Wednesday, 27 November 2002

Government secrets are, inherently, a threat to democracy. The basic premise of democracy is that well-informed citizens make better decisions than dictators or elites; when we concentrate knowledge in the hands of the few, we cheat democracy of its strength. Closed-door decisions, whether on health care, energy policy or homeland security, lead to public mistrust, lack of accountability, and policies that are imposed on the people, instead of being proposed and adopted by the people.

At the same time, government secrets are inherently useful in warfare, diplomacy, law enforcement, intelligence gathering, and other areas where the enemies of society operate. Public review might have improved our battle plans for Operation Market-Garden, say, but public debate would have informed the Nazis of our intentions, and made the plans less than worthless. (Public review of our D-Day invasion plans doesn't even bear thinking about.) When informing the public risks informing the enemy, secrets can be justified in the name of the common good.

And so we strike an awkward balance. We want to keep secrets from our enemies, but we don't want secrets kept from us, and we distrust the motives of those who do. We've had too many bad experiences with people who claim secrecy for the public's benefit, but then use it to advance a private agenda under cover of darkness.

Case in point: Recently a blogger, whom I'll call "Pusher" (for reasons that will make sense later), cited this Reuters article about a North Carolina researcher who published his findings on our vulnerability to biological warfare. Pusher cited this as an example of when it's better to shut up and keep our vulnerabilities a secret, and not risk revealing them to Al Qaeda. "Security through obscurity" is the best option, he declared; better to avoid alerting the enemy than to openly discuss our weak points. I (and others) politely noted that the researcher in question was attending a conference on biological warfare, that assessing risks and vulnerabilities is a necessary step in prioritizing our defenses, and that, given those circumstances, it would have been irresponsible not to inform the other attendees of our vulnerabilities in this area.

In a followup article, Pusher then took his case for "security through obscurity" to the extreme: He claimed he'd discovered the Terrible Secret of Blog, a terrorist attack scenario which could be executed by a small group of determined individuals (50 people), using commonly available tools and equipment, that would cause crippling disruption to the U.S. economy and cannot be defended against. He didn't say what this secret attack was, naturally, but it was (of course) a perfect example of when it's better to keep things secret than to discuss them openly.

Pusher did agree to share the Terrible Secret with a second blogger, whom I'll call "Shover," to confirm that it was simple, devastating, and indefensible. Shover, upon review, agreed that the attack was simple and devastating, but he had some ideas on defenses; his ideas, to the extent that he's revealed them so far, are effectively the position he was already advocating: Mass distribution of firearms and training to the civilian populace, to ensure that any terrorist attacks are met by a local, immediate armed response.

Pusher subsequently removed the Terrible Secret from his blog, and Shover censored his own blog to hide Pusher's identity, on the fear that Al Qaeda might surf the web, discover the Terrible Secret, and then attempt to kidnap Pusher and torture him into revealing it. (I have to admit that this part of the story has my kook-o-meter pinging wildly: I'm just as paranoid as the next guy, but if tantalizing blog postings can lure Al Qaeda operatives into the open, then I think we've found a new defense strategy. I've discovered a major, major vulnerability that terrorists would just love to know about, la la la, let me just finish setting these punji traps....)

Delusions of grandeur aside, this story illustrates many reasons why secrets are dangerous, and a few reasons why secrets are necessary. There is, most assuredly, no shortage of ways that our national infrastructure could be crippled by several small teams of terrorists acting in concert. The September 11th attacks were more political theater than military strategy, as Pusher notes elsewhere; if the terrorists had really wanted to damage our infrastructure that day, they flew past a far more obvious target on their way to the World Trade Center.

"Security through obscurity" isn't an option for protecting the Brooklyn Bridge, though, because the target isn't obscure. If Al Qaeda can identify the vulnerability just as easily as you can, then "security through obscurity" is a costly delusion; you give up the exchange of ideas and the collective actions that might lead to improved defenses, and get only the illusion of security in return. By declaring that he's found a hidden vulnerability in our infrastructure, which the common good demands that he keep to himself, Pusher presumes that he's more clever than the terrorists (who would never have thought up this idea on their own) and more clever than the rest of us (who would never have come up with a good defense).

It's possible, of course, that both these presumptions are correct; maybe Pusher has knowledge of (say) our national power grid that only a handful of industry experts would have, and thus can identify vulnerabilities that are truly obscure and esoteric. Maybe he's correct in his assessment that there is no other defense, and the best we can do is to keep quiet about this particular issue and hope Al Qaeda never learns about it.

