Friday Squid Blogging: Giant Squid TED Talk

Interesting.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Posted on February 14, 2014 at 4:02 PM • 157 Comments

Comments

FigureitoutFebruary 14, 2014 4:40 PM

Power Analysis with Riscure:

http://dontstuffbeansupyournose.com/2014/02/11/power-analysis-with-riscure/

Understanding DMA Malware:

DAGGER has solely read-only operations to ensure stealthiness. The popular network sniff er Wireshark was not able to detect any DAGGER traffic on Linux and Windows systems. Host firewalls cannot block such traffic either. Even if anti-virus software knew DAGGER's signature it would be unable to access DAGGER's memory to apply the signature scan successfully.

Note, we determined that DAGGER still runs when we deactivated the iAMT rmware in the BIOS. It appears that the ME environment cannot be disabled entirely via any BIOS options.

We also enabled VT-d in the BIOS and we activated I/OMMU support via the kernel command line. With these additional steps we were able to prevent the Linux version of DAGGER from reading short living keystroke codes from OS memory.

http://www.stewin.org/papers/dimvap15-stewin.pdf

Nice Articles written here, AlanS posted one w/ a DIY NSA hardware implant:

http://resources.infosecinstitute.com/author/darmawan-salihun/

Two blogs by the same author, they're some nice write-ups/tutorials/etc. :

http://bioshacking.blogspot.com/

http://darmawan-salihun.blogspot.com/

AlanSFebruary 14, 2014 5:04 PM

Follow the money. One of the changes that happened post 9/11 was the privatization of the intelligence. This coincided with Bruce's "surveillance as a business model" in the private sector. The weak participation of the big tech companies in the Day We Fight Back this week was hardly surprising. They have shared business model with the NSA; in some cases a shared business. It will be hard to change.

Intelligence Contractors Give Millions to Lawmakers Overseeing Government Surveillance:

"The U.S. intelligence budget for 2013 is $52.6 billion. According to the Washington Post, "top secret spending" is divided into four main spending categories: data collection, data analysis, management, facilities and support, and data processing and exploitation. Seventy percent of the intelligence budget is used to pay private contractors."

"In total, members of the House Permanent Select Committee on Intelligence and the Senate Select Committee on Intelligence have received $3.7 million from top intelligence services contractors since January 1, 2005."

Cryptome excerpt from Bamford on the National Business Park and the Intelligence and National Security Alliance. The NBP is an area across the road from Fort Meade, where many NSA contractors have offices. INSA was "established to facilitate cooperation, information sharing, and innovation within the intelligence community" ( INSA Corporate Members--defense contractors you'd expect but also Microsoft, Dell, EMC, Oracle, EMC, VMware, Cisco, Verizon, AT&T,...):

"At the same time Hayden was building his empire within Fort Meade, he was also creating a shadow NSA: of the $60 billion going to the intelligence community, most of it -- about $42 billion, an enormous 70 percent -- was going to outside contractors. To some inside the agency, it seemed that an idea, no matter how pie-in-the-sky, regardless of its impracticality in the real world, got funded. The numbers told the story. In October 2001, the NSA had 55 contracts let out to 144 contractors. But by October 2005, the agency had 7,197 contracts and 4,388 contractors."

Revolving doors: Recent Directors and Deputy Directors of the NSA and Directors of National Intelligence (e.g. Mike McConnell, William Black, James Clapper, Michael Hayden) have also been employed by contractors (e.g. SAIC, Booz Allen Hamilton, SRA International, Detica DFI--now part of BAE Systems, Chertoff Group, etc.). Private firms play big intelligence role:

"Then there's the Washington/private-sector revolving door. Former NSA chief and director of national intelligence Mike McConnell, for example, is currently vice-chairman of Booz Allen Hamilton, and had worked for Booz Allen before his government appointments. Current salary: $1.05 million a year, considerably more than he was making as a government servant. According to public records, McConnell has made $1.8 million in the sale of stock options so far this year."

Web’s Reach Binds N.S.A. and Silicon Valley Leaders:

"When Max Kelly, the chief security officer for Facebook, left the social media company in 2010, he did not go to Google, Twitter or a similar Silicon Valley concern. Instead the man who was responsible for protecting the personal information of Facebook’s more than one billion users from outside attacks went to work for another giant institution that manages and analyzes large pools of data: the National Security Agency. Mr. Kelly’s move to the spy agency, which has not previously been reported, underscores the increasingly deep connections between Silicon Valley and the agency and the degree to which they are now in the same business. Both hunt for ways to collect, analyze and exploit large pools of data about millions of Americans. The only difference is that the N.S.A. does it for intelligence, and Silicon Valley does it to make money."

Why Silicon Valley's Top Dogs Fought Back So Feebly Against NSA Spying:

"The reluctance of Big Tech to ally too publicly with NSA critics reflects the complexity and geopolitical sensitivity of surveillance in the digital age. On one hand, American tech companies need to side with the privacy advocates to reassure their users—especially noncitizen users—that their data isn't simply being handed over to the feds. On the other, appearing too anti-establishment could make them look unpatriotic, jeopardize government contracts, and hurt their other legislative priorities, such as immigration and tax reform. And then there's the question of whether Silicon Valley really wants to stoke the fires of indignation about online privacy. It's not such a huge leap from protesting the collection of personal data by government spies to protesting similar practices by private data-miners and online advertisers."

Saul TannenbaumFebruary 14, 2014 7:00 PM

The Codesign Studio team at MIT's Center for Civic Media is organizing, hosting, participating in, and supporting several countersurveillance DiscoTechs (“Discovering Technology”) on March 1st and 2nd. A DiscoTech is a workshop for people of all skill levels to learn about a set of technologies.

At the countersurveillance DiscoTechs, we’ll focus on creating welcoming spaces where a wide range of people (not just techies and activists!) will feel welcome exploring, learning about, and sharing each others’ experiences with surveillance. At the same time, we’re inviting community organizations, technologists, developers, and designers to come to the DiscoTechs to sprint/hack on projects together. There will be speakers and workshops. We’ll dive in deep to understand surveillance tools, systems, and histories. We’ll also get hands-on with tools and approaches that can strengthen our communities’ privacy, safety, and security. We’ll break down structural inequality in surveillance regimes that disproportionately target people of color, working people, immigrants, and activists. Our goals will be to understand surveillance in everyday life, and to work hands-on with community-based organizations to strengthen countersurveillance strategies and tools.

More information here: http://codesign.mit.edu/discotechs/

Register for the DiscoTech at the MIT Media Lab here: http://antisurveillancecambridge.eventbrite.com/

Clive RobinsonFebruary 14, 2014 7:10 PM

OFF Topic :

A couple of weeks ago the economy and specificaly taxation were being discussed.

One thing brought up was "personal alowance -v- stipend" basically you get rid of welfare benifits and the eye wateringly expensive "make work" behind it and give everyone a set sum of money that would cover basic expenses (ie you could live on it if you wished). This would be paid for in two ways the first would be a flat rate of taxation on all other income earned or not and the removal of the complex tax legislation which gives hidden discounts etc to those with excess earned or unearned income. Thus making other significant savings on "revenue service" makework and eliminating several faux markets involved with "financial planning" etc.

Well other people have been thinking about it in a tangental way,

https://medium.com/editors-picks/29bab88d50

Mike the goatFebruary 15, 2014 6:58 AM

Figureitout: I find it fascinating that people still think that the x86 platform can be secured. I really wish the silicon powers that be would just say "damn the legacy crap, let's start again" and bring us something new, something RISCy and perhaps more importantly something that can be audited by mutually distrusting parties... Perhaps that is just wishful thinking....

tFebruary 15, 2014 7:39 AM

Should we care about this rather low score?

https://starttls.info/check/www.schneier.com

Results for: www.schneier.com
Mail server mail.modwest.com
Score: 43.75%

Certificate
• No remarks.
Protocol
• Supports SSLV2. More info.
• Supports SSLV3.
• Supports TLSV1.
Key exchange
• Anonymous Diffie-Hellman is accepted. This is suspectible to Man-in-the-Middle attacks.
• Key size is 2048 bits; that's good.
Cipher
• Weakest accepted cipher: 0.
• Strongest accepted cipher: 256.

FigureitoutFebruary 15, 2014 9:05 AM

Mike the goat
--Yeah someone on here, lets call him/her "Encrypted string dude" thinks he can defeat all attacks w/ encrypted page tables and write-back hashing on x86 and he's still waiting for a logical argument to point out flaws in his "perfection", which is a peripheral leaking.

If or when I get into a company that has its own fabs, I'll try to butt some heads, get all the MBAs out of engineering, etc. The engineers in the fabs now, the ball's in their court. For now, we're stuck w/ same old crap. Then we have to worry about interdiction, which is fun.

Nick PFebruary 15, 2014 9:58 AM

@ Mike the Goat

To their credit, Intel tried repeatedly:

1. Intel iAPX 432

2. i960 used in BiiN project.

3. Itanium, whose features were employed heavily by SourceT OS

So, Intel has invested millions (tens? hundreds?) in three attempts to escape legacy. Each was less radical than the next to reduce risk in market. Each offered advantages over competing designs in development and assurance. Yet, the market largely killed each one. If anything, Intel's experience illustrates that general purpose chip vendors *should not* break away from legacy. That many buyers can't rewrite legacy code for cost reasons further incentivizes this.

This leads to few potential directions: emulation, isolation, and integration. Emulation is making a better processor, but putting a special microcode layer that supports legacy instruction set. We've seen this in Crusoe and recent Loongson MIPS w/ x86 emulation. Isolation is improving ISA to better partition resources and enforce control flow integrity. I posted a ton of chips previously that are aiming for that, CHERI being one of best. Finally, integration is making better interfaces for legacy systems so that new systems can be deployed side-by-side on new chips. The new chips would have cutting edge features. The decoupling has other benefits too.

Tossing out legacy isn't going to happen except in cases where it's safe and/or cheap to do so. The lock-in of Microsoft Office, IBM mainframes, COBOL, etc. make things expensive. Hence, one of the other three approaches are necessary to improve. Yet, the fourth approach is taken more often: just re-buy licenses from the same vendor next year and say "f*** it" to real security.

Note: I also linked to those because I thought you might find them interesting reading. The i960MX and i432 architectures have interesting features that might be worth copying in a FPGA design. i960 is still commercially available, but I couldn't find any "MX" chips on eBay. (sigh) A bunch of old SGI servers with Itaniums for under $130 on eBay if I choose to experiment with its memory keys and such.

Nick PFebruary 15, 2014 10:22 AM

@ t

We shouldn't care at all. Bruce's gave his position [1] on email in the past. A tool such as PGP must be layered on email system to give it a measure of security. To that end, Bruce published his public key on this SSL-protected blog for anyone wanting to send him confidential messages. That there are also some protections in the untrusted mail server is a bonus.

[1] "I assume that email is low security and treat it that way."

MikeAFebruary 15, 2014 10:29 AM

@NickP

I'll give you i960 and probably Itanium (I'd love to get an Itanium pizza-box running VMS, but I'm living on a pension and the last I looked they were a lot more than $130), but the 432 was a pretty thorough committee-driven botch (admittedly viewed from the sidelines).

As for Legacy: I got a panic call in early 2000 from a guy who wanted help reverse-engineering his IBM1401 code (sources long gone), because IBM had finally dropped emulation. For the youngsters, that means he was running code for a machine that was discontinued in 1971.

wumpusFebruary 15, 2014 10:51 AM

http://arstechnica.com/information-technology/2014/01/arm-finally-defines-a-platform-as-it-sets-its-sights-on-the-server-room/

I would be shocked silly if security is a sufficiently high priority to actually bother to be remotely secure (security gets lip service, until you explain what is needed. I laughed myself silly when I heard what Microsoft claimed what they were doing for hdmi security*), but at least this appears to be a reasonable chance, at least for those willing to trust what comes out of the fab.

For values of "not trusting things out of the fab", things get harder. I glanced through a bunch of forth goals, but couldn't find anything meant for "security". I'd still assume that you would need things like the following:

Extremely basic CPU (although emulating something like MMIX might not be so foolish. MMIX might make a common platform for emulated systems). Stack based seems likely (except it will kill your performance if you are ready to try multiple issue or even deeper pipelining. MMIX emulation means you could grow out of your stack processor if necessary without a complete rewrite of all your software).
Language not friendly to obfuscation:
C is right out
So is object orientation
I suspect pointers would be highly limited (maybe along the lines of Fortran 77: explicit arrays?)
I haven't followed these tricks at all, is there even hope? I'd be curious what the "truecrypt audit" uses for its methodology.

* I think it was HDMI security. Some form of DRM that required channels all the way through the stack, ending on the cards. It would have dropped performance to zero if it did what they were claiming.

name.withheld.for.obvious.reasonsFebruary 15, 2014 1:48 PM

Ah, the old i960 scalar processor. I remember it well, worked on Paragon/HyperCube back in the day. Started with a single 1 X 1024 node single frame system with Mach. I went to build the VTest suite (hundreds of Mbytes of source. Touch all the source files, typed make and hit the enter key--less than 2 seconds later I had the prompt back waiting for my next wish. Too bad I'd had a falling out with the chief architect--asked him a question in a meeting that he wasn't prepared for--something to do with kernel exceptions. Really pissed him off. Oh well, on to another fire fight. Them was the days.

YeahSureFebruary 15, 2014 2:37 PM

@figureitout

Good post, thanks. For malware/privacy analysis I don't think we can ever rely on a packet analyzer or firewall that resides on a potentially infected machine although a local analyzer is fine for debugging and a local firewall is a good additional barrier to erect. When I am seeking mal-traffic I run off hubs or at least route the connection through the analyzer machine.

Anybody have horror stories about the analyzer machine being compromised in such a setup? I do follow wireshark's advice to not run as root but only as a wireshark group member.

Anybody think that traffic can still totally evade such a setup?

YeahSureFebruary 15, 2014 3:02 PM

I am trying to figure out the best approach to get a portable machine that has a minimal attack surface. No wifi, no bluetooth. Can't flash its own bios. No camera, no microphone. Or at least they can be removed or physically disconnected.

What do people think of the raspberry pi for this purpose? No bios, that's nice. But what about the proprietary GPU code? That seems like a big potential vulnerability. And why do you still need to include this GPU code if you are running headless? Suspicious.

Are there faster ARM alternatives that run general linuxes? And/or are totally open source?

What would really be nice is an intel machine with a modern processor sans all the integrated wifi, bluetooth, bios, mic, and camera functionality. And portable. Any recommendations?

BenniFebruary 15, 2014 4:49 PM

The kidnapped anti drone war activist was set free from his kidnappers who reportedly tortured him:
http://www.bbc.co.uk/news/world-asia-26198207

Now he will be able to have a funny talk with the court at Den Haag and members of the german parliament. (Remember: according to Süddeutsche Zeitung the drones are piloted from the us german base Ramstein and the targets are selected in the Africom headquaters, located at the german city Stuttgart).

BenniFebruary 15, 2014 5:36 PM

Here is a film that contains an interview of this anti drone activist. It perhaps contains parts of the story he will tell in the coming days to the politicians http://www.democracynow.org/blog/2014/2/11/watch_wounds_of_waziristan_features_anti

In some sense, these drones are similar to the terror weapon v2 used by the germans against britain. Somebody sits miles away on some knob, and the rocket comes with a speed that the victim can not really escape or defend against. The difference just seems to be that the drones are aiming very precisely for smartphones and handys, whereas the v2 had almost no aiming at all. In the film, the people tell how they are afraid by the sound of the low flying drones that turn up often at night. They also show lots of photos of killed children.


SkepticalFebruary 15, 2014 7:00 PM

More on Snowden:

http://www.nbcnews.com/news/investigations/exclusive-snowden-swiped-password-nsa-coworker

-- Details a recent letter from the NSA to the House Judiciary Committee in which it is claimed:

--- A civilian NSA employee allowed Snowden to use his PKI certificate to access NSANet and, at Snowden's request, entered his PKI password into Snowden's computer terminal, not knowing that Snowden would capture the password and then use it to continue unauthorized access. The employee has resigned as a result.

--- An individual on active duty in the US military and a defense contractor also had their access to NSA systems and spaces revoked in connection with Snowden's disclosures.

My favorite part of the story is the response from Snowden's legal team. Jesselyn Radack, one of Snowden's legal advisers, writes:

Edward Snowden stands by his denial on Jan. 23. NSA has a documented history of scapegoating innocent employees for its own failures, … manufacturing evidence against them and misleading Congress.

Snowden's "denial" is a politician's denial. It reads:

I never stole any passwords, nor did I trick an army of co-workers.

Note the careful qualifications. He doesn't deny tricking some co-workers, but rather denies tricking an entire army of co-workers.

This is similar to his non-denial denial of allegations that he took many documents having little to do with controversial surveillance programs.

And while Snowden's statements may be carefully crafted by lawyers, they're obviously intended to be misleading to the public.

Greenwald, in another show of what "advocacy journalism" really means (propaganda by any other name), wrote sarcastically There’s no reason to be the slightest bit skeptical about a memo prepared by the NSA about Snowden & intended for public release.

And sure, certain government officials have played word games too. He's correct about that. But how much credibility do those officials have with you now?

It's increasingly clear that Snowden needs his own attorney, devoted solely to his interests. While public interest attorneys and "advocacy journalists" (we used to call them columnists) and those somewhere between have their place, the interests of the cause and the interests of the individual in question do not always coincide. If Snowden wants to make additional sacrifices, that's his right, but he should be able to do so with the benefit of full information and a range of advice. At a certain point in all of this, the damage from the disclosures, and the resources/risks spent containing and adjusting to that damage, will reach a point where the US will not settle for anything less than a life sentence in a supermax. No one wins when time expires on that window.

In some ways, this aspect of the affair increasingly reminds me of the highly suggestive scene in The Spy Who Came In From The Cold, in which a family driving in a car is crushed between two colliding streetcars (symbolizing how the clash of nations, or ideologies, can destroy the individuals caught between).

That, or this is the most amazing counterintelligence operation in history. Who knows, perhaps it still can be, albeit an unsanctioned one. History frequently does not turn out like a le Carre novel.

dontforgetsnowdenhasaprotrudingadamsappletooFebruary 15, 2014 8:57 PM

Damage from Snowden's defense of ICCPR Articles 6, 17, 19 and 22: tightened constraints on US government crimes of concern to the international community leading to fewer beltway bandits sucking the federal tit.
= Net $0.00

Resources/risks spent containing and adjusting to that damage: ODNI fugitives like Clapper and Alexander taking their retirement vacations at Branson, tapping their toes to Dolly Parton's Dixie Stampede, because they're scared to step outside US borders.
= Priceless.

At this rate we will soon reach a point where the US will not settle for anything less than what fellow notorious criminal Jamie Dimon got: a big bonus and a personal private meeting and blowjob from Eric Holder.

Nick PFebruary 15, 2014 11:05 PM

@ MikeA

A VMS-compatible would be nice to play with. Cheapest way to get it is an AlphaServer with hobbyist VMS license. If I recall, though, the "INTEGRITY" branded servers are supposed to support VMS. Here's one for $129. I'd suggest double checking on VMS support before you buy. If wanting just Itanium, one can get SGI's with decent specs for a nice price. Let's you play with its security and architectural features.

Reason I bring up the i432 is it had hardware support for HLL OS code, objects, tagging, scheduling, garbage collection, etc. (IIRC) They finally got past many of the technical problems once they simplified it a bit. That was decades ago. Meanwhile, academics this decade reported they built processors to support java bytecode and garbage collection. Solid tagging was added to another in past two years. Whether entirely desirable or not, I gotta give Intel's 432 credit for being so far ahead that current work can still be compared to it. ;)

"As for Legacy: I got a panic call in early 2000 from a guy who wanted help reverse-engineering his IBM1401 code (sources long gone), because IBM had finally dropped emulation. For the youngsters, that means he was running code for a machine that was discontinued in 1971."

LOL. Despite all my IBM research recently, I had to look that one up. It was the first machine made after electromechanical systems they made. And you had to deal with legacy code made for *that*. I feel for you, man.

