Emergent Chaos

David Bratzer is a police officer in Victoria, British Columbia. He’s a member of “Law Enforcement Against Prohibition,” and was going to address a conference this week. There’s a news video at “VicPD Officer Ordered to Stay Quiet.”

In an article in the Huffington Post, “The Muzzling of a Cop” former Seattle Police Chief Norm Stamper writes:

Officer Bratzer was scheduled to address, on his own time, an important “harm reduction” conference in the city this week. His chief stepped in, said no. Why? He didn’t like the message Bratzer was set to deliver. Of course, this decision by the brass has had the effect of shining an even brighter light on the horrific effects of the U.S.-led drug war. That’s good.

A free society requires that all points of view be voiced. Debate requires facts. If the department wants to ban all speech about the laws it enforces, that would be one thing. But I don’t think that’s their position, nor would such a ban be compatible with the Canadian Charter of Rights and Freedoms. But as you can see in the video, Sgt Grant Hamilton is portraying the official position of the Victoria police: that the people it protects are incapable of making distinctions between those in uniform and those in civilian dress. That position isn’t compatible with democratic decision making. What other distinctions do the police worry people can’t make? Isn’t making those choices the job of the legislature?

Please sign the petition to let David Bratzer speak at http://www.leap.cc/freespeech, and consider making a donation in support of their work.

Twenty years ago today, Nelson Mandela was released from prison on Robben Island, where he was imprisoned for 27 years for considering violence after his rights to free speech and free association were revoked by the government.

I learned a lot about the stories when I visited South Africa, and then more when my mom sent me “The World that was Ours” by Hilda Bernstein. She was an activist and the wife of one of the “Rivonia Trial.” Her book is a highly readable account of what life was like, and how people who started out as reformers were radicalized by increasingly bizarre and ineffectual attempts by the government to exert control.

It also gives a good sense of how absurd the actions of the apartheid system became as time went on. I could make snarky comparisons to the TSA, and believe me, I’m tempted. But the simple truth is that as bad as things have gotten in the US, they generally don’t even approach the dysfunction which existed in South Africa.

Looking at South Africa today, it’s easy to forget that twenty years ago, the country was engaged in an active race war with government forces shooting into funeral crowds every weekend. The work that Mandela, Desmond Tutu, and F.W. De Klerk and others did to stop the violence and build the society which exists in South Africa today is one of the success stories of our time. Yes, it has deep imperfections, but so does the world.

Photo from the Apartheid Museum. On the left is a ballot box.

The lead of this story caught my eye:

(CNN) — Legislatures in all 50 states, the District of Columbia, Guam, the Virgin Islands and Puerto Rico met in 2009, leading to the enactment of 40,697 laws, many of which take effect January 1.

That’s an average of 753 laws passed in each of those jurisdictions. At 200 working days in a year, which is normal for you and me, that’s nearly 4 laws per day.

Now, there’s a longstanding principle of law, which is that ignorance of the law is no excuse. That goes back to the day when laws, like the code of Hammurabi, were inscribed at a rate of about 4 letters per day. The laws were posted in the city center where both of the literate people could read them.

Joking aside, at what point does knowledge of the law become an unreasonable demand on the citizenry? Civil rights lawyer Harvey Silvergate has a new book, “Three Felonies a Day: How the Feds Target the Innocent. I haven’t read it, but as I understand, it’s largely about the proliferation of vague laws, not the sheer numbers.

A few years back, Aleecia McDonald and Lorrie Cranor calculated the cost of reading and understanding the privacy policies of the sites you visit. It was $365 billion. It might be interesting to apply the same approach to the work of legislatures.

As I simmer with anger over how TSA is subpoening bloggers, it occurs to me that the state of airline security is very similar to that of information security in some important ways:

• Failures are rare
• Partial failures are generally secret
• Actual failures are analyzed in secret
• Procedures are secret
• Procedures seem bizarre and arbitrary
• External analysis seems to show that the procedures are fundamentally flawed
• Those charged with doing the work appear to develop a bunker mentality

In this situation, anyone can offer up their opinions, and most of us do.

It’s hard to figure out which analysis are better than others, because the data about partial failures is harder to get than opinions. And so most opinions are created and appear equal. Recommendations in airline security are all ‘best practices’ which are hard to evaluate.

Now, as Peter Swire has pointed out, the disclosure debate pivots on if an attacker needs to expose themselves in order to test a hypothesis. If the attacker needs to show up and risk arrest or being shot to understand if a device will make it through a magnometer, that’s very different than if an attacker needs to send packets over the internet.

