Saturday, August 30, 2008

When t-shirts, coffee tables, and screws are munitions

One of my prized possessions, now in a box in a closet somewhere, is a T-shirt that says on its front "This T-shirt is a munition." Underneath it is some machine-readable barcode that encodes the RSA public-key encryption algorithm expressed in Perl. As the seller of the shirt advertised, "it's machine washable and machine readable."

When I bought and regularly wore that shirt, taking it out of the country was a crime punishable by up to a $1 million fine and 10 years in federal prison. This is because U.S. rules under the International Traffic in Arms Regulation (ITAR), then enforced by the Department of Commerce, ruled that strong encryption qualified as a munition subject to export controls and requiring a special license for export. After the Dan Bernstein case was decided in 1996, computer source code printed in a book (human readable format) was not subject to export controls, but computer source code in a machine readable format, such as on my shirt, still was. So I could wear my other T-shirt with RSA Perl code on it, which had a program in the shape of a dolphin, out of the country, but not the machine readable "This T-shirt is a munition" shirt. The implication was that you could take a copy of Bruce Schneier's Applied Cryptography out of the country without an export license, but not a disk containing the very same code fragments printed in the book. This website authored by Adam Back, written at the time, proposed some possible motives for government restrictions on cryptography.

What the ITAR regulations on cryptography did for Internet software development was prohibit web browsers and server software from implementing the strong encryption necessary to protect electronic commerce from being exported from the United States. The result was that this development work simply occurred offshore. There were no barriers to importation of the software into the U.S., only to export it out. So the software was developed and sold by companies in places like Canada, Russia, and Estonia, which had no such inane restrictions.

Finally, in 1999, the U.S. wised up and relaxed the ITAR restrictions on encryption, allowing export without a license to most countries (the exceptions being countries with links to state-sponsored terrorism).

But ITAR is still around, and still having the unintended effect of pushing business out of the United States. The current victim is commercial satellite production. In 1999, ITAR authority over satellite technology export was shifted from the Department of Commerce to the Department of State, and since that time the U.S. share of commercial satellite manufacturing has dropped from 83% to 50%. The company Alcatel Alenia Space, now known as Thales Alenia, took steps in the late nineties to eliminate all U.S.-manufactured components from its satellites, with the result that it has subsequently doubled its market share to over 20%. The European Space Agency, Canada's Telesat, and the French company EADS Sodern, that makes satellite control and positioning systems, have all been phasing out their use of U.S.-supplied components. They've done this because dealing with U.S. vendors increases costs (due to regulatory compliance costs) and causes unpredictable delays in the supply of parts.

Nevada's Bigelow Aerospace delivered an aluminum satellite stand to Russia in 2006, which Robert Bigelow described as "indistinguishable from a common coffee table." But because it's associated with a satellite and officially part of a satellite assembly, it is covered by ITAR and had to be guarded by two security guards at all times. Even commodity items like screws and wiring, when part of a satellite, are covered by ITAR regulations.

The purpose of ITAR is to prevent key U.S. technologies with military applications from being leaked out to other countries that might be hostile to the U.S. But the effect of its overly broad application has been to shift the development of that technology to other countries and reduce the ability of U.S. companies to compete in the commercial satellite business.

Congress should look to reform ITAR--when export controls are so badly broken as to have nearly the opposite of the intended effect, they clearly need to be relaxed.

(Satellite and ITAR info via "Earthbound," The Economist, August 23, 2008, pp. 66-67.)

Friday, August 29, 2008

ABC News producer arrested in Denver

Police told ABC News producer Asa Eslocker to move off a public sidewalk, pushed him into the street, and then arrested him after telling him he was trespassing and "impeding the flow of traffic." ABC has video at their site, which shows another police officer who needs to be fired.

Thursday, August 28, 2008

Military botnets article

I'm quoted in Peter Buxbaum's "Battling Botnets" article in the August 20, 2008 Military Information Technology. It didn't really fully capture the points I made in the interview, and I don't remember saying the statement at the end about using botnets as an offensive measure as "a nuclear option." I said that nullrouting is a much better method of denial of service for network service providers than flooding attacks, and made a point similar to Schneier's about military attacks on the infrastructure of another nation that the U.S. is at war with--it would be more useful to obtain access to their systems, monitor, and disrupt than to just shut off access completely, but those points weren't reflected in the article.