Nick PFebruary 15, 2014 11:20 PM

@ name.withheld

I bet a Paragon was one of your career's highlights. I've never been able to use a MPP machine. One thing caught my eye though: you sure it wasn't the *i860* you used? Intel had three competing architectures at the time: next in x86 line (386 I think), i860, and i960. The 860 and 960 were both RISC type designs. Difference was 860 was really RISC and 960 originally included many HLL type features from 432. Often described as a watered down 432. The Paragon references I saw in the past mentioned x86 and 860, not 960.

Of course, a MPP machine with i960MX's would be getting near my secure MPP/NUMA architecture designs. If the Paragon's had i960MX's, they'd be extra fun to play with for someone like me. Extra useful if still vendor supported.

BuckFebruary 15, 2014 11:55 PM

Totally off topic! Probably more aptly posted at 'Income Inequality as a Security Issue' (https://www.schneier.com/blog/archives/2014/01/income_inequali.html) but that's a few weeks stale now...

Also a possible spoiler alert for anyone who cares but has yet to see season two of "House of Cards" ;-)

Prescient story + the reasoning (Citizens United v FEC & SpeechNOW.org v FEC) that the flood gates have been officially opened for foreign campaign contributions:
http://thecable.foreignpolicy.com/posts/2014/02/11/feds_mexican_tycoon_used_super_pacs_to_influence_us_elections
... but whilst the media may try to play up the "massive size of Azano's alleged donations"... Everyone and h(is|er) dog knows that "Half a million dollars" is chump change in the real scheme of the so-called 'Super PAC's... One would surely have to be but a common commoner or a greatly misguided Mexican drug lord to make the mistake of funneling funds illegally through shell corporations vs. using any of the numerous legitimate business channels that are so readily available for big business spenders!

Mike the goatFebruary 16, 2014 12:13 AM

Nick re the i960 and other Intel attempts - I guess back then it wasn't entirely practical to appease the market who demand legacy compatibility with emulation. I think the dynamic has changed somewhat, for example Apple successfully pulled this off (in reverse, going from PPC to Intel, but anyway).

I am sad the ALPHA (although not a good example for a variety of reasons that are self evident) died. I held onto my alpha box until it just wasn't worthwhile me hanging on anymore... I guess someone has to come onto the scene and offer something *better* and less bloated than the x86 and obviously not just target it at mobile or embedded environs like MIPS and (eek) ARM.

BuckFebruary 16, 2014 12:36 AM

@Skeptical
RE: More on Snowden

Is it not interesting that we're just now hearing about these two individuals who have lost their jobs, but have yet to hear from any of the ~900 fired almost immediately after the supposed "leaks"?

Reference: https://www.schneier.com/blog/archives/2013/08/friday_squid_bl_388.html#c1620997
Also see: https://www.schneier.com/blog/archives/2013/08/nsa_increasing.html

Of course it's certainly plausible that ol' Kiethy was lyin' through his teeth here... It's also quite possible that said administrators have been set up with brand-spankin-new cushy contractor jobs, or they have been sufficiently scared into submission by the powers that be... Perhaps some of them have families to care/provide for?

Nahhh... Couldn't be! It would have to be *impossible* to keep such a large conspiracy away from the prying eyes of 'professional journalists'...

I'll admit, at the end of your post here, we're on the exact same page:

That, or this is the most amazing counterintelligence operation in history. Who knows, perhaps it still can be, albeit an unsanctioned one.
Though I'd have to ask... Unsanctioned by whom?

name.withheld.for.obvious.reasonsFebruary 16, 2014 7:23 AM

@ Nick P
Sorry to hear that your short a MPP experience...at the time we were also working pmake across multiple platforms and heterogenous loosely coupled massively parallel supercomputing. Yeah, I used to do supercomputing--now I just bitch and moan about the rehash of the old-school lessons (ask Clive).

Here is a link to a proposal that is too close to home--I know these people.

ftp://ftp.cs.cmu.edu/usr/ftp/project/pdl/SIO/Overview/OS.proposal.pdf

During my day, CM-5, S390 Clusters, Paragon (later a 2048 node single frame), and some large heterogenous clusters using OSF/AD CMU MK/AD, AIX on multiple CISC/RISC MPP's, Sun E10000 w/Solaris, and a number of never seens...dark rooms (not for processing camera film) and logged lab access (Key, badge, and signature-based access control). Didn't want anyone walking off with the tech--but--I can tell you a story involving a project called "Snow" that involved international espionage. One person was a major C-level exec that was stung by a worm that crawled right out of a hi-tech research lab...good times.

I don't know nothing about birthin' no puters Miss Scarlett!!!

Nick PFebruary 16, 2014 11:04 AM

@ Mike the Goat

We at least have Intel alternatives. The POWER7+ in particular has ridiculous specs. I think what I'm wanting is an affordable Intel alternative.

re Alpha

It was a nice architecture. Good news for you is that there's a never ending supply of cheap Alpha boxes on eBay. Supply hasn't gone away for 10 years. You could buy another one and keep replacing it cheap for years I bet.

Side note: Necula's certifying C compiler targeted Alpha. So, it seems that even younger academics like their "obsolete" Alphas.

@ name.withheld

I appreciate the paper. It's like a high level HOWTO on all kinds of MPP problems. It seems my own work reinvented x-kernel. Knowing about it would have saved me time. Getting the OS out of the way of networking reminds me of Active Messages technique I once used in Beowulf clusters. It also surprised me that they got checkpoint-without-stopping working on those things. I doubt it worked in true real-time or without any lost throughput. If it did, I'd be impressed.

The OODBMS (SHORE) work was interesting and I keep homebrewing stuff like that. Do you recall if that turned into anything that's useful today? I keep coming back to typed object stores for the language-based and tagged security systems I'm designing. I'm done with UNIX filesystem interfaces. I want an object store instead so crypto, backups, diverse storage, etc can be implemented transparently to program code. We can't let the AS/400 guys be the only success story there.

(Note: I know of, and have posted, plenty modern projects doing things like this. I'm just wanting your old school perspective on that issue.)

Bonus: Even the SGI's NUMA machines are getting dirt cheap. It's aggravating to be financially strapped and look at the specs/price of that system. It's as cheap as a beowulf cluster! The things I could do with the NUMAflex alone.

FigureitoutFebruary 16, 2014 11:19 AM

YeahSure RE: Horror stories
--I'm sure no one wants to be embarrassed telling how they got owned, or even worse they were oblivious to it...

RE: Minimal Attack Surface Machines
--Notice the crickets...You won't be able to even buy a car in the future that doesn't have bluetooth in it and of course remote shutdown that will get hacked. If you want an advanced machine w/ some advanced processing power you have a chip that more than likely has a bluetooth and wireless stack in it...As far as the RasPi, it's a fun toy for me right now, I have a lot I want to do w/ it (web server, digital radio, network analyzer, etc.). Best bet is to eBay for older computers, they are so much more fun to play w/, newer pc's don't have as many ports and components are so small you can't do any practical analysis.

Such lame advice though, you probably don't want to build an entire computer, but I like the assurance that comes w/ it (those chips still not trustworthy...bah it kills me).

//Shout out to Etienne
--Tried your Gujin bootloader, it was included in the boot package I'm using now. Still haven't done the separate DOS boot, need more USB sticks. It gave me some information but I would have to hold on "ctrl" or "pause" to hold the info, then after it would hang. More weird warnings. When I would go to the "FreeDOS" option to "resolve compatibility issues, etc." the option would disappear. The TAFT tool likewise was just hanging, so I think I need that DOS booter.

//Shout out to Clive Robinson
--You probably already know a lot of it, but saw in the latest QST, a little book review on "Wireless at War--Developments in Military and Clandestine Radio 1895-2012". I haven't read it as I have the 2014 ARRL Handbook (encyclopedia-sized) to read, there is a little preview on good ole google that gets into a little bit about Marconi's apparatus in UK. Thought you may be interested maybe.

http://books.google.com/books?id=9YFRAQAAQBAJ&pg=PT4&lpg=PT4&dq=wireless+at+war+peter+jensen&source=bl&ots=RQuBB1K2JU&sig=b6UimJ0IcOeDzxNrW34ntwpzeQc&hl=en&sa=X&ei=d-MAU9LSDKSwyQHkq4HYCg&ved=0CE4Q6AEwBQ#v=onepage&q=wireless%20at%20war%20peter%20jensen&f=false

name.withheld.for.obvious.reasonsFebruary 16, 2014 11:29 AM

@ Nick P
El scorchio, never mention the dreaded Scottish play (AS/400,OS/400). There be dragons.

OODBMS, OMG, and other open group projects have what I would call "academic" applications but has not translated well into the wide. Of note, NCS 1.5/2.0 had an interesting underlyning protocol stack--up to and including a network object model. Also little known, Kerberos has stub interfaces that allow for much in the way of point-to-point (end-point type) encapsulation. The RPC layer is very robust, but, it is not a low-level messaging kernel component. The OSF/AD was successful, in almost all respects, but was/is beyond the average systems architect. There are only a few, as you know, "architectures". Whether it is hardware, interfaces, or applications the landscape (though I do have to say the most beautiful combination I've seen is SGI's Irix on O/2 or O/3 on MIPS...excellent engineering and quality (not necessarily Irix, I'm a hardware purest).
So I would believe Kerberos in combination with DCE-RPC's, NCS 2.0, and possibly (it's architectually hard to rationalize) a CORBA type data/object broker could go a long way and easily implemented...though namespace is the issue of interwebs (IANA/ICANN).

BenniFebruary 16, 2014 11:52 AM

@Clive Robinson
This merely means that the Militärische Abschirmdienst (military protection service) and the Verfassungsschutz (service for protection of the constitution) get more money. They also write that they want information on what is exactly in the berlin embassy and who is doing what there. It is not written, how they want to find out this. Then, they write that there are considerations to regard all secret services equally as enemies. This means that they want to spy on spies of all foreign nations. They want to stop only considering russian, chinese or north korean embassies as a target to spy on. And for spying on all embassies, they need more money....

BuckFebruary 16, 2014 12:22 PM

@Clive re: Azazel
That sounds particular nasty... Especially the PCAP part! Although detection seems simple enough if one has physical access to their servers...

To remove Azazel, the best course of action is to boot into a livecd, mount your bootable hard drive, and delete the /etc/ld_preload.so file from the partition.
This of course assumes that the path has not been changed as part of the make process & more importantly, that no BIOS/HD firmware rootkit has been co-implanted...
Muchas gracias for the link! Never seen that wiki prior to now ;-)

Clive RobinsonFebruary 16, 2014 12:28 PM

OFF Topic :

Is Facebook Killing you or are you dying to use it?

There have been studies that show that there is a relationship between Facebook usage and feeling lonely. The more you use FB the less happy you are and the more lonely you feel [1]

Other studies have shown the significant effects loneliness has not just on your mental wellbeing but on your physical health and life expectancy [2]

[1] http://www.plosone.org/article/info%3Adoi%2F10.1371%2Fjournal.pone.0069841

[2] http://www.newrepublic.com/article/113176/science-loneliness-how-isolation-can-kill-you

SkepticalFebruary 16, 2014 12:29 PM

Damage from Snowden's defense of ICCPR Articles 6, 17, 19 and 22...

Why not claim that he was acting against GMO foods as well? :)


FigureitoutFebruary 16, 2014 1:24 PM

Having more success w/ HDAT2 tool, first tool to detect 80.03 GB; seems to be more targeted towards WD harddrives. Dump data from DCO is mildly interesting. Hex codes: 02 (start text) begins w/ a smiley face, how cute, about to be a frown. Then 00 00 00, 7F (delete), 00 AF (¯) F8 (ø) 50 (P) 09 (Horizontal Tab) 00 00 00 00 C8 (È) 00 14 (Device Control 4); then all zeros til the end, A5 (Yen sign) FE (þ). Probably going to wipe, encrypt, wipe again.

More likely infection remains in the RAM, hope it isn't polymorphic and jumping around or going to have to destroy DDRII card. Many more tests coming, any PC Diagnostic people out there, suggestions welcome.

Clive RobinsonFebruary 16, 2014 3:19 PM

OFF Topic :

Perhaps it's just as well obama can not stand for re-election he's made a habit of "missleading and covering up" but it appears he and others in the DoJ have been caught out commiting an outright lie and a judge has unsealed court records to show it,

https://firstlook.org/theintercept/2014/02/14/ongoing-abuse-state-secrets-privilege/

A student was put on the "No fly list" by the incompetance of an FBI agent ticking the wrong box. She was arrested at the airport humiliated and denied access to much needed medications she had with her (technicaly witholding needed medical assistance/medication by authorities by non medical personel is not just a human rights violation but recognised inernationaly as a form of tourture). Put on the flight in a distressed condition and not alowed back into the US. She took legal action and was repeatedly met with use of "State Secret Privilege" to deny her requests. Eventually the issue was forced by the judicial process and the reason "incompetant FBI agent" was reveiled.

The problem is that Obama and various DoJ seniors have repeatedly stated that the privalage is not being used to cover up "incompetance" etc. This has been repeated in court documentation so is possibly perjury...

Even if not, being "caught out" this way means that chalenging the privalage in court in future becomes a lot easier (unless of course the USG either stalls or lies via a bit of parellel construction).

Uh huh, huh huh, huh huh huh huh, huh huhFebruary 16, 2014 6:15 PM

Good question, Skep! It's true, Snowden has not yet defended the right to food in UDHR Article 25, federal and state common law, or ICESCR Article 11, which the US as signatory is bound to refrain from undermining, and which right the US acknowledges to the cognizant charter body in its Universal Periodic Reviews. Snowden's oversight means untrammeled corporatist predation by Monsanto and its corrupt US client state. Fortunately, Wikileaks has already caught Monsanto tasking its appointive DoS dogsbodies, 213.251.145.96/cable/2007/12/07PARIS4723.html

In that instance, Inglis' marching orders focused on Kompromat (You know Monsanto.) Don't know if Snowden got the goods on that. Did NSA come through? Well, they were already awfully busy cyberdumpsterdiving for Microsoft, Google, Big Tobacco, Boeing, and the oilmen. But even a clown like Alexander knows enough to feather his nest for retirement, so one must presume that he sniffed all the relevant panties.

Nick PFebruary 16, 2014 8:49 PM

@ AlanS

Notice how nothing in that list is offensive. You don't see things like NSA subverting a neutral country's ISP, spying on contract/treaty teams, automating hacking of anyone searching certain terms/websites, and so on. So, this list lies by omission of the very kinds of things that worry people.

An oversight official or judge looking at this list would come to entirely different view of what they're doing than someone who read Snowden leaks. Textbook disinformation.

Nick PFebruary 16, 2014 9:30 PM

@ name.withheld

"El scorchio, never mention the dreaded Scottish play (AS/400,OS/400). There be dragons."

Haha. It has many desirable properties yet to be duplicated by Windows, Mac, or UNIX platforms. And dragons. If you see me speak positively of AS/400, I'm not talking about the dragon den its designers maintain. I'd only copy the good parts.

re your recommendations

I appreciate them. Rather than reply, I'll just factor it into any future mental effort I put into these things. And yes I loved the SGI hardware. I always thought it was funny how Mac hardware was said to be so integrated and better than Windows. I used to show pictures and specs of SGI O2/Octanes to Mac fanboys. Their jaws always dropped esp when I showed them how SGI handled graphics subsystem and hardware. Another signature is they almost always had two motherboards in each desktop, which had a few benefits. Anyway, if you still want one they're *cheap* on ebay now.

@ YeahSure

A portable, minimal attack surface machine is going to be a custom deal imho. You must start with a secure combination of CPU, memory/IO handling, and firmware. Then, you put a trusted platform on that which enforces POLA. Then, write the applications and libraries in something like Ada with a safety-critical runtime (less bugs/code) and all checks on. Recent leaks show the peripherals' firmware should also be protected or at least your system shouldn't trust them. You can build all this with existing tech but it won't run Windows. Maybe it will emulate a Linux API but I expect compatibility breaks.

@ Clive Robinson

I appreciate the link. I think that rootkits are easy to create, maintain and hide by a *user mode process* shows that that Linux/ELF is *insecure by design*. People who have seen something approaching secure knew this. Yet, I still hear many people think that Linux has some superior architecture or security properties. Examples like that do good work on demolishing such myths and hopefully will inspire people to investigate superior approaches.

re LD PRELOAD

A link analyzing the Jynx rootkit shows this technique goes back to 2005. That article was written in 2012. If they haven't fixed the design flaw yet, then I rest my case on Linux insecurity. ;)

BuckFebruary 16, 2014 10:30 PM

@Clive re: "No fly list"

Sickening... But I'm not seeing it as a cover-up so much as I think it really sticks a fork in the point: 'Once on the list, always on the list!'

For the same reasons that no career congress(wo)man could truly support the repeal of the Patriot Act, I would suspect that any analyst/engineer/general/inspector/etc. would be absolutely crucified in front of their peers if say... Someone they were watching was determined by them to be benign, but later emerged as a threat...

This is also why I think that Bluffdale is probably the biggest load of pork-barrel bull Utah has ever seen! By the time they've worked out all the bugs, the amount (and number of forms) of digital communication will have surely exploded in size. All the while, 'suspect' traffic will be getting better and better at blending into the innocuous...

Unless, perhaps, storage is not the true intention of the facility..?

BuckFebruary 16, 2014 10:51 PM

I probably should have said: "A target they were watching..."
Certainly can't have the grunts viewing these data points as real people; as that would undoubtedly make their positions all the more personally conflicting...

Clive RobinsonFebruary 17, 2014 2:00 AM

@ Uh huh... ,

Your IP address link did not work for me for some reason, however the following link did,

http://www.cablegatesearch.net/cable.php?id=07PARIS4723&version=1292761080

Yup it's funny how the USG view on "science" and the coreponding evidence and risk evaluation appears dictated by US comercial interest, not independant scientific evaluation.

Further how they want to deny a "freemarket" choice over GM by European citizens.

It was well known that cross contamination by pollen from GM crops was an issue, raised by the litigeous nature of Monsanto themselves. Basicaly Monsanto had illegaly taken crop from farmers fields and found genetic markers they claimed ment the farmers had "stolen" Monsanto IP.... attempting to use the courts to get at farmers Monsanto basicaly shot themselves in the foot. The French legislation to make the growers of GM crop responsable legaly for the cross contamination turned the tables on Monsanto's letigeous nature. It enabled a "common law right" to farmers to receive damages from those causing them harm by what was in effect "polution" caused by the GM crops. In the same way as you would expect an organisation to be required to pay damages to people "down stream" of them, if they poluted water supplies up stream of those they harmed.

Clive RobinsonFebruary 17, 2014 2:26 AM

@ AlanS, Nick P,

The list is a scary one especialy,

    Transnational criminal threats, including illicit finance and sanctions evasion related to the other purposes named above.

Because of the "twisted mentality of Federal and other US prosecutors" of which we know of several cases.

One example being "gambaling". The US regards some forms of gambaling to be criminal activities, whilst many many other countries regard the activities as perfectly legal (this situation is similar to alcohol and certain plants like Chat in other countries ie legal in some illegal in others).

However because US citizens chose to "illegaly" cross borders electronicaly to place bets with organisations operating perfectly legaly within the juresdictions they are based, US prosecutors think it's OK to spy on these companies by any means including attacking people who quite legaly supply goods and services to these foreign organistions.

Based on that reasoning I'm currious as to why these Federal prosecuters have not gone after the "Fed" for printing US dollars and supplying them to drug cartells and other serious criminal organisations...

Oh and speaking of "money" thing about how that list item effects compeating currencies like "Bitcoin"...

Clive RobinsonFebruary 17, 2014 2:52 AM

@ Nick P,

I suspect that "fixing linux" security in this respect will never happen for the same reason that it will never be fixed in any *nix or MS OS.

The reason being not just my usuall mantra of "Efficiency -v- Security" but also due to the fact that the fundemental design principles of these OS's and the underlying hardware are "insecure". Thus security is not "built in" but "bolted on", which always ends up with "Kludge upon Kludge" and it fails under the weight of them. However there is also the esthetic issue of "When is a duck not a duck"... to make these common OSs secure the changes are sufficient to make them "not what they were", that is the behaviour is so markedly different that they change not from ugly ducklings to swans, but something more akin to a rabid dog from the users perspective.

We have seen this with the migration of 16Bit MS Windows ontop of DOS 6, to 32bit Windows ontop of NT core, the commercial need for backwards compatability gave us the kludge of the "thunking layer" and many other absurdities. All of which not only broadend the attack surface but opened up incompatability ans holes which created new attack vectors... As I've said in the past "legacy compatability drags you down" and eventually you drown in the stormy seas it creates.

