These are the top five reads on this blog in the Month of June. Thanks for reading.
Data Without a Warrant is Speculation:
Cyberwar Dies for Lack of Targets
China Controls US Media Channels
Yesterday, Today, and Tomorrow
Yellen Warns of Cyber Threat
Wednesday, June 29, 2016
Monday, June 27, 2016
Intel Selling Cyber Unit
There are a few outlets, among them the Financial Times and CRN [http://www.crn.com/news/security/300078725/intel-security-confirms-divestiture-of-mcafee-ngfw-firewall-enterprise-businesses-in-memo-to-partners.htm], that reported the news that Intel was considering selling its cyber unit, which includes McAfee anti-virus and not much more. It is a good idea. Most of us can remember the promise of Intel when the purchase was made - they were to integrate the malware detection into Intel chips. I wondered at the time how that chip would function without the signatures of malware that go with the detection and removal of most threats. It seems that either could not be done, or could not be done the way they envisioned. The truth may be far simpler.
The Financial Times noted in a brief comment that antivirus and malware products have not been able to stop most of the current types of threats. Of course, phishing has largely replaces a number of other ways to get access to systems. It bypasses the security features of a a system and relies on the inability of users to discriminate between one attachment and another, something McAfee software suites were not designed to do. Nobody else is able to do it either, though several are working on solutions. In big business, when something doesn't work, get rid of it.
The other thing to do is squeeze all you can out of it before you sell it. Intel managed to do that by moving the support operations to India. Perhaps it didn't even occur to them that a security product should have a help desk in its own country and not be transferred to another one. My experience with that support was awful. They wanted to connect to my computer and do installs or trouble shooting - even to removed the McAfee suite which I did a few months into a one year license. This is insane. Nobody wants a connection to someone outside their own country - a root permission, no less - to do anything.
We have to wait for something better to come along, though it will be a few years before we see something that will defend a user from the most common type of attack to get into a system. They sort of tells us the current state of detection and threat mitigation on user systems, especially mobile ones. The industry has not been adapting to new threats, while spinning the wheel on the same old products which are increasingly less capable. They seem to have lost sight of why users buy these kinds of products, and have paid the price of doing so.
The Financial Times noted in a brief comment that antivirus and malware products have not been able to stop most of the current types of threats. Of course, phishing has largely replaces a number of other ways to get access to systems. It bypasses the security features of a a system and relies on the inability of users to discriminate between one attachment and another, something McAfee software suites were not designed to do. Nobody else is able to do it either, though several are working on solutions. In big business, when something doesn't work, get rid of it.
The other thing to do is squeeze all you can out of it before you sell it. Intel managed to do that by moving the support operations to India. Perhaps it didn't even occur to them that a security product should have a help desk in its own country and not be transferred to another one. My experience with that support was awful. They wanted to connect to my computer and do installs or trouble shooting - even to removed the McAfee suite which I did a few months into a one year license. This is insane. Nobody wants a connection to someone outside their own country - a root permission, no less - to do anything.
We have to wait for something better to come along, though it will be a few years before we see something that will defend a user from the most common type of attack to get into a system. They sort of tells us the current state of detection and threat mitigation on user systems, especially mobile ones. The industry has not been adapting to new threats, while spinning the wheel on the same old products which are increasingly less capable. They seem to have lost sight of why users buy these kinds of products, and have paid the price of doing so.
Wednesday, June 22, 2016
Yellen Warns of Cyber Threat
Janet Yellen, the Federal Reserve Board Chair, warned yesterday that cyber security was an important influence on the financial community. In Fed terms, that is not big news, since financial services are under attack every day. Looming in the background of that statement, however was the undermining of SWIFT, the basic infrastructure of transactions from one institution to another. This is a trillion dollar daily transfer system that the big banks rely on. When there is even a whif of trouble in that area, people come running from everywhere.
At Yellen's level of financial management, cyber security is one of hundreds of elements like inflation, recession, employment, wage growth, and teutonic shifts in other countries' economies, like China's shift to a consumption model instead of export driven economy. In that mix, cyber security usually doesn't get honorable mention. This time, it did.
We are at a point that hackers have been near a few times in the past, when they could do damage to our infrastructure by undermining the safety of transactions from one country to another. The credit card industry was at that point before chips were added to cards. Europe made that change long before the US. Even the Internet has faced that kind of attack against the DNS system. In the past, the hackers knew there were limits because new systems and controls would make it harder for them to do their job. The reaction would not benefit them. This new crop of thieves doens't seem to care.
The cyber security industry, particularly the malware defenses for major systems, need a revolutionary change in the way they do detection and erratication of malware. The current state of the profession is not good enough to stop intrusions that use e-mail as the delivery method, targeting a specific user. All those security features are bypassed in one swoop. The intruders have even faked internal email asking a CEO for authority to transfer funds to a third party. For at least the last eight years, we have known the detection systems didn't work very well, but have done almost nothing about it. It is going to take some drastic policy changes that are going to be unpopular, and innovation from the vendors who do this kind of work. We would think the e-mail providers would have an interest in stopping that kind of attack. Don't they?
At Yellen's level of financial management, cyber security is one of hundreds of elements like inflation, recession, employment, wage growth, and teutonic shifts in other countries' economies, like China's shift to a consumption model instead of export driven economy. In that mix, cyber security usually doesn't get honorable mention. This time, it did.
We are at a point that hackers have been near a few times in the past, when they could do damage to our infrastructure by undermining the safety of transactions from one country to another. The credit card industry was at that point before chips were added to cards. Europe made that change long before the US. Even the Internet has faced that kind of attack against the DNS system. In the past, the hackers knew there were limits because new systems and controls would make it harder for them to do their job. The reaction would not benefit them. This new crop of thieves doens't seem to care.
The cyber security industry, particularly the malware defenses for major systems, need a revolutionary change in the way they do detection and erratication of malware. The current state of the profession is not good enough to stop intrusions that use e-mail as the delivery method, targeting a specific user. All those security features are bypassed in one swoop. The intruders have even faked internal email asking a CEO for authority to transfer funds to a third party. For at least the last eight years, we have known the detection systems didn't work very well, but have done almost nothing about it. It is going to take some drastic policy changes that are going to be unpopular, and innovation from the vendors who do this kind of work. We would think the e-mail providers would have an interest in stopping that kind of attack. Don't they?
Tuesday, June 21, 2016
Politically Correct War
The war in Afghanistan has been going on for at least 80 years with different players bringing peace to that little country by killing one group or another. Usually, there is a powerful country, Great Britain, Russia, or the United States helping them. Afghanistan has learned to milk this war for all the money it can get. They make a living from the conflicts there, but in no time has a country put the kind of politically correct rules of engagement on a fighting force. These are the kinds of things that get soldiers killed and allies questioning the help they get.
