From the history of a Japanese soldier, comes insight into Americans today

In the Spring of 1974, 2nd Lt. Hiroo Onoda of the Japanese army made world headlines when he emerged from the Philippine jungle after a thirty-year ordeal. Hunted in turn by American troops, the Philippine army and police, hostile islanders, and eventually successive Japanese search parties, Onoda had skillfully outmaneuvered all his pursuers, convinced that World War II was still being fought and waiting for the day when his fellow soldiers would return victorious.

Related: two countries in Europe took a very long time to rid themselves of fascism.

In other words, some Americans may still believe that… their country is meant only to be ruled by a small group of elite white men (as one 1868 presidential candidate ticket still proclaimed after Civil War).

I hate pie charts, so have a good look at these numbers and see why some Americans seem to be acting like an Onoda:

• 38-40% of Congress are millionaires
• 77% of Congress are white (62% white men)
• 24% of Congress are women (House 24%, Senate 25%)
• 80% of Congress are over 50

Speaking in round numbers that’s 80% white men over 50, and half of those are millionaires. Some Americans are very concerned about rich white men losing control.

In 1868 the KKK issued threats of violent lynching to any white men found to have voted for an anti-racist presidential candidate (women couldn’t vote and blacks would be lynched no matter who they voted for…).

Also in 1868 presidential campaign terms, the campaign language used was far more direct:

Don’t forget that 1868 was AFTER CIVIL WAR ENDED.

Although the “let only white men rule” insurrectionists lost that election in 1868 (after losing their war in 1865) did they really surrender?

In 1916 the KKK won the presidential election using an “America First” campaign (marked by “wholesale murder” of black Americans, as well as a pandemic) and they did it again in 2016.

People keep saying Washington DC violence from militias is a new thing to prepare for, yet who remembers 1960s and early 1970s saw repeated attacks on US capitol by violent domestic groups?

The FBI records have details of the groups involved, including one that used bombs on Capitol Hill, and how they were defeated (presumably then fading from memory).

…credit for 25 bombings—including the U.S. Capitol, the Pentagon, the California Attorney General’s office, and a New York City police station.

Hearings by United States Congress, House Committee on Post Office and Civil Service in 1971 give a pretty succinct description:

I’ve been asked, perhaps in jest by those reading my SS blog post, whether the Columbia logo is a swastika because it also has four quadrants (it’s not).

…founded in 1938 [a year after largest shirt factory owners Paul and Marie Lamfrom were forced to escape Nazi Germany], used a simple wordmark until the introduction of the geometric emblem in 1978 [by Gertrude Boyle, daughter of Lamfrom and wife of Columbia President who died suddenly]. It was a rhombus, composed of eight equal rectangles, which aimed to represent the woven textile.

It should be noted here that 1978 was a year after a company named Pinwheel was founded to create children’s television. Two years later Pinwheel was renamed Nickelodeon (as you probably would recognize it today), but Columbia kept their pinwheel logo.

I mean what if Gertrude, like a lot of people in the 1970s including a children’s network, thought that pinwheels meant fun and pretty things? And she wanted to convey woven threads so she gave hers a textile look? Here are some other similar examples:

In that case what we see may be little more than accidental framing, which reminds me of the many examples of unfortunate errors like this one by Target.

Arguments against mine are that from certain angles the Columbia pinwheel can in fact resemble the swastika when poorly knitted.

Here’s someone clearly shocked to realize just how bad Columbia manufacturing (or doctored images) can get — and hopefully nobody really wants to argue here low quality and sloppy knits are carefully planned:

It’s a terrible outcome, yet I maintain this is far too apocryphal for people who fled Nazi Germany to restart the same business in America, their daughter to next use the symbol of her parents’ persecutors as their logo, which shows when product quality declines.

She may have been unintentionally influenced by the pain of swastikas, or intentionally influenced through the pleasure of pinwheels; in either case I see nothing yet to justify the case she wanted to spread Nazism through cheap socks.

Dare I say… it’s a stretch.

I mean that’s a bit like asking me if every single pinwheel or rotational quadrant we see (common design in history) is a swastika. For example, here’s the Stanford-born Sun Microsystems logo in 1982, arguably designed while he was staring at the Columbia logo on his jacket.

