" /> net.wars: February 2016 Archives

« January 2016 | Main | March 2016 »

February 26, 2016

Monster trucks

The last couple of years have seen growing awareness that modern cars are becoming as security-challenged as the other newly electronified systems: smart meters, smart TVs, SCADA, and everything else that will eventually make up the Internet of Things. This week, a group of academics and other concerned parties gathered in Oxford to hash out the shape of the nascent monster approaching on wheels. Officially, the main event was autonomous vehicles, but the reality is that current cars are already computer networks on wheels, with all the security issues that implies. Two days later, the story broke about the vulnerabilities in the Nissan Leaf. Last week Volvo recalled 59,000 vehicles because of a software flaw that caused engines to shut down.

The two scariest sources of trouble that emerged: human nature and what one speaker called the "supply mesh" (because "chain" is too simple). Human nature we see on the roads every day; the fact that humans and computers have different expectations and foibles may necessitate, as some suggest, segregating them from each other, something we're still struggling to do for bicycles.

googlecar-2015.jpgGoogle dominates the UAV headlines to such an extent that some people apparently wonder why Paul Newman bothers with his Oxford-based Mobile Robotics Group. It's disturbing. This is a game-changing global market being mentally awarded to a single company before the first product launch. Motivations matter a lot in new technology design, and European researchers tend to talk about convoys, fuel savings, and better use of road space. Newman imagines cars sharing data, doing collaborative mapping. This week, Mother Jones imagined the end of parking. There is more than one possible future than optimizing for monetizing passengers by displaying ads, favoring sites that pay for the privilege, paid apps, and comprehensive data tracking, as Tom Slee writes in What's Yours Is Mine?

The between-sessions schmoozing at an event like this tosses up all sorts of possibilities. For example: public discomfort might preclude sending unmanned 18-wheeler trucks careening around the I-95 or the M1. But maybe there'd be less of a problem with putting one guy in charge of a convoy of four, much like a Clear Channel disk jockey overseeing a dozen stations from a studio in Atlanta. Your quad-trucker would act as a security guard for the trucks and their contents, and apply human judgement and intelligence when needed. One speaker produced a fine example of when that might be: a burning oil tanker truck by the roadside. It wouldn't trigger any of an autonomous vehicle's alarm systems - no people to worry about, road is clear, good visibility (for now). Although this specific case could be fixed with outside thermometers and sensors that sample the air and test for particulates and other indicators of smoke, the point stands that automated vehicles can only be programmed with what their developers foresee. Humans have life experience (although also variable stupidity). By the time an autonomous vehicle has collected enough data from daily runs to gain the equivalent, it may have been blown up.

But all that is still in the prototype stage. The immediate security issue is today's increasingly automated and wireless-equipped cars; the UAVs built on top of them can't be more secure than they are. Every industry seems to have to learn separately that when you add wireless communications you must change your threat model. The supply chain affects all cars now, not just UAVs in a future we have time to prepare for.

t1larg.charlie.chaplin.modern.times.scene.jpgProbably most people's image of where cars come from is the old assembly line. Of course, it's far more complicated than that: as in the computer industry itself, original equipment manufacturers (OEMs) buy pieces from Tier 1 suppliers, who in turn build systems out of components sourced from Tier 2 suppliers. All these players are densely interconnected (the "mesh") and, as an added complication, the lower-tier suppliers are often bigger than the car companies themselves. So people build subsystems and then systems and then cars out of components whose security they can't inspect or test, and whose manufacturers they simply have to trust. A trust chain isn't so bad when the guy on the factory line can look at the T-joint he's installing and say, "This one doesn't look so good - send it for testing", but is potentially disastrous when you're talking about embedded systems whose vulnerabilities may not appear for a year or two but will be catastrophic when they do.

Business nature also adds risk. One of the most disturbing bits of news is VW's response to Birmingham University researcher Flavio Garcia's paper on cracking the Megamos crypto immobilizer system in use in many cars. Lawsuits from VW - more recently famous for gaming its emission control systems' test results - kept Garcia's work gagged for two and a half years before he was cleared to publish the weaknesses he found. Car manufacturers didn't take safety seriously before Ralph Nader in the 1970s; similar force is needed for security today. Playing Matt Blaze's Security Problem Excuse Bingo is a lot less fun when the object under discussion is a two-ton killer cyborg.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

February 19, 2016

Poisoning the fruit tree

"Why would Apple take this to court?" a TV researcher asked me on Wednesday. He was, of course, referring to Apple's pushback against a court order telling it to help the FBI access the data on the phone belonging to Sayed Rizwan Farook, the gunman who, with his wife, killed 14 people and injured 22 in San Bernardino, California, in December 2015. This is the kind of hard case that laws must be made to balance. In Britain, where the draft Investigatory Powers bill hovers menacingly, the Apple case is an important example of the debates in our immediate future. What Apple is being asked to do is that bill's equipment interference (PDF).

