Toys, Terrorism and Technology

Recent attacks on citizens in all too many countries have raised the question of creating back-doors in encrypted communications technology.  A November 22 NY Times article by Zeynep Tufekci: “The WhatsApp Theory of Terrorism“, does a good job of explaining some of the flaws in the “simplistic” – government mandated back-doors. The short take: bad guys have access to tools that do not need to follow any government regulations, and bad guys who want to hack your systems can use any backdoor that governments do mandate — no win for protection, big loss of protection.

Toys? The Dec. 1 Wall Street Journal covered: “Toy Maker Says Hack Accessed Customer Information“.  While apparently no social security or credit card data was obtained, there is value in having names – birthdates – etc for creating false credentials.  How does this relate to the Terrorist Threat?  — two ways actually:

  1. there are few, if any, systems that hackers won’t target — so a good working assumption is someone will try to ‘crack’ it.
  2. technologists, in particular software developers, need to be aware, consider and incorporate appropriate security requirements into EVERY online system design.

We are entering the era of the Internet of Things (IoT), with many objects now participating in a globally connected environment.  There are no doubt some advantages (at least for marketing spin) with each such object.  There will be real advantages for some objects.  New insight may be discovered though the massive amount of data available  – for example, can we track global warming via the use of IoT connected heating/cooking devices? However, there will be potential abuses of both individual objects (toys above), and aggregations of data.  Software developers and their management need to apply worst case threat-analysis to determine the risks and requirements for EVERY connected object.

Can terrorists, or other bad guys, use toys? Of Course!  There are indications that X-Box and/or Playstations were among the networked devices used to coordinate some of the recent attacks. Any online environment that allows users to share data/objects can be used as a covert communications channel.  Combining steganography and ShutterFly,  Instagram, Minecraft,  or any other site where you can upload or manipulate a shareable image is a channel.  Pretending we can protect them all is a dangerous delusion.

Is your employer considering IoT security?  Is your school teaching about these issues?


Apocalypse Deterrence

The Center for the Study of Existential Risk ( at Cambridge (U.K.) is focusing on how to protect humanity from the downside(s) of technology.  By “Existential” they are not referring to Camus, but to the elimination of Homo Sapiens — i.e. our existence.

Their concerns include the question of AI*’s that might have both sufficient power and motivation to disrupt humanity, and genetic engineering that could either make us obsolete, or get out of hand and make us extinct.

Who Cares? … well some fairly knowledgeable folks are involved, including:

  • Stephen Hawlking
  • Jaan Tallinn
  • Elon Musk
  • George Church

I suspect that some SSIT folks may find it useful to monitor CSER’s newsletter and consider how their concerns and issues relate to SSIT’s activities. — Grist for the Mill as it were.


Technology and Floods

I have about as painless of opportunity to experience the pros and cons of technology in an emergency situation.  We have a cabin in one of the Colorado canyons where the flooding hit this last weekend.  Fortunately our cabin does not appear to be affected, nor the cabins or lives of our family members who also live in the area.  (We live in New Hampshire, so not even near the action.)

But … how is technology playing its role?

The Good News:

The reverse 911 systems and opt-in notifications were very good at letting folks know that flooding was likely, then expected, then coming at a higher rate and you need to move to high ground.  In the area where our cabin is located, many lives were lost in the 1976 flood due to a lack of communications, and realistically, lack of understanding of the power of water.  While we can expect further loss of life (probably discovered as search and rescue folks move in) the significant drop here was due in part to the communications channels.

The failures in the area started with power, first to go in any major storm.  Then phones when they opened the flood gates on the Estes Park dam (as the lake filled and started to flood many other areas.)  This also took out much of the road network, a situation echoed across the northeastern area of Colorado (I25 is still not fully open as I write this, and that is the major north-south freeway; the secondary highways and tendrils of roads back into the hills has even greater damage.

Ingenuity being what it is, a few folks near our cabin cobbled together a few car batteries, laptop and a satellite dish (from what I hear) and have been able to get emails in and out.  A level of communications that has been most valued by those of us on the outside.
(yes we are ok, this property is damaged, this one is not, a list of folks here, folks not here, folks that have hiked out, etc.)

A second communications channel has been a web site I created on the fly to track who was in the area, who was not in the area.  I’ve added information about property damage, pictures and pointers to news stories, excerpts from the emails, and so forth.  Friends, families, spouses, kids, etc. are finding it useful to both confirm the well being of the persons involved, and the local status.

Pictures can come from many places.  Early emails included pictures of water over the bridge (never a good thing), later pictures are from folks who hiked out.  The Denver Post flew a helicopter over the area and just happened to publish pictures of four cabins that were in the area, so we have some expectation of the recovery efforts (mostly redoing the river bed and rebuilding the road.)  These pictures confirm that the phone line into the area are intact, and the power poles are gone. I expect more pictures as a formal smart-phone, whatever-pad and real ‘camera’ tour is made of the 70 or so properties in the area.

Estes Park swapped their emergency communications from their own servers to Facebook and Twitter.  I suspect one reason is that the servers for those operations are remote (not affected) and importantly,  the thousands of hits increase in queries are a drop in the bucket for those sites.  The Colorado Dept. of Transportation did not do this and their website shut down with overloads … a classic case of not accommodating “black swan” events.

We did not have a good index of the houses, occupants, contact information, etc for the folks in this small community.  I was able to build one from property tax records, online white pages and some data mining for email addresses.  It is not complete, but it has allowed me to move from a first name to complete name with address information.  There are privacy issues here, but in this case there is justifying value — and I don’t plan on abusing the information.  I expect it will have even greater value as repairs start getting put into action (for example, the National Guard needs a way to check folks entering an area to see if they are legitimate, we can give them a list of residents, etc.)

The Bad News:

We are so dependent on technology, remaining in the area is not feasible for most or all folks.  The real limiting factor is access to food (and clean water). Without the road network, folks cannot get to food supplies.  Fifty years ago, the closest (small) market was two miles down the road, now it is 15 miles up the road.  Mind you, the road is gone, so supplying the small market would not be possible at this time.  But, “back then” it would have been back in operation, and we could walk down and back.  My grandmother got to the cabin by horseback (after taking a stage coach to Estes.)  Folks had supplies in camp like flour; caught fish in the river, and shot deer, etc. Ok, so fish don’t do well in floods, but the level of dependency on high speed travel (like over horse speed) was not there either.  Her parents would have expected to live for weeks on what they had on hand, without refrigeration, etc. — Mind you, I really do like flush toilets and running water, even better, hot water and electric lights. These are all things that were added to the cabin during my grandmothers life span.  (She died before we got DSL in the area, cell phones are still no go)

One of the bad things is the lack of knowledge (and perhaps planning/etc.) folks have about their devices.  Phones with GPS can track your walking.  When folks found their way out of the area this would allow easy communications about the path for others to follow — in or out.  (We forget that when the roads go, our ability to find our way changes, in some cases quite radically.)

The experience so far leans towards the benefits of technology.  I do  not doubt that this has saved lives in Colorado, just with changes in the last five years.