Amid the flood of profound, pseudo-profound and posuer-profound writings that
have found their way- like so many thrice forwarded bad jokes or internet
chain letters- to me since Tuesday, Charles Platt's work "The Enduring Power
of Stupidity" clarified quite a number of things, at least to my way of
thinking. Though perhaps not for the reasons Platt intended the work gelled
some number of thoughts many of which had been rattling around for some time.
"There are two basic forces in the world..." Platt begins, "Intelligence and
stupidity. Human intelligence generally is creative, and has the potential to
enhance our lives. Stupidity almost always is destructive." I immediately
thought of the phrase "If we make this idiot-proof they will simply design a
better idiot." Hold that thought.
High Concept, Low Tech
"High Concept, Low Tech" is a term that has been tossed around quite a bit
lately. What is interesting to me is that the asymmetric attack on Tuesday
was not by any understanding "High Concept, Low Tech,"as is being repeatedly
reported by this or that expert. Quite the reverse. It was precisely
because- at least partly because- the 757s/767s piloted by our most recent
madmen
of note were extremely sophisticated that the attack was so successful. A
number of factors came into play here. Firstly, though an expensive- relative
to most like operations- attack to implement, both financially and temporally,
the
operation as it was mounted on the 11th was far cheaper because of the simple
ease with which 757s and 767s are flown, at least once aloft. As of Tuesday
fly-by-wire is to "terrorists" what Perl is to script-kiddies. Inevitably as
technologies enable humans to move more metal and petroleum tubes faster,
further and higher with less brain work, less training and less expertise than
the day before... well, more potential energy, less brains equals higher risk.
This "black box syndrome" means that a housewife behind the wheel of a Volvo
can effortlessly brake like Schumacher. It means that Bob Smith can hurl
412,000 pounds of metal and fuel at a building- and it
is only going to get worse.
In April of 2000 Bill Joy wrote an article in Wired that has always frightened
me a little. Chief among his comments:
The 21st-century technologies - genetics, nanotechnology, and robotics (GNR) -
are so powerful that they can spawn whole new classes of accidents and abuses.
Most dangerously, for the first time, these accidents and abuses are widely
within the reach of individuals or small groups. They will not require large
facilities or rare raw materials. Knowledge alone will enable the use of them.
Mr. Platt, unwittingly I think, invokes Joy in his article. "Ultimately
computational power should enable us to manipulate matter itself," says Platt,
"...enabling a new era of unlimited wealth while eliminating side effects such
as pollution and global warming." But, Platt points out, "On Tuesday I saw
that stupidity still trumps intelligence."
I fear Platt is right. I fear Joy is right. The inevitable march of
technology puts more in the hands of the few faster and faster. Black arts
are fewer and farther between. Cryptography is a prime example. Publishing a
second. Biotechnology an emerging one. In all of these disciplines what was
once the bastion of a few dedicated researchers or government types has been
shattered by tools that now create a universality that increasingly becomes
disturbing to contemplate. As force multipliers approach an individual as an
acceptable seed value, controls approach impossibility and risk increases
geometrically. From the crossbow to the handgun to the semi-automatic rifle,
individuals increasingly have more and more power to destroy. A single
twisted mind suddenly has the power to suffocate, blind, destroy, kill, maim
hundreds or thousands or hundreds of thousands. The only challenge today is
to find the right context. In a crowd an expert with a handgun can probably
kill or severely wound 10-15 people with some effort. On an airliner an idiot
with a handgun can kill 300 with no effort. A few moderately intelligent and
directed individuals with third rate edged weapons can kill thousands and
simply erase tens of billions of dollars of wealth in 4 hours. High concept,
high tech and high impact.
