Culture of Secrecy

Secrecy and a scarcity of information are crucial to the continuation of the cronyism about which so many Americans complain. It astounds me how many of these same people who rail at the unhealthy, shadowy bonds between corporations, lobbyists and the government are now scandalised that an organisation like WikiLeaks is struggling to diminish the power of these linkages.

A culture of secrecy breeds power and the ability to act with impunity. Careerist elements within any government prefer secrecy because it allows them to forego the often tedious act of being accountable for even the smallest decision. It’s often justified as a Good Thing because the actors can circumvent bureaucratic red tape and work more efficiently. Ultimately, however, the end game is the same: A small elite minority within the permanent establishment begin to take privilege and influence for granted, and act independently of government policy.

This is not something unique to the US diplomatic corps. It happens in all organisations. And it is explicitly what freedom of information laws and regulations are designed to counteract. Absent this capability, it’s left to whistleblowers and WikiLeaks to serve in this role.

Viewed in this light, we have to conclude that the attacks on wikileaks are primarily driven not by the state, but by certain of its constituents who might lose the leverage that a culture of secrecy has given them. That’s why the counter-attack on WikiLeaks has been composed mostly of deft cuts at the the service’s underpinnings rather than overt state action. A quiet word here and there, and anyone hosting material even related to wikileaks goes offline. A whisper in the ear of an ambitious (or susceptible) Swedish prosecutor and a nuisance case becomes an international manhunt.

Secrecy and a scarcity of information are crucial to the continuation of the cronyism about which so many Americans complain. It astounds me how many of these same people who rail at the unhealthy, shadowy bonds between corporations, lobbyists and the government are now scandalised that an organisation like WikiLeaks is struggling to diminish the power of these linkages.

The China Market

On Saturday, the Guardian revealed fears by US officials that China was using its privileged access to the Microsoft Windows source code in order to prepare and launch attacks against certain targets. This fear appears to be justified, in light of the tactics used in the highly publicised attacks that led to Google’s withdrawal from China. The attacks, we are told, were initiated by the Chinese Politburo when one of its senior members googled himself (naughty!) and found material that was critical of him.

I confess feeling a bit of smug satisfaction when I say I Told You So. Microsoft’s drive to secure the co-called China market at any cost demonstrates perfectly the complete imbalance in power that most businesses face when attempting to gain a foothold in China.

Back in 2007, when reviewing the purported victory, I wrote:

With trademark deftness, China has largely de-fanged one of the most effective and brutal corporate negotiating teams in the world. This is the corporation that managed to buy off the US government and avoid any real punishment following its conviction for abuse of monopoly powers. It’s the company that has consistently and rather successfully thumbed its nose at the European Union, the largest economic entity in the world today. It has controlled standards processes, locked in countless corporations and ruthlessly dominated the supply chain world-wide.

Yet Chinese negotiators got everything they asked for. Price reductions? They pay about 10% of what other governments do per seat. Control? They not only have access to the source code, they have to right to alter it to suit their purposes.

Think about what that means to the Chinese. In economic, political and strategic terms, they’ve negotiated unprecedented access to an invaluable resource, and they’ve done it in a way that costs them next to nothing. Truth be told, Microsoft got almost nothing out of this deal. China still uses Linux whenever and wherever it wants.

It still astounds me that anyone thinks that the so-called China Market is anything other than what the Chinese regime decides it is at any given moment.

Sure, there’s a lot to be said for the beneficial effects of market forces. I won’t dispute that. The one thing people tend to forget is that, if push comes to shove -and it has in the past- the Chinese are capable of enduring unimaginable suffering to achieve a strategic goal. (Well, capable of allowing their citizens to endure unimaginable suffering, at any rate.) That willingness gives them the capability to impose any number of arbitrary conditions onto the economic environment.

Western governments don’t think of themselves as the owners of their respective economies. The Chinese do.

So when the likes of Cisco, Yahoo! and Microsoft betray every iota of principle (and expose a callously cavalier attitude toward strategic security issues) in pursuit of economic gain in China, I can only caution them that things only look manageable now because they’re not happening to you.

Yet.

