Category: risk

Barriers, Membranes and What We Agree to Keep Silent About…

Published January 24, 2011 by cgerrish

There are certain animals that have survived, flourished even, through the use of camouflage (a form of crypsis). They blend into the background so well they become invisible. Predators haven’t cracked the code, camouflage works at the level of the species. Now and then it may fail in individual cases, but on the whole it’s been a successful strategy in the game of natural selection.

In the murky waters of the Network, the visibility is nil. It’s only through the hyperlink that a sense of visibility is created— although visibility is probably the wrong word. Following McLuhan, we should acknowledge the Network as an auditory/tactile space. The nodes of the Network are linked by touch. The hyperlink is activated by touch, it’s a flicking of a switch that opens a door to a hidden hallway. We feel our way through the dark until we emerge into the light on the other side. (This is another reason that the multi-touch interaction mode has spread so quickly).

Imagine a location on the Network that was completely devoid of hyperlinks to foreign sites. You’d have to imagine it, because unless you knew the precise incantation to call it into your browser, it would lay perfectly camouflaged within the darkness of the Network. Sometimes this is called security through obscurity—a kind of blending into the background.

This imaginary location might have an infinite number of internal hyperlinks between the locations within its interior. It could be a whole world, completely unknown to the rest of the Network, a veritable Shangri-La. Because this place is unknown and without hyperlinks, there would be no commerce, no trade of bits between this isolated location and the rest of the Network. Of course, if a single hyperlink was formed, this imaginary location would change forever. To stop outside influences from overwhelming this world, a barrier would have to be built and its integrity enforced.

If we adjust our angle a little bit, we’ve just described the state of the modern Corporate Enterprise with respect to the rest of the Network. The fabric of the external Network has been used as the material for the internal Network—the protocols are identical. Keeping these identical twins apart is called security. Of course, twins have a mode of communication, cryptophasia, not available to others.

Hedge funds are beginning to monitor Twitter to evaluate their portfolio holdings and trading opportunities. The public stream is analyzed in real time for sentiment and triggers to put into their trading algorithms. Enough value has accreted to the stream that there’s an advantage to be gained from taking it into account.

In addition to its presence in the public stream, the Corporate Enterprise has begun to launch private public streams meant to reside securely within the friendly confines of the firewall. The purpose of the private public stream is to create more visibility within the Enterprise—although the metaphors have become crossed again. Traditional corporate reporting provides visibility—a kind of linear numeric business intelligence. A real-time micro-message stream with hyperlinked citations transmits auditory and tactile signals. We hear what people are saying about how things are, and by following the hyperlink we can get a deeper feel.

If the public stream, outside the firewall, has enough juice to merit monitoring, the private public stream has even more. And there’s no skill or guile involved in finding it, it’s a busy public thoroughfare accessible to everyone on the inside. If we adjust our angle a bit more, we can see the private public message stream as a series of diplomatic cables. The diplomatic corps of the United States uses these cables to update the status of the system to the Secretary of State. Private internal message streams can develop a value outside the barriers erected by the native tribe. When the value grows great enough there will be motivation to enable a leak. What at first appears to be a barrier, reveals itself as a membrane. The modern worker is a member of many tribes with many, and sometimes competing, allegiances.

Perhaps we might think it’s just a matter of stronger barriers, a matter of winning the arms race. But as Bruce Sterling notes in his assessment of the Wikileaks Affair, these kinds of cracks are going to get easier, not harder over time. Even the system that we might expect to be the strongest no longer operates on the basis that a war over barriers can be won. Here’s Deborah Plunkett, head of the NSA’s Information Assurance Directorate, on the state of their internal network:

“There’s no such thing as ‘secure’ any more,” she said to the attendees of a cyber security forum sponsored by the Atlantic and Government Executive media organizations, and confirmed that the NSA works under the assumption that various parts of their systems have already been compromised, and is adjusting its actions accordingly.

To preserve the availability and integrity of the systems it has the duty to protect, the NSA has turned to standardization, constant auditing, and the development and use of sensors that will be placed inside the network on specific points in hope of detecting threats as soon as they trigger them, reports Reuters.

In the end, we seem to be transported back to days of the tribe and our allegiance to it. In an age where the barriers around systems have become a Maginot Line, it’s down to what we agree to keep silent about— what we don’t share outside the circle. Our public and private faces will grow farther apart, and the innocent and authentic gestures we contributed to the public stream will now be a matter of show. The backchannel that was brought to the fore will require a backchannel of its own. Somewhere out of the glare, where we can have a private conversation— security through obscurity.

