Rayne | emptywheel

GM’s New CEO: This Model Has Titanium Features

By: Rayne Thursday December 12, 2013 11:30 am

The woman in the photo at the right has big titanium ovaries — not malleable brass or rusting iron. Do I know Mary Barra personally to attest to this fact? No. But I have a pretty damned good idea where GM’s new CEO has been, and it takes a pretty tough set of specifications to survive the road she’s traveled.

Like her I grew up in the I-75 corridor in Michigan, where much of the automotive industry’s OEM facilities and Tiers 1 through 3 suppliers could be found. Like her father, my father worked in the automotive business; if her household was like mine, there were copies of Car and Driver, Road & Track, machinist, tool-and-die, and metalforming magazines cluttering coffee tables or in dad’s man-cave. The smell of machine oil and the grit of metal chips are familiar, as are an ever-present collection of safety glasses, hearing protection, and greasy jumpsuits. Picture a garage like that in Clint Eastwood’s movie Gran Torino; I’ll lay good money her dad probably spent a lot of his free time between shifts in a home shop like that, and where she might have been found as well if he needed a hand or she needed a tool to fix something.

It was in her blood, I’m sure; I’ll bet she could taste it. I’m pretty certain this is why she went into engineering, and likely why she went to that particular private engineering school.

After working for a couple years as a high school engineering co-op student I had been accepted at the same school, but I went a different road, preferring business and then-nascent computing technology over engineering. My daughter, though, is at that school now. She could taste it, too; we have pictures of her at age nine, wearing safety glasses, proudly holding her first aluminum machined part. She’s the first person her dad asks for help when working on the cars at home.

I wish now I’d taken pictures of her the time she was so damned mad at her brother and his friend for accidentally breaking the sibling-shared PlayStation 2 console. She ripped it down, diagnosed it using internet research, fixed and reassembled it on her own in an afternoon.

Driven to identify and solve the problem — that’s what it takes to choose engineering as a career, particularly if you are a woman.

Sure, men too must be driven to pursue the same field, but they don’t face the hurdles that women faced then or even now, 30 years after General Motors’ new CEO first started college at the former General Motors Institute. Nobody ever questions a boy’s right to pursue engineering, or a man’s right to practice that discipline. Nobody ever questions the gender of a man with an engineering degree when he makes it to the pinnacle of the corporate ladder. Continue reading →

BBC’s Adam Curtis’ Fluck Up

By: Rayne Friday December 6, 2013 5:00 am

Every once in a while there’s an opinion piece so grossly naive, horribly uninformed, or passively apologetic that it deserves pushback.

BBC’s Adam Curtis’ blog post, WHAT THE FLUCK [sic], is such a piece. Read it for yourself. I’m still scratching my head about this overlong, winding post that ultimately says,

“…Maybe today we are being farmed by the new system of power. But we can’t see quite how it is happening – and we need a new journalism to explain what is really going on. …”

No. We have the right journalism, even if it is not perfect or dispersed evenly, even if we could use more of it. The Guardian’s work on the Snowden story is just one example; if I may say so, Emptywheel sets another fine example as citizen journalism.

What we need is a public willing to invest time and energy in reading the material reported, discuss it openly after careful analysis, willing to demand and support more good journalism by way of subscription, donation, or advertising revenues as a last resort.

What we don’t need are naive or uninformed opinion leaders who tell us we don’t have journalism reporting about the size, scale, and nature of the corruption we face.

What we don’t need are apologias masquerading as demands for more and better journalism.

Curtis’ piece in particular does several things to muddy the public’s perception about journalism today:

• He throws us a narrative about poor little rich girl Tamara Yeardye Mellon and her father that is not unlike reading about poor little Paris Hilton, or poor little Kardashian Annoying-Sister-Of-The-Day. The narrative utterly misses a critical point, derailing its own effort, yet he feels the public need more backstory narrative in order to really understand today’s challenges..

• Rupert Murdoch is treated as if he was handed a bag of flaming dog poo by his editorial predecessor, dealing with the mess in the best manner he could — as if cellphone hacking by Murdoch’s employees was mere fallout inherited immaculately by Murdoch.

