Tuesday, February 21, 2006

Outrageous Manassas Park law enforcement raid on Rack n' Roll Billiards Club

From the Agitator:

On June 2, 2004, police in the the Washington, D.C. exurb of Manassas Park, Virginia brought in a multi-jurisdictional narcotics tax force and officers from several surrounding cities and counties to conduct a massive, 70-90 officer SWAT raid on the Rack n' Roll Billiards Club.

The raid took place on Ladies' Night, a Wednesday. Though the intent of the raid was to collect evidence of drug use and drug distribution by David Ruttenberg, the club's manager, it was conducted under the auspices of an Alcohol Beverage Control inspection. Because ABC is primarily a regulatory agency, the guise of an ABC inspection enabled the raid to take place without a search warrant.

After hours of scouring the club, searching every nook and cranny, and generally turning the place upside down, the only charges to follow against Ruttenberg were for two bottles of beer a distributor had left for sampling that weren't clearly marked "SAMPLE." The bar would later be charged with a few other minor offenses: one incident of serving alcohol to a minor, and with several incidents of flashing from customers during Mardi Gras.

The account at The Agitator goes on to describe continued police harassment of Ruttenberg. Radley Balko suggests that this all began because David Ruttenberg and a Manassas Park police officer (who is now head of the narcotics task force) had a romantic interest in the same woman, and that the continued harassment is an attempt to find a post facto reason to justify the original outrageous raid. If that's correct, the law enforcement officials responsible for this should not only be fired, they should be jailed.

UPDATE (December 19, 2006): Things are not looking good for Ruttenberg, as Radley Balko has described. And it looks like there's serious corruption in Manassas Park.

UPDATE (December 23, 2006): Balko presents evidence that the harrassment of David Ruttenberg has to do with the fact that he's sitting on the prime location for off-track betting in Manassas Park, which could potentially bring in tens of millions of dollars of revenue for the city. The harassment began four months before a referendum on the matter, which was defeated.

UPDATE (December 31, 2006): Here's video footage that depicts two men openly using cocaine in Ruttenberg's bar. He calls police, who refuse to take witness statements, escort the men outside, and let them go. (More info at The Agitator.)

UPDATE (January 8, 2007): And here's a link to some more video of harassment.

UPDATE (January 11, 2007): And here's some more background information on the harassment of David Ruttenberg, where a violent incident at another pool hall across town was added to a report about Rack and Roll.

UPDATE (September 11, 2007): Radley Balko reports that the appropriately-titled vice mayor of Manassas Park, who also worked as a DJ at Rack and Roll, was encouraging lewd behavior and nudity in the club which he photographed, and which ended up in a file in the possession of the city which was used to motivate officials to go after the club. At the same time, however, the city denied the existence of the file when Ruttenberg inquired after it, and Ruttenberg, to the extent he was aware of the activities in question, attempted to prevent them from happening.

Monday, February 20, 2006

Leon Wieseltier's negative review of Dennett's new book

Leon Wieseltier, literary editor of the New Republic, has written an strongly negative review of Daniel Dennett's new book, Breaking the Spell. Wieseltier maintains that religion is beyond the scope of scientific examination, and so takes issue with a key aspect of Dennett's project.

Wieseltier's review has been critiqued by Brian Leiter (at Leiter Reports, here), P.Z. Myers (at Pharyngula, here), Taner Edis (at the Secular Outpost, here), and Michael Bains (at Silly Humans, here). I disagree with Bains about the term "scientism," even though I am quite sympathetic to "naturalized epistemology" and giving science a major role in philosophical questions. There is clearly quite a lot of room for disagreement about the idea that science should be the primary mechanism of inquiry in all domains--most scientists regularly argue that science draws no moral or ethical conclusions, which means they leave that area to philosophy or (a mistake, in my opinion) religion.

There is a key passage of Wieseltier's review that I partly agree with:
It will be plain that Dennett's approach to religion is contrived to evade religion's substance. He thinks that an inquiry into belief is made superfluous by an inquiry into the belief in belief. This is a very revealing mistake. You cannot disprove a belief unless you disprove its content. If you believe that you can disprove it any other way, by describing its origins or by describing its consequences, then you do not believe in reason.
In general, the origin of a belief is irrelevant to its truth or falsity. However, if Dennett's mission is like Pascal Boyer's, to give an account of why people believe in religion in general, rather than to prove that religion is false, then this is not an objection to what Dennett is doing. Further, if the explanation produced is the best explanation around, then that is good reason to believe that explanation (over an explanation that says religion is divinely inspired).

