Radical Instrument

IT is changing the exercise of power. Radical Instrument is picking up the signals.

Archive for August 2009

CYXYMU and “the nuclear option”

leave a comment »

There’s been enough said about the specifics of the Facebook/Twitter/LiveJournal outage last week connected to attacks on Georgian blogger “CYXYMU.” net.effect offers a detailed analysis of the politics involved, but I’m not so sure of Evgeny Morozov’s belief that this represents an effective step forward in the silencing of dissent. Read the net.effect piece, but consider the following as well –

1.  Are sites like Facebook, et. al., really going to generate “terms of service censorship” to delete users who become targets of cyberattacks due to free expression? I’m not so sure. There are certainly enough people who can identify (and amplify) when such considerations go into effect, and I’m not convinced that explicit censorship wouldn’t reverse the explosive growth of these sites, or open up an angle for new competition. Then again, maybe that’s simply achieving the same effects…

2.  When you attack a site with 250M users, like Facebook, you’re naturally going to attract undue attention to a situation that otherwise wouldn’t have been given another thought. I’m not convinced that won’t lead to greater political blowback at some level for Russia (even if in no way connected to the attack), even if it’s something as simple as a more aggressive cybersecurity policy (remember, there’s still an ongoing debate between the U.S. and Russia about cybersecurity).

3.  Why assume a static architecture? “Terms of service censorship” would be easy, certainly. But I’m not so sure that this attack hasn’t just handed over a new set of creative ideas – not to mention funding – on how to make the platforms more robust. A big maybe. But there’s clearly a public good issue that works to the advantage of folks like CYXYMU. Even with “terms of service censorship,” attacks like these – because they inflict damage on the network as a whole – are still likely to focus efforts on how to protect the network as a whole, which ultimately benefits individual cyber-dissenters. Imagine for a second that this were an actual military attack against an entire city, just because that city was home to one vocal individual. Even if you kicked that individual out, wouldn’t the chance of a future, similar individual be incentive enough to improve your defenses against a similar attack?

Written by Mark

August 9, 2009 at 9:58 pm

Posted in Technology

Tagged with , ,

Google and Microsoft in Uganda

leave a comment »

Google has launched “Google Trader” as part of its new SMS offering in Uganda – a service to facilitate marketplace transactions, particularly in agriculture.

Not surprisingly, a quick scan of Microsoft’s efforts in Africa reveals a slightly different focus – refurbishment and provisioning of PCs (particularly in Uganda), training for the government sector, work with international institutions like the UNHCR.

One can’t help but notice the superficial but potentially telling differences, and ask whether they’re reflective of the larger Google v. Microsoft story, which itself reflects deeper questions about the evolution of the IT. A scan of Google’s blog surfaces several references to volunteer efforts, to training local developers, to initiatives that embed in the daily cultural and economic milieu. Microsoft’s stories seem…well, larger (e.g., a new software package for an country’s educational sector), institutional, more “traditional” in terms of both technology and aid. There’s no dispute over the good, even the necessity of both approaches. But one can’t help but wonder if their evolution will tell a larger story about how the world will compute in the next fifty years.

Written by Mark

August 6, 2009 at 2:38 pm

School of Hack (Chinese version)

with one comment

Courtesy of Fergie’s Tech Blog:  this report on the $34.8M “hacker training” industry in China, derived from this China Daily story. The China Daily piece also cites $1B in losses in China in 2008 due to cybercrime, attributed to theft from personal accounts.

Not really convinced that you would get a lot out of course that runs maybe $30 … maybe access to a few tools that can be clumsily deployed, absent any other skills. The math is interesting – at the thirty-dollar rate, $34.8M buys you over a million “courses.” Assume for a moment that the courses are in Chinese (could be wrong there)…with a total combined Internet user population in China and Taiwan of ~300M, and assuming one course = one user, that’s not a bad rate of penetration. It’s a rate roughly equivalent to Amazon’s share of the U.S. retail market.