One Comment

The Web’s Altamont

Published December 7, 2010 by cgerrish

There’s little point in asking whether the leaks are pro or con: the bell has been rung, the horse is out of the barn, the cat is out of the bag. Once the bits in question have been linked to the Network they exist everywhere at once. The inside is out. Its effect is much like that of ice nine.

The event signals a change. The Network is now pressing up against every utterance, every written or encoded communication. The membrane between the Network and our conversations has become paper thin. Here we begin to have conversations as though we live in a surveillance state. We look for the remaining shadows, the out-of-the-way corner, the crevice where we’re out of earshot of the Network.

We had a sense that the Network was a neutral medium, open and free to all comers. No one knew you were a dog, and you didn’t need much at all to publish to the whole web of the world. But there’s a difference between the ability to publish and the absolute transparency implied by the leak. No doubt there’s someone somewhere who feels they have a right to secrets you’ve been keeping to yourself.

Some bits have been flipped, what was confidential within a trusted circle is now in general circulation. The opaque is now transparent. But something more than that happened. The disclosure was an exercise of power, it had a real impact in the world. It was a military exercise, a wall has been breached, a boundary overcome. The force of those bits being flipped was felt like a punch in the face. Power was awakened and has been loosed upon the Network. Active countermeasures are an effective means of defending a breached border. We have been ushered out of the garden, and now are filled with the knowledge of good and evil. Power travels along many paths, not all of them in the bright sunlight.

The concert at Yasgur’s farm near Woodstock was held from August 15 – 18, 1969. About 4 months later, the Altamont Speedway Free Concert was held on December 6th, 1969.

The theory is that the targeted system can be paralyzed by causing trusted internal message circulation to be severely limited. The power of the Network can be used to cause a hardening of the arteries. When no member of the system can trust any other, the system ceases to function unless it embraces absolute transparency. Of course any system that attacks another system with this method is subject to the same treatment. And although we might say this new method of disclosure is without a home in a nation state, that doesn’t mean it lives entirely in the ether of the Network— it has plenty of earthly bounds and connections. The structure of the Network will provide a limited amount of protection, or rather it provides camouflage for both armies. It should be remembered, there’s a substantial difference between winning an argument and winning.

The dilemma is that to preserve a ‘free and open’ Network, we must preserve the possibility of evil. And where we once thought the walled garden was an uncalled for limitation on our freedoms, we may soon be seeking its protection.

New Speedway Boogie
Robert Hunter and Jerry Garcia

Now I don’t know but I been told
it’s hard to run with the weight of gold
Other hand I heard it said
it’s just as hard with the weight of lead

Who can deny? Who can deny?
it’s not just a change in style
One step done and another begun
in I wonder how many miles?

Spent a little time on the mountain
Spent a little time on the hill
Things went down we don’t understand
but I think in time we will

Now I don’t know but I been told
in the heat of the sun a man died of cold
Do we keep on coming or stand and wait
with the sun so dark and the hour so late?

You can’t overlook the lack Jack
of any other highway to ride
It’s got no signs or dividing lines
and very few rules to guide

One Comment

The Makropulos Case and the Religion of Engineers

Published November 23, 2010 by cgerrish

We look at time in an abstract way and see it stretching out to the horizon, leaping off the edge of the world and galloping on without limit into the wilds of the universe. In a sense, we view the infinity of time as a limitless extension of a space. A line the continues beyond the boundaries of human sight. The analog watch puts time on a leash and walks it around a dial on our wrist.

One of the many thoughts that flooded through my mind while watching San Francisco Opera‘s production of Leos Janacek‘s The Makropulos Case had to do with the religion of the engineers. This idea of the singularity, of shedding this mortal coil in favor of an electronic/digital instantiation of whatever it is we call our lives. The advantage, at least from an engineering perspective, is that, in silicon, we live forever. Or at least that’s the idea in so-called transhumanist circles.

The original story of Janacek’s opera was written by Karel Capek, who is probably better known as the author of the play R.U.R.— a story that featured and coined the term, robot. The engineering version of paradise and eternal life takes the form of inhabiting the robot, where all that was irreplaceable in our mortality can be put on a charge card at the hardware store. Worn parts easily replaced or upgraded.