I believe much of this swivels on the fact that most of the security layers have been innocently exposed in many ways. The outline of how the intelligence agencies and their databases work is public. The identity checking is similarly public. It’s easy to discover at home or at the airport that you’re on a list. The primary and secondary physical screening layers are well and publicly described. The limits of tertiary screening are easily discovered, as an unlucky friend discovered when he threw a nazi salute at a particularly nosy screener in Amsterdam’s Schiphol airport. And then some of it comes out when government agencies accidentally expose it. All of this boils down to partial and unstructured disclosure in three ways:

1. Laws or public inquiries require it
2. The public is exposed to it or can “innocently” test it
3. Accidents

In light of all of this, the job of a terrorist mastermind is straightforward: figure out a plan that bypasses the known defenses, then find someone to carry it out. Defending the confidentiality of approaches is hard. Randomization is an effort to change attacker’s risk profiles.

But here’s the thing: between appropriate and important legal controls and that the public goes through the system, there are large parts of it which cannot be kept secret for any length of time. We need to acknowledge that and design for it.

So here’s my simple proposal:

1. Publish as much of the process as can be published, in accordance with the intent of Executive Order on Classified National Security Information:
   

   “Agency heads shall complete on a periodic basis a comprehensive review of the agency’s classification guidance, particularly classification guides, to ensure the guidance reflects current circumstances and to identify classified information that no longer requires protection and can be declassified,”

   That order lays out a new balance between openness and national security, including terrorism. TSA’s current approach does not meet that new balance.

2. Publish information about failed attempts and the costs of the system
3. Stop harassing and intimidating those like Chris Soghoian, Steven Frischling or Christopher Elliott who discuss details of the system.
4. Encourage and engage in a fuller debate with facts, rather than speculation.

There you have it. We will get better security through a broad set of approaches being brought to the problems. We will get easier travel because we will understand what we’re being asked to do and why. Everyone understand we need some level of security for air travel. Without an acrimonious, ill-informed firestorm, we’ll get more security with less pain and distraction.

Via Gary Leff, we learn that “The TSA Puts Their Sensitive Security Screening Procedures Online For All To See (oops).”

It’s another “we blacked out the doc without blacking out the data” story. The doc is 93 pages, and I don’t have time to more than skim it right now. I think that the redactions are generally reasonable, covering things like the gauge of wire which needs to be detectable for an xray machine to be considered operational. That’s not something we need to know about to debate the right of free travel. We can assume that there’s some level that the machines are set to, and that’s ok. There are a few redactions where I disagree, like ones about who’s exempted from special security treatment. In a democratic society, we should be able to ask “should members of Congress be subject to the same treatment as the rest of us?”

Generally, what’s in the document is not likely to surprise anyone who flies often and pays attention. What’s most interesting to me are actually some of the non-redacted bits:

2.7. PHOTOGRAPHING, VIDEOTAPING, AND FILMING SCREENING LOCATIONS
A. TSA does not prohibit the public, passengers, or press from photographing, videotaping, or filming screening locations unless the activity interferes with a TSO’s ability to perform his or her duties or
prevents the orderly flow of individuals through the screening location. Requests by commercial entities to photograph an airport screening location must be forwarded to TSA’s Office of Strategic Communications and Public Affairs. Photographing EDS (Explosive Detection Systems) or ETD (Explosive Trace Detection) monitor screens or emitted images is
not permitted.
B. TSA must not confiscate or destroy the photographic equipment or film of any person photographing the
screening location.

That’s very interesting, and not in accordance with signs I’ve seen.

2.11. INDIVIDUALS WHO REFUSE SCREENING OF THEIR PERSON
The screening process of an individual begins when he or she walks through a WTMD (or an ETP if it is placed ahead of the WTMD at ETP-equipped checkpoints), or a TSO grants an individual’s request for specialized screening. Once screening has begun, an individual may not withdraw from the screening process. [...]
B. If an individual refuses to complete screening after screening has begun, the TSO must notify the STSO. The STSO must advise the individual that the screening process must be completed. The STSO must then offer the individual a final opportunity to complete the screening process. If the individual continues to
refuse screening, the STSO must:
1) Notify an LEO and request that the LEO assist in completing screening of the individual
2) Ensure that screening of the individual’s accessible property is completed
3) Inform TSA management if the LEO permits the individual to return to the public area without completing screening
C. If the individual, who has refused to complete screening, returns to the public area prior to clearance or the arrival of an LEO:
1) Screening personnel must attempt to keep the individual under constant observation until an LEO arrives.
2) Screening personnel must not physically detain or hinder the movement of the individual.

This is also a very interesting section. The individual “may not withdraw” but TSA may not detain or hinder someone who tries to leave. I believe that there have been questions raised about this, and now that this is public, I expect more.

