Skip to content

Mining and Visualizing YouTube Metadata for Threat Models

For several years I've been working on ways to pull metadata from online video viewers into threat models. In terms of early-warning systems or general trends, metadata may be a useful input on what people are learning and thinking about.

Here's a recent example of a relationship model between viewers that I just noticed:

A 3D map (from a company so clever they have managed to present software advertisements as legitimate TED talks) indicates that self-reporting young viewers care more about sewage and energy than they care about food or recycling.

The graph also suggests video viewers who self-identify as women watch videos on food rather than energy and sewage. Put young viewers and women viewers together and you have a viewing group that cares very little about energy technology.

I recommend you watch the video. However, I ask that you please first setup an account with false gender to poison their data. No don't do that. Yes, do…no don't.

Actually what the TED talk reveals, if you will allow me to get meta for a minute, is that TED talks often are about a narrow band of topics despite claiming to host a variety of presenters. Agenda? There seem to be extremely few outliers or innovative subjects, according to the visualization. Perhaps this is a result of how the visual was created — categories of talks were a little too broad. For example, if you present a TED talk on password management and sharks and I present on reversing hardware and sharks, that's both just interest in nature, right?

The visualization obscures many of the assumptions made by those who painted it. And because it is a TED talk we give up 7 minutes of our lives yet never get details below the surface. Nonetheless, this type of analysis and visualization is where we all are going. Below is an example from one of my past presentations, where I discussed capturing and showing high-level video metadata on attack types and specific vulnerabilities/tools. If you are not doing it already, you may want to think about this type of input when discussing threat models.

Here I show the highest concentrations of people in the world who are watching video tutorials on how to use SQL injection:

Posted in Energy, Food, Security.

What Surveillance Taught Me About the NSA and Tear Gas: It's Time to Rethink our Twitters about Nightmares

Medium read: 23.45 minutes at 1024×768

Zeynep Tufekci has tweeted a link to a journal of her thoughts on surveillance and big data.

#longreads version of my core thesis: "Is the Internet Good or Bad? Yes." I reflect on Gezi, NSA & more.

The full title of the post is "What tear gas taught me about Twitter and the NSA: It’s time to rethink our nightmares about surveillance."

I noticed right away she used a humble brag to describe events at a recent conference she attended:

A number of high-level staff from the data teams of the Obama and Romney campaigns were there, which meant that a lot of people who probably did not like me very much were in the room.

You hate it when high-level people do not like you…? #highlevelproblems?

She then speculates on why she probably would not be liked by such high-level people. Apparently she has publicly caricatured and dismissed their work as "richer data for the campaigns could mean poorer democracy for the rest of us". She expects them to not like her personally for this.

I said she speculates that she is not "liked" because she does not quote anyone saying they "did not like" her. Instead she says they have publicly dismissed her dismissal of their work.

My guess is she wants us to see the others as angry or upset with her personally to set the stage for us seeing her in the hot-seat as a resistance thinker; outnumbered and disliked for being right/good, she is standing up for us against teams of bipartisan evil data scientists.

Here is how she describes meeting with the Chief scientist on Obama’s data analytics team, confronting him with a hard-hitting ethical dilemma and wanting to tell him to get off the fence and take a stand:

I asked him if what he does now—marketing politicians the way grocery stores market products on their shelves—ever worried him. It’s not about Obama or Romney, I said. This technology won’t always be used by your team. In the long run, the advantage will go to the highest bidder, the richer campaign.

He shrugged, and retreated to the most common cliché used to deflect the impact of technology: "It’s just a tool," he said. "You can use it for good; you can use it for bad."

"It’s just a tool." I had heard this many times before. It contains a modicum of truth, but buries technology’s impacts on our lives, which are never neutral. Often, I asked the person who said it if they thought nuclear weapons were "just a tool."

The data scientist appears to say a decision on whether the tool is good or bad in the future is not up to him. It's a reasonable answer. Zeynep calls this burying the truth, because technology is never neutral.

To be honest there is a part of me tempted to agree with her here. That would be a nice, quiet end to my blog post.

But I must go on…

Unfortunately I can not stop here because she does not end her post either. Instead, she goes on to apparently contradict her own argument on tools being non-neutral…and that just happens to be the sort of thing that drives me to write a response.

The reason I would agree with her is because I often am making this argument myself. It's great to see it made by her. Just the other day I saw someone tweet that technology can't be evil and I had to tweet back that some technology can be labeled evil. In other words a particular technology can be defined by social convention as evil.

This is different from the argument that technology can never be neutral, but it is similar. I believe much of it is neutral in a natural state and acquires a good/bad status depending on use, but there still are cases where it is inherently evil.

The philosophical underpinning of my argument is that society can choose to label some technology as evil when they judge no possible good that can outweigh the harm. A hammer and a kitchen knife are neutral. In terms of evil, modern society is reaching the highest levels of consensus when discussing cluster-bombs, chemical weapons, land-mines and even Zeynep's example of nuclear weapons.

My keynote presentation at the 2011 RSA Conference in London used the crossbow as an example of the problem of consensus building on evil technology. 500 years ago the introduction of a simple weapon that anyone could easily learn meant a sea change in economic and political stability: even the most skilled swordsman no longer stood a chance against an unskilled peasant who picked up a crossbow.

You might think this meant revolution was suddenly in the hands of peasants to overthrow their king and his mighty army of swordsmen. Actually, imagine the opposite. In my presentation I described swordsmen who attempted to stage a coup against their own king. A quickly assembled army of mercenary-peasants was imported and paid to mow down revolutionary swords with crossbows. The swordsmen then would petition a religious leader to outlaw crossbows as non-neutral technology, inherently evil, and restore their ability to protect themselves from the king.

The point is we can have standards, conventions or regulations, that define technology as inherently evil when enough people agree more harm then good will always be the result of use.

Is the Internet just a tool?

With that in mind, here comes the contradiction and why I have to disagree with her. Remember, above Zeynep asked a data scientist to look into the future and predict whether technology is bad or good.

