| R. A. Hettinga on Fri, 28 Sep 2001 01:28:16 +0200 (CEST) |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| [Nettime-bold] Black Unicorn: Reflections on "High Concept, Low Tech," MartialLaw, the new Paper Gauntlet and the changing meaning of 911. |
http://www.inet-one.com.my/cypherpunks/current/msg00253.html [Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index] [Author Index] [Subject Index] Reflections on "High Concept, Low Tech," Martial Law, the new Paper Gauntlet and the changing meaning of 911. Click for Main Site * To: <cypherpunks@minder.net> * Subject: Reflections on "High Concept, Low Tech," Martial Law, the new Paper Gauntlet and the changing meaning of 911. * From: "Black Unicorn" <unicorn@schloss.li> * Date: Tue, 25 Sep 2001 16:06:36 -0700 * Sender: owner-cypherpunks@minder.net Amid the flood of profound, pseudo-profound and posuer-profound writings that have found their way- like so many thrice forwarded bad jokes or internet chain letters- to me since Tuesday, Charles Platt's work "The Enduring Power of Stupidity" clarified quite a number of things, at least to my way of thinking. Though perhaps not for the reasons Platt intended the work gelled some number of thoughts many of which had been rattling around for some time. "There are two basic forces in the world..." Platt begins, "Intelligence and stupidity. Human intelligence generally is creative, and has the potential to enhance our lives. Stupidity almost always is destructive." I immediately thought of the phrase "If we make this idiot-proof they will simply design a better idiot." Hold that thought. High Concept, Low Tech "High Concept, Low Tech" is a term that has been tossed around quite a bit lately. What is interesting to me is that the asymmetric attack on Tuesday was not by any understanding "High Concept, Low Tech,"as is being repeatedly reported by this or that expert. Quite the reverse. It was precisely because- at least partly because- the 757s/767s piloted by our most recent madmen of note were extremely sophisticated that the attack was so successful. A number of factors came into play here. Firstly, though an expensive- relative to most like operations- attack to implement, both financially and temporally, the operation as it was mounted on the 11th was far cheaper because of the simple ease with which 757s and 767s are flown, at least once aloft. As of Tuesday fly-by-wire is to "terrorists" what Perl is to script-kiddies. Inevitably as technologies enable humans to move more metal and petroleum tubes faster, further and higher with less brain work, less training and less expertise than the day before... well, more potential energy, less brains equals higher risk. This "black box syndrome" means that a housewife behind the wheel of a Volvo can effortlessly brake like Schumacher. It means that Bob Smith can hurl 412,000 pounds of metal and fuel at a building- and it is only going to get worse. In April of 2000 Bill Joy wrote an article in Wired that has always frightened me a little. Chief among his comments: The 21st-century technologies - genetics, nanotechnology, and robotics (GNR) - are so powerful that they can spawn whole new classes of accidents and abuses. Most dangerously, for the first time, these accidents and abuses are widely within the reach of individuals or small groups. They will not require large facilities or rare raw materials. Knowledge alone will enable the use of them. Mr. Platt, unwittingly I think, invokes Joy in his article. "Ultimately computational power should enable us to manipulate matter itself," says Platt, "...enabling a new era of unlimited wealth while eliminating side effects such as pollution and global warming." But, Platt points out, "On Tuesday I saw that stupidity still trumps intelligence." I fear Platt is right. I fear Joy is right. The inevitable march of technology puts more in the hands of the few faster and faster. Black arts are fewer and farther between. Cryptography is a prime example. Publishing a second. Biotechnology an emerging one. In all of these disciplines what was once the bastion of a few dedicated researchers or government types has been shattered by tools that now create a universality that increasingly becomes disturbing to contemplate. As force multipliers approach an individual as an acceptable seed value, controls approach impossibility and risk increases geometrically. From the crossbow to the handgun to the semi-automatic rifle, individuals increasingly have more and more power to destroy. A single twisted mind suddenly has the power to suffocate, blind, destroy, kill, maim hundreds or thousands or hundreds of thousands. The only challenge today is to find the right context. In a crowd an expert with a handgun can probably kill or severely wound 10-15 people with some effort. On an airliner an idiot with a handgun can kill 300 with no effort. A few moderately intelligent and directed individuals with third rate edged weapons can kill thousands and simply erase tens of billions of dollars of wealth in 4 hours. High concept, high tech and high impact. What I haven't heard said yet is that on Tuesday we all bore witness to what must have been the most successful conspiracy in some centuries. Dozens if not hundreds of individuals working in concert, over two or more years