I can't imagine a Russian soldier consulting an attorney before shooting people shooting at a friendly force. I can't imagine the British having someone in Whitehall decide what targets to strike. I can't imagine a US force with the fighters at risk in a war zone trying to piece together an argument for shooting at an enemy right in front of them.
The words of Carl Von Clausewitz come to mind here, but I can paraphrase the whole commentary: "In times of war, the spirit of benevolence has no place." You turn loose the armies and let them fight in the best way they know how. Innocent people will die in this conflict. Soldiers will die too. If we are too careful about protecting either one of those at the expense of the other, we will lose the war. A description of the rules our soldiers fight under is in Michael Phillips' story in yesterday's Wall Street Journal, Afghan War Rules Leave U.S. Troops Wondering When It’s OK to Shoot. This White House has a unique perspective on war, one that would sacrifice winning for looking good. Between November and January of next year, that House needs a good house cleaning, regardless of who wins our national election.
I can't imagine a Russian soldier consulting an attorney before shooting people shooting at a friendly force. I can't imagine the British having someone in Whitehall decide what targets to strike. I can't imagine a US force with the fighters at risk in a war zone trying to piece together an argument for shooting at an enemy right in front of them.
The words of Carl Von Clausewitz come to mind here, but I can paraphrase the whole commentary: "In times of war, the spirit of benevolence has no place." You turn loose the armies and let them fight in the best way they know how. Innocent people will die in this conflict. Soldiers will die too. If we are too careful about protecting either one of those at the expense of the other, we will lose the war. A description of the rules our soldiers fight under is in Michael Phillips' story in yesterday's Wall Street Journal, Afghan War Rules Leave U.S. Troops Wondering When It’s OK to Shoot. This White House has a unique perspective on war, one that would sacrifice winning for looking good. Between November and January of next year, that House needs a good house cleaning, regardless of who wins our national election.
Monday, June 20, 2016
"Evidence" of China Claims Undone
The amazing logic of claims made by China to the area of the South China Sea, seems to know no bounds, and the BBC put one of them to a test. John Sudworth tells an interesting story of the roots of one of those claims that turned out to be non-existent. It is a well told tale that describes much more than the Chinese would have wished.
Sudworth went to investigate a claim of a 600-year-old book allegedly possessed by a fisherman and passed down from generation to generation. Long story short, the book did not exist, but Sudworth's story is worth telling for the things that occurred around the book, not what was supposed to be in it. He was followed by Chinese police and the people he interviewed were also interviewed by them. If they failed to tell a story supporting the claim to the South China Sea, they were "helping the police" afterwards. When the book couldn't be found, nobody on either side was surprised.
In my first book, I described this as a claim similar to Mexico and Spain claiming the territory of California, which most of us would be happy to have claimed by someone. It is on fire most of the time, short of water, and full of people with extremes of political views that usually don't belong anywhere else. We ignore it most of the time, and Spain can have it. They were there long before any of us and occupied the territory. Most of the time, the same thing can be said for the South China Sea.
However, China seems to want it on their own terms and will not have it any other way. They seem to be intent upon causing a perpetual crisis and poking a finger in President Obama's eye every chance they get. This is disrespect in the street dialogue of relations, and only slightly different when put in diplomatic terms of "friends" who disagree. On this, China does not want to negotiate a settlement; they want nothing less than total capitulation by the rest of the world. Chinese fishing vessels are being taken at regular intervals, and countries are all acting like they think the Chinese claim on the South China Sea is ridiculous. This hasn't altered their approach one bit. They believe they can wait us out. Historically, they might be right, but the matter has yet to be settled, even if the Chinese think it is.
Sudworth went to investigate a claim of a 600-year-old book allegedly possessed by a fisherman and passed down from generation to generation. Long story short, the book did not exist, but Sudworth's story is worth telling for the things that occurred around the book, not what was supposed to be in it. He was followed by Chinese police and the people he interviewed were also interviewed by them. If they failed to tell a story supporting the claim to the South China Sea, they were "helping the police" afterwards. When the book couldn't be found, nobody on either side was surprised.
In my first book, I described this as a claim similar to Mexico and Spain claiming the territory of California, which most of us would be happy to have claimed by someone. It is on fire most of the time, short of water, and full of people with extremes of political views that usually don't belong anywhere else. We ignore it most of the time, and Spain can have it. They were there long before any of us and occupied the territory. Most of the time, the same thing can be said for the South China Sea.
However, China seems to want it on their own terms and will not have it any other way. They seem to be intent upon causing a perpetual crisis and poking a finger in President Obama's eye every chance they get. This is disrespect in the street dialogue of relations, and only slightly different when put in diplomatic terms of "friends" who disagree. On this, China does not want to negotiate a settlement; they want nothing less than total capitulation by the rest of the world. Chinese fishing vessels are being taken at regular intervals, and countries are all acting like they think the Chinese claim on the South China Sea is ridiculous. This hasn't altered their approach one bit. They believe they can wait us out. Historically, they might be right, but the matter has yet to be settled, even if the Chinese think it is.
Sunday, June 19, 2016
Putin Talks
One of the best interviews of the year was done by Fareed Zakaria on his show on CNN. He interviewed Vladimir Putin about a number of issues, including the candidates for office in the US. I can't imagine Xi doing a similar interview because he wants his questions screened and his responses scripted. Putin was able to answere some really tricky questions about the athletic doping issues that got Russian atheletes banned from the Olympics, and the landmine questions about Trump and Clinton. He tempered his responses quite a bit from what he said before about the two of them, probably hedging his bets.
He said one thing I took issue with, since he was aware of Russia meddling in US elections when he was a member of the KGB. He said Russia never meddles in the US elections, when he knows that is not true. It was not in keeping with the rest of the interview where he seemed to have a good grasp of issues and a sense of humor sadly lacking in US politics.
He said one thing I took issue with, since he was aware of Russia meddling in US elections when he was a member of the KGB. He said Russia never meddles in the US elections, when he knows that is not true. It was not in keeping with the rest of the interview where he seemed to have a good grasp of issues and a sense of humor sadly lacking in US politics.
China Stealing Grain Industry
In the latest on China's effort to steal the entire grain management industry - from the seed in the ground to the software used to manage the growing of crops in the field - Montsano filed a civil suit to stop a former employee from using software he allegedly took after he left the company. [http://www.wsj.com/articles/monsanto-files-lawsuit-over-stolen-computer-data-1466201337]. This is a long way from trial, but clearly indicative of the lengths the Chinese have gone to steal the technology of an entire industry, the same way they got solar cell technology and computer business for themselves. A Chinese national stole the seed corn out of the ground in Iowa and got caught. A second hack of companies doing business in crop management, stole software that managed that aspect. This particular individual worked at Montsano in an area that looked at weather and crops and developed algorithms to manage that aspect.
