Walking The Beat

Dan McGarry

[Originally published in the Vanuatu Daily Post’s Weekender Edition.]

On Tuesday the Daily Post published a Pacific News Service article about the Project Wickenby debacle, in which Vanuatu-based members of the Australian Federal Police raided four local financial institutions for evidence of misdeeds by Vanuatu citizen Robert Agius.

The raids raised a storm of controversy concerning the right of the AFP to conduct such operations on Vanuatu soil, and raised questions concerning their treatment of a Vanuatu citizen.

Politicians, chiefs and private citizens all expressed dismay at what they perceived as an assault on Vanuatu sovereignty by a ‘bullying’ Australia, who some claimed abused its status as a primary aid donor to leverage the complicity of the Vanuatu government.

The PNS story largely recapitulates these much-discussed events. But it’s noteworthy because it contains the first public response from the commander of the Vanuatu detachment of the AFP’s transnational crime unit in Port Vila.

These comments demonstrate a fundamental failure to understand the dynamics of the situation in Vanuatu. Worse, due to unfortunate phrasing, they appear to hold community values and approaches in low regard.

Some will take this as a reason to remain silent on contentious issues. A more appropriate response to this would be more, not less, communication.

Read more “Walking The Beat”

Strange Bedfellows

Dan McGarry

[Originally published in the Vanuatu Daily Post‘s Weekender Edition.]

Modern Vanuatu society expresses its values three ways: through kastom, the law and the church. If we reflect honestly on each of them, we have to admit that not one is ideally implemented. Nonetheless, each is inextricably woven into our identity, and thus bound to the other two.

It’s sometimes tempting to think about the tension between each of these influences in exclusive terms, to assume that certain things belong in one domain and therefore not in another. When the chief, the policeman and the pastor don their respective robes of office, we think we see a clear distinction.

But as with all things, the differences are far clearer in the abstract than in real life.

Read more “Strange Bedfellows”

Whose Success?

Dan McGarry1 Comment

[This week’s Communications column for the Vanuatu Independent.]

I don’t often talk about my motives. Newspapers, in my opinion, make lousy confessionals. I’ll make an exception today, because it helps make a point.

I recently experienced a curious moment. I’d spent a sunny Port Vila Saturday at the office catching up on email, news and whatnot. There were a couple of stories in the local newspaper about communications companies setting up shop here, there was a link to a story about ‘eternal’ airplanes – unmanned spy planes that never have to land. There was a story about spy agencies listening to our Skype calls. One about radio tag implants for everyone, so we can be tracked more easily.

I locked my screen, turned off the lights, and headed out of the office. The sun was westering, drifting almost level with the bay. An acquaintance happened by and invited me for coffee.

I found myself curiously disoriented. It’s happened before, and will no doubt happen again. In the course of a few steps, I’d traveled from an echoing data chamber to a sleepy village where strangers don’t exist.

Read more “Whose Success?”

Adventures in Paradise

Dan McGarry1 Comment

The rain drives the tourists off the sidewalks, diminishes the Pacific to a neighbourly size, and melts all my plans like ice cream.

I open the paper and read a wandering, questing letter about the ‘beautiful, innocent people of Vanuatu‘, and ache a little because it’s so nearly true.

In the wall-high mirror, a woman spins her Mickey Mouse umbrella, angles it into the wind, and passes the doorway humming. Her vibrant purple and white island dress is garlanded with ribbons and bows.

An obese Hyundai motor coach lumbers to a halt beside the cafe. Emblazoned in heavy capitals along its side: ADVENTURES IN PARADISE. There is no one on board.

I wrote those paragraphs back in 2003. I’d just arrived in Vanuatu, and was trying to express my first inklings of the nature of the people and the place.

The beauty of Vanuatu and its people has worked itself into the very fibre of my being. The ability to remain gracious and smiling through the most arduous circumstances, to snap out a bawdy joke without missing a beat, to remain impassive in the face of gross affront – these aspects of the national character have impressed, confounded and ultimately seduced me.

But this is no one’s Paradise. Nor will it ever be.

Read more “Adventures in Paradise”

Universal Access

Dan McGarry1 Comment

On Wednesday of this week, Minister Edward Nipake Natapei and Australian High Commissioner John Pilbeam jointly announced the creation of a telecommunications Universal Access Fund. Designed to ensure that communications services reach all parts of Vanuatu, the fund was rolled out with an initial contribution from AusAID of 215 million vatu.

The idea is to allow market forces to work in the vast majority of the country, providing mobile telephone services on a for-profit basis. Digicel’s license terms state that it must make its service available to 85% of the population.

Mobile telephone service costs are tiny compared to traditional land lines. Infrastructure is minimal, and it’s not as susceptible to damage by the elements. Digicel is confident that it can profitably provide services over such a wide area. They’re so confident that they’ve ponied up a significant chunk of cash as a performance bond.

In time we’ll see TVL and smaller, ‘boutique’ operators entering these once marginal markets as well. But there will always be areas in Vanuatu that simply can’t be serviced profitably. This is where government enters the scene. They’ve designated a basket of money that will ensure that everyone from Aneityum to the Torres islands has access to mobile phone services.

Read more “Universal Access”

Kastom & The Law: Worlds Apart

Dan McGarry3 Comments

It’s hard to decide whether our comprehensive understanding of the causes of crime should be cause for joy or despair. If we see so clearly what needs doing, why don’t we do it?

(Originally published in the Vanuatu Daily Post‘s Weekender Section.)

Last week’s summit on crime at the University of the South Pacific produced many useful recommendations. Perhaps too many.