What I haven't heard said yet is that on Tuesday we all bore witness to what
must have been the most successful conspiracy in some centuries. Dozens if
not hundreds of individuals working in concert, over two or more years to
mount this operation and maintaining operational security and operational
focus throughout. Given the short selling in a few key insurance firms a few
weeks before the incident the operation might have even turned a substantial
profit. The high water mark for the lowly funded population of a layman black
operation is now in the hundreds. I suspect most counter-intelligence people
would have placed it at 10-15 as recently as Monday. If this is the case what
of the day- surely not far away- when a group of 50 can mount a nuclear
program of moderate success? A biochem program of moderate success? Or as
Platt muses, when "...computational power should enable us to manipulate
matter itself." Perhaps to synthesize plutonium?
At the risk of sounding "Seganesque" I suspect our species might well be too
curious for our own good.
Martial Law
The events of September 11th have not been the first and are not going to be
the last example of technology (in whatever form) put to ill use. Terrorism
will doubtless have several banner years in the next decade, the likes of
which have not been seen since the many skyjackings in the '70s. The
insidious thing about these kind of attacks is that they tend to result in
something akin to martial law. Freedoms and liberties are necessarily
curtailed- and yet nothing changes substantially. Terrorist operations are
well designed to seek the underbelly and hit soft targets. They are easiest
to mount in predominately free societies where terrorists can live and travel
in relative freedom and obscurity. They also have the most impact in such
environments, where the citizenry is used to relative peace, tranquility and
privacy. The foreign policy of the United States, particularly with reference
to the Middle East, doesn't make friends quickly- consider it the externality
cost of the cheap oil Americans so dearly love. This combination probably
means a profound overreaction (I think we have all seen this already) and
potentially crippling "temporary" measures which have a life all their own
once implemented.
Inevitably, all of this is going to result in a plethora of measures, proposed
measures, programs, "temporary administrative agencies" and so forth.
Ellison's half-baked national ID proposal, the "homeland defense" cabinet
level agency- if this doesn't sound like something right out of 1930's Berlin
I don't know what does- plus crypto restrictions and even internment camps.
All of these things are- of course- fairly useless. Terrorism has found its
killer app in finally targeting the United States on a large scale- a fat and
slow target with few natural defenses that are not overcome by mildly clever
manipulation of immigration laws and customs, instantaneous communications as
well as international air travel. Would you rather mount such an operation in
The United States or Israel? The United States has a binary decision to make.
Either stay a generally free society and endure the occasional and nearly
impossible to prevent suicide-terrorist acts or impose martial law,
fundamentally altering the social landscape of life in the United States.
(Not that it couldn't have been said to have been irrevocably altered already.
I never thought that- even as a foreigner- I would be so disturbed by a
display of patriotism- or even hyper-patriotism- as I have come to be by the
many American flags waving around as far as the eye can see. The rapid
transformation of the star-spangled to a war banner of anger, vengeance and
mourning all at once is unsettling in the extreme). Between those two choices
the former is a hard thing to envision. Americans as a population generally
look for the "quick buck." The immediate solution. Long term is often lost
on the masses. Enduring more World Trade Center like events (for there are
sure to be more from whatever source) is hard to imagine. America has been
"security spoiled" until September 11th. Unfortunately, I fear rash decision
are on their way. "What would you give up for security." "Right now?
Everything. Anything." Oh boy. Here we go.
The New Paper Gauntlet
The common theme in most of the proposals I see today revolves around
identification. Today, as most members of this list well know, there is no
real "national identification" system in the United States right now. There
is however, a paper gauntlet. A maze of paper filings and credentials
required for almost every private- and some public- activity. Driver's
licenses are not mandatory, unless you want to drive. State issued
identification is not mandatory, unless you want to fly, open a bank account
or do anything else productive. Running this paper gauntlet and its many
forms, applications, checks and so forth leaves a strong trail of activity
behind the individual who is not careful enough to frustrate this system. It
does have a weakness today however. There are few universal databases in the
United States. Citizen movements are not catalogued ex ante in a single
system today. Many systems must be correlated ex post once a citizen has
brought attention to themselves. There is an investagatory barrier to
rebuilding the steps of a given citizen today. Not a large one, but large
enough to prevent massive fishing expeditions, and large enough for the clever
to slip between the cracks- either for privacy or for criminal activity.