This is not some random act committed by a person who just happened to be Chinese, and just happened to be looking for a job in China. Stealing different aspects of the industry core is an organized effort to steal an industry that the Chinese want. The people involved are Chinese. The products they steal are for the benefit of Chinese companies, usually state-owned. The products being stolen are aspects of the business area that are not being stolen randomly. There is a central manager for all of this and the central manager knows what to steal and how that will fit with the rest of the things that were stolen. This is organized crime, sponsored by a corrupt country with no understanding of legitimate international business. What is Washington doing about this - nothing.
This is not some random act committed by a person who just happened to be Chinese, and just happened to be looking for a job in China. Stealing different aspects of the industry core is an organized effort to steal an industry that the Chinese want. The people involved are Chinese. The products they steal are for the benefit of Chinese companies, usually state-owned. The products being stolen are aspects of the business area that are not being stolen randomly. There is a central manager for all of this and the central manager knows what to steal and how that will fit with the rest of the things that were stolen. This is organized crime, sponsored by a corrupt country with no understanding of legitimate international business. What is Washington doing about this - nothing.
Friday, June 17, 2016
China Slaps Apple Again
For those of you who have taken a long nap and have not noticed what China has been doing to Apple, you may not have noticed that Apple is being penalized for not complying with China's new "terrorism laws" which require the giving up of source code and encryption software that allows a user to be secure from monitoring. Of course the Chinese don't like this, and Carl Ichan withdrew from ownership of Apple stock saying this would have a negative impact on Apple's ability to perform in the Chinese market. I guess he was right, though in my previous post on this I criticized Ichan for not taking into account all the companies that have complied. He should think twice about those giving up their life's blood.
At any rate, the other shoe dropped today when Beijing stopped selling Apple iPhone 6 and 6+ phones. The Wall Street Journal and Fox News have both done stories on this already though Fox was more pointed in its transparent purpose. This is blatent manipulation of trade for the purpose of gaining embedded technologies that not part of the build in China. Nobody believes the Chinese story that Apple phones violate a patent by some Chinese company. We all remember the blatent rip-off of technology and outright copying of US products by China, which Chinese courts are slow at prosecuting unless caught stealing the code outright, and then can manage to drag out for 7 years or more. In the meantime they continue to use the software and embed it in their own products so it can't be removed.
Now, we are anxious to see if Apple will get any government help in fighting this fight. Like Google, they have so far done it on their own, at tremendous cost. It would be difficult for Apple to pull their manufacturing out of China, but that thought must have crossed Tim Cooks' mind a few times lately. There can be no excuse for this kind of behavior and it can be lifted as fast as the ZTE sanctions were when China complained about them. There needs to be a little back channel negotiation with a country that seems unwilling to negotiate on anything. Maybe we could support Apple moving its manufacturing to another country, or stop the sale of some of the Chinese cell phone makers who sell in the US. Wouldn't that be fun?
At any rate, the other shoe dropped today when Beijing stopped selling Apple iPhone 6 and 6+ phones. The Wall Street Journal and Fox News have both done stories on this already though Fox was more pointed in its transparent purpose. This is blatent manipulation of trade for the purpose of gaining embedded technologies that not part of the build in China. Nobody believes the Chinese story that Apple phones violate a patent by some Chinese company. We all remember the blatent rip-off of technology and outright copying of US products by China, which Chinese courts are slow at prosecuting unless caught stealing the code outright, and then can manage to drag out for 7 years or more. In the meantime they continue to use the software and embed it in their own products so it can't be removed.
Now, we are anxious to see if Apple will get any government help in fighting this fight. Like Google, they have so far done it on their own, at tremendous cost. It would be difficult for Apple to pull their manufacturing out of China, but that thought must have crossed Tim Cooks' mind a few times lately. There can be no excuse for this kind of behavior and it can be lifted as fast as the ZTE sanctions were when China complained about them. There needs to be a little back channel negotiation with a country that seems unwilling to negotiate on anything. Maybe we could support Apple moving its manufacturing to another country, or stop the sale of some of the Chinese cell phone makers who sell in the US. Wouldn't that be fun?
Thursday, June 16, 2016
Russian Intelligence behind DNC Hack
Luke Penn-Hall seems to have gotten the hack of the Democratic National Committee right. [http://thecipherbrief.com/article/tech/goldilocks-and-two-bears-1092 ]. The story today names two Russian Intelligence Services, both the FSB and the GRU (military intelligence) hacked the DNC, according to this report. The FSB had been in the DNC for over a year, and their operation was disrupted by a clumsy hack done by the GRU which was not coordinating their operations. Not only that, Hall says it was the GRU that wanted the information on Trump that was stolen.
So, today's announcement by a single hacker that he hacked the DNC by himself seems like it is a little less credible today than yesterday. It was not very believable to begin with, but certainly believable by those who wanted it to be true. Now, we will know the Russians are the ones spreading the information about Trump that was collected by the DNC.
Gee, we thought Putin was going to get along well with Donald Trump. I guess the Russian Military didn't think so. The problem with autocratic governments like the ones in China and Russia is their military is not always under control and doing what the Chairman of the Party really wants. They sometimes operate with their own agenda. It is easy for that kind of thing to get of hand, if it really was not intended. The FSB seemed to be observing and not taking much of anything, which is the real objective of this kind of activity. You can bet they are not happy about this being undone. See also my entry on https://www.blogger.com/blogger.g?blogID=9033304048882784982#editor/target=post;postID=3805325663593890247;onPublishedMenu=allposts;onClosedMenu=allposts;postNum=2;src=postname
So, today's announcement by a single hacker that he hacked the DNC by himself seems like it is a little less credible today than yesterday. It was not very believable to begin with, but certainly believable by those who wanted it to be true. Now, we will know the Russians are the ones spreading the information about Trump that was collected by the DNC.
Gee, we thought Putin was going to get along well with Donald Trump. I guess the Russian Military didn't think so. The problem with autocratic governments like the ones in China and Russia is their military is not always under control and doing what the Chairman of the Party really wants. They sometimes operate with their own agenda. It is easy for that kind of thing to get of hand, if it really was not intended. The FSB seemed to be observing and not taking much of anything, which is the real objective of this kind of activity. You can bet they are not happy about this being undone. See also my entry on https://www.blogger.com/blogger.g?blogID=9033304048882784982#editor/target=post;postID=3805325663593890247;onPublishedMenu=allposts;onClosedMenu=allposts;postNum=2;src=postname
Wednesday, June 15, 2016
Why China Wants Code Signing Certs
It isn't hard to figure out why China is stealing source code and then signing it with certificates that look like they are legitimate. Symantec has published an interesting report on something called Suckfly [a better name might be nice] which uses compromised signing certificates to make the code look valid by someone thinking the certificate was valid and therefore from someone who made the software.
Symantec's report [http://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates] began to be written when they discovered a code signing cert from a mobile software developer on something that wasn't for mobile devices. One thing led to another, and eventually to Chengdu, China where other certs were traced.
