Category Archives: History

U.S. Fighting DisInformation? Look at Presidential election of 1932

Regulation and targeted response strategies to fight disinformation worked after FDR took office in 1932, and it’s likely to work again today when someone will muster the national trust of residents ready to take action. Without that kind of popular support, and by instead making conciliation to technology companies, it’s unlikely we’ll see any progress today.

DefenseOne writes there’s been a necessary shift in security from a focus entirely on confidentiality towards more integrity. They then propose three steps to get there.

First is better, faster understanding by the U.S. government of what disinformation American adversaries are spreading—or, ideally, anticipation of that spread before it actually happens. […]
Second is, in appropriate circumstances, the swift, clear, and direct intervention of U.S. government spokespersons to expose falsities and provide the truth. […]
Third is an expanded set of U.S. government partnerships with technologies companies to help them identify disinformation poised to spread across their platforms so that they can craft appropriate responses.

Point one sounds like a call for more surveillance, which will obviously run into massive resistance before it even gets off the ground. So there’s a tactical and political headwind. Points two and three are unlikely to work at all. The most effective government spokesperson in past typically was the President. That’s not possible today for obvious reasons. In the past the partnerships with technology companies (radio, newspaper) wasn’t possible, and it’s similarly not possible today. Facebook’s CEO has repeatedly said he will continue to push disinformation for profit.

I’ve been openly writing and presenting on this modern topic since 2012 (e.g. BSidesLV presentation on using data integrity attacks on mobile devices to foment political coups), with research going back to my undergraduate and graduate degrees in the mid-1990s. What this article misses entirely is what has worked in the past. Unless they address why that wouldn’t work today, I’m skeptical of their suggestions to try something new and untested.

What worked in the past? Look at the timeline after the 1932 Presidential election to 1940, which directly addressed Nazi military disinformation campaigns (e.g. America First) promoting fascism. 1) Breakup of the organizations disseminating disinformation (regulation). 2) Election of a President that can speak truth to power, who aligns a government with values that block attempts to profit on disinformation/harms (regulation). 3) Rapid dissemination of antidotes domestically, and active response abroad with strong countermeasures.

Roosevelt defeats Nazis at the ballot box: “By 1932, Hearst was publishing articles by Adolf Hitler, whom Hearst admired for keeping Germany out of, as Hitler put it in a Hearst paper, “the beckoning arms of Bolshevism.” Hitler instead promoted a transcendent idea of nationalism—putting Germany first—and, by organizing devoted nationalist followers to threaten and beat up leftists, Hitler would soon destroy class-based politics in his country. Increasingly, Hearst wanted to see something similar happen in the United States.”

The question today thus should be not about cooperating with those who have been poisoning the waters. The question should be whether regulation is possible in an environment of get-rich-quick fake-it-til-you-make-it greedy anti-regulatory values.

Take Flint, Michigan water disaster as an example, let alone Facebook/Google/YouTube/WellsFargo.

After officials repeatedly dismissed claims that Flint’s water was making people sick, residents took action.

America has a history of bottom-up (populist) approaches to governance solving top-down exploitation (It’s the “United” part of USA fighting the King for independence). A bottom-up approach isn’t likely to come from the DefenseOne strategy of partnerships between big government and big technology companies.

I’m not saying it will be easy to rotate to populist solutions. It will definitely be hard to take on broad swaths of corrupt powerful leaders who repeatedly profit from poisoning large populations for personal gains. Yet that’s the fork in our road, and even outside entities know they can’t thrive if Americans choose to be united again in their take-down of selfish profiteers who now brazenly argue for their right to unregulated harms in vulnerable populations.

If Zuckerberg were CEO of Juul… right now he’d be trying to excite investors by saying ten new fruity tobacco flavors are coming next quarter for freedom-loving children.

The boss of e-cigratte maker Juul stepped down on Wednesday in the face of a regulatory backlash and a surge in mysterious illnesses linked to vaping products.

I wrote in 2012 about the immediate need for regulation of vaping. Seven years later that regulation finally is happening, sadly after dozens have been dying suddenly and without explanation. A partnership with tobacco companies was never on the table.

Bottom line is if you ever wonder why a Republican party today would undermine FCC and CIA authority, look at FDR’s creation of them to understand how and why they were designed to block and tackle foreign fascist military disinformation campaigns.

Drones With Lasers Reveal Human Secrets

Archaeologists are only a few steps removed from forensic scientists looking for crime scenes, if you know what I mean.