The fact is that there are lots of different religious beliefs that people hold, and they contradict each other. We know from the outset that all religions cannot be true--in fact, the mere existence of the contradictions is sufficient to show that much of the content of most religions must be false. Why people continue to believe it is something that requires explanation.

If the best such explanation is a naturalistic one, and that explanation fits the evidence for all religious belief better than supernatural explanations, then that is good reason to favor the naturalistic explanation over the supernatural explanations.

Wieseltier seems to reject "inference to the best explanation" as a form of reason.

UPDATE: Dennett has responded with a letter to the New York Times, and Wieseltier responds immediately following.

Sunday, February 19, 2006

The moral cowardice of Dick Cheney

Talking Points Memo points out that Cheney sent out three surrogates to assign blame to the victim (who then apologized publicly to Cheney!), contrary to Mary Matalin's claim on "Meet the Press"--even though she was surrogate #3!

Controversial hacker publishes cover story in Skeptical Inquirer

The latest issue of the Skeptical Inquirer (March/April 2006) features an article titled "Hoaxers, Hackers, and Policymakers: How Junk Science Persuaded the FBI to Divert Terrorism Funding to Fight Hackers" by Carolyn Meinel. The descriptive text on the first page (between the article title, subtitle, and author's name) says "Hoaxers warned of an imminent and deadly electronic Pearl Harbor. Consequently, the FBI diverted resources and attention away from terrorism and toward fighting hackers. This may have contributed to the September 11, 2001, attacks. Use of critical inquiry and the scientific method could have avoided this misdirection."

While most of the article appears to me to be accurate and its conclusion about treating claims from self-proclaimed computer security experts with scrutiny is sound, the article itself contains unsubstantiated arguments (in particular the arguments of the title and subheading) and comes from a self-proclaimed hacking expert of questionable credibility.

Meinel's article is in three sections--an introductory section about the title, a section about specific claims made by two hackers, and a section on "critical analysis of e-terrorism." I find little to criticize in the latter two sections, except for its implication that Peter Neumann's testimony before Congress was unfounded (Neumann is a highly respected expert on computer risks, the editor of the RISKS Digest, and author of the book Computer-Related Risks, 1995, The ACM Press).

Meinel begins by describing Fred J. Villella bringing hackers "Dr. Mudge" (Pieter Zatko, though Meinel never mentions his name) and "Se7en" ("Christian Valor", who was indeed exposed as a chronic fabricator as Meinel claims in the second part of her article) to meetings of federal policymakers where they warned of "a looming electronic Pearl Harbor." The most notable such meeting was testimony before the Senate Governmental Affairs Committee on May 19, 1998, where the above-mentioned Neumann testimony took place, and where Mudge testified that he could make the Internet unusable with less than thirty minutes of effort.

Meinel argues that this testimony "may have contributed to an entrapment scheme" by the FBI against hacker "Chameleon" (Marc Maiffret, now "Chief Hacking Officer" of eEye Digital Security) as a way to show that "hackers were actually collaborating with enemies of the U.S." But she provides no evidence of a connection between the testimony and the action.

She falsely states that "books (Penenberg 2000; Mitnick 2005) hyped the raid [on Maiffret] to say that hackers were in league with al Qaeda." Neither of these two books says that. Adam Penenberg, in his book Spooked: Espionage in Corporate America (with Marc Barry, 2001, Perseus Books), writes that "Hackers are always on red alert for the FBI. In fact, when Maiffret was contacted over the Internet by the alleged terrorist Khalid Ibrahim, a member of Harkat-ul-Ansar, a militant Indian separatist group on the State Department's list of the thirty most dangerous terrorist organizations in the world, he assumed Ibrahim worked for the feds." Kevin Mitnick, in his book The Art of Intrusion (2005, Wiley, pp. 32-34), raises the possibility that Khalid Ibrahim was part of an FBI operation, but questions it on the ground that only Maiffret received any money from him. On the other hand, he points out that Maiffret told Wired News "he had not provided any government network maps" and wonders why, despite his confession to accepting money from an terrorist-connected individual (Mitnick writes "foreign terrorist"), no charges were ever filed. Then, he writes "Perhaps the check wasn't from Khalid after all, but from the FBI." (As an aside, Mitnick's book states that few know the true identity of "Chameleon," but Penenberg's book had already published his identity in 2000.) Perhaps Maiffret avoided prosecution by agreeing to work with the FBI, as other hackers have done (such as Justin Tanner Petersen, "Agent Steal," whose story is partly told in Jonathan Littman's The Watchman: The Twisted Life and Crimes of Serial Hacker Kevin Poulsen, 1997, Little, Brown).

