Category: Humanity

Why I don’t Eat Beef

Those of you who know me well know that I don’t serve beef at home and do my best to avoid it on the road.  I don’t normally talk about why; most people assume it’s for religious reasons, because I also avoid pork.  But it’s not for religious reasons, nor is it for health reasons.  It’s for the environment.

Back in 1999 the Union of Concerned Scientists came out with a book entitled The Consumer’s Guide to Effective Environmental Choices.  This was based on a report that was roughly entitled, “Paper or Plastic: Who Cares?”  The number 1 thing that UCS said that one could do for the environment was to drive less and buy an efficient car.  The number 2 thing one could do was to eat less meat, and most specifically beef. Well now CNN has an article about just this.  Borrowing a graph:

Carbon footprint of beef

In that article, the author calculates that eating 1.27 lb of beef has the same carbon footprint as a 70 mile drive in a car that gets 21 mpg.  In other words, that number goes up with a more efficient vehicle. He argues that to help arrest the rate of global warming we need to eat less meat.

Even back in 1996, when the first UCS report came out, the one thing I could do for the environment was eat less beef. (I’ve since curtailed my driving, and Christine and I have reduced to 1 vehicle.)  The bad news is that lamb is probably just about as bad (wah!) and I will probably reduce but not eliminate my lamb consumption.

The above graph only looks at carbon footprint, and probably not all of it.  1 lb of beef requires about 1,800 gallons of water.  When I lived in California, this number seemed unsustainably large, even while we were being hit with El Niño after El Niño.  In addition, cattle also cause grazing damage, although it may be possible to mitigate those effects.

Pigs are a different matter.  I stopped eating pork products when several Colorado counties became awash in pig effluvia.  It wasn’t scientific, but I figured I could do my part by simply reducing demand for the animal.

I’ve refrained from writing this sort of article.  This was a personal choice I made, and I really didn’t push it on anyone.  I’m doing so now – just this once – for my daughter, so that she and her generation have just a little less damage from our generation to repair.

Closing the Cultural Chasm on Crypto

MercutioI like to say that engineers make lousy politicians and politicians make lousy engineers.  When we each try to do the other one’s job, it’s time to admit that we have a problem.

Even before the Paris attacks, the British Prime Minister David Cameron was already reacting to Apple and Google refusing to hold in escrow encryption keys necessary to decrypt data on their devices.  In the wake of those attacks, the UK, the FBI and CIA directors have increased the drum beating.  At the same time, some members of the technical community have come to conclude that the sun shines out of the posterior of Edward Snowden, and that all government requirements are illegitimate.  This came to a remarkable climax in July when Snowden appeared at an unofficial event at the  Internet Engineering Task Force  (IETF) meeting in Prague.

A lot of the current heat being generated is over the notion of key escrow, where someone holds encryption keys such that private communications can be accessed under some circumstances, such as life or death situations or when a crime has been committed.

Now is the perfect time for both sides to take a deep breath, and to take stock of the current situation.

1. We cannot say whether any sort of encryption rules would have prevented the Paris attacks.

There are conflicting reports about whether or not the terrorists used encryption.  What might have been is impossible to know, especially when we do not intimately know the decision makers, at least some of whom are now dead.  We do know that Osama bin Laden refused to use a cell phone long before any of the Snowden revelations were made.  He knew that he was being watched, and he knew that he had a technical disadvantage as compared to the U.S. eyes in the sky.  It is a sure bet that even if these attackers didn’t use encryption, some attackers in the future will.

On the other hand, we also know that people tend to not secure their communications, even when the ability to do so is freely available.  As a case and point, even though it has been perfectly possible to encrypt voice and email communications for decades, both continue to this day, and have been instrumental in unraveling the Petrobras scandal that rattled the Brazilian government.

2.  Encryption is hard.

We’ve been trying to get encryption right for many decades, and still the best we can say is that we have confidence that for a time, the best encryption approaches are likely to be secure from casual attacks, and that is only when those approaches are flawlessly implemented.  A corollary to this point is that almost all software and hardware programs have vulnerabilities.  The probability of discovery of a vulnerability in any deployed encryption system approaches 100% over time.  Knowing this, one test policy makers can apply regarding key escrow is whether they themselves would be comfortable with the inevitability that their most private personal communications being made public, or whether they would be comfortable knowing that some of their peers at some point in the future will be blackmailed to keep their communications private.

