Here’s a pithy comment by Peter Salama, head of the new Health Emergencies Program at the World Health Organization, about factors leading to Ebola crisis unfolding this year in DRC:

These viruses manage to exploit social vulnerabilities and fault lines. That’s what we’re seeing in this Ebola outbreak starkly.

And even more to the point:

In the last two years since I have been here, 80 percent of our major outbreaks have been in conflict-affected areas. This is the issue of the future.

The issue of urban outbreaks of high-threat pathogens is really an issue of our generation. I don’t think we’ve fully grappled with that. Now with yellow fever, plague, with Ebola, we are starting to see these patterns. All bets are off [in terms of] thinking we know about the transmission of diseases because of what happened in rural outbreaks in the past. It’s completely different now.

Ok, so you have this data showing conflict-affected areas are where the major outbreaks occur, and that is “the issue of the future”. Consider this in terms of infected drones easily deployed over/under/around barriers into urban areas, and then rapid lateral transmission.

I’m not trying to think out of the box here. This is an ancient security worry, for those familiar with the history of siege weaponry.

Who (pun not intended) can guess the current US regime’s response to the outbreak of a high-threat pathogen in the place most expected? Perhaps the title of this post gave away the answer.

Vox reporter Julia Belluz asks Salama the following:

The US pulled its Centers of Disease Control and Prevention workers out of Beni, the outbreak epicenter. They decided it was too dangerous for America’s best Ebola experts to be there — and it sounds like they are not coming back anytime soon. […] But I understand Canada, the UK, even nonprofits with US personnel, are sending people, and you have hundreds of WHO officials deployed. Is the US government an outlier?

This makes the American leadership appear weak and feckless; and Salama replies very diplomatically:

The US government is the main country that has had constraints.

Japan has strict anti-authoritarian rules, as a relic of occupation by the US military after WWII. This has just manifested in corporate security, leading to an investigation and incarceration of Nissan’s Chairman

The chief executive revealed that a whistle-blower had passed information to Nissan’s auditors who then began a wider investigation. The evidence was then passed to Japan’s public prosecutor.

The story calls out anti-authoritarianism rules, very specifically

Facing the press alone, the chief executive added that he felt the mistake had come after allowing a concentration of power in one individual. Saikawa said the misconduct went on for “a long period” and it looked like Kelly had been allowed to take control of internal operations, as he had the direct backing of Ghosn.

I’ve written before about recent history and why Japanese resistance to authoritarianism is so interesting to study. A key turning point was the 1931 Mukden Incident, which allowed a small cabal to solidify control and foment war.

While it was clear Japanese militant leaders had used false-pretense to breach the post-WWI agreements on peace, nonaggression and disarmament they also faced little tangible resistance and they flatly refused to stand down.

Occupation of Manchuria by Japan soon expanded in threat; the stage was set for escalation into the Second Sino-Japanese War in 1937 and destabilization/expansion into the region, which eventually led to the bombing of Pearl Harbor in 1941.

Japan and Germany have essentially become time-capsules of US theories in anti-authoritarian thinking, due to the occupation and lessons forced upon them post-1945.

Meanwhile the US clearly has drifted away from the lessons it used to teach, letting the CSO of Facebook roam freely instead of going to jail after years of alleged acts of misconduct far worse than the Chairman of Nissan.

Just this week it was revealed on top of all the other breaches during the CSO tenure that Facebook engineers in 2018 were writing passwords to the URL and storing them, which is literally the worst possible management of security.

This is a rather jarring and basic security lapse for Instagram and Facebook, which hasn’t done much at all to prove to users it knows how to handle sensitive data. It certainly raises the question of other security practices…

Facebook’s CSO literally had no real security management experience other than a short attempt at Yahoo (also massively mis-mangaged and breached at record levels). He now arguably is the security industry’s face of executive fraud. How long before wanted posters go up for his arrest?

The Seth Meyers show does a pretty good job capturing the unapologetic racism of white supremacist candidates in America

A crucial bit of analysis is missing, however.

You might, like most rational people watching this video, wonder why someone saying “a public hanging, I’d be on the front row” (death penalty) suddenly can pivot to saying anti-abortion platitudes as their preferred defense against criticism. I mean on the one hand they’re saying lynchings are like their favorite spectator sport, while on the other hand they’re saying not a single life can be ended.