Those smart enough to keep out of sight usually have no problem circumventing
the system slightly for innocent purposes. Today the temptation has become to
institute more stringent and centralized controls in the hopes that such
efforts will create a good chokepoint from which to identify troublemakers.
As usual, this is an illusory bit of security.
Paper gauntlets are annoying and expensive- so much so that the costs are
certain to be amortized across private sector industries and such. They will
still serve primarily to create records best used in ex post investigations,
not in preventing crime. CTR's, currency transportation reports, foreign
account suspicious activity notices and the like are all ex post measures.
Centralizing or consolidating records will probably raise the bar for casual
paper trippers slightly, but not sophisticated attacks like the September 11th
operation. It has come out this week that as many as 12 western educated men
and their families may have been murdered to provide terrorist operatives with
fresh, and undisputed, identities to use. In the face of this kind of resolve
a national ID program, or any of the other measures being publicly floated
will do little- if anything- ex ante to stop terrorism, particularly the brand
that spends 300 to 400 thousand dollars per operative in "blend in" efforts.
I'm most alarmed by the fingerprint smartcard proposals that are floating
around from the great public policy genius of e.g. Mr. Larry Ellison. These
will be entirely useless unless every place they are used requires a two or
three factor authentication. 1. Possession and presentation of the card and
therefore the digitized, stored fingerprint data. 2. Presentation of the
individual's fingers to provide the fingerprint for checking against #1. 3
(optional) a pin number or other unlocking mechanism for the credential data.
What, after all, is the point of providing fingerprints unless they become
part of the authentication process? Otherwise individual Y might as well kill
individual X and steal the card. Since individual X's prints will never be
compared against the card what is the benefit? Personally, the prospect of
exposing my biometric data to a terminal and operator of questionable
experience, skill and motive every time I get on a plane, make a transaction,
apply for a bank account, get a driver's license, etc. etc. bothers me. Of
course, the United States has not learned that such data, when not protected
properly will be abused. Credit card numbers, social security numbers and now
fingerprint indexes. No collective memory. Pity.
Paper gauntlets have long been the easy tactic to try and address these kinds
of issues. The "Credentialing of America" as one cypherpunk (Mr. May?) put it
continues. They have also universally proved ineffective. Still, we should
all expect to have to run a much longer and tighter paper gauntlet.
All of these things are vulnerable to origin fraud, however. Since Bob has to
be able to replace his credentialing data if it is all destroyed in a fire
(such things occasionally happen) we have to assume that any uncredentialled
individual can replace Bob's credentialing data in the same way, be he Bob,
Fred or Frank. All credential systems are dependent on the initial
authentication's validity. That is why identity fraud, credit application
fraud and the like work. No national ID system, or any ID system, will every
fully, or even mostly, remove such fraud.
The Changing Meaning of 911.
The disadvantage of all this is that all privacy seekers will begin to look
more and more like felons- or worse, terrorists. Encrypted mail will be a
branding thing to have in your inbox. Neighbors are encouraged to inform on
their associates. Strangers are urged to be "vigilant" (suspiciously close to
'vigilante in my view) in reporting "suspicious activity" which is, of course,
not defined. The threshold for invoking "911" (that's September 11th for the
irony impaired) has been pretty seriously reduced now. Terrorism has gripped
the United States so successfully that most of my friends and associates have
been heard to comment that things will "never be the same." I tend to think
they are right. I tend to think this is most unfortunate. I tend to think it
was inevitable.
Perhaps we will find that widespread freedom, in the form that we aspire to
create it, isn't a sustainable social form in the United States. Prosperity
and freedom in their current guise in the United States seem to be subject to
the whim of short term thinking. Though I realize this isn't how Platt meant
it: "stupidity trumps intelligence." Not only the stupidity of terrorists- in
fact I think these terrorists were astoundingly intelligent- but the stupidity
of the citizenry. Perhaps the United States is not indeed mature enough- or
perhaps _no longer_ mature enough- on the whole to "...pay any price, bear any
burden, meet any hardship, support any friend, oppose any foe to assure the
survival and the success of liberty."
