Trust is a Weakness

When Introversion put out their game Uplink with the tagline "Trust is a Weakness", they hit a nail right between the eyes. Whether it is confidence men tricking you into Trusting their shady business deals, or a hacker abusing the fact that your central server trusts the edge server that he is now in control of... trust is a weakness.

This fact seems to be utterly lost on national governments, as they happily continually turn around and ask us to "trust them" in so many various ways. Trust them, even, to force an industry to compromise everyones security, as long as we let the Government hold the keys to the backdoor. Surely nobody will "slip in".

Except, that is exactly what happened in what this article calls "The Athens Affair". It is a great tale of a CEO suicide, and compromise of untold numbers of secrets, both state and private. To help those with short attention spans, from the article:

rogue software used the lawful wiretapping mechanisms of Vodafone's digital switches to tap about 100 phones and handed over a list of bugged numbers. Besides the prime minister and his wife, phones belonging to the ministers of national defense, foreign affairs, and justice, the mayor of Athens, and the Greek European Union commissioner were all compromised. Others belonged to members of civil rights organizations, peace activists, and antiglobalization groups; senior staff at the ministries of National Defense, Public Order, Merchant Marine, and Foreign Affairs; the New Democracy ruling party; the Hellenic Navy general staff; and a Greek-American employee at the United States Embassy in Athens.

This is the direct result of what has become a nearly universally accepted requirement that many nations place on the phone systems. A requirement that has hamstrung the entire industry, throughout many countries, and prevented further progress in personal security, progress which would have protected all of these organizations and secrets.

That requirement, is that the communications providers must provide a way for the Government to "tap" whatever line they choose. Of course they surround this with courts but, in the end, an open door is an open door. This makes no more sense than requiring people not to install door locks, because you might want to enter their houses.

It seems innocuous, but it has prevented several rather simple advances of technology which would benefit s all. Why do our handsets not offer, right now, real end to end encryption? The technology has existed for years, if the markets were allowed to have people seriously working on this and delivering products to the public, there is no reason it couldn't be standard on every phone.

Even something as dirt simple and infrastructureless as OTR, deployed standard, would greatly decrease the value of even mounting this sort of attack in the first place. It would give us the option of not trusting the phone company, the government, and their ability to keep others out of their systems. The option to not allow this severe weakness to continue.

To dishonest people, the world is awash with trust to abuse. Laptop hard drives with credit card data, medical data, industrial data. Phone lines that can be tapped to get juicy personal details, or gain advantage in business, or even help plan assasinations and terrorist acts. Each one of these that we can raise the bar on, each is a deterrent. Each makes dishonesty less profitable.

Instead, we defer to the wisdom of governments who tell us that its so vitally important that they have access, that we must trust them. Afterall, they would never do anyting wrong. Nor would the major multinational telecom corperations, nor any of their employees acting rogue, nor even the rogues who break into their networks and gain access. You trust all those people don't you?

The Atheneans do, and I am sure that right now, they are so glad that they did.

Deeper than Race

It as been hard to avoid the coverage of the arrest of Henry Louis Gates, Jr, because it has turned into the big race debate all over again. All over the news, people just seem to have let slip from their minds one universal truth: The police have a real tendency to be dick-headed egomaniacs, and routinely arrest people for little to no reason when they feel insulted.

Hot headed people, of any race, can tell you this one. Had Henry Gates been white, and upset about the police in his house, I am absolutely sure that he would have still been arrested.

The fact, which everyone seems to be ignoring, is that this does NOT excuse Sgt. James Crowley. The simple facts, here:

1. The initial call even mentioned seeing suitcases, the police had little reason to suspect anything strange going in.
2. Rude or not, neither side disputes that Henry Gates showed identification documents and resided at the home
3. Rude or not, being rude and/or loud is an unreasonable standard for "Disorderly Conduct" and every indication was that the MATURE AND PROFESSIONAL thing to do, was simply for Officer Crowley to leave the scene.
4. Officer Crowley chose not to be a mature professional. He, as a representative of the City of Cambridge, chose to be petty, and abuse his power to defend his ego.

This is a pretty open and shut case of police abuse of power. My recommendation is that Sgt. Crowley be fired, and brought up on charges of public corruption. He should be made an example of, because being an example was his job, and he failed miserably.

Edit: This does raise the question of what the Disorderly Conduct law in MA actually is. Here is a great write-up of why the Officer had no leg to stand on, and should have known better: http://volokh.com/posts/1248465451.shtml

Overall I just have to state it again. Gates was a grade A ass in this encounter. However, I object to the idea of that being an offense that warrants the use of state power to correct. I am happy to see that the law agrees with me. Now if we could only reign in power tripping police, who tarnish the dignity of the state with their petty actions.

In Defense of Texting while Driving

One of the Stories on Slashdot today is "US Agency Blocked Cellphone / Driving Safety Study". This sounds like some sort of big Government cover up to protect big wigs in some industry. The numbers however, just don't pan out. In fact, the numbers on the Anti-Texting side, are actually pretty flimsy.

They enjoy tossing out a statistic that there are 1000 fatalities a year in texting while driving incidents. This may sound like a lot, but, its a number without context. To make sense of it, lets ask another question: How many driving fatalities are there every year?

