Today in Black History: Eli Whitney, wait what the fu

Please help me for a moment.

I’m so sheltered that not only did I not learn that Eli Whitney–this guy:


was Actually Black, I didn’t even know that learning that Eli Whitney Was Actually Black was a thing. But apparently, per Buzzfeed and Slate, there are apparently a whole bunch of people who made it through school (at least until they got to college) believing that Eli Whitney, who, again, looked like this: Continue reading

What a difference a few hours can make

Just around the time I settled down to read the news this morning, the top story was a breaking report about an “active shooter” at Ohio State University. I quickly turned on the television, broke my post-election rule about avoiding cable news, and learned that the situation seemed to be under control and that, while there was still the possibility of other “shooters” at large, police were sounding the all clear. So I turned off the TV and went back to reading.

I just turned the TV on again and, as it turns out, there wasn’t a shooter at all, unless you count the campus police officer who put an end to the attack. Instead, the attacker, a Somali refugee, legal US resident, and (apparent) Ohio State student named Abdul Razak Ali Artan, drove his car onto a campus sidewalk, then got out of his car and began attacking people with a knife before he was shot and killed by the aforementioned campus police officer. This gets said during every shooting and/or terrorist attack, but it bears repeating: initial reporting will often be wrong and sometimes it will be wrong in very substantial ways.

Officials are giving a press conference about the attack as I’m writing this, and they just said that there were 11 people injured in the attack, which is up from the figure of 9 I’ve seen in online reporting. At least one of those injured is reportedly in critical condition.

Given who Artan was and what we’re already learning about him, the assumption will be that this was a terrorist attack, and I guess I’m no longer able to tell the difference between “terrorism” and “violent crime committed by a Muslim,” assuming there still is a difference. In an interview with an Ohio State campus newspaper and in a Facebook post made shortly before today’s attack, Artan expressed fear and frustration about the treatment of Muslims around the world and about his own experiences as a Muslim in America. If he pledged allegiance to ISIS or talked about striking America in vengeance for its policy in the Middle East or something like that, nobody has yet reported it.

Instead, what we know so far is that he was frightened and angry, and if the details were only slightly changed we might be talking about his anger that women wouldn’t date him, or his fear of African-Americans. In that hypothetical scenario, the underlying crime would be exactly the same but the perception of that crime would be totally different. Artan was 18, so maybe if his name were Alan Richard Anderson we’d be looking for family history of violent psychosis or some terrible childhood trauma to explain what caused him to commit this act. Again, the underlying crime would be the same but the perception would be totally different. Does that make any sense? Shouldn’t the criteria for deeming an act “terrorism” be a little more complex than determining the attacker’s religion? Obviously we’re going to learn more about Artan in the coming days and maybe it will turn out that he did have some connection to ISIS (or a similar group) and/or some sort of political motivation for what he did. But until that evidence is found, maybe we shouldn’t jump to call what he did terrorism.


The importance of circumspection

Cybersecurity is, along with many other things, not my forte. So if I get terms wrong here or otherwise screw up, please leave some constructive criticism in the comments.

The story of this weekend was the release of almost 20,000 emails hacked from the Democratic National Committee’s servers by…somebody (we’re getting to that) at some point in the past couple of months, and distributed via WikiLeaks. The emails are very embarrassing, as you’d expect, and in particular appear to confirm the suspicions of Bernie Sanders supporters (and Sanders himself) that the DNC was effectively working on behalf of Hillary Clinton throughout the primary process, when it was supposed to be a neutral party. This is not exactly revelatory, but it’s one thing for a candidate’s partisans to suspect that the party is screwing their candidate over, and quite another for tangible proof of that screwing over to suddenly surface. DNC Chair Debbie Wasserman Schultz has, mercifully, agreed to step down from that job after this week’s convention, something she could have done years ago to the party’s great benefit. The hope is that Sanders supporters will be mollified enough at her departure to put aside their renewed frustration with the primary process and stay in, or come in to, the Clinton camp. We’ll see.