Finally, I found 3.9.2.B, “TIP User ID requirements” interesting

The user ID number must contain at least four alphanumeric characters, usually comprised of the last four digits of the employee’s Social Security number, and it must be no greater than the number of characters
permitted by the x-ray manufacturer. Each user must choose a unique password containing at least four, but no greater than six, alphanumeric characters.

At first, I boggled at this. A 6 character password? Really? Then, as I thought about it, I realized that this isn’t that unreasonable. The machines are in physically secured areas. The data on them isn’t that valuable. It’s probably reasonable.

As an aside, are there fewer than 10,000 TIP operators? If not, there are certainly collisions in the user ID space. Otherwise, it’s a birthday problem.

[Update: Jon Stewart has assembled up some of the news reports, and Ed Hasbrouck covers the FOIA and legal aspects. ]

Today on Thanksgiving, I’m thankful that the European Parliament has adopted what may be the first useful statement about the balance between security and privacy since Franklin:

“… stresses that the EU is rooted in the principle of freedom. Security, in support of freedom, must be pursued through the rule of law and subject to fundamental rights obligations. The balance between security and freedom is to be seen in that perspective”

Thanks to Ralf Bendrath and @privacyint for pointing it out.

Links: An area of freedom, security and justice serving the citizen – Stockholm programme
Luigi Berlinguer, and Ammendment 70: 23.11.2009 B7-0155/70 (or html)

Asked about the timing, the unbriefed propaganda minister mumbled: “As far as I know, effective immediately.” When that was reported on television, the Berliners were off. Baffled border guards who would have shot their “comrades” a week earlier let the crowd through—and a barrier that had divided the world was soon being gleefully dismantled. West Germany’s chancellor, Helmut Kohl, was so unready for history that he was out of the country.

The destruction of the Iron Curtain on November 9th 1989 is still the most remarkable political event of most people’s lifetimes: it set free millions of individuals and it brought to an end a global conflict that threatened nuclear annihilation. For liberals in the West, it still stands as a reminder both of what has been won since and what is still worth fighting for.

The Economist has two excellent articles about the wall. “So much gained, so much to lose” and “Walls in the mind.” They do a great job of capturing both the ups and downs of the chaos that has replaced the Politburo and its puppets.

It’s also worth remembering that it’s the 61st 71st anniversary of Kristalnacht.

There are apparently many people being held without charges by Iranian government. But as far as I know, I’ve only ever met one of them, and so wanted to draw attention to his case:

During this entire time, our son has had just two short meetings with us for only a few minutes. Please imagine that for every six months we just saw him for very few minutes. We have no information about his legal situation.

No court has been held yet and we don’t even know which institution or security organization Hossein is under the control of. Many times, from many different ways, we tried to get some precision about his situation, but we couldn’t. Does a detainee’s dignified manner deserve such treatment?

No one ever deserves to be held on secret charges for that long. Let Hoder out, or charge him. The same goes for all the victims of officious kidnapping, wherever in the world they are.

Yesterday, Luis Armando Peña Soltren was arrested after forty years on run for hijacking a plane to Cuba.

Soltren “will finally face the American justice system that he has been evading for more than four decades,” said U.S. Attorney Preet Bharara.

I understand that Woody Allen, Martin Scorsese and David Lynch are already circulating a petition around Hollywood demanding Mr Soltren’s release.

I’ve been remiss in not posting a review of Tetraktys, by Ari Juels. Short review: It’s better written and has better cryptographers than the ones in any Dan Brown novel, but that’s really damning it with faint praise, which it doesn’t deserve.

It’s a highly readable first novel by Ari Juels, who is Chief Scientist at RSA Labs. The story is about a cryptographer who discovers an ancient plot involving a secret conspiracy. The ending is a little Stephenson-esque, insofar as it’s abrupt, but I got the feeling that that was authorial intent, not accident.

I enjoyed it, but since I don’t review a lot of fiction, I’m a bit unsure what to say about it. Is it better than Cryptonomicon? It depends how you weigh value per word. I was jolted into writing a short review by the new FTC rules, because I both bought a copy and was given one. I read the one I bought when Ari launched the book at RSA last year, and after I’d read it (but months ago) his publisher sent me a copy. Oh, and Ari’s employer has bought me dinner, but not in the last year. Finally, the link to the book is a non-affiliate link as far as I know. But given the complex messiness of Amazon linkage mechanisms, I’m actually unsure.

Since I haven’t read the copy I was given, and I already had a copy, was I really given anything?

As regular readers know, I regularly disclose such things and have since I started this blog. But as this example shows, putting long and complex rules in place will never cover the messy and emergent chaos which is the world in all its glory.

Anyway, you should buy a copy and read Tetrktys.