But it's also possible that Pusher is wrong. (In his original article Pusher considered whether there was any chance he'd overlooked something... unsurprisingly, he concluded that he hadn't.) If Pusher is wrong about the obscurity of his idea, then his actions may assist the terrorists: By failing to alert the public, he ensures that only he and Al Qaeda know about it. If Pusher is wrong about the feasibility of defense, then his actions may harm the public: By denying us the opportunity to act, or even to assess the possibility of defense, he becomes accountable for the lack of defensive options.

And, of course, it's also possible that Pusher is using secrecy to push a private agenda, namely that his critics shut up and stop disagreeing with him. ("I'm right about this, and I can prove it, but I can't tell you the proof for reasons of national security. You'll just have to trust me and shut up now.") If it works for Dubya, why not for warbloggers? At the same time, Shover is well-known for his strong Second Amendment views; in theory, he could use the Terrible Secret to stealthily advance his pro-gun agenda. (Not that I object to a pro-gun agenda per se, or that I believe Eric would actually do this—I simply point out the possibility, and that Secret Reasons of National Security have often been used to advance personal agendas.)

In any event, I hope Pusher and Shover can protect us from the Terrible Secret of Blog, given that they've made it impossible for me to assess what measures are appropriate—since all the information is secret and private, I can't tell whether this is a serious threat or a practical joke. I guess I'll just go over here and stand by the stairs.

I should note that the government has one other legitimate purpose for keeping information secret, which is only tangential to this discussion: When the government comes into possession of private information, it can (and should) respect the owner's privacy. Examples would be medical records, tax statements, secret ballots, and so on. Pusher apparently wants to keep his identity out of this discussion, so I've respected that here.

- Posted by Scott Forbes at 9:59 pm. comments.

Monday, 18 November 2002

I was walking down a street here when I saw a store flying the American flag out front. It's always a thrill to see Old Glory when you're overseas, unless of course they're burning it right outside your office building. (Now there's a memory of New Zealand I won't soon forget. Our offices were in the Mobil Oil building, which meant the anti-globalization / "no blood for oil" protesters were drawn to the place like a magnet: From twelve stories up, I had the displeasure of watching a flag-burner do his worst. All hail freedom of speech.)

Anyhow, I went to see what store was proudly flying our flag in the middle of Australia. Sometimes you'll see national flags outside restaurants, travel agencies, etc., so I was curious to find out what kind of establishment it was.

It was a military surplus store.

To be fair to New Zealand, I also remember the week after September 11th, when the Kiwis took their own national flag off the poles and flew the Stars and Stripes at half-mast. It was a spontaneous, moving, and much-appreciated gesture.

- Posted by Scott Forbes at 5:34 am. comments.

Saturday, 16 November 2002

For the sake of argument, let's say that you're a farmer. You look at the other farmers nearby and 90% of them are planting cotton; the others are mostly growing peanuts. What should you do?

  • Plant cotton. It's the biggest crop with the largest market.
  • Plant peanuts. There's less competition, and they taste great!

I don't know what you'd decide, but Steven Den Beste is growing cotton. Never mind about supply and demand, competition, advertising costs, the robber baron who dominates the cotton exchange—none of those things matter. Cotton is king!

Or, at least, that's what I gather from Steven's latest essay on Macs, PCs and viruses. Sometimes I think Steven is trolling whenever he writes about Macs; other times I think his finely tuned engineer's mind simply doesn't understand why Macs don't disappear in a puff of logic.

Steven takes issue with the opening statement from a NewsFactor article on Macintosh viruses: "Historically, Mac OS users have had little to fear from the scourge of viruses plaguing their Windows counterparts. The operating system's "Classic" incarnation was practically impervious, Macworld editor Jason Snell told NewsFactor." Steven considers this to be utter nonsense, and says so in about as many words; MacOS 9, he proclaims, is actually more vulnerable to viruses and trojans than Windows NT and its offspring, and the reason Macs don't have any cool, fast-spreading viruses like Klez is that Macs are too small of a niche market for virus authors to bother with.

Let's say that you've planted your cotton, and a few months later the boll weevils come. They eat your whole crop, and then infest all your neighbors—except that one guy down the road a few miles, who's growing peanuts. What do you conclude?

  • If everyone grew peanuts, there'd be peanut weevils.
  • Peanuts are more pest-resistant than cotton.
  • Maybe we shouldn't all be growing the same crop.

Boll weevils decimated the Southern USA in the 1930s because cotton was a monoculture there—almost every farmer who could grow cotton was growing it, and the boll weevils looked at Texas through Georgia as one enormous picnic grounds. They couldn't have asked for a better environment in which to thrive and feast.