The specific argument of the title and subheading--that the testimony of these hackers led to a diversion of funding that may have contributed to the success of the 9/11 terrorist attacks--is stated in a single paragraph in the second column of the first page of the article (p. 32). In that paragraph, Meinel states that cyberspace czar Richard Clarke's formation of the National Infrastructure Protection Center (NIPC) diverted funding increases "earmarked against terrorism to hire FBI agents for the hacker beat." This diversion of funds led to only $4.9 million spent by NIPC on counterterrorism, and it therefore lacked the resources to follow up on Phoenix FBI agent Ken Williams' warning about al Qaeda members training at U.S. flight schools.

This argument assumes that NIPC, rather than the FBI's counterterrorism unit, is the organization which should have followed up on Williams' memo. It also overlooks the role of the FBI's incredibly antiquated computer systems, which technophobe FBI Director Louis Freeh had refused to take steps to upgrade (with Congress withholding $60 million in funding for FBI's IT infrastructure between 1998 and 2000 because of its failure to produce a credible upgrade plan). Not until July 2000, when Freeh appointed Bob Dies to begin work on an overhaul, did Freeh address the issue. The result was that the FBI had 42 separate database systems that could not be searched simultaneously and many agents had computers that did not work or could not display images or connect to the Internet. Many agents used home computers in order to receive email photo images of suspects from local police departments. (See the "Missing Documents" chapter of Ronald Kessler's The Bureau: The Secret History of the FBI, 2002, St. Martin's Press. Similar observations are made in the "9/11" chapter of James Bovard's The Bush Betrayal, 2004, Palgrave Macmillan. Bovard cites (p. 27) a Los Angeles Times story that reports the FBI diverting $60 million in funds earmarked for IT upgrades in the year 2000 to be used for staffing and international offices. The fact that the dollar figure is the same in Bovard and Kessler may indicate that Bovard is misdescribing the same $60 million Kessler mentions.) By contrast, NIPC's entire budget (PDF) was under $20 million per year through 2000, and Bush requested a budget of $20.4 million for NIPC in 2001. (This is not to say that NIPC was effectively using what funds it had--it wasn't. But Meinel's complaint that only $4.9 million of NIPC's budget was spent on counterterrorism should be put in context--that was a quarter or more of its annual budget.)

These IT failings and the other failures reported in the 9/11 Commission Report and elsewhere strike me as more plausible reasons for the U.S. government's failure to avert the 9/11 attacks than trying to pin it on the hackers who testified before Congress in 1998 about the dangers of cyber attacks. Ironically, in October 2001 an article arguing that the Code Red worm demonstrates that there really are significant risks of Internet-based attacks on U.S. infrastructure ("They would be far worse than not being able to make bids on eBay--potentially affecting product manufacturing and deliveries, bank transactions, telephony and more. Should it occur five years from now, the results could be a lot more severe.") appeared in Scientific American. The author of this article, "Code Red for the Web," was Carolyn Meinel.

It's more surprising to me that Skeptical Inquirer published an article by Carolyn Meinel at all. Meinel's author description printed in SI states:
Carolyn Meinel is a consultant and science writer. She has assisted the Defense Advanced Research Projects Agency (DARPA) with its Intrusion Detection Evaluation Program and its Cyberadversary Workshop, and consults for Systems Advisory Group Enterprises, Inc. (www.sage-inc.com), the Institute for Advanced Technology (www.iat.utexas.edu/), and the Santa Fe Institute (www.santafe.edu/). She may be reached at [email address omitted to prevent spam].
Not mentioned are Meinel's books, web pages, and hacker conference appearances to teach hacking skills or her two articles in Scientific American ("How Hackers Break In... and How They Are Caught" in October 1998 and "Code Red for the Web" in October 2001). The existence of the latter two publications no doubt lends her credibility (and may have helped persuade SI to publish this latest article), but the content of some of her hacker training works and parts of the October 1998 Scientific American article serve to diminish it. The October 2001 article seems pretty accurate to me, and was selected for publication in Matt Ridley's Best American Science Writing 2002 volume. That article, as already observed, does point out the possibility of an "electronic Pearl Harbor," so Meinel avoids self-criticism as being a contributor to 9/11 failures under her own argument only by the month-post-9/11 publication date.