• Curtis ignores his own role, using his bully pulpit to complain about an absence of reporting he is capable of providing instead of this meandering whinge.

With regard to Tamara Mellon’s allegedly lost control over of her luxe shoe business Jimmy Choo Limited to Phoenix Private Equity, Curtis failed to note that not even a Mellon family member is safe from predation. Even a Mellon can be made into a corporate vulture’s bitch.

What does this tell us about the nature of the beast? Continue reading →

Information Monopoly Defines the Deep State

By: Rayne Thursday November 28, 2013 6:00 pm

The last decade witnessed the rise of deep state — an entity not clearly delineated that ultimately controls the military-industrial complex, establishing its own operational policy and practice outside the view of the public in order to maintain its control.

Citizens believe that the state is what they see, the evidence of their government at work. It’s the physical presence of their elected representatives, the functions of the executive office, the infrastructure that supports both the electoral process and the resulting machinery serving the public at the other end of the sausage factory of democracy. We the people put fodder in, we get altered fodder out — it looks like a democracy.

But deep state is not readily visible; it’s not elected, it persists beyond any elected official’s term of office. While a case could be made for other origins, it appears to be born of intelligence and security efforts organized under the Eisenhower administration in response to new global conditions after World War II. Its function may originally have been to sustain the United States of America through any threat or catastrophe, to insure the country’s continued existence.

Yet the deep state and its aims may no longer be in sync with the United States as the people believe their country to be — a democratic society. The democratically elected government does not appear to have control over its security apparatus. This machinery answers instead to the unseen deep state and serves its goals.

As citizens we believe the Department of State and the Department of Defense along with all their subset functions exist to conduct peaceful relations with other nation-states while protecting our own nation-state in the process. Activities like espionage for discrete intelligence gathering are as important as diplomatic negotiations to these ends. The legitimate use of military force is in the monopolistic control of both Departments of State and Defense, defining the existence of a state according to philosopher Max Weber.

The existing security apparatus, though, does not appear to function in this fashion. It refuses to answer questions put to it by our elected representatives when it doesn’t lie to them outright. It manages and manipulates the conditions under which it operates through implicit threats. The legitimacy of the military force it yields is questionable because it cannot be restrained by the country’s democratic processes and may subvert control over military functions.

Further, it appears to answer to some other entity altogether. Why does the security apparatus pursue the collection of all information, in spite of such activities disrupting the ability of both State and Defense Departments to operate effectively? Why does it take both individuals’ and businesses’ communications while breaching their systems, in direct contravention to the Constitution’s Fourth Amendment prohibition against illegal search and seizure? Continue reading →

Stuxnet and the Poisons that Open Your Eyes

By: Rayne Monday November 25, 2013 11:15 am

Playwright August Strindberg wrote, “…There are poisons that blind you, and poisons that open your eyes.”

We’ve been blinded for decades by complacency and stupidity, as well as our trust. Most Americans still naively believe that our government acts responsibly and effectively as a whole (though not necessarily its individual parts).

By effectively, I mean Americans believed their government would not deliberately launch a military attack that could affect civilians — including Americans — as collateral damage. Such a toll would be minimized substantively. Yesterday’s celebration related to the P5+1 interim agreement regarding Iran’s nuclear development program will lull most Americans into deeper complacency. The existing system worked, right?

But U.S. cyber warfare to date proves otherwise. The government has chosen to deliberately poison the digital waters so that all are contaminated, far beyond the intended initial target.

There’s very little chance of escaping the poison, either. The ubiquity of U.S. standards in hardware and software technology has ensured this. The entire framework — the stack of computing and communications from network to user applications — has been affected.

• Network: Communications pathways have been tapped, either to obtain specific content, or obtain a mirror copy of all content traveling through it. It matters not whether telecom network, or internal enterprise networks.

• Security Layer: Gatekeeping encryption has been undermined by backdoors and weakened standards, as well as security certificates offering handshake validation
between systems.

• Operating Systems: Backdoors have been obtained, knowingly or unknowingly on the part of OS developers, using vulnerabilities and design flaws. Not even Linux can be trusted at this point (Linux progenitor Linus Torvalds has not been smart enough to offer a dead man’s switch notification.)