Steven's article on Mac viruses (and the lack thereof) is right on the general points, but wrong on the conclusion: If we replaced an all-Windows monoculture with an all-Mac monoculture, the virus authors would surely switch and go after the low-hanging fruit on the Mac platform. But the right solution to this problem isn't to replace the Cotton King with the Peanut King; it's to start growing soybeans and sorghum and rotating crops every now and then.

The idea that we can only replace the Windows monopoly with another monopoly is a trap that many people fall into: We've lived with tyranny for so long that we can only think of change in terms of replacing one tyrant with another. We think that Microsoft's monopoly is the natural outcome of market forces, and—heaven help us—some of us actually drink the Kool-Aid and believe that it's beneficial to consumers.

Microsoft's OS monopoly creates a uniform market for computer software, the theory goes; by creating a large pool of identical consumers, it lowers the barrier for writing applications, which fosters competition and drives down prices. The corollary to this theory is that Playstations, GameCubes and XBoxes are bad for consumers, because they fragment the market, make console games more expensive to write, and reduce the number of games available. (?) By further extension, we can conclude that Ford, GM, Chrysler, Toyota, et al. are bad for consumers, because they fragment the market for auto parts—if the automakers would just converge on a standard and get rid of all the incompatible mufflers, carburetors, etc. that plague the industry, the world would be a much better place for parts manufacturers, and thus better for consumers. (???)

Or not. Maybe what's good for Microsoft is bad for the consumer. Maybe Microsoft's "standardization" efforts are self-serving, anti-competitive, and give the consumer more security risks than benefits. Maybe the consumer would be better served by a free and open market, with a neutral referee who sets the standards and ensures competition. Maybe the Klez virus and its brethren would find it harder to propagate in an environment where not every machine had the same e-mail client, the same address book, and the same scripting language that allowed you to access them.

...which brings us back to the classic MacOS. Steven observes (correctly) that no operating system can defend against social engineering attacks, which Klez and other viruses rely upon to trick the user into unwittingly lowering defenses and helping to spread the virus. Mac users may be smarter and more attractive than Windows users, but they're certainly not immune to trickery. (Steven would probably claim that, if anything, MacOS users are more gullible than the general population, because they pay more money for less computer—but we've touched on this subject before.)

Where the classic MacOS had an advantage over Windows, though, is that the MacOS of old did not have a single, dominating e-mail client with an insecure scripting language and an easy-to-access address book. A MacOS 9 virus that tries to do what Klez does will find it bewilderingly difficult to predict the user's e-mail client, locate the user's address book, or access a scripting language with convenient "hooks" for propagating a virus: The vectors just aren't there. It isn't "security through obscurity," as Steven describes it; it's security through diversity, and it exists in everything from Space Shuttle computers to our transportation infrastructure.

So, to answer Steven's assertion: It is much easier for viruses to spread within a monoculture than a diverse environment. Windows NT/XP/ME and the associated family of Microsoft applications is a monoculture. Classic MacOS is not a monoculture, and even if we boosted its market share to 90%, its e-mail systems would still be more diverse and harder to exploit than a same-sized group of Windows machines. Microsoft's monoculture is not a natural state of affairs for the OS industry, any more than it would be "natural" for Sony or General Motors to have 90% market share in their industries. The ideal way to reduce the vulnerability of our computing infrastructure would be to restore competition to the operating systems market, not to replace one monopolist with another—but since the DoJ just passed up yet another opportunity to do exactly that, the odds of it happening anytime soon are limited.

I should also note that MacOS X does have a dominant e-mail application and a consistent address book location, so it is, in that regard, equally vulnerable to a Klez-style virus that harvests e-mail addresses. Perhaps Apple agreed with Steven Den Beste's contention, that you're not a major player in the computer industry unless your OS has some really fast-spreading viruses?

- Posted by Scott Forbes at 12:14 am. comments.

Tuesday, 12 November 2002

Part of the challenge of writing a pro-democracy article, as opposed to describing why I think anarchy isn't a viable option, is overcoming the "duh" factor. These days, proclaiming that democracy is a better system of government is like declaring your belief that Hawaii has nicer beaches than New Mexico.

This wasn't always so obvious. In the 1930s, much of the world thought that fascism was the system of the future; while the democracies of the world were mired in the Great Depression, the fascists appeared to be revitalizing their nations. In the 1970s communism reached its zenith, and people genuinely believed in the inevitable triumph of world socialism. It took years, even decades, for the flaws in those systems to become apparent; afterwards, of course, everyone proclaimed that they'd known about the flaws all along, and congratulated themselves for their brilliant hindsight.

