Jun 082013
 

Which is news how exactly? Spying on us is what the NSA and GCHQ are for.

Over the last day or two, we have been hearing more and more of the activities of the NSA (here) and GCHQ (here) spying on “us” (for variable definitions of that word). Specifically on a programme called PRISM which monitors Internet traffic between the US and foreign nations, but not on communications internal to the US.

Various Internet companies have denied being involved, but :-

  1. They would have to deny involvement as any arrangement between the NSA and the company is likely to be covered by heavyweight laws regarding the disclosure of information about it.
  2. It’s also worth noting that they have asked the company executives whether they are involved in PRISM, but not asked every engineer within the company; it is doubtful in the extreme that any company executive knows everything that happens within their company. And an engineer asked to plumb in a data tap under the banner of national security is not likely to talk about it to the company executive; after all the law trumps company policy.
  3. The list of companies that have been asked, and have issued denials is a list of what the general public think of as the Internet, but in fact none of the companies are tier-1 NSP; whilst lots of interesting data could be obtained from Google, any mass surveillance programme would start with the big NSPs.

What seems to have been missed is the impact of agreements such as the UKUSA agreement on signals intelligence; the NSA is “hamstrung” (in their eyes) by being forbidden by law from spying on US domestic signals, but they are not forbidden to look at signals intelligence provided by GCHQ and visa-versa. Which gives both agencies “plausible deniability” in that they can legitimately claim that they are not spying on people from their own country whilst neglecting to mention that they make use of intelligence gathered by their opposite number.

There is some puzzlement that PRISM’s annual cost is just $20 million a year; there is really a rather obvious reason for this … and it also explains why none of the tier-1 NSPs have been mentioned so far either. Perhaps PRISM is an extension of an even more secret surveillance operation. They built (and maintain) the costly infrastructure for surveillance targeting the tier-1 NSPs and extended it with PRISM. In particular, the growing use of encryption means that surveillance at the tier-1 NSPs would be getting less and less useful (although traffic analysis can tell you a lot) making the “need” for PRISM a whole lot more necessary.

As it turns out there is evidence for this hypothesis.

But Are They Doing Anything Wrong?

Undoubtedly, both the NSA and GCHQ will claim what they are doing is within the law, and in the interests of national security. They may well be right. But unless we know exactly what they are doing, it is impossible to judge if their activities are within the law or not. And just because something is legal does not necessarily make it right.

Most people would probably agree that a mass surveillance programme may be justified if the aim is to prevent terrorism, but we don’t know that their aims are limited to that. The surveillance is probably restricted to subjects of “national interest”, but who determines what is in the national interest? Just because we think it is just about terrorism, war, and espionage doesn’t mean it is so. What is to stop the political masters of the NSA or GCHQ from declaring that it is in the national interest to spy on those involved with protests against the government, or those who vote against the government, or those who talk about taxation (i.e. tax avoidance/evasion)?

Spying is a slippery slope: It was not so very long a ago that a forerunner of the NSA was shut down by the US president of the day because “Gentlemen do not read each other’s mail.”. But intelligence is a tool that is so useful that more and more invasive intelligence methods become acceptable. It is all too easy to imagine how today’s anti-terrorist surveillance can become tomorrow’s 1984-like society.

That does not means that GCHQ should not investigate terrorism, but that it should do so in a way that we can be sure that it does not escalate into more innocent areas. Perhaps we should be allowing GCHQ to pursue surveillance, but that it should be restricted to a specified list of topics.

May 182013
 

The strange thing about being involved in information security is the phenomena of cyber warfare.

After all, what does tinkering with computers have to do with real war? Well it depends what all that tinkering leads to, and we simply do not know what would happen in a real war. We are in the beginning of the era when aggressive hacking supports war.

But probably the overwhelming majority of activities labelled as cyber warfare are in fact espionage, or a grey area in between. Any kind of hacking that leads to information disclosure, is espionage rather than warfare. More aggressive hacking – such as writing malware to spin centrifuges into destruction – falls into the grey area between espionage and warfare; it’s too aggressive to be labelled espionage, but isn’t part of a legal war (and yes there is such a thing). In terms of legality, it could well be that such acts are illegal acts of war, but morally justified.