Isn’t this an obvious contradiction?

Alas, historic context explains the white supremacist perspective here, such as why they see no contradiction in carelessly taking lives while telling others lives can’t be taken under any circumstances.

Slavery was an industry of owning humans and birth was the means of production and enrichment for the slave owners. They did not give slaves any rights, let alone choices, when they demanded that children be born as quickly as possible without medical care, to the detriment and death of black women.

The historic white supremacist attitude towards maternity rights persists in America even to this day.

The ongoing maternal mortality crisis disproportionately affects black women, who the Centers for Disease Control and Prevention notes are three to four times more likely than white women to die from complications related to pregnancy.

Why is this happening? The medical field is seeking answers, but one of the most obvious solutions is ensuring black women’s access to quality, unbiased medical care.

And then these same owners of humans causing high rates of maternal mortality also claimed to reserve the right to kill humans indiscriminately, murdering whomever they wanted, and brag about their desire for front row seating in any lynchings. See the consistency in the dehumanization?

I’ve written about this before, and in particular how Abraham Lincoln described the situation in 1838 America:

Thus went on this process of hanging, from gamblers to negroes, from negroes to white citizens, and from these to strangers; till, dead men were seen literally dangling from the boughs of trees upon every road side; and in numbers almost sufficient, to rival the native Spanish moss of the country, as a drapery of the forest.

Turn, then, to that horror-striking scene at St. Louis. A single victim was only sacrificed there. His story is very short; and is, perhaps, the most highly tragic, of any thing of its length, that has ever been witnessed in real life. A mulatto man, by the name of McIntosh, was seized in the street, dragged to the suburbs of the city, chained to a tree, and actually burned to death; and all within a single hour from the time he had been a freeman, attending to his own business, and at peace with the world.

Such are the effects of mob law; and such are the scenes, becoming more and more frequent in this land so lately famed for love of law and order; and the stories of which, have even now grown too familiar, to attract any thing more, than an idle remark.

I hope that gives better context and some needed analysis for why the white supremacist candidate Hyde-Smith today is saying “a public hanging, I’d be on the front row”; bringing up lynchings in her campaign to prevent the first black senator to represent the state since the Reconstruction era.

The story gets worse, far worse, however. Several people have pointed out to me that very large silicon valley technology companies are funding these white supremacist platforms.

U.S. Senator Cindy Hyde-Smith (R-MS) was caught on tape “joking” about her willingness to attend a lynching at a campaign event in November. […] One corporation that apparently was unbothered by Hyde-Smith’s remarks: Google. On Tuesday, Google donated $5000 to Hyde-Smith’s campaign, according to documents filed with the FEC.

This is no joke. Google after a widely-discussed lynching statement threw campaign donations at a white supremacist candidate. One might be tempted to think this is a one-off, a strange coincidence. However, investigators already have pointed out that Google is funding an even more well known white supremacist candidate:

Google previously donated $10,000 to the Making America Prosperous PAC, the leadership PAC of Congressman Kevin Brady (R-TX). Making America Prosperous gave Congressman Steve King (R-IA) a cash infusion after other corporate donors abandoned him over his ties to white nationalism.

After other corporate donors had abandoned candidates with a white nationalism (Nazi) platform, and after a candidate made comments in favor of lynchings, Google apparently sent funds to help the white supremacists win.

Recently, as I met with many Chief Security Officers (CSO) to discuss cross-cloud security architectures, I heard several times from different leaders “do not mention Google in this room, they are not an option”. It seemed so harsh. And it came without detail, as If I already should know. I had to learn more, to find out what was driving the hard line eliminating the giant brand.

Turns out it is…ethics.

I had figred it related to the history of lying about privacy controls and failing to monitor staff abusing access to private data. That was bad, for sure, and Google hasn’t done the best job clearing their name. It also isn’t the sort of thing that writes off a brand entirely, as controls evolve and trust returns through operations monitoring.