Clive RobinsonFebruary 17, 2014 3:27 AM

@ Buck,

Whilst I understand what you are saying about the "no-fly list" if you step back a bit it is its self a "cover up" for bungeling errors and down right malicious attacks on people.

The problem is there is actually an incentive by all concerned not to correct mistakes for another reason "job creation and empire building". Taking people off the list is not just a potential risk of being wrong, but also a very real step towards downsizing with little or no hope of making a new career... as has oft been said "Turkeys don't vote for thanksgiving / christmass".

This is one of the major problems with "Gov Service" whilst the pay is not that good the benifits are, and the chance of being turfed out untill recently was low. Which has had the unfortunate side effect that the people who had sufficient talent / abilities to be "under paid" have now "flown the coup" leaving behind those who are effectivly overpaid for their abilities and who could thus be viewed (as some do) as the real "welfare mommers"...

So there is actually a very real personal gain factor in putting as many people as possible on the "no fly list". And there is a further career enhancing political incentive as well due to the zenophobic attitude many have to imigration foreigners are a source of cheap political point scoring. Which means no matter what harm this does to US economic security which is actually the most important part of "National Security" the no fly list is only going to keep going to cover up makework and empire building.

And US tax payers not in Gov Service should quite rightly feel sickened by this blatant theft of resources, but many won't because "contracting" is the new "Gov Service" and one of the most well oiled gravy trains there is. In fact you could say "feather bedding" has never been so good since the first warnings about the "military industrial complex".

SkepticalFebruary 17, 2014 5:59 AM


@uh huh: GMO violates a right to food eh? Certainly this is just as strong as your claim that Snowden was acting against capital punishment.

@Nick P: I don't see anything wrong with a government conducting espionage in support of treaty negotiations. That's squarely within the legitimate function of an intelligence service, in my view. I don't think commercial espionage is, and I don't think that the US engages in commercial espionage.

However, even as someone who is no fan of the Chinese government, I think the issue of commercial espionage is complicated when it comes to state-owned enterprises.

@Clive: What that poor woman went through is terrible, but The Intercept predictably gets the facts wrong in its pursuit of spin. Ultimately, there's no question that there was a mistake, and that Ibrahim suffered considerable injustice as a result. The judge describes it as Kafkaesque, and I agree with him.

But, this has little to do with the state secrets privilege, and The Intercept fumbles so many facts in its effort to needlessly exaggerate the story that one wonders whether they think fact-checking is just a silly procedure for "traditional" journalists.

(unless you want a deep dive into the facts of the case and The Intercept's misreporting, bail out now!)

Here's what happened:

- Ibrahim was interviewed by the FBI while studying for her PhD in November 2004. The FBI agent then mistakenly placed her on the No-Fly List (though he did apparently intend to have her placed on a broader watchlist)

- When Ibrahim attempted to board a flight for Malaysia in January 2005, she was denied. She was then arrested, and detained for two hours

- the government removed Ibrahim from the No-Fly List the same day she was wrongly prevented from flying (see here, the district court's opinion courtesy of The Wire, at page 16); this is not reported by The Intercept

- the TSA told her, after she was detained for hours, that she had been removed from the NFL, and helped her obtain a ticket for the following day; this is not reported by The Intercept

- she flew back the next day on her flight; this is incorrectly reported by The Intercept

- her visa was revoked while she was out of the country, in early February 2005, but was told that she could reapply; this is not reported by The Intercept, which never mentions visa issues

- sometime thereafter, she sued the city of San Francisco and its police department for false arrest (in 2009 they settled with her for $225,000); see page 27 of this opinion from the 9th Circuit (an appellate court in the US which heard Ibrahim's appeal, and ruled in her favor, after her case was initially dismissed by a lower court)

- in 2009 she reapplied for a visa to travel to the US, and was denied; this is the first time she reapplied; this is not reported by The Intercept

The Intercept reports all of this entirely as "Shaking and in tears, she was eventually allowed to board her flight to Malaysia but found herself banned from returning on the way back."

The Intercept implies that Ibrahim was wrongly on the No-Fly List for 8 years, preventing her return to the US, until the court finally forced the government to admit the mistake. But, obviously, the truth is a little more complicated. The story here doesn't need to be hyped, as it's quite terrible for the government as it is. The Intercept does so anyway, because it wants to focus on the state secrets privilege.

The government asserted the states secret privilege with respect to Ibrahim's discovery demands. Ibrahim's attorneys initially asked that the government produce, among other things, FBI call records, all documents used to determine Ibrahim's status, the No-Fly List, and other items. See page 23 of the 9th Circuit's decision.

The district court (the trial court), upon which we are all relying for the facts, upheld the government's invocation of the state secrets privilege with respect to nearly all classified information. See the district court's opinion at page 3.

The Intercept implies that the government invoked the privilege simply to protect against the admission of a mistake, and that the district court overruled it entirely, neither of which are true. The Attorney General's statement is here.

Note that the Justice Department submitted the information it sought to withhold to the judge as part of its invocation of the privilege.

Now, it may well be that Ibrahim was treated shamefully by the SFPD upon being detained. But, in another example of spin, The Intercept neglects to mention that she sued San Francisco for that wrongful treatment, and agreed to a settlement of $225,000 (see page 27 of the 9th Circuit decision linked earlier). The federal government did not defend against claims arising directly from her mistreatment on arrest, nor use the state secrets doctrine to conceal it, nor prevent her from achieving compensation for that mistreatment.

What else did The Intercept fail to mention, or misconstrue? Any number of things, but the most important:

- the reasons for the denial of her visa were held to be covered by the state secrets doctrine by the judge, and substantive information concerning it appears to have been redacted in the district court's findings

The timeline of events, and more strongly some of the judge's own comments, suggest that even if the FBI agent had correctly filled out the form, her visa may have been revoked and then denied on reapplication due to other, classified information. However, it's equally plausible that her initial inclusion on the No-Fly List resulted in errors in other databases, leading to the visa issues. We don't know at this point.

This is important, because the visa revocation and denial is what actually prevented her from returning to the United States. The judge hints that the visa decision may be predicated on grounds other than that she herself presents a threat, though the opinion is written somewhat awkwardly at points, and the inference I'm drawing is not logically compelled (though what hints are?).

The district court ordered the government to: assure Ibrahim that she is not on the No-Fly List and that any errors resulting from her placement on that No-Fly List have been corrected.

Clive RobinsonFebruary 17, 2014 6:10 AM

@ Nick P, Name.Withheld..., YeahSure,

I couldn't remember the link earlier...

There is another problem with "Old OSs" such as *nix, MS OSs and a number of others, and that is they "are in the way". Not just in terms of security but just about everything including the hardware. So much so they are now like a kidney stone stuck in the outlet of the bladder, and the solution to ease the pain and unblock the flow is the same "break them up" befor it kills the host.

The problem is known as C10M when it comes to server side services but what ails them is the OS problem, which is the root of the issue. About a year ago Robert Graham started writing up on it, and although he thought he'd have it done by know it's still a work in progress (which is an issue I have as well, there's always that extra interesting thing to research ;-)

Any way it's worth having a look at,

http://c10m.robertgraham.com/p/blog-page.html

name.withheld.for.obvious.reasonsFebruary 17, 2014 6:32 AM

@ Clive Robinson

The reason being not just my usuall mantra of "Efficiency -v- Security" but also due to the fact that the fundemental design principles of these OS's and the underlying hardware are "insecure".

--Slight humor--
I'd give you a cigar or some sort of door prize...but...I'm afraid the latest ruminations from the U.S. government is not only to continue down the road of "Worst Practices", but to institutionalize and anoint the failed strategies and players of recent past. With the focus on re-active (we need to step away from cyber security as either a lexicon or a conceptual model) I'm afraid the window to assert a more appropriate "Data, Disclosure, Information, and Knowledge Fidelity and Assurance" model will be lost.

--Light humor--
Working on the final draft of a new treaties, "Framework Usurping Cyber Kommunications" U.S. Government Standards and Practices; A Citizen Perspective"

--But seriously--
The latest take over of the public network via the DoD backdoor that is the "Framework for Improving Critical Infrastructure Cybersecurity" (FICIC) in combination with PPD 20/21, and any number of other overt federal "control freak" statues which effectively coerces the private sector into compliance thus cannibalizing an "open" Internet. Will my telecommunications provider issue me a Social Internet Security Number card and when will I be an victim of Internet Security Identity Theft? Where does the "Media Access Control Number For Life", or (MAC-NFL), go on my computer--or is that a tattoo that will be placed on my forearm?

Let the feudalism begin...

name.withheld.for.obvious.reasonsFebruary 17, 2014 6:59 AM

@ Clive Robinson

There is another problem with "Old OSs" such as *nix, MS OSs and a number of others, and that is they "are in the way".

That was the beauty of Irix and SGI--Hard and Soft ware. A singular vision (I'm not talking authoritarian but more agrarian/organic) and a detailed construction; the ground planes, cables, material, construction, efficiency, and performance all comes together--Irix crafted as part of that vision. OS/2 on PS/2, or AIX on RT might be thought of as similar in that vein. The ROMP chip-set has been around a long time, as has MIPS. I really have a hankering for a Fairchild processor right about now...

On other platform that comes to mind, HP 35/41 calculators and some of their test equipment. Back in the day when HP had pride in their product. Seamless construction with consistent and predictable performance. Boy, those were the days...now I have to inspect every delay line, noise spike, jitter, and edge or signal convergence problem as nothing is "trustworthy". My latest scope (DSO/MSO), FPGA arrays with dubious fidelity/integrity--oh, I recognize the fabs (Xilinx, one of the best) but the scope OEM may not have pure (VHDL/Verilog) intentions...

Oh, and Microsemi (formally Actel) just introduced a secure FPGA, flash firmware model/platform...layers or "interfaces" are not an answer!

Two recent incidents this past year involving a new motorized vehicle and a mid-range digital camera; the vehicle is being recalled for a "software" bug and the camera flat failed after 364 days--lens error. My suspicion is that the vehicle dealer wants the EIC data and the camera manufacturer wants a log/performance dump. Both require returning to the supplier for remedy....hum.

AutolykosFebruary 17, 2014 7:12 AM

@Clive Robinson: That SPIEGEL article you've linked seems to be mostly disinformation. What they are saying is that Germany stops considering the secret services of allied nations as "friends" and will start counterintelligence activities against them and the embassies they use as bases. But unless our services are terminally naive (sadly, this is a distinct possibility), they are probably doing that anyway. The article talks about increasing the budgets of the Verfassungsschutz (which is mainly responsible for interior affairs and civil counterintelligence) and the Militärischer Abschirmdienst (which does military counterintelligence), but does not mention the Bundesnachrichtendienst, which would be responsible for espionage on foreign governments or armies. So the article does not say or imply Germany wants to spy more on governments of allied countries.
I don't believe that (there are no friends in diplomacy, only interests), but that can't be taken from what's actually written in the article.

Also, the Star Trek Economics article was quite an interesting read. Thanks for that.

hermanFebruary 17, 2014 7:52 AM

@ Nick P:
You don't need an exploit to install a backdoor when you are running everything as root already like that bloke is doing. His example is rather frivolous. If you want your system secure, then don't run user processes as root and set SELinux to Enforcing.

Jan DoggenFebruary 17, 2014 8:41 AM

@Bruce How many of your eight arms would you have given to be in that submersible?

CallMeLateForSupperFebruary 17, 2014 8:53 AM

I feel so much safer already (not).

DHS (Department of Homeland Security) has published an RPQ for a database system that would unify individual state and local license plate reader (LPR) databases.
http://preview.tinyurl.com/q5s79ej

LPRs are a solution looking for a problem; LPR data is an output of a solution looking for a problem; a system to search LPR data across database boundaries is .... pointless. Well, on second thought, that's not true. I will re-phrase: the only point of such a system is to transfer a large amount of U.S. taxpayer dollars to a relatively a small group of enterprising civilians. It is security theatre on steroids.

Hey! DHS! Doesn't the effectiveness of this thing depend on having total data? And wouldn't acquiring total data require multiple LPRs in *every* hamlet, village, township, and city in the USA? What law will mandate the purchase and operation and data-share of all those LPRs? Who will pay for hundreds of thousands of LPRs? You guys have not thought this through.

The strictly-from-hunger nature of this program makes me feel so-o-o-o tired.

Uh huh huh huh huh huh huh huh huhFebruary 17, 2014 9:05 AM

Tell it to the African Union, which ruled that tainting or otherwise destroying foodstocks or fisheries is a breach of the right to food. That's the universal body of law the French drew on to squash your crooked government officials. Your revered government has acceded to that along with with the ICJ Statute. It's only natural that a thoroughly-indoctrinated statist is trained to think that's all crap, and that nothing matters but your domestic Gemaechtigungsgesetz. You're all trained to sneer your way to impotence and isolation.

That's why you feckless Colonel Klinks lose and lose and lose, starting with Vietnam and Cambodia. That's why Iraq ejected your cowardly star-spangled asses by denying your death squads impunity. That's why the NATO allies in Afghanistan play hot-potato with your prisoners, and why the Taliban's in charge again. That's why the southern cone broke loose and made the US the hemisphere's pariah. That's why Putin stopped your Syrian aggression dead. That's why Germany is now the world center of excellence in privacy technology and NSA is slowly going blind.

So uh huh huh huh huh huh huh huh huh huh huh huh, yeah, it is funny. You're just jumping around with your bone in your nose and your spear, and the civilized world is trying not to laugh.

SkepticalFebruary 17, 2014 10:33 AM


@uh huh: I'm not sure whether to note how silly most of your assertions are (all GMO food == tainted food! US power has declined since the early 70s!), or to simply thank you for the demonstration of "sneering your way to...isolation" with your numerous insults. :) But both are pretty far removed from the subjects at hand, so I'll refrain. If you're just trying to be provocative, I don't find over-the-top anti-anything (anti-Americanism or anything else) to be provocative or offensive, but just plain silly. All the comparisons of the US to North Korea, the name-calling, etc., are oddities that interfere with a real discussion.

The only way to allow oneself the chance of forming an accurate view of a matter is to adopt a framework of thought that is both open to different perspectives and simultaneously skeptical of them. I don't think anyone gets that balance right all of the time, but I've found that the more personally invested a person becomes in a viewpoint, the harder it is for that person to keep that balance.

Incidentally, that is one of the reasons I find efforts at "advocacy journalism" so superficial and misleading. Even if you are not, in your heart of hearts so to speak, undecided personally on a matter, striving to maintain an analytic (or journalistic) distance while describing the issue helps us to achieve that balance in numerous ways.

MikeAFebruary 17, 2014 10:45 AM

The 1401 was not "the first machine after punched-card...", but it was the machine where they got the price down to where it was a reasonable migration path. And I'm aware of SIMH, having run it also on PPC and an earlier incarnation on MIPS/Irix. But that's not why I am weighing in so late.

The 1401 installation at which I worked had some "interesting" security-related aspects. First off, it also ran some old-style "TAB" (punched card) jobs, and the plug-boards which controlled those were stored on open racks in the machine room (accessible to students or really anyone). I don't want to think about how one would audit a plug-board with hundreds, or thousands, of wires. The important disk-packs and mag-tapes were locked up, but in the same room as the extra printer-paper. The key to that room was readily available to anyone who knew where to look (staff, ex-staff, observant students), and the replacement printer-paper included the stock for checks (cheques). I'd bet there are many places today with similar physical security issues.

ich liebe doch alle, alleFebruary 17, 2014 11:13 AM

Oops I hit your patriotic kneebone with my rubber hammer, it's back to supercilious fake objectivity with passive-aggressive sillysillysillyoddity! labels squirting out, and still nary a facticule. You don't dare talk about universally-acknowledged rights and rule of law except to reflexively dismiss them. It's a perspective you are trained to recoil from. This is the characteristic product of painstaking US state indoctrination and you cannot escape it. This is why you'll never understand a rights defender like Snowden, fixate on him as you will. Article 17 is the law. US law. The UN Charter is the law. The Stasi didn't like it either but there it is.

name.withheld.for.obvious.reasonsFebruary 17, 2014 1:21 PM

Lunch in Downtown Berkeley--a chance encounter

The year, 1998; and the mid-spring air in Berkeley California was clear and crisp; it was t-shirt weather. My first trip to the UC campus and from the maps I'd reviewed while documenting my itinerary prior to arriving did little to suggest that terrain of the campus was "terraced" and angled. As an Anglo (actually native Californian), Cambridge University in England was more of what I expected--kind of flat with a city center and the surrounding campus complexes--should of done a topo overly. Arriving from the airport at SF, I expected to connect easily to the campus using BART--that kind of worked but less intuitively than say the London Underground. My first stop was to the hotel where the conference organizers managed the sessions and programs. I wanted to confirm my arrival with with the professional group, CPSR, in which I was a member and an active volunteer. Several of the group's members had previously confirmed with me their plans to be at the conference and I was looking forward to meeting with them.

My first contact would be Marsha, the chair of the organization and someone with whom I'd spent hundreds of hours on-line via e-mail or forums (before they were refashioned as blogs). Marsha relied on several members to provide technical assistance and service to other chapter representatives that had an organizational, NGO, or subject matter related interest. I worked several with several advocacy groups to assemble and compile data and documentation. It was still early in the dotcom era and several of us were establishing practices and processes for effective on-line material and programmatic development. When I caught up with Marsha I realized that she had a lot on her plate that included organizational responsibilities and topical material issues that we didn't get a lot of face time at the conference. It wasn't until the next day that we scheduled to have lunch downtown with another member, Karl, with whom I shared a quasi working relationship. That night I was really just looking forward to the IANA/ICANN TLD management session and the lunch in which I could monopolize some of Marsh time.

The day one session, though technical accurate, lacked a certain level in interest during the morning session. As with many conferences you are treated to the "introduction" portion of the session and have to wait for the subject to progress where the Q&A starts to flush out real issues. By lunch time we'd covered much of the basics and I was looking forward to lunch. Marsh decided to ask Karl to join us for lunch--cool--I'd never really had much interaction with him and was looking forward to meeting him face to face. When we met up on the hotel, Karl asked if his brother could join us--Karl said his brother was local though he was doing his graduate work at Stanford and of course Marsh would only find it natural to have four at the table. We assembled ourselves in the hotel lobby and walked to the restaurant where I figured the time I'd been planning to bend Marsha's ear was going to be interrupted by my interest in developing a deeper re-pore with Karl. Well. that's not quite how it went. As we headed downtown on foot Karl and I started to do a little "discovery". He told me he was an evangelist at Microsoft (I held back my disdain for his position) and what other interests he was pursuing. He also introduced me to his brother, Larry, and Karl detailed some of what Larry had been up to. Larry was not much of a talker--at lunch he probably provided three sentences to the conversation...oh well...more for me to talk about.

Karl's work with CSPR included nuclear armament issues; safety, proliferation, maintenance, and associated technical risks. I'd worked with him on some of these issues for the public web site. It was when he divulged his brother's graduate work at Stanford, a large scale inexpensive IDE storage array, that I became more interested in what Larry was doing as it had an application in an area I'd been working/toying with--search engines. Over lunch I cajoled Larry about his project and suggested that I might have a use for it. I'd been working on context-based web crawler at my little start-up and could see a possible use for Larry's work. During lunch I bored Larry to tears with detailed information theory that included information discover and human language search, indexing, and acquisition theories and how their integration could be used in human knowledge theory.

It was my first chance to explain the work that had been going on at DEC with their fantastic (my estimation, the best) web crawler "scooter" and their application interface "Alta Vista". During our discussion my coverage included contextual extrapolation of unbound and abstract human-readable data that might be discerned from a contextual indexing system. This conversation lasted the whole time we where at lunch...I did all the talking. On our return to the conference from our lunch meeting I mentioned to Larry that his project could be most useful for a new search engine system--one which I'd mentioned as an alternative to DEC's wonderful system. I also suggested to Larry that contextual clues, datum useful in creating contextual relationships on complex non-linear data sets could be learned (more precisely, mapped)--that users of the web site could feed-foward and feed-back information that could automate the contextual mapping of the raw search data. I said that it wasn't the crawled database that was of most value--it was what the query from the end-user could tell you. Larry didn't seem to be too impressed.

