Category Archives: USA

Quis Custodiet Ipsos Custodes?

With the controversy over the US and its allies adopting Huawei kit generating more heat than light, I think perhaps it’s time to don my mathematician’s hat and take a look at what could and couldn’t really be at stake here.  Who could be spying on us, and how?

Much of the commentary on this is on the level of legislating the value of pi.  That is to say, a fundamental conflict with basic laws of nature.  At the heart of this is Trump’s ranting about China spying on us: the idea that a 5g router (or any other infrastructure component) could spy on his intelligence services’ communications is on the level of worrying about catching cold from reading my blog because I sneezed while writing it.

At least, a router acting on its own.  A router in collaboration with other agents could plausibly be a different story, but more on that later.

To set the scene, I can recommend Sky’s historical perspective: Huawei’s 5G network could be used for spying – while the West is asleep at the wheel.  This looks back to the era of British domination of the world’s communications infrastructure, and how we successfully used that to eavesdrop German wartime communications.  It also traces the British company involved, which was bought by Vodafone in 2012.

Taking his lesson from history, Sky’s correspondent concludes that if the Brits and the Americans could do it (the latter a longstanding conspiracy theory more recently supported by the Snowden leaks[1]), then so could the Chinese.  Of Huawei (a private company), he says:

[founder] Ren Zhengfei … has said his firm does not spy for China, and that he would not help China spy on someone even if required by Chinese law.

Personally, I’m inclined to believe him.

But it may also be a promise he is unable to keep, even if he wants to. The state comes before everything.

which might just be plausible, with the proviso that it would risk destroying China’s world-leading company and a powerhouse of its economy.

But the historical analogy misses one crucial difference in the modern world.  Modern encryption.  Maths that emerged (despite the US government’s strenuous efforts to suppress it) around the 1980s, and continues to evolve, while also being routinely used online, ensures that traffic passing through Huawei-supplied infrastructure carries exactly zero information of the kind historically used to decrypt cyphers, such as (famously) the Enigma.  Encryption absolutely defeats the prospect of China doing what Britain and America did.  And – particularly since Snowden[1] – encryption is increasingly widely deployed, even for data whose security is of very little concern, such as a blog at wordpress.org.

Unless of course the encryption is compromised elsewhere.  The spy in your ‘puter or ‘phone.  Or the fake certificate that enables an imposter to impersonate a trusted website or correspondent.  These are real dangers, but none of them is under Huawei’s (let alone the Chinese government’s) control or influence.

Looking at it another way, there’s a very good reason your online banking uses HTTPS – the encrypted version of HTTP.  It’s what protects you from criminals listening in and stealing your data, and gaining access to your account.  The provenance of the network infrastructure is irrelevant: the risk you need to protect against is that there is any compromised component between you and your bank.  Which is exactly what encryption does.

So why is the US government attacking Huawei so vigorously, not merely banning its use there but also threatening its allies with sanctions?  I can see two plausible explanations:

  1. Pure protectionism.  Against the first major Chinese technology company to be not merely competitive with but significantly ahead of its Western competitors in a field.  And against the competitive threat of 5G rollout giving Europe and Asia a big edge over the US.
  2. The US intelligence agencies’ own spying on us.

OK, having mooted (2), it’s time to return to my earlier remark about the possibility of a router collaborating with another agent in spying with us.  The spy in your ‘puter or ‘phone.  There’s nothing new about malware (viruses, etc) that spy on you: for example, they might seek to log keypresses to steal your passwords (this is why financial institutions routinely make you enter some part of your credentials using mouse and menus rather than from the keyboard – it makes it much harder for malware to capture them).  Or alternatively, an application (like a mailer, web browser, video/audio communication software, etc) encrypts but inserts the spy’s key alongside the legitimate users’ keys: this is essentially what the Australian government legislated for to spy on its own citizens.

But such malware, even when installed successfully and without your knowledge, has a problem of its own.  How to “phone home” its information without being detected?  If it makes an IP connection to a machine controlled by the attacker, that becomes obviously suspicious to a range of tools in a techie’s toolkit.  Or for non-techie users, your antivirus software (unless that is itself a spy).  So it’ll have a pretty limited lifetime before it gets busted.  Alternatively, if it ‘phones home’ low-level data without IP information (that’ll look like random line noise to IP tools if they notice it at all), the network’s routers have nowhere to send it, and will just drop it.

This smuggling of illicit or compromised data to a clandestine listener is where a malicious router might conceivably play a role.  But for that to happen, the attacker needs a primary agent: that spy in your ‘puter or ‘phone.  If anyone’s intelligence service has spyware from a hostile power, they have an altogether more serious problem than a router that’ll carry or even clone its data.