The Chinese are stealing us blind and undermining the Internet infrastructure with bogus domains and bogus software. Sometimes they are doing this to resell software they have stolen and sometimes just to control their own people and keep them from using the real Internet. If they stuck to their own people and not populated certs across the Internet, we might conclude they were doing it for internal security. They aren't.
When Google stopped accepting certs from the China NIC, the world should have been paying attention to what they were doing. They are spreading their own software on the Internet that can monitor anyone they choose. They are not content to monitor just their own.
Symantec's report [http://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates] began to be written when they discovered a code signing cert from a mobile software developer on something that wasn't for mobile devices. One thing led to another, and eventually to Chengdu, China where other certs were traced.
The Chinese are stealing us blind and undermining the Internet infrastructure with bogus domains and bogus software. Sometimes they are doing this to resell software they have stolen and sometimes just to control their own people and keep them from using the real Internet. If they stuck to their own people and not populated certs across the Internet, we might conclude they were doing it for internal security. They aren't.
When Google stopped accepting certs from the China NIC, the world should have been paying attention to what they were doing. They are spreading their own software on the Internet that can monitor anyone they choose. They are not content to monitor just their own.
With Russia, You Have to Laugh
A serious article today in the Wall Street Journal made me laugh out loud. Julian Barnes writes that NATO recognizes cyber space as a domain for war, and the Democratic National Committee (DNC) which manages policies and money for the Democratic Party has been hacked. There really is not a connection between these two subjects, but one is made anyway. That is not the funny part.
What is funny about this is NATO taking so long to formally recognize that cyberspace is a domain for war, and the DNC getting hacked is not new, since political parties and candidates have been hacked for at least the last 8 years. The Director of National Intelligence even talked about it at one of the Congressional hearings where he had to testify.
We used to think NATO was a little slow at making policy. The glaciers moved faster. I discount that one completely. The DNC hack is different.
The DNC has already announced that it was hacked, a somewhat unusual event, since political groups rarely announce that kind of thing. They also made it clear that some of their research on Donald Trump was stolen. This is a tipoff of what is to come and a trick of information warfare that has come to politics many times. The DNC could never disclose some of the information on Trump because it was probably come by through channels they would have to explain if discovered. They still want this information to be out and there are some ways to do that through "leaks" to the press. This is a slow and painful way to do it and eventurally will be discovered. Having it stolen is better.
Soon we will see a bunch of stories all coming out in the months before the election. They will be unsubstantiated, probably the fruits of stolen information two or three levels deep. They will come from unknown sources, but name names as if authoritative. The same techniques are described in papers published after the Russia collapse and the opening of files related to the KGB operations in the US. They were trying to stop Ronald Reagan from being elected President. That is really funny, since they spent a lot of money and time attacking his staff and advisors only to see him win.
What is funny about this is NATO taking so long to formally recognize that cyberspace is a domain for war, and the DNC getting hacked is not new, since political parties and candidates have been hacked for at least the last 8 years. The Director of National Intelligence even talked about it at one of the Congressional hearings where he had to testify.
We used to think NATO was a little slow at making policy. The glaciers moved faster. I discount that one completely. The DNC hack is different.
The DNC has already announced that it was hacked, a somewhat unusual event, since political groups rarely announce that kind of thing. They also made it clear that some of their research on Donald Trump was stolen. This is a tipoff of what is to come and a trick of information warfare that has come to politics many times. The DNC could never disclose some of the information on Trump because it was probably come by through channels they would have to explain if discovered. They still want this information to be out and there are some ways to do that through "leaks" to the press. This is a slow and painful way to do it and eventurally will be discovered. Having it stolen is better.
Soon we will see a bunch of stories all coming out in the months before the election. They will be unsubstantiated, probably the fruits of stolen information two or three levels deep. They will come from unknown sources, but name names as if authoritative. The same techniques are described in papers published after the Russia collapse and the opening of files related to the KGB operations in the US. They were trying to stop Ronald Reagan from being elected President. That is really funny, since they spent a lot of money and time attacking his staff and advisors only to see him win.
Another Theft of Source Code by China
I showed several high profile examples of source code theft from US companies by the Chinese in my first and third books, and I didn't imagine that they would stop doing that since source code allows them to bypass the long development cycles for good software and use someone else's work. Although the Justice Department doesn't mention the name of the company or the type of software, by all indications Xu Jiaqiang, who has a LinkedIn profile, and the indictment brought in White Plains New York, near IBM's headquarters, we probably don't have to look too far for the home of the source code. Xu is a self-proclaimed Linux guru and did various aspects of storage management at IBM.
Here we have another example of a Chinese National in the U.S working for a US business, stealing from the business and sending the information home to China. We have had more than enough of this kind of theft in recent years. It makes me wonder why we bring in Chinese national technicians and allow them access to sensitive code that needs to be protected. If I were a business manager again, I certainly would think twice about hiring a Chinese national for a job in the US, yet thousands of them are employed and travel back and forth to China on a regular basis. They still hold Chinese passports, yet while anyone that disagrees with the government's policies will not be allowed to travel, these people do it all the time. They have safe-havens in China called joint ventures that are 51% owned and controlled by Chinese nationals, that allow them to exchange information with their business friends. The Chinese set these arrangements up to make sure there is information exchange between business partners they control and US businesses. It is a lopsided agreement that gives them easy access to business secrets.
I have repeatedly asked for reciprocity in Chinese relations. If they are going to allow and encourage Chinese controlled joint ventures, then we need to do the same thing. We will allow US subsidiaries, divisions and joint ventures to operate here without having a US national's in control, or forcing the exchange of technology with Chinese companies. IBM has been in China for a long, long time and knows the score in this game. How many more of these people have they brought to the US?
Here we have another example of a Chinese National in the U.S working for a US business, stealing from the business and sending the information home to China. We have had more than enough of this kind of theft in recent years. It makes me wonder why we bring in Chinese national technicians and allow them access to sensitive code that needs to be protected. If I were a business manager again, I certainly would think twice about hiring a Chinese national for a job in the US, yet thousands of them are employed and travel back and forth to China on a regular basis. They still hold Chinese passports, yet while anyone that disagrees with the government's policies will not be allowed to travel, these people do it all the time. They have safe-havens in China called joint ventures that are 51% owned and controlled by Chinese nationals, that allow them to exchange information with their business friends. The Chinese set these arrangements up to make sure there is information exchange between business partners they control and US businesses. It is a lopsided agreement that gives them easy access to business secrets.
I have repeatedly asked for reciprocity in Chinese relations. If they are going to allow and encourage Chinese controlled joint ventures, then we need to do the same thing. We will allow US subsidiaries, divisions and joint ventures to operate here without having a US national's in control, or forcing the exchange of technology with Chinese companies. IBM has been in China for a long, long time and knows the score in this game. How many more of these people have they brought to the US?
Tuesday, June 14, 2016
Yesterday, Today, and Tomorrow
One of my audience at a speech I did last month said he was glad "to get some of that history" from events that occurred in the 1990s. It was hard to see that time as "history" unless you are under 30. Yet, when we look around today, the terrorists are very much the same, and driven by the same kinds of perceived wrongs. We haven't learned from history, and we need to do more before we have an incident that will make Orlando look small.