That answer was easy to find. It was on a page on Drunk Driving Statistics where we see the answer. Last year, there were 41,000 driving fatalities, 16,000 of which were "Alcohol Related".

In 2005, 11% of fatal crashes involved a person over 65, that is about 4 times as many as texting at around 4000 fatalities. (Each fatal crash must have at least 1 fatality, so this is actually giving the older drivers the benefit of the doubt).

It is pretty plain to see that this legislation is nothing short of an attempt by the Insurance Lobby to generate a new Windfall. More tickets means more surcharges. Are they going to scare you into paying more?

Well lucky for them, they don't have to. They just have to convince the legislature of it. The legislature that will see their own coffers increase directly from the fines from the tickets.

Sounds like these texting bills are really a big Win for everyone involved, don't they?

Examining Liquid Ban Stupidity

The TSA blog has a mildly interesting interview with a "Bomb Appraisal Officer". He supported the "3-1-1" liquid ban, and explained why it is important, in his mind anyway:

"This type of threat is not new, but our enemies are persistent and totally committed. They learn from their mistakes and then make adjustments all the time to try and stay ahead of security. Explosives come in ever changing shapes and materials to include a caulk like explosive that looks and feels just like toothpaste or Sunscreen. If we added personal hygiene products such as toothpaste to the “must be sampled” list, the lines would back up forever. It is just simpler, easier, and more logical to restrict those things in the sizes already established to minimize the risks to passenger aircraft." -- BAO Richard

In responding to this, I was wondering if there was a way to explain why this 3-1-1 policy is still stupid, yet without getting too complicated and hand wavy. So, if "out enemies" are totally committed and learn from their mistakes, then shouldn't we design our security model in such a way that a less than gifted high school freshman can't devise a simple plan to defeat it?

So allow me to pose my response to 3-1-1 as so:
Ali and his 5 friends want to blow up a plane. They have aquired a powerful explosive paste, but the current regulations state that each passenger may only bring 3 oz of "liquid" on a plane at once. Starting from Boston, and only moving 3 oz past checkpoints at a time, can Ali get his paste onto a single plane?

So Ali and his other 5 friends each take 3 oz of paste onto a plane for Chicago. They each leave their 3 oz with him, giving him a total of 15 oz. Of course, they scheduled flights to give them an overnight layover. So Ali waits in the terminal like a poor traveler, and the rest leave the airport, to come back for their flight, each with 3 more oz, giving Ali 37 oz of "explosive".

He gets on his connecting flight to LA, while his "friends" now get on their flights to Texas. The flight to LA explodes, and Ali wins the the day.

This is a plan that doesn't violate the 3-1-1 rule in any noticable way, and yet, still brings 12 times as much explosive on the plane as the 3-1-1 rule would allow, and used about as many people as 9/11 used for one plane. In this scenario, only one actual "bomber" is needed.

This plan was devised by a not very dedicated person, who has no interest in actually blowing up planes, over his lunch break.

Now raise your hand if you actually believe 3-1-1 is going to stop anyone with enough brains and sophistication to get ahold of explosive paste to begin with. Is anyone still convinced?

How about this one. Ali and his 5 friends each grab 12 oz of paste. His friends which are "caught" simply say "ok I am sorry" and let the TSA toss their "toothpaste" in the trash. They simply repeat this every few weeks until enough of them get through that they have enough explosive paste for their plans.

Total costs here for tickets might run into the couple of thousand dollars range.... maybe.

Case of the "deadly" nunchaku

Andy Carvin tweeted earlier "Trying to remember the last time I heard a congressional hearing discuss nunchucks. A resolution in honor of Bruce Lee?". This got me wondering why and doing a little web searching. I found a couple of interesting pages on what I am calling Maloney V Stupid.

What strikes me about this case, beyond the obvious and interesting technical questions of Constitutional rights vs State law, is that nobody is actually questioning WHY so many states have laws that, essentially, ban two sticks connected via rope or chain.

Having studied some small amount of Martial Arts, watched "Fight Science" and actually seen someone in a real street fight with nunchaku, I am left absolutely shocked that ANYONE considers them a dangerous offensive weapon.

It is true, the nunchaku can deliver powerful blows in the hands of a trained professional. However, this is just as true of a stick. In fact, a stick is, in many cases, more dangerous, as it is easier to learn, and doesn't show the lack of control after impact that the Nunchaku does. (the inherent flexibility of the nunchaku also absorbs much of its own impact force, unlike a solid stick)

In short, I have to disagree with the courts that found states have a "Rational Basis" for banning the nunchaku. Unless the standard for "rational basis" is "it looks really cool in movies, and we don't want people looking cool in fights".

Is there any defense of these laws? Aside from arrests for posession, was there ever an increase in "nunchaku related attacks"? Is there ANY evidence that lacking access to nunchaku has ever stopped a fight and NOT merely resulted in someone grabbing a more effective weapon (like a stick, or rock)? Did banning the nunchaku decrease violent crime?

I think its clear that this is yet another silly law, passed by the lazy and the stupid. Then defended and used against citizens by the criminally insane. Am I the only one who hangs his head in shame when he hears the utter nonsense that comes out of his government?

Once again, we should all just be ashamed to call ourselves American.