But what was it that led democracy to eventually succeed where the other systems failed? Why did the other systems appear to work better than democracy in the short run, then eventually crash and burn?

One of the enduring myths about Benito Mussolini's Italy is that he made the trains run on time—a myth that, like any good urban legend, has a grain of truth in it. Compared to fascism, democracy is a slow, frustrating, inefficient, bureaucratic mess of a system: It's a Gordian knot of bickering factions, ad-hoc alliances, and temporary compromises that leaves each participant feeling uniquely cheated of success. Democracies react slowly to outside influcences or the changing will of the populace, and have an in-built inertia that is difficult to overcome.

By comparison, dictatorships are a model of simplicity and efficiency: One man makes all the decisions, and things get done. Why doesn't the nice, clean, efficient system of government win out over the slow, messy, and inordinately complex one?

The answer, I think, is that these other systems can outperform democracy—in the short term. A truly outstanding leader doesn't need a parliament to review and endorse his decisions; in fact, the parliament may be an obstacle that prevents the wise king from acting in the nation's best interest. Democracies are riddled with compromises and half-measures that sometimes fail where bold action would succeed, and the dictator has a free hand to pursue those actions. There are situations where it appears that a nation is best served by putting all power in the hands of one leader, so that the leader can do what must be done, and in the short term this approach works.

Over time, though, the dictator turns out to be flawed like the rest of us: He's a brilliant general but a rotten admiral, or a terrible economist. His faults are not corrected, because no one has the power to do so, and when his gambles fail spectacularly they take the entire nation down with him. At best the emperor lives a long and successful life, dies, and then the empire collapses into civil war as his heirs duke it out for the sceptre.

In the long run, I think democracy succeeds because it makes bad decisions—truly bad, irrevocable, land-war -in-Asia decisions—less often than any other form of government. Democracies are better at correcting their mistakes, better at transitioning power from one leader to the next, and make better use of their resources; it isn't the most efficient system for decision-making, but over time it gets better results.

Just for my own peace of mind: Pure democracy would mean a system where every person votes on every issue, something that I consider desirable but currently impractical; the ancient city-states of Greece did it, and there are some New England communities that continue the practice, but it doesn't scale up well. The American system of government is a democratic republic, where we vote for the members of Congress and they vote on the actual issues.

I think we're slowly approaching the point where technology will make pure democracy practical again, and I think that pure democracy will eventually correct some areas where the American system has rigged itself in favor of the incumbents.

- Posted by Scott Forbes at 12:42 am. comments.

Monday, 11 November 2002

REALbasic developers will find a new project on my RB source code page: It's a Window subclass that allows your application to e-mail bug reports back to the developer. It's not a major breakthrough in the world of software development or anything, but if you want this feature in your application it'll save you about an hour or two of effort. Enjoy.

One of these weeks I'll tie all my source code together and make a full-fledged application framework. Thomas Reed is already several steps down that road, and his latest Doc App Template incorporates some Undo ideas that look vaguely familiar....

- Posted by Scott Forbes at 1:50 am. comments.

Tuesday, 05 November 2002

Today is the Melbourne Cup, Australia's answer to the Kentucky Derby—if the Derby were a national holiday and everyone stopped work to place their bets and watch, that is.

I'm troubleshooting a problem with Internet Explorer 6 for Windows, which apparently crashes when reading web pages that do certain things with Cascading Style Sheets (specifically, it crashes when it encounters a first-letter property). Let me know if you're having problems, assuming of course that you can read this at all.

- Posted by Scott Forbes at 5:10 pm. comments.

Saturday, 02 November 2002

Last week I wrote a few paragraphs about anarchy, mainly as a rejoinder to Eric Raymond's essay on why he prefers anarchy to democracy. As a form of government, anarchy appeals to those who believe that individual liberty is the cornerstone of civilization, and that, ultimately, each citizen is responsible for securing and protecting his or her own rights. It's a worldview reflected in the writings of Ayn Rand and Henry David Thoreau, and summarized by the old saying "That government is best which governs least." It's a world where there is no government, because it isn't necessary to have one; it suggests that men should be ruled by reason, and that our ultimate society is one where they are.

My argument against anarchy is that it fails the practical test: In the gap between what can be and what is, anarchy stumbles and falls. No one in their right mind would propose that we topple Saddam Hussein's government and replace it with anarchy, because we recognize that anarchy is a fertile breeding ground for Al Qaeda—much more so than Saddam's Iraq, in fact.