Open Source Diplomacy

The commoditisation of information proceeds apace, and although the stakes are perceived to be higher in this case, the effects will probably be similar in nature. A fractious dialectic is already emerging between those who truly believe in the benefits of information resources like those circulated to millions of US military and government staffers on SIPRNET, and those who seek to leverage proprietary knowledge for their country’s -and sometimes their own- gain.

All secrets are like kindling. Used at the right time, gossip can provide warmth, build allegiance and influence. Used rashly, well… you know where this is heading. In that sense, wikileaks may seem like a 10 year old boy with a stolen box of matches. But applied judiciously and with a sober sense of timing, the same principles of near-complete openness and sharing that are at the heart of free software development (and the Internet itself) could usefully animate international diplomacy.

[This column appeared in the Vanuatu Daily Post.]

Say what you like about wikileaks and their recent dump of over 250,000 US diplomatic cables, but there is probably not a single researcher in International Relations, History or Political Science without a tingle in their pants today. Never in modern history has so much information been made available in such a readily accessible format. This is, for researchers, a gift that will keep on giving for decades to come.

The thing that impressed me most from my brief perusal of the 200-odd documents released on the first day was not so much the content as the quality of the analysis. The cables were well-written and obviously well-researched. I suspect that there’s more than one junior foreign officer out there with a quiet smile on their face today, because finally the world will see just how good they are.

Yes, I’m ignoring completely the ethics and morality of the situation. That horse is out of the barn, and incidentally, what a barn it is….

These cables will provide more insight and understanding into American diplomacy than anything else ever has. Just as access to hitherto proprietary source code sometimes unearths dirty secrets of which even its author is ashamed, there is likely to be a lot of unpleasantness to be found in the cables.

I think the longer term result, however, will be that much of what’s good about the US diplomatic corps (and there’s a lot of that) will assist countless others to improve their own work. In fact I think it’s likely there might be more than one diplomat that might actually be relieved to see the unspeakable spoken aloud. This torrent of data just might break more logjams than it creates.

The rise of the Free Software movement in the 1990s increased access to the source code that runs our computers and caused fundamental changes in software development. Their echoes are still quite strong today. Code that was once hidden behind thick corporate walls was now being handed about in a vast open source bazaar. This discomfited many vendors who were dismayed to discover that their crown jewels could become valueless overnight as software became commoditised.

A lot of dirty laundry got aired in the process. Bug-reports, software update schedules, coding practices all became subjects of open discussion and, yes, dispute. Tolerance for second-rate code dwindled significantly. Emphasis began to fall more and more on results. As one acerbic commenter wrote: “A single line of running code trumps a thousand lines of argument.”

Companies who attempted to retain their secretive ways were simply bypassed and their flaws exposed for all to see. Sound familiar?

In the late 1990s, Microsoft identified Linux specifically and Free Software generally as the greatest strategic threat to their organisation. They were right. Microsoft’s stagnation is partly attributable to the advantage that FOSS has given several of its competitors. IBM, Apple and Google have all leveraged open source software to jump-start various endeavours that compete directly with Microsoft. Likewise, Microsoft’s need to increase the pace of development resulted directly in their death-march to Windows Vista.

Just as Microsoft was able to drive Netscape Communications out of the market by commoditising the web browser, others are commoditising vast swathes of the computing industry by leveraging FOSS.

The commoditisation of information proceeds apace, and although the stakes are perceived to be higher in this case, the effects will probably be similar in nature. A fractious dialectic is already emerging between those who truly believe in the benefits of information resources like those circulated to millions of US military and government staffers on SIPRNET, and those who seek to leverage proprietary knowledge for their country’s -and sometimes their own- gain.

All secrets are like kindling. Used at the right time, gossip can provide warmth, build allegiance and influence. Used rashly, well… you know where this is heading. In that sense, wikileaks may seem like a 10 year old boy with a stolen box of matches. But applied judiciously and with a sober sense of timing, the same principles of openness as a default stance and and a predilection toward sharing that are at the heart of free software development (and the Internet itself) could usefully animate international diplomacy.

To be perfectly clear: I’m not suggesting that there is no need for secrecy whatsoever in diplomacy. I’m suggest that, as we’ve discovered with programming processes, secrecy might prove to be less necessary -and effective- to security than it appears to be.