She did not accept leaving this decision to someone else. She did not accept his "most common cliché used to deflect the impact of technology". And yet she says this:

I was asked the same question over and over again: Is the internet good or bad?

It’s both, I kept saying. At the same time. In complex, new configurations.

I am tempted to use her own words in response. This "contains a modicum of truth, but buries technology’s impacts on our lives, which are never neutral." I mean does Zeynep also think nuclear weapons are "both good and bad at the same time, in complex, new configurations"? Deterrence was certainly an argument used in the past with exactly this sort of reasoning to justify nuclear weapons; they are bad but they are good so they really are neutral until you put them in the hands of someone.

And on and on and on…

The part of her writing I enjoy most is how she personalizes the experience of resistance and surveillance. It makes for very emotionally-charged and dramatic reading. She emphasizes how we are in danger of a Disney-esque perfect surveillance world. She tells us about people who, unable to find masks when they disagree with their government, end up puking from tear gas. Perhaps the irony between these two points is lost to her. Perhaps I am not supposed to see these as incongruous. Either way, her post is enlightening as a string of first-person observations.

The part of her writing I struggle most with a lack of political theory, let alone science. She does not touch on the essence of discord. Political science studies of violent protests around the world in the 1960s for example were keying in on the nature of change. Technology was a factor then also, and the time before and the time before, so a fundamental question is raised whether there are any lessons learned before. Maybe this is not the first time we've crossed this bridge.

Movements towards individualism, opportunity, creativity, and a true thinking and nourishing society appear to bring forth new technology, perhaps even more than new technology causes them. Just like the crossbow was developed to quickly reduce the ability of a swordsman to protect his interests, innovations in surveillance technology might have been developed to reduce the ability of a citizen to protect theirs. Unlike the crossbow, however, surveillance does not appear to be so clearly and consistently evil. Don't get me wrong, more people than ever are working to classify uses of surveillance tools as evil. And some of it is very evil but not all of it.

Harder questions

Political science suggests there always is coercion in government. Most people do not mind some amount of coercion when it is exchanged for something they value. Then as this value shrinks, and progress towards a replacement value is not rapid enough, it generates friction and a return towards independence. So loss of independence theoretically can be a balance with some form of good.

It is obvious surveillance technology (e.g. Twitter) in many cases has found positive uses, such as monitoring health, natural disasters or accidents. It even can be argued political party hands have found beneficial uses for surveillance, such as fraud monitoring. The hard question is how to know when any act of surveillance, more than the latest technology, becomes evil by majority definition and what oversight is required to ensure we do not cross that point. She seems to suggest the individual is never safe:

[Companies and political parties] want us to click, willingly, on a choice that has been engineered for us. Diplomats call this soft power. It may be soft but it’s not weak. It doesn’t generate resistance, as totalitarianism does, so it’s actually stronger.

This is an oversimplified view of both company and political party relationships with individuals. Such an oversimplification makes it easy to "intertwine" concepts of rebellion and surveillance, and to reference diplomats as some sort of Machiavellian concept. The balance between state and individual is not inherently or always a form of deception to lull individuals into compliance without awareness of risks. There can actually be a neutral position, just as with technology.

What should companies and political parties offer us if not something they think we want? Should individuals be given choices that have not been engineered in any way? The act of providing a choice is often itself a form of engineering, as documented in elections with high rates of illiteracy (where candidates are "randomly" assigned an icon to represent them on ballots).

Should individuals be given a choice completely ignorant of our desires? That begs the very question of the market function and competition. It brings to mind Soviet-era systems that pretended to "ignore" desire in order to provide "neutral" choices by replacing it with centrally planned outcomes. We should think carefully about value offered to the individual by a government or a company and at what point value becomes "seduction" to maintain power through coercion.

Ultimately, despite having earlier criticized others for "retreating" to a neutral ground, her conclusion ends up in the same place:

Internet technology lets us peel away layers of divisions and distractions and interact with one another, human to human. At the same time, the powerful are looking at those very interactions, and using them to figure out how to make us more compliant.

In other words, Internet technology is neutral.

When we connect with others we may become more visible; the connection still has value when visibility is a risk. When we connect we may lose independence; the connection still has value when loss of independence is a risk.

It is disingenuous for us to label anyone that watches us as "the powerful" or to call ways that "make us more compliant" as inherently evil. Compliance can be a very good thing, obviously.

Zeynep offers us interesting documentation of first-person observations but offers little in the way of analysis and historical context. She also gives unfair treatment to basic political science issues and criticizes others before she seems to arrive at the same conclusion.

As others have said, it's a "brilliant, profoundly disturbing piece".

Posted in History, Security.

Ethiopian Troops in Somalia Join AMISOM

I was reading the news today and noticed "Kevin Knodell in War is Boring" says "Ethiopian Troops Have Returned to Somalia—That’s Not a Good Thing"

This move was surprising—perhaps even shocking—as Ethiopia has a long and brutal history with Somalia in the form of border wars, invasions and accusations of torture, rape and executions.

There’s also a fear this has the potential to undo everything AMISOM has accomplished.

Well, I disagree with both; the move is not surprising and is not likely to undo everything. As a long-time student of the Horn of Africa, I am very intrigued by these conclusions. The headline seems overly confident and also pessimistic on the long-standing complicated border-conflict scenario that includes an ongoing rebellion and fractured state with external pressures.

Unfortunately I do not have time to rebut the entire article. Note in 2008 I mentioned how US foreign policy pushed an Ethiopian offensive into Somalia. Then I recommended in 2009, in a post called "Somalia Begs for Invasion," that an AU-led stabilization force would be the best option to reduce regional conflict and guide foreign influences. AMISOM is the African Union Mission in Somalia. Almost six years later, I will take this opportunity to provide some analysis of how things are shaping up:

Recent Somali depictions of the conflict paint Ethiopia as brutal and meddling in their affairs. This is a sign of a strengthening sense of state and sovereignty by the Somalis; it also is to be expected. Somalia and Ethiopia both tend to trade harsh words at a high level. The fact is Somalia still is actually quite fractured and Ethiopia has many people sympathetic to Somali statehood.