The anarchist utopia is one where men are ruled by reason, at all times, and in all causes. There are no irrational actors, or they're in such small number that they can be dispensed without trouble. There are no issues and no causes that inspire their believers to a passionate fervor which reason alone fails to justify: There is no zealotry, bigotry, superstition, or irrational exuberance, and there certainly aren't any True Believers who choose their actions in this life on the premise of a reward in the next one.

I don't think we can get to the anarchist utopia from here. I think that any proposal for how men should be governed (including "not at all") should address how that system deals with irrational actors; at best anarchy hand-waves them away, or confidently asserts that they're a diminishing force over time. I'll agree that science and reason have made great strides, but to believe that all human behavior will eventually succumb to reason is folly. It's the same belief that mathematicians had, until Gödel proved them wrong; no matter how elaborate your system of logic is, there will always be something beyond it.

Traditional left-wing thinking fails to address the problem of Al Qaeda, because it asserts that all worldviews are equally rational and sensible, that accepting a particular worldview is a question of validating the viewer's perspective, and that it's elitist, imperialist and wrong to invalidate someone else's perspective. It tries to solve Al Qaeda by accepting Al Qaeda, which the right (and most of the center) finds morally repugnant.

Traditional right-wing thinking fails to address the problem of Al Qaeda, because it asserts that its worldview is the only rational way to view the world, that all other views are misguided or insane, and that eventually everyone else will come around to the right way of thinking. It tries to solve Al Qaeda by treating it as an aberration, as a small group of bandits and madmen that can be solved by hunting down the individuals and reforming the ideology that produced them. That these efforts may actually refresh Al Qaeda's pool of believers rather than drain it is impossible, of course, because Al Qaeda is an isolated group which sprang up fully formed from the sands of Arabia in late 2001, did not exist previously, and will cease to exist after we've drained the swamp.

Traditional libertarian/anarchist thinking fails to address the problem of Al Qaeda, because it asserts that everyone should find their own worldview and not try to impose their views upon others—which, as Eric Raymond puts it, petulantly ignores Al Qaeda. When the horde of True Believers arrives at your doorstep and demands that you convert to the One True Religion, I think most anarchists will suddenly rediscover the value of government as a means of common defense. Maybe you can defend yourself so well that a rational person wouldn't attack you, but the True Believers aren't rational: To them, mutual death would mean that you'll be their valet in the afterlife, so they're more than prepared to die in droves if it means taking you down with them.

I'm using Al Qaeda in these examples because it's a particularly current and relevant test; I could just as easily use Crusaders, McCarthyists, the Salem Witch Trials or any other group of irrational actors. Anarchy is doomed to failure when applied to the real world, because it requires as a first postulate that humans are ruled by reason and will behave rationally; practical experience suggests that this assertion is hopelessly optimistic.

(sigh) Once again I've set out to write the case for democracy, and instead written several paragraphs making the case against anarchy. It's so much easier to write about something you're against, and poke holes in the other guy's argument, than to write what you stand for and make an argument with no holes in it. Next time I'll only make the case for democracy, and let someone else poke the holes.

- Posted by Scott Forbes at 9:34 pm. comments.

Choose a Style

Table of Contents

All Content RSS
Travel only RSS
Politics only RSS

Site Search

Archives

2005
Jan Feb Mar
Apr May Jun
Jul Aug Sep
Oct Nov Dec
2004
Jan Feb Mar
Apr May Jun
Jul Aug Sep
Oct Nov Dec
2003
Jan Feb Mar
Apr May Jun
Jul Aug Sep
Oct Nov Dec
2002
Jan Feb Mar
Apr May Jun
Jul Aug Sep
Oct Nov Dec

My Other Pages

Essential Reading Photo Album MT-NW Filters Yonk

Send E-Mail

 

More Yanks in Oz

(Southern Cross) Words web-goddess Gadgetgirl's Journal Smiles from Susan Rambling Web Girl Weezil The Dog's Breakfast yankinoz Summerleas Chronicle Democrats Abroad

Expat Blogs

The Road to Surfdom mr. zilla goes to town Lost in Transit Aussie Lass Simon World Michael Jennings A Geek in Korea The Peking Duck Imagining Australia Things I've Seen

Aussie Blogs

Anthony J. Hicks Southerly Buster The Swanker Living in Australia Ms Hairy Legs Deltoid Blast Radius Boudist Blissbomb Temporanea

Political Blogs

Political Animal Daniel Drezner TalkLeft Daily Kos Lies.com Talking Points Memo Intel Dump Tapped Belmont Club Legal Fiction Asymmetrical Information One Hand Clapping Democracy Arsenal

Fafblogs

Fafblog

More Blogs

Canned Platypus How Appealing The Karmic Inquisition The Speculist The Adventures of Accordion Guy Boing Boing