October 23, 2019 / by 


BBC’s Adam Curtis’ Fluck Up

Every once in a while there’s an opinion piece so grossly naive, horribly uninformed, or passively apologetic that it deserves pushback.

BBC’s Adam Curtis’ blog post, WHAT THE FLUCK [sic], is such a piece. Read it for yourself. I’m still scratching my head about this overlong, winding post that ultimately says,

“…Maybe today we are being farmed by the new system of power. But we can’t see quite how it is happening – and we need a new journalism to explain what is really going on. …”

No. We have the right journalism, even if it is not perfect or dispersed evenly, even if we could use more of it. The Guardian’s work on the Snowden story is just one example; if I may say so, Emptywheel sets another fine example as citizen journalism.

What we need is a public willing to invest time and energy in reading the material reported, discuss it openly after careful analysis, willing to demand and support more good journalism by way of subscription, donation, or advertising revenues as a last resort.

What we don’t need are naive or uninformed opinion leaders who tell us we don’t have journalism reporting about the size, scale, and nature of the corruption we face.

What we don’t need are apologias masquerading as demands for more and better journalism.

Curtis’ piece in particular does several things to muddy the public’s perception about journalism today:

• He throws us a narrative about poor little rich girl Tamara Yeardye Mellon and her father that is not unlike reading about poor little Paris Hilton, or poor little Kardashian Annoying-Sister-Of-The-Day. The narrative utterly misses a critical point, derailing its own effort, yet he feels the public need more backstory narrative in order to really understand today’s challenges..

• Rupert Murdoch is treated as if he was handed a bag of flaming dog poo by his editorial predecessor, dealing with the mess in the best manner he could — as if cellphone hacking by Murdoch’s employees was mere fallout inherited immaculately by Murdoch.

• Curtis ignores his own role, using his bully pulpit to complain about an absence of reporting he is capable of providing instead of this meandering whinge.

With regard to Tamara Mellon’s allegedly lost control over of her luxe shoe business Jimmy Choo Limited to Phoenix Private Equity, Curtis failed to note that not even a Mellon family member is safe from predation. Even a Mellon can be made into a corporate vulture’s bitch.

What does this tell us about the nature of the beast?

• The One Percent as we used to know them are no more; something more powerful is at work, eating the lunch of the past’s oligarchs. We know this, though; we still haven’t seen any frogmarched executives after the economic crisis of 2008.

• Whatever the beast is, it’s hidden from the reading public’s view, and folks like Curtis don’t follow up in spite of their resources. Why didn’t he ask who or what Phoenix Private Equity is?

• Why does Curtis blindly accept Tamara Mellon’s perspective? She’s an unreliable narrator as Matthew Mellon’s wife. He never appears to question the possibility that the couple were both set up, or were agents for GCHQ.

What does the Tamara Mellon story tell us about the real problem?

Curtis demonstrates the true barrier to understanding the truth: an inability to be sufficiently curious, a lack of critical thinking, or a tendency to sweep important details under the rug for reasons that are not clear. The thread is right there in front of him; he fails to grab it and follow it, asking instead for someone else to do it, in spite of the fact Curtis has a bloody blog hosted at the BBC’s website.

With regard to Rupert Murdoch, the pass Curtis offers the news magnate is ridiculous. Murdoch is characterized as having ethical limits demonstrated in his firing of News of the World senior editor Stafford Somerfield. Curtis credulously accepts Murdoch’s excuse:

“I sacked the best editor of the News of the World. He was too nasty even for me.”

Right; the same guy who made News of the World a profitable, expanding outlet is sacked a year after the paper’s acquisition for doing what made the newspaper successful. What would you do in Murdoch’s shoes to a cash cow who might usurp your internal power structure given said cash cow’s 25 years seniority in the business?

Murdoch is the same man who, as chair and CEO of News Corporation, owned over 800 companies located globally, constituting a news empire worth more than $5 billion as of 2000. This fortune was made by continuing the nasty tabloid approach Stafford Somerfield began at News of the World, spread now around the world.

This is the same Murdoch who built Fox News, which could not do enough panty-sniffing when it came to President Bill Clinton’s intern scandal in the 1990s. The same Fox News that set the agenda for the Bush-Cheney White House through daily talking points sent the president’s offices, utterly complicit with and not separate from the halls of political power.

And of course, the cellphone hacking scandal. That’s all on Murdoch and his organization, nearly 40 years after Somerfield was sacked.

What Curtis’ post reveals is not a lack of “new journalism” necessary to improve the public’s understanding.

Curtis’ threadbare grasp of journalistic ethics is instead disclosed. This cannot be fixed by building a new approach to reporting. It can only be fixed by pointing out the failure to apply an ethical standard uniformly to contemporary journalism as well as noting culpability in the lapse of understanding (ex. Why does Curtis let Murdoch off the hook, in spite of his blog’s perch at BBC?).

If there’s anything else missing it is Curtis’ self-empowerment to be the necessary change using the tools he has within his grasp. There’s only one person who can supply that.

Information Monopoly Defines the Deep State

Monopoly_rutty-FlickrThe last decade witnessed the rise of deep state — an entity not clearly delineated that ultimately controls the military-industrial complex, establishing its own operational policy and practice outside the view of the public in order to maintain its control.

Citizens believe that the state is what they see, the evidence of their government at work. It’s the physical presence of their elected representatives, the functions of the executive office, the infrastructure that supports both the electoral process and the resulting machinery serving the public at the other end of the sausage factory of democracy. We the people put fodder in, we get altered fodder out — it looks like a democracy.