I didn't think about that lunch time encounter for quite some time, it was later, on one of my last working sessions with Karl, that I even thought about his brother Larry. You see Karl had a bit of a falling out with his brother--I believed it to be the taint from working at Microsoft that Larry developed his, not contempt, distrust of his brother. It seemed the Page boys were having an internal squabble. To this day I wonder if Larry Page remembers that lunch time meeting--I bet his brother Karl does.

SkepticalFebruary 17, 2014 1:43 PM

@name.withheld: That's a great story! I'm curious about one part. You wrote I said that it wasn't the crawled database that was of most value--it was what the query from the end-user could tell you. Larry didn't seem to be too impressed. What type of value did you mean?

@ich liebe: look, from one human being to another, I respect your views and your passion. My snark was a response to some of the rhetoric you used, not to your views. As to universally recognized rights and so forth, I'm not denying the existence of int'l law, but rather I disagree with your interpretation of it, e.g. that Snowden's leaks could be construed as a defense of ICCPR Article 6.

JacobFebruary 17, 2014 1:48 PM

I know you have mentioned the issue of hardware firmware not receiving security updates... and, that some of the NSA exploits go after these vulnerabilities. You might be interested in hearing that HP is going to start charging for their lapses in security.

Group hug!February 17, 2014 3:05 PM

Ahh, I knew you were only pulling my leg. Nowadays only out-of-touch fuddy-duddies and government lawyers deny the binding legal force of jus cogens. Any kid with half an International Baccalaureate gets it intuitively, even in the heartland of the USofA.

But if you actually know NSA, you know that NSA has been in the extrajudicial-killing racket for a long time. In fact NSA's biggest score for 'We track em, you whack em' was Martin Luther King. CINCSTRIKE, look it up, it's in the trial transcript of King Family v. Jowers on the King Foundation website, jury of your peers and all that. The pencil-necked wussies scrambled blackbirds, for chrissake.

I have a drCRACK-SPLAT! And we are proud of it, as Alexander says.

SkepticalFebruary 17, 2014 3:27 PM

@group: Legally, the so-called "targeted killing" conducted by the US in Pakistan and Yemen are likely ironclad, as the US is probably operating with the consent of the Yemeni and Pakistani governments in areas not properly controlled by those governments and is attempting to strike military targets. Whether it's a good idea either ethically or prudentially would be a long discussion. My answer is a highly qualified yes.

Clive RobinsonFebruary 17, 2014 5:22 PM

OFF Topic :

It would apear that the "The Moon" worm that is currently attacking some Linksys 'E-Series' and older N routers' is using a known bug in the old Pure Networks "Home Network Administration Protocol". According to Liksys turning of remote administration and rebooting the router clears the malware out,

http://www.theregister.co.uk/2014/02/17/linksys_vuln_confirmed_as_a_hnap1_bug/

The other issue is that many of these older routers such as the E-1000 are nolonger supported but still supplied by some ISPs that have configured them to use remote administration to make support easier...

agonized chin-scratching!February 17, 2014 5:52 PM

Wrong. Nothing about this is hard. The international community has long been on to the cheap US trick of getting some local chump to sign a chit that says, Please bomb us. The USG tried it way back when in Cambodia, got their tit caught in the international legal wringer, and wound up sacrificing the proverbial few bad apples in Nixon's EOP including him. They took the secret bombing out of his articles of impeachment once the point was made.

Murder is murder. Aggression is aggression (for aggression is what's charged in Pakistan.) You don't get off the hook just because the president gets some servile family retainer to pull whimsical legal notions out his ass. That is made clear in the elements of the crime of aggression, RC/Res.6 Annex II. Just the facts, as the old saw goes. The ironclad logic of the backwoods courts of exurban Virginny doesn't cut it.

I esteem you for not denying NSA complicity in the US government's extrajudicial killing of Martin Luther King. The US government tries hard to make that Big Lie worth your reputation: Eric Holder got his AG job for lying through his teeth about it, making himself the race traitor's race traitor, more infamous even than popeyed government rat Jesse Jackson.

And now more than ever, the stakes are high. What happens when all the bright, idealistic NSA scholars realize that all the time they thought they were blazing trails in mathematics they were dupes, helping kill dissidents here and abroad? Then Snowden is the least of your problems.

SkepticalFebruary 17, 2014 7:09 PM


@agonized: Murder is murder. Aggression is aggression (for aggression is what's charged in Pakistan.) You don't get off the hook just because the president gets some servile family retainer to pull whimsical legal notions out his ass. That is made clear in the elements of the crime of aggression, RC/Res.6 Annex II. Just the facts, as the old saw goes. The ironclad logic of the backwoods courts of exurban Virginny doesn't cut it.

There is no violation of Pakistan's sovereignty in part because the US is there with Pakistan's permission.

The US is also permitted to launch these strikes on the basis of its right of self-defense. The strikes occur in areas not controlled by the Pakistani government, and while the US has urged Pakistan to re-establish control in these areas, they have not done so. Consequently, Pakistan being unable to quell the threats itself, and as a last resort, the US is permitted to use proportional military force.

I esteem you for not denying NSA complicity in the US government's extrajudicial killing of Martin Luther King.

I thought this assertion too absurd to merit a response. We'll just have to agree to disagree on it.

FigureitoutFebruary 17, 2014 8:38 PM

Another Ultrasonic...
Clive Robinson
--Neat, one experiment I'm going to try is FFT on the audio ports of the pc's at my school, just want to see what freq it is. What's happening now is human-audible buzzing, a constant ringing initially, then any movement of pixels on the screen is a separate freq. buzzing. I've tested it so many times it couldn't be random, I initially thought it was from clicking the mouse b/c I would scroll the screen and get the noise. Believe it has to do w/ the LCD; and my ears aren't so attentive to pick out differences there lol. This is only for the newer computers though, so I guess it's just like anything else, quality declines.

Maybe I could help out w/ what would otherwise be a smorgasbord for attackers walking around the building b/c I've noted at least 2 people just walk in, put a USB stick in, out, then leave; of course looking sketchy too.

I also haven't removed the speaker on the motherboard of a pc I'm diagnosing to test some of this ultrasound comms.

AlanSFebruary 17, 2014 8:44 PM

@Skeptical

The self-defense argument is very dubious in the Pakistan context, as was pointed out by the QC who did the analysis for the UK parliament's drones group.

Because reasons!February 17, 2014 8:54 PM

Right, repeat that unsupported claim about what 'Pakistan' wants, that'll work, because nobody here will remember the Pakistan government's repeated public statements that contradict it.

Self-defense yeah right, in your dreams. You're in for a big surprise when the ICJ tests your putative Article 51 invocation for necessity and proportionality. The US tried that whopper last time it attacked Iran, Remember? They got their head handed to them in the Case concerning Oil Platforms. ICJ voided US claims of self defense. Now what's ICJ going to do with a self-defense claim about an occupation manifestly in breach of UN Charter Chapter VII? (Feel free to search in vain for UNSC authority for use of force.) Who knows, if ICJ rules on your illegal war, maybe ICC will get into the act. Then you're in deep shit. No gay Paree for you, just Dollywood.

Another hallmark of government indoctrination: sniffing away the forensically-tested and documented facts of a legal verdict as an 'absurd assertion.' I hope they're paying you at least SES grade for that blind, fanatical faith in your government's probity despite the overwhelming weight of contrary evidence. You're a damn good German.

Don't take this the wrong way, but that was a delusional post. No connection with reality, none. North Korea's dips can do better than that. But then that's why they kick US ass in the UPR, they're more in touch in with reality.

FigureitoutFebruary 17, 2014 9:01 PM

Clive Robinson
--Ah, wanted to ask. I also hear a freq. noise whenever I plug in my phone charger; other chargers too. Could just be regular operation, power supply, cheap components; but wouldn't an ideal bug blurt out when the phone is attached to the charger and have no power constraints? The receivers are close too, w/in 100-200 feet.

FigureitoutFebruary 17, 2014 11:17 PM

Ok, one more radio thing, RFcat:

@Signed, flashed RfCat USB Radio Dongle (based on Chipcon CC1111EMK-868-900), making the opacity of Proprietary protocols into transparency and capacity for attack

Capable of transmitting/receiving/snooping/SpectrumAnalysis on frequencies between 300-928MHz and more (officially 315, 433, 868, 915MHz ranges, but we’ve seen more than that) using modulations 2FSK, GFSK, MSK, ASK, and OOK and baud rates 0 – 250kbaud

http://leetupload.com/blagosphere/index.php/2014/02/16/you-know-how-to-send-my-signal-setting-up-rfcat-from-scratch/

http://grrcon.com/rfcat/

And link from first one, hacking garage door openers:

http://andrewmohawk.com/2012/09/06/hacking-fixed-key-remotes/

Only one thing remains to be said:

ヽ༼ຈل͜ຈ༽ノ raise your dongers ヽ༼ຈل͜ຈ༽ノ

Aaaaaannnd I'm exiting the thread lol.

yesmeFebruary 18, 2014 1:38 AM

Talking about the SGI systems, I agree, the Indy and O2 were beautiful machines and well thought about. The accessibility of hardware components was very good. But they still used a *nix derivate, called IRIX, with all of *nix habbits.

The only OS that I can think of that really tried to solve the issues of *nix was plan9. Plan9 was the successor of UNIX, designed by the same people who designed UNIX at Bell Labs: Dennis Ritchie, Ken Thompson and Rob Pike. And because it was the successor of UNIX it wasn't compatible with it. They rethought everything. And the result is a very compact hybrid kernel with all the drivers operating as 9p filesystems. They even used a special version of C. One that didn't suck. And the network stack... It's a shame that even today we live with things like NFS, Samba and OpenSSH. 9P had it all. Serious, it is good.

Thinking about secure systems, plan9 was the answer IMO. Not because it had all the bells and whistles, but because it was small and simple. Too bad it didn't gain the popularity that it deserved.

Mike the goatFebruary 18, 2014 7:11 AM

yesme: it is a real shame that plan9 is dead in the water. I even liked their ideas for their windowing system. The authors of Wayland should be looking to plan9 for inspiration.

Well - you could argue that the whole x11 is an asset and not a bloat holding back in particular desktop *nix. I know apple ditched the idea and it seems the Linux distros are putting all their effort into Wayland so I don't know.

SkepticalFebruary 18, 2014 7:35 AM


@AlanS: The self-defense argument is very dubious in the Pakistan context, as was pointed out by the QC who did the analysis for the UK parliament's drones group.

I'd be happy to read the analysis. International law is vague enough on the question that it's not an easy one, and perhaps not one with a determined answer. Those who think these strikes to be illegal commonly argue that int'l law requires that the US first attempt to effect an arrest of the individual(s) targeted, and that if this is not possible, then additional force may be used. They also argue that military force in self-defense requires an imminent threat, such that response by force is the only alternative to simply bearing the imminent attack.

In my personal view, though, the self-defense argument is quite strong. The US obviously can't effect an arrest in the FATA, and it's an area over which Pakistan does not exert control, so neither can the Pakistani government effect an arrest. The "imminent attack" criterion derives from the early 19th century, and while it once may have been useful, it does not fit well with the realities of contemporary warfare.

@Because: Right, repeat that unsupported claim about what 'Pakistan' wants, that'll work, because nobody here will remember the Pakistan government's repeated public statements that contradict it.

Evidence: 11. (C) Malik suggested we hold off alleged Predator attacks until after the Bajaur operation. The PM brushed aside Rehman,s remarks and said "I don,t care if they do it as long as they get the right people. We,ll protest in the National Assembly and then ignore it." From a 2008 leaked State Department cable detailing a meeting with the Pakistani government, via The Guardian

Has Pakistan changed its mind since then? Possibly. It's difficult to say. But, in any case, the right of self-defense applies.

The US tried that whopper last time it attacked Iran, Remember? They got their head handed to them in the Case concerning Oil Platforms. ICJ voided US claims of self defense.

I have no idea what that has to do with this. Very different events.

Now what's ICJ going to do with a self-defense claim about an occupation manifestly in breach of UN Charter Chapter VII? (Feel free to search in vain for UNSC authority for use of force.)

Again no idea what you're talking about here. NATO forces are in Afghanistan with the permission of its government, currently.

Knott WhittingleyFebruary 18, 2014 7:45 AM

One of the Snowden docs in the new article at The Intercept is a version of the "Psychology: A New Kind of SIGDEV" presentation (which we've seen most of before) that doesn't redact pp 33 & 34, about ANTICRISISGIRL showing who's accessing Wikileaks.

The other is an article from the NSA's top secret wiki about specific rules for targeting, "incidental" collection, reportable incidents, etc., with some interesting examples. E.g., they're noncommittal about whether Wikileaks or PirateBay is a foreign menace that justifies NOT filtering out US person accesses at all.

quartile 2February 18, 2014 9:42 AM

Oh, I see. Because in your totalitarian patriot fantasy world, the designated US agent is identical to Pakistan. Noncompliant institutions of the government are irrelevant crap. The population is irrelevant crap. This showcases your ill-concealed contempt for human rights and universal-jurisdiction law. The Human Rights Committee will be inquiring about this sort of doctrine next month, the Committee Against Torture, this fall. Were you ever to set foot in a forum like that to speechify, you would be like a puppy in the woodchipper. You would never know what hit you, but you'd spray out in dauntless Dunning-Kruger certitude.

You don't get the body of law that bears on Article 51 because you never look at it, you just parrot the slogans you hear in the US hermit kingdom. You dismiss everything with a derp and a shrug if it gets in the way of your slogans. Take this permission-of-the-government nonsense. Like your puppet government is going to get you off the hook. When more and more of the flunkies who gave you 'permission' are being tried for genocide and war crimes. At what institution of higher learning do they inculcate such habits of mind?
...No wait, lemme guess: GOODNIGHT, BITCH! Takes you back? Amiright?

yesmeFebruary 18, 2014 9:55 AM

@Mike the goat,

I agree with your opinion and think that Wayland is heading in the right direction.

I only wished the same happened on the networking stack.

YeahSureFebruary 18, 2014 10:12 AM

Thanks for the replies. I think a lot of the hard core techies on this blog are hardware people. I understand the theoretical desirability of the custom solutions you suggest but they are not practical for me to pursue. Since I am not going for a custom solution and since I am not giving up computers totally -- although believe me I am not upping my involvement with social media, mobile devices or internet of things -- I just want to minimize my personal attack surface with what equipment is at hand.

Really anything that accepts millions of connections is pretty much screwed already. Anything cloud centric is hopeless. I just want a little space where I can pursue my ideas without feeling violated.

@Simon I tried Black and Decker as you suggested but my jigsaw doesn't support USB 3.0 :P

name.withheld.for.obvious.reasonsFebruary 18, 2014 10:30 AM

@ Skeptical

What type of value did you mean?

From my story:

"I mentioned to Larry that his project could be most useful for a new search engine system--one which I'd mentioned as an alternative to DEC's wonderful system. I also suggested to Larry that contextual clues, datum useful in creating contextual relationships on complex non-linear data sets could be learned (more precisely, mapped)--that users of the web site could feed-foward and feed-back information that could automate the contextual mapping of the raw search data."

Which essentially translates into a useful feature available to a search engine that could successfully derive contextual relevant results for information published on index-able Internet sites. A simple example is a query against a search engine using the following term(s):

"truck driver"

As a noun; describes a person, or describes a piece of computational code that supports an application, or describes a job or task the influences some outcome, or...

In other words, derivative forms of expressions that share common or similar lexical, taxonomic, and/or etymology roots (or terms) may often represent a non-linear branch of human readable expression(s) as a priori by way of cellular automa.

A lot of theory, in my estimation Noam Chomosky's work at MIT in the late 1960's "Deep Structure" is seminal in linguistic processing. Especially when considered within the context of Artificial Intelligence (AI).

Of course one could argue that there really is only one known form of intelligence--and that is artificial. SETI is relevant in the search for intelligence on this planet.

SkepticalFebruary 18, 2014 10:31 AM

@quartile: You don't get the body of law that bears on Article 51 because you never look at it, you just parrot the slogans you hear in the US hermit kingdom.

Always eager to read a new perspective quartile. Why don't you explain to me self-defense doctrine in international law?

Nick PFebruary 18, 2014 12:20 PM

@ yesme, mike the goat

re Plan 9

It was just GPLed a few days ago for some uses according to Reddit. Other uses are still covered by their LPL license.

@ yeahsure

You could get one of those Chinese Loongson-based netbooks like Stallman has. Their processor, firmware and OS are open that I recall. You can customize them from there. You might also make your main PC a tiny Linux machine with open firmware put in. Then, follow Linux hardening practices. So, not entirely hopeless. It's just that mainstream stuff is (a) inherently insecure in software designs, (b) contains closed proprietary code at some level, or (c) both. Sets a certain limit on what COTS can provide you.

@ Clive Robinson

"A fine example of a journalist that realy does not know what they are talking about (proposed phone kill switch),"

Haha what about it has you rolling your eyes (besides insurance hypothesis)? I actually think the journalist didn't do that bad. The first two points are good:

1. Most crooks wouldn't be interested in using a kill switch. They'd rather control the phone. (Incentives.)

2. The "kill" can be made temporary. (Products already exist with this property.)

At this point, someone could counter with a claim that he's advocating DRM-style technology. These have often caused users plenty of problems. Service providers might not want to get into that kind of thing past regular carrier locks.

I also think that cellphone kill switches would overburden service providers or phone makers. The phone makers would likely push the support costs for disabled phones onto service providers. They'd be reactivating people's phones for them all the time, most probably *not* stolen. It would be a large cost that they'd have to pass onto consumers. They'd rather not do that.

The best place for a kill switch is the place where it's already selling: the enterprise. They have information to protect, policies to enforce, and compromises to make on mobile use. Mobile platform security solutions that also include a remote wipe or deactivation are desirable. They will probably be bypassable by higher end attackers, though. If that's the threat profile, then one might also argue that the kill switch is an unreliable security measure. (Shrugs)

Note: Sabotage and ransomware are two big criminal niches I anticipate if kill switches are adopted. The ransomware people in particular will have a blast.

EDIT before post: One commenter on the site beat me to the ransomware. Then vesparado blasted him on the insurance conspiracy theory before I had a chance by pointing out they make more money on insurance when thefts *don't* happen. Lol.

name.withheld.for.obvious.reasonsFebruary 18, 2014 1:41 PM

@ Nick P
If I remember correctly, Plan 9 was offered on a Motorola 88000 platforms. And didn't 88000 turn into a PA-RISC platform. I must admit the functional spec for plan 9 was a decent treatment--modular kernel model, simple I/O and interprocess comm model, etc.

SkepticalFebruary 18, 2014 2:45 PM

@name.withheld: Thanks! I understand your point regarding the multitudinous uses of the same/similar word/phrases in different contexts, but I'm not quite sure I understand the "as a priori by way of cellular automata" point.

@Special: Interesting. Article 51 defines the doctrine of self-defense in international law? You must have a special authentic version of the Charter. The copies I can access don't define the term, but it's tough to get good information in 5eyes land. ;)

A-B-C-D-E-F-G,  H-I-J-K LMNO P February 18, 2014 5:15 PM

And now all of a sudden it's defines defines defines which nobody said - pretty sloppy, even for what's clearly meant as nyah-nyah-nyah and not rational discourse. But at least, having finally read it, you are aware that legal self defense must comport with Chapter VII as a whole. So go read that and weep for your uggabugga caveman state.

Nick PFebruary 18, 2014 5:48 PM

@ name.withheld

"And didn't 88000 turn into a PA-RISC platform."

Nah, they were created separately. Far as I recall, HP just ditched 88000 for their own architecture.

"I must admit the functional spec for plan 9 was a decent treatment"

I liked that, too. I think one of the best decisions they made was to design around a distributed architecture. The Internet, for example, is a distributed architecture. Yet, the mainstream systems use a design that maps better to a centralized client-server model. Mapping the many real-world use cases to that model creates both functional and security difficulties. The better mapping a distributed design such as Plan 9 achieves means it would've accomplished more with fewer warts had it received the level of investment UNIX did.

My main gripe with it is that it uses a file metaphor. That has so many issues it's often been ditched for object, key value, etc. architectures in modern systems. I'd use one of those, along with a secure distributed protocol (a la E language/runtime), for my design.