And who could install that spy?  Answer: the producers of your hardware or software.  Companies like Microsoft, Apple, Google and Facebook have software installed on most ‘puters and ‘phones.  Some of that is P2P communications software like Microsoft’s skype or Facebook’s whatsapp, that should be prime vehicles for Aussie-style targeted espionage.  If anyone is in a position to spy on us and could benefit from the cooperation of routers to remain undetected, it’s the government who could lean on those companies to do its bidding.  I’m sure the companies aren’t happy about it, but as the Sky journalist said of Huawei, it may also be a promise he is unable to keep, even if he wants to. The state comes before everything”.

China’s presence in any of those markets is a tiny fraction of what the US has.  Could it be that the NSA made Huawei an offer they couldn’t refuse, but they did refuse and the US reaction is the penalty for that?  It’s not totally far-fetched: there’s precedent with the US government’s treatment of Kaspersky.

And it would certainly be consistent with the US government’s high-pressure bullying of its allies.  The alternative explanation to pure protectionism is that they don’t want us to install equipment without NSA spyware!  The current disinformation campaign reminds me of nothing so much as Bush&Blair’s efforts to discredit Hans Blix’s team ahead of the Iraq invasion.

[1] I’m inclined to believe the Snowden leaks.  But I’m well aware that anything that looks like Intelligence information might also be disinformation, and my inclination to believe it would then hint at disinformation targeted at people like me.  So I’ll avoid rash assumptions one way or t’other.  Snowden’s leaks support a conspiracy theory, but don’t prove it.

Advertisements

Echoes

Now transcriptions of Trump’s inaugural speech are available, I can confirm the historic echo I thought I heard.

We are one nation – and their pain is our pain. Their dreams are our dreams; and their success will be our success. We share one heart, one home, and one glorious destiny.

Wow!  That is surely too close to be pure coincidence.  His own words, or a speechwriter?

One people, one nation, one leader.

But will he do as well as his role model in rebuilding his country’s infrastructure and industries?  History tells us where that eventually leads.

Two-way nightmare

Everyone is talking about today’s big question.  So let’s join them.

Whether Obama or McCain is the next US president is not my concern.  I don’t get a vote.  I’m pretty sure that either of them will be an improvement on the present incumbent, but that’s scarcely a vote of confidence.  I shall judge the winner by his actions in office.

One note: I think if Obama wins, he’ll be a disappointment in a couple of years.  That’s not a reflection on him: rather it’s about the weight of expectations amongst his supporters.  McCain carries no such burden of inflated expectations, and could therefore be less of a rollercoaster.

What frightens me is that both candidates carry a nightmare scenario.  In McCain’s case it’s painfully obvious: at his age, there must be an above-average risk he doesn’t manage the full four years, and that woman [shudder] in the top job really doesn’t bear thinking about.

Obama’s nightmare is surprisingly similar.  His age isn’t an issue, but the US has more than its fair share of both nutcases and guns.  One nutcase with a gun who sees a n***** in the top job as the ultimate outrage gets lucky, and … .  Someone joked that the reason he picked Biden as a running mate must’ve been to scare would-be assassins off, but wouldn’t that imply a level of rationality?  Well, maybe Dubya survived because the alternative was worse.

We should know the winner tonight.  But no matter who wins, a nightmare will be lurking.

King Canute takes a step back

Just a fortnight ago I wrote “Losing money and glad of it“, following the Lehmans collapse.  Bizarrely, my holdings survived the next couple of days big falls intact.  That’s now corrected itself firmly downwards, despite the fact I was able to sell my banking shares at a small profit on Sept 19th (and a very substantial profit compared to their value this morning)!

In the intervening time, my optimism over the powers-that-be’s stomach for doing the right thing has taken about as much of a battering as dodgy banks around the world, including the four(?) that collapsed in a single day yesterday.  More scapegoating (short-sellers are parasites but they didn’t cause this mess), and more throwing money, King Canute style, into the system on a breathtaking scale.  Our own government and most of the chattering classes are still wedded to the principle of keep on trying the same failed policies and hope the problem goes away.

Hint: the original problem was too much money.  Throwing ever more money at it will do us as much good as the same policy in Zimbabwe does for its economic collapse.  The Northern Rock bailout bought our surviving banks a year or so before reality crept up on them again, at a terrible price (the tangible market distortion is probably more damaging than the taxpayer losses).  Bear Stearns bought the ‘merkins a few months.  Fannie and Freddie were even bigger, but bought only a few days.

But some of the ‘merkin legislators appear to be quicker on the uptake than ours.  They’re still throwing money at it, but in formulating the Paulson bailout, they’ve started talking about something other than blind, reactive panic.  And in rejecting that, they’ve taken another step forwards from “we must do something – never mind what – at any price“.  Perhaps it’s an admission from those who have an economic clue (Ron Paul keeps getting mentioned) that the bailout now would’ve been lucky to buy good news for long enough even to get through the US presidential election.