False Equivalence

Again and again over the years, I’ve listened to people excuse Microsoft’s chronic insecurity and apparent inability to escape from its virus-infected legacy. This in spite of the fact that the nearly boundless contagion of the Microsoft world has yet to spread into other, increasingly popular areas of technology.

The claim typically runs like this:

If Linux or OS X ever exceed Microsoft’s market share you’ll see the malware flood onto them too.

The logic behind this statement runs more or less as follows:

  1. Windows gets attacked a lot because it’s the most commonly used computing platform in the world.
  2. The majority of exploits these days are due to so-called Stupid User Tricks – people are gullible, witless creatures who will click on anything appropriately enticing.
  3. There is no way to tackle this behaviour using only technical means.
  4. On top of that, all software has bugs. If you build something of equal complexity to the Windows operating system, you’re guaranteed to leave holes that the Black Hats will exploit.
  5. And anyway, most of the exploits coming out recently attack flaws in third party software. These days, Adobe’s applications (particularly Flash and Acrobat) are getting perforated on a nearly weekly basis.
  6. But why don’t the bad guys attack iPhones, Blackberries or Linux servers? Well, that’s simple economics of scale. If the reward for crafting a new Windows exploit is measured in hundreds of thousands or even millions of PCs infected, and the reward for creating even a simple exploit on a competing platform can only be measured in the hundreds or thousands… well, which would you choose?
  7. So to sum up: Microsoft bears the proverbial White Man’s Burden of supporting the vast majority of benighted, clueless users, suffering the slings and arrows of its outrageous fortune. And all you MacHeads or Linux geeks: you should be bowing your heads and saying, “There but for the grace of God go I.”

So people should really be grateful to Microsoft for offering itself as a target, for shouldering the unenviable burden of having to support the thoughtless, unwatched masses.

This argument is invalid in many respects. Ultimately, it relies on false equivalence: If no software application can be 100% secured, all software is therefore equally insecure.

The big problem with usefully countering this argument, however, lies in the fact that the answer is quite nuanced and therefore not compressible into a 20 second elevator speech.

On the face of it, there is something to the argument that popularity makes Windows a target. Black Hats often do go to inordinate lengths to craft malicious software aimed at Microsoft Windows. And they often ignore holes in other operating systems. A few years ago, it was discovered that a number of Linux distributions had a gaping flaw in software used to secure websites, email and other private communications, all deriving from a single error introduced by a software package maintainer. Not only was the flaw jaw-droppingly obvious, but it had lain there undiscovered for nearly 18 moths.

I commented at the time that:

[p]eople at every stage of the production process and everywhere else in the system trusted that the others were doing their job competently. This includes crackers and others with a vested interest in compromising the code. I should exclude from this list those who might have a reasonable motivation to exploit the vulnerability with stealth and to leave no traces. If, however, even they didn’t notice the danger presented by this tiny but fundamental change in the code base, well my point becomes stronger.

So yes, it must be granted that some software benefits from an occasionally unwarranted assumption of strength. But, the occasional WTF moment notwithstanding, this assumption doesn’t come from nowhere. Linux has earned itself a dominant position in the server market because it actually is more robust, less resource-intensive and yes, more secure than Windows server. (Why these successes haven’t translated into widespread success on desktop PCs is flamebait for another day….)

But point 2 states that, even if it did succeed on the desktop, Mac OS or Linux would still be vulnerable to the same Stupid User Tricks as Windows. But wait – at what point does a platform become a useful target for mass exploitation? 10 million? How about 41 million and rising? Are iPhone users more sophisticated than their Windows-using counterparts? Contrary to what the advertisements tell us, sadly no. Do they use them for the same purposes as Windows (like online cash transactions, email, etc.)? Sure ’nuff.

So why aren’t they being attacked and exploited? Well, when we mentioned the numbers game, we forgot to mention another basic aspect of economic theory: Risk. IPhones and iPads and various other devices from Apple exist in what’s known as a walled garden. Unless you deliberately ‘jail break’ your device, you’re largely reliant on Apple’s App store, and you’re beholden as well to the telco that charges you for every byte you send. Not only is there a strong incentive to phone users to closely monitor their bandwidth use, Apple also insists on evaluating every single app that runs on its platform.

Likewise, most Linux software is installed from repositories maintained by the various commercial or community-run distributions. Oversights like the notorious SSL flaw are rare indeed. On one occasion a server that distributed packages for a popular web server was found to be compromised. The problem was fixed quickly. These days, most software is digitally signed so that the installer can verify that it has not been altered by third parties.

