Alkahest my heroes have always died at the end

August 27, 2009

So, this is important

Filed under: Security,Social,Technical — cec @ 11:14 pm

I’m not a big baseball fan.  For that matter, there are few ball sports that interest me.  But, this is important.  If you recall, a few years ago (2004), there was a big furor over steroids in baseball.  The government searched BALCO and found evidence of rampant steroid use by baseball players.  Now I hadn’t been paying attention to this, but there has been an ongoing legal dispute over that search and how it was conducted.

Yesterday, the 9th Circuit Court of Appeals issued a 9-2 decision that restores a great portion of the 4th Amendment’s right to protection against unreasonable search and seizure in an electronic context.

Caveat lector, I am not a lawyer and I’ve never played one on TV.  Moreover, I haven’t finished reading the dissenting opinions and I’m almost certainly missing some of the nuances here.  In a nutshell, the government had evidence, sufficient to obtain a warrant, against 10 players.  Based on this evidence and the warrant, the prosecutors were able to search BALCO for information about those 10 players.  BALCO maintains all records on their computers, of course.

Now, I’ve had experience with these types of searches.  The government never takes what’s just in their warrant.  The defined search *process* always allows them to take the whole computer or the whole hard drive, or more often than not, an image of the whole hard drive.  The reasoning is that information pertaining to the search could be hidden, or their could be some form of booby trap or the data could be encrypted or …

So, the prosecutor in the steroids case took the whole directory in which there was a file containing drug tests of MLB players.  The file itself contained information about far more than the 10 players named in the warrant.  So, rather than taking the 10 rows of the spreadsheet, rather than taking just the one file, the prosecutor took a directory containing the results of thousands of drug tests.

The prosecutor then (as I understand it) went jurisdiction shopping until he found a judge willing to grant a new warrant for information about 104 players, based on the information found in the spreadsheet.  The argument being that once they had access to the spreadsheet, or the directory, or even the computer, the additional information was in plain sight.  Several judges believed that the prosecutor intentionally wrote the process for executing the search warrant in such a way that he could *expand* the scope of the investigation by introducing evidence based on this plain sight doctrine in order to find new players to prosecute.

What’s interesting is that this seems fairly normal to many of us.  Of course the prosecutor will search your whole hard drive, of course they will bring new charges, etc.  The problem is that a) BALCO itself was not the subject of the prosecution, and b) this IS NOT the way things work in the tangible world.  Prosecutors are exploiting the new(ish) electronic domain to gain access to information they wouldn’t have if files were stored on paper.

Apparently (I need to look into this), the relevant doctrine in the physical world is the United States vs Tamura, 1982.  In this case, the object of a search was stored in a file cabinet.  It was not feasible to search that file cabinet in the office, so the prosecutors obtained access to it, with the requirement that they only pull information relevant to their warrant – even if they stumbled across additional criminal information.

The majority in the 9th Circuit decision believe that a sensible application of Tamura to an electronic domain means that information/documents stored in proximity to the information sought in the warrant is *not* in plain view.  And they are correct.  If information in adjacent files in a file cabinet are not in plain view, then neither is information stored electronically in adjacent files, folders or computers.

Explicitly, the justices stated:

In general, we adopt Tamura’s solution to the problem of necessary over-seizing of evidence: When the government wishes to obtain a warrant to examine a computer hard drive or electronic storage medium in searching for certain incriminating files, or when a search for evidence could result in the seizure of a computer, see, e.g., United States v. Giberson, 527 F.3d 882 (9th Cir. 2008), magistrate judges must be vigilant in observing the guidance we have set out throughout our opinion, which can be summed up as follows:

1. Magistrates should insist that the government waive reliance upon the plain view doctrine in digital evidence cases. See p. 11876 supra.

2. Segregation and redaction must be either done by specialized personnel or an independent third party. See pp. 11880-81 supra. If the segregation is to be done by government computer personnel, it must agree in the warrant application that the computer personnel will not disclose to the investigators any information other than that which is the target of the warrant.

3. Warrants and subpoenas must disclose the actual risks of destruction of information as well as prior efforts to seize that information in other judicial fora. See pp. 11877-78, 11886-87 supra.

4. The government’s search protocol must be designed to uncover only the information for which it has probable cause, and only that information may be examined by the case agents. See pp. 11878, 11880-81 supra.