Rewriting history now is even easier than ever because drones can speed the discovery of buried things:

…airborne laser scan of the area has found 900 previously unknown archaeological sites on Arran, promising to rewrite the 6,000-year human history of the island…

Given how much can be revealed and how fast, the next technology shift may have to be artificially intelligent archaeologists that can keep up with laser workloads:

Francisco Estrada-Belli, another member of the archaeological team, told National Geographic: “The fortified structures and large causeways reveal modifications to the natural landscape made by the Maya on a previously unimaginable scale.

“Lidar is revolutionising archaeology the way the Hubble Space Telescope revolutionised astronomy.

“We’ll need 100 years to go through all the data and really understand what we’re seeing.”

One group that isn’t waiting any time to jump (pun not intended) to conclusions are the operators on military missions.

The operators use a tablet and special software to designate an area of interest, dispatch a drone to scan it, and then – in a matter of hours – automatically compile the sensor readings into a 3D map so detailed you can even distinguish different species of trees.

I guess you could say operators are seeking places to hide that others could use as much as themselves.

The next step from 3D maps is to attach photo-realistic data. Nearly five years ago AutoDesk boasted of their ability to 3D map anything on their cloud using drone photography. Earlier this year Here engineers said pushing photographic-level details to operators at city-wide scale is hitting performance bottlenecks, yet already is being done.

This opens up huge new ethical issues, including adversarial response and countermeasures to seeing and being seen, as the geospatial experts in the defense industry already have been flagging:

Efforts to correct mistakes, respond to disasters, or map poverty warm the heart. But other aspects of geospatial intelligence are rife with ethical challenges, from potential invasions of privacy to the violation of the confidentiality of individuals who agree to provide income or other demographic information. “Don’t expect lawyers to catch up,” warned Schwartz. “There are going to be guidelines that need to be created by those who are doing the work.”

[…]

“The reason we exist is to give advantage to our country,” said Munsell, “and as director [Robert] Cardillo used to say, ‘to never allow a fair fight.’”

Austria Espionage Card Index 1849-1868

The neo-absolutist state secret service kept an espionage card index for surveillance of Vienna residents 1849-1868.

Here’s an example I captured from a museum’s archive:

Encyclopedia Britannica explains the living conditions during this period, not terribly far from where some in the U.S. want things to go today:

Freedom of the press as well as jury and public trials were abandoned, corporal punishment by police orders restored, and internal surveillance increased. The observation of the liberal reformer Adolf Fischhof that the regime rested on the support of a standing army of soldiers, a kneeling army of worshippers, and a crawling army of informants was exaggerated but not entirely unfounded. One of the more backward developments was the concordat reached with the papacy that gave the church jurisdiction in marriage questions, partial control of censorship, and oversight of elementary and secondary education. Priests entrusted with religious education in the schools had the authority to see to it that instruction in any field, be it history or physics, did not conflict with the church’s teachings.

California Posts CCPA Proposed Regulations

The California Attorney General (AG) Xavier Bacerra has posted Proposed Regulations to implement the California Consumer Privacy Act of 2018 (CCPA). Bacerra also has posted a Notice of Proposed Rulemaking Action (NOPA) and an Initial Statement of Reasons (ISOR).

Critics already are playing up that they can’t do business if they have to follow regulations set to protect privacy of consumers. These lobbying types are, of course, peddling risk management nonsense in the face of far too many breaches and a long slide downward of consumer confidence in data platforms.

The current round of criticism reminds me of those opposed to food safety regulations even after Upton Sinclair’s 1906 book The Jungle pointed out how rats and workers’ body parts were being ground up and shipped as sausage.

Cloud providers are like sausage factories, especially the largest ones, and for far too long have been allowed to operate without basic duties of care, deliberately avoiding innovation investment because avoiding accountability for harms. And yes, Facebook is the wurst.

Those of us actively innovating in information technology see regulations such as CCPA as welcome guard rails, which spur long overdue innovations in data platform controls and help the data platform market grow more safely.

The proposed regulations set out some clear “shall not” of consumer personal information:

(3) A business shall not use a consumer’s personal information for any purpose other than those disclosed in the notice at collection. If the business intends to use a consumer’s personal information for a purpose that was not previously disclosed to the consumer in the notice at collection, the business shall directly notify the consumer of this new use and obtain explicit consent from the consumer to use it for this new purpose.
(4) A business shall not collect categories of personal information other than those disclosed in the notice at collection. If the business intends to collect additional categories of personal information, the business shall provide a new notice at collection.
(5) If a business does not give the notice at collection to the consumer at or before the collection of their personal information, the business shall not collect personal information from the consumer.