The Baadar-Meinhof Gang was shooting people ind the streets of Germany in the 70's. They were getting support from the East German Stasi, the well-known secret police, now joined with the new German government. [for a longer account see BBC's report from http://news.bbc.co.uk/2/hi/europe/6314559.stm ]. When they were finally captured, a group of Arabs sympathetic to their cause, or so they said, captured a plane load of German tourists and offered to exchange them for those that were imprisoned. I remember that very well, because I was just getting into hostage negotiation and was trying to learn from current events. There was no negotiating with these kinds of people. They were motivated, heavily armed, and they had hostages that we had to take into consideration. Killing hostages was one of their objectives, so it is difficult for a negotiator to win any kind of concession. They don't want to give up people whom they really want to threaten or kill.
In 2002, Moscow was traumatized by having 40 gunmen, mostly Islamic extremists who were Chechens, took over the Dubrovka Theater where 850 people were out for an evening of entertainment. Over 170 of them did not make it back home. The Russians tried gas, which I thought at the time, was a pretty good idea. It just turned out that the concentrations of gas killed as many people as the terrorists. These kinds of extractions need planning and practice.
The Orlando shootings fall into a similar vein. An extremist shoots lots of people to demonstrate that he is willing to kill. The police reacted quickly, engaged the person, and he retreated. They tried negotiating but it didn't go well and they had to go into confined space to get him. In that small incident, 49 people died. Want to guess what the casualty totals would have been if 40 gunmen had showed up there?
We are not prepared to deal with the scale of terrorism that is going on everywhere in the world. Twenty or thirty attackers take on defenses in many countries, and they do it almost every day. Our FBI and Intelligence Services have done remarkably well in spite of government neglect of their programs. They always do, because they put their country over politics. We need to put some money into advancing the approaches to mass hostage situations. There seems to be few new ideas.
The Baadar-Meinhof Gang was shooting people ind the streets of Germany in the 70's. They were getting support from the East German Stasi, the well-known secret police, now joined with the new German government. [for a longer account see BBC's report from http://news.bbc.co.uk/2/hi/europe/6314559.stm ]. When they were finally captured, a group of Arabs sympathetic to their cause, or so they said, captured a plane load of German tourists and offered to exchange them for those that were imprisoned. I remember that very well, because I was just getting into hostage negotiation and was trying to learn from current events. There was no negotiating with these kinds of people. They were motivated, heavily armed, and they had hostages that we had to take into consideration. Killing hostages was one of their objectives, so it is difficult for a negotiator to win any kind of concession. They don't want to give up people whom they really want to threaten or kill.
In 2002, Moscow was traumatized by having 40 gunmen, mostly Islamic extremists who were Chechens, took over the Dubrovka Theater where 850 people were out for an evening of entertainment. Over 170 of them did not make it back home. The Russians tried gas, which I thought at the time, was a pretty good idea. It just turned out that the concentrations of gas killed as many people as the terrorists. These kinds of extractions need planning and practice.
The Orlando shootings fall into a similar vein. An extremist shoots lots of people to demonstrate that he is willing to kill. The police reacted quickly, engaged the person, and he retreated. They tried negotiating but it didn't go well and they had to go into confined space to get him. In that small incident, 49 people died. Want to guess what the casualty totals would have been if 40 gunmen had showed up there?
We are not prepared to deal with the scale of terrorism that is going on everywhere in the world. Twenty or thirty attackers take on defenses in many countries, and they do it almost every day. Our FBI and Intelligence Services have done remarkably well in spite of government neglect of their programs. They always do, because they put their country over politics. We need to put some money into advancing the approaches to mass hostage situations. There seems to be few new ideas.
Monday, June 13, 2016
China Controls US Media Channels
China's control of US media channels is the subject of an article today in the Wall Street Journal (China’s Content Crackdown Forces Western Media Concessions ) and what it points to is something I wrote about several years ago, the willingness of the Chinese government to censor anyone who has content that might be read by people in China.
Most of us remember that this started with Google and their unwillingness to bow to censorship of content on the Internet that the Chinese did not like. These were things like the Chinese definition of pornography, which is somewhat more like the Puritans than a country's government. It also included dissent. When Google wouldn't cooperate, the Chinese hacked the accounts.
A number of "foreign" press operate in China, and some of them openly cooperate with the new laws on ownership and content. This is a tricky area for the free press to operate in. They are cooperating with dubious restrictions on what and how to publish content in China.
The New York Times has taken a different approach, and continues to publish and attempt to allow the distribution of translated text directly to those who can find ways to get it. Sometimes, that is difficult and dangerous, for both the people who look at that content and those who distribute it. It is equally difficult for those who cooperate with the government.
The Chinese have shown a remarkable ability to get foreign companies to cooperate with objectionable policies from forcing the delivery of proprietary and trade secret information to these press restrictions. What we are seeing now are press outlets who cooperate with the Chinese in restricting access to certain types of content that is distributed in China. They do this for advertising revenue that comes with, similar to the reasoning of Boards of Directors who allow the illegal transfer of technology to China solely for the profits that come from selling goods there. It kind of reminds me of a fat little Communist leader, Nikita Khrushchev, of was famous for pounding his shoe on a table while addressing the UN in 1960. He said, "We will bury you." He was talking about the West, and its inability to stop trading with Commnunist countries like his. He claimed the profit motive drove too much of what businesses did. He inferred that he would use the rope made by US manufacturers to hang them.
Most of us remember that this started with Google and their unwillingness to bow to censorship of content on the Internet that the Chinese did not like. These were things like the Chinese definition of pornography, which is somewhat more like the Puritans than a country's government. It also included dissent. When Google wouldn't cooperate, the Chinese hacked the accounts.
A number of "foreign" press operate in China, and some of them openly cooperate with the new laws on ownership and content. This is a tricky area for the free press to operate in. They are cooperating with dubious restrictions on what and how to publish content in China.
The New York Times has taken a different approach, and continues to publish and attempt to allow the distribution of translated text directly to those who can find ways to get it. Sometimes, that is difficult and dangerous, for both the people who look at that content and those who distribute it. It is equally difficult for those who cooperate with the government.
The Chinese have shown a remarkable ability to get foreign companies to cooperate with objectionable policies from forcing the delivery of proprietary and trade secret information to these press restrictions. What we are seeing now are press outlets who cooperate with the Chinese in restricting access to certain types of content that is distributed in China. They do this for advertising revenue that comes with, similar to the reasoning of Boards of Directors who allow the illegal transfer of technology to China solely for the profits that come from selling goods there. It kind of reminds me of a fat little Communist leader, Nikita Khrushchev, of was famous for pounding his shoe on a table while addressing the UN in 1960. He said, "We will bury you." He was talking about the West, and its inability to stop trading with Commnunist countries like his. He claimed the profit motive drove too much of what businesses did. He inferred that he would use the rope made by US manufacturers to hang them.