to mount this operation and maintaining operational security and operational focus throughout. Given the short selling in a few key insurance firms a few weeks before the incident the operation might have even turned a substantial profit. The high water mark for the lowly funded population of a layman black operation is now in the hundreds. I suspect most counter-intelligence people would have placed it at 10-15 as recently as Monday. If this is the case what of the day- surely not far away- when a group of 50 can mount a nuclear program of moderate success? A biochem program of moderate success? Or as Platt muses, when "...computational power should enable us to manipulate matter itself." Perhaps to synthesize plutonium? At the risk of sounding "Seganesque" I suspect our species might well be too curious for our own good. Martial Law The events of September 11th have not been the first and are not going to be the last example of technology (in whatever form) put to ill use. Terrorism will doubtless have several banner years in the next decade, the likes of which have not been seen since the many skyjackings in the '70s. The insidious thing about these kind of attacks is that they tend to result in something akin to martial law. Freedoms and liberties are necessarily curtailed- and yet nothing changes substantially. Terrorist operations are well designed to seek the underbelly and hit soft targets. They are easiest to mount in predominately free societies where terrorists can live and travel in relative freedom and obscurity. They also have the most impact in such environments, where the citizenry is used to relative peace, tranquility and privacy. The foreign policy of the United States, particularly with reference to the Middle East, doesn't make friends quickly- consider it the externality cost of the cheap oil Americans so dearly love. This combination probably means a profound overreaction (I think we have all seen this already) and potentially crippling "temporary" measures which have a life all their own once implemented. Inevitably, all of this is going to result in a plethora of measures, proposed measures, programs, "temporary administrative agencies" and so forth. Ellison's half-baked national ID proposal, the "homeland defense" cabinet level agency- if this doesn't sound like something right out of 1930's Berlin I don't know what does- plus crypto restrictions and even internment camps. All of these things are- of course- fairly useless. Terrorism has found its killer app in finally targeting the United States on a large scale- a fat and slow target with few natural defenses that are not overcome by mildly clever manipulation of immigration laws and customs, instantaneous communications as well as international air travel. Would you rather mount such an operation in The United States or Israel? The United States has a binary decision to make. Either stay a generally free society and endure the occasional and nearly impossible to prevent suicide-terrorist acts or impose martial law, fundamentally altering the social landscape of life in the United States. (Not that it couldn't have been said to have been irrevocably altered already. I never thought that- even as a foreigner- I would be so disturbed by a display of patriotism- or even hyper-patriotism- as I have come to be by the many American flags waving around as far as the eye can see. The rapid transformation of the star-spangled to a war banner of anger, vengeance and mourning all at once is unsettling in the extreme). Between those two choices the former is a hard thing to envision. Americans as a population generally look for the "quick buck." The immediate solution. Long term is often lost on the masses. Enduring more World Trade Center like events (for there are sure to be more from whatever source) is hard to imagine. America has been "security spoiled" until September 11th. Unfortunately, I fear rash decision are on their way. "What would you give up for security." "Right now? Everything. Anything." Oh boy. Here we go. The New Paper Gauntlet The common theme in most of the proposals I see today revolves around identification. Today, as most members of this list well know, there is no real "national identification" system in the United States right now. There is however, a paper gauntlet. A maze of paper filings and credentials required for almost every private- and some public- activity. Driver's licenses are not mandatory, unless you want to drive. State issued identification is not mandatory, unless you want to fly, open a bank account or do anything else productive. Running this paper gauntlet and its many forms, applications, checks and so forth leaves a strong trail of activity behind the individual who is not careful enough to frustrate this system. It does have a weakness today however. There are few universal databases in the United States. Citizen movements are not catalogued ex ante in a single system today. Many systems must be correlated ex post once a citizen has brought attention to themselves. There is an investagatory barrier to rebuilding the steps of a given citizen today. Not a large one, but large enough to prevent massive fishing expeditions, and large enough for the clever to slip between the cracks- either for privacy or for criminal