dingbat

News

Podcast: If GCHQ wants to improve national security it must fix our technology

Here's a reading (MP3) of my latest Guardian column, If GCHQ wants to improve national security it must fix our technology where I try to convey the insanity of spy agencies that weaken Internet security in order to make it easier for them to spy on people, by comparing this to germ warfare.

Last year, when I finished that talk in Seattle, a talk about all the ways that insecure computers put us all at risk, a woman in the audience put up her hand and said, “Well, you’ve scared the hell out of me. Now what do I do? How do I make my computers secure?”

And I had to answer: “You can’t. No one of us can. I was a systems administrator 15 years ago. That means that I’m barely qualified to plug in a WiFi router today. I can’t make my devices secure and neither can you. Not when our governments are buying up information about flaws in our computers and weaponising them as part of their crime-fighting and anti-terrorism strategies. Not when it is illegal to tell people if there are flaws in their computers, where such a disclosure might compromise someone’s anti-copying strategy.

But: If I had just stood here and spent an hour telling you about water-borne parasites; if I had told you about how inadequate water-treatment would put you and everyone you love at risk of horrifying illness and terrible, painful death; if I had explained that our very civilisation was at risk because the intelligence services were pursuing a strategy of keeping information about pathogens secret so they can weaponise them, knowing that no one is working on a cure; you would not ask me ‘How can I purify the water coming out of my tap?’”

Because when it comes to public health, individual action only gets you so far. It doesn’t matter how good your water is, if your neighbour’s water gives him cholera, there’s a good chance you’ll get cholera, too. And even if you stay healthy, you’re not going to have a very good time of it when everyone else in your country is striken and has taken to their beds.

Mastering by John Taylor Williams: wryneckstudio@gmail.com

John Taylor Williams is a audiovisual and multimedia producer based in Washington, DC and the co-host of the Living Proof Brew Cast. Hear him wax poetic over a pint or two of beer by visiting livingproofbrewcast.com. In his free time he makes "Beer Jewelry" and "Odd Musical Furniture." He often "meditates while reading cookbooks."

MP3

Get a signed, inscribed copy of “In Real Life” delivered to your door, courtesy of WORD Books


As previously mentioned, Jen Wang and I have adapted my short story "Anda's Game" as a full-length, young adult graphic novel called "In Real Life," which comes out next October. Brooklyn's excellent WORD bookstore has generously offered to take pre-orders for signed copies; I'll drop by the store during New York Comic-Con and sign and personalize a copy for you and they'll ship it to you straightaway.

Security as a public health discipline, not an engineering one


In my latest Guardian column, If GCHQ wants to improve national security it must fix our technology, I argue that computer security isn't really an engineering issue, it's a public health issue. As with public health, it's more important to be sure that our pathogens are disclosed, understood and disclosed than it is to keep them secret so we can use them against our enemies.

Scientists formulate theories that they attempt to prove through experiments that are reviewed by peers, who attempt to spot flaws in the reasoning and methodology. Scientific theories are in a state of continuous, tumultuous improvement as old ideas are overturned in part or whole, and replaced with new ones.

Security is science on meth. There is a bedrock of security that is considered relatively stable – the mathematics of scrambling and descrambling messages – but everything above that bedrock has all the stability of a half-set custard. That is, the best way to use those stable, well-validated algorithms is mostly up for grabs, as the complex interplay of incompatible systems, human error, legacy systems, regulations, laziness, recklessness, naivete, adversarial cunning and perverse commercial incentives all jumble together in ways that open the American retailer Target to the loss of 100m credit card numbers, and the whole internet to GCHQ spying.

As Schneier says: “Anyone can design a security system that works so well that he can’t figure out how to break it.” That is to say, your best effort at security is, by definition, only secure against people who are at least as dumb as you are. Unless you happen to be the smartest person in the world, you need to subject your security system to the kind of scrutiny that scientists use to validate their theories, and be prepared to incrementally patch and refactor things as new errors are discovered and reported

If GCHQ wants to improve national security it must fix our technology

(Image: File:CoughsAndSneezesSpreadDiseases.jpg, Wikimedia Commons, Public Domain)

Snowden at SXSW: immediate impressions


Yesterday at SXSW, Barton Gellman and I did a one-hour introductory Q&A before Edward Snowden's appearance. Right after Snowden and his colleagues from the ACLU wrapped up, I sat down and wrote up their event for The Guardian, who've just posted my impressions:

Excerpt …

Podcast: Cold Equations and Moral Hazard

Here's a reading (MP3) of my latest Locus column, Cold Equations and Moral Hazard which considers the way that science fiction can manipulate our ideas about the technical necessity for human misery, and how that narrative can be hijacked for self-serving ends.

Apparently, editor John W. Campbell sent back three rewrites in which the pilot figured out how to save the girl. He was adamant that the universe must punish the girl.

The universe wasn’t punishing the girl, though. Godwin was – and so was Barton (albeit reluctantly).