The Lehman non-bailout may have been the first step from King Canute denial to facing the storm so we can come through to the other side[1].  The Paulson plan and its rejection are further positive steps.  Eventually – one might venture to hope – it’ll pick up a firm direction, and sweep up our own spineless legislators in its wake.  The [Obama|McCain] presidency will be interesting times.

[1] Unlike the ecological destruction we’re causing, there is another side of economic recession to come through to.  Unless we really do succeed in driving the entire productive economy abroad, by taxing them ever more to prop up house prices (and now banks too).

Losing money, and glad of it

Today’s news about Lehman Brothers seems likely to hit stock markets hard enough to send my portfolio firmly into the red.  No, I don’t have stock in or near Lehman or its peers, but the expectation is that there will be substantial collateral damage throughout the world’s stockmarkets, including those stocks I do hold.

Why am I happy to make such losses?

Well for one thing, there’s no reason they should be sustained.  They won’t vanish as quickly as the surreal gains that followed news of the fannie/freddie bailouts (gains of 10-15% in UK bank shares on Monday didn’t even last the week).  But neither do they reflect on the fundamental value of unconnected businesses.

More importantly, the end of the bottomless taxpayer purse is long overdue.  The US allowing Lehman to fail is moving on from its King Canute phase to face reality (and so close to an election, they must expect it to be popular – or at least less unpopular than another bailout).  The UK is showing signs of doing likewise, with Mervyn King reportedly taking a stand against throwing ever more taxpayers money into the black hole of housing.  In the meantime both countries have suffered huge losses, but better late than never.

This weekend seems to bring us much closer to drawing a line under “housing rescue” schemes that serve only to prolong the pain.  The Vested Interests can stop talking the market up[1], and start telling vendors to drop 60% from peak prices if they’re serious about selling.  When a £200K house has fallen to £80K we’ll be back to something like the long-term average in terms of income multiples.  Then I’ll be able to afford a house, and those stockmarket losses will cease to matter.

[1] Mainstream predictions – coming from vested interests – started this year at about +1%, moved to -10% in six months, and are now moving to -25% and more amongst those who need buyers as well as sellers.  All in an effort to convince people like me to start buying at prices that are still a long way above their long-term trend, in the expectation they won’t fall very much further.

Enron Accounting

When Enron collapsed, we heard the trouble was with off-balance-sheet liabilities that had been hidden.  Today, Fannie Mae and Freddie Mac are revealed as the same thing: off-balance-sheet liabilities.  Only this time, it’s government doing it.

When Enron collapsed, a few Enron executive faced criminal charges, but the main casualty was their auditors, Arthur Anderson.  So who is going to face charges this time?

/me declines to mention Northern Rock or Bradford&Bingley.

the ‘merkin hot topic

Since my visit to the US coincides with a somewhat interesting time in US politics, perhaps I should join half the rest of the world in commenting on it.  Like everyone else, I speak from ignorance on the subject.

The US, in common with most other countries, has a political system that ensures that only a crook can attain high office. But some of them are clearly worse than others. And among the current crop may be a glimmer of hope that 20 years of near-unmitigated evil might change. An evil that contrasts strangely with a country that produces so many great people, not to mention corporations that have behaved – on average – significantly better than their European counterparts, in terms of treating me fairly through my years of IT contract work.

Who will win? Who can say, but McCain is looking good. The republicans have selected their (obviously) most electable candidate: one who is not a religious loony or moral fundamentalist, but who appears to have a clue about the economy and environment. By contrast, the democrats appear to have shot themselves in the foot. Not because they still have two candidates – that’s just how things are. But disenfranchising some states must surely be seen as a slap in the face to those states. If Florida democrats can’t get motivated to vote, then McCain surely won’t need any voting irregularities or hanging/pregnant chavs (or whatever they were called) to win there.

Do I care for the democrat candidates? Not very much, though I know too little to pass informed comment. Clinton rides her husband’s relative popularity, but Bill Clinton’s years were .. well, the best one can really say is Not Bush. His was the time of unprecedented economic imperialism, the rise of the patent troll, and record growth of state-sanctioned piracy. While he didn’t invade Iraq, he did maintain a steady amount of bombing on them, and on whomsoever else he took against. It was he who turned a blind eye when Netanyahu tore up the 1993 middle-east peace agreement. And he set the stage for Dubya’s open abandonment of his country’s international treaties, and the notion of international law being determined by anything other than raw power.

As for Obama? All I know about him is that he has great charisma and rhetoric, which makes him potentially the most dangerous of all. If Dubya could, at a stroke, abolish the 20th century’s Land of the Free and attract widespread support for doing so, a man with Obama’s charisma could – if he chooses – command wide support for worldwide atrocities on a scale to make events like the Holocaust and the Inquisition look like childs play. I’m not suggesting that he will do any such thing, but the precedents are worrying.