On the one hand if you believe in realpolitik, then you might say this means Ethiopia will continue to destabilize Somalia for its own benefit, whatever that might be. In South Africa the destabilization of its neighbors was to prevent an uprising/invasion against Apartheid. What would Ethiopia's reason be for weakening Somalia? This is not clear. Although I have written before why the U.S. wants to keep Somalia from forming sovereignty — to allow for "legal" elimination of high-value targets (e.g. terrorists). The more sovereignty Somalia establishes, the more difficult it becomes for the U.S. to ignore human and state rights against intervention.

On the other hand if you believe Ethiopia is worried about the impact to them from a destabilized neighboring state, then you might say it will drive an agenda (again perhaps influenced by U.S. policy) as I wrote about before here. Kenya has a very strong and active intervention policy we can observe.

Sending troops indicates Ethiopia could intend taking an active role in determining the fractured Somalia's fate in the above two ways. However, the Horn of Africa is not so easily parsed into such neat boxes of one state intervening in another. The key to understanding this latest troop deployment is most likely related to Ethiopian domestic issues; an ongoing conflict over the Ogaden region within Ethiopia.

As I have written about before here, Ethiopia is cracking down on dissent and struggling to control the ONLF rebel group. In other words the move by Ethiopia to add troops to AMISOM may actually be a concern over a majority population in conflict with a minority in control; ethnic and political disputes. Operations/camps located across the border with Somalia would therefore drive Ethiopia to want greater access to defeat opposition. The Ogaden area has been in dispute for a very long time, particularly in 1948, 1964 and 1977, as well as 1996. Each of these events is rich and complex on their own; most relevant to the recent news is that fact Ethiopia invaded in 1996. They sent their military into areas of SW Somalia, on the border with the Ogaden, called Gedo, Bay and Bakool.

Where will the new Ethiopian troops joining AMISOM be stationed? Gedo, Bay and Bakool.

What I'm guessing, therefore, is that Ethiopia has managed to get international backing to put monitors in Somali territory to deal with Ogaden rebels attacking Ethiopia. Instead of invading, they have agreed to help "stabilize" the region while actually looking for anti-Ethiopian rebels. This also is about fighting with al Shabaab, of course, who also are anti-Ethiopian. And on that note it is important to realize that Ethiopia's military is backing many of the Somali regions already fighting against al Shabaab. So this deployment is not altogether unusual in terms of support. It is unusual in that it may achieve the objectives of 1996 without declaration of war or unauthorized border crossing.

Ethiopian AMISOM troops do not seem entirely out of place. Calling it "not a good thing" is taking an odd position on a complex topic. The specific location of their assignment speaks to a complex and long-time brewing relationship between the two countries, and an Ethiopian internal dispute between Tigrayan leadership and Oromo rebels. This parallels action by Turkey to cross into northern Iraq, for example, to deal with Kurdish rebels. Note that Cheney specifically told Turkey that he wanted them to police northern Iraq. Thus, Ethiopian policing of a border area with rebel activity is not entirely unexpected. And because it's part of an international effort instead of unilateral declaration of war…well, perhaps there's some hope for AU control and even increased humanitarian oversight of the disputes. That is probably too optimistic, but AMISOM does claim to have oversight of the Ethiopian forces; better than if Ethiopia simply invaded again.

One final thought. Some want to depict the conflict as an Islamic Somali state against a Christian Ethiopia. The fact is Ethiopia has a largely Islamic population and the Ethiopian Army is led by an Islamic General who himself used to lead a Tigrayan rebel group (TPLF). Depicting all Somalis as opposed to an Ethiopian military presence or support is incorrect. Many Somalis have asked for Ethiopian intervention. Likewise, depicting this along religious lines also is incorrect.

Updated to add: Paul Williams suggested reading the "Providing for Peacekeeping" report by Solomon Ayele Dersso, from the Institute for Security Studies, Addis Ababa Office.
A "Rationale's for Contributing" section is on page three:

  • Political
  • Economic
  • Security
  • Institutional
  • Normative

A "Barriers to Contributing" section is on page four:

  • Alternative institutional preferences for crisis management
  • Alternative political or strategic priorities
  • Resistance in the military
  • Lack of fit with legislative, procurement and operational timelines

Posted in History, Security.

On Kristallnacht: Tom Perkins Edition

This is not exactly a post I wanted to write. I watched a general reaction to Tom Perkins, however, and felt a serious gap emerging in the news. I started to wonder who would respond with a detailed take-down of his letter.

Tom Perkins is obviously wrong to compare himself to Jews persecuted under Nazi rule. He obviously is wrong to characterize Kristallnacht as an event where a poor majority persecuted a prosperous minority. How can he be so misinformed? Then again, I have not seen anyone offering us specific details or explaining why his wrongs are so obvious.

Typical Mistake of the 1%?

Some have bothered to compare him to the many other rich Americans who depict their critics as Nazis.

Tom Perkins’ letter to the editor is not, as the enraged commentary around it implies, some isolated or anomalous incident. Rather, it is a fairly standard example of a pervasive system of propaganda attempting to paint the world’s wealthiest oligarchs as victims.

Perkins is trying to convince us he is a victim of persecution. Odd.

Consider for a minute how Perkins is a man of great power and influence. Then read how he explained the hundreds of millions he spent on a luxury yacht for himself.

"I could give you some technical reasons why it really has got to be big to work right," he said. "But I just wanted the biggest boat." He added: "Do I have an ego? Yes. Is it big? Yes." [...] Mr. Perkins says it didn’t cost $300 million, but he declined to give a number, beyond saying "I’m embarrased about how much it cost. There’s the homeless and charity and a lot of things you can do with that money that would improve the world."

I read this as, "I could improve the world with my mountains of money. I am not. Instead I do what I want, when I want and how I want."