I've written more about military use of botnets at this blog.

Obama sign stolen

We put a Barack Obama for President sign in front of our house on Sunday; it's already gone today.

A Google search for "Obama sign stolen" shows that thefts of Obama yard signs are occurring all over the place--Midland, TX; Staunton, VA; Springfield, MO; Ivins and St. George, UT; Sartell, MN; Upper Arlington, OH; and so on. A Google search for "McCain sign stolen" shows allegations about McCain stealing a prisoner of war story, Cindy McCain stealing a recipe, and stories of thefts of Obama yard signs--but no reports of stolen McCain signs.

I suppose either our sign was stolen by an unethical Obama supporter for their own use (in which case the stolen sign should be popping up elsewhere), or by an unethical McCain supporter who has no respect for freedom of speech or private property. I suspect it's probably the latter.

UPDATE (November 5, 2008): Here's a story about a university instructor who wrote about his stealing a McCain/Palin sign in Minnesota--he has resigned his visiting professorship at St. Olaf College as a result. Philip Busse is described in the article as a journalist and political activist from Portland, Oregon.

Lori Lipman Brown on the Colbert Report tonight

Lori Lipman Brown, the nonbelievers' lobbyist in Washington D.C., will appear on The Colbert Report tonight. She works for the Secular Coalition of America, an organization whose members include the American Humanist Association, the American Ethical Union, Atheist Alliance International, the Freedom From Religion Foundation, the Institute for Humanist Studies, the Internet Infidels, the Military Association of Atheists and Freethinkers, the Secular Students Alliance, and the Society for Humanistic Judaism.

UPDATE: She won't be on tonight--maybe next week?

UPDATE (August 30, 2008): She was on last night's show, which is online.

Rifftrax

Mike Nelson of Mystery Science Theater 3000 is behind Rifftrax, a website that allows you to download commentaries to play along with DVDs you watch. One of the commentaries currently available is for Ocean's Eleven and features Mike Nelson and our friend Richard Cheese. Many of the commentaries also feature MST3K writer and the voice of Tom Servo, Kevin Murphy, and MST3K writer and the voice of Crow, Bill Corbett.

Others include Weird Al Yankovic joining Nelson on Jurassic Park, Neil Patrick Harris joining Nelson on Willy Wonka and the Chocolate Factory, and commentaries on Alien, Cloverfield, Forbidden Zone, I Am Legend, and the creepy short educational bicycle safety film from 1963, One Got Fat. Josh Fruhlinger, the Comics Cumudgeon, joins Nelson on the Spiderman 2 commentary.

Looks like they charge $2.99 or $3.99 for the feature film commentaries, $0.99 for the shorts, which are all DRM-free.

Check them out at Rifftrax.com.

Wednesday, August 27, 2008

DHS responds to my FOIA request for my travel dossier

On September 26, 2007, I submitted a request to the Department of Homeland Security requesting copies of information relating to me in the Automated Targeting System (ATS), a system that collects information about individuals who travel internationally. Travelers are then assigned a risk score; passengers who have higher scores are subjected to a higher level of screening, despite the fact that Congress has attached restrictions to its appropriations for passenger screening stating that "None of the funds provided in this or previous appropriations Acts may be utilized to develop or test algorithms assigning risk to passengers whose names are not on government watch lists."

Traveler risk scores are maintained for 40 years and individuals are not allowed to know their scores. The system has come under criticism for sometimes including information such as what books or magazines a passenger is carrying.

I followed the process suggested by The Identity Project, which stated that DHS was supposed to respond within 30 days. It took a little longer than expected--I just received my travel dossier today. It's fifteen pages of fairly cryptic documentation, with frequent short redactions. The redactions are each labeled with the section of 5 USC 552 which provides grounds for exemption from disclosure, (b)(2)(low), (b)(6), and (b)(7)(C). The first of those "exempts from disclosure records that are related to internal matters of a relatively trivial nature, such as internal administrative tracking," and accounts for the majority of the redactions. The other two are for "personnel or medical files and similar files the release of which would cause a clearly unwarranted invasion of personal privacy" and "records or information compiled for law enforcement purposes that could reasonably be expected to constitute an unwarranted invasion of personal privacy." I have a few of each of that type of redaction.