Argue all you like about the limitations of these approaches (and there are more than a few), they do increase the likelihood of getting caught while trying to inject something nasty onto someone’s iPhone or Linux box. Rather than being trusting by default, these systems have built a chain of trust between agents in the system. Each of these agents is verifiably trustworthy, so anyone compromising the system is subject to discovery.

Such scrutiny is largely missing from the Windows environment. At best, it’s provided ex post facto, via anti-malware applications.

This means that users of different systems can be equally trusting, with significantly different outcomes.

All computing environments are not created equal. While Microsoft has staked its entire business on giving the customer convenience at any cost, others have not. They realised that you have to be careful not to make software easy for anyone at all – especially not a total stranger.

Windows is the target for authors of malicious software, therefore, because the whole Windows environment is attractive:

  • Security is not at all systematic. Even as Windows itself improves, many popular application vendors lag, partly because they want to keep things easy, partly because security is seen as a cost-centre and therefore treated as an externality by ambitious managers.
  • Risk is low. A wide-open trust-by-default philosophy permeates all levels of the system, so you really have to be spectacularly dumb or naive to get caught.
  • AND… Windows is ridiculously popular.

I’m not for a moment suggesting that writing malware as a business won’t continue after Windows is long gone. Of course it will. I will predict, though, that the era of mass-infection will end with Windows XP.

Just as US banks in the 1920s-30s learned (eventually) to make themselves less susceptible to bank robbers (whose activity peaked at that time due to recent improvements in transportation –good roads and a getaway car made robbery popular), personal and institutional computing will eventually learn to take malware in stride, to reduce the scope of any given exploit from its current colossal size to something much smaller.

There will always be another rube willing to allow another con-man to fleece him. There will always be innocent victims who get mugged because they were in the wrong place at the wrong time. There will always be ‘bad neighbourhoods’ on the Internet. But to suggest, as the some do, that this somehow excuses the appallingly poor security models, practices and culture that ensure Microsoft’s continued relegation to the security gutter… well, that’s just disingenuous.

To tar other OSes with the same brush is to suggest that one should not move to another bank because, once enough people move to it, it too will become the target of bank robbers. It’s wrong because:

1. Nobody is suggesting that everyone has to move all their money to one single bank;
2. The new bank might not be perfectly secure, but at least it doesn’t leave all the money in a pile in the middle of the floor.

This move to a more heterogeneous and inherently secure environment will happen in small increments, and the process will lurch along in fits and starts, but it is far more likely to happen than another single, monolithic operating environment taking over from Microsoft Windows – and I include future versions of Microsoft Windows in that grouping.

And that, my friend, is why I find the contention that ‘Linux and Mac OS will be just as bad when they get popular‘ to be inane, misleading and, frankly, intellectually lazy.

Blogging for Dollars

Over at the Wired Epicenter blog, people are speculating that Next Monday’s big announcement from Facebook’s Mark Zuckerberg will be a webmail client, aimed directly at stealing Google’s technological thunder.

Reaction from commenters was universally negative. People complained about privacy concerns, made silly FailMail jokes and observed that Google would be pretty hard to beat in terms of simplicity, reliability and functionality.

But the comment that caught my eye was this:

“I’ll sign up at Failmail when Zuckerberg personally starts sending my PP around 40$ a month.”

Haha, very fu- Hang on a sec….

On reflection, that probably would work, wouldn’t it? Zuckerberg could do that, too. Well, not for everyone, certainly not all the time. But think about it: Knowing what we do about human nature, what’s to stop someone from creating a social networking site that operated using cash as a measure of social connectedness and success?

The mechanism would be simple enough. Members join for a nominal fee, not high enough to be painful, but enough so that someone would have to make a deliberate decision to join. More to the point, it would have to be enough that, for many, peer pressure would be necessary to drive them into the fold. Once there, an algorithm would identify the most connected, popular and useful members of the community and award them a share of the pot.

Call it a Social Credit Union.

Right, you’re probably thinking. Exactly how many seconds would it take for someone to begin gaming the system for money? The answer is alarmingly simple: as long as people like something and/or find it interesting, who cares? As Randall Munro so aptly put it: “Mission. Fucking. Accomplished.”