Apple has little choice but to fight it. Complying would tell customers that either the technology is flawed or that the company lied when it promised its customers that it could not access their data. What technology brand can survive that? That business reality is, I'm sure, only one of the reasons for Apple's stance: like the Vatican, to which Andrew Brown compares it in the Guardian, an organization can be both self-interested and principled. (Though Brown is wrong to say that "it's as easy" to build software that can be broken - that's much, much easier.)

There's been a lot of crossfire and confusion since Wednesday because speed tends to damage technical detail and also because simultaneously Apple is involved in a New York case that sounds similar but isn't.

The law the FBI is citing is the All Writs Act of 1789, a sort of get-out-of-court-free clause that lets judges issue orders that fall into legal gaps. The discretion so granted has been ramped up lately to expand surveillance and in terrorism-related cases such as the detainees in Guantánamo Bay (PDF).

What sounds like good news for privacy-conscious users of the current generation of iPhones is that after two months of trying the FBI hasn't managed to get into Farook's phone. Of course, we don't know how hard or consistently they have tried: it's certainly possible that this case is a carefully-chosen canary designed to make the political point that legislation requiring access to encrypted data is necessary. If that was the plan, it may have begun to succeed: the Wall Street Journal reports, based on unnamed sources, that Senate Intelligence Committee chair Richard Burr (R-NC) proposes to create legislation that would criminalize such refusals in future.

At Techcrunch, Matthew Panzarino explains the difference between the iPhone running iOS7 in the New York case and the iPhone5C that belonged to Farook. In iOS7 Apple can extract the phone's contents without knowing the user's password; it is resisting the New York order to do so. From iOS8 onwards, it can't. the iPhone5C runs iOS9. Hence the FBI's request.

As Techdirt explains, the judge is not ordering Apple to crack the encryption itself or to create a backdoor into it, but to create a patch for just this phone that changes the way the software reacts to repeated incorrectly entered passwords. Users get ten tries with increasing required delays to get it right before the phone locks away their data forever. What the FBI wants, therefore, is an infinite number of tries at high speed - "brute force", like I had apply to my friend's computer when he died leaving his financial files inaccessible.

TimCook-Apple.pngOff-air on Wednesday, a presenter asked me whether Apple wasn't glossing over its capabilities. If, he said, Apple could devise software that locks permanently after ten tries, why couldn't it essentially fool the software into losing count? Why couldn't you just tell the software that it was only on try number eight, or three? Just this once? That is, as I told him, the beauty of software: write once, use many. You can't crack one copy and leave the rest secure any more than you can (as we used to say about internet censorship) pee in the shallow end of the pool and expect the deep end to remain uncontaminated. Even if you turn off the circulating pumps.

It's not exactly precise for Apple CEO Tim Cook to call the software Apple is being asked to make a backdoor - by "backdoor" we usually mean a deliberate weakness in the cryptography itself. However, he is right that the effect is the same, and that it's both dangerous and unprecedented. 256px-Caspar_Bowden-IMG_smaller.jpgOnce the patch the FBI is asking for has been created, not only is the patch itself out there to be rewritten to hack into all the other iPhones running the same software, but every well-funded criminal research lab now has the extra motivation of knowing it's possible. Script kiddies will be downloading it within weeks. Why wouldn't Apple run away screaming?

Today, it's being fought by the same people, joined by giant technology companies, some of which didn't even exist then: EFF, Mozilla, Google, Facebook, and Twitter are all backing Apple's stance. It's an extraordinary moment, even if tomorrow in another part of the privacy forest we'll all be fighting again.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

February 12, 2016

Parcel of rogues


This column has long argued that whenever we consider granting the State increased surveillance powers we should imagine life down the road if those powers are available to a government less benign than the present one. Now, two US 2016 presidential primaries in, we can say it thusly: what if the man wielding the Investigatory Powers Bill is Donald Trump?