And why is China always the bad actor here? Practically every hacking conference video dealing with cyber warfare drops big hints about the activities of China with little in the way of evidence. There is some evidence that China may be involved in cyber espionage, but as for cyber warfare itself, there is far more evidence for the involvement of the US, Israel, and even the UK; although the rumoured replacement of an Al-Qaeda recipe for a pipe bomb with one for cupcakes doesn’t seem like an act of war, but perhaps an exhibit of the English sense of humour.

Part of the problem is that anyone who reads their firewall logs will find a huge number of attacks coming from Chinese address space. As an example, a quick inspection of the addresses blocked on one of my servers for attempted ssh brute force attacks gives the following table :-

Count Country Code Country
255 CN China
51 US United States …
29 KR Korea (South)
19 BR Brazil
17 DE Germany
15 IN India
13 RU Russia
13 GB Great Britain
13 FR France
11 ID Indonesia

This is not intended to be an accurate reflection of anything other than the number of infected machines trying to brute force accounts on my server.

The high presence of China is an indication of the number of malware infections within China, and the large population of the Chinese. It doesn’t actually say anything about where those attacks originate. Every hacker with enough sense to tie up their shoe laces will be pivoting through privacy proxies, and using armies of infected hosts to send out their attacks. These infected hosts are the ones whose addresses show up in your logs.

Assuming that because these addresses are Chinese means that the Chinese state is behind attacks is faulty logic. There is no reason why the Chinese state hackers (if they exist … although it is almost certain they do) would use Chinese addresses to attack from; they are more likely to be using addresses from the US, Europe, South America, etc. If anything, attacks coming from Chinese addresses indicate :-

  1. Private sector hacking (which is the majority)
  2. Attacks from state groups other than China.

It may well be that China is engaged in industrial scale cyber espionage; it may also be that what people assume are Chinese attacks are in fact other states. After all cyber espionage is probably one of the cheapest ways to get involved; within the means of even the smallest and poorest states.

Jan 022013
 

According to the news, the US politicians have finally decided not to take a running jump off the edge of the fiscal cliff and have come to some form of agreement in relation to US taxes. The markets have of course bounced dramatically because of the good news … or is it?

Firstly, this decision is late. US politicians have been trying to come to some form of agreement with regard to taxation and spending for at least 18 months; the deadline everyone was worried about was introduced to concentrate minds on an agreement. And yet no agreement was reached until the last moment. US politicians deserve to be fired for not coming to an agreement sooner.

Secondly, this decision is not a full decision at all. The agreement only covers taxation, and does not cover agreements on spending cuts. They have given themselves a further two months to agree the rest of it. And who is to say that they will manage an agreement this time around?

There are those who argue that the phrase “fiscal cliff” is scaremongering, and that it should really be called a “fiscal hill” (or some other phrase). They’re wrong.

The actual effects of going over the fiscal cliff may well be rather gradual with tax increases and spending cuts only gradually kicking in over the year of 2013. But that is ignoring the big problem.

The big problem is that the politicians in charge of the world’s largest economy are a bunch of incompetent idiots who would rather argue for partisan advantage than do their job – govern the country in the interests of all of the citizens of the US. In most circumstances, a bunch of people in charge of a large organisation who could not agree on a budget in a timely fashion could and would be fired.

Perhaps the citizens of the US should get together and “kick some ass” – point out to their politicians that they are expected to govern the country properly, and if they do not pull their socks up, they will all be booted out of office come the next election – Democrats and Republicans. It is not the fault of any one party, but the fault of both.

Dec 282012
 

The US has long had an abysmal record in extra-judicial execution by the mob – the lynching – which is a peculiarly US foible. It is noticeable in the linked Wikipedia article that the authors were desperately looking around for non-US examples of lynchings. And some of the examples are not strictly speaking lynchings at all.

Extra-judicial punishments have been common throughout history, but have almost always been due to the absence of legal authority, or the inadequacy of legal authority. In most cases, US lynchings are in fact a perverse preference for extra-judicial punishment where the legal authority certainly was available – many lynchings involved breaking into courthouse jails to extract the “guilty”.