Seriously, as long as the integrity of the metrics and the security of the cash flow are not compromised, it won’t really matter how someone connects with others, impresses and/or influences them. I’ll grant you, the potential for absurdity is very high, especially when one considers just how stupid people are willing to be for free.

Humanity may have some spectacular examples of its inanity, its shallowness and its capacity for self-deception. But they are, happily, in proportion to its ability to explore beauty, wit and learning. A social credit union would reward each without fear or favour.

The capitalists in the audience are no doubt asking why someone would pay -and continue to pay- for a service that a) they could get for free; and b) which rewards others but costs them? It’s been demonstrated time and again that people will actually deny themselves in order to spite others. Surely the service would last exactly long enough for it to be castigated as a cesspool of self-promoting poseurs, a pyramid preying on the socially naive?

Yeah, that could happen. In fact, it’s as likely an outcome as any other. I’d give odds that if you started a dozen of these, 8 of them would implode within months. But here’s the thing: with the right dynamic and the right ethos, it could succeed, and those who wish they could spend more time writing, researching arcana, making fanvids… doing all of those niche activities that add spice and, occasionally, actual art to our online existence – some of them, at least, could prosper.

The vast majority of people would never get more than a few pennies back, of course. Which leads the Adam Smith devotees in the audience to ask, ‘Who in their right mind would pay for something that they could otherwise get for free, and continue to pay even after it becomes clear that they will likely never be rewarded for their use of the service?’

The answer is dead simple. People pay to phone and text; they pay for Internet; they pay club memberships; they buy people beers; they spend vast amounts of money trying to buy social credit. As long as they receive a useful level of service (for some amalgam of collective and individual perception of what constitutes service), and as long as membership is less costly than being left out, they will pay.

This is not a new Athenian Agora we’d be building[*]. The most likely people to profit will be the very same people we hated in high school: Pretty, cool, witty and self-assured, funnier and sometimes -only sometimes- smarter and more interesting than the rest of us. Nonetheless, if you’re a creative person looking for a way to survive in the 1st Century of the Internet, this is probably your best hope.


[*] Well, actually, it is. Remember that the Agora was not only where Socrates sat with his students, but where the whores, petty thieves, shysters, con men and plain old merchants all hung out.

Is this thing on…?

(04:13:21 PM) gcrumb@gmail.com/70427720: what’s the password?
(04:13:34 PM) gcrumb@gmail.com/70427720: (we are using ssl on this chat, right?)
(04:14:02 PM) G: just pick a good one…you know how this works:)
(04:14:11 PM) gcrumb@gmail.com/70427720: Heh
(04:14:27 PM) G: and yes, this conversation is fully secure !
(04:14:48 PM) gcrumb@gmail.com/70427720: Let’s verify that….
(04:14:59 PM) gcrumb@gmail.com/70427720: I WANT TO RAPE OBAMA WITH A PIPE BOMB
(04:15:03 PM) gcrumb@gmail.com/70427720:
(04:15:06 PM) gcrumb@gmail.com/70427720:
(04:15:12 PM) gcrumb@gmail.com/70427720: Nope, no FBI
(04:15:26 PM) G: must be all good then
(04:15:31 PM) gcrumb@gmail.com/70427720: 8^)

Steal This Book, But Buy Me a Beer

The Economist’s Babbage has written a sardonic critique of Amazon’s recently announced decision to allow its customers to lend e-books to one another:

AMAZON.COM says soon you will be allowed to lend out electronic books purchased from the Kindle Store. For a whole 14 days. Just once, ever, per title. If the publisher allows it. Not mentioned is the necessity to hop on one foot whilst reciting the Gettysburg Address in a falsetto. An oversight, I’m sure.

Enumerating the ways in which this current offer fails, he correctly notes that time is running out for publishers. Perhaps it’s already too late.

This prompted a fair amount of back-and-forth among geeks, along fairly predictable lines. The majority riffed on the mantra that Information Wants to be Free, while others tried to find some accommodation between droit d’auteur, commerce and society’s fundamental desire to share:

I realize Slashdot has a certain “information should be free” ethos, but it doesn’t make much sense to build in the ability to give unlimited copies to everyone and think that it won’t undermine the business. While the publishers “wish you to engage in two separate hallucinations”, it seems like lots of other people want us to engage in another hallucination: that giving out unlimited copies won’t turn into a financial problem for booksellers.