They also set out clear timelines for requests to delete data:

(a) Upon receiving a request to know or a request to delete, a business shall confirm receipt of the request within 10 days and provide information about how the business will process the request. The information provided shall describe the business’s verification process and when the consumer should expect a response, except in instances where the business has already granted or denied the request.
(b) Businesses shall respond to requests to know and requests to delete within 45 days. The 45-day period will begin on the day that the business receives the request, regardless of time required to verify the request.

EU Court: Holocaust Denial is not Protected Speech

General Eisenhower wisely and famously wrote to General Marshal in 1945 that we need to protect the future by carefully documenting the past:

I made the [Buchenwald concentration camp in Thuringia, Germany] visit deliberately, in order to be in position to give first-hand evidence of these things if ever, in the future, there develops a tendency to charge these allegations merely to “propaganda.”

Presidential archive copy of a letter from General Eisenhower to General Marshall, April 15, 1945.

General Patton and others wrote similar records of disgust at what they saw, as well as concern with the German people’s ability to operate around and in these death camps as if genocide was just business as usual.

And now a smart ruling has been heard from the European Court of Human Rights that should have an immediate and serious impact to data platform safety regulation:

Pastoers’ argument that his statements were protected by Article 10, which protects freedom of expression, was “manifestly ill-founded,” given that he “had intentionally stated untruths in order to defame the Jews and the persecution that they had suffered,” the Strasbourg, France-based court ruled on Thursday. His complaint that he was denied a fair trial in Germany was also rejected by the ECHR.

Pastoers had given a speech a day after Holocaust Remembrance Day in 2010…

[…]

The tribunal said the German had deliberately obscured some of his remarks to try to get his message across more subtly.

“The impugned part had been inserted into the speech like ‘poison into a glass of water, hoping that it would not be detected immediately,’” the court said.

An example of hidden Nazi messages in daily communications is one of the most popular blog posts I’ve ever written. Detecting it isn’t the hard part.

Acting upon it has been the bigger issue, as Google, Twitter and Facebook executive management have repeatedly and intentionally declined to block poisonous speech. They operate a philosophically and historically misguided willingness to profit as Americans from dispensing known harms that seriously damage markets around the world.

For example, documented hate group FAIR in the last year alone has spent $934,000 on Twitter ads, $910,000 on Facebook ads, and $111,000 on Google/YouTube ads.

…founder, John Tanton, has expressed his wish that America remain a majority-white population: a goal to be achieved, presumably, by limiting the number of nonwhites who enter the country.

Another way of looking at this is Facebook records income from dispensing poison:

From May 2018, when Facebook began publishing its archive of political and social advertisements, to September 17, 2019, at least 38 hate groups and hate figures, or their political campaigns, paid Facebook nearly $1.6 million to run 4,921 sponsored ads. Some ads call undocumented immigration an “invasion.” Others claim that LGBTQ people are “evil.”

“This is an astounding amount of money that’s been allowed to be spent by hate groups,” Keegan Hankes, interim research director of SPLC’s Intelligence Project, told Sludge. “It reaches a lot of people with some very toxic ideologies. Obviously that’s incredibly worrisome, if not a little unsurprising given Facebook’s track record specifically around these ideologies.”

Even more to the point, Facebook has hired people into executive positions with intent to undermine democracy through dispensing misinformation:

Harbath is Facebook’s head of global elections policy. She literally worked for Rudy Giuliani. I can’t make this up.

And insider threats in data platforms who are virulently anti-democracy and who like to use hate dissemination and misinformation techniques are not something to be surprised about, as I presented at Kiwicon in 2016.

Hate groups flock towards technology positions, and attempt to insert or influence staff there, like criminal syndicates attracted to bank jobs.

When Can You Trust Cloud Providers?

The Raft of the Medusa by Géricault depicts service provider incompetence of 1816: “Crazed, parched and starved, they slaughtered mutineers, ate their dead companions and killed the weakest”

Our first book detailed the infrastructure risks in cloud environments. It gave basic instructions for how to make it safe to build a cloud.

However, I realized right away that a second book would be necessary as I saw operations going awry. People offering data “services” in cloud environments were doing so unethically.

That’s why since 2013 I’ve been working on tangible, actionable solutions to problems in cloud environments like the impostor CISO, the immoral SRE, and the greedy CEO.