However, that wasn’t the only issue. People sent me stories about Google choosing to fund campaigns despite widespread (easily searchable) condemnation. I mean Steve King…come on Google, why would you fund him? Even AT&T dumped that unrepentant racist. There seems to be a timing issue for a brand claiming to be the most up-to-date source of knowledge.

And it gets worse again. Google now has been caught in further controversy after an attempt to claim ignorance and make a “we do not condone” explanation for their contribution.

Google claimed it made the donation on Nov. 2—the same day Hyde-Smith made her comments. “This contribution was made on November 2nd before Senator Hyde-Smith’s remarks became public on November 11th,” Google representatives said. “While we support candidates who promote pro-growth policies for business and technology, we do not condone these remarks and would not have made such a contribution had we known about them.” If Google’s claim were true, that would mean the Hyde-Smith campaign filed a false report. It would also mean the campaign failed to report on time. Federal law requires than any donations made within 20 days of an election be reported within 48 hours.

“We do not condone” is not “we condemn”. Historians again are needed here, because context helps explain what’s really going on.

Mississippi had the highest rate of lynchings of African Americans, which of course was linked inexorably to economics.

Once black were given their freedom, many people felt that the freed blacks were getting away with too much freedom and felt they needed to be controlled. Mississippi had the highest lynchings from 1882-1968 with 581.

As you can see in the quoted writings of Lincoln above, citing mob law before the civil war, white supremacist candidates always have and always are positioning lynchings as “pro-growth policies for business and technology”. It is more plainly described here:

March 1892, a white mob lynched three black men — Thomas Moss, Will Stewart and Calvin McDowell — and left their mangled bodies in a field a mile north of downtown Memphis….their crime was their temerity. They dared to challenge white businessmen accustomed to having a monopoly on economic activity.

A Google inability to straightforwardly condemn such a statement about public hangings (see the redemption train video above), while further endorsing white nationalists as being pro-business and technology…should be more in the news. Or how did Lincoln put it?

…have even now grown too familiar, to attract any thing more, than an idle remark

At least I know a wide group of CSOs are monitoring the situation, as a function of deciding how and when to trust a cloud service provider that fails so hard at ethics.

---

Update Nov 26, 2018:

Google is unmentioned among the companies distancing themselves further from the white supremacist campaign

Jaz Brisack, the first female student at the University of Mississippi to receive the prestigious Rhodes scholarship, called Sen. Cindy Hyde-Smith (R-Miss.) a “white supremacist” in an interview with The Oxford Eagle on Sunday.

[…]

Groups including Major League Baseball, Walmart, AT&T, Leidos, Union Pacific and Boston Scientific have all asked for their donations to Hyde-Smith’s campaign to be returned.

Google does get a mention elsewhere, asking a day before the election that their contribution be returned.

Meanwhile in other news about this candidate:

• “Hyde-Smith Accepts $2,700 Donation from Notorious White Supremacist“
• Hyde-Smith is caught on tape saying voter-suppression is a good idea
• Hyde-Smith “was seen celebrating Confederate history at a museum in a 2014 Facebook post. In that photo, she’s wearing a Confederate soldier’s hat and holding a rifle, with the caption: ‘Mississippi history at its best!'”

File this lawsuit news under things that anyone with a history degree could have predicted:

The suit alleges that e-scooter companies knew their riders were injuring pedestrians and –– by failing to stop the collisions from occurring –– assisted and encouraged scooter riders as they committed “assaults.”

The suit also states that both companies’ scooters contain defective electronics and mechanical parts, as well inadequate safety instructions for riders and that they have “a wanton disregard for the safety of others.” The risks posed by the devices, the suit states, “were known and/or knowable” based on “professional knowledge” known within the transportation community.

Scooters weren’t going to magically become safe, by increasing their supply and decreasing barriers to abuse (i.e. powered to a quick and high top speed at no cost to rider).

Another way of looking at this is to consider how Vespa was born out of WWII and became wildly successful, was banned, and then returned again.

Conversion of Italian warplane engineering to civilian mobility in war-ravaged Europe birthed the famous aeronautical-looking scooters of the 1950s. They were cheap and convenient for rebuilding markets after war, so the concept boomed.