This is not the voice of a victim. Perhaps this cartoon explains it best:

Chairs Must be Elephants Because Both Have Legs

Kristallnacht victims were NOT victims because they were a numeric minority.

Population size is a horribly inaccurate and misleading way to describe the Nazi tragedy. Perkins, nonetheless, tries to pretend that because Jews were 1% of the population and because he is one the richest 1% of America, therefore he must be like a Jew in Nazi Germany.

Perkins' misrepresentation of Kristallnacht is not only obviously stupid, it actually turns out to be completely backwards. Victims of the Nazis were those who had no power to defend themselves; those who lacked representation and had no options.

The Nazis, however, were 1% of the population with immense power…

Abraham Lincoln once said "Nearly all men can stand adversity, but if you want to test a man's character, give him power."

Perkins is in the driver seat with the amount of power he wields. He is the opposite of an un-emancipated and un-represented victim of a powerful and violent authority. He can go anywhere at any time.

Even if mobs wanted to harm him there are many ways he can have others stop those mobs on his behalf. He probably has a lot of insurance. You know who was prevented from collecting their insurance? Jews who had everything destroyed by Kristallnacht saw all of their insurance money stolen by the powerful Nazis who just destroyed everything.

Perhaps some basic review of events with clear analysis will convince him to stop comparing himself (in his powerful luxury position) to those violently attacked and actually denied the most basic human rights.

If Not Me, Then Who?

Not sure I am the person to take on this job. Some of my reason for not wanting to write this post is related to the risk of having to explain myself and my bias as well as perspectives. I realize personal details are the sort of thing people like to read about. It probably makes my story meaningful or more relevant than the average response.

Perkins revealed some personal details such as "some of my family are poor" and "some of my best friends are Jewish" to defend his ideas. I'll try to avoid that annoyingly illogical kind of statement. Never mind his friends and family, his arguments are bogus. Same for me, I would rather the facts stand on their own, regardless of who I am or who I know.

Nonetheless, in terms of full disclosure and because I know people will ask anyway here are some key points.

My family fought against the Nazis, as I've written about before here ("ran telephone wire behind enemy lines") and here ("shot down over France on this day in 1944 during mission #148").

My family also suffered directly, extensively and horribly under Nazi rule (also mentioned briefly before) despite having lived in Germany for nearly 500 years and being decorated in WWI as soldiers and working many, many generations as rural agrarians (anti-Semitic propaganda accused Jews of being too lazy to fight or work the land).

I have spent more than 30 years, including the time I spent earning a postgraduate history degree from LSE, studying details of my own family story as well as trying to make sense of the wider tragedy.

Through the years I have had access to many first-person accounts and original documents. Relatives told me in great detail about their life before, during and after Nazi rule. If you want to hear the horrible and harrowing experiences of 1930s life-and-death OPSEC, let me know. I have many, many stories heard directly from the people who experienced Nazi terror.

I also hitch-hiked my way through Germany and listened carefully to stories of strangers. I have met face-to-face with survivors in America, Germany, Czech Republic, England, Israel, France, Bulgaria, Hungary and Poland. And when I say survivors I mean from all sides of the conflict.

A lot of what I studied also has happened more recently. Unlike Perkins' speculation about a rise of present-day Nazism, I have spoken with actual neo-Nazis. I ended up trapped one frigid winter night in an old unheated train car with drunken Bulgarians, for example, as they jovially discussed the importance to the world economy of killing Jews — removing the Jew-tax, as they called it.

In the 1990s my house was trashed by neo-Nazi groups who drew swastikas, left scrawled notes with death threats and tried to light everything on fire (stupidly and unsuccessfully). And even very recently in San Francisco a neighbor told me she was adopted by a neo-Nazi family in Sacramento that had sent her to the city to make money to support their "operations" after several members ended up in jail.

Perhaps I'm prone to looking into shadows of risk more than others, or perhaps shadows cast over all of us naturally and I just choose to stick around and understand instead of heading for the light immediately. Curiosity is dangerous yet insightful. Either way, I have accumulated a significant amount of first-hand stories as well as my own experiences with Nazis in the past and the present.

So that's me. Hopefully the points below stand on their own, but now you know more about who is making them.

Here We Go

As I said earlier, I had hoped a debunking of Tom Perkins' idiotic letter should already have been done somewhere by someone. I have not seen it. Rather than just say "what an fool" or "how dare he" I want to see some historic accuracy showing how he invoked Kristallnacht incorrectly.

I will take his letter step-by-step, although not necessarily in order, to write my response.

Error 1: Kristallnacht was unthinkable, and progressives are like Nazis

This is a very dangerous drift in our American thinking. Kristallnacht was unthinkable in 1930; is its descendant "progressive" radicalism unthinkable now?

Who believes Kristallnacht unthinkable in 1930? That is completely false. Not only was this type of event thought of prior to 1930, it was publicly discussed and described for at least 40 years prior in government and even taught to children in a song/poem released in 1923.

Can we call today's "progressive" radicalism a descendant of Nazi violence? Completely backwards. Progressives then, like today, were pushing for change and more representation. Conservative radicals are more likely a descendant of Kristallnacht; taking action to halt change and to force exclusion.

Consider that short periods of success by the Progressive party in Germany, along with Social Democrats, meant a Kristallnacht-like event was delayed. Progressive gains in government actually may have delayed Kristallnacht by 15 years (e.g. Hitler was jailed in 1923).

Of course the Nazis tried to appropriate terms like "progressive" for themselves to win support in their rise to power but today it is obvious their words were never to be taken at face value and require further research before believing.

And finally, why does Perkins call out 1930? It's a strange and unexplained year. I am not sure how this year was chosen for his letter. Perhaps he thinks everything in Germany was rainbows and unicorns for Jews before 1930?