To make matters worse, once a technology is deployed, it may be out there for a very long time.  Windows 95 is still out there, lurking in the corners of the network.  It’s important to recognize  that any risk that legislation introduces may well outlast the policy makers who wrote the rules.  Because we are dealing with the core of Internet security, a “go slow and get it right” approach will be critical.

3.  There are different forms of encryption, and some are easier to “back door” than others.

When we speak of encryption let us talk of two different forms: encryption of data in flight, such as when a web server sends you information or when you and your friends communicate on Skype, and encryption of data at rest, such as the files you save on your disk, or the information stored in your smart phone or tablet.  Many enterprises implement key escrow mechanisms today for data at rest.

Escrowing keys of data in flight introduces substantial risks.  Each communication uses session keys that exist for very short periods of time, perhaps seconds, and then are forgotten or destroyed.  Unlike data at rest, escrowing of keys for encryption of data in flight has not been done at scale, and has barely been done at all.  To retain such keys or any means to regenerate them would risk allowing anyone – bad or good – to reconstruct communications.

4.  Engineers and scientists are both advisers and citizens.  Policy makers represent the People.

It has been perfectly possible for Russia and the United States to destroy the world several times over, and yet to date policy makers have stopped that from happening.  Because something is possible doesn’t necessarily mean it is something we do.  Even for data at rest, any time a private key is required anywhere in the system it becomes a focal point for attack.  But new functionality often introduces fragility.  The question of whether it is worth fragility is inherently political and not technical.

The technical community that consists of scientists and engineers serve a dual role when it comes to deciding on the use of technology for a given purpose.  First, they can advise policy makers as to the limits and tradeoffs of various technology.  Members of the technical community are also citizens who have political views, just like other citizens.  It’s important for that they make clear which voice they are speaking with.

Screen Shot 2015-11-19 at 2.47.37 PMRFC 1984 famously makes the point that there is an inherent challenge with key escrow, that if one country mandates it, then other countries can also mandate it; and that there will be conflicts as to who should hold the keys and when they should be released.  Those questions are important, and they are inherently political as well.  To the left is a Venn diagram of just a handful of countries- the United States, Iran, China, and France.  Imagine what that diagram would look like with 192 countries.

Professor Lawrence Lessig famously wrote that code (as in computer code) is law.  While it is true in a natural sense that those who develop the tools we use can limit their use by their design, it is also the case that, to the extent possible, in a democratic society, it is the People who have the last word on what is law.  Who else should get to decide, for instance, how members of society behave and how that behavior should be monitored and enforced?  Who should get to decide on the value of privacy versus the need to detect bad behavior?  In a democracy the People or their elected representatives make those sorts of decisions.

5.  Perfect isn’t the goal.

Any discussion of security by its very nature involves risk assessment.  How much a person spends on a door lock very much depends on the value of the goods behind the door and the perceived likelihood of attacker trying to open that door.

Some people in the technical community have made the argument that because bad guys can re-encrypt, no escrow solution is appropriate.  But that negates the entire notion of a risk assessment.  I suspect that many law enforcement officials would be quite happy with an approach that worked even half the time.  But if a solution only works half the time, is it worth the risk that is introduced by new components in the system that include new central stores for many millions of keys?  That is a risk assessment that needs to be considered by policy makers.

6.  No one is perfectly good nor perfectly evil.

By highlighting weaknesses in the Internet architecture, Edward Snowden showed theEdward Snowden technical community that we had not properly designed our systems to withstand pervasive surveillance.  Whether we choose to design such a system is up to us.  The IETF is attempting to do so, and there is good reason for that logic: even if you believe that the NSA is full of good people, if the NSA can read your communications, then others can do it as well, and may be doing so right now.  And some of those others are not likely to fit anyone’s definition of “good”.