5. The government must destroy or, if the recipient may lawfully possess it, return non-responsive data, keeping the issuing magistrate informed about when it has done so and what it has kept. See p. 11881-82 supra.

As someone who has participated in prosecutorial searches, these strike me as eminently sensible guidelines.  The first states that there’s no such thing as plain view in computer cases – each piece of information is in its own separate space.  To consider otherwise is to allow every piece of electronic equipment in the world to be searched since they are all connected via the Internet.  The second states that the prosecutor shouldn’t be the one doing the search, b/c the searching personnel *will* wind up seeing information that isn’t related to the warrant.  The problem is that since nothing is in plain view (can you tell what does a hard drive contain by looking at the physical device?), an in-depth search is required to fulfill the warrant, but that search will violate the terms of the warrant if all of the information is shared with the prosecutor.  The third states that prosecutors can’t *overestimate* the risk of booby traps, deadfalls, etc. that would destroy data.  There was no reason to think there were such in the BALCO computers and therefore, a full copy of their hard drives was not required.  The fourth is pretty plain – the process/protocol must be restricted to what the government is allowed to find.  And the fifth says that the prosecutor can’t keep things that it found that it wasn’t supposed to have.

All in all, a very reasonable balance of 4th Amendment rights in a digital context – no matter what Orin Kerr might say. Good news on the electronic privacy front… for once.

August 26, 2009

DDoS-ing good policy

Filed under: Political,Social,Technical — cec @ 10:08 pm

In computer security, one of the most difficult and annoying problems is the distributed denial of service attack (DDoS).  The idea behind a DDoS attack is straight forward: the attacker tries to prevent legitimate use of the service by using a large number of other computers.  Usually these other computers have been compromised (hacked) and are following the commands of the attacker.  Such computers are usually called “zombies.”

There are a number of ways to conduct a DDoS attack, but they are typically variations on the following theme.  The attacker instructs the zombies to request access to the service.  But the zombies have no intention of actually using the service, instead, they often forge network traffic so that it’s impossible to tell who is making the request.  Because the zombies don’t want to use the service, they can make thousands of requests without slowing down.  The poor computer hosting the service then sees tens of thousands of requests for access, tries to fulfill the requests and eventually becomes overloaded and dies.  The zombies win.

What makes the DDoS attack so difficult to defend against is that each and every request coming in, looks like a legitimate request.  The problems are: a) the core of the request is a lie (at the direction of the attacker, the zombie has forged the network traffic), and b) the sheer quantity of bogus requests – one or two could be handled easily, 10s of thousands not so much.

Unfortunately, we’re seeing the exact same thing when it comes to creating good policies in the U.S.: a distributed denial of service attack.

The creation of good policies requires discussion.  Ideally, arguments will be presented, the merits debated and evaluated with respect to a set of shared norms, and these discussions will shape the eventually enacted policy.  But on every important issue, this is not occurring.  Instead, we have a group of reactionaries (they’ll call themselves conservatives) who try to prevent the important discussions from ever occurring. Take two issues, global warming and health insurance.

On global warming, we could have a fairly important discussion about the expected costs of global warming, the probabilities of certain events occurring, the expected costs of limiting CO2 in order to limit the effects.  We could discuss the moral issues involved, from the increased rates of disease due to higher temperatures, the possibility of spending more money now on certain social problems, and the moral worth of species that will go extinct because of a changing climate.  There are even scientific questions that remain unresolved.  But instead of having any of those discussions, conservatives persist in lying.  Those lies are then redistributed on Fox News and in conservative publications.  The purpose of the lies isn’t to have a real discussion with respect to a valid scientific point.  The purpose is to attack the very idea that there can be a discussion.  The purpose is to make people believe that instead of global warming being a policy issue, it’s a political one.

