An equal oppurtunity, Affirmative Action employer".
Isn't it one or the other?
2. July 17: Bill and Hillary Clinton will only be reimbursed
$85,000 of the $3.5 Million it cost to defend them against the
Whitewater investigation. The US Court of Appeals rejected the
Clinton claim that they were the target of a partisan political witch
hunt, and further the court said Ken Starrs case in Whitewater had
merit. Also upheld, the disbarment of Mr. Clinton from any further
practice of law.