Janacek’s The Makropulos Case takes a look at what immortality does to the morality of its anti-heroine, Elina Makropulos. Perpetual youth leaves her nothing but apathy and disconnection from the people around her. She’s lived many lifetimes and seen all the people around her grow old and die. The pain and suffering of others has ceased to matter, she’s seen it all before. In the San Francisco Opera production, soprano Karita Matilla, offers a stunningly dramatic performance showing the weight and weariness brought on by eternal youth. The opera, written in 1926, provides a very modern look into the dark side of living an endless series of lifetimes. We often look at the misbehavior of the Greek gods, and wonder how the immortals can be so foolish. Janacek and Capek show us that eternal youth changes the basic equation of human life. All human values are revalued on a payment plan that stretches out to infinity. Something essential is lost in the translation. We’re left with an entity that is too big to fail.

Comments closed

Poindexter, Jonas and The Birth of Real-Time Dot Connecting

Published September 6, 2010 by cgerrish

There’s a case that could be made that John Poindexter is the godfather of the real-time Network. I came to this conclusion after reading Shane Harris’s excellent book, The Watchers, The Rise of the Surveillance State. When you think about real-time systems, you might start with the question: who has the most at stake? Who perceives a fully-functional toolset working within a real-time electronic network as critical to survival?

To some, Poindexter will primarily be remembered for his role in the Iran-Contra Affair. Others may know something about his role in coordinating intelligence across organizational silos in the Achille Lauro Incident. It was Poindexter who looked at the increasing number of surprise terrorist attacks, including the 1983 Beruit Marine Barracks Bombing, and decided that we should know enough about these kinds of attacks before they happen to be able to prevent them. In essence, we should not be vulnerable to surprise attack from non-state terrorist actors.

After the fact, it’s fairly easy to look at all the intelligence across multiple sources, and at our leisure, connect the dots. We then turn to those in charge and ask why they couldn’t have done the same thing in real time. We slap our heads and say, ‘this could have been prevented.’ We collected all the dots we needed, what stopped us from connecting them?

The easy answer would be to say it can’t be done. Currently, we don’t have the technology and there is no legal framework, or precedent, that would support this kind of data collection and correlation. You can’t predict what will happen next, if you don’t know what’s happening right now in real time. And in the case of non-state actors, you may not even know who you’re looking for. Poindexter believed it could be done, and he began work on a program that was eventually called Total Information Awareness to make it happen.

In his book, Shane Harris posits a central metaphor for understanding Poindexter’s pursuit. Admiral Poindexter served on submarines and spent time using sonar to gather intelligible patterns from the general background of noise filling the depths of the ocean. Poindexter believed that if he could pull in electronic credit card transactions, travel records, phone records, email, web site activity, etc., he could find the patterns of behavior that were necessary precursors to a terrorist attack.

In order to use real-time track for pattern recognition, TIA (Total Information Awareness) had to pull in everything about everyone. That meant good guys, bad guys and bystanders would all be scooped up in the same net. To connect the dots in real time your need all the dots in real time. Poindexter realized that this presented a personal privacy issue.

As a central part of TIA’s architecture, Poindexter proposed that the TIA system encrypt the personal identities of all the dots it gathered. TIA was looking for patterns of behavior. Only when the patterns and scenarios that the system was tracking emerged from the background, and been reviewed by human analysts, would a request be made to decrypt the personal identities. In addition, every human user of the TIA system would be subject to a granular-level audit trail. The TIA system itself would be watching the watchers.

The fundamental divide in the analysis and interpretation of real-time dot connecting was raised when Jeff Jonas entered the picture. Jonas had made a name for himself by developing real-time systems to identify fraudsters and hackers in Las Vegas casinos. Jonas and Poindexter met at a small conference and hit it off. Eventually Jonas parted ways with Poindexter on the issue of whether a real-time system could reliably pinpoint the identity of individual terrorists and their social networks through analysis of emergent patterns. Jonas believed you had to work from a list of suspected bad actors. Using this approach, Jonas had been very successful in the world of casinos in correlating data across multiple silos in real time to determine when a bad actor was about to commit a bad act.

Jonas thought that Poindexter’s approach with TIA would result in too many false positives and too many bad leads for law enforcement to follow up. Poindexter countered that the system was meant to identify smaller data sets of possible bad actors through emergent patterns. These smaller sets would then be run through the additional filter of human analysts. The final output would be a high-value list of potential investigations.