The parameters of ‘‘The Cold Equations’’ are not the inescapable laws of physics. Zoom out beyond the page’s edges and you’ll find the author’s hands carefully arranging the scenery so that the plague, the world, the fuel, the girl and the pilot are all poised to inevitably lead to her execution. The author, not the girl, decided that there was no autopilot that could land the ship without the pilot. The author decided that the plague was fatal to all concerned, and that the vaccine needed to be delivered within a timeframe that could only be attained through the execution of the stowaway.

It is, then, a contrivance. A circumstance engineered for a justifiable murder. An elaborate shell game that makes the poor pilot – and the company he serves – into victims every bit as much as the dead girl is a victim, forced by circumstance and girlish naïveté to stain their souls with murder.

Moral hazard is the economist’s term for a rule that encourages people to behave badly. For example, a rule that says that you’re not liable for your factory’s pollution if you don’t know about it encourages factory owners to totally ignore their effluent pipes – it turns willful ignorance into a profitable strategy.

Mastering by John Taylor Williams: wryneckstudio@gmail.com

John Taylor Williams is a audiovisual and multimedia producer based in Washington, DC and the co-host of the Living Proof Brew Cast. Hear him wax poetic over a pint or two of beer by visiting livingproofbrewcast.com. In his free time he makes "Beer Jewelry" and "Odd Musical Furniture." He often "meditates while reading cookbooks."

MP3

Cold Equations and Moral Hazard: science fiction considered harmful to the future


My latest Locus column is "Cold Equations and Moral Hazard", an essay about the way that our narratives about the future can pave the way for bad people to create, and benefit from, disasters. "If being in a lifeboat gives you the power to make everyone else shut the hell up and listen (or else), then wouldn’t it be awfully convenient if our ship were to go down?"

Apparently, editor John W. Campbell sent back three rewrites in which the pilot figured out how to save the girl. He was adamant that the universe must punish the girl.

The universe wasn’t punishing the girl, though. Godwin was – and so was Barton (albeit reluctantly).

The parameters of ‘‘The Cold Equations’’ are not the inescapable laws of physics. Zoom out beyond the page’s edges and you’ll find the author’s hands carefully arranging the scenery so that the plague, the world, the fuel, the girl and the pilot are all poised to inevitably lead to her execution. The author, not the girl, decided that there was no autopilot that could land the ship without the pilot. The author decided that the plague was fatal to all concerned, and that the vaccine needed to be delivered within a timeframe that could only be attained through the execution of the stowaway.

It is, then, a contrivance. A circumstance engineered for a justifiable murder. An elaborate shell game that makes the poor pilot – and the company he serves – into victims every bit as much as the dead girl is a victim, forced by circumstance and girlish naïveté to stain their souls with murder.

Moral hazard is the economist’s term for a rule that encourages people to behave badly. For example, a rule that says that you’re not liable for your factory’s pollution if you don’t know about it encourages factory owners to totally ignore their effluent pipes – it turns willful ignorance into a profitable strategy.

Cold Equations and Moral Hazard

Guest review: my daughter reviews Ariol

I love reading with my daughter, Poesy, who has just turned six. We agree on almost all of her favorites, and re-reading them is one of our best-loved activities, and how we pass the time on boring bus-rides and so forth. However, there are a few books that Poesy loves, but which leave me cold. First among these is are the Ariol books, a long-running French kids' comic series that are being swiftly translated into English by Papercutz (there are three books out so far, and a fourth is due in May). Ariol was co-created by the amazing and talented Emmanuel Guibert, whose other work includes the anarcho-gonzo Sardine kids' comics; the brilliant WWI memoir Alan's War, and the extraordinary memoir of doctors in Soviet-occupied Afghanistan The Photographer.

I love Guibert, but not Ariol. Poesy, on the other hand, can't get enough of it. This is cool -- and better than cool, because my reluctance to read her these books over and over (and over and over) has actually driven her to be a much better independent reader, and she often picks up an Ariol book, sits herself down, and reads it to herself for hours, snickering. Ariol is like your kid's obnoxious friend who is so incredibly naughty that you dread his visits, and who your kid adores and wants to play with all the time (thankfully, he also lives in a comic book).

It's exciting to see Poesy developing her own taste, separate from ours, and I wanted to give her a chance to explain what she likes about Ariol. So we sat down in my office and recorded this video review together. If you've got little anarcho-readers in your household, Poesy wants you to know that you should let them read some Ariol books.

There's also a long-running French-Canadian Ariol cartoon, which has been dubbed into many languages. You can find tons on Youtube, including this English one.

Ariol #1: Just a Donkey Like You and Me

Ariol #2: Thunder Horse

Ariol #3: Happy as a Pig...

Ariol #4: A Beautiful Cow [forthcoming May 6, 2014]

Text of Little Brother on an art-litho, tee, or tote



As you may have noticed, I think Litographs are really cool: the company turns the text of various books into a piece of appropriately themed text-art and makes lithographs, tees and tote-bags out of it.