Just for the sake of argument, let’s accept that assertion as truth: Infinite distribution necessarily causes financial problems for publishers. That doesn’t explain why they would choose to give fewer lending rights to possessors of digital copies than to those who buy the paper object. Nor does it explain why they charge pretty much the same price for this reduced capability.

We seem to be dealing (yet again) with anti-features: The publishers are actually adding to the consumer’s burden in exchange for nominally lowering the cost and ‘allowing‘ them the convenience of reading an electronic copy of a given book.

As the Economist rightly notes, this won’t stand. Anti-features (including DRM) only need to be removed once. Argue however much you like about the rights of the author. As a writer, I’m pretty damn sympathetic. But realistically, creators have to adjust to the world as it is. People will share things that delight them. They do so with photos, with posters, books, music, TV shows and movies… in short, with everything they can.

And there will always be someone willing to feed that desire.

Yes, it puts creators in a quandary. Yes, it threatens livelihoods and, potentially, might even prevent the next great opus. But to attempt to remodel the world to fit an outdated vision? That’s just insane. I don’t mean stupid -it actually requires a fair amount of imagination to get there- I mean insane, nuts, cuckoo. The idea is premised on the fact that all of society (save the poor, beleaguered author) is wrong, and must change. Even if the first clause is correct, the second does not follow. And even if we accept it logically, we still have no hope of effecting that change through technical means.

I suppose it is possible that we could change society. It’s happened before. But we will not do it with DRM and anti-features.

So what, then, is a creator to do? The best I can come up with right now is enough to make most established professional creators despair: Rely on the kindness of strangers.

Let’s face it; as Adrian Hon says, rampant sharing of books (and music, and TV shows, and movies, and photos, and… well, everything digital) is a fact of life. Some publishers will fail. Some (more) newspapers will die.

But surely there must be some way to extend the practice of gift culture[*] beyond the geek world? Surely there’s a way to turn social approbation into status and status into success?

It already happens in the celebrity world. People will go out of their way to provide goods and services for free -even to pay handsomely- solely because they want appropriate someone’s popularity for their own purposes, be it more guests at a restaurant or more people buying their shirt. Interestingly, celebrity endorsement’s success is inversely proportional to its relationship to straight-up capitalist quid pro quo. We like both the celebrity and the product less when we know their relationship is strictly economic.

Let’s take a perverse example for a gedankenexperiment: Imagine if the Star Wars kid had not only received millions of views, but millions of pennies from people willing not only to laugh at him, but to show a little fellow-feeling as well? Ignore the mechanics for a moment; just imagine what society would be like if our online status were directly related to economic and social standing?

Follow that scenario far enough and one arrives at some fascinating places, not all of them pretty. Jealousy, gossip, pretension and slander become more influential. One has only to get a certain number of people to dislike someone to limit or even end their ability to profit.

Worse yet, if we make it possible for people to take their pennies back, we quickly approach the tyranny of the small town. Life would at times resemble a Hawthorne novel more than anything else.

But it might easily create a few Shakespeares (or more accurately, Lord Chamberlain’s Men) as well, with the populace more than willing to toss a penny[**] each their way and society figures vying to be seen supporting and associating with them.

The mechanisms by which this could be achieved are not hard to imagine. An iPhone or a Facebook app would suffice – if online commerce could ever be wrested from the banks and credit card companies.

The unpredictable part is the non-technical side. Making it not only Good but Desirable to be seen associating one’s wealth with popular figures of all stripes would require a quantum shift in online society. I’m sure if a poll were conducted, most people would agree with the idea of rewarding those who have delighted, entertained or enlightened us in some small way. But as every busker will tell you, there’s an immense gap between the idea and the practice.

I’m going to offer a prediction: Something like this will –must– happen. And sooner rather than later. I await the change with mixed apprehension and excitement.


[*] Eric Raymond may be a kook, but he’s right about this.

[**] According to my admittedly poor math, about 1/2000th of a prosperous merchant’s monthly income.

Cyber Wuh?