Friday, June 10, 2016
Justice for Samsung
In an article today in the Wall Street Journal [Johnathan Cheng, Justice Department Urges High Court to Overturn Award to Apple Over Samsung Smartphones, 10 June] the Justice Department is said to have intervened by filing an amicus brief with the US Supreme Court, urging them to overturn a lower court finding for Apple in their dispute with Samsung. So, we have the US Justice Department attempting to overcome a finding in favor of a US company against another who was found to be using intellectual property of the other. I'm confused.
I thought the Justice Department was supposed to be working for the US government. Does it make sense for Justice to intervene in the dispute between two large companies after many years of court battles, finally settled in Apple's favor? Maybe they are trying to make law again by going to the Supreme Court, rather than just following the laws already made. They need to stick to handling criminals, where they do best.
I thought the Justice Department was supposed to be working for the US government. Does it make sense for Justice to intervene in the dispute between two large companies after many years of court battles, finally settled in Apple's favor? Maybe they are trying to make law again by going to the Supreme Court, rather than just following the laws already made. They need to stick to handling criminals, where they do best.
California-China Railway Collapse
While the rest of us have been focusing on other things, our government has favored a company formed from state-owned companies in China, teamed with a US partner, to build a high-speed railroad from the Los Angeles area, in California, to Las Vegas, in the middle of the desert in Nevada. It has collapsed because the Chinese were not making progress with the build and the Federal officials must have thought it was not going to play well in an election year. Nobody, until now, has raised an eyebrow over this deal, especially since we are starting to see the relationship of Chinese businesses and people connected to the election of local governments in the US.
The story came out in the Wall Street Journal today, but several news outlets are carrying similar stories (Las Vegas and the LA Times have details). China was to finance this operation, starting with $100 million to get it going. This is a lot of money funneled into two states run by leaders in the Democratic Party. The way this worked in Virginia (also a Democrat) was that US companies, owned by a Chinese businessman, were funding both the governor and the Clinton Foundation. One of the Chinese who commented about this said it was important to influence local leaders because that was the path to influence at the top. Somebody in our government gave that Chinese businessman permanent residence status in the US so his donations would not come from foreign sources. Very clever, but highly illegal.
What we should be looking for is a similar arrangement with US businesses and Chinese leaders who are allowed to come to the US for permanent residence. They are using this as a path to influence our government leaders. The smoking gun is in Virginia, but a smoking cannon lies somewhere in the West.
The story came out in the Wall Street Journal today, but several news outlets are carrying similar stories (Las Vegas and the LA Times have details). China was to finance this operation, starting with $100 million to get it going. This is a lot of money funneled into two states run by leaders in the Democratic Party. The way this worked in Virginia (also a Democrat) was that US companies, owned by a Chinese businessman, were funding both the governor and the Clinton Foundation. One of the Chinese who commented about this said it was important to influence local leaders because that was the path to influence at the top. Somebody in our government gave that Chinese businessman permanent residence status in the US so his donations would not come from foreign sources. Very clever, but highly illegal.
What we should be looking for is a similar arrangement with US businesses and Chinese leaders who are allowed to come to the US for permanent residence. They are using this as a path to influence our government leaders. The smoking gun is in Virginia, but a smoking cannon lies somewhere in the West.
Thursday, June 9, 2016
Russia and China Poking Fingers
In case you haven't noticed, both China and Russia are using the same kinds of tactics against the US military. I doubt that this is a coincidence.
The Russians are harassing US ships by flying low over them. It makes for breathtaking video of low flying aircraft screaming over the top of a ship barely missing it, or a Russian fighter getting really close to a surveillance aircraft. [http://www.cnn.com/2016/04/18/politics/russia-jets-buzz-u-s-ship-rules-of-engagement/] The Chinese fly similarly close to a US surveillance aircraft in international waters. There is nothing new about this conduct, but having both of them doing it at the same time is new.
Both sides are doing it during sensitive negotiations with the US. This seems to have caught on after China sent ships through US seas during President Obama's visit to Alaska, and during his visit to Vietnam. Make a distraction so the negotiators have something else to think about during the talks. There are several reasons for wanting to do this, but the obvious one is to stick a finger in the eye of the US delegations. It is a clear sign of disrespect. The general approach is to show those signs as the negotiations are about to start.
The Russians are harassing US ships by flying low over them. It makes for breathtaking video of low flying aircraft screaming over the top of a ship barely missing it, or a Russian fighter getting really close to a surveillance aircraft. [http://www.cnn.com/2016/04/18/politics/russia-jets-buzz-u-s-ship-rules-of-engagement/] The Chinese fly similarly close to a US surveillance aircraft in international waters. There is nothing new about this conduct, but having both of them doing it at the same time is new.
Both sides are doing it during sensitive negotiations with the US. This seems to have caught on after China sent ships through US seas during President Obama's visit to Alaska, and during his visit to Vietnam. Make a distraction so the negotiators have something else to think about during the talks. There are several reasons for wanting to do this, but the obvious one is to stick a finger in the eye of the US delegations. It is a clear sign of disrespect. The general approach is to show those signs as the negotiations are about to start.
Wednesday, June 8, 2016
Closing the China Barn Door
We have a saying in the U.S that translates, "When the horse has already left the barn, it is too late to close the door." This is the arguable position of negotiators meeting with China's leadership this week in what is euphemistically called the Strategic and Economic Dialogue. For those who might not have heard of it, it is a regular meeting every year and this time it is in China. The US Secretary of State and Treasury Secretary are representing the US.
A few news outlets have covered the stories coming out and there are many views of this meeting being expressed from different slants. The Wall Street Journal and NPR have somewhat different stories about the same meeting, but both mention steel production and the South China Sea. The US has slapped tariffs on cold rolled steel, and the Chinese have promised "not to expand steel production" a rediculous statement, since the problem of steel production in China is not capacity; it is over capacity. They are keeping their steel industry going in spite of its being pumped into the world's markets and losing money on most of it. This is the classic definition of dumping. With the new tariffs it will be more expensive, but that is a relative thing in a declining price climate driven by over production.
The US, in the week before this meeting was telling China that it would not accept an aircraft identification zone in the South China Sea. A nice sentiment, but for over a year now, China has been warning aircraft entering the spaces around their new little islands that they could not fly through the airspace. That is short of an idenfication zone, but not by much. Drawing a red line with this as a premise is not very good diplomacy. They are enforcing one now, without calling it that, and they are raising the ante by putting anti-aircraft and fighters on some of those little spots on the ocean. They are there for a reason.
The US has accepted China's statements on issues like this for most of the time John Kerry has been Secretary of State. The ability of this State Department to allow this kind of nonsense is not representing the country very well. It sounds like a phrase we heard often in the days when Mr. Kerry was throwing his military medals on the table when he was called as a witness before Congress - peace at any price.