• User Applications: Malware has embedded itself in applications, knowingly or unknowingly on the part of app developers.

End-to-end, top-to-bottom and back again, everything digital has been touched in one layer of the framework or another, under the guise of defending us against terrorism and cyber warfare.

Further, the government watchdogs entrusted to prevent or repair damage have become part and parcel of the problem, in such a way that they cannot effectively be seen to defend the public’s interests, whether those of individual citizens or corporations. The National Institute of Standards and Technology has overseen the establishment and implementation of weak encryption standards for example; it has also taken testimony [PDF] from computing and communications framework hardware and software providers, in essence hearing where the continued weak spots will be for future compromise.

The fox is watching the hen house, in other words, asking for testimony pointing out the weakest patches installed on the hen house door.

The dispersion of cyber poison was restricted only in the most cursory fashion.

• Stuxnet’s key target appears to have been Iran’s Natanz nuclear facility, aiming at its SCADA equipment, but it spread far beyond and into the private sector as disclosed by Chevron. The only protection against it is the specificity of its end target, rendering the rest of the malware injected but inert. It’s still out there.

• Duqu, a “sibling” cyber weapon, was intended for widespread distribution, its aims two-fold. It delivered attack payload capability, but it also delivered espionage capability.

• Ditto for Flame, yet another “sibling” cyber weapon, likewise intended for widespread distribution, with attack payload and espionage capability.

There could be more than these, waiting yet to be discovered.

In the case of both Duqu and Flame, there is a command-and-control network of servers still in operation, still communicating with instances of these two malware cyber weapons. The servers’ locations are global — yet another indicator of the planners’/developers’ intention that these weapons be dispersed widely.

Poison everything, everywhere.

But our eyes are open now. We can see the poisoners fingerprints on the work they’ve done, and the work they intend to do. Continue reading →

You Were Warned: Cybersecurity Expert Edition — Now with Space Stations

By: Rayne Tuesday November 12, 2013 4:00 am

Over the last handful of days breathless reports may have crossed your media streams about Stuxnet infecting the International Space Station.

The reports were conflations or misinterpretations of cybersecurity expert Eugene Kaspersky’s recent comments before the Australian Press Club in Canberra. Here’s an excerpt from his remarks, which you can enjoy in full in the video embedded above:

[26:03] “…[government] departments which are responsible for the national security for national defense, they’re scared to death. They don’t know what to do. They do understand the scenarios. They do understand it is possible to shut down power plants, power grids, space stations. They don’t know what to do. Uh, departments which are responsible for offense, they see it as an opportunity. They don’t understand that in cyberspace, everything you do is [a] boomerang. It will get back to you.

[26:39] Stuxnet, which was, I don’t know, if you believe American media, it was written, it was developed by American and Israel secret services, Stuxnet, against Iran to damage Iranian nuclear program. How many computers, how many enterprises were hit by Stuxnet in the United States, do you know? I don’t know, but many.

Last year for example, Chevron, they agreed that they were badly infected by Stuxnet. A friend of mine, work in Russian nuclear power plant, once during this Stuxnet time, sent a message that their nuclear plant network, which is disconnected from the internet, in Russia there’s all that this [cutting gestures, garbled], so the man sent the message that their internal network is badly infected with Stuxnet.

[27:50] Unfortunately these people who are responsible for offensive technologies, they recognize cyber weapons as an opportunity. And a third category of the politicians of the government, they don’t care. So there are three types of people: scared to death, opportunity, don’t care.”

He didn’t actually say the ISS was infected with Stuxnet; he only suggested it’s possible Stuxnet could infect devices on board. Malware infection has happened before when a Russian astronaut brought an infected device used on WinXP machines with her to the station.

But the Chevron example is accurate, and we’ll have to take the anecdote about a Russian nuclear power plant as fact. We don’t know how many facilities here in the U.S. or abroad have been infected and negatively impacted as only Chevron to date has openly admitted exposure. It’s not a stretch to assume Stuxnet could exist in every manner of facility using SCADA equipment combined with Windows PCs; even the air-gapped Russian nuclear plant, cut off from the internet as Kaspersky indicates, was infected.

