nettime's_geodesic_structure on Fri, 28 Sep 2001 13:16:14 +0200 (CEST) |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
<nettime> black unicorn on 'high concept, low tech' [hettinga x3 + platt] |
Black Unicorn: Reflections on "High Concept, Low Tech," Martial Law, the new Paper Gauntlet and the changing meaning of 911. "R. A. Hettinga" <[email protected]> "R. A. Hettinga" <[email protected]> [forwarding charles platt] "R. A. Hettinga" <[email protected]> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Date: Thu, 27 Sep 2001 19:27:36 -0400 From: "R. A. Hettinga" <[email protected]> Subject: Black Unicorn: Reflections on "High Concept, Low Tech," Martial Law, the new Paper Gauntlet and the changing meaning of 911. http://www.inet-one.com.my/cypherpunks/current/msg00253.html Reflections on "High Concept, Low Tech," Martial Law, the new Paper Gauntlet and the changing meaning of 911. Click for Main Site * To: <[email protected]> * Subject: Reflections on "High Concept, Low Tech," Martial Law, the new Paper Gauntlet and the changing meaning of 911. * From: "Black Unicorn" <[email protected]> * Date: Tue, 25 Sep 2001 16:06:36 -0700 * Sender: [email protected] Amid the flood of profound, pseudo-profound and posuer-profound writings that have found their way- like so many thrice forwarded bad jokes or internet chain letters- to me since Tuesday, Charles Platt's work "The Enduring Power of Stupidity" clarified quite a number of things, at least to my way of thinking. Though perhaps not for the reasons Platt intended the work gelled some number of thoughts many of which had been rattling around for some time. "There are two basic forces in the world..." Platt begins, "Intelligence and stupidity. Human intelligence generally is creative, and has the potential to enhance our lives. Stupidity almost always is destructive." I immediately thought of the phrase "If we make this idiot-proof they will simply design a better idiot." Hold that thought. High Concept, Low Tech "High Concept, Low Tech" is a term that has been tossed around quite a bit lately. What is interesting to me is that the asymmetric attack on Tuesday was not by any understanding "High Concept, Low Tech,"as is being repeatedly reported by this or that expert. Quite the reverse. It was precisely because- at least partly because- the 757s/767s piloted by our most recent madmen of note were extremely sophisticated that the attack was so successful. A number of factors came into play here. Firstly, though an expensive- relative to most like operations- attack to implement, both financially and temporally, the operation as it was mounted on the 11th was far cheaper because of the simple ease with which 757s and 767s are flown, at least once aloft. As of Tuesday fly-by-wire is to "terrorists" what Perl is to script-kiddies. Inevitably as technologies enable humans to move more metal and petroleum tubes faster, further and higher with less brain work, less training and less expertise than the day before... well, more potential energy, less brains equals higher risk. This "black box syndrome" means that a housewife behind the wheel of a Volvo can effortlessly brake like Schumacher. It means that Bob Smith can hurl 412,000 pounds of metal and fuel at a building- and it is only going to get worse. In April of 2000 Bill Joy wrote an article in Wired that has always frightened me a little. Chief among his comments: The 21st-century technologies - genetics, nanotechnology, and robotics (GNR) - are so powerful that they can spawn whole new classes of accidents and abuses. Most dangerously, for the first time, these accidents and abuses are widely within the reach of individuals or small groups. They will not require large facilities or rare raw materials. Knowledge alone will enable the use of them. Mr. Platt, unwittingly I think, invokes Joy in his article. "Ultimately computational power should enable us to manipulate matter itself," says Platt, "...enabling a new era of unlimited wealth while eliminating side effects such as pollution and global warming." But, Platt points out, "On Tuesday I saw that stupidity still trumps intelligence." I fear Platt is right. I fear Joy is right. The inevitable march of technology puts more in the hands of the few faster and faster. Black arts are fewer and farther between. Cryptography is a prime example. Publishing a second. Biotechnology an emerging one. In all of these disciplines what was once the bastion of a few dedicated researchers or government types has been shattered by tools that now create a universality that increasingly becomes disturbing to contemplate. As force multipliers approach an individual as an acceptable seed value, controls approach impossibility and risk increases geometrically. From the crossbow to the handgun to the semi-automatic rifle, individuals increasingly have more and more power to destroy. A single twisted mind suddenly has the power