The documents include most--but not all--of my international air travel, including from as far back as 1984. There appear to be reports from two systems. There are four pages labeled "TECSII - PRIMARY QUERY HISTORY" and "PASSENGER ACTIVITY." TECS II is the Treasury Enforcement Communications System II, the primary database of IBIS, the Interagency Border Inspection System. This report lists a series of records of two lines each. The first line contains my name, date of birth, date and time of the query, the agency making a query, a result column (entirely redacted under (b)(2)), a column labeled "LNE TYP" that appears to use both of the two lines and has codes such as "API," "AIR," and "VEH." Finally on the first line are a completely redacted column labeled "TERM" and single-letter codes under the headings "API" and "DIM." The second line of each record contains airline flight numbers in some cases, and the name of the departure city in one case, a field labeled "DOC:" followed by a blank or my passport number, and, under the heading "LANE," the characters "INSP:" followed by a blank or a redacted field, probably the name of the agent making the query. At the bottom of each page of results are three or four lines that are completely redacted, probably part of a help screen or menu--the output looks like something from an IBM 3270 display terminal.

The other eleven pages of output look like IBM 3270-style output pasted into a single Word document that begins with my name and birthdate. It's divided into several sections, each headed with a date of travel and containing what appears to be passenger name records (PNR) taken directly from SABRE. The redactions in these sections seem to be somewhat haphazard--in one place part of my corporate email address was redacted, in another a different form of my corporate email addresses was not. My American Express card number is present, as is my Hertz #1 Club Gold membership number. It includes complete itineraries for the most recent travel, including hotel booking information (including type of room and bed), airline seat assignment information, and ticket price. There's less information for older travel, which is mostly obscure to me apart from dates and airport codes.

Next I'll have to check out my FBI file...

UPDATE (September 9, 2008): DHS has responded to charges that it is illegal for them to be recording and keeping certain border-crossing records in ATS by moving them to another database, called BCI.

UPDATE (December 31, 2008): DHS is in violation of its obligations to U.S. citizens under the Privacy Act, and to foreign nationals in Europe under the DHS-EU agreement on access to and use of Passenger Name Record (PNR) data. DHS has not been complying with requests for data in the legally required time periods, nor with all of the relevant data. Data has also been illegally copied into other databases. Not surprisingly, the DHS's own internal review claims, even as the evidence contradicts the claim, that it is in compliance with the law.

Edward Hasbrouck has posted about the difference between American and European attitudes towards privacy and surveillance, and notes that at least one European airline, KLM, had never developed processes for complying with the law for passenger requests of records.

UPDATE (July 19, 2014): An editor at Ars Technica has just discovered that his PNR contains full credit card numbers and IP addresses. Not exactly news, at this point...

Simon Singh sued and silenced; Svetlana and Steinberg's speech surmounts suppression

Science writer Simon Singh (author of The Code Book on yesterday's list of science books) is a columnist for The Guardian, for which he wrote a column critical of chiropractic titled "Beware the spinal trap." The British Chiropractic Association sued him for the column, and it was withdrawn from the Guardian's website. Svetlana Pertsovich has posted the offending column from Internet cache on her website in Russia, James Steinberg has posted it at his blog, and I've included it below.

UK libel law is still in need of reform.