The recommendations emerging from the 3 day workshop covered an immense scope: Law enforcement, the judicial and penal systems, the role of chiefs, social justice, ethics and civics education as well as employment were all identified as areas where conditions must improve in order to alleviate crime.

It’s hard to decide whether our comprehensive understanding of the problem should be cause for joy or despair. If we see so clearly what needs doing, why don’t we do it?

Allow me to offer an unwelcome answer: We don’t do anything because we as a society don’t want to.
Read more “Kastom & The Law: Worlds Apart”

Trust Works All Ways

Dan McGarry

Over the weekend, I’ve been thinking about last week’s disclosure concerning Debian’s OpenSSL package, which in effect stated that all keys and certificates generated by this compromised code have been trivially crackable since late 2006.

There’s a pretty good subjective analysis of the nature of the error on Ben Laurie’s blog (thanks, Rich), and of course the Debian crew itself has done a fairly good job of writing up the issue.

The scope of this vulnerability is pretty wide, and the ease with which a weak key can be compromised is significant. Ubuntu packaged up a weak key detector script containing an 8MB data block which, I’m told, included every single possible key value that the Debian OpenSSL package could conceivably create.

The question that kept cropping up for me is: This one-line code change apparently went unnoticed for well over a year. Why is it that crackers and script kiddies never found it and/or exploited it? Numerous exploits on Microsoft Windows would have required far more scrutiny and creativity than this one. Given the rewards involved for 0-day exploits, especially in creating platforms for cross-site scripting attacks, why is it nobody bothered to exploit this?

My hypothesis – sorry, my speculation is this: People at every stage of the production process and everywhere else in the system trusted that the others were doing their job competently. This includes crackers and others with a vested interest in compromising the code. I should exclude from this list those who might have a reasonable motivation to exploit the vulnerability with stealth and to leave no traces. If, however, even they didn’t notice the danger presented by this tiny but fundamental change in the code base, well my point becomes stronger.

The change itself was small, but not really obscure.  It was located, after all, in the function that feeds random data into the encryption process. As Ben Laurie states in his blog, if any of the OpenSSL members had actually looked at the final patch, they would almost certainly have noticed immediately that it was non-optimal.

In all this time, apparently, nobody using Debian’s OpenSSL package has actually (or adequately) tested to see whether the Debian flavour of OpenSSL was as strong as it was supposed to be.  That level of trust is nothing short of astounding. If in fact malware authors were guilty of investing the same trust in the software, then I’d venture to state that there’s a fundamental lesson to be learned here about human nature, and learning that lesson benefits the attacker far more than the defender:

Probe the most trusted processes first, because if you find vulnerabilities, they will yield the greatest results for the least effort.

P.S. Offhand, there’s one circumstance that I think could undermine the credibility of this speculation, and that’s if there’s any link between this report of an attack that compromised not less than 10,000 servers and the recent discovery of the Debian OpenSSL vulnerability.

You Get What You Pay For

Dan McGarry1 Comment

(Originally published in the Vanuatu Daily Post‘s Weekender Section.)

Since the Australian Federal Police brought Project Wickenby to Vanuatu with the arrest of local resident Robert Agius and raids at PKF House and elsewhere, people here have been outraged over what they characterise as Australian arrogance. Australia, they charge, feels it’s bought the right to act as it pleases here. By making the government of Vanuatu dependant on their money and advisors, many argue, Australia has subverted Vanuatu sovereignty and now operates as it pleases here.

Mr. Agius stands accused of funneling about $100 million into Vanuatu as phony consulting fees. Prosecutors claim these fees – minus a commission for Mr. Agius – were then sent back to Australia as loans. The loans’ tax-free status allowed participants in the alleged scheme to avoid paying as much as $13 million in taxes.

News reports indicate that Mr. Agius is accused of having earned about $1.4 million from his involvement in this scheme.

The Agius affair is treated as a business story by Australian news sources. The contrast with how it’s reported in Vanuatu could not be starker. Mr. Agius’ guilt or innocence is secondary in the local narrative. This is, above all, a story about Vanuatu’s sovereignty, or lack thereof.

Read more “You Get What You Pay For”

Kastom in the Virtual Nasara

Dan McGarry

In Vanuatu, Kastom takes a lifetime to learn. More complex than any set of laws, it’s a tightly woven fabric of behaviour that is in a constant state of redefinition. Defined by respect and mutual support, it is measured and arbitrated by our chiefs and enforced by the community as a whole. It is at once amorphous and innately understood.

Although it manifests itself differently from one island to another, the importance of one’s name is integral to finding one’s place in local kastom. Indeed, the highest honour an expat can earn in Vanuatu is to be given a name. A naming ceremony implies the attainment of (usually honourary) chiefly rank. One’s name, in short, is the ultimate expression of one’s place, standing and role in the community. It conveys the very essence of its bearer.

Practices vary from island to island, but choosing – and using – a person’s name is rife with overtones about one’s relation to others. Expats are often confused, and sometimes amused, by most ni-Vanuatu’s unwillingness to address others by name. People are instead referred to in terms of their familial relationship to the speaker. Where relationships are unknown or ambiguous – between strangers, for example – a local default usually exists. It’s common to be addressed as ‘tawi’ in Tanna, though strictly speaking that would make you the person’s brother or sister in law. In a delightful example of linguistic drift, young women in North Malekula are almost universally addressed as ‘uncle’.

So why, when names possess such a strong tabu here in Vanuatu, do we put no stock at all in how Vanuatu’s name is used on the Internet?
Read more “Kastom in the Virtual Nasara”