Blayne Sucks

Yesterday Barack Obama was at Purdue University to talk about national security. You can read the text of his remarks here.

Purdue University may seem like a strange place to talk about National Security for many people, but this location was well-chosen for several reasons. First, Clinton won Indiana in the primaries and although the state tends to vote republican in November, Obama needs to continue to bring the democratic party together. Second, Sen. Evan Bayh (D-IN) supported Clinton in the primaries. He’s a very popular former governor of the state who’s father was also in the Senate. Being able to receive his support is important for Obama. Third, Sen. Richard Lugar (R-IN) is a foreign policy and national security expert. Although Sen. Lugar was not at the event, he was spoken of with high praise. Fourth, Purdue University is home of CERIAS, one of the best cyber security research institutions in the world. It makes sense to talk about national security in a state that has such an influential voice in that area.

As to the actual event itself, I strongly encourage you to read Professor Gene Spafford‘s write up of his experiences at the event. He gives an overview of Obama’s speech and each of the three panels that followed. It is an excellent read if you are interested in national security, politics or computer security. Although there are many quotable sections of the post, I will refrain from quoting it in the hopes that my strong endorsement of it will encourage you to read the whole thing.

CNN is running an article about a 22 year old woman who is facing a probable sentence of six years for identity fraud. There are a couple of things to note in this story.

First, their victims were friends and family. This is a common form of identity fraud. More than a third of all victims of identity fraud know the person who victimized them. Why? The answer is access. Friends and family are more trusting and their identity information is simply more easily available. It may even be easier for criminals to use since many vendors may be willing to look the other way for a daughter using her mother’s credit.

Second, the article quotes a federal prosecutor using the phrase “identity fraud” rather than identity theft. This is extremely important because it more accurately describes the crime. We already have laws on the books for fraud. Fraud has been illegal for quite some time. Yes, there are technological issues in catching the criminals, but the situation is far better than it was a few yeas ago.

Jim Harper describes the difference in detail in his book Identity Crisis:

Silence of the Lambs was a 1991 movie starring Jodie Foster as FBI Special Agent Clarice Starling and Anthony Hopkins as the notorious and devious supercriminal Hannibal Lecter. At the end of the movie, Lecter overpowers ad kills two guards in order to escape from a special prison that has been built for him on the upper floors of a building. He changes into the uniform of one of the guards, hides the guard’s body and poses as that guard, badly injured but clinging o life. To complete the deception, Lecter tears the guard’s face off and places it over his own. The police wheel Lecter out of his prison on a gurey, underneath that gruesome mask. This is identity theft. Lecter has taken a key identifier from the dead and mutilated guard, who will never get it back.

Obviously, simply using an identifier is far different than stealing one. It is nice to see that the federal prosecutors are using the correct terminology and that it is making its way into the mainstream press.

I have trouble describing how disappointed I am that this bill has passed. The roll call vote is available here. I have written about FISA previously here and here.

Although there are many aspects of this bill that disappoint me, I would like to take a moment to talk about the one closest to my research: legal compliance in technology systems. This bill sets an incredibly bad precedent for anyone advocating legal compliance. Essentially, what the telecommunications companies did was blatantly against the law. However, this bill retroactively provides them immunity for their actions [1]. When the consequences for violating the law are removed retroactively, companies have an incentive to violate the law in the future.

The ethics in situations like this are already difficult for engineers to recognize. For a technologist like Mark Klein, setting up a room with a whole bunch of cables going into it is a normal daily aspect of their job. Most will not see the ethical implications. Most engineers at that level are not aware of the bigger picture. They may not be able to say for sure whether their action is a violation of the law. To speak out about such a thing already takes great personal courage.

The last thing engineers need to see is a case like this. They will recognize that even if they do risk their job to speak out about a possible legal problem, and even if that possible problem is recognized as such, it is now, with the passage of this bill, clearly possible that Congress will bend over backwards to let their employer off the hook.

To understand how difficult it was before this amendment was passed for someone like Mark Klein to do what he did, I urge you to read the introduction Cindy Cohn gave him at the EFF Pioneer Awards. Congress has just made it harder on the heroes. This is a disappointing day.

[1] Yes, I realize that this bill doesn’t directly provide for retroactive immunity. However, the bill sets up a sham court proceeding to determine whether or not the companies involved were told it was ok to do what they did by the President, which is already widely known to be true.

[Update: There's an extremely well-written article on the FISA Ammedment Act on ThreatLevel.]

Tomorrow, on July 8th, the Senate will vote on a pending FISA amendment that includes provisions to give telecommunications companies legal protection for their role in the warrantless wiretapping, about which I have previously blogged here.

FISA stands for the Foreign Intelligence Surveillance Act and it was passed in 1978 to address abuses of several Presidents. The goal was to limit the ability of the executive to perform surveillance on anyone they wanted.