It has been a much harder book to write because The Realities of Securing Big Data crosses many functional lines in an organization from legal to engineering, sales to operations. A long-time coming now, it hopefully will clarify how and why things like this keep happening, as well as what exactly we can do about it:

We recently found that some email addresses and phone numbers provided for account security may have been used unintentionally for advertising purposes. This is no longer happening and we wanted to give you more clarity around the situation: https://help.twitter.com/en/information-and-ads

…and that led to everyone asking an obvious question.

You may remember a very similar incident last year and wonder why nobody at Twitter thought to test their systems to make sure they didn’t have the same security flaws as a safety laggard like Facebook.

Facebook is not content to use the contact information you willingly put into your Facebook profile for advertising. It is also using contact information you handed over for security purposes and contact information you didn’t hand over at all.

Facebook and Twitter, after flashy high-profile CISO hires and lots of PR about privacy, both have sunken to terrible reputations. They rank towards the same levels as Wells Fargo in terms of customer confidence.

Facebook has experienced a tumultuous time due to privacy concerns and issues regarding election interference, ranked 94th. Wells Fargo ranked 96th. The Trump Organization ranked 98th, considered a “very poor” reputation.

The Drum says even the advertising industry is calling out Twitter for immorality and incompetence:

Neville Doyle, chief strategy officer at Town Square, suggested it was “enormously improbable” that Twitter ‘inadvertently’ improved its ad product with the sensitive data, and blasted the tech giant for being either “either immoral or incompetent”. Either way, he said, it was playing “fast and loose with users’ privacy”. Respected ad-tech and cybersecurity expert Dr Augustine Fou, who was previously chief digital officer at media agency Omnicom’s healthcare division, also branded Twitter’s announcement as “total chickenshit”. Last July, the Federal Trade Commission (FTC) fined Facebook $5bn for improperly handling user data, the largest fine ever imposed on company for violating consumers’ privacy.

The technology fixes ahead are more straightforward than you might imagine, as well as the management fixes.

In brief, you can trust a cloud provider when you can verify in detail a specific set of data boundaries and controls are in place, with transparency around staffing authorizations and experience related to delivering services. Over the years I’ve led many engineering teams to build exactly this, so I’m speaking from experience of what’s possible. I’ve stood in customer executive meetings to detail how controls work and why the system was designed to mitigate cloud insider threats, including executives at the highest levels.

You should be especially concerned if management lacks an open and public resume of prior steps taken over years to serve the privacy needs of others, let alone management that lacks the ability to deconstruct how their control architecture was built from the start to serve your best interests.

What has been hard, especially through the years of Amazon’s “predator bully” subscription model being worshiped by sales teams, is keeping safety oriented around helping others. Tech cultures in America tend to cultivate “leaders” that think of innovation as separation; having no way to relate to the people they are serving.

The tone now seems to be changing as disclosures are increasing and we’re seeing exposure of the wrong things done by people who wanted to serve others while being unable to relate to them. Hoarding other people’s assets for self-gain in a thinly-veiled spin to be their “service provider” should never have been the meaning of cloud.

Did Enemy General Lee Delay Aid to Wounded U.S. Soldiers?

Yes. Yes he did.

And now for some American history to give much-needed perspective on the kind of information warfare tactics long used by white nationalists.

There have been many sad attempts over the last several decades to attach the term “butcher”, notably deserved by traitor General Lee, instead on U.S. General Grant.

The argument/propaganda tends to go like this: while Grant decisively defeated pro-slavery forces, even capturing multiple armies, too many people died when Grant pressed forward on battlefields to end the war quickly. Somehow Grant should have had fewer casualties while more expediently winning a war that Lee was intentionally making more brutal.

Think about the irony of this propaganda line meant to denigrate Grant.

The pro-slavery militant states seceded by declaring war and then blamed high casualty rates caused by their own leadership tactics (expressly ordering the butchering of U.S. soldiers) on…their sworn target of attack, the United States.

Who was the real butcher?

Also think about the fact that Grant not only was a brilliant tactician, he was the father of the civil rights movement after he ended war. He literally both stopped the pro-slavery Generals butchering Americans and then worked on a foundation of civil rights to protect against the tribal southern militias (e.g. KKK) trying to continue to butcher Americans after emancipation.