And here’s another Stanford-born technology company logo (Google).

I’ve roundly criticized Stanford, yet I do not see in any way how these pinwheel logos of theirs symbolize that school’s genocidal heritage.

In that context, some symbols are just so obviously obvious (and meant as such) we shouldn’t even have to discuss them.

Clint Watts today tweeted a report to Telegram worth mentioning:

.@telegram – there’s an issue on your platform, a channel posing as the President (presumably a fake or hacked account) is inciting violence and advocating that Biden should be killed. The channel has >350K members. Might want to take a look. (trump_33)

33 means the KKK, as documented in federal trial for 33 year old Alexander DeFelice.

“The eleventh letter of the alphabet is K,” Nill told the jury explaining that “three times 11 is 33.”

It’s not a swastika, it’s as bad or worse because of context.

That 33 alone should have been the red flag loooooong before inciting violence and advocating death started to flow, and even before it had followers.

This isn’t rocket science.

In a similar vein, hate groups in America are waving flags and using symbols that very clearly show intent to do harm.

It’s illegal. So why aren’t they being arrested?

Armed ‘militias’ are illegal. Will authorities finally crack down…? 29 states have criminal statutes outlawing private militias…. These laws have been tested in the Supreme Court dating back to 1886…

It’s not that hard to see where this line is drawn and when speech is not protected in America. Don’t believe anyone who says speech is unrestricted. That is false and the courts have said so many times in conviction of criminals trying to hide behind speech laws.

We’re way past the time to reject the platitudes of seemingly incompetent big tech security officers who’ve argued that telling them to block imminent harms makes their product Orwellian.

Not having power sure can suck. We should aim to keep power flowing unless we’re talking about being killed by power. Then shut it down BEFORE the killings.

…his company had been able to limit ISIS’ use of their network, technical and legal reasons meant they couldn’t apply the very same measures to far-right extremists. But after several more social media-linked mass killings — Christchurch, El Paso, etc. — what he’d said was “impossible” suddenly became possible.

It’s why we have ground fault circuit interrupts (GFCI), amiright?

…trip quickly enough to prevent an electrical incident.

When a trump_33 comes down that pipe… interrupt. Again, this stuff is not rocket science.

Dave Troy provides a long thread on Twitter explaining the roots and objectives of Parler, a technology platform. He also boils it all down to this single Tweet:

Non-descript tech bro randomly meets ostensible Russian honeypot, travels to Russia, marries her, then returns to US to start a whacko social network with explicit political aims, in partnership with Russia aligned ops…

This should have been the description in the app store, along with a note that it’s funded by:

…conservative hedge-fund investor Robert Mercer and his daughter Rebekah.

This data also should be presented to anyone claiming they both care about censorship yet also demand their views be posted by others, as these are quite contradictory; sentiments the Russian military intelligence plays upon.

Baseless demands to have one’s own views posted on someone else’s site tends to bring to mind the openly pro-Nazi organization in 1933 called Friends of New Germany. Led by a man named Spanknoebel, he was tasked by Nazi Germany with merging older organizations of Gau-USA and Free Society of Teutonia. They then engaged in violent anti-freedom activities such as physically attacking a German language New Yorker Staats-Zeitung with… demands that pro-Nazi views and pro-Hitler propaganda must be published.

“We must succeed, for heaven is with us,” Spanknoebel declared in his address. “We have honest men for leaders. There are no pogroms in Germany, but the Hitler regime is showing us an entirely new way of dealing with the Jewish question.” […] Spanknoebel assailed the proposed Dickstein investigation bitterly and placed Hitler on a parallel with President Roosevelt for leadership. Dr. I. T. Griebel, president of the local branch of the Friends of the New Germany, attacked Bernard Ridder, publisher of the New Yorker Staats Zeitung….

Trouble at the meeting had been freely predicted for several days.

Hopefully everyone can see freedom of speech does not in any way mean the right to violently attack a publisher and demand they publish pro-Nazi propaganda, which has been tried before in America and fortunately failed.