Fast-forward to the 1970s and the scooters were being banned due to air quality concerns, in a large part related to their success. So many engines had been accumulating massive technical and healthcare debt, dumping toxins into the air without paying for consequences, legislation had to be passed:

Having returned to the US in 2000 after exiting the market in 1985 because of new emissions legislation that targeted two stroke engines, the Vespa was an immediate success all over again

And being a success all over again is a good thing, right? I believe that’s called innovation.

The birthplace of the Vespa has even banned 2-stroke engine versions for the same reason, air quality harms:

…environment assessor Italo Porcile is determined not to give in to the pressure.

‘I love the Vespino, I used to have one myself,’ he said. ‘But the ‘Euro 0′ (a model produced before 1999) pollutes terribly and public health is more important’.

Piaggio, which started off producing locomotives and then fighter planes, came up with the Vespa after the Second World War, when the country’s roads, severely damaged by bombing, were crying out for an alternative to cars for the masses.

With the 2-stroke air negligence version banned, scooter manufacturers are only now investing in superior engineering options:

Elettrica is propelled by an electric motor claiming peak output of 5.3 hp (with a continuous output of 2.7 hp) and more than 147.5 lb-ft. of torque, which Piaggio says is superior performance to a traditional 50cc gasoline-powered scooter

Scooters being dumped on sidewalks and running into pedestrians is literally the opposite of innovation. The lawsuit again negligent scooter manufacturers is an unfortunate start, though clearly what scooter developers really needed sooner was a regulatory wake-up to spur them into more innovative designs.

Lately I often have been asked about cloud counter-measures to rubber-hose risks, and as I begin to explain I get interrupted with “wait, hold on, but why is it called rubber-hose?”

It is a fair question and, as a historian, I am eager to indulge those willing to ask a “how did we get here from there” security question.

Rubber-hose implies a means a type of physical torture used to extract a secret without leaving evidence of torture.

Physical Torture to Break American Cryptography

To understand why this phrase is so commonly used in America, we have to remember first that slave rebellions in 1830s led to a reign of brutal white-supremacist terror escalating until they started a full Civil War in 1861.

New York abolished slavery in 1827, around the same time many countries around the world were doing the same. Abolition and/or laws prohibiting slavery spread quickly:
1824 – Mexico
1831 – Bolivia
1831 – Brazil
1833 – England
1835 – France
1836 – Portugal

An important footnote here is that the Mexican abolitionist movement greatly angered white immigrants to Mexico. These settlers to the “wild” Texas territory demanded they be allowed to keep slaves.

This came to a head at the Alamo in 1836 when violent secession formed a new nation for slavery. That is right, every time you hear someone say “Remember the Alamo” think of white supremacists expressing pride at preserving slavery while globally it was condemned.

This fits a pattern more widespread, that between 1831 and 1861 many US slaveholders thought a “reign of terror” was their best method of preserving white power.

In case you are wondering, encryption was very present in America during the next 30 years, and needed key management that could withstand physical torture by those who did not want slavery to end.

Had the US not declared independence from the King of England, slavery arguably would have ended in the US by 1834 if not earlier.

Alas, this was not to be the case under a pro-slavery President Jackson who had been elected in 1829. By 1835, around the time of Texas seceding to preserve slavery, Jackson was harshly criminalizing speech in order to prevent even the discussion of abolition (his federal Postmaster General Kendall was ordered to intercept and inspect mail).

As you can imagine, encryption becomes very useful for those working towards freedom under a white supremacist President inspecting all mail.

The punishment for anyone discussing abolition was severe. Abraham Lincoln famously gave a speech in 1838 condemning the surveillance and torture methods used upon Americans who believed in the kind of freedom found in other nations:

Thus went on this process of hanging, from gamblers to negroes, from negroes to white citizens, and from these to strangers; till, dead men were seen literally dangling from the boughs of trees upon every road side; and in numbers almost sufficient, to rival the native Spanish moss of the country, as a drapery of the forest.

Turn, then, to that horror-striking scene at St. Louis. A single victim was only sacrificed there. His story is very short; and is, perhaps, the most highly tragic, of any thing of its length, that has ever been witnessed in real life. A mulatto man, by the name of McIntosh, was seized in the street, dragged to the suburbs of the city, chained to a tree, and actually burned to death; and all within a single hour from the time he had been a freeman, attending to his own business, and at peace with the world.