Let’s look now at Chernow’s seminal new work. He seems very decisively to neutralize the anti-Grant propaganda with some first-person source material. It establishes clearly how Grant thought deeply both strategically and tactically how to end the war quickly and minimize suffering:

Start with how Grant is described as reflecting upon battles solemnly, highly concerned with the rate of casualties after doing everything he could to be mindful and transparent of the costs.

“Grant” by Ron Chernow, p 406

Conversely then we see pro-slavery Confederate General Lee intentionally delaying aid to wounded soldiers who lay exposed and dying on a battlefield. The traitorous Lee maintained a butcher’s mentality through the war, using inhumane tactics against non-whites as well as dehumanization of those who fought to protect the U.S. from its enemies.

Chernow shows here how Lee thought bureaucratic delays to aid would help him maximize suffering of U.S. men, very overtly butchering them and leaving them to die in the worst conditions because he was “intent on teaching a lesson to Grant”.

“Grant” by Ron Chernow, p 406

I have yet to find regrets or similar thoughts in Lee’s writings that achieve the moral high ground of Grant. Instead I find repeated references to this “teaching a lesson” mantra, such that butchering Americans was a pro-slavery political terror tactic.

It’s easy to see why pro-slavery historians have for so long tried to project this “butcher” label onto the wrong man and away from those who had started a war to expand slavery Westward. Grant clearly had more quickly and decisively defeated Lee compared to anyone before him. The “heritage” revisionists hate Grant for that simple fact alone.

Lee’s leadership not only never managed to capture any forces (frequently murdering prisoners of war instead). His men (i.e. General Nathan Bedford Forrest) were infamous instead for cruelly deceptive and inhumane tactics during war and later starting the KKK to spread terror campaigns nationally after the end of official hostilities (i.e. to this day Forrest, Arkansas is named for the pro-slavery anti-American terrorist).

Let’s look next at General Forrest, known among pro-slavery groups as “The Wizard of the Saddle” (later named first “Grand Wizard” of the KKK). During war his reputation was built around things like escaping from battle by grabbing a “small” U.S. soldier as hostage and using him as a human shield.

His specialty was sabotaging U.S. supplies and communications, using deception tactics and deceit in what he described as “a heap of fun and to kill some Yankees”. Most infamously General Forrest drove over 2,000 pro-slavery forces towards U.S. soldiers in Fort Pillow on April 16, 1864, he twice waved a “flag of truce” at them.

Here two soldiers recall what they witnessed after Forrest stormed the fort and literally butchered hundreds of U.S. soldiers who were surrendering:

“Hymns of the Republic: The Story of the Final Year of the American Civil War”
by S. C. Gwynne, p 19

General Chalmers (Mississippi cavalry who later became known for using violent voter suppression to win a seat in Federal government) reportedly bragged about this event in words similar to General Lee that a butchering at Fort Pillow was intentional and to teach “the mongrel garrison” a lesson.

Harper’s Weekly described the situation in their 1864 news report as murdering women, children and civilians then mutilating the dead:

“Both white and black were bayoneted, shot, or sabred; even dead bodies were horribly mutilated, and children of seven and eight years, and several negro women killed in cold blood. Soldiers unable to speak from wounds were shot dead, and their bodies rolled down the banks into the river. The dead and wounded negroes were piled in heaps and burned, and several citizens, who had joined our forces for protection, were killed or wounded. Out of the garrison of six hundred only two hundred remained alive. Three hundred of those massacred were negroes; five were buried alive.”

General Forrest himself wrote, like Lee and Chalmers said above, that he was intent on being a butcher to send a specific message to the U.S. about white supremacy.

It is hoped that these facts will demonstrate to the Northern people that the Negro soldier cannot cope with Southerners

Fort Pillow Massacre, April 12, 1864 on the Mississippi River in Henning, Tennessee. Scenes of horror as pro-slavery militants butcher to death the U.S. soldiers who had surrendered.

In case it isn’t clear why we’ve slid into discussion of Generals of the pro-slavery rebellion beyond General Lee himself. The massacre at Fort Pillow was clearly widely reported and of much discussion in early 1864.

Widely reported. Clearly about being a butcher.

This run-up of events needs to be extremely clear because in July 1864 it was pro-slavery forces directly under General Lee who butchered Black U.S. soldiers trying to surrender and again afterwards as prisoners. Here are the recollections from the Battle of the Crater in Virginia:

“No Quarter: The Battle of the Crater, 1864” by Richard Slotkin, p 294

Who was the real butcher?