And going to Parler does not in any way mean supporting freedom of speech. That just sounds to me like a repeat of when radio broadcaster in the late 1930s Paul Ferdonnet exiled himself to Nazi Germany.

After WWII ended he was tried, convicted and executed by France as a war criminal. His allegiance was with personal power and hate, not his own country, population or its democratic institutions.

A very long time ago I was in Chicago meeting with the man who wrote the security system for IBM’s AS400. I asked him “but why a Q” as we discussed the QSECOFR user account (Q Security Officer) used to manage the system.

He said it was a rare letter, denoting something special, and I had no reason to doubt him. This man claimed to have created the system for IBM and chose a Q for the simple reasons he said.

It’s true Q is rare. There’s only one Q tile in Scrabble and it has 10 points assigned (highest possible).

And it’s true such a letter would seem unique and distinctive and therefore sensible for special system communications.

Then many years later I was sitting on a train as the whistle blew several times when a pattern suddenly sounded familiar…

Two longs, a short and a long: – – . – (LLsL)

In international Morse code that signal pattern is the letter… wait for it… Q.

I did some searching and sure enough Union Pacific guideline (PDF) says Q is designated as crossing warning:

5.8.2 [7] Sound: – – o – Indication: When approaching public crossings at grade, with engine in front, sound signal…. Prolong or repeat signal until the engine completely occupies the crossing(s)…

Prolonging the signal until the engine is in the crossing probably explains why a letter would be preferred that ends in long instead of a short. Engineers can just hold the signal open until they’re well positioned.

However, I needed more. So from there I poked around the history of Q-codes in Morse, a list of special communications started around 1909 to facilitate transmissions.

Here’s part of a table of 1912 in a UK government handbook of wireless showing some of the basics (initially just 12 Q codes):

These days on video calls we say “your mute button is on” and “you’re breaking up” but a few decades ago radio operators could use codes like QLF (Q Left Foot) to indicate “try sending with your LEFT foot” and QNB (Q Number Buttons) for “How many buttons does your radio have?”

Amusing of course, yet still no deeper meaning for Q. It did little more than backup the story that IBM had used Q to emphasize uniqueness in system communications.

A book from 1952 called Thudbury however, gave this funny explanation:

I’ve heard that signal started on the Chicago, Burlington & Quincy line that everybody calls the ‘Q’ and just spread…

A similar sounding story from geography is found in a history of Britain’s Q fleet (“naval vessels that officially didn’t exist; the mystery ships of World War One”) designed to deceive, trap, and destroy German U-boats:

While in the dockyards, the mystery ships were known under various names, from decoy ships, which gave the game away somewhat, to “Q-ships”, or “S.S. (name)” ships. The “S.S.” in this case stood for “Special Service (Vessel)”. The “Q”, it’s suggested, was because they were operating from Queenstown, now Cobh, in Ireland.

Neither Queenstown for ships nor Quincy for trains are very convincing origin stories. A more likely possibility to me is that use of a Q flag on ships (yellow jack, Quebec) is an old signal meaning “I am ready for boarding” in harbor (a formal request for “free pratique“).

…ships signal either “My vessel is ‘healthy’ and I request free pratique” with a single Q (Quebec) flag or “I require health clearance” with the double signal QQ (Quebec Quebec). Either is correct for a vessel yet to be cleared for pratique (pratique is permission to do business at a port, granted to a ship that has met quarantine or other health regulations). The Q (Quebec) flag is square in shape and pure yellow. Continuing to fly either of these signals indicates a vessel is yet to receive clearance (and is thus effectively in quarantine).

Thus a Q ship in 1914 also could have been a play on words; an invitation to the enemy to come closer and be ambushed.

Further to this point Q also may stand for Quartermaster, the person on ancient ships designated to lead a boarding party to another ship across the aft (quarter deck).

It’s an interesting point to consider how Q for ships meant ready for boarding by local authorities (“effectively in quarantine”) when entering a harbor, yet Q for trains was taken to be the opposite and a warning for everyone to move away from them. Or are those two the same thing?

Some theories on the Internet include bits of Q stands for the Queen Victoria in England and royalty on ships or trains would use a Q to indicate their right of way.