But deep state is not readily visible; it’s not elected, it persists beyond any elected official’s term of office. While a case could be made for other origins, it appears to be born of intelligence and security efforts organized under the Eisenhower administration in response to new global conditions after World War II. Its function may originally have been to sustain the United States of America through any threat or catastrophe, to insure the country’s continued existence.

Yet the deep state and its aims may no longer be in sync with the United States as the people believe their country to be — a democratic society. The democratically elected government does not appear to have control over its security apparatus. This machinery answers instead to the unseen deep state and serves its goals.

As citizens we believe the Department of State and the Department of Defense along with all their subset functions exist to conduct peaceful relations with other nation-states while protecting our own nation-state in the process. Activities like espionage for discrete intelligence gathering are as important as diplomatic negotiations to these ends. The legitimate use of military force is in the monopolistic control of both Departments of State and Defense, defining the existence of a state according to philosopher Max Weber.

The existing security apparatus, though, does not appear to function in this fashion. It refuses to answer questions put to it by our elected representatives when it doesn’t lie to them outright. It manages and manipulates the conditions under which it operates through implicit threats. The legitimacy of the military force it yields is questionable because it cannot be restrained by the country’s democratic processes and may subvert control over military functions.

Further, it appears to answer to some other entity altogether. Why does the security apparatus pursue the collection of all information, in spite of such activities disrupting the ability of both State and Defense Departments to operate effectively? Why does it take both individuals’ and businesses’ communications while breaching their systems, in direct contravention to the Constitution’s Fourth Amendment prohibition against illegal search and seizure?

What we have seen instead is a new facet of deep state manifest as a corollary to Weber’s definition of state.

According to Weber, an entity is “a ‘state’ if and insofar as its administrative staff successfully upholds a claim on the ‘monopoly of the legitimate use of physical force’ in the enforcement of its order.”

Deep state as we currently understand it, however, appears to claim a different monopoly. It is not content with tightly focused actionable intelligence. It seeks collection and control of all information. Whether this effort is legitimate or not does not concern it as it is outside the definition of the state; existing outside any state entity and oversight by the Constitution, the Bill of Rights, any subsequent law, the deep state is extralegal, beyond legitimacy.

It is not merely extralegal but illegitimate, though, when it works in contravention to the stated goals of the state. It becomes a parasite sucking away citizens’ resources without adding value in return to the state.

Based on all the documentation we have seen both before Snowden and after Snowden, deep state has systematically planned, developed, and implemented information collection systems. What looked like one-off wiretaps here and there has become a digital hydra. One head is lopped off as it is revealed in court or by leaks, and a multitude of others emerge to take its place, more virulent than the avatar it augments.

Room 641A in San Francisco seems like a minor annoyance compared to the likelihood that entire transoceanic cables have been spliced and mirrored, the communications in the pipeline duplicated and stored.

The information gathering does not serve the direct interests of the state, in order for the state to wield its legitimate force. The Boston bombing is a perfect example of terrorism that should have been identified and revealed to the state in adequate time to protect the public — yet the state could not and did not respond due to its blindness to information which would have revealed the plot’s existence.

Information gathering serves purposes that do not benefit the public but businesses. The materials gathered by spying on Brazilian government officials did not help the American people but a very narrow range of business interests, specifically the petroleum industry. This calls into question not only the legitimacy of the deep state’s information gathering, but the clients or masters to whom deep state answers. Who or what benefits from this kind of information?

The deep state influences the accrual and control of information in other spheres, through coercive fear, gestated uncertainty, and manipulated doubt. Lawmakers and members of the executive office act in ways that are unpredictable, ridiculous, obscure, and ultimately to the benefit of the deep state’s growing grasp and control of information; their efforts are impacted by misleading testimony, incomplete records, and redacted reports when they are not acting out of fear of being compromised by the security apparatus itself.

Former VP Dick Cheney’s fight to protect the information he allegedly gathered for Energy Task Force represents the point at which the deep state intersected with the Executive Office, using the executive office’s powers to build a firewall behind which it could obtain authority and resources, and legal precedent through which it could act with impunity. As long as deep state functions are carried out as a necessary part of the executive’s deliberation, it feels protected and empowered to carry out its aims.

The executive office further assures deep state’s continued information monopoly by appointing to the judiciary those who tend to side with the state on First- and Fourth Amendment-related cases.

In the pursuit and prosecution of Aaron Swartz for tapping into and sharing publicly-funded research inside the pay-walled garden JSTOR, we see the executive acting to protect inadequately defined intellectual property interests. It is unclear to the public who benefited from the prosecution, but Swartz and the public did not gain access to the intellectual properties they had paid for through tax dollars supporting public universities’ research or public grants that directly funded research. Activists who may have considered liberating the publicly-funded research are surely reluctant to pursue this at risk of being hounded to death as Swartz was.

MPAA’s and RIAA’s combined efforts to limit flow of intellectual property through manipulation of lawmakers and the executive office ensures that the entertainment industry is protected, while offering the deep state an excuse to trawl through information moving between and within states. It is in the interest of deep state’s monopolistic aims for MPAA and RIAA to press for even more control of copyrighted materials.

And now without adequate open discussion among elected representatives, the Trans-Pacific Partnership may expand the reach of the American component of deep state — assuming that the entity is no longer united with a single government — intended to assure the free flow of information across the widest stretch of the earth, from the fastest growing economies. This is not merely the manifestation of the knowledge economy or the information superhighway; the control and trade of information is the source of power.

At some point individuals as well as what remains of the state they have elected need to address the rights of information creators. The open source community maxim, Information Wants To Be Free, should be examined and considered more carefully; as deep state continues its march toward monopolistic control of information without the consent of information creators, what does “free” really mean?