Of course, once Total Information Awareness was exposed to the harsh light of the daily newspaper and congressional committees, its goose was cooked. No one wanted the government spying on them without a warrant and strong oversight. Eventually Congress voted to dismantle the program. This didn’t change the emerging network-connected information environment, nor did it change the expectation that we should be able to coordinate and correlate data across multiple data silos to stop terrorist attacks in real time. Along side the shutting down of TIA, and other similar government efforts, was the rise of Google, social networks, and other systems that used network-based personal data to predict consumer purchases; guess which web site a user might be looking for; and even the bet on the direction of stocks trading on exchanges.

Poindexter had developed the ideas and systems for TIA in the open. Once it was shut down, the system was disassembled and portions of it ported over to the black ops part of the budget. The system simply became opaque, because the people and agencies charged with catching bad actors in real time still needed a toolset. The tragedy of this, as Shane Harris points out, is that Poindexter’s vision around protecting individual privacy through identity encryption was left behind. It was deemed too expensive and too difficult. But the use of real-time data correlation techniques, social graph analysis, in-memory data stores and real-time pattern recognition are all still at work.

It’s likely that the NSA, and other agencies, are using a combination of Poindexter’s and Jonas’s approaches right now: real-time data correlation around suspected bad actors, and their social graphs— combined with a general sonar-like scanning of the ocean of real-time information to pick up emergent patterns that match the precursors of terrorist acts. What’s missing is a dialogue about our expectations, our rights to privacy and the reality of the real-time networked information environment that we inhabit. We understood the idea of wiretapping a telephone, but what does that mean in the age of the iPhone?

Looking at the structure of these real-time data correlation systems, it’s easy to see their migration pattern. They’ve moved from the intelligence community to wall street to the technology community to daily commerce. Social CRM is the buzz word that describes the corporate implementation; some form of real-time VRM will be the consumer’s version of the system. The economics of the ecosystem of the Network has begun to move these techniques and tools to the center of our lives. We’ve always wanted to alter our relationship to time, we want to know with a very high probability what is going to happen next. We start with the highest-value targets, and move all the way down to a prediction of which television show we’ll want to watch and which laundry detergent we’ll end up telling our friend about.

Shane Harris begins his book The Watchers with the story of Able Danger, an effort to use data mining, social graph and correlation techniques on the public Network to understand Al Qaeda. This was before much was known about the group or its structure. One of the individuals working on Able Danger was Erik Kleinsmith, he was one of the first to use these techniques to uncover and visualize a terrorist network. And while he may not have been able to predict the 9/11 attacks, his analysis seemed to connect more dots than any other approach. But without a legal context for this kind of analysis of the public Network, the data and the intelligence was deleted and unused.

Working under the code name Able Danger, Kleinsmith compiled an enormous digital dossier on the terrorist outfit (Al Qaeda). The volume was extraordinary for its size— 2.5 terabytes, equal to about one-tenth of all printed pages held by the Library of Congress— but more so for its intelligence significance. Kleinsmith had mapped Al Qaeda’s global footprint. He had diagrammed how its members were related, how they moved money, and where they had placed operatives. Kleinsmith show military commanders and intelligence chiefs where to hit the network, how to dismantle it, how to annihilate it. This was priceless information but also an alarm bell– the intelligence showed that Al Qaeda had established a presence inside the United States, and signs pointed to an imminent attack.

That’s when he ran into his present troubles. Rather than relying on classified intelligence databases, which were often scant on details and hopelessly fragmentary, Kleinsmith had created his Al Qaeda map with data drawn from the Internet, home to a bounty of chatter and observations about terrorists and holy war. He cast a digital net over thousands of Web sites, chat rooms, and bulletin boards. Then he used graphing and modeling programs to turn the raw data into three-dimensional topographic maps. These tools displayed seemingly random data as a series of peaks and valleys that showed how people, places, and events were connected. Peaks near each other signaled connection in the data underlying them. A series of peaks signaled that Kleinsmith should take a closer look.

…Army lawyers had put him on notice: Under military regulations Kleinsmith could only store his intelligence for ninety days if it contained references to U.S. persons. At the end of that brief period, everything had to go. Even the inadvertent capture of such information amounted to domestic spying. Kleinsmith could go to jail.

As he stared at his computer terminal, Kleinsmith ached at the thought of what he was about to do. This is terrible.

He pulled up some relevant files on his hard drive, hovered over them with his cursor, and selected the whole lot. Then he pushed the delete key. Kleinsmith did this for all the files on his computer, until he’d eradicated everything related to Able Danger. It took less than half an hour to destroy what he’d spent three months building. The blueprint for global terrorism vanished into the electronic ether.

Comments closed