Could any of them become a great leader, and tackle very necessary things that involve taking an economic hit? In particular, winding down America’s pollution and armaments exports, and taking an international lead there? A recipe for, erm, saving the world, might include Obama’s charisma with McCain’s establishment credentials, along with qualities that would rule a candidate out of any chance of getting nominated. I expect we’ll see incremental improvements, but anything substantial would take real courage and leadership.

Well, I don’t get to make that choice. But on the positive side, it may not be such a clear and dismal case of none-of-the-above as in recent US elections. Or indeed UK ones.

Don’t Panic!

The Fed. today joins the US government and much of the financial sector in complete panic mode. They feel the need to print themselves more money since their housing bubble (or should I say pyramid scheme?) collapsed. Like the last desperate gamble in a Hollywood epic, it may even work – subject to suitably adjusted expectations. The losers will be those who didn’t benefit from the bubble, but did expect to benefit from their own prudence.

The UK authorities panicked when they threw unlimited billions into Northern Rock. Just a few short months later, they’re into damage limitation, where damage dwarfs the bailouts of lame-duck heavy industries in the 1970s. And the only reason the government is getting off so lightly in the blame game is that too many people – including opposition politicians – supported the intervention that created the problem in the first place. They, and their paymasters, were panicking too.

I have a suspicion that Mervyn King, governor of the Bank of England, would have done a much better job if he hadn’t been put under political pressure to throw good money after bad. We’ve already committed to the biggest round of inflation for a generation: let’s hope he can resist the pressure to make it far, far worse than it already is. His current speech sounds like a worthwhile attempt to defend against the worst of it.


p.s. yes of course Northern Rock should have been allowed to go bust! That would have triggered an automatic injection of public money under the depositor protection scheme, but on a less staggering scale than what has now happened. And the other institutions bidding for its assets could have done so with clarity, as opposed to trading taxpayer-funded sweeteners for political expedience, and not even really knowing who they’re dealing with.


p.p.s Another “told you so” moment, as George Soros, in an interview this morning, points out that house price inflation was driven more by excess money supply than by housing supply-and-demand.

Blackhat? Not me guv

<arreyder> niq cyberwar on going.
<arreyder> you should have participated 😛
<niq> arreyder: where?
<arreyder> I got a shell on all 15 teams webservers with a cgi exploit
<niq> hehe
<niq> BAD arreyder
<arreyder> the one I told you about a while back. I got them to set up remote access if you wanted to play
<arreyder> I didnt get root on all of them though, I didnt have time and people were not cooperating like they usually do
<niq> erm, I’d prefer NOT to be carted off to Guantanamo Bay by some spook who hadn’t been told it’s an authorised game

To give this some context, arreyder works for the state government of Iowa, USA, and has mentioned these security exercises before. He seems keen on the idea of me donning a black hat and hacking in to their machines. Now that’s fine for him. It might be fine for me if I was an accomplished cracker with access to a botnet, and maybe an IP address or two in China to cover my tracks. It might even be fine if I was an American citizen who could demand constitutional rights between being arrested and clearing up the idea that I was authorised to crack into their machines.

But I’m none of those things. I’m just a dullard who is far too scared of the consequences to hack into anyone else’s computer. Let alone a U.S.-owned computer, in the time of the Inquisition. Even if the good folks in Iowa have authorised it, the spooks at my door might not see it that way. I’d be in no position to argue with them. And given the culture of secrecy amongst spooks, there’s no guarantee arreyder and his colleagues would ever hear about it.

In the ensuing discussion, arreyder explained that the computers in question are actually at the University of Iowa rather than the state government itself, so perhaps the target addresses are not quite so sensitive. But in any case, there’s no reason to suppose I’d have penetrated the target machines any further than, or even as much as, arreyder himself.

Not the ITIN, again

I got another letter today, from the US IRS. It’s all part of the ITIN saga. This one says they’re refusing me an ITIN, because I already have one.

Well, that’s true. But, erm, I didn’t when I applied. Let’s review the chronology of it:

  1. Late February: initial application with (expensive) supporting documentation. According to their literature, I should have it within six weeks.
  2. Early May: Nine weeks after applying, I try to follow it up. They can’t find it!
  3. Later May: Apply a second time, this time in person at the US embassy in London. This one will take up to twelve weeks.
  4. Mid-August: the ITIN finally arrives, about twelve weeks after the second application.
  5. Today: Letter arrives refusing an ITIN because I already have one.

My guess is that both applications finally got processed, though now I’ve no idea which one brought me the August number, and which led to today’s rejection. I just have to hope they won’t give me any more trouble. I think my executive summary from August still stands.