The only thing that may have kept Stuxnet from inflicting damage upon infection is the specificity of the encrypted payload contained in the versions released in order to take out Iran’s Natanz nuclear facility. Were the payload(s) injected with modified code to adapt to their host environs, there surely would have been more obvious enterprise disruptions.

In other words, Stuxnet remains a ticking time bomb threatening energy and manufacturing production at a minimum, and other systems like those of the ISS at worst case. Continue reading →

Science in the ‘National Interest’: What About Everything Else? [UPDATE]

By: Rayne Thursday November 7, 2013 7:05 pm

The Republican-led House Committee on Science, Space and Technology, chaired by Rep. Lamar Smith (TX-21), wants the National Science Foundation’s grants to be evaluated based on the “national interest.”

Bring it, boneheads. By all means let’s try that standard against EVERYTHING on which we spend federal money.

How many television and radio stations, licensing publicly-owned airwaves, are granted licenses under which they are supposed to serve the “public interest, convenience, or necessity”? Because apart from emergency broadcast signal testing, most of them don’t actually do that any longer, suggesting we really need to re-evaluate broadcasters’ licenses. Let’s put the FCC’s licensing under the microscope. If broadcasters aren’t truly serving “national interest” in the manner parallel to a House Science Committee discussion draft — proposed criteria being “economic competitiveness, health and welfare, scientific literacy, partnerships between academia and industry, promotion of scientific progress and national defence” — the least they could do is pay us adequately for a license to abuse our publicly-owned assets as well as our sensibilities. There’s probably something in the defunct Fairness Doctrine about broadcasting and the nation’s interests…unless, of course, “public” does not mean “nation.” Perhaps Rep. Smith believes “national interest” = “business interest,” which opens up a massive can of definition worms.

How about banks and insurance companies? How many of them were in one way or another not merely affected by the financial meltdown of 2008, but direct contributors to the cataclysm because their standards of operation were shoddy — specifically, with regard to subprime mortgages. Why not put their regulation under the same lens: are these financial institutions serving the “nation’s interest”? The financial industry’s business practices and the regulatory framework existing in early 2008 certainly didn’t defend this nation’s economic competitiveness, damaging the ability to obtain credit as liquidity was threatened. Jeepers, wasn’t that the intent of defunct Glass-Steagall Act after the Great Depression, to assure that commercial and investment banking acted in a secure manner consistent with the nation’s interests?

We could go on and on across the breadth of departments and regulatory bodies which either issue funds or licenses, putting them all to the same test. Do they serve the “national interest”?

The problem here isn’t that the NSF in particular isn’t validating grants as to whether they serve the “national interest.” The NSF already uses criteria to evaluate proposal submissions for their alignment with the nation’s aims. Continue reading →

The Stalker Outside Your Window: The NSA and a Belated Horror Story

By: Rayne Wednesday November 6, 2013 5:00 pm

[photo: Gwen's River City Images via Flickr]

It’s a shame Halloween has already come and gone. The reaction to Monday’s Washington Post The Switch blogpost reminds of a particularly scary horror story, in which a young woman alone in a home receives vicious, threatening calls.

There’s a sense of security vested in the idea that the caller is outside the house and the woman is tucked safely in the bosom of her home. Phew, she’s safe; nothing to see here, move along…

In reality the caller is camped directly outside the woman’s window, watching every move she makes even as she assures herself that everything is fine.

After a tepid reaction to the initial reporting last week, most media and their audience took very little notice of the Washington Post’s followup piece — what a pity, as it was the singular voice confirming the threat sits immediately outside the window.

Your window, as it were, if you have an account with either Yahoo or Google and use their products. The National Security Agency has access to users’ content inside the corporate fenceline for each of these social media firms, greasy nose pressed to glass while peering in the users’ windows.

There’s more to story, one might suspect, which has yet to be reported. The disclosure that the NSA’s slides reflected Remote Procedure Calls (RPCs) unique to Google and Yahoo internal systems is only part of the picture, though this should be quite frightening as it is.