Such are the effects of mob law; and such are the scenes, becoming more and more frequent in this land so lately famed for love of law and order; and the stories of which, have even now grown too familiar, to attract any thing more, than an idle remark.

Sadly a great many Americans, from large plantation owner to poor white laborers, aspired to dreams of sudden wealth by harming others. America, long after the rest of the world was moving in a better direction, continued to think of an expansion of slavery practices as their get-rich-quick scheme.

Certain American men, as well as their enablers, kept arguing that the Constitution “enriched” whites by giving them the exclusive right to torture and murder without penalty as long as they were preserving their right to leisure time and preference for avoiding work by playing golf instead. There is a simple reason why many golf courses to this day market themselves by highlighting pro-slavery terrorists:

When Southwick G.C. in Graham, North Carolina first opened in 1969, it was known as Confederate Acres G.C. for no apparent reason other than to appeal to golfers who might be [pro-slavery].

Mountaintop G. & Lake C. in Cashiers, North Carolina one of the newest members of America’s 100 Greatest Golf Courses, has in its clubhouse suites named in honor of Confederate generals such as Robert E. Lee, Stonewall Jackson and Turner Ashby, all of whom fought [to preserve slavery] alongside early Cashiers resident General Wade Hampton

Yes, golf courses around America are out in the open about being pro-slavery, as if it is comforting to golfers if they can celebrate men who tortured and murdered Americans to enrich themselves. But I digress…

Managing secrets in the 1840s context of Americans surviving torture and murder by violent pro-slavery militants, even Edgar Allen Poe by 1843 entered the fray, publishing instructions in a story set in South Carolina to help increase the use of cryptograms. It was his most popular story during his lifetime.

In 1844 President Adams was elected and overturned the Jackson ban on free speech, but torture and murder by pro-slavery terrorists continued to rise. Although Texas agreed to annexation by the US in 1845 they came with the stated hard requirement that slavery remain legal (foreshadowing their second secession, remembering the Alamo by declaring a war on abolitionists again in 1861).

It was because John Brown witnessed the wholesale torture and murder of abolitionists at this time that he became compelled to answer with force the literally burning question “are we free or are we slaves under Southern mob law?” His forceful attempts ended with his execution in 1859. And his demise was thought by slaveholders in 1860 as a great victory; sort of a proof at the highest federal levels that brutally murdering abolitionists and slaves carried no consequences, while resistance to slavery would continue to be fatal.

And yet the situation worsened further, with abolition demands of course growing. By 1861 the white mobs who had for three decades been torturing and murdering fellow Americans raised their violence even further and declared an all-out war to preserve slavery.

At this point I just want to mention key management in American history continues to be documented. Now it is soldiers in the US Army talking about fighting to preserve the Union, deploying encryption that has to withstand attacks by people who would torture anyone just to continue slavery practices.

Here’s an example from “The Military Telegraph During the Civil War in the United States: an Exposition of Ancient and Modern Means of Communication, and of the Federal and Confederate Cipher System” by code-breaker Captain William R. Plum

Fast Forward to the Rubber Hose Years

With the 1860s encryption in mind, we need to skip 100 years ahead to the 1960s. The American south still had white supremacists infiltrating departments of authority such as the police as a means to perpetuate their unjust power over non-whites, through violent means including torture.

Freedom riders gives a good snapshot of the situation at hand, no pun intended:

Freedom Riders is the powerful harrowing and ultimately inspirational story of six months in 1961 that changed America forever. From May until November 1961, more than 400 black and white Americans risked their lives—and many endured savage beatings and imprisonment—for simply traveling together on buses and trains as they journeyed through the Deep South. Deliberately violating Jim Crow laws in order to test and challenge a segregated interstate travel system, the Freedom Riders met with bitter racism and mob violence along the way, sorely testing their belief in nonviolent activism.

Those savage beatings were with rubber-hoses, as well as with phone-books and other soft materials that caused maximum pain with minimum evidence.

Cyber-security-historian protip: we won’t ever say phone-book cryptanalysis to refer to physical torture methods because that becomes confused with logical brute force techniques (use of the contents of a phonebook to reveal secrets).