Germany's Dangerous Drift

Here's what I would offer you instead as a more accurate depiction of actual events. Take a look at this simple timeline of a "very dangerous drift" in Germany and see if you would agree that Kristallnacht was unthinkable in 1930 or that today's Progressive radicals could in some way descend from it:

  • 1890, Antisemitische Volkspartei calls for "repeal of Jewish emancipation" and "placing Jews under alien legislation"; runs a successful campaign called "Liberate yourself from the Jewish middlemen!"
  • 1892, Conservative party tries to emulate the AV campaign success and demands "Christian authority" in government and schools: "We fight the multifarious and obtrusive Jewish influence that decomposes our people's life"
  • 1894, Bund der Landwirte, led by a few big landowners, declares itself "opponent of Jewry, which has become altogether too mighty in our country and has acquired a decisive say in the press, in trade, and on the exchanges"
  • 1895, Bund der Landwirte advocates boycotting Jewish stores, banning relations between Germans and Jews and the expulsion of all Jews from Germany
  • 1895, Reichstag anti-Semitic speech calls upon Germany to "exterminate those beasts of prey"
  • 1900, "tens of thousands of anti-Semitic pamphlets are sent free to all officials of the state and members of the upper ten thousand" (elites who run the government)
  • 1911, Germany tries to maintain influence in Morocco. Negotiations fail with France sending stock market down 30% in one day and aligning France with UK against German expansionism
  • 1912, Progressive and Social Democrat parties win a majority of Reichstag seats, reducing Political anti-Semitism
  • 1914, WWI starts, Jews included in calls of nationalism and "brotherhood"
  • 1916, WWI loss imminent, anti-Semitic propaganda explodes. Jews blamed for war loss
  • 1918, WWI lost, Versailles treaty and proclamation of a German republic
  • 1918, Far-right Deutschnationale Volkspartei (DNVP), successor to Bund der Landwirte, founded with intent to destroy the republic
  • 1920, Nationalsozialistische Deutsche Arbeiterpartei (Nazi Party) issues 25-point program defining "Volk" as German blood – no Jew can be a citizen of Germany
  • 1920, Protocols of the Elders of Zion, sells 120,000 copies translated into German
  • 1920, A commonplace political slogan is Deutschland erwache, Juda verrecke! (Wake up Germany, Exterminate Jews!)
  • 1921, 2/3 of votes in Berlin student elections go to anti-Semitic candidates (warning sign for general elections 4-8 years later)
  • 1923, French occupation of the Ruhr. Similar to 1911, economic crisis results with rampant inflation. Reich government gives anti-tax and "end of passive resistance" speech against France. 800,000 votes go to the Nazi Party
  • 1924, Economic and political stability return. Nazi Party loses followers. Hitler consolidates power to elite group – uses the lull in crisis to seize power over all anti-republic parties through "legal revolution".
  • 1928, Hitler makes all large and loosely affiliated far-right groups report directly to him, controlled by a strict command structure and an armed and violent enforcement guard. Total Nazi party membership is only 1 million (1% of Germany)
  • 1929, Stock market crash, Nazis campaign for control of the crisis with propaganda and fear of Communist take-over. Rapid growth of anti-Semitic acts and propaganda
  • 1930, German political system heated by split between radical groups; intellectual communism versus ultra-nationalism. 6.5 million votes go to the Nazi Party, which promises an impossibly integrated and idyllic Volk (nationalist) community based on small-business rights and lowered taxes to vastly different and heterogeneous groups
  • 1932, End of the republic, the last free vote. Despite propaganda and threats still only 14 million votes (37%) go to Nazi Party
  • 1933, Dictatorial emergency power taken by Hitler. Nazi Party promises made to voters from 1928-1933 are are reneged
  • 1934, Hitler purges the Army to eliminate chance of armed resistance and legalizes violent control by an elite few over the many with a brief new law "…attacks are justifiable acts of self-defense by the state"
  • [...]

  • 1938, Kristallnacht, 1,000 places of public worship completely destroyed (in Vienna alone more than 90 Synagogues were burned; later taken over for redevelopment by wealthy investors to be private apartments)

Hopefully it is clear why Perkins is not only wrong about the facts, he is backwards in his analysis of victimization.

The anti-Semitic mob violence of Kristallnacht in 1938 was not about a minority. The Jews could have been majority in number and still victimized. The risk of mob violence by Nazis went up over time but even more important was the fact that Jews lost all ability to defend or have rights to protect themselves.

Defense became non-existent as their identities were deleted (emancipation was revoked even for decorated war veterans and successful farmers) and replaced with one word: Jude. What they lacked was power to defend themselves; Perkins has no right to claim in 2014 as 1% of the wealthiest Americans he is being denied authority, denied identity, or denied the right to defend himself.

Violence against Jews easily was thinkable in 1898, yet Perkins is trying to claim no-one thought about repression of Jews in 1930?

What perhaps was not thinkable in 1930 was that a dictatorship and loss of representation, transfer of so much power to so very few, would happen so quickly.

Error 2: Nazis murdering Jews without accountability is a parallel to Americans criticizing the 1% wealthiest

I would call attention to the parallels of fascist Nazi Germany to its war on its "one percent," namely its Jews, to the progressive war on the American one percent, namely the "rich."

Here's a shocking fact. Who also was a 1% in 1930? The Nazis. Achieving more than 6 million votes in the 1930 election was a political coup given how small they were prior. Despite being a 1% minority however, they actively influenced all state and local governments and were on a path to transfer 100% of national power to 1% of the population 3 years later (when Hitler took dictatorial power).

Given widespread Nazi mob violence against Jews was thinkable in 1930, was anyone leaving prior to 1938? Actually, yes! About 50% of the German Jewish population, hundreds of thousands, left the country from 1928 to 1938.

Despite a few years of progress and signs of tolerance in government (shift during short periods immediately following the foreign policy and economic crises of 1911 and 1923) the run up to 1930 was a terrible time for Jews.

I have a poster of the Hitler Jugend from January 1929 that says "Sturm! Sturm! Läutet die Glocken von Turm zu Turm", which was a Nazi propaganda poem (from 1923) that advocated extreme violence against Jews (as well as anyone else who believed in a republic democracy or representative government).