While the Democrats actually are in disarray, the more controversial aspect of this story has to do with the provenance of the DNC hack. Ostensibly the hack was conducted by one person, “Guccifer 2.0.” The problem is that nobody really has any idea who “Guccifer 2.0” is or if he/she even exists. By contrast, the cybersecurity firm CrowdStrike investigated the DNC intrusion a month ago, well before these emails were released, and concluded that they were undertaken by two adversaries, “Cozy Bear” and “Fancy Bear,” that are known to be connected to Russian intelligence agencies. Further research since CrowdStrike announced its findings seems to support the idea that the hackers were Russian, at least to my again admittedly untrained eyes. There are also people who will tell you that WikiLeaks is basically an arm of Russian intelligence itself, though I’m unconvinced of that. The CrowdStrike piece, of whose existence I have to shamefully admit I had no idea until a couple of hours ago, strikes me as the most definitive collection of evidence in support of the new conspiracy du jour, that Russia hacked the DNC and released these emails in order to help Donald Trump, because Vladimir Putin wants Trump to be elected in November.

Talking Points Memo’s Josh Marshall put together probably the most comprehensive collection of the evidence being used to suggest that Trump is working, albeit probably unwittingly, on behalf of Putin’s nefarious schemes for world domination. It’s a compelling collection of what are still largely circumstantial links, but the whole thing takes on a “where there’s smoke” kind of a feel. The upshot is that: Continue reading

Selective focus

If you’ve been watching TV news and/or listening to our political leaders, then you know one thing about Omar Mateen: he was an ISIS terrorist, or an “Islamic radical,” or whatever magic combination of words we’re all supposed to say. But the more we learn about him the clearer it is that his motivations for murdering 49 people at the Pulse nightclub were multiple, and some of them may have been deeply personal. New evidence, which Marcy Wheeler has compiled here, reveals a guy who was, at the very least, fixated on the LGBT community, very possibly because he himself was gay or bisexual and conflicted about it. In addition to scoping out Pulse as a potential target, Mateen reportedly cased out Disney Springs, Disney World’s “downtown” retail center, on a date that coincided with the park’s annual Gay Day celebrations.

Mateen’s jihadi statements are also verging on incoherent. In his 911 calls, where he expressed his allegiance to ISIS, Mateen also spoke admiringly of the Tsarnaev brothers, who were radicalized through al-Qaeda in the Arabian Peninsula, and suicide bomber Moner Mohammad Abusalha, an American who fought in Syria for Jabhat al-Nusra. He also reportedly told co-workers, back when he was “on the FBI’s radar” in 2013, that he was a member of Hezbollah. ISIS and al-Qaeda are similar enough ideologically that even though they are hostile to one another overseas, some dude in Florida might not really care about the distinction, but the fact that he’s variously described himself as being affiliated with both Hezbollah and ISIS suggests that he was a guy who liked to namedrop any Islamic militant group that came to mind. It’s not really indicative of a person who put a lot of deep thought into his commitment to jihadism. This jibes with reports from his relatives to the effect that he was never, in their experience, particularly religious.

More and more this looks like a person who was a violent homophobic killer first and a jihadi fighter second, maybe a distant second. He may have pledged allegiance to ISIS, he may even have had some contact with someone in that organization before he carried out his attack, but there is a lot more to this case than the ISIS connection. We could be talking about homophobia, or we could be talking about how to do a better job of denying firearms to borderline individuals, or how to do a better job of identifying borderline individuals and getting them some help, but instead we’re focused on what may have been the least important part of the story. It makes no sense.