Thus one can read about torture techniques used by white supremacists during the 1950s and find exact reference to the rubber hose method as a subset of “third degree” questioning. For example, in a History of Torture text, you can read about US police methods used to force confessions and reveal secrets:

There you have it. The rubber hose is an American torture method commonly used in attempts to gain access to secrets without being held accountable. Cryptography withstanding a rubber-hose really refers to politics of torture in America from the mid-1800s resurfacing in the mid-1900s as rubber hoses became a common product.

Bringing It Back to Cryptanalysis Today

This is not just about the past, unfortunately, as I implied at the start of this post. People considering cloud computing are asking daily lately about the rubber-hose. There still is a real threat of torture. World Affairs vividly explains this situation in a political analysis of American traditions:

Decent people and decent countries do not engage in [torture] under any circumstances, whatever the consequences, and that’s really all there is to it.

[…]

Ideals are one thing, the reality of American history quite another. There is, in fact, a well-established American tradition of torture. The definitive text on it is Torture and Democracy by Darius Rejali, himself an opponent of torture. He sees “a long, unbroken, though largely forgotten history of torture in democracies at home and abroad.” What the torture techniques of democracies have in common is that they leave no lasting marks on the victims, no proof. Rejali calls this “clean torture.”

Electroshock began in democracies, and it was in the United States that interrogators first used rubber hoses to administer beatings that left no bruises. Sleep deprivation and stress positions (the “third degree”) were once common practices of American police.

It’s not only the police who have tortured or used other harsh methods. The U.S. military has, too. During the war in the Philippines at the beginning of the twentieth century, American troops employed the “water cure,” a forerunner of waterboarding. During the Vietnam War, torture was probably even more extensive. Whatever its professed ideals, the United States has tortured in the past. It has tortured in the near-present. And should needs arise and circumstances dictate, it will probably torture in the future.

My only addition to this analysis is that “water cure” was treated as a war crime by the US and cited in its court cases against the Japanese during WWII. I spoke about this in my RSAC presentation “Security Humanitarianism: Extraordinary Examples of Tech Improving Lives”

It is a sad footnote to history that war crime cases before 1945 and prosecuted in 1946 were sealed after WWII and the US then began engaging in the exact practices they earlier had argued were a clear violation of human rights. As the quote above warns: “ideals are one thing, the reality of American history are quite another.”

If you seek a more contemporary example, November 2003 was when the US Army tortured to death an Iraq army general who had served under Saddam Hussein. General Abed Hamed Mowhoush died aged 56, beaten and then suffocated to death by Americans using methods including a rubber hose to forcibly extract secrets. Case details were revealed in 2005 court-martial proceedings for two men, without getting into details of government agencies giving orders.

Conclusion

Rubber-hose cryptanalysis is rooted (pun not intended) in American traditions of torture to disclose secrets and preserve power. Despite white supremacists losing their war of aggression against own country, their history of torture methods still seems nowhere near being abolished. And perhaps most dangerously, despite being proven ineffective, some groups may still see themselves as maintaining or gaining power with old “reign of terror” practices.

Hopefully now you can see how we got here from there. This is why when helping with key management solutions for cloud workloads running in America, I increasingly hear requests from people to discuss models that address threats like rubber-hose cryptanalysis techniques.

Ondřej Matějka, the deputy director of the Institute for the Study of Totalitarian Regimes (ÚSTR) provides a fascinating interview on the 80th anniversary of the infamous Munich Agreement:

…the problem wasn’t that the Czechoslovak state couldn’t hold the borders. The problem was more within the society living there, where the pressure from the Sudetendeutsche Partei towards our citizens and people who were sympathetic towards other political parties, especially social democrats and communists, was big. I think the Sudetenland is an extraordinary example of the making of a totalitarian society, where one power, through terror and social pressure, is taking over power in the society

The agreement led to annexation of Czechoslovakian border territory by an expansionist Nazi regime, and the designation of this area as “Sudetenland”.

It also setback plans to overthrow the fascist dictator of Nazi Germany.

Opponents of the Nazi regime leader, such as the head of the German Army, perceived the Munich agreement as foreign states having weak appetite for more permanently ending the Nazi terror and social pressure.