Beware the spinal trap
Some practitioners claim it is a cure-all but research suggests chiropractic therapy can be lethal
Simon Singh The Guardian, Saturday April 19 2008
This is Chiropractic Awareness Week. So let’s be aware. How about some awareness that may prevent harm and help you make truly informed choices? First, you might be surprised to know that the founder of chiropractic therapy, Daniel David Palmer, wrote that, “99% of all diseases are caused by displaced vertebrae”. In the 1860s, Palmer began to develop his theory that the spine was involved in almost every illness because the spinal cord connects the brain to the rest of the body. Therefore any misalignment could cause a problem in distant parts of the body.
In fact, Palmer’s first chiropractic intervention supposedly cured a man who had been profoundly deaf for 17 years. His second treatment was equally strange, because he claimed that he treated a patient with heart trouble by correcting a displaced vertebra.
You might think that modern chiropractors restrict themselves to treating back problems, but in fact they still possess some quite wacky ideas. The fundamentalists argue that they can cure anything. And even the more moderate chiropractors have ideas above their station. The British Chiropractic Association claims that their members can help treat children with colic, sleeping and feeding problems, frequent ear infections, asthma and prolonged crying, even though there is not a jot of evidence. This organisation is the respectable face of the chiropractic profession and yet it happily promotes bogus treatments.
I can confidently label these treatments as bogus because I have co-authored a book about alternative medicine with the world’s first professor of complementary medicine, Edzard Ernst. He learned chiropractic techniques himself and used them as a doctor. This is when he began to see the need for some critical evaluation. Among other projects, he examined the evidence from 70 trials exploring the benefits of chiropractic therapy in conditions unrelated to the back. He found no evidence to suggest that chiropractors could treat any such conditions.
But what about chiropractic in the context of treating back problems? Manipulating the spine can cure some problems, but results are mixed. To be fair, conventional approaches, such as physiotherapy, also struggle to treat back problems with any consistency. Nevertheless, conventional therapy is still preferable because of the serious dangers associated with chiropractic.
In 2001, a systematic review of five studies revealed that roughly half of all chiropractic patients experience temporary adverse effects, such as pain, numbness, stiffness, dizziness and headaches. These are relatively minor effects, but the frequency is very high, and this has to be weighed against the limited benefit offered by chiropractors.
More worryingly, the hallmark technique of the chiropractor, known as high-velocity, low-amplitude thrust, carries much more significant risks. This involves pushing joints beyond their natural range of motion by applying a short, sharp force. Although this is a safe procedure for most patients, others can suffer dislocations and fractures.
Worse still, manipulation of the neck can damage the vertebral arteries, which supply blood to the brain. So-called vertebral dissection can ultimately cut off the blood supply, which in turn can lead to a stroke and even death. Because there is usually a delay between the vertebral dissection and the blockage of blood to the brain, the link between chiropractic and strokes went unnoticed for many years. Recently, however, it has been possible to identify cases where spinal manipulation has certainly been the cause of vertebral dissection.
Laurie Mathiason was a 20-year-old Canadian waitress who visited a chiropractor 21 times between 1997 and 1998 to relieve her low-back pain. On her penultimate visit she complained of stiffness in her neck. That evening she began dropping plates at the restaurant, so she returned to the chiropractor. As the chiropractor manipulated her neck, Mathiason began to cry, her eyes started to roll, she foamed at the mouth and her body began to convulse. She was rushed to hospital, slipped into a coma and died three days later. At the inquest, the coroner declared: “Laurie died of a ruptured vertebral artery, which occurred in association with a chiropractic manipulation of the neck.”
This case is not unique. In Canada alone there have been several other women who have died after receiving chiropractic therapy, and Professor Ernst has identified about 700 cases of serious complications among the medical literature. This should be a major concern for health officials, particularly as under-reporting will mean that the actual number of cases is much higher.
Bearing all of this in mind, I will leave you with one message for Chiropractic Awareness Week - if spinal manipulation were a drug with such serious adverse effects and so little demonstrable benefit, then it would almost certainly have been taken off the market.
· Simon Singh is the co-author of Trick or Treatment? Alternative Medicine on Trial
www.simonsingh.net


UPDATE: The part about chiropractic-induced stroke is of interest to me, as I had once heard of a case of chiropractic manipulation leading to blindness. When I mentioned it at a dinner of skeptics in Tempe, Arizona in 1987 that included James Randi and Jim Lowell of the National Council Against Health Fraud, both of them suggested that this was impossible because the optic nerves don't come anywhere near the spine. But nobody at the table (including me) thought about the possibility of spinal manipulation inducing a stroke causing damage to the visual system. This article from a chiropractic journal discusses cases of visual loss as a result of spinal surgery as a sort of tu quoque defense of chiropractic for similar problems, citing this article:
Myers M, Hamilton S, Bogosian A, Smith C, Wagner T Visual loss as a complication of spine surgery. Spine June 15, 1997;22(12).
So perhaps my remark from 21 years ago is vindicated?
UPDATE (November 4, 2009): Simon Singh gave an overview and update on his case on June 3.