Bonus: my designs for physical separation of OS functions into tiny, cheap, securable computers would be much easier if the mainstream OS's were internally designed like a Plan 9. Microkernel systems such as MINIX 3 would be an improvement if they become feature rich.

SkepticalFebruary 18, 2014 6:06 PM


@ABCD: Well, okay. I've stated my reasons for thinking that US actions satisfy the requirements of self-defense. I suppose our conversation has drawn to a close. Thanks for the discussion.

valedictionFebruary 18, 2014 7:41 PM

I understand. Law student Ted Bundy would, too. He could never quite reconcile the letter of the law with the fun and excitement of torturing and murdering attractive long-haired brunettes. He also made the decision to live with the contradictions - and it worked out for him for a good long time! He had his reasons too. He had more reasons than you could shake a stick at. Nothing justifies torture, of course, just as nothing justifies aggression, but reasons sustained Ted in the last panicky hours before his execution (Watch the interview!) and they'll sustain you, come what may.

AlanSFebruary 18, 2014 9:01 PM

@Skeptical

You won't "be happy to read the analysis" because the QC's report contradicts your "personal view" that "the self-defense argument is quite strong".

AlanSFebruary 18, 2014 9:08 PM

@ Clive Robinson, Nick P

Yes, this is nothing but word games. Clapper now says that 215 surveillance is a problem of explanation. If they'd only been more open about what they were doing and why from the start hardly anyone would have gotten the least bit upset!

AlanSFebruary 18, 2014 9:16 PM

The NYT's Mayer Brown story provides yet more evidence that SCOTUS's "lack of standing" decision needs to be revisited. See also A Secret Surveillance Program Proves Challengeable in Theory Only.

Almost a year ago SCOTUS, in a 5-4 decision, decided plaintiffs in Amnesty v. Clapper didn't have standing. Alito (for the majority): "it is no surprise that respondents fail to offer any evidence that their communications have been monitored under §1881a [2008 amendment to FISA], a failure that substantially undermines their standing theory....Instead, respondents merely speculate and make assumptions about whether their communications with their foreign contacts will be acquired under §1881a."

A blogger at a company that provides security and digital forensics to law firms comments: "The U.S. government, mostly the FBI, has been coming to law firms and advising them that they had been breached by foreign governments, hackers, etc. Audiences keep asking, "How did they know?""

AlanSFebruary 18, 2014 9:26 PM

Greenwald has a new article on surveillance of Wikileaks and visitors to the Wikileaks website.

"One classified document from Government Communications Headquarters, Britain’s top spy agency, shows that GCHQ used its surveillance system to secretly monitor visitors to a WikiLeaks site. By exploiting its ability to tap into the fiber-optic cables that make up the backbone of the Internet, the agency confided to allies in 2012, it was able to collect the IP addresses of visitors in real time, as well as the search terms that visitors used to reach the site from search engines like Google."

SkepticalFebruary 19, 2014 5:37 AM

@AlanS: You won't "be happy to read the analysis" because the QC's report contradicts your "personal view" that "the self-defense argument is quite strong".

No, I'm always happy to read intelligent commentary on a subject, especially if it contradicts my views.

Here, though, the QC's argument was no surprise. As I wrote in an earlier comment:

Those who think these strikes to be illegal commonly argue that int'l law requires that the US first attempt to effect an arrest of the individual(s) targeted, and that if this is not possible, then additional force may be used. They also argue that military force in self-defense requires an imminent threat, such that response by force is the only alternative to simply bearing the imminent attack.

On pages 24-25 of her Advice, she makes precisely this argument:

The doctrine of anticipatory self-defence provides that, where the target presents an ‘imminent’ or ‘immediate’ threat, a state may strike first in self-defence. In effect, the attacking party must strike or be struck. The US government relies on a broader formulation of that principle. They cannot know, or demonstrate, that the targets of any particular drone strike present an imminent threat to US interests. In effect, they rely on intelligence and other information to argue that the targets might present an imminent threat. That broader formulation of the doctrine has not yet become a part of the consensus of international law. Indeed, to the contrary, it was the rationale advanced by Israel in order to justify a pre-emptive bombing strike on an Iraqi nuclear reactor over 30 years ago. That justification was rejected by the Security Council.

In the QC's view, the an attack is "imminent" for the purposes of the right of self-defense only if the attack is at the point of being launched and one must either "strike or be struck" in her words.

I must underscore the shoddiness of one aspect of her analysis in particular (though in my haste it's possible that I misread her).

UAV strikes are sometimes in support of a broader counterterrorism mission against groups located in the tribal areas of Pakistan or Yemen who actively prepare, and who have actually launched, attacks against the United States and its allies (such groups would include, for example, al-Qaida in the Arabian Peninsula).

Strikes on these groups are part of an ongoing pattern of conflict in those two areas.

The doctrine of anticipatory self-defense that the QC describes applies to a "first strike." Nations A and B are nominally at peace, Nation B has excellent reason to believe that Nation A is preparing to strike in the near future (but not immediately), and so Nation B hits first.

And whether that is included in the "right of self-defense" is indeed debated among international lawyers, as the QC notes, though the debate is with respect to the extent to which one can lawfully anticipate, not whether one can at all.

However and regardless, in Yemen and in Pakistan, the battle has long since been joined. The conflict is ongoing. And once a conflict is begun, one side need not wait until the other has finished preparations for yet another offensive operation before striking.

In addition to UAV strikes in support of a broader counterterrorism mission, UAV strikes are also used to support NATO and friendly forces. For example, a group of Pakistani Taliban might be in the process of moving towards the border for a raid (or moving back across the border from a raid). They're spotted, identified, confirmed, and then perhaps reduced by an air strike. As in the broader counterterrorist mission context, these strikes form part of an ongoing conflict. Anticipatory self-defense does not need to be invoked.

The QC responds to the claim that these strikes form part of ongoing conflicts with the following:

In our view, the drone strikes carried out by the CIA in Yemen and Pakistan (amongst other places) are not carried out in the context of an ‘international armed conflict’. The US is not at war with Yemen or Pakistan. The individuals who are targeted are not, therefore, ‘combatants’ and their killers are not entitled to ‘combatant immunity’.

Note the exquisite logical deafness here. The QC's argument is that:
1) The US is not at war with Pakistan or Yemen;
2) Strikes within Pakistan or Yemen could be part of a war only if the US were at war with Pakistan or Yemen;
3) Strikes within Pakistan or Yemen are therefore not part of an international armed conflict.

The QC fails to consider at all whether there can exist an international armed conflict between state and non-state actors (there can). She also fails to consider whether Pakistan or Yemen are able to exercise control in the areas where US strikes occur (they are not). So the idea that there can be an international armed conflict between non-state actors and state actors, in which non-state actors operate from regions uncontrolled by any states, is never raised by her.

And this is bizarre, as that is the most accurate description of what is occurring.

This is a remarkably weak analysis from the QC, and it does not change my view.

AlanSFebruary 19, 2014 7:45 AM

@ Skeptical

Calling her argument shoddy, weak and bizarre doesn't make it so. You don't get to be a QC by making weak, shoddy and bizarre arguments.

You write: "The QC fails to consider at all whether there can exist an international armed conflict between state and non-state actors (there can)."

No there can't. By legal definition such a thing does not exist. "International armed conflict" by definition involves conflict between two or more states. Please go read the Geneva Conventions.

SkepticalFebruary 19, 2014 9:07 AM

@AlanS: I stated my reasons for thinking the argument bizarre. You're free to disagree with those reasons, but I hardly simply called the argument "bizarre" and left it at that.

As to what constitutes an international armed conflict, that's actually not defined in the Geneva Conventions. The Geneva Conventions do state that it exists when an armed conflict occurs between two or more states, regardless of whether the states involved recognize each other as states. However the Geneva Conventions do not limit international armed conflict to such circumstances either.

The Geneva Conventions also of course makes provision for armed conflict between insurgents and government forces (or among insurgent forces), which it describes as non-international conflict when it occurs on the territory of a single state.

Interpreted strictly, this would leave unaddressed the case where a group not recognized as a state launches attacks on another state, from the ungoverned territory of still a different state, and a conflict ensues between the group and the attacked state.

To do so would make a mockery of the purpose of the law of armed conflict, which is not intended to be bound by formalities such as declarations of war or de jure recognition of statehood or whether the armed conflict occurs across or within borders.

Indeed, the Geneva Conventions intentionally use flexible terms like "armed conflict" precisely so that its provisions can be adapted to the changing circumstances of warfare. And while one can certainly argue about whether US actions in Yemen or Pakistan are justified, it is indeed bizarre to argue that they are not warfare and governed by the laws of war.

As to whether a person of legal eminence can make shoddy or bizarre arguments, I would say that history furnishes an embarrassing wealth of evidence.

AlanSFebruary 19, 2014 9:47 AM

IAC involves state actors. Claiming otherwise is just wrong. There is nothing to debate.

SkepticalFebruary 19, 2014 10:32 AM


Quite a bit of debate actually. See e.g. European Journal of International Law

Regardless of how one classifies it (international armed conflict or non-international armed conflict), military actions undertaken by the US in the ungoverned zones of Yemen and Pakistan are clearly part of an armed conflict. In both cases the armed conflict can be traced back to 9/11, for which Article V of NATO was invoked, and in response to which the UK pledged, and has followed through with, full assistance to the United States.

The QC's avoidance of that obvious fact is in part what enables her to claim that GCHQ employees could be considered accessories to murder under British law for passing information to the US for use in military strikes in those areas.

Polly wanna crackerFebruary 19, 2014 12:48 PM

Shoulda made you read Chapter VIII too. Then you would know that regional collective security arrangements are also subject to the UNSC authority of Chapter VII. And since the US invaded Afghanistan without placing its forces at the disposal of the UNSC and without UNSC authorization (read the resolution), your cherished Afghanistan invasion is an act of aggression and subsequent US and UK war crimes derive from that crime against peace, which contains within itself the accumulated evil of the whole. There's no statute of limitations, so there's plenty of time to make the US take responsibility for its internationally wrongful acts.

Now here's why you are parroting that NATO gobbledygook. US statist propaganda is frantically trying to use NATO to end-run the legal authority of the UNSC in breach of jus cogens and the supreme law of the land. That's why you never heard of Article 53.

We always know what you're going to say before you say it because your brainwashing is completely standard.

Anonymous WhingerFebruary 19, 2014 2:33 PM

Hey Polly,

Please stop morphing your "name". It makes it much harder to discern the different interleaved conversations going on, especially since you generally do not quote or name the person you're responding to, as though you and Skeptical were the only people in a thread, or the only ones who mattered.

Even when I'm trying to follow your argument, it's a pain in the ass having to guess who's who, and who's somebody else I'm not familiar with. (I'm newish around here, which makes it worse.)

SkepticalFebruary 19, 2014 2:56 PM


@Polly: Upon commencing military action in Afghanistan in October 2001, both the US and the UK invoked Article 51 and duly informed the Security Council, as required by Article 51, that they were acting pursuant to the right of self-defense. A State need not seek the endorsement of the UNSC before acting in self-defense.

The reference to the invocation of Article V by NATO was to demonstrate that the al Qaeda attack itself was viewed internationally as equivalent to an attack by another State.

By the way, based on the resurgence of AQ groups in the Middle East and North Africa, the continued need to align resources with the challenges posed by China, unrelenting pressure on the US budget, and (more speculatively) better communications security practices by AQ groups, I expect that we will see another major attack on the West in the next several years, when either Hillary Clinton or a Republican is likely to be in the White House.

Bob and Wendy Winer, chiming inFebruary 19, 2014 3:39 PM

Polly,

We for two wouldn't mind you morphing your identifier if you adhered to an easily recognizable schema, like Polly ,

e.g., "the admirably persistent Polly, making a little joke in the name field here."

"We" only object to the morphing when it actually makes it non-obvious to whether somebody new is chiming in, or what conversation it's pertinent to.

Polly wanna 7th grade reading comprehensionFebruary 19, 2014 3:51 PM

See, you don't read good, already you forgot the word 'until' in Article 51. The UNSC was seized of the matter and US forces were accordingly at the UNSC's disposal. You can't just babble self defense without knowing what you're talking about. Feel free to find me the UNSC authorization of force in Resolution 1373, take a break from making shit up. The US used force in manifest breach of the UN Charter. That's aggression. The civilized world's gonna let it slide while you bleed yourselves white chasing wogs, then, when you're ruined, they'll take some scalps. (c.f. State responsibility for internationally wrongful acts. You think you're in debt now?)

Thanks though, for the astoundingly creative and original opinion in the last para. Gee, never expected boilerplate statist threat crap straight from the professional bedwetters. The only way people can reel that off that with a straight face is if their betters keep them ignorant of any whiff of law.

Clive RobinsonFebruary 19, 2014 5:20 PM

@ Skeptical,

I realy think you do not understand what the "rules of war" are all about.

If you look back in history you will find they are around to legitamise a crime (theft etc) by another crime (oppression by violence and murder). The main point was to put a limit on what was alowable within the legitimizing process. You only have to see what Cromwell did to the Irish to see the need for this. It's also in the aggressors interest to follow them because it is likely to cause the defending troops etc surender knowing that they and their familes etc. will be treated within those rules.

Irregular troops were likewise defended in "principle" if defending their homes, familes and property. It was this get out that alowed the likes of the "Minute men" Which the US abused 200years ago when invading what is now Canada, and sadly inthe process they killed maimed and injured many people who had been born in the US and had peacefully migrated north (and had been alowed to without opposition) Some nodoubt migrated to get out of the US and it's then political climate others to join family and some for opportunity. However US troops regular and irregular contravened the rules of war in many ways including hostage taking, theft, rape, pillage, murder and wanton destruction of civilian homes.

And it's important to note that this is one of the reasons irregular troops on foreign soil are treated as either spys or criminals neither of whom are recognised and protected by the rules of war.

With the mechanisation of war and the industrialisation of war production and the advent of science the rules of war were augmented to prevent the use of "cruel or indiscriminate weapons" however WWI saw both sides break these rules with "gas attacks" but also two new forms of weapon the land mine, and aircraft as well as significant development of submarines. All for these were to effect the civilian population some causing civilian deaths.

However although there was an opportunity to augment the rules of war to cover theses the major powers chose not to. So the start of WWII started with German "lightening war" which effected civilians as much as it did miltary personel progressed through guided and robot weapons and ended with wholsale bombing of Cities to "break the will" which resulted in vast civilian deaths in fire storms and nuclear blast and uninhabitable tracts of land due to chemical and biological weapons tests.

Rather than ban the use of such weapons and tactics again the major powers chose not to, the result is what we see today Drones and cruise missiles and other supposadly "precision munitions" that can land on a dime if and only if you have the coordinates of the dime correct... usualy you don't which is how civilians get killed injured or maimed and written of as colatoral damage.

As has been pointed out provocative action on another nations teritory is considered to be either an act of war or a war crime when carried out by regular uniformed troops but a criminal act when not carried out by regular troops.

The "phoney balony" argument being put forward by the US to try and fend of criminal charges for the likes of "war crimes" is the doctorin of first strike for preventative reasons.

However there are what are sometimes called the "clear ans present danger" defences for war crimes. I suspect unless brain washed in some way juries would find it hard to see why a man hiding in a cave in eastern Afghanistan represents any kind of danger lett alone on that is clear and present to those on US soil. And if such argument is found not to meet the requirment then drone strikes are either criminal acts or war crimes.

The US and UK played "round robin intel" and constructed the dodgy dossier which was used via the ludicrous "45min" sound byte to build the preetex of war and hence the invasion of Iraq. The dodgy dossier was known to be utter rubbish by all sides however diisenting voices were either shouted down, hushed up or eliminated. We've moved on since then and it's even less likely. That a jury would swallow such hog wash.

And I suspect GWB knows as such whichis why he cancled a visit to Switzerland a year or so ago.

AlanSFebruary 19, 2014 6:03 PM

@ Skeptical

If you'd bothered to read the entire EJIL blog post you selectively quoted you'd have realized the author concurs with the statement I made in my prior post. The EJIL author writes: "The hostilities in question do not engage the armed forces of two States and are thus factually different from the quintessential international armed conflicts (which are, of course, inter-State conflicts)."

So, no, there isn't any debate because you are confused by basic legal definitions and facts. You wrote "The QC fails to consider at all whether there can exist an international armed conflict between state and non-state actors (there can)." Emphasis added. Let me repeat: you can't have an international armed conflict between a state and a non-state actor by definition.

There are different types of armed conflict defined by the GCs. International armed conflict (IAC) is defined in Article 2. It was amended in 1977 by Protocol 1. It clearly states that IAC applies to conflicts between "high contracting parties" i.e. inter-state armed conflicts. Although not of relevance here, the 1977 amendment did extend the regular definition to peoples "fighting against colonial domination and alien occupation and against racist regimes in the exercise of their right of self-determination" or what the ICRC calls "wars of national liberation". Look up the US Army's Law of Armed Conflict Deskbook or the British equivalent (which QC cites) and you'll get the inter-state definition. Or look up any of the authoritative guidance provided on this matter by the ICRC. They are all in agreement on the definition of IAC.

Firing missiles from drones at terrorists (real or supposed) in Pakistan or Yemen doesn't meet the definition of an IAC. Now it may meet the definition of "non-international armed conflict" under the GCs (which would make the killings subject to other legal requirements under international law which are themselves far from unproblematic for the US), but the point of the QC's argument, which you completely misunderstand, is that because these type of actions are not part of an IAC, the killings don't have the legal status of killings done as part of an IAC. Here is her point:

"Individuals participating in war are entitled to kill one another; they can invoke the defence of ‘combatant immunity’. Both domestic and international law recognise the status of some individuals as ‘lawful combatants’ engaged in ‘international armed conflict’. Killing an individual outside of that framework is murder. Assisting in the killing of an individual outside of that framework is assisting in the act of murder. In our view, the drone strikes carried out by the CIA in Yemen and Pakistan (amongst other places) are not carried out in the context of an ‘international armed conflict’. The US is not at war with Yemen or Pakistan. The individuals who are targeted are not, therefore, ‘combatants’ and their killers are not entitled to ‘combatant immunity’."

She then goes on to point out that because the killings aren't part of an IAC, the US government has sought to justify them under the doctrine of "anticipatory self-defence". However, in doing so the US government has had to adopt an exceptionally broad formulation of anticipatory self-defence that is not widely accepted under international law and, moreover, such broad formulations have been rejected by the Security Council and the UK government in the past. So the QC isn't avoiding any "obvious fact" in making her recommendations. She correctly points out that the legal grounds for these type of actions is very dodgy.

Knott WhittingleyFebruary 19, 2014 10:05 PM

It seems to me---inexpert non-lawyer that I am---that we have a basic and huge legal problem of applying the laws of war to undeclared wars, and a basic constitutional problem of fighting undeclared wars at all.

I'd think that any (even vaguely) originalist or strict constructionist interpretation of the Constitution would require a declaration of war by Congress before militarily attacking people in another country. Anything else would be illegal aggression, unless perhaps it was excused by some extreme exigent circumstance.

We've been undeclaredly at war with Al Quaeda for over a decade. There's been time not only to declare war, but to pass a constitutional amendment allowing such a declaration of war on a non-state actor.

We didn't do that, so it seems to me that we're operating in what is at best a legal vacuum, and I'd think pretty plainly an unconstitutional regime.

It seems to me that the situation in international law is similarly bogus. (But I'm even more inexpert on that.)

Absent a declaration of war, and absent extreme and exigent circumstances, I'd think it'd be plainly illegal for us to go around staging military attacks in, say, Pakistan or Yemen, at least without being officially invited to do so by the host country.

It may be true that those countries do not control the territories we're attacking, but I'd think we have an obligation under international law to either get very explicit permission OR make some kind of international case that This Is War, and the relevant country is hosting a warring party we have a right to attack militarily.

A big problem here is Congress punting on its obligation to either declare war, or tell the executive branch not to wage war, or change the laws and likely the Constitution to ratify this sort of regime.

My impression is that international law, especially law of war, is a big mess where lots of stuff is illegal but you can get the international community to look the other way if (a) there's a consensus that your actions are nonetheless justified, or (b) you can co-opt enough countries that nobody does anything about it.

It also seems to me that international law is sort of serious and sort of a joke, rather like professional wrestling before it became almost entirely scripted and fake. Almost everybody pays lip service to international law, but righteously appeals to national sovreignty when it's their ox that would get gored by taking international law too seriously.