According to W. M. Acworth in The Railways of England, whenever the Queen travelled by train, special precautions were taken. All work along the line was stopped, the points were locked, trains going in the opposite direction were halted and level crossings were closed and guarded.

Here’s another version in video format:

Back in the time when the queen traveled by ship in England, ships with the queen on board would do this sequence on the horn to announce to other ships in the harbour to get out of the way. When the queen switched to railways, the same signal followed and the Engineer
would do the sequence coming into a station to allow some space for Her Majesty.

The problem I have with these royal takes is nothing yet seems to actually support such use for the letter Q (why not use K for King?). And that is not to mention ships and trains seem to have landed on opposite ends with their uses for Q.

Speaking of Queens and right of way, the Q was repurposed recently allegedly by someone with a signals or intelligence background who called themselves “Q Clearance Patriot” in reference to DOE’s Q level of access authorization

The DOE classifications for access come from the end of WWII when a newly created Atomic Energy Commission (AEC) was faced with qualifying lots of civilian workers. A book called Advanced Criminal Investigations and Intelligence Operations explains:

This is not to be confused with the Army Special Forces Q Course (SFQC) for qualification.

And it now amounts to be a symbol of fascism extensively used by right-wing groups to signal intentions to replace democratic norms of law and order with “permanent improvisation“.

Here you can see an infamous image posted by the White House on their Twitter account showing Florida law enforcement and US Vice President are all smiles around a very prominent red “Q patch”:

What does he mean by wearing that particular Q?

QAnon’s conspiracy theory is a rebranded version of the Protocols of the Elders of Zion… The world has seen QAnon before. It was called Nazism. In QAnon, Nazism wants a comeback.

That man in the image I suppose to be a physical manifestation of someone who wanted to elevate to QSECOFR by applying a fascist Q symbol to himself yet instead “he ‘discredited the agency, the country and himself’” and lost his system privileges.

---

Update January 11:

I’ve been asked several questions privately about this so I’ll post answers here publicly in case others have the same interest.

1) What about the Q hypothesis of Christianity?

I don’t know but that’s a very interesting twist based on an English Bishop (Herbert Marsh). Q Anon then could be a pun by Christian Party (Nazi) adherents to myths rather than just something to do with alleged authorization in US government. Even if Matthew and Luke were independent yet used a common document, the Q hypothesis is indeed about a secret source for faith.

2) How hard is it to find Q Clearance Patriot?

This begs the question of whether such a person exists, or is an intentional fabrication and myth (see answer above) managed by several people and their associates. It also begs whether the right people are motivated to find any person(s). It’s not that hard to find a person when they make mistakes, and everyone makes mistakes, so the right people just have to be watching to capture and respond to the error.

A new article about the philosopher Wittgenstein’s passion for reading crime stories has an important insight into both the man and his methods, very applicable to recent breach news:

That a crime has been committed, [The Maltese Falcon author] Hammett knew, does not necessarily mean that a plan has been carried out. Plotting and scheming are things people usually do in response to a crime, not in preparation for one. And since most crimes are not clean in the first place, their solutions probably aren’t either. To search for logic in a murder case is to expect to find what was likely never there.

In other words, as the article continues to describe the genius of Wittgenstein, someone seeing pieces of an attack can lead to an urge to paint a picture that may not even exist.

The philosopher achieves clarity, Wittgenstein [in his later writings] believed, by discarding generalizations and focusing instead on concrete circumstances. […] Just because you have pieces does not mean you have a puzzle. It is enough to describe accurately. Attempting to explain only compounds the confusion.

I have to set aside some of the article (ironically) because it seems to draw conclusions askew from the facts and fails to describe accurately.

For example it brings an overly Western perspective that ignores insights and great similarity between Wittgenstein and Islamic and Jewish philosophers, such as this phrase:

His claim was not that these things don’t exist but merely that words can’t touch them.

The claim by Wittgenstein could have been to inspire beauty through attempts to approach what he saw as impossibly hard to achieve.

To come up short in achieving a connection with God, that is to say, does not mean someone “can’t touch” God unless they become stuck in a binary mode where lack of perfection is failure instead of a proof there is need to try for perfection.