Stuxnet and the Poisons that Open Your Eyes

Poison_EUstdimage-Wikipedia_200px_mod2Playwright August Strindberg wrote, “…There are poisons that blind you, and poisons that open your eyes.

We’ve been blinded for decades by complacency and stupidity, as well as our trust. Most Americans still naively believe that our government acts responsibly and effectively as a whole (though not necessarily its individual parts).

By effectively, I mean Americans believed their government would not deliberately launch a military attack that could affect civilians — including Americans — as collateral damage. Such a toll would be minimized substantively. Yesterday’s celebration related to the P5+1 interim agreement regarding Iran’s nuclear development program will lull most Americans into deeper complacency. The existing system worked, right?

But U.S. cyber warfare to date proves otherwise. The government has chosen to deliberately poison the digital waters so that all are contaminated, far beyond the intended initial target.

There’s very little chance of escaping the poison, either. The ubiquity of U.S. standards in hardware and software technology has ensured this. The entire framework — the stack of computing and communications from network to user applications — has been affected.

• Network: Communications pathways have been tapped, either to obtain specific content, or obtain a mirror copy of all content traveling through it. It matters not whether telecom network, or internal enterprise networks.

• Security Layer: Gatekeeping encryption has been undermined by backdoors and weakened standards, as well as security certificates offering handshake validation
between systems.

• Operating Systems: Backdoors have been obtained, knowingly or unknowingly on the part of OS developers, using vulnerabilities and design flaws. Not even Linux can be trusted at this point (Linux progenitor Linus Torvalds has not been smart enough to offer a dead man’s switch notification.)

• User Applications: Malware has embedded itself in applications, knowingly or unknowingly on the part of app developers.

End-to-end, top-to-bottom and back again, everything digital has been touched in one layer of the framework or another, under the guise of defending us against terrorism and cyber warfare.

Further, the government watchdogs entrusted to prevent or repair damage have become part and parcel of the problem, in such a way that they cannot effectively be seen to defend the public’s interests, whether those of individual citizens or corporations. The National Institute of Standards and Technology has overseen the establishment and implementation of weak encryption standards for example; it has also taken testimony [PDF] from computing and communications framework hardware and software providers, in essence hearing where the continued weak spots will be for future compromise.

The fox is watching the hen house, in other words, asking for testimony pointing out the weakest patches installed on the hen house door.

The dispersion of cyber poison was restricted only in the most cursory fashion.

Stuxnet’s key target appears to have been Iran’s Natanz nuclear facility, aiming at its SCADA equipment, but it spread far beyond and into the private sector as disclosed by Chevron. The only protection against it is the specificity of its end target, rendering the rest of the malware injected but inert. It’s still out there.

Duqu, a “sibling” cyber weapon, was intended for widespread distribution, its aims two-fold. It delivered attack payload capability, but it also delivered espionage capability.

• Ditto for Flame, yet another “sibling” cyber weapon, likewise intended for widespread distribution, with attack payload and espionage capability.

There could be more than these, waiting yet to be discovered.

In the case of both Duqu and Flame, there is a command-and-control network of servers still in operation, still communicating with instances of these two malware cyber weapons. The servers’ locations are global — yet another indicator of the planners’/developers’ intention that these weapons be dispersed widely.

Poison everything, everywhere.

But our eyes are open now. We can see the poisoners fingerprints on the work they’ve done, and the work they intend to do.

After their poison effectively damaged the viability of Natanz uranium refinement program, they will claim victory with the Iranian agreement on nuclear proliferation — yet at what long term price? Not unlike the early treatments for syphilis requiring the patient’s exposure to mercury, those who stood by as therapists and visitors must have been exposed on a limited basis to the chemical neurotoxin, collaterally damaged.

Likewise, Stuxnet’s collateral damage remains, a toxic cure waiting to realize maximum potency on targets which were not the primary focus of Stuxnet’s first and second deployments.

Code lies waiting for a patch or update to refresh it, ready to be relaunched for aims that may not serve the original planners. Holes remain open, serving as doors for some other entity’s purposes — perhaps another nation-state’s hostile attack, perhaps a criminal smash-and-grab, or a massive extortion attempt.

Not to mention the loss of trust among global partners whose civilian technology has been put at risk at scale undetermined, for a period of time unclear.

Or worse: whoever ordered, planned, and wrote the Stuxnet family of cyber warfare weapons wanted assurance that any other attempts to subvert their will could be dealt with in the same fashion that Stuxnet damaged Iran. There is no trust, just hegemonic cyber power. There is only a technological poison waiting for the day when its manufacturer decides to re-arm the toxic payload — a cyber weapon held to the heads of every nation-state, every corporation, every individual who relies on the existing, compromised computing and communications framework.

If Iran was successfully cowed by systematic damage to its nuclear development program and more, how easily will other nation-states be pressured into compliance with but a bit of fresh cyber poison? Will the next deployment be restrained as the second wave of Stuxnet, or will it be as ruthless as Stuxnet’s earlier evil twin was intended to be?

Open your eyes.

You Were Warned: Cybersecurity Expert Edition — Now with Space Stations

Over the last handful of days breathless reports may have crossed your media streams about Stuxnet infecting the International Space Station.

The reports were conflations or misinterpretations of cybersecurity expert Eugene Kaspersky’s recent comments before the Australian Press Club in Canberra. Here’s an excerpt from his remarks, which you can enjoy in full in the video embedded above:

[26:03] “…[government] departments which are responsible for the national security for national defense, they’re scared to death. They don’t know what to do. They do understand the scenarios. They do understand it is possible to shut down power plants, power grids, space stations. They don’t know what to do. Uh, departments which are responsible for offense, they see it as an opportunity. They don’t understand that in cyberspace, everything you do is [a] boomerang. It will get back to you.

