Showing posts with label ambers. Show all posts
Showing posts with label ambers. Show all posts

Sunday, December 13

"The Exceptionally Tough Politics of Cyber Security"

Ambers explores:
Fact: if the NSA were to detect the presence of a malicious worm or destructive virus on a U.S. Internet server targeted at a bank, perhaps stealing money from that bank, it could do nothing but warn the bank. The bank, most likely, does not have the capacity to deal with the worm itself; the NSA does not have the legal authority to employ methods to screen out the bad code, even though it has the technological capability. You can employ any type of thought of experiment you want here. Entities like utility companies and banks often rely on overtaxed communications networks to assess their performance; those communications networks are extraordinarily vulnerable because they rely on vulnerable machines -- machines that are old and were built with technology that, in many instances, originated elsewhere. The backbone of the Internet itself is very fragile; the VeriSign corporation, which essentially runs the Net, deals with thousands of attacks per day, some of them harmless, some of them dangerous, some of them from state actors (like China), others from well-funded and savvy techno-terrorists.

This is a tech problem and a law problem. Congress is trying to come up with ways to designate certain types of corporations that are responsible for large segments of some major activity -- power generation, money transferring, information sharing -- as, essentially, too big to fail -- or be shut down -- by cyber intruders. The idea, in essence, would be to require these entities to submit to a cyber audit. In the event of a major attack, the government (actually, the Department of Homeland Security, using NSA technology) would have the authority to quarantine the problem until it was removed. As you might imagine, this approach raises hackles with a lot of people. The corporations resist the idea of government intrusion. Their CFOs don't see the risk, so they're not interested in spending money to preemptively solve the problem. Civil libertarians properly ask about oversight; who's going to watch the watchers? Technologists wonder whether there aren't other ways to protect the nation's information grid from systemic threats.
(cont.)

Thursday, May 14

The Iraq-torture connection

TPM floats what Ben Smith calls a "grand unified Iraq-torture theory":
[..] you have a flurry of claims that a key motive behind the push to torture was to elicit 'confessions' about an alliance between Saddam Hussein and al Qaida, which was of course the key predicate for the invasion of Iraq. That again has to create much more pressure to clarify what happened. The basis of most of the anti-torture push has been the assumption that torture was used for the purpose of eliciting information about future terrorist attacks. Whether it was illegal, wrong-headed, misguided, immoral -- whatever -- most have been willing to at least give the benefit of the doubt that that was the goal. If the driving force was to gin up new bogus intel about the fabled Iraq-al Qaida link, politically it will put the whole story in a very different light. And rightly so.
It's a serious charge, and the publicly available evidence is far from conclusive. But that's exactly why there should be an investigation or truth commission. We need facts, not partisan posturing over scraps of information that may or may not have been released.

Happily, Ambers lists ten reasons why a torture probe is more likely.