On the other hand, while it is beyond an open secret that A fallen angelgovernments spy on one another, Snowden’s release of information that demonstrated that we were successfully spying on specific governments did nothing more than embarrass those governments and harm U.S. relations with their leaders.  Also, that the NSA’s capability was made public could have contributed to convincing ISIS to take stronger measures, but as I mentioned above, we will never know.

So What Is To Be Done?

History tells us that policy made in a crisis is bad.  The Patriot Act is a good example of this.  So too was the internment of millions of Americans of Japanese descent in World War II.  The birth of the Cold War gave birth of a new concept: McCarthyism.

And so my first bit of advice is this: let’s consult and not confront one another as we try to find solutions that serve the interests of justice and yet provide confidence in the use of the Internet.  Policy makers should consult the technical community and the technical community should provide clear technical advice in return.

Second, let’s acknowledge each others’ expertise: people in law enforcement understand criminology.  The technical community understands what is both possible and practicable  to implement, and what is not.  Policy makers should take all of this into account as they  work with each of these communities and their constituents to find the right balance of interests.

Third, let’s recognize that this is going to take a while.  When someone asserts that something is impossible or impracticable, we are left with research questions.  Let’s answer them.  Let’s be in it for the long haul and invest in research that tests what is possible and what is not.  While not ultimate proof, researching various approaches will expose their strengths and weaknesses.  Ultimate proof comes in the form of experience, or as my friends in the IETF like to say, running code.  Even if we get beyond the technical issues involved with escrow, policy makers will have to answer the question as to who gets to hold the keys such that people can be reasonably assured that they’re only being released in very limited circumstances.  That’s likely to be a challenging problem in and of itself.

Fourth, the law of unintended consequences applies.  Suppose policy makers find common cause with a specific group of countries.  The other countries are still going to want a solution.  How will businesses cater to one group of countries but not another?  Policy makers need to be aware that any sort of key escrow system may put businesses in an impossible situation.

Finally I would be remiss if I didn’t make clear that everyone has a stake in this game.  Citizens are worried about privacy; governments are worried about security; industry is concerned about delivering products to market in a timely fashion that help the Internet grow and thrive.  Bad guys also have interests.  Sometimes we end up assisting them when we strike balances.  What is important is that we do this consciously, and that when necessary, we correct that balance.

Senators’ letter to Iran was reckless, but probably not illegal

The senator’s letter to Iran probably wasn’t illegal, but it was foolish.

Tom CottonA lot of buzz went on in the past week over a letter that Senator Tom Cotton of Arkansas wrote and 46 Republican senators signed.  Some have called the letter a violation of the Logan Act.   There are essentially three questions to ask:

  1. Did the Senators violate the Logan Act?
  2. Did they violate their oath to the Constitution?
  3. Was their letter a good idea?

CNN’s Jeremy Diamond has provided an excellent analysis of whether the Logan Act was violated.  In a nutshell, senators receive the same protection from the 1st Amendment of the Constitution that the rest of of receive.  As an inherently political act, the letter would receive the highest level of protection from any court.  CNN points out that in the over 200 years the Logan Act has existed there has been a grand total of one indictment and no actual prosecutions.  In short the the Logan Act is a paper tiger, and rightfully so.

The Act itself reads as follows:

Any citizen of the United States, wherever he may be, who, without authority of the United States, directly or indirectly commences or carries on any correspondence or intercourse with any foreign government or any officer or agent thereof, with intent to influence the measures or conduct of any foreign government or of any officer or agent thereof, in relation to any disputes or controversies with the United States, or to defeat the measures of the United States, shall be fined under this title or imprisoned not more than three years, or both.

One gets the feel that when President John Adams affixed his signature he was thinking in the same way that led him to believe that the title of the head of the new republic should be king and not president.  People every day talk with representatives of foreign governments, to provide them their perspectives.  Indeed successive administrations, including this one, have encouraged those dialogs, because they advance American values.