I suspect someone more familiar with Talmudic thinking (Judah versus Joseph) would not have described Wittgenstein as saying “words can’t touch them” in such a cold manner emphasizing only failure.

Indeed, three out of four of his grandparents were Jewish, which would have made things far more difficult for him had his family not claimed to be Catholic and paid large ransoms to the Nazis.

Anyway, I bring these words to light here because it offers a very different approach from what I’m seeing in the news. I mean people like Clarke and other “hawks” seem to suggest the SolarWinds breach is a case of war, when that is not at all what the puzzle pieces of this crime thriller suggest.

As former Bush Administration official Theresa Payton told Fox News, “This vulnerability allowed these nefarious cyber operatives to actually create what we refer to in the industry as ‘God access’ or a ‘God door,’ giving them basically any rights to do anything they want to in stealth mode.”

Ok, ok, stop just a minute. Who says God access or God door? Wat.

We all say got root. Nobody, and I mean NOBODY, says “got God” with the intention of talking about privileged system access.

The closest thing has to be a Microsoft control panel shortcut {ED7BA470-8E54-465E-825C-99712043E01C} that users called God mode, even though it is just a stupid desktop link to the settings a user already is authorized to use.

That’s like saying God mode in your car is when you check the oil using a dipstick.

God doesn’t have an account on systems, and there’s no God mode, since even if you believed in God he wouldn’t need these things. Duh.

What is wrong with Bush Administration people being so nutty that they bring some random God complex into even a computer security topic instead of talking about root and admin or… QSECOFR?

Anyway, back to Clarke doing his usual hawkish Clarke thing:

“This is not just about an espionage attack,” said Richard Clarke. “This is about something called preparation of the battlefield, where they’re now able, in a time of crisis, to eat the software in thousands of U.S. companies.” More than 20 years ago, Clarke was the nation’s first cyber czar, working initially in the Clinton White House and then under George W. Bush. “Sunday Morning” senior correspondent Ted Koppel asked Clarke, “When you hear people talk about this as being purely an intelligence operation, you accept that?” “No, I don’t,” he replied.

Eat the software. Ok since right-wing libertarian venture capitalists infamously said they predict software would be eating the world… does this mean the Russians eating the software would be eating the world?

I’ve heard Russians are starving, but this sounds ridiculous.

Preparation for the battlefield is an interesting twist of language, as that’s surveillance by another name, but the whole eating software concept doesn’t fit a battle narrative.

Clarke then pulls out an old American scare tactic as he clarifies further.

Clarke said, “What has occurred is, again, preparation of the battlefield. There’s not been a lot of damage because of SolarWinds. Maybe some information was stolen, but nothing has been damaged yet.” “Yet!” said Koppel. “But if I didn’t misunderstand what you said before, the Russians are really no more than a few keystrokes away from implementing exactly that kind of damage on, as you put it, thousands of American firms.” “That’s right. And we do not have plans or capability today to quickly come back after that kind of devastating attack,” Clarke said.

A “few keystrokes” takes us all the way back to the “whistle tone” phreaker hysteria of the 414s from the 1980s… as gleefully retold by Kevin Mitnick in his interview with the Russian state propaganda rag.

The government obviously labeled me with these terms, like “terrorist”, and they locked me up in solitary confinement because they said I could whistle into a telephone and launch nuclear weapons. Basically, I became the example, and they created this myth of Kevin Mitnick to scare the public. But if the truth be known, I was fascinated with technology and telephone systems, and I became a hacker more for the exploration, for the seduction of adventure and pursuit of knowledge. I was able to compromise a lot of stuff, like, for example, most of the telephone companies in the U.S. and stuff like that, but it wasn’t to do damage or to sell to a foreign power or anything like that; it was more for my intellectual curiosity – and I ended up getting in a lot of trouble for it, I ended up getting sent to prison for 5 years. Four of those years were without trial.

Four years in jail without trial is the scary part of that story and probably why the Russians like spreading it around so much.

Now in direct comparison, think about Clarke being a self-proclaimed proponent of poisoning upstream American technology in the supply-chain because Russia was stealing. He kinds of tells it like “serves those evil Russians right” that a gas pipeline exploded the in 1980s.