The US is the kind of country that gets a lot of benefit of the doubt, at the bottom line, because for example, nobody expects us to take any and all terrorism lying down, even if war has not been declared and both national and international law are out of date.

And nobody really expects either national or international law to get sorted properly, do they?

In the US, we know that even if something is pretty plainly right, any ideological minority of substantial size is likely to block a constitutional amendment ratifying it. It's usually just too hard to get the supermajority you need to change the constitution, even if a fairly large majority recognizes a clear need to do so. And most people will let you slide for doing what's illegal and/or unconstitutional if it seems like common sense, so the normal course of action is to do illegal and even unconstitutional things that seem necessary, so long as your opposition can't get its shit together to stop you.

And likewise on the international stage. Everybody knows that undeclared wars on people in not-officially-endorsing countries are iffy at best, and what matters is whether enough people with enough power think it's (a) a good idea and (b) in their interests to stop you.

Nobody really thinks that the US has a *clear* legal right to stage drone strikes against people we're *not* officially at war with in countries we're officially *not* at war with, without explicit legal permission, do they? Everybody knows that this makes a mockery of the idea of *legality*, by both national and international law, right?

I am *not* saying that we should actually never do such things. I recognize the realpolitik of having to function in a national and international situation where the laws are goofy and conflicting, and for good and bad reasons nobody really respects anyone else's authority very much.

I just think it's important to recognize that there's a substantial theatrical component to assertions that such things are *legal* and that there's a clear rule of law that we actually respect.


SkepticalFebruary 20, 2014 6:09 AM

@AlanS: If you'd bothered to read the entire EJIL blog post you selectively quoted

I didn't quote it at all actually, much less selectively quote it.

you'd have realized the author concurs with the statement I made in my prior post. The EJIL author writes: "The hostilities in question do not engage the armed forces of two States and are thus factually different from the quintessential international armed conflicts (which are, of course, inter-State conflicts)."

No. Speaking of selective quoting, that's an excellent. example. Your quote takes one sentence from a much longer description of the debate. In context, the author wrote:

However, where it does one question that arises in all of these situations is how the distinction between international and non-international armed conflicts applies to these transnational or transborder conflicts. At one level, the distinction appears to be an imperfect fit. The hostilities in question do not engage the armed forces of two States and are thus factually different from the quintessential international armed conflicts (which are, of course, inter-State conflicts). On the other hand, though the hostilities and other acts are between a State and a non-State group they are not internal to the foreign State or to any particular State. There is, as a matter of fact, an international element to the conflict. Furthermore, both Common Article 3 and Additional Protocol II, dealing with non-international armed conflict, appear, on their face, to confine such conflicts to the territory of one Contracting Party. Common Article 3 speaks of an “armed conflict not of an international character occurring in the territory of one of the High Contracting Parties” (emphasis added) and Article 1(1) of APII refers to an armed conflict “which take[s] place in the territory of a High Contracting Party”.

And if you peruse the links that the author has provided, you will see various discussions, and references to yet other discussions, as to how to classify these conflicts (as IAC, NIAC, or neither).

Anyway, the author's actual position is that if State A is engaged in an armed conflict with Non-State Actor B in the territory of non-consenting State C, then the armed conflict ought be considered an IAC (for complicated reasons that could easily take a few threads of discussion, but in a nutshell involve the notion that a "State" is comprised of more than simply the government, so when A attacks B in the territory of C, then if C does not consent there is an IAC due to the presence of A and C, in which B is a combatant).

I'm not endorsing it, or claiming that the position supports me. My point in providing that link is that there is a lot of discussion about this issue. The question of how to classify these conflicts is an immensely complicated one, not least because the international law applicable was not specifically designed to address these conflicts.

Taken too mechanically, applying it without reference to the context of international relations in which it exists, to the purposes it is intended to fulfill, or to the gaps and ambiguities within it, one can end up with some truly bizarre conclusions that support Knott Whittingley's view of int'l law as a kind of professional wrestling.

Nonetheless, you are correct that I was wrong to characterize the QC's argument as bizarre, insofar as it implied that her reasoning was unusual in international law. What I meant, and the lack of clarity is my fault, is that the conclusions her argument leads to are bizarre from the vantage of the purpose of the law of armed conflict.

My other criticism is that her advice is frankly tendentious. For example, she frames US claims of self-defense is the worst possible way, as embracing the very broad doctrine used to justify the Iraq War. But President Obama has explicitly narrowed that doctrine, and so the rejection of the Bush doctrine that she cites does not imply a rejection of the self-defense claims made by the Obama Administration.

@Knott Whittingley: Would the AUMF not constitute the kind of Congressional authorization you're seeking?

AlanSFebruary 20, 2014 8:23 AM

@ Skeptical

Nothing you have cited supports your earlier claim that an IAC can exist between state and non-state actors. Where a conflict exists between a state and non-state actor it only becomes an IAC when it also involves inter-state conflict. And this is not the case in either Yemen or Pakistan. You are arguing the legal equivalent of the sun rises in the west.

The article you cite is part of a broader discussion about the classification of conflicts. There are new types of conflict (e.g. involving transnational non-state groups) that don't readily fit into earlier legal definitions. Now one can argue the laws need to be updated to address the new realities, or there needs to be discussion to come to some sort of consensus on how to apply the old categories to new situations, but the QC is not giving advice on what the law might be or should be; she is giving advice on what the law is and is commonly understood to mean.

Clive RobinsonFebruary 20, 2014 9:42 AM

OFF Topic :

How penetrated are you feeling today, it looks like the odds of homw users being owned is now so high it would be a miricle if you were not...

The usuall first line of defence is the home network equivalent of "your garden gate" the router, only they appear to be suffering from a whole heap of problems,

http://krebsonsecurity.com/2014/02/time-to-harden-your-hardware/

So the chances are good at the very least your default DNS is pointing to one designed to maliciously trap any financial site you might visit.

But once they own the router how long before they own the computer. Not long acording to some 96% of applications are known to be vulnerable,

http://www.net-security.org/secworld.php?id=16390

And as frequently mentioned most AV is not only well behind the curve it can be a vulnerability in it's own right along with other automated updater/patch systems...

And this is only the "low hanging fruit" criminal type malware. Which for ordinary browsing usage can be limited by a Live-CD system, providing you remember to do a power cycle reboot before doing any financial or other risk related activities. When it comes to those the average home user is not going to know how to deal with maliciuos DNS atackes in the home router so will get caught out...

And now "firmware modification" attacks on IO etc has been discussed widely of late I suspect the more switched on criminals are going to move into that area and maybe in a year or so when it's become to big an issue to ignore one or two AV companies might do something about it (but probably not...).

name.withheld.for.obvious.reasonsFebruary 20, 2014 11:50 AM

@ Knot Whittingly

A big problem here is Congress punting on its obligation to either declare war, or tell the executive branch not to wage war, or change the laws and likely the Constitution to ratify this sort of regime.

I am required to respond, though I don't argue with the corpus of your statement it is some if the detail I must address. The train of representative democracy, from a functional and not political perspective, began to come off the rails in the early 50's. It was the dogma from with DoD that set into motion the idea of perpetual war.

Eisenhower recognized what was going on internally and how the DoD was developing a political stance. DoD saw the political and civilian class as a threat. Also, the DoD understood that they need to dispell the citizenry that a "standing army" was unnecessary. Our framers knew exactly the threat, standing armies are the instruments of tyrants--well the DoD became its own tyrant--all others would be subservent to it. Just look at what the neocons drafted under the doctrine of Shock and Awe. The belief that all problems could be resolved by the pentagon. Talk about mission creep!

Nick PFebruary 20, 2014 12:45 PM

@ name.withheld

"The train of representative democracy, from a functional and not political perspective, began to come off the rails in the early 50's. "

It was actually around 1917 when the Federal Reserve was created. Giving control of our entire money supply and banking backbone to a private, for-profit corporation was the end of *real* democracy. We've seen those same organizations mess up our economy for private gain repeatedly all the way to 2008 fiasco.

Far as Pentagon, the first great warning we received was Smedley's War is a Racket. That should be required reading for Americans contemplating anything that has to do with US war machine. He gives the specific (non-patriotic) reasons for each war he led. He also breaks down the costs, shows how it benefits few, and gives sound recommendations.

Fortunately, War is a Racket is free online. :)

Knott WhittingleyFebruary 20, 2014 2:42 PM

Skeptical:

@Knott Whittingley: Would the AUMF not constitute the kind of Congressional authorization you're seeking?

I honestly don't know. The War Powers Act that it's based on is of dubious constitutionality in several ways, none of which I have firm or well-thought-out opinions on.

It seems wrong to me that we go into open-ended wars like that little police action in Vietnam, and our little adventures in Afghanistan and Iraq, and continue them for years and years without declaring war.

As I understand it (nonexpert nonlawyer that I am), the framers of the constitution wanted to keep the president from having the power to wage war absent a declaration of war from Congress, although they seem to have recognized that the president as Commander in Chief would sometimes have to respond immediately to attacks on the homeland, with Congress ratifying it later (or saying to cut it the hell out).

AIUI, there's a big weird gray area between police actions by the President and wars declared by Congress, and the War Powers Act attempts to finesse that, maybe illegitimately, and what we inormally do now---fight very long wars without ever declaring them as such---is solidly in the middle of the most constitutionally mysterious part of that very gray area.

If I thought Scalia was a non-hypocritical originalist rather than a conservative opportunist, this is the kind of thing I'd expect him to say may be the right thing to do, but unfortunately is not constitutional---and if you don't like that, you should change the Constitution. (In this case, to recognize wars on non-state actors like the "illegitimate" (faux-?)government of North Vietnam, or Al Quaeda, or the Taliban.) The Constitution should be more explicit about what is something you can be "at war" with, and which kinds of things you can war with in which ways, and who's responsible for making which decisions.

At this point, we have executive administrations and the intelligence community telling us that we're at war, and pretty much admitting that from now on, we'll always be at war. "Peacetime" is a thing of the past.

(I recently saw some right-wing politician comparing the War on Drugs to the War on Terror, saying that it's not an argument against the War on Drugs that you can never really win it, because it's like the War on Terror. That is, everybody knows that the War on Terror will go on forever, but that doesn't mean it isn't worth fighting. These days, apparently, "wars" are things that are assumed to be likely to go on forever.)

There's a very important sense in which I think that's absolutely true. (Not that I agree with that guy on drug policy, which I don't.) Terrorism will always be a continuously-morphing threat, and perhaps a continually increasing one due to increasing availability of various technologies (cyberattacks, biotechnology), etc. And a focus on "individual" and especially declared wars may conceal what's really going on in other ways. (E.g., nonstop conflict between the haves and the have-nots both within and between nations.)

But that seems to me to mean that the Constitution is a bit out of date. On any remotely originalist or strict constructionist interpretation, we're either doing something unconstitutional or we're just lost in space because the Constitution can't cope---it just doesn't have the right vocabulary.

I'm more of a "living document" kind of guy, in some sense, so that might be okay, except that even as a living document it's just wildly unclear how what we're doing is constitutional, as opposed to being "how we're winging it right now because we're lost in space."

The framers clearly never envisioned a situation where we're perpetually on a war footing, and wars are never declared, and technology trends make being secure in our homes and papers a joke, because all of our business is conducted via third parties and the government can thus look at all of it, all the time, if it can find the CPU cycles, because We're At War.

The framers had this idea that the government (1) shouldn't be all up in your business without (2) really good reasons having to do with (3) you in particular, except perhaps in cases of extreme exigency.

But now because we're always at war, there's always extreme exigency, and the government can (1) be all up in your business---e.g., noting every phone call or internet access---(3) without any particularized suspicion, (2) because We're At War.

The Constitution clearly wasn't designed for this. Either this regime is unconstitutional, or what we're doing is lost in constitutional-vs-unconstitutional space. (BTW, by "this regime" I don't mean the Obama administration---I mean the whole bipartisan National Security State thing that's been going on since at least Reagan, and pretty clearly since before Eisenhower warned about the Military-Industrial Complex.)

It seems to me, as a nonexpert Living Document kind of guy who takes the Ninth Amendment very seriously, that the Framers intended for people to generally have a modicum of substantive privacy---the government clearly does not generally have the right to know you talk to and when, unless it can make a good, not-perpetually-secret case you're a Scary Person and a likely Menace to Society. Technology trends don't matter---if we're technically exposing our bits to the phone company, that doesn't mean the government has the right to ogle our bits, any more than exposing our naughty bits to our XBox's Kinect gadget means that government agents get the right to ogle us nekkid and post the pictures on the internet. IMO, we should have reasonable expectations of privacy, i.e., we should be able to count on the government making it enforceably illegal to violate our privacy, rather than exploiting our uses of insecure technologies to say that any expectation of privacy is now unreasonable.

IMHO, on any meaningfully originalist interpretation, government simply does not have the right to spy---even a little bit, sorta kinda, by recording who they talk to when---on everyone, because it might be relevant to something they might the right to spy about. You can't just say that because you don't know it isn't relevant, it's therefore relevant. That's not just a matter of law and interpretation of "relevant" in the PATRIOT act, but the whole civil libertarian thrust of the Constitution.

Like I said, I'm more of a Living Document kind of guy than an "originalist" or "strict constructionist," but I think you have to recognize the still-beating heart of the living document, and that's civil liberties. You have to recognize that the main thrusts of the Constitution are (1) to keep government from getting all up in your individual business, and (2) to avoid excessive concentrations of necessary government power in too few hands, with too little accountability to the public.

No matter how you slice it, originalist or Living Document style, something is grossly wrong here, if we're (a) perpetually at war, and (b) using that to be all up in everyone's business all the time.

This is precisely the secrecy and concentration of power that the Constitution was largely designed to prevent. Maybe that means the Constitution is obsolete, but if so, we should say so, and amend the Constitution rather than pretending we're following it.


name.withheld.for.obvious.reasonsFebruary 20, 2014 5:41 PM

@ Nick P

It was actually around 1917 when the Federal Reserve was created. Giving control of our entire money supply and banking backbone to a private, for-profit corporation was the end of *real* democracy.

Nick, Nick, Nick--your confusing the socio-political rise (and I say 1913 was the water shed year) and military industrial conflict. Chomsky's early book "American Power and the new Manchurian" gives a great treatment on the rise of the United States as a world power. When in the 1920's we started to quash the Japanese and their quest for East Asian imperialism. Given our energy and textile blockades it was no surprise that Pearl Harbor was attacked. For years we had a relative isolationist foreign policy. The Red scare was the psychological tool, as fear of terrorists post 9/11, to ply the U.S. citizenry and escalate spending to new heights at the pentagon.

BuckFebruary 20, 2014 9:28 PM

This is the best writeup of the (technology as it exists today | precursor to the technology building towards the future) that I have seen thus far...
The minority report: Chicago's new police computer predicts crimes, but is it racist? (February 20, 2014)

What McDaniel didn’t know was that he had been placed on the city’s “heat list” — an index of the roughly 400 people in the city of Chicago supposedly most likely to be involved in violent crime. Inspired by a Yale sociologist’s studies and compiled using an algorithm created by an engineer at the Illinois Institute of Technology, the heat list is just one example of the experiments the CPD is conducting as it attempts to push policing into the 21st century.
http://www.theverge.com/2014/2/19/5419854/the-minority-report-this-computer-predicts-crime-but-is-it-racist
Anyone with the slightest hint as to how such a system might be considered 'technically successful' should be both shocked and appalled.

Nick PFebruary 20, 2014 10:50 PM

@ name.withheld

"Nick, Nick, Nick--your confusing the socio-political rise (and I say 1913 was the water shed year) and military industrial conflict."

Maybe. My intent was pointing out that our democracy was already subverted by elite bankers early on. The financial coup they orchestrated gave them power over our leaders that's lasted almost 100 years without even getting most Americans' attention. I also thought Butler's work tied in as he pointed out that the bankers pushed for and profited on most of the wars. Their loans (and campaign contributions) were instrumental in it. They were actively pushing the expansion of military power because it was in their interests.

The issues I think are separate. However, I think there's a considerable overlap or cooperation between the two. The elites dominating our government see the M.I.C. and LEO's in a risk management sense as a control that protects their "investment." There's a ton of power in defense because the country's most powerful people *want* that power there. And the M.I.C. is the weaker power between them and the bankers as the latter benefit from politicians year after year rarely taking a hit.

And it was the bankers, not M.I.C., that put down Wikileaks. ;)

"Given our energy and textile blockades it was no surprise that Pearl Harbor was attacked."

I actually didn't know about those. I appreciate the info. I also have yet to read that Chomsky book. Need to put it on my todo list.

Clive RobinsonFebruary 21, 2014 1:50 AM

@ Buck,

Whilst I thoroughly disagree with what the NIJ and CPD are upto the similarit between the "spread of ideas / societal norms" and "contact disease" have been seen since the 1854 and later work of Dr John Snow (London) and Florence Nightingale (Crimer War).

In Victorian London it was known that disease was related to social class it was thought by many to be due to indolence, lack of intelect and morals and poor breeding in the lower classes. This belief was strongly held by the Doctors, Officers, Clergy and Politicians" of the time who mainly came from what we now call "priveledged backgrounds".

What Snow and Nightingale did was use mathmatics we now call statistics and pictorial representation of the numbers (maps and graphs) to show why and how disease spread and identify it's causes (poor sanitation, squalor, overcrowding). But importantly show the real causes were not those assumed by "The high and mighty".

And the failing of assumption is what makes the CPD system dangerous, because statistical methods are highly sensitive to the input data and the methods by which it is collected. There will be an assumption that the input data from the police reports and other sources will be somewhat biased, but there is no way to establish suitable controls to measure it because those providing the data will easily spot the controls and show further bias due to vested interest.

One bias that is immediatly obvious from the article is that all community contact is negative in outcome. That is if you are known to have contact with an "assumed to be bad" person either they will drag you down or you will push them down. Whilst this does happen due to "group think" amongst other issues sometimes the opposit is true , that is you either moderate the bad persons behaviour or they moderate yours either way giving an improved outcome.

A lot of past research shows that social contact can be benificial, to put it bluntly if you are busy playing ball or socca or many other social activities then you are not commiting crime at the same time. The trick is to ensure the social activities have either zero cost to participants or more importantly rewards in some way, further that the before and after phase is managed. Most street crime is opportunistic in nature and exacebated due to the use of chemical substances many quite legal (alcohol and caffine / ncotiene). One obvious and frequent sight is the "after hours effect" where people get "steamed up" immediatly prior to closing time and then the shortage of transportation puts them on the street on their way home and this causes problems. Various solutions have been found including removing or varing "pub closing time" which means not every one spills onto the street at the same time thus easing transport issues, improving public transport late in the evening and providing curtisy transport. All show reductions in street crime, as do other end phase managment. To a less obvious extent other forms of pre/post social event managment reduce crime as do inclusion not exclusion methods.

Unfortunatly these known to work systems are usually the first casualties of "Political war" where people are accused of "being soft" "wasting resources" etc etc by those with significant vested interests. And this NIJ CPD system reaks of vested interests.

name.withheld.for.obvious.reasonsFebruary 21, 2014 3:12 AM

I think unconciously I understood that's where you were coming from--just that I think the MIC has become its own beast. The necon thesis concentrates action and power witin the MIC. I'd be interesting to understand what the overlap really is...
The corporate players on the MIC side have parallel affliations, not sure what all that maps to but I am sure it would be enlighting.

And Nick, you never disappoint. Your prolific and thoughtful participation on Bruce's blog could be considered an asset of the first order. Don't want to forget Clive, he too seems to manage to produce substaintial feedback and useful comments and information--I'm just hoping he names a custodian to his book trove (joking).

SkepticalFebruary 21, 2014 7:34 AM

@AlanS: I think we'll have to agree to disagree on this. I can agree that matters of interpretation are in flux when it comes to understanding how conflicts between NSAs such as AQ and States fit into international law, but that is something that, at the very least, should have been mentioned in the legal opinion. Nor, again, is this the only problem I have with the opinion.

@Clive: However there are what are sometimes called the "clear ans present danger" defences for war crimes. I suspect unless brain washed in some way juries would find it hard to see why a man hiding in a cave in eastern Afghanistan represents any kind of danger lett alone on that is clear and present to those on US soil. And if such argument is found not to meet the requirment then drone strikes are either criminal acts or war crimes.