A few news outlets have covered the stories coming out and there are many views of this meeting being expressed from different slants. The Wall Street Journal and NPR have somewhat different stories about the same meeting, but both mention steel production and the South China Sea. The US has slapped tariffs on cold rolled steel, and the Chinese have promised "not to expand steel production" a rediculous statement, since the problem of steel production in China is not capacity; it is over capacity. They are keeping their steel industry going in spite of its being pumped into the world's markets and losing money on most of it. This is the classic definition of dumping. With the new tariffs it will be more expensive, but that is a relative thing in a declining price climate driven by over production.
The US, in the week before this meeting was telling China that it would not accept an aircraft identification zone in the South China Sea. A nice sentiment, but for over a year now, China has been warning aircraft entering the spaces around their new little islands that they could not fly through the airspace. That is short of an idenfication zone, but not by much. Drawing a red line with this as a premise is not very good diplomacy. They are enforcing one now, without calling it that, and they are raising the ante by putting anti-aircraft and fighters on some of those little spots on the ocean. They are there for a reason.
The US has accepted China's statements on issues like this for most of the time John Kerry has been Secretary of State. The ability of this State Department to allow this kind of nonsense is not representing the country very well. It sounds like a phrase we heard often in the days when Mr. Kerry was throwing his military medals on the table when he was called as a witness before Congress - peace at any price.
Tuesday, June 7, 2016
Turning Cyber Command Loose
An article in The Hill yesterday made me shudder. [ Week ahead: Lawmakers divided over Pentagon's cyber unit, at http://thehill.com/policy/cybersecurity/282133-week-ahead-lawmakers-divided-over-pentagons-cyber-unit ]. The debate between the House and Senate have split the versions of the National Defense Authorization Act, in part, on Cyber Command being independent of its parent command at StratCom.
I have a great fear of Cyber Command because its reach far exceeds its grasp. DoD has published a policy that describes the scope of what Cyber Command would be taking over in Department of Defense Instruction NUMBER 8530.01 March 7, 2016. It includes such things as private contractors of the Defense Department, network service and cloud providers, and anything DoD. That far exceeds any mandate for a Combatant Command and certainly gets us into some clearly debatable issues on the authority of a military in law enforcement and security of civilian functions. They certainly do not belong there unless it relates to Nuclear Command and Control or the White House National Command Authority.
We went through this 7 years ago with the same people. They never give up; they never stop expanding their empire, until Congress says to stop as it did the last time. DoD can't even secure its own networks, and there is no way they can be expected to do someone else's Security. The main problem is the alternatives.
Cyber Command is quick to tell us that there really is no alternative to their control of these network elements. The track record of DoD security should be the measure of that. This is similar to the national elections where we have two candidates that many of the people feel are not trustworthy. The choice is between the two. This is a false argument that is paper thin. Cyber Command can't even make policy for the networks in DoD and get people to follow it. We can have better security of the Federal networks, but it won't come from the military taking it over. It is partly a budget issue. Somebody needs to pay attention to what those security dollars are going to. When the Army builds a golf course with the Cyber Security money, you have to wonder if it is possible for the military to take this function over.
I have a great fear of Cyber Command because its reach far exceeds its grasp. DoD has published a policy that describes the scope of what Cyber Command would be taking over in Department of Defense Instruction NUMBER 8530.01 March 7, 2016. It includes such things as private contractors of the Defense Department, network service and cloud providers, and anything DoD. That far exceeds any mandate for a Combatant Command and certainly gets us into some clearly debatable issues on the authority of a military in law enforcement and security of civilian functions. They certainly do not belong there unless it relates to Nuclear Command and Control or the White House National Command Authority.
We went through this 7 years ago with the same people. They never give up; they never stop expanding their empire, until Congress says to stop as it did the last time. DoD can't even secure its own networks, and there is no way they can be expected to do someone else's Security. The main problem is the alternatives.
Cyber Command is quick to tell us that there really is no alternative to their control of these network elements. The track record of DoD security should be the measure of that. This is similar to the national elections where we have two candidates that many of the people feel are not trustworthy. The choice is between the two. This is a false argument that is paper thin. Cyber Command can't even make policy for the networks in DoD and get people to follow it. We can have better security of the Federal networks, but it won't come from the military taking it over. It is partly a budget issue. Somebody needs to pay attention to what those security dollars are going to. When the Army builds a golf course with the Cyber Security money, you have to wonder if it is possible for the military to take this function over.
Friday, June 3, 2016
The Other Shoe is Huawei
In yesterday's Wall Street Journal, Juro Osawa [ U.S. Seeks Huawei Records on Dealings With Sanctioned Nations ] says:
"The U.S. Commerce Department has subpoenaed Huawei Technologies Co., demanding that the Chinese telecommunications giant submit all information on its export and re-export of technological goods to Iran, North Korea and other sanctioned nations, a person with knowledge of the matter said."
What we are seeing is the fallout from the sanctions levied and removed from ZTE, the Chinese technology giant. ZTE internal documents described a series of methods to avoid U.S. export controls, methods that are much like the setting up of shell companies listed in the so-called Panama papers. Using front companies allows them to get banned goods to Iran and North Korea. Those internal documents also alluded to another company that did the same thing. It looks like the inquiry will pursue whether that was Huawei.
ZTE and Huawei have a long history of working together and using the same methods to dig deep into the infrastructure of various countries in the world, often with cooperating host businesses in those countries. This all looks like normal business, unless and until they start using shell companies to distribute those goods to banned countries. This is just the beginning of the investigation and we should be skeptical about it going anywhere. The Obama Administration stopped the sanctions on ZTE within a week of them being brought. Let's hope they can do better this time, but don't count on it.
"The U.S. Commerce Department has subpoenaed Huawei Technologies Co., demanding that the Chinese telecommunications giant submit all information on its export and re-export of technological goods to Iran, North Korea and other sanctioned nations, a person with knowledge of the matter said."
What we are seeing is the fallout from the sanctions levied and removed from ZTE, the Chinese technology giant. ZTE internal documents described a series of methods to avoid U.S. export controls, methods that are much like the setting up of shell companies listed in the so-called Panama papers. Using front companies allows them to get banned goods to Iran and North Korea. Those internal documents also alluded to another company that did the same thing. It looks like the inquiry will pursue whether that was Huawei.
ZTE and Huawei have a long history of working together and using the same methods to dig deep into the infrastructure of various countries in the world, often with cooperating host businesses in those countries. This all looks like normal business, unless and until they start using shell companies to distribute those goods to banned countries. This is just the beginning of the investigation and we should be skeptical about it going anywhere. The Obama Administration stopped the sanctions on ZTE within a week of them being brought. Let's hope they can do better this time, but don't count on it.