The initial reaction to the amendment from technologists and civil liberties advocates has been strong and consistent. Techdirt believes that our congress has failed us. The Technology Liberation Front believes this is bad policy and bad politics. The Center for Democracy and Technology believes that the bill is unclear and should at least be clarified for both national security and civil liberty. Finally, the whistleblower who got the ball rolling on all of this in the first place believes that this bill would create the “infrastructure for a police state.” It is also interesting to look at the politicians who received donations from telecommunications companies and also changed their votes.

There are other reasons to dislike this amendment. Representative Rush Holt’s thoughts are worth reading. Senator Chris Dodd gave an impassioned speech about FISA, which includes this gem, pointed out to me by Tim Lee:

This bill does not say, “Trust the American people; Trust the courts and judges and juries to come to just decisions.” Retroactive immunity sends a message that is crystal clear:

“Trust me.”

And that message comes straight from the mouth of this President. “Trust me.”

The amendment even redefines Weapons of Mass Destruction.

Let’s look back at the original goal of the FISA: to limit the power of the executive to watch anyone they wanted. Now, consider the current bill. It takes the power to determine the need for surveillance out of the hands of an impartial judge and puts that power into the hands of the President. It also provides blanket immunity to those companies that broke the law to allow the President to have this surveillance power over the last several years. Make no mistake about it; it is not a compromise.

One might assume that we can all agree that natural disasters are bad, but apparently we can’t. The Boston Globe has an article about how natural disasters are helpful. Yes, you read that right. The article is about how natural disasters are helpful.

Now, if you, like me, don’t believe that an earthquake which killed almost 70,000 people is helpful, then you may find yourself similarly disappointed that such an article could be published at a reputable paper. The concept is tortured logic at best. It goes something like this:

1. A disaster occurs wiping out all sorts of things that are valuable like buildings, factories, vehicles, and infrastructure.
2. At great financial cost, society re-builds all the things that were destroyed using the latest techniques.
3. Measurements are taken of both before and after the disaster and someone concludes that those affected are better off because they have all new buildings, factories, vehicles and infrastructure.

Let’s think about some logical conclusions one might draw about this. If natural disaster is good because it forces us to rebuild, then wouldn’t man-made disaster be even better? I mean, we could pick the places where the disaster would occur and we would create jobs for the teams of people who could go around destroying things. Actually, that sounds a lot like war now. Heck, why don’t we just start wars all the time since the resulting disaster is so obviously good?

Doesn’t really make much sense, does it?

There are really only two salient points to be found in this article. First, the voice of reason:

To critics of this line of thinking, the problem is that it is, at best, a partial picture. It ignores, they argue, the fact that the money and labor that go into post-disaster rebuilding are simply being redirected from other productive uses.

“If you’re a carpenter, a trash remover, a physician, you may be made better off, but the things that those producers would have otherwise produced are not going to be produced,” says Donald Boudreaux, an economics professor at George Mason University. “Over any reasonably relevant period of time, society is not made wealthier by destroying resources,” he adds. If it were, “Beirut should be one of the wealthiest places in the world.”

Huh, who would have thought that disasters were actually bad? Of course, we have known this for a long time.

Second, the conclusion, which is surprisingly good given how horrible the rest of it was:

It may be, then, that disaster economics works best as a guide in those times when we don’t have disasters to contend with. Investing in human capital, replacing outdated plants and infrastructure – the things that Kunreuther and Skidmore argue disasters drive us to do – are also, it turns out, good ideas even in the absence of a crippling catastrophe. If the disaster economists are right, calamities are simply pushing societies to make the sort of sound economic decisions that inertia or fear or bureaucratic sclerosis prevents them from otherwise making. Governments and businesses might do well to adopt some of the urgency and innovation of a post-disaster mind-set even in more clement times.

Imagine that. If you invest in your business rather than limp along with outdated facilities and inefficient equipment, then your business will operate more efficiently.

War is bad. Disasters are bad. The end.

I recently met Brooke Oberwetter, who has become known as the Jefferson 1. She seems like a nice, unassuming person and we had a pleasant conversation, which is why I was surprised to learn that she was facing criminal charges. I have come to believe that her arrest is an excellent example of the war on the unexpected.

She and around 20 of her friends went to the Thomas Jefferson Memorial to celebrate Thomas Jefferson’s birthday by silently dancing and listening to music with earphones of some kind. Surely this is not a usual occurrence and the park police were not expecting 20 people to show up and silently dance around in the middle of the night. However, she was not breaking any laws and she certainly wasn’t terrorizing anything.

Of course, you don’t have to take my word for it because there’s three videos on YouTube that show the event in detail. This incident happens to be getting a lot of publicity because of the circumstances: a young blond woman, the Thomas Jefferson Memorial on Thomas Jefferson’s birthday, the video footage of the event, the fact that all the participants were active in libertarian politics.