I assure you that quite a few courts would have little trouble believing that an international terrorist organization can pose a threat against which a state is entitled to act, regardless of where some of the ITO's personnel happen to take refuge.

The strikes are undertaken in areas not within the control of any government, where arrest or non-lethal prevention is impractical. They comply with the principle of proportionality, in that they strive to avoid civilian casualties and tailor the use of force (to the extent possible) to that necessary to eliminate the threat.

The alternative is to simply hope that when attacks are launched we are able to thwart them. That's unlikely to be either a successful strategy or a politically acceptable strategy.

SkepticalFebruary 21, 2014 8:32 AM

@name.withheld: Our framers knew exactly the threat, standing armies are the instruments of tyrants--well the DoD became its own tyrant--all others would be subservent to it. Just look at what the neocons drafted under the doctrine of Shock and Awe. The belief that all problems could be resolved by the pentagon. Talk about mission creep!

Firearms, airplanes, and radio stations are the instruments of tyrants as well; is it a good idea that we rid ourselves of them?

I also must disagree with you re: DoD approach to problems. The military does not believe that it can resolve all problems, and a huge amount of ink has been spilled in attempts to make that point.

@Nick P: Giving control of our entire money supply and banking backbone to a private, for-profit corporation was the end of *real* democracy. We've seen those same organizations mess up our economy for private gain repeatedly all the way to 2008 fiasco.

Well, the Federal Reserve is a hybrid public/private system, but "profits" go to the Federal government, and none of the private banks within the Federal Reserve set monetary policy. The FOMC sets monetary policy, and a majority of its members come from the Board of Governors, who are appointed by the President.

@Knott: As I understand it (nonexpert nonlawyer that I am), the framers of the constitution wanted to keep the president from having the power to wage war absent a declaration of war from Congress, although they seem to have recognized that the president as Commander in Chief would sometimes have to respond immediately to attacks on the homeland, with Congress ratifying it later (or saying to cut it the hell out).

You raise a lot of interesting and good points (inc. many that I didn't quote). Two quick reactions:

-- I agree that the open-ended nature of the military actions authorized here is problematic, but I think that's a result of the type of conflict rather than a defect of how Congress authorized military action. If Congress had declared war on AQ, all its affiliates, all those who give it aid, etc., would the conflict be any less open-ended?

-- And closely related to the first reaction, while the Constitution gives Congress the power to declare war, the term "war" is not defined and there is no requirement that Congress actually use the term in authorizing protracted military action. There seems no doubt that the AUMF did authorize protracted military action against AQ, though I think there's room to argue whether it extends to "AQ affiliates" who have grown in power since AQ-central was reduced by US and allied military efforts.

Nick PFebruary 21, 2014 11:47 AM

@ name.withheld

"just that I think the MIC has become its own beast."

It definitely has. Institutions tend to take a life of their own. Military is so big it's almost like a separate small country in our own country. They have their own courts (UCMJ), their own rulemakers (DOD policy), their own territories, a tremendous amount of resources, and several million they employ. I'll let you guess about the implications of several million voters taking money from M.I.C. ;)

So, where would the overlap occur? Remember, although it's a huge institution, it's led by individual people. A small number of people wield enormous power in the M.I.C. A number of them are affiliated with organizations dominated by elitists from private sector. There mutual interests there both in politics and money changing hands. I think that's where the overlap occurs. The specifics I can't tell you as they intentionally obscure what they're doing to avoid prison time.

"And Nick, you never disappoint. Your prolific and thoughtful participation on Bruce's blog could be considered an asset of the first order."

Thank you. It's about all I can do in my current, rough situation. I hope to get back into the action in the future.

"Don't want to forget Clive, he too seems to manage to produce substaintial feedback and useful comments and information--I'm just hoping he names a custodian to his book trove (joking)."

re Clive Robinson

Yes Clive has plenty of insight on an unusual number of topics. In previous discussions about him, I worked out that he's actually a group of individuals at a prestigious University that all post under the same name. Each has to have a Masters or PhD with industry experience to participate. Their goal is to be the Confucius of modern blogs. They painstakingly ensure consistency among their posts to ensure they have the same style, talk about same outdated computers, and make same typos while blaming it on a mobile phone. All I can say is The Clive Society has largely succeeded as poor fool after fool thought they could debate "that one guy."

@ Skeptical

"but "profits" go to the Federal government"

Actually, the "profits" are the several hundred billion dollars in interest that go FROM the Federal govt to the lenders. The Fed owners got almost all of that for a while. Now days, there's plenty foreign investors in the mix. So, imagine printing money out of thin air, lending it at interest, and then getting to spend that interest within the system. It would only take $1 bil of it to send a million in campaign contributions to *every* elected official. That would be around 1% of their yearly take. Now *that* is money. ;)

"The FOMC sets monetary policy, and a majority of its members come from the Board of Governors, who are appointed by the President."

That's an illusion. Reportedly, we had a treasury dept overseeing the likes of Goldman Sach's too. In reality, the bankers used their superior buying power to buy policitians and put their own people into the treasury. So many people there are ex-Goldman it's not funny. The head of treasury, who orchestrated bailout, was ex-CEO. It's one of the oldest and most effective attacks on representative government.

So, the Fed began with sneaky, elite banking types. Wealthy families and banks worked to control money supply for profit or power [1]. They pay off many politicians, put lies in media to trick working class,etc. An regulated private corporation is created, its ownership is *secret*, and begins making money for its owners. It also has a Board that supposedly regulates it. So, these bankers at that time had bought politicians, possibly rigged financial crises, and dodged plenty regulation. And yet you think that this Board wasn't bought out too? If old and recent historical precedents are an indicator, that Board is controlled by the Fed's owners not the other way around. It's there to obscure that the Fed is a private money making machine that Americans should have dealt with a long time ago.

[1] "Give me the issuance of a nation's currency and I care not who writes the laws." (Mayer Amchel Rothschild)

AlanSFebruary 22, 2014 4:55 PM

@ Skeptical

A lot of these strikes result in civilian deaths. Under international humanitarian law killings involving civilians aren't "matters of interpretation" that are "in flux". For example, see this report published earlier this week.

SkepticalFebruary 22, 2014 6:41 PM

@Nick P: Actually, the "profits" are the several hundred billion dollars in interest that go FROM the Federal govt to the lenders.

I disagree with nearly everything you've written in what I've quoted, so I want to clarify at the outset that my tone throughout here is intended to be one of friendly, respectful disagreement and nothing more.

Not sure what you're referring to in the above quote. The interest paid by the Fed on required/excess reserves? If so this comes to about 2.8 billion per year. While the Federal Reserve historically did not pay interest on required reserves, that policy shifted in 2008 for obvious reasons. The .25% paid by the Fed is a paltry return for the money deposited. You can see the weekly numbers in the H.3 release, here.

Incidentally, most of the Fed's "income" derives from interest payments that it receives on US Government securities that it holds, and that income dwarfs the interest it pays on reserves.

So, imagine printing money out of thin air, lending it at interest, and then getting to spend that interest within the system.

Here I'm guessing you're referring to the discount window.

The discount window is a program in which the Fed lends money to certain qualified entities in exchange for collateral that fully secures the loan. Interest of course is charged for the loan.

These loans are usually very short duration (overnight), and the volume of lending is rather low (on any given day, there are usually under 20 million dollars outstanding).

The purpose is to offer a source of liquidity to the system, which helps mitigate and forestall liquidity crises.

Outside times of crisis, this is a pretty small part of the Fed in comparison to its most significant programs.

"The FOMC sets monetary policy, and a majority of its members come from the Board of Governors, who are appointed by the President."

That's an illusion. Reportedly, we had a treasury dept overseeing the likes of Goldman Sach's too. In reality, the bankers used their superior buying power to buy policitians and put their own people into the treasury. So many people there are ex-Goldman it's not funny. The head of treasury, who orchestrated bailout, was ex-CEO. It's one of the oldest and most effective attacks on representative government.

The FOMC is quite transparent and very closely followed. I haven't seen any serious allegation that it's corrupt or that it's acting in anything other than what it sees to be in the twin missions given to it: control inflation and encourage employment.

That members of the Treasury Dept. once worked for GS doesn't show us anything about the FOMC.

An regulated private corporation is created, its ownership is *secret*, and begins making money for its owners. It also has a Board that supposedly regulates it. So, these bankers at that time had bought politicians, possibly rigged financial crises, and dodged plenty regulation. And yet you think that this Board wasn't bought out too? If old and recent historical precedents are an indicator, that Board is controlled by the Fed's owners not the other way around. It's there to obscure that the Fed is a private money making machine that Americans should have dealt with a long time ago.

Your basis for thinking that the majority of the Board of Governors who are appointed by the President (7 of them) is corrupt is what, exactly? Again, there is zero evidence of corruption, and this is an extremely closely followed institution.

As to the idea of getting rid of the Federal Reserve, I'm not sure why you would want to do so, or what you would want to replace it with. The FR did an outstanding job during the last financial crisis. It would be a massively damaging mistake, in my view, to even attempt to replace it.

SkepticalFebruary 22, 2014 7:00 PM

@AlanS: A lot of these strikes result in civilian deaths. Under international humanitarian law killings involving civilians aren't "matters of interpretation" that are "in flux". For example, see this report published earlier this week.

Some of the strikes have indeed resulted in civilian casualties, though whether the strike referred to in that report did is apparently unclear. The US seems to have issued a strong, and rare, denial of civilian casualties in that case (usually no information at all is given on UAV strikes in Yemen).

For overall statistics on UAV and air strikes in Yemen, this source is pretty good (though they still list the strike referenced in the HRW report as killing only civilians).

Terrible though they are, these strikes are less harmful than alternative means available (such as attempting to capture the targets with ground forces), and are as tailored as possible to destroying the intended targets. They clearly fall within the requirements of proportionality.

That it may be legal doesn't make any of this less terrible, of course. The use of violence to kill other human beings is always terrible, regardless of its legality, and even when justified.

Nick PFebruary 22, 2014 8:33 PM

@ Skeptical

"Terrible though they are, these strikes are less harmful than alternative means available (such as attempting to capture the targets with ground forces), and are as tailored as possible to destroying the intended targets. "

How is a missile strike "less harmful" than sending elite commandos to grab or assassinate a target? Commandos often get the job done with little collateral damage, often with few ever knowing they were there until someone writes their bio. Professionals on the ground using right tools for the job, optionally with drone strike available, are a much safer proposition for individuals over there. Especially if the professionals are Force Recon or Scout-Sniper types. :)

Nick PFebruary 22, 2014 8:35 PM

@ Skeptical

re Fed

I think we're just going to disagree on this as the discussion could eat the Squid thread for enough pages to fill a textbook. ;)

"I disagree with nearly everything you've written in what I've quoted, so I want to clarify at the outset that my tone throughout here is intended to be one of friendly, respectful disagreement and nothing more. "

Same here. I just have a rather blunt style.

SkepticalFebruary 22, 2014 10:07 PM

@Nick P: How is a missile strike "less harmful" than sending elite commandos to grab or assassinate a target? Commandos often get the job done with little collateral damage, often with few ever knowing they were there until someone writes their bio. Professionals on the ground using right tools for the job, optionally with drone strike available, are a much safer proposition for individuals over there.

In many circumstances, the risk of a scenario involving a high number of civilian casualties would greater with the use of men on the ground than it would be with an air strike.

And in many circumstances the UAV gets it done without any civilian casualties.

Nick PFebruary 22, 2014 11:01 PM

@ Skeptical

If they were acting careful (read: trying), then your points would be very good. Unfortunately, the recent testimony from drone strike operators is that most are just SIGINT and many involve only possession/location of a cellphone. Such tactics make it clear that they care little for either HUMINT supporting target's guilt or collateral damage.

Sad thing is many ex intelligence and spec ops types have written about how unreliable the SIGINT methods were in practice going back decades. A person wondering if death by cellphone metadata and trace is good enough doesnt have to trust me. They only need to trust former and current US operators calling BS on both the SIGINT-derived kills morality and effectiveness.

The consensus by those not making money off the program is that it's ineffective and causes blowback (defeating whole purpose).

name.withheld.for.obvious.reasonsFebruary 23, 2014 12:38 AM

@ Skeptical, Nick P

Where do you get your drone kill ratio and safety data (I don't know if they mark civilian causalities on the fuselage, only the kills). And frankly, mechanized "remote control" war is seen as the most cowardly act.

IF YOU ARE DECLARING THE ACT AS RIGHTEOUS AND NECESSARY, AND THE DECISION HAS BEEN MADE TO TERMINATE THE LIFE OF ANOTHER...

(where I come from it's called per-meditated murder)

...AT LEAST HAVE THE COURAGE TO FACE THE ACCUSED.

Only a bully or a coward calls on some one or thing to do their dirty work.

And, I got a call noogies, or WTF--some of the issues here are suspect; where are the numbers for the Fed's 'off' balance sheet asset purchases--didn't they lose a shit load of money on gold purchases? What about long term bonds; prior to the Fed's QE^X, the rates where moderate and very low towards the 2008 pop. This is a liability to asset ration problem--as long term bond come due, with greater differentials in monetary value (especially with deflation), a value proposition starts to become difficult.

Additionally, short and mid term fed note purchases are all but dried up. China has declared the 2 year U.S. treasury bond/note unacceptable for transacting (purchase or sale). With the fed leveraging nearly (by the time the easing phases in) about 5 trillion dollars, that equity value has to be returned--funny, the equity markets seemed to have recovered 3 trillion in value over the last year or so.

But, the crime here is using notes that the TAXPAYER is on the hook for to secure monetary liquidity for rich mo'fo's...instead of issuing more bonds at auction--since no one would buy--they borrowed from themselves to execute asset purchases (homes, loans, central banks, equities, commodities).

Now what happens when the fed needs to liquidate--do asset prices fall, inflation and bond prices rise, or do we just all pretend that borrowing money from yourself to pay yourself is not such a good idea (especially when the real motive is to suppress federal budget deficits interest payments).

I cannot wait for the Fed to announce flexible 2 year notes...ought to be interesting. There aren't going to be enough peanuts for the world's most massive shell game.


For the next three months I'm collecting my feces, compacting them, pressure sealing them, and sending them to the IRS as my treasury notes for payment of taxes. Since they can pull this shit, the least I could do is help.

SkepticalFebruary 23, 2014 9:10 AM

@Nick P: If they were acting careful (read: trying), then your points would be very good. Unfortunately, the recent testimony from drone strike operators is that most are just SIGINT and many involve only possession/location of a cellphone. Such tactics make it clear that they care little for either HUMINT supporting target's guilt or collateral damage.

Of the two UAV operators used as sources for that article, one of the two (the only one to use his name) stated that he had very little access to the intelligence used to identify, verify, track, and confirm tracking, of the target.

The other stated that they were commonly told that the strike was "triggered by SIGINT."

Neither was involved in the identification and tracking process, in the analysis of the possibly varied types of intelligence collected, or in the legal analysis that would be done prior to okay-ing the strike.

In the few cases we actually do know about, much more than simply tracking a cell phone was used. For example, Hassan Ghul was apparently tracked for at least a year (and you can bet this involved more than listening passively) before a strike went forward.

@name.withheld: ...AT LEAST HAVE THE COURAGE TO FACE THE ACCUSED. Only a bully or a coward calls on some one or thing to do their dirty work.

Re source for civilian casualties, various NGOs compile this information using a combination of media reports and their own interviews of claimed witnesses. These will be unreliable, but if anything would be tilted towards more, not fewer, civilian casualties.

Two examples:

http://natsec.newamerica.net/drones/pakistan/analysis
http://natsec.newamerica.net/drones/yemen/analysis

As far as courage and warfare, these missions aren't intended to be tests of courage; these missions are intended to destroy military targets. If they can be accomplished with less risk, that's a good thing.

And, I got a call noogies, or WTF--some of the issues here are suspect; where are the numbers for the Fed's 'off' balance sheet asset purchases--didn't they lose a shit load of money on gold purchases? What about long term bonds; prior to the Fed's QE^X, the rates where moderate and very low towards the 2008 pop. This is a liability to asset ration problem--as long term bond come due, with greater differentials in monetary value (especially with deflation), a value proposition starts to become difficult.

The gold certificates owned by the Fed are purchased from the Treasury at a set value. At any time, the Treasury can redeem those certificates for the same value.

As to changes in the value of the Fed's holdings, because of its unique position I don't think insolvency is really a concern.

Additionally, short and mid term fed note purchases are all but dried up. China has declared the 2 year U.S. treasury bond/note unacceptable for transacting (purchase or sale). With the fed leveraging nearly (by the time the easing phases in) about 5 trillion dollars, that equity value has to be returned--funny, the equity markets seemed to have recovered 3 trillion in value over the last year or so.

The bid to cover ratio on the last 2 year note auction was somewhere around 3.8. In other words, there were over three times as many bids as were accepted.

I'm not sure what you mean by the Fed leveraging here, or that equity value must be returned. It's unclear as to the extent to which QE propped up equities, and it's unclear as to what the effect of the reduction of QE (which has begun) will have on equities.

But, the crime here is using notes that the TAXPAYER is on the hook for to secure monetary liquidity for rich mo'fo's...instead of issuing more bonds at auction--since no one would buy--they borrowed from themselves to execute asset purchases (homes, loans, central banks, equities, commodities).

I'm not sure what you mean here either. The Federal Reserve doesn't run or control, or receive the proceeds of, Treasury auctions.

Now what happens when the fed needs to liquidate--do asset prices fall, inflation and bond prices rise, or do we just all pretend that borrowing money from yourself to pay yourself is not such a good idea (especially when the real motive is to suppress federal budget deficits interest payments).

The Fed would sell some of its holdings in the event that inflation began to exceed certain limits. That would likely happen if the economy were growing at a decent clip.

In that case, because of the growing economy, you would see prices on US Government bonds fall (which means the interest paid by them would rise).

I cannot wait for the Fed to announce flexible 2 year notes...ought to be interesting. There aren't going to be enough peanuts for the world's most massive shell game.

:) I don't see how this is a shell game, to be honest, though I've seen that sentiment before.

AlanSFebruary 23, 2014 7:15 PM

@Skeptical

The problem with citing administration denials is that they refuse to provide any evidence to support their claim that the people killed were combatants and their credibility on these matters isn't exactly gold at the moment.

For the sake of argument, let's assume that some of the wedding party were members of AQ and they were properly classed as combatants. under these assumptions, this attack would still likely be a violation of the Geneva Conventions. As HRW comments in the report:

"...only valid military objectives such as AQAP leaders or fighters could have been lawfully targeted. The burden is on the attacker to take all feasible precautions to ensure that a target is a combatant before conducting an attack and to minimize civilian harm. Had AQAP members deliberately joined the wedding procession to avoid attack they would have been committing the laws-of-war violation of using “human shields.” AQAP shielding would not, however, justify an indiscriminate or disproportionate attack by US forces."

You can read the "Precautionary Measures" that are supposed to be taken to protect civilians here: Geneva Conventions, Protocol 1. As Nick P points out above, there is evidence that drone killings are done simply on the basis of SIGINT without adequate precautionary measures.

SkepticalFebruary 24, 2014 12:33 AM


@AlanS: By definition, an indiscriminate or disproportionate attack would be prohibited by the principles of distinction and proportionality. Whether an attack on a vehicle for the purpose of destroying a military target, but with the additional effect of killing civilians, was justified by military necessity would be extraordinarily difficult for any court, domestic or international, to ascertain if the case is anything less than extremely clear. Obviously, even if we assume that reports of civilian casualties in this case are true, this is not such a clear case.

What we do know is that of a convoy of multiple vehicles, a precision missile was fired at one of those vehicles, which was believed to be carrying a significant AQAP leader and AQAP personnel, and no one else. We know from public reports that lawyers are involved in approving targeting decisions, and that the principles of proportionality and distinction are taught as law throughout the US military. We know that the US uses precision guided missiles for such strikes, and we know that many of these strikes have uncontroversially produced no civilian casualties. We know that the US has, as a matter of procedure and policy, sought to minimize civilian deaths caused by military strikes where feasible.