[26:39] Stuxnet, which was, I don’t know, if you believe American media, it was written, it was developed by American and Israel secret services, Stuxnet, against Iran to damage Iranian nuclear program. How many computers, how many enterprises were hit by Stuxnet in the United States, do you know? I don’t know, but many.

Last year for example, Chevron, they agreed that they were badly infected by Stuxnet. A friend of mine, work in Russian nuclear power plant, once during this Stuxnet time, sent a message that their nuclear plant network, which is disconnected from the internet, in Russia there’s all that this [cutting gestures, garbled], so the man sent the message that their internal network is badly infected with Stuxnet.

[27:50] Unfortunately these people who are responsible for offensive technologies, they recognize cyber weapons as an opportunity. And a third category of the politicians of the government, they don’t care. So there are three types of people: scared to death, opportunity, don’t care.”

He didn’t actually say the ISS was infected with Stuxnet; he only suggested it’s possible Stuxnet could infect devices on board. Malware infection has happened before when a Russian astronaut brought an infected device used on WinXP machines with her to the station.

But the Chevron example is accurate, and we’ll have to take the anecdote about a Russian nuclear power plant as fact. We don’t know how many facilities here in the U.S. or abroad have been infected and negatively impacted as only Chevron to date has openly admitted exposure. It’s not a stretch to assume Stuxnet could exist in every manner of facility using SCADA equipment combined with Windows PCs; even the air-gapped Russian nuclear plant, cut off from the internet as Kaspersky indicates, was infected.

The only thing that may have kept Stuxnet from inflicting damage upon infection is the specificity of the encrypted payload contained in the versions released in order to take out Iran’s Natanz nuclear facility. Were the payload(s) injected with modified code to adapt to their host environs, there surely would have been more obvious enterprise disruptions.

In other words, Stuxnet remains a ticking time bomb threatening energy and manufacturing production at a minimum, and other systems like those of the ISS at worst case.

As Kaspersky noted, there are three government reactions to Stuxnet’s continued proliferation in the digital world. The computing cowboys who likely approved, supported, created, and launched this cyber weapon continue their optimistic stance with regard to the use of cyber weapons.

The politicians who knowingly or unknowingly signed off on these weapons remain indifferent and clueless. (Hello, Congress?)

And the remainder are still terrified — scared to death, said Kaspersky — of the potential for a disaster set in motion by Stuxnet. They may have limited solutions, but funding could be dependent on people in the indifferent/clueless politician category. They may not have solutions, thwarted by the cyber warfare zealots in the first category, or by the nature of the technology itself (you’ll notice Microsoft is doing nothing out of the ordinary about its vulnerabilities apart from offering a bounty to citizen bug hunters).

This does not sound like a formula for effective pre-emption of cyber weapons, does it?

We can only wonder what it will take for a critical mass of those persons responsible for effecting national security to get on the same page. Will it take more corporations the size of Chevron admitting to Stuxnet-infections?

Or will it take ISS breaking up spectacularly like an IMAX 3D-screened sci-fi movie before they catch a clue?

Whatever it takes, you know the responsible folks been warned — again, and again, and again.

You’ll also recall the Stuxnet payload delivery method requires two different failures of security before it launches its payload: a fake or stolen security certificate, and encryption which unpacks the content. Neither of these challenges have been addressed effectively by the global IT community. The latter challenge may have been enabled in no small part by the National Security Agency’s efforts to weaken of National Institute of Standards and Technology’s encryption standards, used on Microsoft Windows devices — as discussed here in September. We’re still waiting for credible traction on this, as are members of the cybersecurity community.

Science in the ‘National Interest’: What About Everything Else? [UPDATE]

FieldsOfScience_ImageEditor-FlickrThe Republican-led House Committee on Science, Space and Technology, chaired by Rep. Lamar Smith (TX-21), wants the National Science Foundation’s grants to be evaluated based on the “national interest.”

Bring it, boneheads. By all means let’s try that standard against EVERYTHING on which we spend federal money.

How many television and radio stations, licensing publicly-owned airwaves, are granted licenses under which they are supposed to serve the “public interest, convenience, or necessity”? Because apart from emergency broadcast signal testing, most of them don’t actually do that any longer, suggesting we really need to re-evaluate broadcasters’ licenses. Let’s put the FCC’s licensing under the microscope. If broadcasters aren’t truly serving “national interest” in the manner parallel to a House Science Committee discussion draft — proposed criteria being “economic competitiveness, health and welfare, scientific literacy, partnerships between academia and industry, promotion of scientific progress and national defence” — the least they could do is pay us adequately for a license to abuse our publicly-owned assets as well as our sensibilities. There’s probably something in the defunct Fairness Doctrine about broadcasting and the nation’s interests…unless, of course, “public” does not mean “nation.” Perhaps Rep. Smith believes “national interest” = “business interest,” which opens up a massive can of definition worms.

How about banks and insurance companies? How many of them were in one way or another not merely affected by the financial meltdown of 2008, but direct contributors to the cataclysm because their standards of operation were shoddy — specifically, with regard to subprime mortgages. Why not put their regulation under the same lens: are these financial institutions serving the “nation’s interest”? The financial industry’s business practices and the regulatory framework existing in early 2008 certainly didn’t defend this nation’s economic competitiveness, damaging the ability to obtain credit as liquidity was threatened. Jeepers, wasn’t that the intent of defunct Glass-Steagall Act after the Great Depression, to assure that commercial and investment banking acted in a secure manner consistent with the nation’s interests?

We could go on and on across the breadth of departments and regulatory bodies which either issue funds or licenses, putting them all to the same test. Do they serve the “national interest”?