activity. Those smart enough to keep out of sight usually have no problem circumventing the system slightly for innocent purposes. Today the temptation has become to institute more stringent and centralized controls in the hopes that such efforts will create a good chokepoint from which to identify troublemakers. As usual, this is an illusory bit of security. Paper gauntlets are annoying and expensive- so much so that the costs are certain to be amortized across private sector industries and such. They will still serve primarily to create records best used in ex post investigations, not in preventing crime. CTR's, currency transportation reports, foreign account suspicious activity notices and the like are all ex post measures. Centralizing or consolidating records will probably raise the bar for casual paper trippers slightly, but not sophisticated attacks like the September 11th operation. It has come out this week that as many as 12 western educated men and their families may have been murdered to provide terrorist operatives with fresh, and undisputed, identities to use. In the face of this kind of resolve a national ID program, or any of the other measures being publicly floated will do little- if anything- ex ante to stop terrorism, particularly the brand that spends 300 to 400 thousand dollars per operative in "blend in" efforts. I'm most alarmed by the fingerprint smartcard proposals that are floating around from the great public policy genius of e.g. Mr. Larry Ellison. These will be entirely useless unless every place they are used requires a two or three factor authentication. 1. Possession and presentation of the card and therefore the digitized, stored fingerprint data. 2. Presentation of the individual's fingers to provide the fingerprint for checking against #1. 3 (optional) a pin number or other unlocking mechanism for the credential data. What, after all, is the point of providing fingerprints unless they become part of the authentication process? Otherwise individual Y might as well kill individual X and steal the card. Since individual X's prints will never be compared against the card what is the benefit? Personally, the prospect of exposing my biometric data to a terminal and operator of questionable experience, skill and motive every time I get on a plane, make a transaction, apply for a bank account, get a driver's license, etc. etc. bothers me. Of course, the United States has not learned that such data, when not protected properly will be abused. Credit card numbers, social security numbers and now fingerprint indexes. No collective memory. Pity. Paper gauntlets have long been the easy tactic to try and address these kinds of issues. The "Credentialing of America" as one cypherpunk (Mr. May?) put it continues. They have also universally proved ineffective. Still, we should all expect to have to run a much longer and tighter paper gauntlet. All of these things are vulnerable to origin fraud, however. Since Bob has to be able to replace his credentialing data if it is all destroyed in a fire (such things occasionally happen) we have to assume that any uncredentialled individual can replace Bob's credentialing data in the same way, be he Bob, Fred or Frank. All credential systems are dependent on the initial authentication's validity. That is why identity fraud, credit application fraud and the like work. No national ID system, or any ID system, will every fully, or even mostly, remove such fraud. The Changing Meaning of 911. The disadvantage of all this is that all privacy seekers will begin to look more and more like felons- or worse, terrorists. Encrypted mail will be a branding thing to have in your inbox. Neighbors are encouraged to inform on their associates. Strangers are urged to be "vigilant" (suspiciously close to 'vigilante in my view) in reporting "suspicious activity" which is, of course, not defined. The threshold for invoking "911" (that's September 11th for the irony impaired) has been pretty seriously reduced now. Terrorism has gripped the United States so successfully that most of my friends and associates have been heard to comment that things will "never be the same." I tend to think they are right. I tend to think this is most unfortunate. I tend to think it was inevitable. Perhaps we will find that widespread freedom, in the form that we aspire to create it, isn't a sustainable social form in the United States. Prosperity and freedom in their current guise in the United States seem to be subject to the whim of short term thinking. Though I realize this isn't how Platt meant it: "stupidity trumps intelligence." Not only the stupidity of terrorists- in fact I think these terrorists were astoundingly intelligent- but the stupidity of the citizenry. Perhaps the United States is not indeed mature enough- or perhaps _no longer_ mature enough- on the whole to "...pay any price, bear any burden, meet any hardship, support any friend, oppose any foe to assure the survival and the success of liberty." Margaret Thatcher once commented, on the close of the Gulf War: "Now, just look, there is the aggressor, Saddam Hussein, still in power. There is the President of the United States, no longer in power. There is the Prime Minister of Britain who did quite a lot to get things there, no longer in power. I