A year ago, I was at a family reunion and sat down with my father and uncle who hold advanced degrees in physical sciences (masters and phd respectively).  The topic came around to global warming – perhaps one of them made a derisive comment about it, I don’t recall.  The next thing I knew, these two very intelligent men turned into DDoS zombies.  They brought up a number of talking points that they had heard, but hadn’t actually verified:

  • “Ice cores have shown that temperature rises before CO2 levels.” Historically true, but completely irrelevant.  We know of the causal reason that an increase in CO2 will increase temperature.  A doubling of CO2 will raise the temperature by roughly 3 degrees Celsius.  However, no one has said that the only reason that the temperature can rise is due to CO2 – there are certainly other reasons.  Why temperature rose in those cases is a legitimate scientific question, but rather than discussing that issue, the right uses a misinterpretation of the idea to attack the possibility of global warming.
  • “CO2 only contributes 3% of the effects of greenhouse gases.” Alternatively, you’ll hear that water vapor is 97% or 98% of the total effect.  Nope.  This is a pure, flat out lie.  I spent a few hours trying to track down the source.  It turns out that it’s not a scientific result.  3% never appeared in a peer-reviewed paper.  Instead, someone reviewing one of the IPCC reports decided that the report said 3% (it didn’t) and ever since, right-wing news has thrown around that number to dispute the very possibility that rising levels of CO2 could contribute to global warming.

There were a few other talking points they had and there are dozens more to be found online.  My favorites often come from a site called Watt’s Up With That.  Favorites because they completely demonstrate that people are *actively* constructing lies to deceive the public on global warming.  You read a post there and you go to the original sources that they cite and sure enough, they’ve either taken it out of context or they’ll take the worse of all possible predictions.  My favorite is when the push what amount to linear rather than the actual (exponential) projections of climate change and then argue that because the actual temperatures don’t fall into their bogus projections, climate change is false.

The point is that none of those talking points are serious attempts to debate the science.  They are merely an attempt to overwhelm the dialog with incorrect information in order to delay or kill good policy.  Hell, they aren’t even arguments, at best they are arglets. Fragments of an argument with no real merit.

The arglets against health care reform are even worse.  A handful of people literally make things up and rather than having a discussion about the very real ways our health care system is falling apart, the news media (Fox and others) goes off on these tangents for days.  Consider:

  • “death panels” What a load of crap.  There’s no such thing in the health care bill.  Which is of course, not to say that these things don’t exist.  Every insurance company has a death panel.  Or more accurately, insurance companies consider the amount of rescission activity when evaluating employees, i.e., you’ve paid your premiums for years and when you try to use the policy and the company drops your coverage.
  • “in <scary socialist country of your choice> people have to wait <some large number> weeks for <some medical procedure>.” We hear that one a lot.  Usually, the country is England or Canada, the time is 6+ weeks and it’s a hip replacement.  Of course, this arglet is also untrue, but is interesting in being untrue on multiple levels.  First of course, is the basic lie – delays for surgery. A small nugget of truth – this was a small problem pre-2000, before the British started increasing the amount of money for the NHS.  Then the larger lie – the implication that it’s better here in the U.S. under your insurance.  Then finally, the mother of all lies – that anyone’s even proposing a single payer system like the NHS anyway.  “Oh my god, some other system that no one here is seriously considering has wait times that are as bad as some of ours with insurance, but not nearly as bad as if you have no insurance and have to wait until you’re on medicare to obtain the surgery.”  To borrow a line from a glibertarian idiot – give me a break.
  • Perhaps my favorite recent arglet: “Stephen Hawking never would have survived to be a brilliant physicist under the British system.” Given that he is a British citizen and has always received his health care via the NHS, this is completely crazy, literally divorced from reality, batshit insane.

I could go on and on.  For any topic you can name, there are people promoting lies in order to prevent good policies from being enacted.

Now here’s the part where I tell you the good news based on my DDoS analogy.  Tough – there isn’t any.  There are a few approaches to dealing with a computer DDoS:

  1. Ignore it.  Build capacity so that all requests, legitimate and bogus can be serviced.  This is unlikely to work.  The media has a short attention span, hell they’ve got ADHD.  While the majority of arglets are debunked within minutes of their creation, they continue to live on in the right-wing zombies and the media is incapable of ignoring that.
  2. Identify the source of the arglets and take ’em out.  In computer terms, this often means tracking down the source of the DDoS commands and arresting them.  For dialog, this means identifying the source of the arglets and ignoring them and their zombies.  But then we’re back to solution 1 and the media’s inability to call bullshit.
  3. Ensure that all potential zombie computers are patched, i.e, ensure that potential zombies are innoculated/education against the lies.  Unfortunately, this doesn’t work in a computer context – too many lazy people with computers that they don’t want to take care of.  And it’s unlikely to work in a political context – too many lazy people who can’t be bothered to conduct basic fact check (or even sanity checking) before propagating a lie.