The problem here isn’t that the NSF in particular isn’t validating grants as to whether they serve the “national interest.” The NSF already uses criteria to evaluate proposal submissions for their alignment with the nation’s aims.

The real problem is that Rep. Lamar Smith is not qualified to lead with regard to assessing the value of science. He’s a lawyer with some business background — he does not have an education strong in science, technology, engineering, and math (STEM). Ditto the other 14 out of 22 total Republican members who are mainly lawyers and accountants, not previously educated or employed in STEM-related fields.

Nor do Rep. Smith and his majority of the overall science committee appear to understand the NSF’s grant-making process. The approximately 40,000 annual research proposals covering non-medical science and engineering are “reviews are carried out by panels of independent scientists, engineers and educators who are experts in the relevant fields of study, and who are selected by the NSF with particular attention to avoiding conflicts of interest.” Only 25% of proposals evaluated receive awards. What will the NSF reviewers do differently than they have already been doing in their assessments?

If the point is to ensure that overall proposal funding is reduced, Rep. Smith should just cut to the chase and say that, because changes to the review process may simply add more bureaucracy without adding any value, and potentially allow gaming of the system if non-STEM criteria and reviewers are eventually added who have no idea as to the value of the proposals they are evaluating.

There’s also the question of funding proposals that may receive financial support from no other venue and may not yield immediate return on investment. Is it in the nation’s interest to fund certain projects that corporations won’t fund? Is it in the nation’s interest to fund proposals that corporations should be funding? And are advances in science in general in the nation’s interest?

Ultimately, this entire proposal to assess science investment for fit with “national interest” is rather flippant: what do Rep. Smith and the rest of the House Science Committee Republicans think socialism is, but a “co-operative management of the economy”? Wouldn’t putting science funding through a “nation’s interest” assessment encourage a more socialistic, co-operative approach to our nation’s investment in science?

Not that this is a problem; we could have used more of that approach in the financial sector, for starters, to prevent debacles like the crash of 2008. But I’m betting Republicans really don’t want government to take a more socialized stance.

7:00 pm 08-NOV-2013 — Update —

Long-time community member Valley Girl brings a little more perspective to this issue, of particular note given her deep background in science as a career.

I’ve been poking around the NSF site trying to find more data. When wiki says 10,000 of 40,000 proposals are funded, I started wondering about this. NSF has grant programs that cover a whole range of things- not just research grants (as normally understood by the scientific community, but NSF pre- and post-doctoral grants to individuals, etc. I don’t know what the funding rates are for their different programs, and I can’t find this information. But, my recollection having served on NSF research grant review panels is that the funding level (% wise) is (or at least was) around 10% research grants being funded. At the time, the odds of getting an NSF research grant were lower than getting a research grant from NIH= National Institutes of Health (=HHS in various tables I looked at). And, the dollar amount of these individual grants was (probably still is) small compared with NIH. Tiny.

Here is one page I found that gives an idea of the $ cost of NSF compared with other agencies


Look at Table 2 for example, which includes research and development. There are two sets of columns, one for current dollars, and one for 2005 equivalent dollars. Following is from first set of columns $ for DOD, HHS (NIH) and NSF, projected 2013 spending. Note that these are “Current $millions”, meaning get out your million $ multiplier.

Total 136,472
DOD 73,725 ~54%
HHS 30,853 ~23%
NSF 5,423 ~4%

NSF is the only agency that supports “ecology” i.e. studies that might track global warming, so I think previous suggestions re: motives are spot on.

The Stalker Outside Your Window: The NSA and a Belated Horror Story

[photo: Gwen's River City Images via Flickr]

[photo: Gwen’s River City Images via Flickr]

It’s a shame Halloween has already come and gone. The reaction to Monday’s Washington Post The Switch blogpost reminds of a particularly scary horror story, in which a young woman alone in a home receives vicious, threatening calls.

There’s a sense of security vested in the idea that the caller is outside the house and the woman is tucked safely in the bosom of her home. Phew, she’s safe; nothing to see here, move along…

In reality the caller is camped directly outside the woman’s window, watching every move she makes even as she assures herself that everything is fine.

After a tepid reaction to the initial reporting last week, most media and their audience took very little notice of the Washington Post’s followup piece — what a pity, as it was the singular voice confirming the threat sits immediately outside the window.

Your window, as it were, if you have an account with either Yahoo or Google and use their products. The National Security Agency has access to users’ content inside the corporate fenceline for each of these social media firms, greasy nose pressed to glass while peering in the users’ windows.

There’s more to story, one might suspect, which has yet to be reported. The disclosure that the NSA’s slides reflected Remote Procedure Calls (RPCs) unique to Google and Yahoo internal systems is only part of the picture, though this should be quite frightening as it is.

Access to proprietary RPCs means — at a minimum — that the NSA has:

1) Access to content and commands moving in and out of Google’s and Yahoo’s servers, between their own servers — the closest thing to actually being inside these corporations’ servers.

2) With these RPCs, the NSA has the ability to construct remote login access to the servers without the businesses’ awareness. RPCs by their nature require remote access login permissions.

3) Construction through reverse engineering of proprietary RPCs could be performed without any other governmental bodies’ awareness, assuming the committees responsible for oversight did not explicitly authorize access to and use of RPCs during engineering of the MUSCULAR/SERENDIPITY/MARINA and other related tapping/monitoring/collection applications.

4) All users’ login requests are a form of RPC — every single account holder’s login may have been gathered. This includes government employees and elected officials as well as journalists who may have alternate accounts in either Gmail or Yahoo mail that they use as a backup in case their primary government/business account fails, or in the case of journalists, as a backchannel for handling news tips.