Simon Singh fought against the libel claim despite the state of UK law, and has successfully won the right to appeal in October.


UPDATE (April 16, 2010): Simon Singh won his appeal, and the BCA dropped their suit.

Science books

From Cocktail Party Physics by way of Stranger Fruit... bold the ones you've read, asterisk the ones you intend to read:
  1. Micrographia, Robert Hooke
  2. The Origin of the Species, Charles Darwin
  3. Never at Rest, Richard Westfall
  4. Surely You're Joking, Mr. Feynman, Richard Feynman
  5. Tesla: Man Out of Time, Margaret Cheney
  6. The Devil's Doctor, Philip Ball
  7. The Making of the Atomic Bomb, Richard Rhodes
  8. Lonely Hearts of the Cosmos, Dennis Overbye
  9. Physics for Entertainment, Yakov Perelman
  10. 1-2-3 Infinity, George Gamow (I've not read this, but I've read Mr. Tompkins in Paperback)
  11. The Elegant Universe, Brian Greene
  12. Warmth Disperses, Time Passes, Hans Christian von Bayer
  13. Alice in Quantumland, Robert Gilmore
  14. Where Does the Weirdness Go? David Lindley
  15. A Short History of Nearly Everything, Bill Bryson
  16. A Force of Nature, Richard Rhodes
  17. Black Holes and Time Warps, Kip Thorne
  18. A Brief History of Time, Stephen Hawking (I listened to it on tape on a drive to the Dallas CSICOP conference in 1992)
  19. Universal Foam, Sidney Perkowitz
  20. Vermeer's Camera, Philip Steadman
  21. The Code Book, Simon Singh
  22. The Elements of Murder, John Emsley
  23. *Soul Made Flesh, Carl Zimmer (I'm currently reading this)
  24. Time's Arrow, Martin Amis
  25. The Ten Most Beautiful Experiments, George Johnson
  26. Einstein's Dreams, Alan Lightman
  27. Godel, Escher, Bach, Douglas Hofstadter
  28. The Curious Life of Robert Hooke, Lisa Jardine
  29. A Matter of Degrees, Gino Segre
  30. The Physics of Star Trek, Lawrence Krauss
  31. E=mc<2>, David Bodanis
  32. Zero: The Biography of a Dangerous Idea, Charles Seife
  33. Absolute Zero: The Conquest of Cold, Tom Shachtman
  34. A Madman Dreams of Turing Machines, Janna Levin
  35. Warped Passages, Lisa Randall
  36. Apollo's Fire, Michael Sims
  37. Flatland, Edward Abbott
  38. Fermat's Last Theorem, Amir Aczel
  39. Stiff, Mary Roach
  40. Astroturf, M.G. Lord
  41. The Periodic Table, Primo Levi
  42. Longitude, Dava Sobel
  43. The First Three Minutes, Steven Weinberg
  44. The Mummy Congress, Heather Pringle
  45. The Accelerating Universe, Mario Livio
  46. Math and the Mona Lisa, Bulent Atalay
  47. This is Your Brain on Music, Daniel Levitin
  48. The Executioner's Current, Richard Moran
  49. Krakatoa, Simon Winchester
  50. Pythagorus' Trousers, Margaret Wertheim
  51. Neuromancer, William Gibson
  52. The Physics of Superheroes, James Kakalios
  53. The Strange Case of the Broad Street Pump, Sandra Hempel
  54. Another Day in the Frontal Lobe, Katrina Firlik
  55. Einstein's Clocks and Poincare's Maps, Peter Galison
  56. The Demon-Haunted World, Carl Sagan
  57. The Blind Watchmaker, Richard Dawkins
  58. The Language Instinct, Steven Pinker
  59. An Instance of the Fingerpost, Iain Pears
  60. Consilience, E.O. Wilson
  61. Wonderful Life, Stephen J. Gould (haven't read this, but I've read all of his books of collected Natural History articles)
  62. Teaching a Stone to Talk, Annie Dillard
  63. Fire in the Brain, Ronald K. Siegel
  64. The Life of a Cell, Lewis Thomas
  65. Coming of Age in the Milky Way, Timothy Ferris
  66. Storm World, Chris Mooney
  67. The Carbon Age, Eric Roston
  68. The Black Hole Wars, Leonard Susskind
  69. Copenhagen, Michael Frayn
  70. From the Earth to the Moon, Jules Verne
  71. Gut Symmetries, Jeanette Winterson
  72. Chaos, James Gleick
  73. Innumeracy, John Allen Paulos
  74. The Physics of NASCAR, Diandra Leslie-Pelecky
  75. Subtle is the Lord, Abraham Pais
I'd add some Oliver Sacks and A.R. Luria (neuroscience case studies), V.S. Ramachandran's A Brief Tour of Consciousness, Charles Mackay's Extraordinary Popular Delusions and the Madness of Crowds, and some philosophy of science like Larry Laudan's Science and Relativism (nicely written in the form of a dialogue between advocates of different views), Philip Kitcher's The Advancement of Science, Thomas Kuhn's The Copernican Revolution, John Losee's A Historical Introduction to the Philosophy of Science, and Ian Hacking's Representing and Intervening. There are lots more to list, but those are a few that I've read. My science reading has leaned very strongly towards cognitive psychology, neuroscience, philosophy of mind, and philosophy of science, which is only weakly represented on the above list, and on the creation/evolution debate, which isn't really represented on the above list at all, except by Darwin himself.