Those who ignore or revise history to denigrate Grant are actually hiding the pro-slavery mentality of excessive cruelty in battle and after. People have unfairly and intentionally attacked Grant’s reputation by projecting the crimes of Lee and his men for their own political gain.

Once people admit Grant is the one who stopped these butchers and their massacres and inherent inhumanity of pro-slavery forces, it could open the door to some other very relevant facts about white nationalists and why they continue to be threats to the U.S. even today.

Grant emancipated his slave before war, then rose through ranks to win the war, then started a civil rights movement and wrote a memoir that admitted faults and fears for a lasting peace to be achieved.

Lee threw away his citizenship so he could start a war to expand the enslavement of humans, and repeatedly left thousands of men dying in great pain for his unjust cause, leaving a legacy of white supremacists who to this day try to defame and denigrate the real American heroes.

Who was the real butcher?

Greenwald provides further analysis of how Grant was brilliant and determined with his strategy, which meant he accepted criticism, while Lee romanticized blunders and infamously would shine his boots sooner than check the welfare of his troops.

Approximately a year earlier, in July 1863, Lee launched a massive assault against Union forces near a small hamlet in southeastern Pennsylvania. That assault, labeled “Pickett’s Charge,” cost Lee’s forces approximately 6,000 men. Yet, that charge has been romanticized and remembered more favorably, and is part of the lore of the fallen Confederacy. Meanwhile, Grant’s assault gave him the moniker “The Butcher.”

Delving even further, Grant had also launched a massive assault against a protruding salient at Spotsylvania Court House. That one broke the Confederate line, ushered in 18 hours of fierce hand-to-hand combat and almost resulted in breaking Lee’s army in half. Grant is not remembered as a butcher for that action.

A “butcher” does not have strategic vision and would continue to batter his head against an entrenched enemy, continue to throw men recklessly against his position. Grant, however, did have a vision: destroy Lee’s army. And if Cold Harbor did not offer that opportunity, then another place of his choosing would.

Grant was no butcher. Chernow closes the case on this, with Grant himself explaining why the title could never fit:

“Grant” by Ron Chernow, p 408

Now if we could just get journalists to stop repeating the “butcher” propaganda, and instead fairly depict Grant for the humanitarian leader and brilliant military mind he really was who earned global respect for his values and achievements.

This “On to Richmond” painting by Mort Kunstler was commissioned by the Army War College Class of 1991. It depicts Lt. General Ulysses S. Grant on the field during the Battle of the Wilderness, Virginia, May 5-7, 1864. Major General George Gordon Meade, commander of the Army of the Potomac, is to the right of Grant. Grant’s horse was named Cincinnati; Meade’s was Baldy (sometimes called Old Baldy). The red, swallow tailed flag is the Army of the Potomac Headquarters flag. Meade’s forces had crossed the Rappahannock River on May 4, but were forced to stop in the area known as the Wilderness to wait for the supply train to catch up. Confederate General Robert E. Lee resolved to attack the Federal forces while they were in the difficult Wilderness terrain. Fighting was so intense the trees and underbrush in many places caught fire, the glow of which can be seen in the background. (Photograph by: Megan Clugh, USAWC Photographer).

Why Your Toaster Has a Firewall

Presentations I have given over many years about cloud safety will reference the fact a ground fault circuit interrupt (GFCI) made toasters safe.

My point has been simply that virtual machines, containers, etc. have an abstraction layer that can benefit from a systemic approach to connectivity and platform safety, rather than pushing every instance to be armored.

The background to the toaster safety story is actually from a computer science (and EE) professor in the 1950s at Berkeley. He was researching physiological effects of electric shocks when applied to humans and animals to (pinpoint exactly what causes a heart to stop).

He narrowed the cause of death enough to patent an interrupt device for electric lines, which basically is a firewall at a connection point that blocks flow of current:

The first regulation requiring GFCI was for electricians working on swimming pools:

GFCIs are defined in Article 100 of the NEC as “A device intended for the protection of personnel that functions to de-energize a circuit or portion thereof within an established period of time when a current to ground exceeds the values established for a Class A device.” Class A GFCIs, which are the type required in and around swimming pools, trip when the current to ground is 6 mA or higher and do not trip when the current to ground is less than 4 mA.

Fast forward to cartoonists today and some obviously have completely missed the fact that selling consumers a firewall for connected toasters is a 50-year old topic with long-standing regulations.

US Federal Gov Passes Cyber Hunt Bills

Senate Bill 315 has just passed following House Bill 1158 earlier this week.