wonder who won?" I do hope we don't come to reflect on the perpetrators of September 11th in the same fashion. What Remains to be Done. If we assume that things are only going to get worse as technology progresses and progressively puts more and more power into the hands of fewer and fewer individuals we probably also have to assume that WTC is not the largest or most impressive terrorist or asymmetric attack we will see in the next decade. We might also assume that the many proposals out there today will not solve the problem- much as metal detectors at airports did not. Much as identity requirements for boarding planes did not. Much as... well you get the idea. I suspect that those two things- which seem a little bit obvious to me- might also mean that governments will increasingly seek to adopt more and more intrusive measures to appear to give their citizens the impression of security. What can we do to foster privacy and preserve crypto even in the face of these potential (but uncertain) changes? I used to write a little bit at the end of every year on this point. What more could we do to further cryptographic development? To increase privacy? I stopped bothering at some point but I recently came across these points from a post I wrote back in 1996: begin quote A. Increasing the ease of use. Perhaps I should have put this as #1, because really among those things which I suggest in this post, I think this is of primary importance. It cannot be stressed enough that encryption must be transparent, easy to use, but at the same time make its presence just apparent enough to encourage its use, and to make users note its absence. B. Multiple encryption method support/larger key sizes. While I may be more paranoid than some, or even most, I think it is crucial to provide for the possibility that strong encryption may one day face a total ban in more countries. To avoid the chilling effect that this would certainly have on development, it is of key importance to permit applications and implementations to nexus with several methods, and to allow what may today seem like extrodinarily large key sizes. (256 bits would not be unreasonable in my view, particularly so where the user was given the option of selecting a ~128 or so bit method like IDEA or 3DES at their option (consistent with A. above). C. Anonymous communication. I'm not sure this needs much explanation. D. True stego. Today it is a simple matter to identify encrypted traffic. This is the key flaw in what I will call (at risk of sounding like a white paper) the NEI (National Encryption Infrastructure). It subjects users to very effective and easy to implement traffic analysis. While I understand the temptation to use checksum like methods to speed the key checking process, at some point I am of the view that this convenience will come back to haunt crypto. end quote Well, two of these and maybe three are at least somewhat better 5 years later. Good job c'punks. I don't really know what the state of true stego is today, but I submit that it better get a whole lot better in a big hurry. Anyone have any comments about the viability of real stego against concerted state-sponsored fishing expeditions on usenet or elsewhere? What stego applications are out there? Are they any good? Has anyone developed specifications for stego which make sense? Have these been implemented? Anonymous communication? Remailers seem to be at least of passing functionality. I think they will come under increasing scrutiny in the months and years to come. At risk of causing a flame war: Happy Fun Homeland Defense Organization is not amused. More remailers in jurisdictions with foreign policy goals too boring to offend this or that religion or political ambition. Middleman only remailers in those jurisdictions at greater risk of considering oppressive changes in laws or enforcement. What ever happened to Stealth PGP? "The first rule of not being seen- not to stand up." At least if one is using encryption it would be nice to be able to deter key-based traffic analysis. Surely this will increasingly be a problem. (Nice to see Earthlink refusing to install Carnivore, but can all ISPs say the same? Without a doubt Earthlink was not the only one approached). Personally, I'd be willing to drop some coin if it will help foster a strong, open source, multi-platform utility to Stealthify and Stego PGP messages while it's still legal to do so. What's out there to start work with. Would anyone else contribute? If everyone is going to dial 911 at the drop of a hat what do we plan to do about it? * Follow-Ups: * RE: Reflections on "High Concept, Low Tech," Martial Law, the new Paper Gauntlet and the changing meaning of 911. * From: "Blanc" <blancw@cnw.com> * Prev by Date: Visa 2.9% Interest ! ltnabw * Next by Date: CDR: THREE MORE DAYS ONLY! Free links & seats Manuf Prod/Cntl Software $1,495! * Prev by thread: Visa 2.9% Interest ! ltnabw * Next by thread: RE: Reflections on "High Concept, Low Tech," Martial Law, the new Paper Gauntlet and the changing meaning of 911. * Index(es): * Date * Thread * Author * Subject CH recommended: Buy This Book! Buy This Book! ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Nettime-bold mailing list Nettime-bold@nettime.org http://www.nettime.org/cgi-bin/mailman/listinfo/nettime-bold