Access to proprietary RPCs means — at a minimum — that the NSA has:

1) Access to content and commands moving in and out of Google’s and Yahoo’s servers, between their own servers — the closest thing to actually being inside these corporations’ servers.

2) With these RPCs, the NSA has the ability to construct remote login access to the servers without the businesses’ awareness. RPCs by their nature require remote access login permissions.

3) Construction through reverse engineering of proprietary RPCs could be performed without any other governmental bodies’ awareness, assuming the committees responsible for oversight did not explicitly authorize access to and use of RPCs during engineering of the MUSCULAR/SERENDIPITY/MARINA and other related tapping/monitoring/collection applications.

4) All users’ login requests are a form of RPC — every single account holder’s login may have been gathered. This includes government employees and elected officials as well as journalists who may have alternate accounts in either Gmail or Yahoo mail that they use as a backup in case their primary government/business account fails, or in the case of journalists, as a backchannel for handling news tips. Continue reading →

Angry Mom and First Principles: What is the Nature of a Broken Lock?

By: Rayne Thursday October 31, 2013 12:15 pm

This won’t be a cool, calm, collected post like Marcy writes, because it’s me, the angry mom. You might even have seen me Tuesday afternoon in the school parking lot waiting to pick up a kid after sports practice. I was the one gripping the steering wheel too tightly while shouting, “BULLSHIT!” at the top of my lungs at the radio.

The cause? This quote by President Obama and the subsequent interpretation by NPR’s Ari Shapiro.

President Obama to ABC’s new Latino channel, Fusion (1:34): It’s important for us to make sure that as technology develops and expands and the capacity for intelligence gathering becomes a lot greater that we make sure that we’re doing things in the right way that are reflective of our values.

Ari Shapiro (1:46): And, Audie, I think what you’re hearing in that quote is a sense that is widespread in this administration that technological improvements have let the government do all kinds of things they weren’t able to do before. They tapped the German Chancellor’s personal cellphone and nobody really stopped to ask whether these are things they should be doing. And so that question, just because we can do something, well, does it mean we should be doing it, that’s the question that seems to be the focus of this review.

Bullshit, bullshit, bullshit.

Here, let me spell this out in terms a school-aged kid can understand.

This is a doorknob with a lock; so is the second closure device on the right.

The lock technology used on the second door is very different; it’s no longer simple analog but digitally enhanced. The second lock’s technology might be more complicated and difficult to understand. But it’s still a lock; its intrinsic purpose is to keep unauthorized persons out.

If one were to pick either lock in any way, with any tools to enter a home that is not theirs and for which they do not have permission to enter, they are breaking-and-entering.

If it’s law enforcement breaching that lock, they’d better have a damned search warrant or a court order, in the absence of a clear emergency or obvious crime in progress.

The argument that information technology has advanced to the point where the NSA blindly stumbles along without asking whether they should do what they are doing, or asking whether they are acting legally is bullshit. They have actively ignored or bypassed the proverbial lock on the door. It matters not where the lock is located, inside or outside the U.S.

The Washington Post’s revelation Wednesday that the NSA cracked Yahoo’s and Google’s SSL — secure sockets layer — is equivalent to evidence of deliberately busted door locks. So is the wholesale undermining of encryption systems on computers, cellphones, and network equipment revealed in reports last month, whether by weakened standards or by willfully placed holes integrated in hardware or software.

The NSA has quite simply broken into every consumer electronic device used for communications, and their attached networks. When the NSA was forced to do offer explanations for their actions, they fudged interpretations of the Constitution and laws in order to continue what they were doing. Their arguments defending their behavior sound a lot like a child’s reasoning. Continue reading →

Last Week’s Blizzard, This Week’s Hell

By: Rayne Thursday October 10, 2013 3:00 pm

Did you know there was a blizzard last week? I’ll admit I didn’t. Never saw a peep about it across several Twitter and internet news feeds until today.

Between 28 and 60 inches of snow fell across parts of South Dakota late last week in a freakishly early snow storm, the white stuff accumulating rapidly while many of us were picking apart reports about the National Security Agency’s breaching of Tor. I was watching my feed pretty closely at the time, and never saw a thing about South Dakota’s weather.