DHS Cyber Hunt and Incident Response Teams Act of 2019

Already it has Senator Schumer of New York literally screaming that he is…

AIMED AT PROTECTING UPSTATE NEW YORK SCHOOLS FROM MALICIOUS RANSOMWARE.

The SB315 list of authorized tasks for a DHS hunt and response team is as follows:

“(A) assistance to asset owners and operators in restoring services following a cyber incident;

“(B) identification and analysis of cybersecurity risk and unauthorized cyber activity;

“(C) mitigation strategies to prevent, deter, and protect against cybersecurity risks;

“(D) recommendations to asset owners and operators for improving overall network and control systems security to lower cybersecurity risks, and other recommendations, as appropriate; and

“(E) such other capabilities as the Secretary determines appropriate.

Call me pedantic but using the word hunt in the title (as in kill, typically in reference to the 2011 Lockheed Martin militaristic model for response) seems a bit over the top.

In the 1990s the USAF used to talk openly about their kill chain and the role of hunt. Here’s an example from 1994 Theater Missile Defense (TMD) appropriations transcripts (p 251):

The key functions of the TMD kill chain are to detect, track, target, engage, and assess…

Ten years later the U.S. government was working on what it called a hunter-killer program to fly into remote territory and destroy sources of threat.

The U.S. Air Force is probing the aerospace industry for its concepts for a new class of armed, long-endurance unmanned aircraft, called Hunter-Killer

By 2011 (remember that Lockheed Martin paper publication date?) the U.S. government was claiming hunter-killer programs using kill-chain were a huge success:

…special operations forces have honed their ability to conduct manhunts, adopting a new targeting system known as “find, fix, finish, exploit, analyze, and disseminate.” They have adopted a flatter organizational structure and collaborated more closely with intelligence agencies, allowing special operations to move at “the speed of war”…

The hunt model was lauded as a form of authorization, streamlining towards smaller secretive teams trusted with quick and lethal capabilities “over the fence” as Harvard lawyers infamously had envisioned decades ago.

And thus the information security industry naturally became susceptible to this military mindset, adopting hunt language not least of all because USAF veterans were landing jobs in civilian security firms and bringing a killer vocabulary along.

As ominous as the militant “kill” steps sound to unleash upon an upstate New York school, in computer software terms they remain basically incident response activities. Probably they could have fit easily under a public-private Computer Emergency Readiness Team (CERT) expansion without invoking “hunt” authorization.

It does seem possible “E” leaves the door open for much broader remit including active defense and hack back for hunt teams to go after attackers, though, at “the speed of” cyberwar.

Another Echo company (Army 160th) already has kind of established that reputation.

So maybe I’m underestimating what is going to be done by DHS here, and hunt will become an operative word for kill chains even inside schools where kids are meant to be learning and experimenting.

What DHS “echo company” could look like, as they hunt in US schools for ransomware.

Why Does NYC Hate Cycling to Work?

The mythical NYC bike commuter in a car-dominated toxic landscape

The other day I pointed out a strange disconnect between transit safety models in Holland and NYC.

While the Dutch claim their density is what causes their cycling safety, there’s no such effect in the US. San Francisco is far less dense than NYC yet far more progressive in terms of cycling safety.

Amazing analysis coming in from CityLab confirms the US has something else going on:

San Francisco tops the ranking of large metros in the index, followed by Boston and New York. What’s interesting is that the New York metro leads on three of the four variables of the index. It has far and away the largest share of households who report no access to a vehicle, 22 percent. (That’s more than three times the share in both San Francisco and Boston.) New York is also the clear leader in the share of commuters who use transit to get to work, with more than 30 percent, almost double San Francisco’s share. And it has the edge on the share of commuters who walk to work, roughly 6 percent.

But New York has a far smaller share of commuters who bike to work. It even fails to crack the top 10 on this metric, coming 101st out of 382 metros, or 22nd out of 53 large metros.

Full disclosure: I have commuted by bicycle in cities around the world all year through wind, rain, snow, sleet…up hills and down.

The reasons against cycling to work in NYC definitely are not topographical or weather related. San Francisco obviously is hilly and many other cities have comparable temperatures and precipitation than NYC.

56% of Copenhageners ride a bicycle for transport daily. 75% cycle all winter.

“Rush Hour Copenhagen” by Mikael Colville-Andersen

The core reason, I believe, is the politics of NYC and how they perceive personal power accumulation measured by dollar bills in their bank accounts to be inversely related to the health of the environment they commute in/through.