Just to be clear here, I’m not saying that was an actual cause-effect. In fact there has been much disputed about the facts.

What I’m saying is that I stepped into an elevator with Clarke once and asked him to explain the ethical differences between the Trans-Siberian pipeline explosion in June, 1982 and the San Bernadino explosion in 2010 (not the 1989 one, of course).

Seriously, it was me and him riding down four floors and that was the first thing I blurted out…

Clarke was visibly angry and dismissed my question quickly by assuring me he knows very well how the US absolutely was behind the Russian pipeline blowing up, duh.

His logic to me appears blinded from over-emphasis on trying to build a picture he wants us to see rather than looking at the actual pieces of puzzle in our hands (and may in fact never achieve that picture he wants).

He jumps right towards painting the worst risks of gaining high-level authorization, the kind of slippery leap which has some pretty big negative precedents in national security games domestically and internationally.

If someone has achieved root access, he suggests to us, then direct preparation for war is happening if not becoming an act itself. That’s wrong on the face of it, right?

Clarke pushes a war alarm repeatedly like he’s auditioning for a remake of Dr. Strangelove.

This whole thing is counter-factual when you apply even a simple case of a house and door with a key. Someone has infiltrated the lock factory, such that they can produce a key and walk through your home without you knowing. Nothing is damaged, nothing is destroyed.

Interesting history tangent here: A mole in the CIA was suspected when a lock in a Russian apartment door was turned and the owner had to break into his own place…

As soon as Gordievsky landed in Moscow, he picked up signs that he had gambled wrong. On the front door of his apartment, someone had locked a third lock he never used because he had lost the key; he had to break in. Clearly the KGB had searched his flat.

Did the intruders put a secret door in, or a hidden way to bypass your locks, so they could come back later and burn your place down, or prevent you from getting in (e.g. ransomware)?

Was the act of entering and achieving high authorization the same as one of war?

Reminder: “slippery slope” is a logical fallacy. Please don’t start arguments by saying there’s a slippery slope as it’s self-invalidating. I hate seeing that. People seem to think it makes their argument better, like starting with “here’s a straw man I built and now am going to burn.” Just stop that.

I don’t think anyone can, or has, proven yet such regularly invasive acts of surveillance rise above espionage into far worse things, given all that has been said so far about the SolarWinds Breach details.

At best they’re saying the places entered are untrustworthy and must be rebuilt, something less like Stuxnet (which did actual damage), and more like… well more like every day business continuity planning.

To put it another way, the capability to rebuild the environment is desperately needed right now to restore trust, and the US government was supposedly ensuring that everyone is doing disaster recovery planning.

The environment is untrusted mainly because it isn’t being rebuilt fast or often enough.

It would be like describing Pearl Harbor as a disaster because it was a fly-over event in preparation of bombing, instead describing the actual bombing. Pearl Harbor was the day of dropping bombs and shooting that crossed the line, right?

To be historically accurate (as I’ve blogged about here before), Pearl Harbor’s incoming attack planes were detected by the latest technology but nobody talking about Pearl Harbor is really talking about that part much.

At best people call all the ignored radar signals and missed footsteps very unfortunate, not unexpected.

And so here comes the real issue as documented already by many other security experts: the US is using surveillance and espionage all the time including (sometimes necessarily) privilege escalation and root-level authority in order to protect itself (not necessarily preparing the battlefield for attack).

• “Everybody Spies in Cyberspace. The U.S. Must Plan Accordingly.”
• “It wasn’t a cyberattack in international relations terms, it was espionage… problem is that both espionage and cyberattacks require the same computer and network intrusions, and the difference is only a few keystrokes.”

Both of the above references are well-reasoned analysis worth reading.

Saying SolarWinds is breached also begs the uncomfortable question of whether the US already had secret access into SolarWinds (let alone all the other American “monitoring” and database companies) or will now use the same access for its own purposes.

More broadly, cleaning upstream vulnerabilities from dependencies and getting service and support doors (some call them back doors) out of products is a long-time herculean task in security for American technology, which may be impeded by American surveillance efforts, and not some sudden exceptional state we stumbled upon.

It is the stuff of repeated internal warnings, like Facebook being a disaster in 2014 and then hiring someone manifestly unqualified who then caused even greater harms to the world and got rich doing it.