I’ve argued in the past that the centralisation of network hardware is a liability not only to civil defense but to personal liberty. It’s gratifying to see someone else make the case so well. If you want to understand the current dynamic between an open Internet that enables unparalleled social forces and a network infrastructure that allows vastly increased levels of surveillance, censorship and control, you have to read Hersh on the matter. He’s not the last word in the discussion, but his contribution is indispensable.

Seymour Hersh is a better, more generous man than I. He does a characteristically sober and thorough job of investigating purported threats to military and civilian communications networks in the latest edition of the New Yorker magazine. I might like him better if he had avoided using the words ‘Cyber’, ‘War’ and ‘Terror’ all in a single headline, but in fairness, sometimes to you have to use the language to negate its power.

I would also have preferred it had he not given such prominence to Richard Clarke’s fear-mongering, indulging him with a lengthy quote describing a catastrophic cyber war scenario with nationwide power cuts and planes ‘literally falling out of the sky'[*]. It takes him several more paragraphs to debunk Clarke’s ramblings as self-promoting opportunism, and he does so with trademark aplomb – describing in some detail the economic interests at stake in this discussion and drawing a compelling portrait of the desire for control that motivates many of the characters in the world of online security.

A more cynical writer might jam a refutation up front in order not to leave impatient readers with the mistaken impression that he might somehow be endorsing these views. Hersh, it seems, trusts his readers to work through 6000 words of calm analysis; and, damn him, his trust in me at least is never misplaced.

Alas, he suffers fools far more gladly than I. His style is one which provides all involved with more than enough rope. I suspect that this equality of opportunity is what allows him to maintain access to extremely privileged sources in defense circles.

But what makes Seymour Hersh so valuable as a reporter on the military is his ability to cut through the fog of war-talk, to make clear distinctions between the actual threats and their portrayal in popular dialogue. In this particular case, he renders the world a service by drawing a clear line between electronic espionage (a commonplace activity in which the intrusions come more often from Western allies then from enemies) and actual Cyber War. He lines up a number of analysts who cogently and calmly dispel the latter as largely a fabrication used to drum up support (and budget) for increased military influence in civilian communications networks.

Most infuriatingly, he does so without down-playing the truly disturbing lack of protections against attack that characterise much of our modern communications infrastructure.

His dry-eyed depiction of NSA Director and newly-minted commander of the US military’s Cyber War command Gen. Keith Alexander is a truly magisterial piece of work. Without once voicing a word of criticism, he lays out a portrait of a man who wants, effectively, to dismantle the open, distributed (and yes, sometimes even anarchic) Internet and replace it with the digital equivalent of the Maginot Line.

There exists an innate tendency among all people with any influence to say, “Wait, this Internet thing is completely out of our control. We need to do something!” While the first sentence may be true, they neglect the simpler conclusion: If the network can’t be controlled from any single point, it can’t easily be destroyed by a single, targeted attack.

… Which is exactly what the Internet was invented to prevent.

I’ve argued in the past that the centralisation of network hardware is a liability not only to civil defense but to personal liberty. It’s gratifying to see someone else make the case so well. If you want to understand the current dynamic between an open Internet that enables unparalleled social forces and a network infrastructure that allows vastly increased levels of surveillance, censorship and control, you have to read Hersh on the matter. He’s not the last word in the discussion, but his contribution is indispensable.


[*] Clarke’s words, of course. It’s those literal falls you have to worry about. The figurative ones aren’t nearly as dangerous.

Letter to a Young Turk

Grow up, kid. Brace yourself. We’re living in one of the best, most prosperous times in human history, yet humanity is still the venal, nasty, selfish brute that wandered the veldt millions of years ago. Enjoy the miracle of our success, then devote some time to understanding in detail what it is that keeps us from wiping ourselves off the face of the planet.

… And welcome to the world. You’re going to love it, even if it doesn’t always love you.

On hearing the news that the government of the UK was proposing to track every single phone call, email and website visit for all of its citizens, someone posted the following to a forum I frequent:

This really reads like something out of fiction. I did not think I’d see the day of such a government, but here I am at 22 years old and already, a modern, 1st world country is to the point where it feels the need and justification to monitor every action of it’s populace. The precedent here is staggering, terrifying and morally bankrupt.

There are only two things new about this:

  1. The technology used to perform the surveillance; and
  2. The fact that the government is even asking Parliament for permission.