Many if not all of South Dakota’s cattle ranchers still had herds out in summer grazing areas at the time the storm hit. The results are still being measured; somewhere between 15% and 50% of the entire South Dakota herd died in the storm, with long-term effects on the remaining herd as yet unknown.

I haven’t seen a map of the affected area, but I’ll bet these same ranchers may have been impacted by flooding earlier this year. Comprehensive maps detailing the affected area probably won’t be widely available until after Congress resolves the budget and debt ceiling disputes, restoring funding to government agencies like National Oceanic and Atmospheric Administration (NOAA) National Weather Service. Fortunately less detailed maps are available, reflecting flood warnings in western South Dakota.

The worst part of this situation isn’t the lack of predictive information in advance of the storm or impact maps in the wake of the blizzard. It’s the lack of any federal assistance to ranchers devastated by this storm; state agencies struggling with the impact of the storm on their normal operations will be challenged to respond without additional aid. Was adequate advance warning possible from NOAA’s skeleton crew? Should the affected area have been declared a federal disaster? Should there be assistance for cleanup and disposal of approximately 75,000 head of cattle? Should there be agencies looking into financial aid for those ranchers most impacted? Should there be health assessments with regard to the potential spread of disease among humans and cattle alike as the storm’s damage is documented?

Of course there should be assessments and assistance. We’ve agreed as a nation these kinds of services and more are in the best interest of the public as a whole, and we’ve funded them in the past. We help our neighbors in times of trouble just as they help us — this is and has been part of our American values.

It’s too damned bad, though, that Congressional Republicans have decided hard-working farmers — folks who ordinarily might be their base — are less important than a massive temper tantrum about health care and debts they agreed to under the last three presidential terms. Compare the speed with which Congress agreed to bail out soft-handed, flabby-assed banksters back in 2008 — the same banksters who made money off shady subprime mortgages and then tanked the economy with equally shady derivatives based on the same. It took one week from the time Congress reached a tentative agreement between parties, and passage of the Emergency Economic Stabilization Act of 2008. If speed of Congressional response were a measure of importance, helping hard-working but distressed small business owners in the heartland clearly isn’t a benchmark of note.

Badly Broken: We Are Walter White

By: Rayne Sunday September 29, 2013 7:30 pm

I’ll bet tonight’s blog traffic will drop sharply, and explode on Twitter — and at 9:00 p.m. EDT exactly. That’s when the last episode of AMC’s Breaking Bad will air, following a 61-hour marathon of all preceding episodes from the last five years.

A friend expressed concern and astonishment at the public’s investment in this cable TV program, versus the Intergovernmental Panel on Climate Change’s Fifth Assessment Report published Friday, expressing heightened confidence in anthropogenic climate change:

“The report increases the degree of certainty that human activities are driving the warming the world has experienced, from “very likely” or 90% confidence in 2007, to “extremely likely” or 95% confidence now.” [source]

He’s right; we’ll be utterly absorbed by the conclusion of former high school chemistry teacher and cancer patient Walter White’s tale. We’ll have spent a fraction of intellectual energy on our own existential threat, in comparison to the mental wattage we’ll expend on a fictional character’s programming mortality.

But perhaps Breaking Bad’s very nature offers clues to our state of mind. Viewers are addicted to a program that upends perspectives and forces greater examination.

— The entire story of Walter White, a middle class white guy with a good education whose cancer threatens his life and his family’s long-term financial well-being, would not be viable were it not for the dismal state of health care in America. There are no Walter Whites in Canada, for example; the U.S. has become little better than a third world narco-state, our health and shelter dependent on ugly choices like crime because our system of governance cannot respond appropriately under pressure for corporate profitability.

We cling to White, though he has become the very thing we pay our law enforcement to battle, because he is us — morally conflicted, trying to safeguard our lives and our families in a deeply corrupt system. At the end of each Breaking Bad episode the distortion of our values is evident in viewers’ failure to reject a criminal character depicting a drug lord manufacturing and selling a controlled substance, while guilty of conspiracy, murder, and racketeering in the process.

In the background as we watch this program, we permit corporate-owned congresspersons to shut down our government in a fit of pique over the illusion of better health care for all. Continue reading →