If this doesn’t seem like that big of a deal to you, I am not surprised. Violations of civil liberties rarely seem like that big of a deal to the unaffected. The unaffected are, by definition, not directly affected by events like this. Mistakes are made. Police officers are human just like everyone else, but we all lose something when citizens in our country are wrongfully arrested or detained. This event may be useful in illuminating the broader point: the war on the unexpected is a massive waste of time and money — how can we fix this?

That’s certainly something to think about.

Threat Level is reporting that John McCain would continue the Bush administration’s policies of warrantless wiretapping. For the uninitiated: The NSA has conducted warrantless surveillance of Americans with the help of some telephone companies such as AT&T. I have previously blogged about whether AT&T should be retroactively granted immunity for the actions. McCain apparently now supports this type of action. McCain’s position on this topic hasn’t always been very clear. Cory Doctorow believes that this is pretty much exactly the kind of intrusion the founding fathers were hoping to avoid with that whole Constitution thing.

Personally, I think the politics are not as important as the technological concerns. Wiretapping isn’t as simple as it may seem and there are real technical challenges and security risks introduced by these systems. For example, every surveillance technique we use is a potential technique that our enemies could use against us. (The founding fathers might say that the government itself might use it against us.) For a detailed list of risks, I highly recommend reading the paper described by Matt Blaze in this post on wiretap risks.

I just ran across a post on Concurring Opinions that rocked me back in my seat. The full text of two of Dan Solove’s most popular books are now available online for free. The Digital Person and The Future of Reputation are both fantastic books. I have been meaning to reread them and get a review posted here, but one thing leads to another and this semester has become rather backlogged. However, in lieu of writing a short review that doesn’t do justice to either of these books, I will simply give them a heartfelt recommendation. Perhaps with the end of the semester rapidly approaching, I’ll be able to get a review of them up soon. In the meantime, I hope you’ll take a peek!

I previously posted my thoughts on Lawrence Lessig’s possible run for an open seat in the House of Representatives. Since that time, he has decided not to run. For those who support him and his ideas, this is actually probably the better decision in the short run. In truth, Jackie Speier probably agrees with Lessig (and vice versa) on many issues. The 12th district in California would almost certainly be electing someone that held those views. Congressman Lantos serves as some proof of that. Thus, in net, the “standard” positions would not really change all that much if Lessig were to win a seat in Congress.

However, Lessig’s time and focus would change. People of all stripes seem to agree that the only way that Congress will change is through a grassroots movement. The question is how do you start such a movement? I think people like Lessig are the answer. He (obviously) has a huge voice, and I’m not sure that getting elected to Congress would appreciably improve that voice in terms of his ability to empower a grassroots movement. He would certainly have a bigger stage, but he would also have different core responsibilities. He would have to focus on the needs of the people in his district, instead of being able to focus completely on educating people about Congress, including why change is needed and how to cause that change.

I certainly would like to see some real change in the current political process at virtually all levels. In particular, I think new ideas and new approaches are needed. Lessig has certainly been open and receptive to many of those things in the past and I would love to see him eventually get elected. Time magazine’s cover story this week is about experience and its effect on politicians. Though the article makes some great points (such as the trend that second terms in Office are usually less effective than first terms), I actually thought the follow up article on the “science” of experience was better.

There is something that I have found to be true, which isn’t mentioned in either article: creativity and experience tend to oppose one another. Perhaps this is why Lessig has been so open and receptive to new ideas. Why isn’t experience viewed as a lack of creativity? Why are people asking if Obama is experienced enough to be an effective President rather than asking if Clinton is creative enough to be an effective President? Another part of this debate that seems muffled to me is the fact that our government has a system of built-in checks and balances that should limit mistakes due to inexperience.

George Will mentioned on This Week with George Stephanopolous that Lincoln was preceded by Buchanan and succeeded by Andrew Johnson, who are generally considered to be two of the worst Presidents in history. He also pointed out that Buchanan and Johnson were two of the most experienced politicians ever to become President while Lincoln was one of the least experienced politicians. Although Will didn’t mention this in his debate, Lincoln’s entire Presidency is defined by his successes in winning the Civil War, despite having zero background in warfare. He actually ended up checking out books on military strategy from the Library of Congress to figure out how to pull the whole thing off.

Anyhow, I said that I though his decision was good in the short run, but I think it does raise a long term problem: how do you espouse change in Congress effectively while also refusing to run for it? I’m not sure how he will be able to avoid answering this question as time moves progresses. I suppose we’ll see in time.

Allison passed me a link to a video about the comparisons between Barack Obama’s campaign for President of the United States and the fictional Santos Campaign on the TV show The West Wing via email today. I have mentioned that I’m a fan of The West Wing before. I didn’t necessarily agree with the politics in the show. In fact, sometimes I strongly disagreed with them. However, the show portrayed politicians of every stripe as people who earnestly want to improve the world in which they live. Sure, they talked about the seedy side of politics from time to time, but on the whole the picture was one of politicians actively caring about the people. The American people yearn for that. This Slate V video is just another example of (in part) why Barack Obama has been so successful.