We cannot, of course, imagine how having to govern instead of play bait-the-media would change Trump. ross-2013-tiny.jpgBut let's imagine his statements as government policy, a thought suggested by this item in Ross Anderson's summary of the Cambridge symposium on the bill: "Anthony Glees notes that it's no longer unthinkable that people on the extreme right or extreme left might hold political office in Britain, and use these powers for other purposes." So for "Donald Trump" substitute your personal extremist, whether that's Jeremy Corbyn, Bernie Sanders, Nigel Farage, Theresa May, Barack Obama, or David Cameron. (Autocue Steeleye Span: Such a parcel of rogues in a nation.)

As this week's Intelligence and Security Committee report complains, the bill's provisions are hard to make out through the foggy lack of clarity. A conspiracy theorist would suggest it's deliberate: you can't stray outside of hazy boundaries. Both the ISC and the Joint Committee, which also reported this week, want the Home Office to define terms like "bulk", "telecommunications service provider", "service", "data", and, of course, "internet connection records" (which, the Joint Committee agreed are not much like telephone records).

Trump is not as irrelevant as he should be because on February 2 the EU announced "Privacy Shield", an intended replacement for the dubious Safe Harbor deal under which companies transferred EU citizens' personal data to countries lacking comparable privacy protections. Like the Investigatory Powers bill, much of how Privacy Shield would work is unknown, as EPIC has established, even to the signatories. Government vaporware?

The basis for the case that ended Safe Harbor was Edward Snowden's revelation of the US security services' ready access to EU citizens' data. The Investigatory Powers bill can't change that: what Britain seems to want more is access to data stored in the US. Ars Technica reports that the UK and US are negotiating a deal whereby MI5 and other unspecified agencies would be able to serve orders on US companies like Google and Facebook for live interception of British citizens' communications. We knew they wanted something like this from the apparently absurd extraterritorial jurisdiction clause in DRIPA. No one could fathom its enforcement and now we know: through "I'll show you mine if you show me yours" deals leveraged by the US companies' fear of being forced to conform to EU data protection law. It's not wholly new, since it's long been known that the spy agencies operate on each other's behalf.

Whether all this will pass muster in the European courts may not matter as much as we'd like, even though it's unlikely that Cameron and May would take exiting the EU over letting it interfere with British surveillance. Business would hate "Brexit", and it would hasten Scotland's exit from the UK). Instead, University of Essex professor of EU and Human Rights law Steve Peers suggests that the EU courts will bend. Even if they don't, you can indelibly embed a lot of systems and do a lot of spying while a legal challenge Jarndyces through. One obstacle is already being removed: the US Congress has passed the Judicial Redress Act allowing EU citizens to sue the US government for infringing their privacy rights.

The bill is even fuzzier on encryption, which Wired thinks will be a key issue in the Presidential race even though few prospective candidates know much about it. However, Bruce Schneier's new survey (PDF) shows that neither US nor UK has much control. As a consequence of the early 1990s crypto wars, much development of cryptography products left the US (as activists predicted it would); today, 865 products incorporating encryption come from 55 different countries, and 63% come from outside the US. The leader is Germany, with 112 products. The UK has 54. There's your economic disadvantage.

Finally, Privacy International found "thematic warrants" hiding in paragraph 212 of the explanatory notes and referenced in clauses 13(2) and 83 of the draft bill. PI calls this a Home Office attempt to disguise these as "targeted surveillance". They're so vaguely defined - people or equipment "who share a common purpose who carry on, or may carry on, a particular activity" - that they could include my tennis club. PI notes that such provisions contravene a long tradition of UK law that has prohibited general warrants, and directly conflict with recent rulings by the European Court of Human Rights.

It's hard to guess who Trump would turn this against first: Muslims, Mexicans, or Clintons.