to suffocate, blind, destroy, kill, maim hundreds or thousands or hundreds of thousands. The only challenge today is to find the right context. In a crowd an expert with a handgun can probably kill or severely wound 10-15 people with some effort. On an airliner an idiot with a handgun can kill 300 with no effort. A few moderately intelligent and directed individuals with third rate edged weapons can kill thousands and simply erase tens of billions of dollars of wealth in 4 hours. High concept, high tech and high impact. What I haven't heard said yet is that on Tuesday we all bore witness to what must have been the most successful conspiracy in some centuries. Dozens if not hundreds of individuals working in concert, over two or more years to mount this operation and maintaining operational security and operational focus throughout. Given the short selling in a few key insurance firms a few weeks before the incident the operation might have even turned a substantial profit. The high water mark for the lowly funded population of a layman black operation is now in the hundreds. I suspect most counter-intelligence people would have placed it at 10-15 as recently as Monday. If this is the case what of the day- surely not far away- when a group of 50 can mount a nuclear program of moderate success? A biochem program of moderate success? Or as Platt muses, when "...computational power should enable us to manipulate matter itself." Perhaps to synthesize plutonium? At the risk of sounding "Seganesque" I suspect our species might well be too curious for our own good. Martial Law The events of September 11th have not been the first and are not going to be the last example of technology (in whatever form) put to ill use. Terrorism will doubtless have several banner years in the next decade, the likes of which have not been seen since the many skyjackings in the '70s. The insidious thing about these kind of attacks is that they tend to result in something akin to martial law. Freedoms and liberties are necessarily curtailed- and yet nothing changes substantially. Terrorist operations are well designed to seek the underbelly and hit soft targets. They are easiest to mount in predominately free societies where terrorists can live and travel in relative freedom and obscurity. They also have the most impact in such environments, where the citizenry is used to relative peace, tranquility and privacy. The foreign policy of the United States, particularly with reference to the Middle East, doesn't make friends quickly- consider it the externality cost of the cheap oil Americans so dearly love. This combination probably means a profound overreaction (I think we have all seen this already) and potentially crippling "temporary" measures which have a life all their own once implemented. Inevitably, all of this is going to result in a plethora of measures, proposed measures, programs, "temporary administrative agencies" and so forth. Ellison's half-baked national ID proposal, the "homeland defense" cabinet level agency- if this doesn't sound like something right out of 1930's Berlin I don't know what does- plus crypto restrictions and even internment camps. All of these things are- of course- fairly useless. Terrorism has found its killer app in finally targeting the United States on a large scale- a fat and slow target with few natural defenses that are not overcome by mildly clever manipulation of immigration laws and customs, instantaneous communications as well as international air travel. Would you rather mount such an operation in The United States or Israel? The United States has a binary decision to make. Either stay a generally free society and endure the occasional and nearly impossible to prevent suicide-terrorist acts or impose martial law, fundamentally altering the social landscape of life in the United States. (Not that it couldn't have been said to have been irrevocably altered already. I never thought that- even as a foreigner- I would be so disturbed by a display of patriotism- or even hyper-patriotism- as I have come to be by the many American flags waving around as far as the eye can see. The rapid transformation of the star-spangled to a war banner of anger, vengeance and mourning all at once is unsettling in the extreme). Between those two choices the former is a hard thing to envision. Americans as a population generally look for the "quick buck." The immediate solution. Long term is often lost on the masses. Enduring more World Trade Center like events (for there are sure to be more from whatever source) is hard to imagine. America has been "security spoiled" until September 11th. Unfortunately, I fear rash decision are on their way. "What would you give up for security." "Right now? Everything. Anything." Oh boy. Here we go. The New Paper Gauntlet The common theme in most of the proposals I see today revolves around identification. Today, as most members of