5) The public may not understand, nor may they ever receive adequate clarification with regard to the breadth of NSA’s access over time to Google’s and Yahoo’s content, given the rolling application of masking methodology which ostensibly protected non-targets’ data. In 2006, Google researchers disclosed that as many as 60 applications used “Bigtable” [PDF] — a proprietary distributed storage system for structured data. That number is likely larger today, but some applications have come and gone since then. What Google applications don’t use Bigtable, and are otherwise not included in the “defeat” list believed to be the applications excluded from tapping/monitoring/collection applications? We don’t know on the face of it; Google engineers do, of course, though they may not be able to communicate this publicly for proprietary and security reasons. Further, what content was monitored and collected from the initial tap to today’s partially masked state? There was a slow ramp up of the defeat list over time; the applications on the list to be masked off from NSA’s screening/collection were not present initially. We can only assume that the same challenges exist with Yahoo’s content and applications — or worse, given the business’s somewhat disorganized approach to its application portfolio up until 2012.

6) The data screened/collected including the RPCs may also include metadata — it may indicate users’ location by IP address, which in some cases is the same as a physical address. It’s not at all clear this was masked out for any user.

7) To bypass the Secure Sockets Layer (SSL)  employed to secure transmissions between users and the social media businesses’ servers, the NSA tapped either private and/or leased lines directly between servers, not the public transmission lines between users and servers, in order to access Google’s and Yahoo’s content as it moved between servers. This is yet another example of the NSA ignoring property rights, though they may claim that because the taps were located outside the US they were not limited by US law.

In spite of these challenges, the media and the public continue on blithely as if there were no new problems revealed this last week with regard to the NSA’s behavior.

What should truly shake them up is not merely the threats revealed so far, or the initial angry reaction of Google engineers shared by the Washington Post in the 30-OCT revelatory article.

It’s the persistent and increasing anger of Google engineers who are now going public, though speaking not for Google but as individuals about the breach of Google’s systems by the NSA. The degree of anger suggests there is far more to this story than appears on the surface. What would torque off engineers enough to be so deeply angry, so very openly?

As @Public_Archive tweeted earlier this week,

We’ve reached a point in history where the writings of JG Ballard & Philip K Dick have clattered into the quotidian realm of realism.

Be afraid; the horror is no longer a mere story. Happy much-belated Halloween.

Angry Mom and First Principles: What is the Nature of a Broken Lock?

This won’t be a cool, calm, collected post like Marcy writes, because it’s me, the angry mom. You might even have seen me Tuesday afternoon in the school parking lot waiting to pick up a kid after sports practice. I was the one gripping the steering wheel too tightly while shouting, “BULLSHIT!” at the top of my lungs at the radio.

The cause? This quote by President Obama and the subsequent interpretation by NPR’s Ari Shapiro.

President Obama to ABC’s new Latino channel, Fusion (1:34): It’s important for us to make sure that as technology develops and expands and the capacity for intelligence gathering becomes a lot greater that we make sure that we’re doing things in the right way that are reflective of our values.

Ari Shapiro (1:46): And, Audie, I think what you’re hearing in that quote is a sense that is widespread in this administration that technological improvements have let the government do all kinds of things they weren’t able to do before. They tapped the German Chancellor’s personal cellphone and nobody really stopped to ask whether these are things they should be doing. And so that question, just because we can do something, well, does it mean we should be doing it, that’s the question that seems to be the focus of this review.

Bullshit, bullshit, bullshit.

Here, let me spell this out in terms a school-aged kid can understand.

photo, left: shannonpatrick17-Flickr; left, Homedit

This is a doorknob with a lock; so is the second closure device on the right.

The lock technology used on the second door is very different; it’s no longer simple analog but digitally enhanced. The second lock’s technology might be more complicated and difficult to understand. But it’s still a lock; its intrinsic purpose is to keep unauthorized persons out.

If one were to pick either lock in any way, with any tools to enter a home that is not theirs and for which they do not have permission to enter, they are breaking-and-entering.

If it’s law enforcement breaching that lock, they’d better have a damned search warrant or a court order, in the absence of a clear emergency or obvious crime in progress.

The argument that information technology has advanced to the point where the NSA blindly stumbles along without asking whether they should do what they are doing, or asking whether they are acting legally is bullshit. They have actively ignored or bypassed the proverbial lock on the door. It matters not where the lock is located, inside or outside the U.S.

The Washington Post’s revelation Wednesday that the NSA cracked Yahoo’s and Google’s SSLsecure sockets layer — is equivalent to evidence of deliberately busted door locks. So is the wholesale undermining of encryption systems on computers, cellphones, and network equipment revealed in reports last month, whether by weakened standards or by willfully placed holes integrated in hardware or software.

The NSA has quite simply broken into every consumer electronic device used for communications, and their attached networks. When the NSA was forced to do offer explanations for their actions, they fudged interpretations of the Constitution and laws in order to continue what they were doing. Their arguments defending their behavior sound a lot like a child’s reasoning.

But there might be something bad going on behind the door.

But we might need something behind the door in the future.

But we can get behind the door if we ask our close circle of select friends to check our permission — they’ll keep our secrets, just trust us, we’ll be good, honest.

But we have the authority to be everywhere when we deem it necessary, without asking first.

And so on. The only argument we haven’t seen yet (and might yet see) is a full-blown, screaming-kicking-body-on-the-floor tantrum amid cries, But we wanna’ do it!

President Obama’s statement Tuesday suggests that the NSA has now resorted to the arrogant “You’re too stupid to understand these cool tools we’ve made, so we can do it until you get smart enough to stop us” defense. Granted, members of Congress and the judiciary have repeatedly proven their ignorance about technology. The NSA’s leadership — including Keith Alexander, with a career’s experience in spying technology and multiple master’s degrees under his belt — is fully aware of the disparity between their technical prowess and that of U.S. elected officials. They make use of this knowledge to fend off focused questions.