In other words, a poem from 1923 was taught to German youth with a call for a Kristallnacht-like event. Note the specific words of this line:

Läutet, daß blutig die Seile sich röten,
Rings lauter Brennen und Martern und Töten

(Ringing, until ropes run red with blood,
Ring louder with burning, torture and murder)

Do not forget that teachers had been directed since 1892 by far-right parties in government to have a "Christian Authority" preside over school to ensure proper lessons, which by the 1920s meant anti-Semitic ones.

By the 1930s the schools shifted from some general far-right anti-republic lessons to a decidedly pro-Nazi agenda. Here is an actual sampling of books compiled by a 1934 German teacher's association as a guide for the core of school libraries:

  • Grades 1-4: Hitler as No One Knows Him
  • Grades 5-7: The Hitler Book of the German Youth
  • Grades 5-7: Steel Cross on the Ruhr
  • Grades 5-7: Youth Gathered About Hitler

Grades 8 and above are even worse titles.

I would therefore like to return for a moment to the question of people thinking about a Kristallnacht in 1930:

When the market crashed and the economy tumbled in 1929 the Nazi party actually was well-financed, violent and extremely powerful as small splinter group leading an entire anti-republic movement. The 1% in power in 1930 had been on a path to seize control for many years before the 1929 market crash. 1930 was arguably the third major attempt to put violent anti-Semitic Germans in control of the country; following attempts that failed to capitalize on economic disasters in 1911 and 1923.

The third attempt was so successful that by 1933 Hitler's SA and SS were regularly invading apartments, offices and stores of Jews, arresting Jewish professionals, physically torturing them and then forcing everyone to sign lies that they had been treated well.

How could Nazis get away with this surge in violence after 1929? Again, the issue was related to disproportionate power held in very few hands. It also was related to the ability to avoid responsibility and block interference with actions.

Hitler argued his small Nazi Party was just a dispatch system, a meta-organization that helped direct the larger numbers in violent mobs to their destination. I leave it to you to figure out who often uses this type of logic today.

Uber Alles

Since Nazis were a powerful minority oppressing many segments of the general public, including Jews, I really hope Perkins issues an apology. I hope he sees himself not as a numeric minority, but rather in terms of his amassed power, influence and his ease of avoiding accountability.

Who can build a boat of any size, for any reason, in any way, shape or form that he sees fit and for any cost? A German Jew in 1930, let alone 1938, would have no such opportunity. Perkins already has proven he has no obstacles, not even guilt.

Majority and Minority

The German republic was dissolved under Nazi rule using a premise of protection from Communists/Democrats/Foreigners/Jews. Yet the Nazi Party still held less than 40% of votes.

Technically we can say Hitler led a minority party to forcefully take over control of an entire country. Deception and force was needed precisely because he knew true representative majority was impossible. Hitler hated representation and wanted to do whatever he wanted without having to answer for it. He played upon false fear and false victimization to consolidate more power than normally the Nazis could have achieved — dictatorship is, by definition, a numeric minority holding majority power.

A 1933 boycott gives another interesting example of how Perkins is backwards in his view. It shows how far-right anti-Semitic campaigns of the 1920 were a reality of daily life in the early 1930s, yet still did not reflect a majority view:

Hitler claimed Germany was a victim of Jewish economic aggression and so in 1933 called for a boycott of all Jewish businesses. The plan failed to interest a German majority, as the American consul in Leipzig noted: "In fairness to the German people, it must be said that the boycott was unpopular with the working classes and with the educated sections of the middle classes".

This surely had an impact on Nazi strategy; lack of voluntary control over remaining large segments of the population meant forced violent control by the 1% was necessary to get the majority to follow their orders.

So a minority group wielded a disproportionate amount of power to their actual size. Given Perkins' position I feel that I have to emphasize this and make it abundantly clear. Simplifying Nazi politics down to a minority/majority headcount is ridiculous; historic examples completely backfire on Perkins when you look at facts.

The 1% today have far more in common with 1930 anti-republic far-right radicals claiming themselves victims than they do with the actual 1938 victims — people stripped of their citizenship and who saw their public and free places of worship burned to the ground.

Berlin Synagogue after Kristallnacht
Synagogue in Berlin after Kristallnacht

Error 3: Hate for the 1% is because of success and it is rising

From the Occupy movement to the demonization of the rich embedded in virtually every word of our local newspaper, the San Francisco Chronicle, I perceive a rising tide of hatred of the successful one percent.

Perkins is trying to use the old line "don't hate me because I'm successful".

Counter-point: I just read a story in the SF Chronicle the other day with very nice things to say about Benioff, CEO of Salesforce, and all the great things he's doing for the city. Rich, yes, successful, yes. Demonized, no. He's well-liked and the papers give him lots of positive statements. My guess is that success is not demonized when it is linked to community involvement and concern for others. This is a complex problem, of course, but Perkins claiming to be a victim and hated because he is successful…well, that's not why people hate Perkins.

It looks to me more like being an unapologetic egomaniac has a lot more to do with why people are demonized in the news.

Error 4: Google buses are just about successful workers going to work at successful companies

There is outraged public reaction to the Google buses carrying technology workers from the city to the peninsula high-tech companies which employ them.

I wonder if Perkins has ever ridden public transportation in SF. My point to Perkins here is just that regulatory protections are weakened by Google's private buses; it is like the long-standing debate regarding rights in a mall versus streets. Free speech, for example. Gone. Privacy protections. Gone.

Waiting at a public bus-stop and having a Google bus roll-up and deny access to the public is not exactly a happy moment. Perhaps Perkins can't relate because he is never denied anything he wants or needs?

The bigger issue is why Google refused to invest in a system that everyone can use and instead built a competing one to pull riders away and reduce investment. Why reduce ridership on public transportation, reduce contributions, and instead build a tightly-controlled private system? Perhaps like GM pushing buses onto Los Angeles and killing trolleys, it's about the money that can be made once power and control over transportation options is amassed by an elite few who can't be voted out?