Security theater in action

The terrorist attack on the Zeventem Airport in Brussels yesterday targeted one of the softest spots in the entire transportation system: the security queue at any major airport. Our “shoes off, belt off, take out your laptop, measure your liquids, put your left foot in and shake it all about” security screening process creates another inviting target for anybody looking to get maximum carnage for their effort. Most major airports in the world will let anybody in to the terminal without much or any kind of security check, so there’s nothing really stopping somebody from doing exactly what the attackers did yesterday. In order to prevent terrorists from getting at one target, the plane, we’ve created another one for them: the security line. And this is not the first time a terrorist has taken advantage of easy access to an airport terminal: in 2011, a suicide attack at Moscow’s Domodedovo Airport killed dozens of people in that other great airport bottleneck, the baggage claim area.

In the aftermath of Brussels, and because we always like to Do Something whenever a horrible thing happens that actually catches our attention, there’s now talk of changing airport security procedures to put the security check (or a security check, anyway) outside the terminal:

The relative openness of public airport areas in Western Europe contrasts with some in Africa, the Middle East and Southeast Asia, where travelers’ documents and belongings are checked before they are allowed to enter the airport building.

In Turkey, passengers and bags are screened on entering the terminal and again after check-in. Moscow also checks people at terminal entrances.

“Two terrorists who enter the terminal area with explosive devices, this is undoubtedly a colossal failure,” Pini Schiff, the former security chief at Tel Aviv’s Ben-Gurion Airport and currently the CEO of the Israel Security Association, said in an interview with Israel Radio.

Well, theoretically screening people before they go in would make airport terminals safer. But have you noticed the problem? That Reuters piece goes on to explain it: Continue reading

A very bad precedent

InfoSec is not something I write about very often, mostly because I know where my limits are at any given time, and because it’s not something I write about it’s unfortunately not something I’m able to follow very closely. But today at Lawfare, Nicholas Weaver does an excellent job of explaining why this Apple dust-up over the San Bernardino shooting is so important, even for admitted amateurs like me. I had a hard time understanding why Apple didn’t just give in on this case, that of a known terrorist, but that’s because I had thought the government only wanted access to Syed Rizwan Farook’s phone. That’s simply not true–they want Apple (for starters) to create a way for the government to access virtually anybody’s phone. Here’s Weaver:

When I first read the court order in the San Bernardino case, I thought it was reasonable, as it is both technically plausible and doesn’t substantially impact user security for most people.  Even if Apple’s code escapes it only compromises security for those who have a weak passcode on an older phone which is then captured by an adversary.  As backdoors go, its one that I can (*GASP*) actually live with!

The problem is this is a direct invocation of Benjamin Wittes’s world of government-mandated malicious updates.  The request seems benign but the precedent catastrophic.

The request to Apple is accurately paraphrased as “Create malcode designed to subvert security protections, with additional forensic protections, customized for a particular target’s phone, cryptographically sign that malcode so the target’s phone accepts it as legitimate, and run that customized version through the update mechanism”.  (I speak of malcode in the technical sense of “code designed to subvert a security protection or compromise the device”, not in intent.)

The same logic behind what the FBI seeks could just as easily apply to a mandate forcing Microsoft, Google, Apple, and others to push malicious code to a device through automatic updates when the device isn’t yet in law enforcement’s hand.  So the precedent the FBI seeks doesn’t represent just “create and install malcode for this device in Law Enforcement possession” but rather “create and install malcode for this device”.

It sounds like Weaver started off where I was before I read his piece, wondering what was so bad about a government request to crack into a terrorist’s phone after the fact, when it was already in the FBI’s possession. But the precedent this sets, whether Apple agrees to do it or (worse) the FBI ultimately forces them to comply in court (they’ve already won in federal court but Apple is appealing), is ugly. Does anybody think the government will stop with Farook’s phone? Eventually it’s quite likely that this malcode tool will be used to crack into phones of terrorism suspects, then of suspects in other crimes, and down the line. Foreign governments will undoubtedly make the same request of Apple and other cell phone manufacturers, and even if you trust that the US government won’t use these tools maliciously (which is a leap of faith in itself), you have to think that there are some other governments in the world who will. And speaking of malicious uses, imagine hackers gaining access to these tools.