Meinel has long been a controversial character in hacker circles, as can be seen by Googling her name on the web and Usenet (you can search the latter with Google Groups). She also has a degree of infamy from her former marriage to Scientology critic Keith Henson. Henson, who was successfully prosecuted for "interfering with a religion" (Scientology--in part due to an online joke he posted about using a "Cruise missile") and fled to Canada, started the L5 Society with Meinel in 1975. In their divorce proceedings, Meinel apparently made charges of child molestation against Henson which were published by Scientology front group "Religious Freedom Watch" as a way to "dead agent" Henson. Meinel, while supportive of Henson, didn't actually retract the charges, though I took her comments to suggest they were bogus. (UPDATE July 18, 2008: Henson's daughter Val has recently gone public and argues that the charges are true.)

Meinel had a long-running feud with hacker "jericho" (Brian Martin), who runs attrition.org. Martin, as it happens, was once the roommate of phony hacker "Christian Valor" ("Se7en"), but was also one of the people who exposed his fabrications. In addition to exposing other bogus security experts, his site contains a large collection of criticisms of Meinel, her behavior, and her work. Given the personal nature of many of the criticisms it is difficult to know what, if any, to take seriously, except for those which specifically address her accuracy and knowledge of hacking and network security, such as the critique of her 1998 Scientific American article, "How Hackers Break In...", by Fyodor (author of the widely used security port scanning tool, nmap). That article, which may be partly based on a hacker break-in at Meinel's ISP, Rt66 Internet (in which case "Dogberry" may be John Mocho of Rt66), contains a number of questionable statements. For example, the scenario describes the firewall of "refrigerus.com" responding to a port scan by launching an attack in response, as though this is a good form of security, and the description of the attack itself suggests that either the description is inaccurate or the attack itself is incredibly naive. The author description on "How Hackers Break In..." stated that Meinel has an "upcoming book, War in Cyberspace" that "examines Internet warfare." As of today, there appears to be no such book.

In 1998, a hacking group that called itself "Hacking for Girliez" or HFG defaced a number of websites, including that of the New York Times. Brian Martin believes he was on the list of suspects. A number of HFG defacements made reference to Meinel (which I interpret to mean that HFG had a grudge against her rather than that she was involved), and she was herself questioned by the FBI and asked to take a polygraph, which she wisely declined (given the lack of empirical support for the validity of the polygraph).

In 2001, Meinel's techbroker.com website was compromised and a piece of software placed on it. A message was sent to the Vuln-Dev mailing list under Meinel's name (apparently a forgery), claiming that the software was an exploit for a vulnerability in the wu-ftpd FTP server; but in actuality it was malware which would attempt to delete files.

Given the lack of support for the title claims in this article and the lack of Meinel's expertise in computer security, I don't think Skeptical Inquirer should have published it, at least in the form it appeared.

Meinel, it should be clear, is not an advocate of illegal hacking--she seems to be fairly emphatic about not breaking into machines unless you own them or have permission to do so. But at the same time, she seems to give a wink and a nod to those who are going to break into the machines of others and has been billed as a "walking script kiddie factory." She also seems to advocate offensive measures as a mode of defense (as described in her 1998 Scientific American article), which is not responsible computer security advocacy.

UPDATE (March 4, 2006): Today I obtained a copy of Gerald Posner's book Why America Slept (2004, Random House), which is cited by Meinel at the end of her paragraph claiming that NIPC budget diversion to cyber warfare was the cause of 9/11 failures. The concluding sentence of that paragraph reads: "Therefore, the FBI lacked the resources to follow up on an agent's warning of al Qaeda members at U.S. flight schools (Posner 2003)."

The relevant section of Posner's book is pp. 169-173. It in no way supports what Meinel has written--Posner makes no reference to NIPC in his entire book, and he enumerates several failures on the part of the FBI with respect to Ken Williams' memo--the lack of communication with the CIA, the failure of middle management of the FBI to recognize the significance of the memo, and lack of resources within the FBI: "The FBI considered the Phoenix idea [to check out the thousands of students at the flight schools] too costly and time consuming, and a few even expressed concerns that such a probe might be criticized in Congress as racial profiling."

The main thesis of Meinel's article is not supported by the facts, and she has misrepresented at least three of the sources she cites--Gerald Posner's book, Kevin Mitnick's book, and Adam Penenberg and Marc Barry's book. That's sloppy work that doesn't deserve publication.