Some might argue that the senators who signed the letter had in some way violated their oath to uphold the Constitution, as if somehow they did that by conducting foreign policy.  The Constitution itself is mostly quiet about that.  Article II Section 6 does state that it is the job of the president to conclude treaties with other nations, on the advice and consent of other countries.  But it doesn’t say that others in government can’t speak to other governments.

And so we are left with the question as to whether it was a good idea to send any such letter to Ayatollah Khamenei.  Here the senators erred in two ways.  First, the Cotton letter itself advises the Iranians that any deal President Obama makes on nuclear development with the Ayatollah could be overturned with the stroke of a pen of the next president, because it doesn’t have the force of a treaty.  As it happens, most treaties can be abrogated with the same stroke of a pen by a future president, and so their argument that such an agreement should be brought before the Senate is largely moot.

But beyond that and more importantly, the senators have failed to understand it will not be the United states that enforces of any agreement in economic terms, but rather a coalition of countries, largely in Europe, who will decide to either buy Iran’s oil or not.  The fact is that oil is a commodity, and it will be sold at market prices, and Iran doesn’t care where the money comes from, so long as it comes.  Thus whether the next president backs out of an agreement with Iran matters only in as much as the Europeans also back out of the deal.  They will not tolerate intransigence or extremism, either by Iran or the United States, either in advance of an agreement or later.  If they believe that negotiations have been scuttled for other than security reasons, they may either make a separate deal on nuclear development with Iran, or simply let the sanctions they have in place lapse.  If they believe a president has backed out of an agreement other than for cause, the Europeans will not follow suit.

In addition, it would send a horrible message to the rest of the world if the next president did back out of an agreement without strong justification, because it would it would call into question the word of every succeeding U.S. president.  That’s very bad for America.

Therefore we have to ask why the senators sent the letter in the first place.  The only convenient answer is that all politics is local, and that they wanted to show that they were “tough”.  Certainly that is the image that Senator Cotton likes to project, and it certainly plays well with some parts of the population.  But that doesn’t make the letter the smart thing to have done from a diplomatic perspective.  We are at this point with a relatively moderate President Rouhani at the table because of effective economic – not military – measures.  Certainly we have to be wary of future versions of Mahmoud Ahmadinejad, but we should also be aware that much of the distrust between countries can give way to better understanding and an end to hostile behavior only when each nation recognizes that the other is not filled with crazy people.

No pardons for torture

The President can’t pardon people who don’t seek forgiveness. And he can’t forgive as he was not the aggrieved.

Yesterday the U.S. Senate released the long-awaited report on CIA torture.  In an OpEd in the  New York Times, Anthony Romero, the president of the American Civil Liberties Union, stated that he thought the people involved all the way up to the President should be pardoned.  Romero’s logic was that only a crime could be pardoned, and therefore by pardoning these people the President would be a acknowledging that crimes had occurred.

Were only that easy.

Today, CNN reported that in response to that release, former VP Cheney said that he would do it all again and that report itself was deeply flawed.   In that same response he indicated that he hadn’t actually read the report.  Where I come from, before one can be forgiven, one must first seek forgiveness.   Those who tortured but do not see the error of their ways must learn that a civilized society rejects them and their ways.  The best way to convince them and others that we think torture is wrong is to hold those who are responsible accountable in a court of law.   Mr. Cheney may never have been in the chain of command.  What we see from him is simple puffery, an attempt to grab the microphone once again.  His actions are those of a chicken hawk.

Some of the people who committed torture do in fact regret their actions, as was all too clear in an editorial in yesterday’s New York Times from former intelligence officer Eric Fair.  Mr. Fair freely admits that he tortured.   However, he did so under the color of authority of the United States.  It is therefore not appropriate for the President to pardon him, either; because neither the President nor the people of the United States are the aggrieved.  Rather, it is for the President to apologize to the victims on behalf of the United States in whose name these acts were committed, and for the Attorney General to prosecute.  Once that has happened, and if the victims wish it, then and only then should he consider pardons.  I would go so far as to add that Mr. Fair is also an aggrieved party, as he has scarred himself through this experience.  Maybe the next person called upon to torture will learn how to say “no”.  Maybe the Senate report will help us understand what happened, so that it does not happen again.  It happened on our watch.