this list well know, there is no real "national identification" system in the United States right now. There is however, a paper gauntlet. A maze of paper filings and credentials required for almost every private- and some public- activity. Driver's licenses are not mandatory, unless you want to drive. State issued identification is not mandatory, unless you want to fly, open a bank account or do anything else productive. Running this paper gauntlet and its many forms, applications, checks and so forth leaves a strong trail of activity behind the individual who is not careful enough to frustrate this system. It does have a weakness today however. There are few universal databases in the United States. Citizen movements are not catalogued ex ante in a single system today. Many systems must be correlated ex post once a citizen has brought attention to themselves. There is an investagatory barrier to rebuilding the steps of a given citizen today. Not a large one, but large enough to prevent massive fishing expeditions, and large enough for the clever to slip between the cracks- either for privacy or for criminal activity. Those smart enough to keep out of sight usually have no problem circumventing the system slightly for innocent purposes. Today the temptation has become to institute more stringent and centralized controls in the hopes that such efforts will create a good chokepoint from which to identify troublemakers. As usual, this is an illusory bit of security. Paper gauntlets are annoying and expensive- so much so that the costs are certain to be amortized across private sector industries and such. They will still serve primarily to create records best used in ex post investigations, not in preventing crime. CTR's, currency transportation reports, foreign account suspicious activity notices and the like are all ex post measures. Centralizing or consolidating records will probably raise the bar for casual paper trippers slightly, but not sophisticated attacks like the September 11th operation. It has come out this week that as many as 12 western educated men and their families may have been murdered to provide terrorist operatives with fresh, and undisputed, identities to use. In the face of this kind of resolve a national ID program, or any of the other measures being publicly floated will do little- if anything- ex ante to stop terrorism, particularly the brand that spends 300 to 400 thousand dollars per operative in "blend in" efforts. I'm most alarmed by the fingerprint smartcard proposals that are floating around from the great public policy genius of e.g. Mr. Larry Ellison. These will be entirely useless unless every place they are used requires a two or three factor authentication. 1. Possession and presentation of the card and therefore the digitized, stored fingerprint data. 2. Presentation of the individual's fingers to provide the fingerprint for checking against #1. 3 (optional) a pin number or other unlocking mechanism for the credential data. What, after all, is the point of providing fingerprints unless they become part of the authentication process? Otherwise individual Y might as well kill individual X and steal the card. Since individual X's prints will never be compared against the card what is the benefit? Personally, the prospect of exposing my biometric data to a terminal and operator of questionable experience, skill and motive every time I get on a plane, make a transaction, apply for a bank account, get a driver's license, etc. etc. bothers me. Of course, the United States has not learned that such data, when not protected properly will be abused. Credit card numbers, social security numbers and now fingerprint indexes. No collective memory. Pity. Paper gauntlets have long been the easy tactic to try and address these kinds of issues. The "Credentialing of America" as one cypherpunk (Mr. May?) put it continues. They have also universally proved ineffective. Still, we should all expect to have to run a much longer and tighter paper gauntlet. All of these things are vulnerable to origin fraud, however. Since Bob has to be able to replace his credentialing data if it is all destroyed in a fire (such things occasionally happen) we have to assume that any uncredentialled individual can replace Bob's credentialing data in the same way, be he Bob, Fred or Frank. All credential systems are dependent on the initial authentication's validity. That is why identity fraud, credit application fraud and the like work. No national ID system, or any ID system, will every fully, or even mostly, remove such fraud. The Changing Meaning of 911. The disadvantage of all this is that all privacy seekers will begin to look more and more like felons- or worse, terrorists. Encrypted mail will be a branding thing to have in your inbox. Neighbors are encouraged to inform on their associates. Strangers are urged to be "vigilant" (suspiciously close to 'vigilante