Wednesday, June 1, 2016
Undermining Dissent
The folks at the University of Toronto have another interesting report Keep Calm and (Don’t) Enable Macros: A New Threat Actor Targets UAE Dissidents that is a reminder of how government's handle dissent. What is interesting about this one is the flow of adoption of some pretty powerful tools to government's other than the usual suspects, China, Iran and Russia who pursue dissent relentlessly. Yes, we have known that Egypt, Saudi Arabia, Syria, and many other examples I cited in my last book, The New Cyberwar, but some of those countries were using tools made for law enforcement by U.S manufacturers. This seems to be a set of tools developed for the purpose by the UAE and the targets were press and dissidents. The techniques used were not very earth-shattering or unique, but it seems the ability to discourage and target press and activists is not limited - more and more countries are doing it. Mexico and South Sudan also has been recently added to that list.
Our culture of democracy may be a disadvantage at times, but I have to remind myself, on occasion, that it is a good thing. We allow a free press, though we lambast them for what they say, even openly criticize them for doing their job in a way that exposes us to criticism. On the flip side of that, I have always declined press interviews because they take a view of events and bend the facts to fit that view. That is on them. We have too many reporters who take political sides and editorial slants to news that used to be factual representations of what occurred, not a reporter's or editor's interpretation of those events. Reporters need to be more like hockey referees.
You will hear, every now and again, that a player will turn to a referee in the faceoff circle and remind him of a simple fact: "The folks watching the hockey game are here to see us play, not you drop the puck." It happened last week. For those who are not fans of hockey, it just means do your job and we will do ours. The fans are here to see us, not you.
In some countries, the referee blows the whistle and nobody stops playing or shoots the referee. In this country, we stop, gather, and await the puck drop. Everyone has a place. That allows us to watch a really good game where different opponents fight it out without interference. It would be nice if politics were more like hockey.
Our culture of democracy may be a disadvantage at times, but I have to remind myself, on occasion, that it is a good thing. We allow a free press, though we lambast them for what they say, even openly criticize them for doing their job in a way that exposes us to criticism. On the flip side of that, I have always declined press interviews because they take a view of events and bend the facts to fit that view. That is on them. We have too many reporters who take political sides and editorial slants to news that used to be factual representations of what occurred, not a reporter's or editor's interpretation of those events. Reporters need to be more like hockey referees.
You will hear, every now and again, that a player will turn to a referee in the faceoff circle and remind him of a simple fact: "The folks watching the hockey game are here to see us play, not you drop the puck." It happened last week. For those who are not fans of hockey, it just means do your job and we will do ours. The fans are here to see us, not you.
In some countries, the referee blows the whistle and nobody stops playing or shoots the referee. In this country, we stop, gather, and await the puck drop. Everyone has a place. That allows us to watch a really good game where different opponents fight it out without interference. It would be nice if politics were more like hockey.
Cyberwar Dies for Lack of Targets
Steven Aftergood at the Federation of American Scientists has an interesting sidelight to the cyberwar hoopla spawned by the Obama Administration over cyber attacks on Sony and the theft of security data from the U.S. Office of Personnel Management. He has an interesting point that is more disturbing than we really want to know. [ http://fas.org/blogs/secrecy/2016/05/cyber-emergency/ ]. In spite of all the words put out by the White House, and the declaration of an "national emergency", Treasury issued a report saying no qualifying targets had been identified. Bizarre. I know a few people who could have helped them find some, but naming them would have been just the first step.
It is like all those nuclear weapons sitting in bunkers waiting to be used - but never used. We talk about them a lot. We know how to deliver them. We don't like the results on either side when that happens. These are all things that were discussed for years when the first bomb was dropped on Japan. As people found out what the likely consequences of war would be with nuclear exchanges, even the crazy people of the world thought better of it. It is the kind of thing North Korea talks about because it knows talking about it has some value. This is completely different.
It wasn't targets that called this off. The politicians and business leaders who know the Chinese got the security clearance records of almost 21 million people means the Chinese have a way of turning this cyberwar into a bloody battle that not many of the top echelon would find very satisfying. The Chinese know more about our leadership than we know about them. Heading into an election year, they also know that this kind of data could make quite a stir.
It is like all those nuclear weapons sitting in bunkers waiting to be used - but never used. We talk about them a lot. We know how to deliver them. We don't like the results on either side when that happens. These are all things that were discussed for years when the first bomb was dropped on Japan. As people found out what the likely consequences of war would be with nuclear exchanges, even the crazy people of the world thought better of it. It is the kind of thing North Korea talks about because it knows talking about it has some value. This is completely different.
It wasn't targets that called this off. The politicians and business leaders who know the Chinese got the security clearance records of almost 21 million people means the Chinese have a way of turning this cyberwar into a bloody battle that not many of the top echelon would find very satisfying. The Chinese know more about our leadership than we know about them. Heading into an election year, they also know that this kind of data could make quite a stir.
Data Without a Warrant is Speculation
In the United States the findings of courts are hierarchical with the Circuit Courts being the last step before the Supreme Court. The findings by these courts are important as precedent. Last week there was one by the Fourth Circuit in Richmond, VA that will change the way some people think about their electronic devices. Under this ruling, location data from phones, and perhaps other devices like your car, do not require a warrant for law enforcement. You will shortly hear all kinds of speculation about what and where this can be extracted and most of it will be wrong.
The Senior Business Editor, Cyrus Farivar, at Ars Technica has an article on this at [http://arstechnica.com/tech-policy/2016/05/cops-can-easily-get-hundreds-of-days-of-location-data-appeals-court-rules/] that fans the speculation about what might be collected by law enforcement. Without being a lawyer (and I am not) you can read other cases on this subject and see that it will have to be further defined to be applied. One year ago, the same court held that location data could not be collected for long periods - not defined, but 221 days was too long - without a warrant. The current decision was based more on third party doctrine, that the data was voluntarily given to the cell phone carrier. The decision says, "The government did not surreptitiously view, listen to, record, or in any other way engage in direct surveillance of Defendants to obtain this information." If that ruling holds up, all kinds of data that is supplied to third parties could be available to law enforcement.
Just think of all the data about us that is collected by third parties.
The Senior Business Editor, Cyrus Farivar, at Ars Technica has an article on this at [http://arstechnica.com/tech-policy/2016/05/cops-can-easily-get-hundreds-of-days-of-location-data-appeals-court-rules/] that fans the speculation about what might be collected by law enforcement. Without being a lawyer (and I am not) you can read other cases on this subject and see that it will have to be further defined to be applied. One year ago, the same court held that location data could not be collected for long periods - not defined, but 221 days was too long - without a warrant. The current decision was based more on third party doctrine, that the data was voluntarily given to the cell phone carrier. The decision says, "The government did not surreptitiously view, listen to, record, or in any other way engage in direct surveillance of Defendants to obtain this information." If that ruling holds up, all kinds of data that is supplied to third parties could be available to law enforcement.
Just think of all the data about us that is collected by third parties.
Subscribe to:
Posts (Atom)