In short, there’s no way for the current political process to work properly while the right wing and various corporate interests are conducting a denial of service attack.  Unfortunately, the only real solution is to circumvent the dialog and pass good legislation regardless of what’s in the press.  For 16+ years, Bill Kristol has advised the right to prevent such a thing.  “Don’t allow good legislation on health care.”  People would like good legislation and would realize that the republicans were a bunch of lying con men who wanted to shovel government money (aka public funds,  aka your money and mine) to corporate interests.  The republicans have gotten good at this and now the only way to pass decent legislation is to ignore them, which is easier and easier given that they’ve flat out stated that they won’t vote for their own compromises.  Screw ’em.  Health care is too important.  Pass it, pass it now.  If you won’t support a single payer option, then at least give people the choice of a public option that’ll be better, cheaper and more efficient than what we’ve got now.

just saying. . .

Filed under: Personal — cec @ 9:35 pm

if i ever do get around to filking the Pilgrim’s Progress, there’s a good chance it’ll feature a “Slough of Sake” and a “Carnival of Sangria.”

Ted Kennedy

Filed under: Political — cec @ 6:11 pm

🙁

also, I’m glad I’m not the only one who went there

August 17, 2009

Garden produce

Filed under: Cooking,Personal — cec @ 5:23 pm

I’ve mentioned before that this is the first year that we’ve had a garden, and it’s been going great.  In the early spring we had lots of spinach, arugula, turnips, lettuce, etc.  Now that we’re in the summer, it’s time for a whole new type of produce.  Last night, I went out to the garden and picked a bunch of tomatoes (yes, I prefer the cherry tomatoes), banana peppers and green beans.  Later this week, I’ll pick some of the eggplant and we’ll do eggplant croquettes.  Hopefully, we’ll also get some regular peppers, zucchini and maybe even a small watermelon or two.

The best part for me has been that we’ve gotten a good amount of produce with a fairly minimal amount of work.  I planted densely, but in raised beds.  I haven’t weeded and the whole thing looks like an overgrown mess, but it produces quite a bit:

dsc_7193_m

August 10, 2009

The universe hates me, part 37

Filed under: Personal — cec @ 4:47 pm

or Adventures in Home Repair;

or How I Spent My Sunday.

For reasons best left unspecified, I found myself in need of a new exterior door – a replacement for the one that keeps my utility room from being a part of the outdoors.  Last weekend, I went out to the local home improvement store and after spending two hours, I realized that I couldn’t simply replace the door, but instead, had to replace the entire door, prehung in its frame.

So, I bought the door-in-frame, hauled it out to my car only to realize that I had forgotten a certain problem of logistics.  While a door slab will fit in my hatchback, a whole door in its frame, most certainly will not.  So, I haul the frame back into the Lowes and ask if they can hold it for me.  Nope.  Well, not currently.  If I *returned* the frame and then re-purchased it, *then* they could hold it.  Fine.  Done.

Fast-forward to yesterday.  I borrow a neighbor’s truck (noon) and make the 10+ mile drive back out to the Lowes.  Pick up the door, drive back, unload and return the truck (1pm).  I start removing the old door, pulling out the frame and leaving it as a rough cutout (2:30pm).  Took a break to avoid completely dehydrating and got back to work (3pm).  At this point, I realized that because of the thickness of the logs (or in the utility room, the log siding), the last door had actually been installed 2″ out of the rough and was actually sitting on the porch.  Unfortunately, that means that there was actually extra header between the frame and the rough since the porch sits an inch lower than the subfloor.  To fix that, I nailed down some extra board so the door would sit on the subfloor and be flush with the interior walls.  Next step – find my caulk.  Oops – none in the house.  Run up to the nearest hardware store, about 8 miles, and buy some caulk (4:00pm).

Caulked the rough and set the door up.  Unfortunately, the door installation instructions were a little opaque and I couldn’t figure out where to go next.  Everytime I opened the door or even stopped holding it, the door would start falling.  Google to the rescue!  Following the online instructions, I shimmed the door into place, leveled it and got everything nailed into place (5pm).  Grab the old deadbolt and doorknob and installed them (5:30pm) and, with K’s help, cleaned up – 5:50pm.

All in all, a perfectly terrible way to spend a Sunday.  And I still need to finish insulating the door, staining it and putting the moulding back together.  Whee!

Powered by WordPress