in my view) in reporting "suspicious activity" which is, of course, not defined. The threshold for invoking "911" (that's September 11th for the irony impaired) has been pretty seriously reduced now. Terrorism has gripped the United States so successfully that most of my friends and associates have been heard to comment that things will "never be the same." I tend to think they are right. I tend to think this is most unfortunate. I tend to think it was inevitable. Perhaps we will find that widespread freedom, in the form that we aspire to create it, isn't a sustainable social form in the United States. Prosperity and freedom in their current guise in the United States seem to be subject to the whim of short term thinking. Though I realize this isn't how Platt meant it: "stupidity trumps intelligence." Not only the stupidity of terrorists- in fact I think these terrorists were astoundingly intelligent- but the stupidity of the citizenry. Perhaps the United States is not indeed mature enough- or perhaps _no longer_ mature enough- on the whole to "...pay any price, bear any burden, meet any hardship, support any friend, oppose any foe to assure the survival and the success of liberty." Margaret Thatcher once commented, on the close of the Gulf War: "Now, just look, there is the aggressor, Saddam Hussein, still in power. There is the President of the United States, no longer in power. There is the Prime Minister of Britain who did quite a lot to get things there, no longer in power. I wonder who won?" I do hope we don't come to reflect on the perpetrators of September 11th in the same fashion. What Remains to be Done. If we assume that things are only going to get worse as technology progresses and progressively puts more and more power into the hands of fewer and fewer individuals we probably also have to assume that WTC is not the largest or most impressive terrorist or asymmetric attack we will see in the next decade. We might also assume that the many proposals out there today will not solve the problem- much as metal detectors at airports did not. Much as identity requirements for boarding planes did not. Much as... well you get the idea. I suspect that those two things- which seem a little bit obvious to me- might also mean that governments will increasingly seek to adopt more and more intrusive measures to appear to give their citizens the impression of security. What can we do to foster privacy and preserve crypto even in the face of these potential (but uncertain) changes? I used to write a little bit at the end of every year on this point. What more could we do to further cryptographic development? To increase privacy? I stopped bothering at some point but I recently came across these points from a post I wrote back in 1996: begin quote A. Increasing the ease of use. Perhaps I should have put this as #1, because really among those things which I suggest in this post, I think this is of primary importance. It cannot be stressed enough that encryption must be transparent, easy to use, but at the same time make its presence just apparent enough to encourage its use, and to make users note its absence. B. Multiple encryption method support/larger key sizes. While I may be more paranoid than some, or even most, I think it is crucial to provide for the possibility that strong encryption may one day face a total ban in more countries. To avoid the chilling effect that this would certainly have on development, it is of key importance to permit applications and implementations to nexus with several methods, and to allow what may today seem like extrodinarily large key sizes. (256 bits would not be unreasonable in my view, particularly so where the user was given the option of selecting a ~128 or so bit method like IDEA or 3DES at their option (consistent with A. above). C. Anonymous communication. I'm not sure this needs much explanation. D. True stego. Today it is a simple matter to identify encrypted traffic. This is the key flaw in what I will call (at risk of sounding like a white paper) the NEI (National Encryption Infrastructure). It subjects users to very effective and easy to implement traffic analysis. While I understand the temptation to use checksum like methods to speed the key checking process, at some point I am of the view that this convenience will come back to haunt crypto. end quote Well, two of these and maybe three are at least somewhat better 5 years later. Good job c'punks. I don't really know what the state of true stego is today, but I submit that it better get a whole lot better in a big hurry. Anyone have any comments about the viability of real stego against concerted state-sponsored fishing expeditions on usenet or elsewhere? What stego applications are out there? Are they any good? Has anyone developed specifications for stego which make sense? Have these been implemented? Anonymous communication? Remailers seem to be at least