Nothing here is really surprising except how little emphasis has been on tearing things down (Facebook really should no longer be allowed to do business and their disgraced ex-CSO should be in jail). Focus needs to shift to building better than such existing Fawlty Towers.

Like the industrialization dangers we look back on with horror today, SolarWinds being a danger is the norm for a lot of American tech that jumps into shortcuts and margin boosters in a cut-throat race driven by mathematicians counting beans more than philosophers explaining why they just don’t add up.

Microsoft’s founder famously said he didn’t want security because it didn’t make him money and admitted in 2001 he ignored years of prior warnings (getting towards the true foundation of the SolarWinds breach, Microsoft’s anti-government big margin low quality pedigree).

“In the pre-2001 days [when disasters were constant, yet not named things like CodeRed], Gates was the biggest reason why Microsoft was having so many security problems,” said John Pescatore an analyst at Gartner Inc…”I think they expected an overnight shift in terms of perception [when they suddenly confessed to decades of intentional harms]. It didn’t happen,” [Forrester analyst] Kark said. “It’s been more than six years, and it’s only now that we are starting to see Microsoft being recognized as a company that values and understands and is responding to security issues.”

The Grover Shoe Factory disaster is a great comparable study in how badly America managed safety in its manufacturing processes for industrialization, and what really changed afterwards.

Hint: it was not only the ability to more quickly transition off faulty technology, found during required quality audits, it also was partly the ability to remove, restore or build new a bigger factory after any disaster predicted or experienced.

Back to Clarke, he also says something about the past worth holding onto: a Bush administration in 2002 blocked efforts to fix infrastructure because it was opposed to big government and fundamentally removed trust in government.

“The kind of things that we need to do now, we could have done 20 years ago. Twenty years ago, however, there wasn’t a real understanding in the Congress or in the White House. There wasn’t a willingness to spend the kind of resources. People were worried about privacy concerns and ‘Big Brother’ controls. They didn’t trust the government to defend them against this sort of thing.”

It resonates with what I remember at the time, when I was doing assessments of woefully insecure American infrastructure (across many US states thousands of power company routers on the Internet using telnet and clear-text scripts). Raising security issues to government level in the late 1990s was met with “let the big banks figure it out, they run the power companies and understand business risk best”.

So this really seems like a great time to remember how the Bush administration absolutely was willing to spend huge resources for big government to start war with Iraq on false pretenses. They pushed hard for that picture, against the fact that puzzle pieces didn’t fit together.

Yet also they ran with the narrative that resources shouldn’t be spent to improve infrastructure/resilience because that would be big government. Instead let the “market” prove it can’t self-regulate, over and over and over again.

American tech is like a never-ending crime thriller, so the really insightful question — in terms of Wittgenstein’s brilliance — becomes whether as investigators we are choosing to be a lofty British Sherlock laying out masterful plans or the more tangible American hard-boiled detective who sticks to the facts.

Have you been to a theater lately? Probably not because of the pandemic, but if you remember when we all used to go (including movie theaters, of course) we would watch performance art and… like it (assuming it was well done and believable, of course).

However, I sure see a lot of people getting very upset about something they call Deepfakes.

Why is there such a disconnect between all the people paying money and spending time to be entertained by the performing arts (the act of information deception) and the people decrying our future will be ruined by Deepfakes (the act of information deception)?

I call this the chasm of information security, which I’ve been sounding the alarm on here and in my presentations around the world since at least 2012. It is the foundation of my new book, which I started writing at that time and has expanded greatly from just a warning call to tangible solutions.

We are long past the time when security professionals should have been talking about the dangers and controls of integrity risks. It is evidence of failure that people can both be entertained by information deception without any worry on one hand and on the other hand decry it as a dangerous future if we allow it to continue.

Is the court jester the end of the kingdom? Obviously not. Is the satirist or political comedian the end of the future? Obviously not.

When an actor changes their voice is it more or less concerning than when they change their appearance to look like the person they are attempting to represent accurately?

Watching a Deepfake for me is like going to the theater or watching a movie and I fear it very little, perhaps because I study intensely all the ways we can protect ourselves against willful harm.