UPDATE (February 19, 2007): I thought I had already added a link to the April 2006 discussion of Meinel's article by Jeff Nathan at the Arbor Networks blog, but I hadn't. This remedies that oversight. There's a good exchange between Nathan and Meinel in the comments.

Also, Skeptical Inquirer published my letter to the editor regarding Meinel in the July/August 2006 issue (p. 62) along with a response from Meinel.

UPDATE (August 8, 2010): James Bamford's most recent book, The Shadow Factory: The Ultra-Secret NSA from 9/11 to the Eavesdropping on America (2008) contains more detail about intelligence screwups that, had they been prevented, might have averted all or part of the attacks of 9/11--but NIPC's budget had nothing to do with it.

Saturday, February 18, 2006

The Security Catalyst podcast

I recommend Michael Santarcangelo's "Security Catalyst" podcasts, which can be subscribed to at no charge via iTunes or Yahoo Podcasts. He's got additional information and links related to the shows at the Security Catalyst website.

Michael, who I met a few years back through a consulting engagement that was a "death-march project," is a sharp, witty, and well-spoken advocate of and educator for good computer security.

Carrier and Wanchick debate: Argument from Mind-Brain Dysteleology

I've posted a commentary on the exchange between Richard Carrier and Tom Wanchick about this particular argument from Carrier. The post is at the Secular Outpost.

Friday, February 17, 2006

Underground London

Some very interesting photos of old subway lines, former stables, and other semi-abandoned tunnels underneath London. (At BLDGBLOG.)

UPDATE (May 21, 2007): Nick Catford's Subterranea Britannica is the place to go for photos and information about underground sites in Britain.

Coyote Carnival #1

The first Coyote Carnival, a collection of posts from Arizona blogs, may be found here.

Database error causes unbalanced budget

Bruce Schneier reports on how a house in Valparaiso, Indiana was incorrectly valued at $400 million due to a single-keystroke error by an "outside user" of Porter County's appraisal records. This incorrect valuation led to an expectation of $8 million in property taxes due from that homeowner, which led to a erroneous increase of budgets and even distribution of funds. Now the Porter County Treasurer has had to ask 18 governmental units to return funds--the city of Valparaiso and Valparaiso Community School Corp. have been asked to return $2.7 million, which will leave the school system with a $200,000 budget shortfall.

The number of errors here is huge--first of all, an external user shouldn't have access to change budget data at all, let alone by a typo which caused the user to invoke "an assessment program written in 1995" which "is no longer in use, and technology officials did not know it could be accessed." Second, there should have been checks on the data to identify anomalies like a house suddenly jumping in value to $400 million. Third, there should have been checks on the accuracy of budget numbers before the disbursement of funds. And I'm sure I'm only scratching the surface--it sounds like they've got some serious IT infrastructure issues.

Thursday, February 16, 2006

RIAA: Burning CDs to MP3s is not fair use

Every three years, the U.S. Copyright Office accepts comments on the Digital Millennium Copyright Act (DMCA) for additional rule-making and exemptions. The Electronic Frontier Foundation (EFF) has given up on participating in the process, which they consider too broken to be worthwhile--consumer interests are simply not taken into consideration.

The RIAA's most recent filing (PDF) in this process shows that they've reversed their position since testifying before the Supreme Court last November in the MGM v. Grokster case, when attorney Don Verrilli stated (PDF, p. 12):
The record companies, my clients, have said, for some time now, and it's been on their website for some time now, that it's perfectly lawful to take a CD that you've purchased, upload it onto your computer, put it onto your iPod.
The RIAA's position in the new filing (PDF, p. 22 footnote 46) is:
Nor does the fact that permission to make a copy in particular circumstances is often or even "routinely" granted, [...] necessarily establish that the copying is a fair use when the copyright owner withholds that authorization. In this regard, the statement attributed to counsel for copyright owners in the Grokster case is simply a statement about authorization, not about fair use.
That is, they are claiming that they've given permission for such use, and have the right to take it away at any time, because it is not a matter of fair use. The filing points out that this is the 2003 position of the Register of Copyrights, who is quoted (p.22):
proponents have not established that space-shifting or platform-shifting is a noninfringing use.
On the same page (22), the filing states:
Similarly, creating a back-up copy of a music CD is not a non-infringing use....
(Somewhat less information may be found at the EFF's blog entry which pointed me to this filing, Deep Links.)