Margaret Thatcher once commented, on the close of the Gulf War: "Now, just
look, there is the aggressor, Saddam Hussein, still in power. There is the
President of the United States, no longer in power. There is the Prime
Minister of Britain who did quite a lot to get things there, no longer in
power. I wonder who won?"
I do hope we don't come to reflect on the perpetrators of September 11th in
the same fashion.
What Remains to be Done.
If we assume that things are only going to get worse as technology progresses
and progressively puts more and more power into the hands of fewer and fewer
individuals we probably also have to assume that WTC is not the largest or
most impressive terrorist or asymmetric attack we will see in the next decade.
We might also assume that the many proposals out there today will not solve
the problem- much as metal detectors at airports did not. Much as identity
requirements for boarding planes did not. Much as... well you get the idea.
I suspect that those two things- which seem a little bit obvious to me- might
also mean that governments will increasingly seek to adopt more and more
intrusive measures to appear to give their citizens the impression of
security.
What can we do to foster privacy and preserve crypto even in the face of these
potential (but uncertain) changes?
I used to write a little bit at the end of every year on this point. What
more could we do to further cryptographic development? To increase privacy?
I stopped bothering at some point but I recently came across these points from
a post I wrote back in 1996:
begin quote
A. Increasing the ease of use.
Perhaps I should have put this as #1, because really among those things
which I suggest in this post, I think this is of primary importance. It
cannot be stressed enough that encryption must be transparent, easy to
use, but at the same time make its presence just apparent enough to
encourage its use, and to make users note its absence.
B. Multiple encryption method support/larger key sizes.
While I may be more paranoid than some, or even most, I think it is
crucial to provide for the possibility that strong encryption may one day
face a total ban in more countries. To avoid the chilling effect that
this would certainly have on development, it is of key importance to
permit applications and implementations to nexus with several methods, and
to allow what may today seem like extrodinarily large key sizes. (256
bits would not be unreasonable in my view, particularly so where the user
was given the option of selecting a ~128 or so bit method like IDEA or
3DES at their option (consistent with A. above).
C. Anonymous communication.
I'm not sure this needs much explanation.
D. True stego.
Today it is a simple matter to identify encrypted traffic. This is the
key flaw in what I will call (at risk of sounding like a white paper) the
NEI (National Encryption Infrastructure). It subjects users to very
effective and easy to implement traffic analysis. While I understand the
temptation to use checksum like methods to speed the key checking process,
at some point I am of the view that this convenience will come back to
haunt crypto.
end quote
Well, two of these and maybe three are at least somewhat better 5 years later.
Good job c'punks.
I don't really know what the state of true stego is today, but I submit that
it better get a whole lot better in a big hurry. Anyone have any comments
about the viability of real stego against concerted state-sponsored fishing
expeditions on usenet or elsewhere? What stego applications are out there?
Are they any good? Has anyone developed specifications for stego which make
sense? Have these been implemented?
Anonymous communication? Remailers seem to be at least of passing
functionality. I think they will come under increasing scrutiny in the months
and years to come. At risk of causing a flame war: Happy Fun Homeland Defense
Organization is not amused. More remailers in jurisdictions with foreign
policy goals too boring to offend this or that religion or political ambition.
Middleman only remailers in those jurisdictions at greater risk of considering
oppressive changes in laws or enforcement.
What ever happened to Stealth PGP? "The first rule of not being seen- not to
stand up." At least if one is using encryption it would be nice to be able to
deter key-based traffic analysis. Surely this will increasingly be a problem.
(Nice to see Earthlink refusing to install Carnivore, but can all ISPs say the
same? Without a doubt Earthlink was not the only one approached).
Personally, I'd be willing to drop some coin if it will help foster a strong,
open source, multi-platform utility to Stealthify and Stego PGP messages while
it's still legal to do so. What's out there to start work with. Would anyone
else contribute?
If everyone is going to dial 911 at the drop of a hat what do we plan to do
about it?