Integrity is a problem, a HUGE problem. Yet let me ask instead why are people so worried that performance art, let alone all art, is being artistic?

A headline like this one is not concerning for me any more than usual:

A college kid’s fake, AI-generated blog fooled tens of thousands. This is how he made it.

“It was super easy actually,” he says, “which was the scary part.”

Yes, a college kid’s fake blog is called Wikipedia. Lots of people with free time on their hands generate fake content there and fool millions. This should not surprise anyone. Using technology to generate the content makes it faster and easier, sure, but it’s not far from the original problem.

The bigger problem is that people don’t often enough describe GPT-3 as a fire-spewing dumpster fire that was created without any sense of fire suppression. It’s a disaster.

Philosophers know this. They write academic papers about the kind of obvious classes of vulnerabilities that engineers should have been modeling from day one if not earlier. Here’s a good example of the kind of thing every security team needs to stick in their quiver:

When I was in Japan trying to solve for information system risks I couldn’t raise insider attacks using the old and usual talking points because everyone there told me dryly that no such thing existed.

Their culture was explained to me as deeply ingrained trust and honor systems such that they confidently believed they could detect any deviations (and hard to argue given how they marched into the room and sat by rank and respect from middle to end of the table, only spoke when allowed).

So instead I watched a history documentary about how Osaka castles had been destroyed by invaders and the next meeting I brought up the dangers of fakes and imposters, deceptive identities inside their organization.

This hit a big nerve.

Suddenly everyone was waving money at me saying take it and help them protect against such imminent dangers. Why was a deep fake so motivating?

It is a massive failing of the security industry how people worry about data integrity and feel afraid like they have no tangible answers, yet they surround themselves with art all day every day and “like” it.

We may in fact have the answers to this failing, and right in front of us.

Again, that’s the chasm of information security today. I hope to explain in great detail what needs to be done about this fear of theater, in my upcoming book.

Few remember how America’s 31 May 1951 OPERATION STRANGLE in the Korean War…

…dropped 600K tons of bombs on DPRK and 2 million civilians perished. It had reverse effect of expected and cauterized resistance.

However, one person who definitely remembered was double-agent for the Soviet Union George Blake, one of the most well-known yet least connected stories to such “cauterized resistance”.

Blake emphasized to the press…

…that he decided to switch sides after seeing civilians massacred by the “American military machine.” “I realized back then that such conflicts are deadly dangerous for the entire humankind and made the most important decision in my life – to cooperate with Soviet intelligence voluntarily and for free to help protect peace in the world”.

Here’s another version of events:

…despatched to Seoul in 1950, to set up an anti-Soviet operation on Moscow’s eastern flank…the North Koreans invaded the South and Blake, like many other western diplomats, was interned – and during his three-year period of captivity he changed sides. George Blake was no “Manchurian Candidate”, tortured and brainwashed into working for the communists while a prisoner of war. it was, he insisted, the spectacle of a helpless civilian population being attacked by mighty US bombers that had changed his world-view: “It made me feel ashamed of belonging to these overpowering, technically superior countries fighting against what seemed to me quite defenceless people.” He quietly informed his KGB captors that he was ready to work for them. In 1953, Blake and his fellow detainees were at last released and he returned to London as an SIS hero.

This UK “hero” was then caught spying for the Soviets (due to a Polish intelligence officer).

The suspected spy was unmasked by a tip from a defecting Polish intelligence officer who told the CIA that two Soviet agents were operating in Britain, one at a royal navy research centre, the other in SIS. They were codenamed Lambda-1 and Lambda-2. Quickly, Lambda-1 was identified as Harry Houghton, but it was months before Blake, then on temporary assignment in Lebanon to learn Arabic, became the prime suspect for Lambda-2.

He confessed and pleaded guilty, was sentenced to a long jail term but soon escaped (with the help of Irish inmates perhaps enamored with Soviet life) from “maximum security” to the open arms of Russia where he continued to intentionally put hundreds of people in harms way.

Dozens are alleged to have been executed in Russia from his actions, and he denied responsibility for their lives while simultaneously taking credit and awards.

He has just died aged 98, feted by Russia.