The city has a pollution-loving history with a huge “we’re busy trying to get rich/famous, leave us alone” lobby that claims doing the right thing for “others” is economically unfeasible in their list of priorities.

The term “economic feasibility” has been subject to debate in the past. When the city banned styrofoam, it said that recycling the stuff was not economically or environmentally feasible. Restaurants and other industry sued in disagreement — and it took several more years and some back-and-forth in the courtroom before the ban was finalized.

The typical NYC powerful resident would go to the gym and spin to look “better than others” in work or personal life, but has little interest in getting on a bike for the same workout when told it results in making the city a better place to live for others.

Anthropologists can probably explain why trains have escaped this dilemma, and it likely just has to do with momentum (Victorian cycling trends that benefited women most can be wiped off the streets in a day by car lobbyists, but it takes a lot more to kill popular yet unprofitable trains).

This of course is not saying NYC has no residents concerned with the environment.

It is to say the people who care have very little political power in a city filled with Napoleonic Ubermensches who blatantly ignore the genius lessons of Grant’s anti-Napoleonic ethic (memorialized yet disrespectfully hidden away at 122nd Street) and instead believe they must constantly be stepping on others to get ahead.

The city’s Five Borough Bike Tour shows how good-intentioned people of the city are so disenfranchised they have exactly the wrong attitude, marketing safe cycling as some kind of weird special event:

The idea of seeing all five boroughs in one day and seeing the streets shut down is such a unique opportunity

First, the streets aren’t shut down. They are being used more effectively. Stop calling proper use of streets to maximize throughput a shutdown.

Second, people are restricting their movements because cars make it so painful to go any distance let alone the magic 30 minute commute in a city that’s pushing a sad 40 minute average. Five boroughs is not actually much distance to cover in a day.

Third, this should not be seen as a unique experience. It needs to be a monthly event if not weekly. A single day for cycling to be made safe is pathetic in a city that claims it wants always to be “on” and alive.

I’ve written before about the benefits of cycling in cities and the bottom line is the economics are clear and simple. What’s unclear is who in NYC has the political power and sense to do the right thing?

The real story presented by Citylab data is bicyclists must find a LaGuardia-like talent to overcome NYC power culture now rooted in the self-gain mindset of cars that brings willful disregard for others’ safety and health.

Here’s what the National Motorist Association said to block NYC allowing multi-passenger high-density traffic priority over individuals in cars:

…what is really tedious is that we are not allowed to drive, but you expect money from motorists…

That’s crazy talk (absolutism and a fallacy), given how redirection from one street in an entire city doesn’t mean cars are being banned from all streets.

Think about what the motorist association is claiming: a single person who pays any amount of money demands that they are entitled to blockade hundreds or even thousands of others on the street just because they like to sit in public inside a private inconvenience box.

Thinking inside the box. Cyclists demonstrate the stupidity of cars

Drivers were being told they would have to avoid a street (small inconvenience) where a dedicated bus lane was being created for greater good… and that car association said no way would they allow smarter traffic planning if it takes away one inch of asphalt for them to generate harms, because they’re wealthy.

This is not an isolated case according to repeated psychological studies of motorists:

Psychologists Dacher Keltner and Paul Piff monitored intersections with four-way stop signs and found that people in expensive cars were four times more likely to cut in front of other drivers, compared to folks in more modest vehicles. …expensive cars drove right on by 46.2 percent of the time, even when they’d made eye contact with the pedestrians waiting to cross. Other studies by the same team showed that wealthier subjects were more likely to cheat…

If I were the city, I’d point out that motorists are heavily subsidized already and thus stealing from others by not paying nearly enough for the damage to infrastructure they cause:

American Infrastructure is crumbling. The ASCE has given American infrastructure a “D+”. It could cost almost $5 trillion to fully fix and upgrade American infrastructure. Congestion charging systems could potentially raise billions of dollars per year.

Here, let me frame (pun not intended) this another way: if a car is on the street then that street in NYC should be declared shut down.

I mean if we use that first point of the Five Borough Bike Tour properly, when cars use the streets the streets are effectively shut down and highly polluted (from brake dust to exhaust it’s a huge mess with slow cleanup).

People forget how influential and successful LaGuardia was dealing with the predatory and selfish mindset in NYC, and that his rural experiences and humanitarian values arguably are what made his vision of the city so great.

When will the next LaGuardia ride into town?