Like whether the NSA broke the locks on the doors of ALL electronic communications-generating devices, and the networks supporting them.

Let’s simplify the problem of NSA’s data collection processes scooping up metadata from innocent, non-target/non-suspect individuals, the collection of their locations based on cellphone use, the apparent snooping through email and other documents conveyed and stored in social media providers like Yahoo and Google.

These are all phones.

photo: left, DanBrady-Flickr; center, Albumen-Flickr; right, Skype.

All these devices are used to convey communications data — information in bits, whether audio, visual, text, so on — from one individual to another, over networks both hardwired and wireless. Wiretapping of telephones was supposed to require a search warrant showing probable cause.

But the NSA has disregarded users’ long-held expectations of privacy and security in their communications. The NSA doesn’t care whether it’s a plain old telephone service (POTS) hardwired phone, a cellphone, a WiFi-enabled tablet/netbook/laptop/personal computer. They don’t care if you’re on cable, fiber, wireless service. Whatever expectations about privacy the public believed were reserved for anyone of these electronic devices and supporting networks — more so for communications based on voice over POTS — the NSA has chosen to ignore them just as they have ignored the locks on the doors.

When forced to explain why they have ignored individuals’ rights to privacy and security, they use the same childish explanations — see above. The only new spin is their segregation of electronic devices not identified as POTS or hard-wired telephones; they’ve chosen to ignore the fact that voice communications are now conveyed using a much broader range of devices.

But we have authority to access these devices because they’re not really telephones.

But we can tap these not-telephone devices because they are overseas, and anybody and everybody overseas is fair game, whether Chancellor or Pope.

While it’s absolutely necessary that both the public and their elected officials become more technically savvy in order to see through the NSA’s bullshit and develop better policy, regulations, and oversight, it’s also essential that the public and their representatives remember first principles while considering the NSA’s overbroad spying:

It is what it is on the face of it:

  • Locks on consumer electronics and networks have been willfully and systematically broken;
  • Personal, private, and confidential communications as well as related metadata have been taken in the overwhelming number of cases without cause;
  • The NSA refuses to give us any reasonable, straightforward explanation as to why laws do not apply to their breaking into our communications and devices.

Some folks at the NSA, White House, and Congress needs a time-out for their inability to grasp the rather simple nature of this failure and put an end to this mess. I’m *this close* to suggesting a spanking instead.

Last Week’s Blizzard, This Week’s Hell

Did you know there was a blizzard last week? I’ll admit I didn’t. Never saw a peep about it across several Twitter and internet news feeds until today.

Between 28 and 60 inches of snow fell across parts of South Dakota late last week in a freakishly early snow storm, the white stuff accumulating rapidly while many of us were picking apart reports about the National Security Agency’s breaching of Tor. I was watching my feed pretty closely at the time, and never saw a thing about South Dakota’s weather.

Many if not all of South Dakota’s cattle ranchers still had herds out in summer grazing areas at the time the storm hit. The results are still being measured; somewhere between 15% and 50% of the entire South Dakota herd died in the storm, with long-term effects on the remaining herd as yet unknown.

I haven’t seen a map of the affected area, but I’ll bet these same ranchers may have been impacted by flooding earlier this year. Comprehensive maps detailing the affected area probably won’t be widely available until after Congress resolves the budget and debt ceiling disputes, restoring funding to government agencies like National Oceanic and Atmospheric Administration (NOAA) National Weather Service. Fortunately less detailed maps are available, reflecting flood warnings in western South Dakota.

The worst part of this situation isn’t the lack of predictive information in advance of the storm or impact maps in the wake of the blizzard. It’s the lack of any federal assistance to ranchers devastated by this storm; state agencies struggling with the impact of the storm on their normal operations will be challenged to respond without additional aid. Was adequate advance warning possible from NOAA’s skeleton crew? Should the affected area have been declared a federal disaster? Should there be assistance for cleanup and disposal of approximately 75,000 head of cattle? Should there be agencies looking into financial aid for those ranchers most impacted? Should there be health assessments with regard to the potential spread of disease among humans and cattle alike as the storm’s damage is documented?

Of course there should be assessments and assistance. We’ve agreed as a nation these kinds of services and more are in the best interest of the public as a whole, and we’ve funded them in the past. We help our neighbors in times of trouble just as they help us — this is and has been part of our American values.

It’s too damned bad, though, that Congressional Republicans have decided hard-working farmers — folks who ordinarily might be their base — are less important than a massive temper tantrum about health care and debts they agreed to under the last three presidential terms. Compare the speed with which Congress agreed to bail out soft-handed, flabby-assed banksters back in 2008 — the same banksters who made money off shady subprime mortgages and then tanked the economy with equally shady derivatives based on the same. It took one week from the time Congress reached a tentative agreement between parties, and passage of the Emergency Economic Stabilization Act of 2008. If speed of Congressional response were a measure of importance, helping hard-working but distressed small business owners in the heartland clearly isn’t a benchmark of note.

Badly Broken: We Are Walter White

BreakingBad_logophotoI’ll bet tonight’s blog traffic will drop sharply, and explode on Twitter — and at 9:00 p.m. EDT exactly. That’s when the last episode of AMC’s Breaking Bad will air, following a 61-hour marathon of all preceding episodes from the last five years.