Ross Anderson, one of the organizers of the recent Scrambling for Safety 10 to discuss the bill, writes:

Yet here in Britain the response is just to take Henry VIII powers to legalise all the illegal things that GCHQ had been up to, and hope that the European courts won't strike the law down yet again.
Sounds like something Trump would do.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

February 5, 2016

Marvin Minsky and his gizmo

Marvin_Minsky_at_OLPCb.jpgThe obits for artificial intelligence pioneer Marvin Minsky, who died on January 14, have generally focused on his extraordinary work.The following, written for the Guardian in December 1995, captures a little more of the man. The piece was for a series called "Me and My Gizmo", in which well-known people discussed their favorite gadgets. I approached Minsky after a tip-off during a similar interview with John Perry Barlow, who told me that in a gizmo throw-down they were evenly matched until Minsky mentioned his belt. I've reprinted it here as I submitted it, with added hyperlinks (while we still can). If I remember correctly, Minsky later learned (with great satisfaction) that the knot he discusses here was indeed original.

"I don't have any gizmos," Marvin Minsky said at first. Then he turned them all out, one by one. He has a compass embedded in the strap of his Timex watch.He has a folding pair of pliers in his pocket that also contain a saw, a file, and a knife.

He doesn't really think of this as a gizmo. "If you don't have a pliers and a screwdriver and some knives, you can't fix things, and I can't see how anybody could ever get through a day." Minsky is best known as the father of artificial intelligence, but he's an engineer first and foremost:he holds patents on an industrial robot arm. These days, he researches little-investigated topics like why humans like music and teaches students at the Media Lab at the Massachusetts Institute of Technology. One current project is the Brain Opera, due to premiere at New York City's Lincoln Center this summer.

He kept looking. There was a tiny camera in a pouch attached to his belt, and he was wearing his many-pocketed fishing vest, which he likes because one of the interior pockets is big enough to hold a copy of his book Society of Mind, which is printed on US letter-sized paper. When he tried, my Compaq Aero subnotebook fit into the pocket alongside the book.

Minsky's crowning gizmo, though, is his belt, a 30-foot rope that he's crocheted and knotted so that it will stay fastened under most circumstances but come completely undone if he pulls on one end. The current version, which he acquired in the late 1980s, is made of kevlar, which makes the rope very strong (8,000 pounds' worth of strength) but inflexible, as kevlar doesn't stretch. Previous models were made of nylon. It takes about half an hour to crochet it back together.

Minsky acquired the habit of wearing the rope on a skiing trip on Mont Blanc with fellow scientist Seymour Papert and some friends during a visit to Jean Piaget's Geneva research lab. When one of their group was afraid to ride on the ski lift, Minsky, who happened to have a rope, rigged it up so that the rope, attached to the lift, pulled her up the mountain. He decided then that he'd always have a rope, and crocheted his first belt - he has always been interested in knots, and believes that the knot that holds the belt closed is his own invention.

He'd like to verify that it's his invention, but "I can't think of where to publish it. There must be a knot journal." He stopped to investigate an unfamiliar way of tying shoes with a double bow that holds all day but that you can still pull out from one end.

Minsky was very glad of his rope belt when he and his family were visiting Norway in the late 1960s and stopped at an attractive field. When it was time to go, his daughter Margaret, now a scientist at the Media Lab but then eight years old, told him she couldn't get out. She was, it transpired, sinking into quicksand.

"She was very calm," Minsky said. "I realised I couldn't get there without sinking into whatever this was without sinking into it myself. So I undid the belt and threw an end to her and managed to pull her out. Her shoes are still there." Minsky tells this part of the story completely calmly. But when he asked in the nearby village why there was no sign warning about quicksand, they told him there was no quicksand in Norway; no one believed him. Some satisfaction creeps into his voice when he tells the aftermath: 15 years later, an article in Science about soil liquefaction vindicated the Minskys.

"It described how some little village in Norway had suddenly disappeared, because what happens is you get some kind of soil that's an unstable mixture of water and other stuff, and if there's a little seismic shock it can suddenly change its state. I should have felt sorry for them, but of course one could only think, 'I told them, and they wouldn't listen.' They're quite rare, but I was very pleased when I saw this article."

Minsky's new book is a sequel to The Society of Mind - "new ways to think," he describes it. If that sounds intellectual rather than practical, he says, "The mind is a big, complicated gadget. That's why I'm good at it. I think of it as a large collection of tricks. "The new book's title is The Emotion Machine, and it will lay out Minsky's theories about how feelings work.

"It's a kludge," he says."The reason why philosophers and people like that never got anywhere is that they had the idea that there's fundamental things - that consciousness is a mysterious thing, and it's really about 20 things which have not very much in common. It's called 'physics envy' - they looked for a few simple principles, and there aren't any."

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series.Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.