There are plenty of resources out there on US lynchings including :-

Practically all of these sites concentrate on the racial aspects of lynchings, which is perfectly understandable given that lynchings were one of the many weapons white supremacists used to keep the negro “in his place”.

Yet there is another aspect to lynchings that tends to get overlooked. If you look at the lynching statistics provided by the Tuskegee Institute covering the years 1882-1968, of the total of 4,743 lynchings a total of 1,297 were of “white” people. A total of 27% of all lynchings were of “white” people. Of course that simple classification into black and white may be concealing other race hate crimes – apparently asian and mexican-american people have been classified as white on occasions.

But reading the stories of lynchings shows that the victims of lynchings were from all parts of society – men, women, black, and white. But predominantly black, although the last lynching of a white person occurred as late as 1964 when 2 white people and 1 black person were lynched.

This page tries to explain the white lynchings as either under-reporting of lynchings of black people in the 19th century, or the use of lynchings to punish white people who opposed the repression of black people (such as Elijah Lovejoy). Both of which are true enough.

But it’s missing a point – lynching is a tool used by the racists to repress the black people in the US, but it already existed as a tool (and was used) before the racists felt the need to repress and control the newly freed former slaves. Lynching is a way of obtaining “justice” when a community feels that justice is unlikely to be obtained any other way.

What appears to have happened in the US is that some communities seem to have acquired an entitlement to extreme forms of justice and they are not placated by the perfectly reasonable level of justice provided by the state. After all, in many of the examples of lynchings, the state justice mechanisms were “working” perfectly well – certainly a black person in the South was likely to be flung into prison for almost anything on the flimsiest of evidence. Yet the extremists were not satisfied.

What this reveals is that some in the US feel entitled to impose a level of control on their community that is not sanctioned by the democratic majority of the country as a whole. And a willingness to resort to violence to get their way. Whilst lynchings may be a thing of the past (the last recorded one was in 1981, although there is a case for arguing that this was merely a random killing rather than a lynching), the attitude may still be around … and having an effect on the level of violence in the US.

The anti-gun control fanatics are right to an extent when they claim that “guns don’t kill” but criminals do. If you compare the US gun crime statistics with other countries with similar levels of gun control (and there are some; indeed in Switzerland a significant proportion of the population is compelled to store a fully automatic assault rifle in their home), it becomes obvious that the US has a significant problem with violence. Gun control may be necessary in the short term, but long term the US needs to look at it’s violent tendencies.

Dec 222012
 

Given the tragic shooting incident at a US primary school (what would be called an elementary school in the US), it is hardly surprising that the subject of gun control has come up yet again. Normally proposals suggest taking the more extreme types of guns (such as assault rifles) away, without banning all guns.

This may be a mistake given the US Constitution and opposition to changing it. The relevant clause of the constitution reads :-

A well regulated militia being necessary to the security of a free state, the right of the people to keep and bear arms shall not be infringed

There are a number of interesting things that this does not say :-

  1. There is nothing in this statement about the right to bear arms to defend yourself (at least from criminals).
  2. There is nothing in this statement about the right to bear arms to go out shooting defenceless wildlife.
  3. Although the statement includes the right to “keep” arms, it does not say where such arms should be kept.
  4. Although it does not explicitly say so, it is very clearly defined that a person’s right to bear arms is in relation to a “well regulated militia”; in other words one does not have a right to bear arms unless under orders to do so.

So rather than restrict what kind of arms a US citizen can own, perhaps it makes much more sense to restrict where arms can be held and how they can be used :-

  1. Any three or more individuals are free to establish a militia for the defence of the state or some other suitable purpose.
  2. The state is allowed to appeal to a court in the event of a militia it feels is set up for nefarious purposes.
  3. A militia must establish an arsenal which may not be a personal home. An arsenal must have an appropriate level of security.
  4. A militia or member of a militia is allowed to purchase any reasonable weapons, but they must be stored within the militia’s arsenal.
  5. Weapons may only be used by the members of the militia during training or during an operation sanctioned by the militia.
  6. No weapons may be used by an individual without supervision by another two members of the militia.

Of course the real test for a proposal on gun control is whether the NRA like it or not. If they do, it must be wrong!