Now, I'm delighted to announce that the company has produced a line of Litographs based on my novel Little Brother, with a gorgeous anti-surveillance design by Benjy Brooke.


The Little Brother Litograph is available as a poster in three sizes, a tee (bearing the first 75,000 words of the book), and a tote (bearing 20,000 words).

Each piece is custom-made, and you can choose between a variety of color schemes or a black-and-white design. Tees are two-sided, screened from collar to hem, and come in both boy- and girl-cuts.

The company sends a new, high quality book to the International Book Bank for every poster they sell.


For this week only, you can get $5 off any Litograph product with the discount code M1k3y.

Little Brother

Museums and the free world: keynote from the Museums and the Web conference in Florence


Yesterday, I delivered a keynote address for the 2014 Museums and the Web Conference in Florence, speaking in the audience chamber of the Palazzo Vecchio, which is pretty much the definition of working the big room at the palace. The organizers will be uploading video shortly, but in the meantime, they've been kind enough to post the crib for my talk, which is pretty extensive. The talk was called "GLAM (galleries, museums, archives and libraries) and the Free World":

* The information age is, in many ways, the beginning of history

* It’s a moment at which every person is swiftly becoming an archivist of her own life, a curator of billions of blips of ephemeral communications and ruminations and interactions

* As any archaeologist who’s ever rejoiced at finding a midden that reveals how normal people lived their lives in antiquity can tell you, this ephemera, so rare and badly preserved through most of our history, is of incalculable value

* Which would you rather see: an oil painting of a Victorian monarch, a ramrod stiff photo of your great-grandmother in her confirmation smock, or a hundred transcripts of the conversations she shared with her peers and her family?

* The tools by which we accomplish this archival business are, of course, computers

* Carried in our bags and pockets, worn in and on our bodies

* There is one group of people in the world who understand how archiving works, who understand the importance of the ephemeral en masse, who can steer us to personal and cultural practices of preservation, archiving, dissemination, and access — it’s you, the museum sector

* Just as librarians — who have toiled for centuries at the coalface of information and authority, systematizing the process of figuring out which sources to trust and why — are more needed than ever now, when we are all of us required to sort the credible from the non-credible every time we type a keyword into a search box

* So too are curators and archivists more needed than ever, now that we are all archiving and curating all the live-long day

GLAM and the Free World

Why DRM is the root of all evil

Why DRM is the root of all evil

In my latest Guardian column, What happens with digital rights management in the real world?, I explain why the most important fact about DRM is how it relates to security and disclosure, and not how it relates to fair use and copyright. Most importantly, I propose a shortcut through DRM reform, through a carefully designed legal test-case.

The DMCA is a long and complex instrument, but what I'm talking about here is section 1201: the notorious "anti-circumvention" provisions. They make it illegal to circumvent an "effective means of access control" that restricts a copyrighted work. The companies that make DRM and the courts have interpreted this very broadly, enjoining people from publishing information about vulnerabilities in DRM, from publishing the secret keys hidden in the DRM, from publishing instructions for getting around the DRM – basically, anything that could conceivably give aid and comfort to someone who wanted to do something that the manufacturer or the copyright holder forbade.

Significantly, in 2000, a US appeals court found (in Universal City Studios, Inc v Reimerdes) that breaking DRM was illegal, even if you were trying to do something that would otherwise be legal. In other words, if your ebook has a restriction that stops you reading it on Wednesdays, you can't break that restriction, even if it would be otherwise legal to read the book on Wednesdays.

In the USA, the First Amendment of the Constitution gives broad protection to free expression, and prohibits government from making laws that abridge Americans' free speech rights. Here, the Reimerdes case set another bad precedent: it moved computer code from the realm of protected expression into a kind of grey-zone where it may or may not be protected.

In 1997's Bernstein v United States, another US appeals court found that code was protected expression. Bernstein was a turning point in the history of computers and the law: it concerned itself with a UC Berkeley mathematician named Daniel Bernstein who challenged the American prohibition on producing cryptographic tools that could scramble messages with such efficiency that the police could not unscramble them. The US National Security Agency (NSA) called such programs "munitions" and severely restricted their use and publication. Bernstein published his encryption programs on the internet, and successfully defended his right to do so by citing the First Amendment. When the appellate court agreed, the NSA's ability to control civilian use of strong cryptography was destroyed. Ever since, our computers have had the power to keep secrets that none may extract except with our permission – that's why the NSA and GCHQ's secret anti-security initiatives, Bullrun and Edgehill, targetted vulnerabilities in operating systems, programs, and hardware. They couldn't defeat the maths (they also tried to subvert the maths, getting the US National Institute for Standards in Technology to adopt a weak algorithm for producing random numbers).

What happens with digital rights management in the real world?

Creative Commons License

Cory Doctorow’s craphound.com is proudly powered by WordPress
Entries (RSS) and Comments (RSS).