Pick Up The Damn Phone

I just got off the phone to my Congresscritturs:  Elizabeth Warren, Ed Markey, and Joe Kennedy.  I spoke to aides at each place, thanking Senator Warren for her support for the Iran deal, and urging in the strongest possible terms that Senator Markey and Rep. Kennedy pull their fingers out and do the same.

The bad guys are hitting the airwaves, the junkets, the phones hard on this one.  President Obama got this one right: the anti-deal folks include all those who screwed up the Iraq call.  We shouldn’t — we must not — let the nation listen to them again.

To that end: aeons ago I did a summer’s worth of answering the phone on Capitol Hill for a congressman.  I’ve asked, and what was true then is still true: phone calls make a difference to these people — and you’d be surprised how few calls can make a difference.

So get on the phone.  Call your representatives.

House of Representatives numbers.

Senate numbers.

Thank your peeps if they’ve already got this one right:  affirmation matters a lot to them.  If they are still thinking, urge them POLITELY to come out in favor of the deal.  Tell them how disappointed you are, how angry, how motivated for change you have become if they tell you that they’re going to try to block the deal.  (Again — do so politely, but firmly.  That’s vastly more scary to them than bluster.)

If you want a great quick review of the arguments for the deal, there’s no better place to start that James Fallows. This post and this one will put you ahead of the entire neo-con policy apparat.*

In any event.  Call. Call now. Get your friends to get on the horn. It matters.

*This one opens with a longer list of Fallows’ arguments for the deal in the context of an opponents view.  The asymmetry of intellectual power will, I think, speak for itself.

Image:  attibuted to Joseph Hauber, Unsterblichkeit – Falter, Knollenblätterpilz und Schlange,** before 1834.

**translation help, anyone?

 

Great Satan And Islamofascist Central Agree!

Nuclear talks with Iran produce a preliminary agreement.

Statement glossed here.

Obama to speak on the accord at 2:15

In the meantime, here’s the debate prompt:

Worst deal since Munich or worst deal ever?

Image: Jan Fyt, Mushrooms, first half of the 17th century.

Sunday Post on Crypto, Trust, and Political Action on the Web — Outsourced to David P. Reed

I’m a lurker (mostly) on a listserv for MIT’s Center for Future Civic Media (C4), which pops up some fascinating discussions about news, social networking, and political life on and through the web.

Recently, there was a flurry of posts on the announcement from the Haystack that work on the system designed to encrypt and obscure the source of internet communications in Iran had halted.

That announcement was followed by the effective end of the project, which had aimed at providing political dissidents secure ways to communicate.

That sequence of events led to considerable back and forth among the C4 community, in part looking at the perennial problem of hype in the tech/software world outpacing reality.

The more significant strand to the convesation (it seemed to me) focused on something else: the underlying issue of whether or not it is possible to produce a genuinely secure set-up that could enable the kind of sunlight the Iranian dissidents sought (and needed) and their supporters outside Iran hoped to provide.

That’s something of obvious (again, to me) importance, especially in the context of the broad privacy-for-connection trade-off we are all committing ourselves to these days.

In that vein, MIT (and much elsewhere besides) computer scientist  David Reed weighed in with the crucial observation, which he kindly gave me permission to post below.

The shorter, just to get you going: computer/information security depends on two factors: the technical/technological and the human.  The strength or lack thereof of one factor does not alter the qualities of the other.  Therefore, no technological approach to information security (on which, in the Iranian case and many besides, lives depend) can provide genuine safety.

Key quote (from David’s conclusion):

Here’s the problem, then: we can’t even *talk about* the technology clearly, because we want to impute properties of perfection, goodness, morality, etc. to it.

And now to the whole thing:

Poking around a bit more on the [Haystack] controversy, let me suggest that it has roots back to anon.fi (the original “Swedish” anonymous remailer).  I (not so publicly) questioned crypto-activist friends promoting anon.fi at the time regarding their promotion of use of that service, given that their was no way they could *personally* assure us that anon.fi was not a trap placed carefully by one or more government or quasi-government agencies.

The response I got was that it was based on public key crypto, and the guy operating it was a “good guy”.

In other words – the crypto (which was undoubtedly strong, and open source) and the “goodness” of the guy were given equal weight, and both had to be working to ensure privacy of communications.  Despite most of these friends, who were well-known political activists, never having met this guy personally!

Here’s the problem, as I mentioned in part in my invited talk at USENIX Security this year:

Humans are prone to the “fallacy of composition”.  That is, there are certain properties of systems that don’t pass from the parts to the whole.  (the parts may all have X, but the system as a whole does not, OR the system as a whole can have X, when none of the parts have X).  Yet it is common for the brain to reason: “because one or more of the parts have X, the whole has X”.

Security is a set of qualities that are not composable.  They just aren’t.

We buy into the fallacy of composition because we (Hilary Clinton, the press, …) want to believe that we can fix a problem merely by using some wonderful “part” – in this case Haystack.

So where I’m going with this is that perhaps before we start trying to find “blame” in this hype-fest, we start by asking the question:
is it possible for someone to supply “security” in the form of an Internet service OF ANY KIND (open source or not, tested or not) that meets the goals?

Because security is not composable, the answer is NO.

So why are we beating up Haystack?  It can’t do the job, and one can tell just by looking at it from the outside – recognizing that any such system entails the fallacy of composition in many, many ways.

Is Tor better?  Not really.  If it had been reported like Haystack, it probably would have been “exposed” in the same way to have weaknesses that are honestly expressed by its own developers.  Would the developers have succumbed to the temptation to provide the “money quotes” supporting the hype?

What if Tor had been used by Iranian dissidents?   Given the weaknesses, surely they were putting their lives at risk due to its weaknesses, just as if Haystack were used.

I’d suggest that there is very little light, and a lot of heat, in the blogosphere and the press about this technology-centric view of political action.

There’s something broken in a world where someone can say with a straight face the phrase “liberation technology”!   Technology cannot be measured in that dimension in general, and if we are talking about the “fallacy of composition”, it applies hugely to the dimension of “liberty” (which has become a right-wing word) or “liberation” (the left-wing word).

Here’s the problem, then: we can’t even *talk about* the technology clearly, because we want to impute properties of perfection, goodness, morality, etc. to it.

To put all this another way, there is an old spook joke about secrecy and security:

How can you tell if a secret is safe?  If only two people know it…

…And one of them is dead.

My thanks to David for his willingness to share these thoughts to an audience beyond the C4 gang.

Image:  Henri Regnault, “The Spy,” 1880.