This is a dangerous case because Apple looks like it’s defending Farook’s right to privacy after Farook perpetrated a terrorist attack on US soil. That means the public and politicians aren’t going to be inclined to sympathize with Apple’s position, even if it is the right one from a civil rights perspective. I have no ability to comment on the technical aspects of this case, but if there’s any way for Apple to give the FBI access to Farook’s phone without creating a tool that could be used against all the rest of us, they should think about doing so.

I need your help to keep this blog going! Please read this and consider contributing something. Also, while you’re out there on the internet tubes, please consider liking this blog’s Facebook page and following me on Twitter! And please share my work with your friends/followers to help me grow the audience around here! Thank you!

Riding the roller coaster

Finally, my life strategy of being too poor to have any investments is paying off.

djia jan15

What’s the problem? Well, lots of things, apparently:

Weak U.S. economic data has not helped matters today. December retail sales dipped 0.1% in December. Manufacturing in the New York region came in much weaker-than-expected in January and industrial production for December also fell short of estimates. The weak data points prompted at least two Wall Street firms to reduce their fourth-quarter GDP growth projections. Barclays now sees growth at 0.4% in the final quarter of 2015 and UBS cut its estimates to 0.8% from 1.2%.

Stifel’s Bannister lays out what’s spooking investors: “What most investors fear is deflation, a fall in the general price level,” he says. “The two greatest catalysts for deflation have been China devaluing its currency and the Fed potentially going too fast hiking rates.”

If there’s good news, he says, it is that those deflation concerns “may dissipate if China continues to move to stabilize their currency as they have done pretty decisively in recent days,” and if the Fed reduces the number of planned interest rate hikes this year. Bannister sees the Fed hiking rates just a half of a percentage point in 2016, and not the full-point it has forecasted. “That would bring the Fed more in-line with market sentiment, which is positive for stocks,” he says.

Oil fell to under $30 a barrel for the second time in a week Friday —  Brent crude was down 3.8% to $29.72 a barrel at around 5.50 a.m. ET. Crude briefly fell to under $30 a barrel on Tuesday for the first time since 2003. U.S.-produced crude was trading down $1.71, or 5.5%, to $29.49.

Wait, didn’t the Fed just raise rates a couple of weeks ago because the economy was All Better now? Way to go, guys!

China’s economic slowdown is mostly to blame, though some analysts are saying that there’s only so far the Chinese economy can fall so the damage should be limited:

In fact, China is further along in that adjustment than is generally known. The conventional thinking is that China’s economy remains dominated by an industrial sector focused on exports. It was a weakening of China’s manufacturing data early this year that largely set many global investors on edge.

But this ignores the relatively strong services sector, which has been the main engine of Chinese growth for the last three years and now accounts for more than half of the country’s economy, said Nicholas Lardy, a China expert at the Peterson Institute for International Economics. China’s opaque economic and political system makes it impossible to know for sure, but Lardy and other analysts are confident that Chinese private spending has continued to rise even as manufacturing has slowed.

“Our picture of China as a big export machine just isn’t accurate,” said Barry Bosworth, an Asia economic expert at the Brookings Institution. “What matters is that China is fundamentally a domestically based economy. It’s a great big domestic economy. And a threat of a collapse is very small. It’s just got too much wealth behind it.”

But that cheap oil isn’t helping either. It might look nice at the gas pump, but $29/barrel oil contributes to downward pressure on prices across the board, which increases the risk of a worldwide deflationary cycle. This is a fear that people were raising last January, when oil was $20/barrel more expensive than it is right now.

Admittedly, the price of oil can’t get much lower (can it?), but the past couple of weeks of declines really are calling the Fed’s decision to raise rates into question.

Hey, thanks for reading! If you come here often, and you like what I do, would you please consider contributing something (sorry, that page is a work in progress) to keeping this place running and me out of debtor’s prison? Also, while you’re out there on the internet tubes, please consider liking this blog’s Facebook page and following me on Twitter! Thank you!