I previously referenced this Bloggingheads discussion between Evgeny Morozov and Ethan Zuckerman on cyberwar. Listen about midway through or check out Evgeny’s previous Slate article for a description of how a non-expert can get access to the right tools fairly easily.

Written by Mark

August 5, 2009 at 10:11 pm

Military robots and ethics – more debate, but still missing some questions?

leave a comment »

In the BBC’s top technology stories tonight:  a University of Sheffield professor of artificial intelligence states that a military robot’s ability to distinguish friend from foe reliably is still 50 years away, meaning that the technology needs restraint while the ethics catch up.

Regardless of whether it’s fifteen or fifty years, Moore’s Law practically mandates that the technology will outrace ethics and policies, absent a multinational commitment to constrain it. There are questions beyond rules of engagement as exercised by a semi-autonomous or autonomous robot – for instance, whether controllers, safely ensconced hundreds or thousands of miles away, constitute legitimate military targets. All such questions point to a grave potential – the probability that the growing use of robots could encourage rather than inhibit war, and expand the domain of the battlefield to include more civilians.

The same questions have been raised when it comes to cybersecurity, leading some to raise the idea of an international convention. If it comes about, it might need to aim at a larger ambition – to understand, and then govern automation as it advances and is applied to war.

Written by Mark

August 3, 2009 at 9:36 pm

Journos, poseurs, and spies

leave a comment »

Seems like the Defcon and Black Hat conferences are ground-zero for spies with an information-warfare bent:  this report from Computerworld discusses the ejection of four South Koreans apparently posing as journalists at Defcon. Any article that name-checks the Mossad and the French Foreign Legion in the same paragraph is worth reading.

Written by Mark

August 3, 2009 at 9:08 pm

Posted in Random

Tagged with ,

Cyberwar and civil damage

leave a comment »

From the front page of Sunday’s NY Times:   the outlines of a continuing debate around the broader, unintended consequences of cyberwar.

This curious section appears about midway through the piece:

But some military strategists argue that these uncertainties have led to excess caution on the part of Pentagon planners.

“Policy makers are tremendously sensitive to collateral damage by virtual weapons, but not nearly sensitive enough to damage by kinetic” — conventional — “weapons,” said John Arquilla, an expert in military strategy at the Naval Postgraduate School in Monterey, Calif. “The cyberwarriors are held back by extremely restrictive rules of engagement.”

Despite analogies that have been drawn between biological weapons and cyberweapons, Mr. Arquilla argues that “cyberweapons are disruptive and not destructive.”

This seems odd, given Arquilla’s previously articulated concerns over “a grave and growing capacity for crippling our tech-dependent society [which] has risen unchecked,” and his advocacy for arms control in this area. Granted, he’s careful to distinguish “mass disruption” from “mass destruction,” but the line between mass disruption and simple destruction seems blurry. There would seem to be a great deal of nuance in advocating international controls on the one hand, and less restrictive rules of engagement on the other.

He does raise a point about interpretative differences as applied to both conventional and cyberweapons. Should there be a difference, especially if the full extent of collateral effects are unknown? The case study here might be electrical infrastructure – especially since it’s been featured so prominently in Department of Homeland Security arguments. As the LA Times has noted, the U.S. attack on Iraq in 2003 deliberately avoided attacks on electrical infrastructure – a significant change from the 1991 campaign, and its second- and third-order effects. If an attack on information networks has the same effect on electrical infrastructure as a conventional attack, should it be governed by the same rules? Or if it has the same second- and third-order effects as an attack on electrical infrastructure – regardless of whether or not the electrical infrastructure is targeted – should it be governed the same?

Underlying this debate is the simple trend towards a more integrated world, in material, communications, and social networks. It’s not a flat world by any measure, but the wiring continues to be put in place. As that happens it’s going to be even more difficult to separate warfare from its effects on civil society. So it’s important that this debate continue – to ensure, at a minimum, that the use of information systems to conduct war works to inhibit rather than encourage war.

Written by Mark

August 2, 2009 at 7:01 am

Posted in Military & Security

Tagged with