of passing functionality. I think they will come under increasing scrutiny in the months and years to come. At risk of causing a flame war: Happy Fun Homeland Defense Organization is not amused. More remailers in jurisdictions with foreign policy goals too boring to offend this or that religion or political ambition. Middleman only remailers in those jurisdictions at greater risk of considering oppressive changes in laws or enforcement. What ever happened to Stealth PGP? "The first rule of not being seen- not to stand up." At least if one is using encryption it would be nice to be able to deter key-based traffic analysis. Surely this will increasingly be a problem. (Nice to see Earthlink refusing to install Carnivore, but can all ISPs say the same? Without a doubt Earthlink was not the only one approached). Personally, I'd be willing to drop some coin if it will help foster a strong, open source, multi-platform utility to Stealthify and Stego PGP messages while it's still legal to do so. What's out there to start work with. Would anyone else contribute? If everyone is going to dial 911 at the drop of a hat what do we plan to do about it? * Follow-Ups: * RE: Reflections on "High Concept, Low Tech," Martial Law, the new Paper Gauntlet and the changing meaning of 911. * From: "Blanc" <[email protected]> * Prev by Date: Visa 2.9% Interest ! ltnabw * Next by Date: CDR: THREE MORE DAYS ONLY! Free links & seats Manuf Prod/Cntl Software $1,495! * Prev by thread: Visa 2.9% Interest ! ltnabw * Next by thread: RE: Reflections on "High Concept, Low Tech," Martial Law, the new Paper Gauntlet and the changing meaning of 911. * Index(es): * Date * Thread * Author * Subject CH recommended: Buy This Book! Buy This Book! ----------------- R. A. Hettinga <mailto: [email protected]> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Date: Thu, 27 Sep 2001 23:12:42 -0400 From: "R. A. Hettinga" <[email protected]> Subject: Re: Black Unicorn: Reflections on "High Concept, Low Tech," Martial Law, the new Paper Gauntlet and the changing meaning of 911. --- begin forwarded text date: Thu, 27 Sep 2001 22:24:40 -0400 (EDT) from: Charles Platt <[email protected]> to: "R. A. Hettinga" <[email protected]> subject: Re: Black Unicorn: Reflections on "High Concept, Low Tech," Martial Law, the new Paper Gauntlet and the changing meaning of 911. Thanks for cc'ing me on the Unicorn screed, Bob. Please feel free to forward the following text to the same lists from whence the Unicorn came. As I read Black Unicorn's essay, I kept hoping for some answers or suggestions lurking at the end. But, this was not to be. Oddly enough, just as our DC bureaucrats seem incapable of doing anything new (e.g. in response to clear proof that airport security is a myth, they advocate more airport security) our old friend Unicorn also seems in a box. In answer to renewed attacks on crypto, he advocates more crypto. Personally I think a genuinely new mindset is required--one which Mr. Unicorn should know well, considering his region of origin. Call it the "Swiss Mindset." Everyone armed to the teeth, trained and ready to respond to any trespass with a massive display of force. Obviously this would make a high-tech, high-risk environment such as an airplane safer, because the chance of a random selection of 200 passengers mostly wanting to commit a terrorist act is very small. So long as we can count on terrorists being a minority (as I think we can), the majority has the power to kick ass, and this is the greatest possible deterrent. Now consider the whole nation, in the near future, as a high-tech, high-risk environment like a very large airplane. The same principle applies. Sure, some wacky guy can still pull a destructive stunt, but he knows he'll be caught, because there are so many more of us than there are of him. Centralized law enforcement, centralized systems of protection, cannot work so well to guard against a lone-nut-case terror act, because they are insufficiently dispersed. We-the-people are going to have to take some (gasp) responsibility, here. And sooner or later I think it may actually happen, because after a few more terrorism disasters, even the dumbest and most trusting members of we-the-people must surely figure out that those guys in suits, in DC, really do not have a clue and cannot do what they are promising to do. This is the answer to the "Bill Joy" techno-alarmist school. Disperse the power of retaliation, at the same time that we disperse the potential power to commit sociopathic acts. There's nothing new, here. As an old Pakistani landlord of mine used to say, "It only takes one boy pissing in the well, to poison the whole village." Generally speaking, however, young boys don't dare to piss in the village well--not because it violates some law, but because they know that one way or another, the locals will get a pretty shrewd idea who did it, and the consequences will not be pleasant. It