Now John Lynch can tell me that I really need to read Origin of Species.

UPDATE (August 28, 2008):

Enhanced with P.Z. Myers' additions:
  1. Ascent of Man, Jacob Bronowski
  2. Basin and Range, John McPhee
  3. Beak of the Finch, Jonathan Weiner
  4. Chance and Necessity, Jacques Monod
  5. *Dr. Tatiana's Sex Advice to All Creation, Olivia Judson (reading now)
  6. *Endless Forms Most Beautiful, Sean Carroll
  7. Evolution: The Triumph of an Idea, Carl Zimmer
  8. Genome, Matt Ridley
  9. Guns, Germs, and Steel, Jared Diamond
  10. It Ain't Necessarily So, Richard Lewontin
  11. On Growth and Form, D'Arcy Wentworth Thompson
  12. Phantoms in the Brain, VS Ramachandran
  13. The Ancestor's Tale, Richard Dawkins
  14. The Case of the Female Orgasm: Bias in the Science of Evolution, Elisabeth Lloyd
  15. The Eighth Day of Creation, Horace Freeland Judson
  16. The Great Devonian Controversy, Martin Rudwick
  17. The Man Who Mistook His Wife For A Hat, Oliver Sacks
  18. The Mismeasure of Man, Stephen Jay Gould
  19. The Triple Helix: Gene, Organism, and Environment, Richard Lewontin
  20. Time, Love, Memory, Jonathan Weiner
  21. Voyaging and The Power of Place, Janet Browne
  22. Woman: An Intimate Geography, Natalie Angier

Police violating rights at the Democratic National Convention?

P.Z. Myers has a post at Pharyngula about how the Democratic National Convention itself is prioritizing religious speakers who disagree with planks of the party platform over non-religious speakers who do not, which goes on to report allegations from an attorney that police from the Aurora, Colorado Police Department have been arresting peaceful protesters on bogus charges, apparently confiscating a compact flash card documenting police behavior, shooting pepper spray into the face of a protester who was obeying police instructions, and illegally not wearing badges or using means to obstruct their names and badge numbers.

Cops who act illegally should be fired and prosecuted, every time. They hold a position of public trust and need to be held to a higher standard than civilians, not a lower one.

UPDATE: Police claim protesters were carrying rocks. They arrested about 100 protesters. The group Recreate '68 says it was denied its use of a legal permit for the use of Civic Center Park, while police helped to protect and bring in Rev. Fred Phelps of the Westboro Baptist Church. About a dozen abortion protesters were arrested on Tuesday, so they weren't being given special treatment.

In the Denver Post's photos, I don't see any cops without visible badges, though in only a few photos of cops with riot gear are the pictures close enough to see the numbers in white on the front of their uniforms.