A friend expressed concern and astonishment at the public’s investment in this cable TV program, versus the Intergovernmental Panel on Climate Change’s Fifth Assessment Report published Friday, expressing heightened confidence in anthropogenic climate change:

“The report increases the degree of certainty that human activities are driving the warming the world has experienced, from “very likely” or 90% confidence in 2007, to “extremely likely” or 95% confidence now.” [source]

He’s right; we’ll be utterly absorbed by the conclusion of former high school chemistry teacher and cancer patient Walter White’s tale. We’ll have spent a fraction of intellectual energy on our own existential threat, in comparison to the mental wattage we’ll expend on a fictional character’s programming mortality.

But perhaps Breaking Bad’s very nature offers clues to our state of mind. Viewers are addicted to a program that upends perspectives and forces greater examination.

— The entire story of Walter White, a middle class white guy with a good education whose cancer threatens his life and his family’s long-term financial well-being, would not be viable were it not for the dismal state of health care in America. There are no Walter Whites in Canada, for example; the U.S. has become little better than a third world narco-state, our health and shelter dependent on ugly choices like crime because our system of governance cannot respond appropriately under pressure for corporate profitability.

We cling to White, though he has become the very thing we pay our law enforcement to battle, because he is us — morally conflicted, trying to safeguard our lives and our families in a deeply corrupt system. At the end of each Breaking Bad episode the distortion of our values is evident in viewers’ failure to reject a criminal character depicting a drug lord manufacturing and selling a controlled substance, while guilty of conspiracy, murder, and racketeering in the process.

In the background as we watch this program, we permit corporate-owned congresspersons to shut down our government in a fit of pique over the illusion of better health care for all.

— Like White, the existential threats we face are ignored once we reach a degree of stasis. White gets treatment for cancer, which goes into remission. But he has become hooked on the money, the power, the rush that comes with this new dark world he has entered. No day is the same, unlike that of the meek, mild-mannered chemistry teacher’s world he once inhabited. With this addiction comes new existential threats that in turn increase the likelihood the original cancer will return. The meth White began to cook to resolve his cancer has become a new cancer in itself.

We are in similar straits: though we’ve been informed for decades that our consumption and incumbent pollution is problematic, we have become addicted to newer, better, faster anything, adopting a culture of disposability, if we can just have our next new fix whether it’s a car, a computer, a cellphone, pick it, it’s all ultimately petroleum and rare minerals assembled using the sweat and blood of the poor. We’ll keep consuming in spite of the fact that our consumption is threatening our way of life.

We are become Death, the destroyer of worlds.

Well, this one in particular. We toy with the notion of expanding our empire to the moon and Mars.

— White does this for his family, he says all along. So do we; we stay in our narrow grooves, consuming as we travel forward, telling ourselves we are making jobs, increasing productivity, improving standards of living for ourselves and our loved ones. Yet the truth is quite the opposite. What we are doing within our well-worn track in the rat race is as destructive as it is clueless. We are not happier; we are sicker; we are less well-off.

Because family, we say. And better living through chemistry.

Ultimately, as we peer into our own black monolithic mirrors tonight, watching Walter White or tweeting about him, we see our addicted selves, our troubled families, our malignant government, our sickened world. Art imitates life — it’s a very ugly piece of work reflected in Breaking Bad, were we to see past the superficial bread and circuses to the truth within.

[Pssst…Netflix prepared a Spoiler Foiler tool to filter Breaking Bad spoilers out your Twitter timeline.]

Stupid Smartphones and Their Lying Lies

[Apple iPhone 5s via TheVerge.com]

[Apple iPhone 5c via TheVerge.com]

If you value emptywheel’s insights, donate the equivalent of a couple beers—and thanks for your readership and support.

My Twitter timelines across multiple accounts are buzzing with Apple iPhone 5s announcement news. Pardon me if I can’t get excited about the marvel that is iPhone’s new fingerprint-based biometric security.

Let’s reset all the hype:

There is no smartphone security available on the market we can trust absolutely to keep out the National Security Agency. No password or biometric security can assure the encryption contained in today’s smartphones as long as they are built on current National Institute of Standards and Technology (NIST) standards and/or the Trusted Computing Platform. The NSA has compromised these standards and TCP in several ways, weakening their effectiveness and ultimately allowing a backdoor through them for NSA use, bypassing any superficial security system.

There is nothing keeping the NSA from sharing whatever information they are gleaning from smartphones with other government agencies. Citizens may believe that information gleaned by the NSA ostensibly for counterterrorism may not be legally shared with other government agencies, but legality/illegality of such sharing does not mean it hasn’t and isn’t done. (Remember fusion centers, where government agencies were supposed to be able to share antiterrorism information? Perhaps these are merely window dressing on much broader sharing.)

There is no exception across the best known mobile operating systems to the vulnerability of smartphones to NSA’s domestic spying. Although Der Spiegel’s recent article specifically calls out iOS, Android, and Blackberry smartphones, Windows mobile OS is just as exposed. Think about it: if your desktop, laptop, and your netbook are all running the same Windows OS versions needing patches every month to fix vulnerabilities, the smartphone is equally wide open as these devices all use the same underlying code, and hardware built to the same NIST standards. Additionally, all Windows OS will contain the same Microsoft CryptoAPI believed to be weakened by the NSA.

If any of the smartphone manufacturers selling into the U.S. market say they are secure against NSA domestic spying, ask them to prove it. Go ahead and demand it — though it’s sure to be an exercise in futility. These firms will likely offer some non-denial denials and sputtering in place of a firm, “Yes, here’s proof” with a validated demonstration.

Oh, and the Touch ID fingerprint biometrics Apple announced today? You might think it protects not against the NSA but the crook on the street. But until Apple demonstrates they pass a gummy bear hackability test, don’t believe them.

And watch for smartphone thieves carrying tin snips.

Copyright © 2018 emptywheel. All rights reserved.
Originally Posted @ https://www.emptywheel.net/author/rayne/page/46/