Take the train to Mountain-view sometime and look at the transportation options. There are private buses from Apple, Microsoft, Google…waiting to take riders to offices only a few miles from each other. It's monumentally stupid that tech companies can't figure out how to build a public system than they contribute into and that is managed with representative governance. Why is only Cisco able to see this and use public-private partnerships to build lasting infrastructure?

Google initiatives are like someone building the Cliff House. Cisco initiatives are like someone building Golden Gate Park. When you can't get to Golden Gate Park because someone builds Cliff Houses on it that deny you access…that's where the outrage comes from.

Error 5: Real-estate prices are just about successful workers buying what they want

We have outrage over the rising real-estate prices which these "techno geeks" can pay.

Whoa, there. Even techno geeks can't pay now.

The outrage is not just about rising real-estate prices. It's about urbanization, transparency and distant unaccountable investors setting local agendas; it's about power. Actually it gets quite confusing. Look at the polls on these issues and we have the lowest turnout in years. Recent documentation shows "those who did vote tended towards self-interest; 'no' votes on Proposition C were significantly higher by percentage in neighborhoods near the project site and with desirable views".

Perhaps what is happening is that wealthy investors are trying to manipulate the real-estate market for personal gains. Anyone ever look into, for example, how banks could buy foreclosed properties at $300k, put them "on the market" yet immediately de-list them and then put them on the market for real at $1.2m a few weeks later? My guess is manipulating inventory is happening, selling at a loss to themselves and then at a profit to the street. There have been a whole lot of fishy behaviors that indicate a few very powerful people will push through loopholes for unsavory and unapologetic results. This manipulation and opaqueness is what tends to generate outrage.

Here's an interesting example: a Florida developer raises millions to build a huge condo building and also to soak up all housing inventory in areas around a SF project to reprice everything at a level that will give x% profit in 2 years for the entire investment. Thus all properties within walking distance to a new development project suddenly go off market and jump from $900k asking to $1.3m paid by agents of an all-cash buyer. Then, surprise, units in the development are listed at a "market determined" $1.3m.

Even techno geeks have no chance in a market where home prices increase 40% over 3 months. When investors inject $300k-400k over asking price, buying a house is an outrageous experience. Realtors I have spoken with say they do not meet anymore with people actually buying the properties because the buyers do not even come to look at the properties before they buy them. Representatives of wealthy elite Chinese, Brazilian, Russian and Saudi investors are looking for assets to acquire for a 2-year profit. Without outrage and push-back, they will push SF in whatever direction suits a singular objective of short-term returns on investment rather than what would make it worth living here longer.

Error 6: No one should be allowed to criticize Perkins' ex-wife because she is very famous and the local homeless and mentally ill have been given a lot of her money

We have, for example, libelous and cruel attacks in the Chronicle on our number-one celebrity, the author Danielle Steel, alleging that she is a "snob" despite the millions she has spent on our city's homeless and mentally ill over the past decades.

What does he mean "our" celebrity? In terms of himself and his family? Does anyone else agree Steel is "our" number-one? More popular than someone like Steve Jobs? Or Bruce Lee? Clint Eastwood? Or even Benioff or Ellison? Perkins must realize his ex-wife isn't number-one to the general public because he actually prefaces her name with the author.

When a celebrity is number one, they come without preface: Bruce Lee.

And "snob" can't really be a source of his outrage. Who in their right mind conflates bring called "snob" to 150 years of anti-Semitism in Germany, or to Nazis attacking, torturing and killing Jews? There must be something else. Terrible example on Perkins' part.

Errors Upon Errors

Perkins follow-up explanation "I don't regret the message" also is bad.

"Jews were only one percent of German population, yet Hitler was able to demonize the Jews."

Yet? Is it hard to demonize something that is only 1%? That is logically and historically wrong. Hitler found it easy to demonize the Jews and it had nothing to do with their numbers. He also demonized Communists, Socialists, Gays, Catholics…he demonized basically anyone of any size population. And the more power he consolidated into his tiny elite fascist cabal, the more he could demonize with impunity.

Furthermore, look at towns like Krakow, Poland or Miskolc, Hungary where Jews were demonized, yet they were 30% of the population.

"It’s absurd to demonize the rich for doing what the rich do and getting richer by creating opportunities for others."

Because that is ALL that the rich do with their money, create opportunities? The rich never get richer by reducing opportunities for others? This is really just sad. Perkins does not seem to realize that "doing what the rich do" part actually includes doing some very unsavory things to others. Creating opportunities for others is not what people are demonizing. Again, look at the Benioff example.

I also offer you for consideration that when the Nazis originally laid out their plans for concentration camps they described them as making Germans richer by creating opportunities for others. Too extreme an example? It is a fact. Perkins' argument parallels Nazi propaganda. It is not enough for anyone, rich or poor, to give only platitudes about creating opportunities and expect to avoid criticism.

"I think the solution is less interference, lower taxes, let the rich do what the rich do."

Do you know who else talked about a "solution" with less interference and lower taxes? I already have pointed out that the Nazis often lied and made false promises. They manipulated people. With that in mind, however, I have to point out their platform clearly stated in the 1930 Volkisher Beobachter (Nazi party newspaper) they hated taxes: "Those who speak of new taxes should first free the administration of those parasites…. The National Socialist movement will, through its victory, seek to guarantee the utmost protection for the individual German even in economic matters…any further tax increase represents a small-scale criminal act."

Here is an example of what Perkins must really mean by doing what the rich do: show indignation even when convicted for manslaughter. "I was arrested and tried in a foreign court in a language you don't understand, by judges indifferent – or worse – to justice, represented by an inappropriate lawyer with the negative outcome preordained."

Perkins killed an innocent man and then portrayed himself as victim? Killing someone innocent shows HE was indifferent to justice. Sailing his yacht in foreign waters meant HE was the one speaking a language that could not be understood.