While I would not expect the US to make public the means by which it conducts surveillance of targets prior to a strike, the available facts make it unlikely that this strike was a war crime. The policy and procedures with respect to the US that have been publicly reported, the use of guided weaponry, the targeting of a particular vehicle rather than indiscriminately destroying the entire convoy, the delay between UAV strikes and the public record of the preparation that goes into them, are all indicative of an intent to distinguish between military targets and civilians, and to use all feasible means of avoiding civilian deaths while still accomplishing military objectives.

Understand that we are dealing with broad strokes here, not fine lines. These laws are designed to capture clear cases of indiscriminate use of force (carpet bombing a city) and clear cases of disproportionate use of force (destroying a city to neutralize an unimportant factory). Questions like "was this AQAP commander and these AQAP personnel, at this time and date, of sufficient military value such that a number of civilian deaths caused by the strike would not be excessive" aren't easy for anyone to answer, and don't furnish a basis for an investigation of war crimes.

Clive RobinsonFebruary 24, 2014 2:08 AM

@ Skeptical,

You argue that suspected AQ personel are "shielding" at a wedding or other social event where they live and therefore it's legitimate to commit murder of others so that they may be killed.

I would counter that if they were attending a social gathering then they clearly did not present a "clear and present danger" that would alow the "self defence" argument.

But for a moment lets consider the implication of your argument as though it were valid. We will apply the principle of duality where any right you reserve has to be given in equal measure to the opponent.

Your argument will 100% legitimize any attack terrorists make on US soil.

To pretend otherwise is to argue "Might is right".

And it is that sort of nonsense that gives rise to fueds and monarchies as it legitimizes "power grabs by any means" which is alien to any notion of democracy.

SkepticalFebruary 24, 2014 8:01 AM


@Clive: I absolutely said nothing of the sort. I've read nothing to indicate that the targets were using the wedding convoy as either cover or concealment.

As to civilian casualties... It has long been recognized in international law that legitimate military strikes may cause civilian casualties. The questions here are:

(1) Were there any civilian casualties? The US, in a rare moment, stated that it undertook two investigations to determine whether there were; and the answer is no, that all those killed in the targeted vehicle were AQAP fighters and a significant AQAP leader. But journalists have quoted anonymous Yemeni government sources and alleged witnesses who say otherwise.

(2) If there were civilian casualties, were they the result of force used either indiscriminately (that is, without distinguishing between military targets and civilians) or used in a manner that would clearly cause civilian casualties in disproportion to the military value of the military targets engaged?

The answer to (2) will, from a legal perspective, be no, for reasons I stated in my reply to AlanS.

AlanSFebruary 24, 2014 8:40 PM

@Skeptical

1. Various groups have provided evidence to support the case that many of the victims were civilians who were part of a wedding party and that reasonable precautions were not taken to protect civilian lives. The USG has failed to counter these claims with any evidence to the contrary other than to deny the claims. This amounts to "trust us". There is amply reason not to trust them.
2. More broadly, the USG has refused to share information on targeted strikes that would allow informed public discussion of drone policy. There's a deplorable lack of transparency and accountability.
3. The legal basis for these strikes, civilians or no civilians, has never been properly articulated by the USG and is disputed by others. The conflict in Yemen doesn't meet the criteria for IAC and probably doesn't meet the threshold for NIAC, which means targeted killings without a clear justification of imminent threat are illegal.
4. The actions may well be counter-productive. Again, there is no transparency or proper accountability so claims about the effectiveness of the attacks can't be assessed.

SkepticalFebruary 25, 2014 10:08 AM

@AlanS: I appreciate your points. Let me mirror your numbering system in responding to them.

1. Various human rights groups now admit that they do not know whether all those killed were civilians, AQAP members, or mixed. This is because their sources, anonymous Yemeni officials and locals who claimed to be eyewitnesses, are unreliable. And they obviously do not simply take the US Government at its word.

1a. We do know that the 9-12 men who were killed were traveling together, all armed (not unusual, apparently), and were part of a much larger convoy travelling to a wedding party. The vehicles those men were travelling in, and no other vehicles, were destroyed by an air strike. No one else seems to have been killed.

1b. There's ample evidence, obviously, that the US did not fire indiscriminately, but rather used weapons and guidance systems to strike particular vehicles and not the rest of the convoy of vehicles. So the principle of distinction was honored. The question of proportionality can only be answered by a careful weighing of the military value of the intended targets; this is impossible to do without highly classified information that the US will not release, but we can see already that this is not clearly disproportionate (which means a court would be unwise to attempt a military calculus of its own). Finally, the feasible precautions here would seem to include, at a minimum, firing on the targets when adequately separated from other civilian vehicles given the precision of the weapon(s) used. That, and certain types of surveillance, are likely the only precautions that would be feasible.

So even though we do not know precisely what did happen, I do not see good ground for an investigation of war crime allegations.

2. Clandestine and covert operations are not intended to be transparent, and the US military is fully capable of investigating, prosecuting, and punishing violators. The US is under no obligation to provide data that reveal how it identifies and tracks targets.

3. Yes, the legal status is disputed by some. We're dealing with matters that int'l law is not well designed to handle, and so that's not unexpected. You'll notice, however, that those who insist that these actions are illegal devote very little space to what they think the US legally can do; and that is because their reasoning leads to some very silly conclusions, e.g. Amnesty Int'l's view that the US should first attempt to arrest AQAP members, should give adequate warning that they will do so, and should only use lethal force if AQAP attempts to use lethal force to thwart the arrest - mind you, this is all to occur in hostile, largely uncontrolled areas.

4. Yes, the wisdom of the policy is disputed as well. What policy isn't disputed? In any event, military decisions such as these are confined to the President, and the details needed to make a full assessment would include details that also must be kept classified. We have an elected, representative government, and we have an executive branch of the government, for a reason. George Washington, you can be assured, did not issue notice to the press of the funds set aside for hostage-dealing/covert-action in connection with the Barbary pirates, nor provide notice of various clandestine operations undertaken by his order.

name.withheld.for.obvious.reasonsFebruary 25, 2014 11:45 AM

@ Skeptical

So the principle of distinction was honored.

Your statements continually reminds my of the movie "Tombstone" where Val Kilner, as Doc Holiday, receives a badge from Kurt Russel and responds:

"Seems my hypocrisy knows no bounds."

Are ability to misconstrue honor and illegal wars operating under the color of laws is amazing. Attacks in Yemen that you state are part of war misses much.

1.) Use of the color of law, war powers, is given cover by many in government.

2.) AUMF, is not a declaration of war.

3.) Declarations of war require specificity....with whom are we at war with. Note, congress doesn't have the power to re-define war as an amorphous body of ideas or persons...it requires specificity.

4.) Your obvious support for the establishment position makes you an outlier in this forum. That's not a bad thing.

5.) If you're acting as Lucifer's attorney, I understand.

6.) The endless analysis that suggests that the neocon theory of governance is extremely flawed cannot be ignored--though most people don't know how much of this is in play.

7.) I suggest you read the early doctrinal theory (and yes, the military has mission creep--did you not read the Joint Doctrine publications that have come out of the Pentagon?), Shock and Awe, Achieving Rapid Dominance. This is the playbook that suggests, not my words, that OOTW -- Operations other than war -- is not a delusion.

This is not directed at you skeptical, I am using the opportunity of your statements--it's not too dissimilar to things I here within specific circles (like AEI). And I am reacting to the prose, not you the person.

Actions have meaning, war where hundreds of thousands of people are killed, trillions of dollars in expense, loss of credibility throughout the world, and a failed theory that we will be welcomed with flowers just sounds so surreal.

SkepticalFebruary 25, 2014 6:09 PM


@name.withheld:

Congress does not need to declare war in order to authorize the use of military force. In fact it has done this since the very beginning of US history. See this report from the CRS, via the FAS.

Incidentally, I'm not a neoconservative. And while I may seem "pro establishment" here, I'd suggest that's simply by contrast with the nature of the majority of views expressed here! :)

The use of targeted strikes against certain organizations isn't connected with neocon ideology. The broad principles on which a strategic justification from a counterterrorism vantage would be made can be found in JP 3-27. You won't find anything about being welcomed with flowers.

name.withheld.for.obvious.reasonsFebruary 25, 2014 8:48 PM

@ Skeptical

Ironically, I've read both publications. I have a long term relationship with personnel at FAS. I myself have contributed to their efforts.

And I did calculate, assumptively, that your contributions had the characteristics of a "Lucifer Attorney". Never suggested that "you" are/were a neocon--that would be one WAG.

Also, OOTW, expressed in the book I referenced (Shock and Awe, Acheiving Rapid Domaniance) is the book I referenced regarding mission creep and neocon political theory. The JP's are the place to find DoD mission creep. You claimed that DoD didn't want this--seeems there is both operational and political cover for the use of the DoD for more than war.

AlanSFebruary 25, 2014 9:46 PM

You still don't understand IAC and NAIC. However, now you've started talking in contradictions. The USG hasn't provided evidence of anything so there isn't "ample evidence" for their claims. Then you go on to claim they have no need to be transparent. Which is it? I wasn't suggesting, by the way, that they need to share everything. At the moment they share more or less nothing. Much more could be shared without compromising counter-terrorism.

The bit about representative government completely misses the point. The US was founded on a distrust of government. Many of the founders appreciated that concentrated power corrupts and tried to establish checks and balances. (Go read Federalist 51.) What we've seen since 9/11, initially under Bush, has been a massive expansion of the power and secrecy of the executive, and so far little push back from the other branches.

The war on terrorism for the most part has been a phony war. Other countries treat terrorists as criminals and prosecute them as such. It's ironic that for a good part of the three decades prior to 9/11 America looked the other way while terrorist organizations raised millions of dollars in the US and shipped arms out of US ports to commit atrocities in Europe.

SkepticalFebruary 26, 2014 11:12 AM

@AlanS: The USG hasn't provided evidence of anything so there isn't "ample evidence" for their claims. Then you go on to claim they have no need to be transparent. Which is it?

I said that there is ample evidence that the US respected the principle of distinction in that strike.

The principle of distinction requires that one distinguish between combatant targets and non-combatant civilians in the use of force. Deliberately striking civilians, or firing indiscriminately, would violate this principle.

That evidence is, again, the fact that 2 precision guided missiles were used to destroy 2 vehicles out of a larger convoy of vehicles. This isn't indiscriminate firing, but rather obviously highly targeted firing. Given what we do know of the US purpose in using UAVs in Yemen, and what we know of the procedures and policies followed by the US in assessing and authorizing strikes, it is highly unlikely that the US intentionally targeted civilians.

Now, whether the strike conformed to the principle of proportionality is a much harder question. On this question, there is not ample evidence. However, consider the two most likely possibilities: (1) the US made a mistake, and the men in those vehicles were not who the US thought they were, or (2) there were AQAP targets in the vehicles, but there were also civilians.

If a mistake, then this isn't criminal on proportionality grounds (there would still be "feasible precautions" to consider, assuming that rule applied). If not a mistake, but there were civilians in the vehicles as well as AQAP targets, then the question becomes one of weighing the military value of the targets against the civilian lives lost in the strike. That kind of weighing is imprecise, highly subjective, and outside of clear cases of violation should not be for a court to consider.

And, indeed, much of the reasoning I've given here is precisely that given by Moreno-Ocampo as Prosecutor of the ICC in declining to initiate actions on allegations of war crimes in Iraq. See here.

I wasn't suggesting, by the way, that they need to share everything. At the moment they share more or less nothing. Much more could be shared without compromising counter-terrorism.

Well, what do you think they should share about how they identified the men in the vehicles prior to the strike, and how they determined when to launch the strike?

The bit about representative government completely misses the point. The US was founded on a distrust of government. Many of the founders appreciated that concentrated power corrupts and tried to establish checks and balances. (Go read Federalist 51.) What we've seen since 9/11, initially under Bush, has been a massive expansion of the power and secrecy of the executive, and so far little push back from the other branches.

I've read Federalist 51 many times in my life. So I'm quite familiar with it.

And the US was not founded simply on a distrust of government. Remember that the reason for the Constitutional Convention was that the federal government under the Articles of Confederation was too weak to be effective. Don't misunderstand me: distrust of government was indeed a major theme of the time, but effectiveness of government was just as important.

I raised the fact that we have a representative government in response to the notion that the government must disclose all details about UAV strikes so that the public can debate it. But some government operations, particularly in the military and intelligence sphere, must be secret (or mostly so) in order to succeed. This was something known and practiced by the first members of the US Government, and it is something that continues to this day. It is also something of which the US public approves. Remember: the public has the right to enable its government to carry out clandestine and covert operations.

The war on terrorism for the most part has been a phony war. Other countries treat terrorists as criminals and prosecute them as such. It's ironic that for a good part of the three decades prior to 9/11 America looked the other way while terrorist organizations raised millions of dollars in the US and shipped arms out of US ports to commit atrocities in Europe.

Some terrorists are indeed susceptible to apprehension by ordinary law enforcement means. No question. However, in the case of international terrorist organizations that lie beyond traditional law enforcement and pose a continuing threat to US interests, especially in light of the massive damage such organizations may be capable of committing or may become capable of committing, the US has determined that a military line of effort, in addition to diplomatic, political, economic, and informational lines of effort, is needed to best protect against such organizations.

One of the ultimate goals is for these organizations to be so reduced in power that local governments can deal with them via ordinary law enforcement.

AlanSFebruary 26, 2014 12:29 PM

@Skeptical

Please provide the source for this "ample evidence", including the facts you cite above.

SkepticalFebruary 26, 2014 3:10 PM

@AlanS:

On the number of vehicles in the convoy, those hit, and the likely weapons used see e.g. NBC News, particularly: In a report Shiban filed for Reprieve, and which the group shared with NBC News, he said local villagers told him the drone attack had taken place on a convoy of 11 cars and trucks carrying about 60 people traveling from the home of the bride to the neighboring village of the groom

You can find similar reports from other journalists. This makes it very unlikely that the US indiscriminately fired on the convoy.

As to the role of attorneys in signing off on UAV strikes, see e.g. The Guardian. This is also something that has been widely reported, and can be found (perhaps with more detail) elsewhere.

As to the training and procedures of the US military with respect to the principles of distinction and proportionality, I'm guessing that these aren't in contention. If so, FM 27-10 and the LOAC Deskbook would serve as initial points.

I wish to stress that the evidence above bears upon the question of distinction. As to the question of proportionality, while US officials have made claims on this question, see e.g. Time, they have not put forward evidence to substantiate those claims.

It's possible that investigations into the matter have not yet been finalized, or that a decision as to whether to release any the results has not yet been made, I suppose. Perhaps we will yet see such evidence forthcoming.

What information do you think the US can release without revealing how it may identify and track targets?

AlanSFebruary 26, 2014 7:48 PM

@Skeptical

The sources you cite are not exactly a stellar endorsement for your argument.

In answer to your question about what information they could release:
They could start by acknowledging that it was a US drone strike. Everyone knows it was but the USG hasn't even acknowledged that officially. They could release the video taken of the attacks. It might substantiate or contradict some of the claims being made e.g. there are conflicting reports about the number of missiles fired and number of vehicles targeted. It's claimed to be a wedding convoy. Is there anything that distinguishes it as such or not? Were they dressed up? Were there women and children in the group? Some of the party were apparently in a pickup trucks so would have been clearly visible. This doesn't give away any details related to tracking etc. but politically it might not be so good, especially if it doesn't support their claims.

The problem is that their strategy is long on technology and short on imagination. As has been pointed out by others, they are heavily dependent of SIGINT which means the chances of a mistake are high. You have operators (who are often thousands of miles away) who are given a target and there are lawyers that can be consulted. But you have little or no HUMINT or even input from someone with local knowledge or cultural competence (i.e. the video might obviously show a wedding party to some people but not to a drone operator living in Virginia or wherever). These attacks involve little information and people with a limited amount of interpretative knowledge. So the whole argument that adequate precautions are taken to minimize civilian deaths is nonsense.

In the Guardian article you cite, the author gives an example where they mix two people up and kill the wrong person:
"The special forces unit believed that Muhammad Amin, a Taliban deputy governor, was using the name 'Zabet Amanullah' as an alias. It has insisted that the technical evidence shows irrefutably that there was only [one] person. Yet, Zabet Amanullah was not an alias; it was the name of an actual person. When pressed about the existence – and death – of an actual Zabet Amanullah, one officer said, 'We were not tracking the names, we were targeting the telephones.'" Zabet Amanullah was a famous person locally, known personally to many provincial officials, but US intelligence had not carried out basic background checks on the name.

Do I think they are going to release any information? No. Their SOP is to not to acknowledge specific attacks, rabbit on about "precision targeting" that has killed lots militants, with few civilian deaths, etc. A couple of years ago John Brennan claimed that in a one year period during which there were more than a hundred CIA drone strikes there were no civilian casualties because the targeting was so precise. Even people who supported the strikes thought that claim was ridiculous. So then they started saying well there might have been a few but not many. If they make a big mistake, they'll never fess up to it unless it is forced out of them, leaked or the facts are so indisputable that their denial is less than worthless.


SkepticalFebruary 27, 2014 9:19 AM

@AlanS: The sources you cite are not exactly a stellar endorsement for your argument.

I cited sources to substantiate particular factual claims regarding the UAV strike with respect to the use of the principle of distinction, as you asked. Did they not do so?

They could release the video taken of the attacks. It might substantiate or contradict some of the claims being made e.g. there are conflicting reports about the number of missiles fired and number of vehicles targeted.

It seems clear from video and photographic evidence that there were two vehicles struck, presumably by two missiles.

I don't think the release of US footage would do anything more than serve as propaganda for AQAP.

It's claimed to be a wedding convoy. Is there anything that distinguishes it as such or not? Were they dressed up? Were there women and children in the group? Some of the party were apparently in a pickup trucks so would have been clearly visible. This doesn't give away any details related to tracking etc. but politically it might not be so good, especially if it doesn't support their claims.

As far as I can tell, the US hasn't denied that the convoy was en route to a wedding party. The claim is rather that two of the vehicles were carrying AQAP targets, and that those vehicles were targeted and destroyed.

As to women and children, there were none among the dead. I don't know whether there were any in the convoy, but, again, the entire convoy was not attacked.

The problem is that their strategy is long on technology and short on imagination. As has been pointed out by others, they are heavily dependent of SIGINT which means the chances of a mistake are high. You have operators (who are often thousands of miles away) who are given a target and there are lawyers that can be consulted. But you have little or no HUMINT or even input from someone with local knowledge or cultural competence (i.e. the video might obviously show a wedding party to some people but not to a drone operator living in Virginia or wherever).

This is implausible speculation. The US has worked with the Yemeni government and other intelligence agencies in the region for some years now, and the US knows very well the value of cultural expertise. You're forgetting that the US hired large numbers of anthropologists and area experts to help them understand the "human terrain" of Afghanistan, and that large portions of the military's special operations forces, and certainly the CIA, emphasize and develop area and cultural expertise.

So the picture of clueless folks in Virginia analyzing vague non-human intelligence without any input from those with cultural expertise or from anyone on the ground somewhere in Yemen is deeply unlikely to be true.

And, again, the question is not whether the convoy is mostly composed of civilians. The question is whether the vehicles destroyed contained AQAP targets. Those particular vehicles, not the entire convoy, were attacked.

AlanSFebruary 27, 2014 9:33 PM

The facts you cite are your opinions unsupported by facts.

The Europeans just passed a resolution on these matters which confirms what is obvious to many (and previously stated by the British QC): There is nothing in places like Yemen that meets the standard for IAC or NAIC and "international humanitarian law does not permit the targeted killing of persons who are located in non-belligerent states."

See European Parliament Passes Resolution on Drones, Targeted Killings, and Fully Autonomous Weapons.

BuckMarch 28, 2014 8:21 AM

Well, I'll be a monkey's uncle!

After seven years, exactly one person gets off the gov't no-fly list
New report on terrorism "blacklists" suggests it won't be easier the next time.
At long last, the government has conceded that plaintiff poses no threat to air safety or national security and should never have been placed on the no-fly list. She got there by human error within the FBI... the FBI agent filled out the nomination form in a way exactly opposite from the instructions on the form, a bureaucratic analogy to a surgeon amputating the wrong digit -- human error, yes, but of considerable consequence.
http://arstechnica.com/tech-policy/2014/03/after-seven-years-exactly-one-person-gets-off-the-govt-no-fly-list/
Although, it appears unlikely that the lawyer will be paid, so it seems improbable that any attorney will do this work 'pro bono' again...

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..