has to come back to a grass-roots level. Even a totalitarian state cannot be safe from terrorist acts. The only safety is in the numbers of our neighbors, if our neighbors would stop watching CNN long enough to realize that _they_ are the ones who need to "do something," or at least be ready to do something. I would like to see mass production and distribution of decontamination suits and 48-hour gas masks (much like the old "sit under your desks now kiddies" atom-blast evasion rituals of the 1950s, but more effective). I would like more people trained in the responsible use of all kinds of weapons. If we are going to spend public money, let's spend it to empower the general public. Alas, this is heresy in present-day DC, where no one even has the nerve to empower airline pilots. But we only right at the beginning of the problem, here. As its intractibility becomes clearer, I like to imagine that the solution will become impossible to ignore, and we will finally see redistribution of power, instead of redistribution of wealth. Sure, call me an optimist. --C --- end forwarded text -- ----------------- R. A. Hettinga <mailto: [email protected]> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Date: Thu, 27 Sep 2001 23:26:51 -0400 From: "R. A. Hettinga" <[email protected]> Subject: Irony still lives (was Re: Black Unicorn: Reflections on "High Concept, Low Tech," Martial Law, the new Paper Gauntlet and the changing meaning of 911.) At 11:03 PM -0400 on 9/27/01, R. A. Hettinga, channelling Charles Platt, wrote: > Call it the > "Swiss Mindset." Everyone armed to the teeth, trained and ready to respond > to any trespass with a massive display of force. Funny you should say that. [I like the Swiss idea, too, minus the forced conscription. A BAR above every mantle, and all that. However...] http://newssearch.bbc.co.uk/hi/english/world/europe/newsid_1566000/1566321.stm Thursday, 27 September, 2001, 18:47 GMT 19:47 UK Gunman kills 14 in Swiss assembly Ten people were injured, eight of them critically A gunman has gone on the rampage in a regional parliament in central Switzerland, killing at least 14 people before committing suicide. He started firing all around for several minutes. It was really terrible Eyewitness Ten others were injured when Friedrich Leibacher, 57, burst into the assembly session disguised as a police officer. He opened fire with an assault rifle and a pistol. Eight of them remain in a critical condition The attack took place at the regional parliament building in the town of Zug, 25 km (16 miles) south of Zurich, at 1030 (0830 GMT) on Thursday. Police say he detonated an explosive device before turning his gun on himself. Leibacher, who had been embroiled in a long-running dispute with the local authorities, left behind a confession note describing his actions as a "Day of rage for the Zug mafia". 'Execution' Officials dived behind desks as Leibacher opened fire. Witnesses reported there was blood everywhere and one member of parliament compared it to an execution. Flags will fly at half-mast for three days "I was just outside the door of the parliament when he came in with a rifle, with several pistols and with what I think was a hand grenade," one eyewitness told Reuters news agency. "He started firing all around for several minutes. It was really terrible." The guns used by Leibacher are standard issue weapons which Swiss nationals have to keep in case of call up. Grudge Leibacher appears to have formed a grudge against local authorities after he became involved in a dispute with bus drivers and transport officials. Parliament was suspended as deputies heard the news One government official, Robert Bisig - who was a particular target of Leibacher's - told a press conference that a court had this week dismissed seven suits brought by Leibacher against the authorities. Leibacher is thought to have held Mr Bisig personally responsible for legal action which local transport authorities had brought against him. The Swiss President Mortiz Leuenberger has ordered all flags to fly at half mast for three days. The national parliament in Bern was suspended when deputies received the news. Although violent crime is extremely rare in Switzerland, gun ownership is widespread due to the obligation to carry out military service and the popularity of shooting as a sport. There are only minimal controls at public buildings but the President of the House of Representatives, Peter Hess, has said that may now need to be reviewed. -- ----------------- R. A. Hettinga <mailto: [email protected]> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # distributed via <nettime>: no commercial use without permission # <nettime> is a moderated mailing list for net criticism, # collaborative text filtering and cultural politics of the nets # more info: [email protected] and "info nettime-l" in the msg body # archive: http://www.nettime.org contact: [email protected]