If he did not want to be tried for murder, perhaps he should not have killed someone innocent? And if he did not want to be tried in French court, perhaps he should not have killed someone in France?


Does Perkins realize how similar his arguments sound to the propaganda used on the path to a German dictatorship? Less interference is exactly the wrong advice if anyone wants to stop the accumulation of power by a dangerous elite that refuses responsibility for harmful actions and plays victim while in a position of power. Perkins asks for less interference. It is a fundamental question of trust.

Perkins need to think hard about why so many people let Hitler do whatever he wanted to do, and whether they should have done something else.

Posted in History, Poetry, Sailing, Security.

Easy Hacks on Telephone Entry Systems

A presentation I did for The Next HOPE (2010) has just been posted online:

Friday, July 16, 2010: 7:00 pm (Lovelace): Telephone entry systems are practically everywhere in the city. An investigation after a series of break-ins uncovered several shockingly simple bypass techniques currently used by criminals. This presentation explains how the common keypad box will grant full access to a building in under ten seconds using only basic tools. The presentation will also give details on a series of countermeasures that can significantly reduce the vulnerabilities.

Posted in Security.

Hadoop Geographic Adoption

The 451 Research group has an interesting presentation called "What is the Point of Hadoop", which includes three slides on global adoption. I've mashed them into a simple animated GIF for illustration:

Watch the cities of NYC, LA and SF shrink as countries India and China grow. Why the difference in granularity? Does this imply anything about a shift in controls and authorization (e.g. local versus remote, full-time versus contractors)?

Posted in Security.

Internet of Things Under Attack!

Symantec has unwrapped their latest speculation engine and fired a huge salvo across all our bows with a blog post titled "Linux Worm Targeting Hidden Devices". Note the crisp analysis:

We have also verified that the attacker already hosts some variants for other architectures including ARM, PPC, MIPS and MIPSEL…. The attacker is apparently trying to maximize the infection opportunity by expanding coverage to any devices running on Linux. However, we have not confirmed attacks against non-PC devices yet.

In other words, the only known attacks are on PCs. Other devices are just speculation. Given the Symantec report details, it seems quite clear the attacker is NOT TARGETING HIDDEN DEVICES.

Thank you for your attention.

Posted in Security.

How Google Will Destroy Stoplights

I attended a strange meetup the other night. It is one of the amazing benefits of being in San Francisco. You can go in person to meet people on the cutting edge of technology and hear their vision (pun not intended) of the future. In this case I met someone from who was game for discussing my theories about the future focus being differently-abled, from Google maps to automated cars.

Unfortunately I lack time to blog in full our discussion. In brief, here's some of what I've been speaking on lately, building upon my earlier posts, and what will be in my new book on Big Data security:

Stoplights are a stop-gap (pun not intended) measure that resulted from the inferiority of high-speed automobiles to anticipate danger. We used to be able to keep flow when traveling under 15mph. Adding a speed differential made stop-lights necessary to protect pedestrians and horses from cars, let alone protect cars from other cars; and it was a concept poorly interpreted from sailing.

We should get rid of them. But how do we do that? Automation. Once cars can anticipate other cars at speed, we don't need to stop and sit at red lights. We're smarter than the lights, but we can't see risk fast enough at high speed to get rid of them. Automation can "see" faster.

Similarly, we should stop looking at maps. Look at race cars for the face of innovation. Rally cars do not have visual displays of directions, they have audio navigation. That's what we should look towards. All we need to do is improve the confirmation or validation of automated navigation devices. Get rid of unnecessary information (e.g. no street-view, no satellite view until the last mile) and allow two-way dialog. Let's not get stuck on big screens for navigation any more than we were stuck on stop-lights for predicting risk.

Google is leading the world in these areas, especially with Kurzweil on board, so I'm hopeful we can move towards eliminating the wasteful and poorly-thought out stop-light model.

Posted in Energy, Security.

Windows NEIN: Behind the Scenes

I have had several people ask me whether I created the Windows NEIN image I tweeted the other day. The answer is yes and here is how, in three simple steps using GIMP:

  1. Download two popular images, NeinQuarterly and Windows 8
  2. Edit Windows image to remove the 8, make the window transparent, add NEIN, desaturate
  3. Edit the NeinQuarterly image to remove the NEIN, stretch to fit behind window

Done! Here is the final result:

Contact me for the XCF image if you want to mess with it.

Posted in Security.

NSA Silver Lining: Interesting Startups

People frequently ask me if I see any interesting startups in the security industry. Let me give you three examples but only because they fit an interesting trend.

Obviously there is a long history of warfare innovation leading to civilian products. What might we look for now? Today's battles are fought with information tools. And the safety of information is most pressing to intelligence organizations so they seek and develop talent who innovate in data protection. Naturally this is leading us to a new generation of utility in securing information.

We are seeing those with deep experience and exposure to very difficult problems, within the intelligence community, get an entrepreneurial bug and launch startups. Whether you trust the founders or their product is not the point of this post.

Perhaps an historic example will clarify. Sometimes when I look at fancy kitchen knives from Japan I wonder if anyone ever protested innovations that made blades too sharp, too fair, or too strong. The utility of a tool in the kitchen surely benefited from innovations derived from battle. Making dinner with a better knife doesn't mean you have to condone or even care about Samurai.

Here are three examples of companies that represent an emerging trend in creative thinking about tools we need to get better at protecting our data:

  • Ex-NSA staff start company to protect Big Data by extending Apache Accumulo (an NSA enhancement to a Google project that now has been released to the public): Sqrrl
  • Ex-NSA staff start company to make browsing the web safer by extending XWindows concept of centralized browser session pushed to remote displays: Light Point Security
  • Ex-Unit 8200 staff start company to make SaaS safer by proxying and tracking all user behavior: AdAllom

Back to the simple knife, there some interesting studies that try to explain how Japanese civilian innovations evolved out of conflict. Creative thinking relative to explicit and tacit knowledge:

Knowledge Training

Posted in History, Security.