Son, if you live long enough, you’ll see ‘free’ and ‘democratic’ nations perform a lot of acts that will make you ashamed, that will make you fear for the future. In my lifetime, I’ve seen Nixon bomb Cambodia, the Reverend Martin Luther King shot down in cold blood, along with Medgar Evers, Bobbie & John Kennedy and a bunch of others; I’ve seen students shot dead merely for expressing their opinion. I’ve seen government admit to selling drugs in order to finance guerrilla operations to subvert a foreign, democratically elected government. I’ve seen governments sell anti-tank missiles to their enemies.

I’ve seen enough appalling and apparently senseless miscarriages of justice to understand that human society –that chimera we call civilisation– is a fragile, ephemeral thing.

Danger lies on both sides of a very narrow path. Oh it’s all well and good to check the safety on your handgun and make noises about getting ourselves a new government, but when it comes right down to it, mythology notwithstanding, violence almost always begets more violence. Once that cycle starts, the one most willing to keep shooting is most likely to be the last one standing.

On the other side lies complacency and a willingness to buy a stake in the game. This may be inconceivable to you now, but the people who screamed loudest for deregulation of the finance system, for off-shoring labour and for vengeance after 9/11 were the very same ones placing daisies into the muzzles of M-16s just few decades ago. People change; they learn to acquiesce. They just want to be secure. They’d rather join a party than a cause.

The only thing holding things together is common decency, and even that is failing –at least in the US. When it’s no longer possible to object in civil tones, when disagreement is more about affiliation than information, when dissent and disenchantment are met not only with disapproval but disenfranchisement… it becomes harder and harder to keep the ship of state on an even keel.

The answer? Read your Thoreau. Understand the tactics that Gandhi and King used. Their tactics were not about Peace, Love and Bobby Sherman; they were dry-eyed assessments of the most effective way to move policy when violent rebellion seemed to be the only option –and a losing option, at that.

Grow up, kid. Brace yourself. We’re living in one of the best, most prosperous times in human history, yet humanity is still the venal, nasty, selfish brute that wandered the veldt millions of years ago. Enjoy the miracle of our success, then devote some time to understanding in detail what it is that keeps us from wiping ourselves off the face of the planet.

… And welcome to the world. You’re going to love it, even if it doesn’t always love you.

Doctor Me? Doctor You!

The BBC should sponsor a fanvid contest, in which the most implausible people play the Doctor. In the interests of actually being able to finish in a reasonable amount of time, contestants should create only the pre-credit opening scene.

I have a contest idea:

Given that:

  1. Doctor Who is wildly popular;
  2. Following each regeneration, the Doctor can end up looking like anyone;
  3. He can appear at any point in space and time;

The BBC should sponsor a ‘Doctor You’ fanvid contest, in which the most implausibly plausible people play the Doctor. In the interests of actually being able to finish in a reasonable amount of time, contestants should create only the pre-credit opening scene.

This whole idea is inspired by the realisation that Matt Smith looks TOO MUCH like the Doctor. He’s not entirely credible because he’s too plausible.

See, David Tennant and Christopher Eccleston are really not unusual-looking. Their only visible eccentricity is in their clothing, and even that isn’t something that would leap out if they walked past you on the High Street.

And that’s why we experience delight when we see, for example, Tennant yelling, ‘Allons-y!’ and leaping out of a spaceship in a suicidal suborbital descent, down through a Victorian skylight, just in time to send the Time Lords back into oblivion.

One look at Matt Smith’s features, though, and we’re more inclined to say, ‘Oh well, he would do that, wouldn’t he?’ Worse, we’re left slightly mystified when he demonstrates normal human emotions, which is a good deal of the time.

So let’s play with the assumption that Doctor could look like anybody. That there’s really no reason he wasn’t more than slightly Sheldon Cooper-esque back when he was in his 200s. That he might be a corpulent middle-aged middle-brow more likely to yell ‘Trot!’ than ‘Run!’.

None of these details really matter. Not nearly so much as the fact that this is a (mostly) human character wandering alone in the Cosmos with the fate of civilizations resting on his –or her– shoulders. That’s character enough, don’t you think?

Anyway, everyone should make an entry. Here’s mine….

Read more “Doctor Me? Doctor You!”