Category Archives: History

US In Dangerous Slide Back to Secret Wars Doctrine

The Intercept points out that, while public statements are being made about troop draw down and conflict reductions, an actual increase in secret military operations is happening:

On average, more than 4,000 Special Operations forces — Navy SEALs, Army Green Berets, and Marine Corps Raiders among them — are deployed to the region each week, more than anywhere else in the world.

The logic of burying the data on protracted military engagements is not a very well held secret.

“Already we’re not getting answers to basic questions, like who the U.S. has killed and why it hasn’t better protected civilians, and the more the U.S. role is turned over to Special Operations Forces, the CIA, or contractors, the less information the government is going to provide,” Eviatar told The Intercept. “One has to wonder if that isn’t the reason they’re apparently shifting these roles to secret agents whose actions and their consequences the government isn’t required to disclose.”

The increase comes despite direct opposition from special operations command itself.

The breakneck pace at which the United States deploys its special operations forces to conflict zones is taking a toll, their top commander told Congress on Thursday.

Army Gen. Raymond Thomas, commander of U.S. Special Operations Command, called the rate at which special operations forces are being deployed “unsustainable” and said the growing reliance of the U.S. military on its elite troops could produce a dangerous strain.

“We are not a panacea,” he told the Senate Armed Services Committee. “We are not the ultimate solution to every problem, and you will not hear that coming from us.”

While the special operations numbers have swelled to larger than the entire standing army of Germany, and US military leadership says it opposes overuse of special operations, we’re seeing a return to the Reagan-era mistake of expensive unaccountable albatross with little chance of “winning” anything tangible…which sets the US military up for collision in civil relations.

This poses a special risk to healthy civil-military relations because it allows policymakers to avoid justifying or explaining operations publicly. Reliance on special operations also decreases the likelihood of mission success because special operations forces are not designed to win complex campaigns on their own. As Gen. Mark Milley notes, “The one thing [Special Forces] are not designed to do is win a war.”

The MHK airport $16m upgrade was arguably for military brass to use despite nearby military airport that is significantly larger and civilians can’t use because…secret. Photo by me.

It’s only been 44 years since Frank Church created his famous committee on secret wars and alerted the country how they were connected to America spying on Americans.

I’ve also recently given a talk and written about how President Reagan tried to undo and avoid the Church Committee findings, engaging in widespread illegal arms deals for secret wars and perhaps even human trafficking. The lessons from those disasters should not be underestimated, especially as we transition to cyberwar models.

“This cyber environment involves people,” Neal said. “It involves their habits. The way that they operate; the way that they name their accounts. When they come in during the day, when they leave, what types of apps they have on their phone. Do they click everything that comes into their inbox? Or are they very tight and restrictive in what they use? All those pieces are what we look at, not just the code.” […] ISIS was using just 10 core accounts and servers to manage the distribution of its content across the world.

That weakness from lack of segmentation is an efficiency hallmark in small groups. The opposite, funding a market for teams to develop similar tools without allowing them to share resources, is usually considered the kind of model only large organizations would fund.

Very few Americans probably realize how Green Berets were compromising communications networks, including tapping into Internet service providers, to predict movements of suspected political (terror group) leaders and assassinate them.

Even fewer Americans see how that crosses over into the Lyft/Uber business model of surveillance capitalism. And an even smaller group remembers Poindexter well enough to connect the dots here to see a dangerous lack of transparency that should be required as we build new “active defense doctrines” for the Internet.

We can not afford to ignore mistakes of the past on this topic, such as the secret SAS missions, especially when there are emerging opportunities for international security alliances including the Christchurch Call and Monday’s “Joint Statement on Advancing Responsible State Behavior…”.

All members of the United Nations General Assembly have repeatedly affirmed this framework, articulated in three successive UN Groups of Governmental Experts reports in 2010, 2013, and 2015.

Alliances that account for clandestine operations is the smart way to go forward, whereas unaccountable executive-led secret wars would repeat some of the worst past mistakes.

German Prosecutors Bring Criminal Charges Against VW Execs

In a stunning move by German prosecutors, criminal charges have been brought against VW leadership for failing to disclose to shareholders (in a timely fashion) the huge financial risks of cheating diesel emissions tests.

It is certain the team bringing this level of charges against a CEO is very well aware what it means to the German economy; they are doing the right thing anyway.

In fact the American diesel companies effectively ran similar cheats as VW yet, politically speaking, they seem to be facing little or no reaction unless you count some legal wranglings starting in 2018.

…class-action lawsuit filed today accuses Ford and Bosch of knowingly installing emissions-cheating software devices in 2011-2017 Ford 250 and 350 Super Duty diesel pickup trucks, akin to the devices at the center of Volkswagen’s Dieselgate scandal, allowing the affected pickups to pollute at levels up to 50 times legal limits, according to Hagens Berman

In a completely unreported event earlier this year, Ford tried to tell the court their executives are immune to charges of cheating and fraud because “no true defeat device” can be defined.

Thankfully their silly fallacy seems to have been thrown out.

The Court agrees that Plaintiffs’ claims are not contingent on their ability to prove that Ford used defeat devices in its vehicles. […] Ford fails to point out that even if Plaintiffs were no longer able to refer to Ford’s alleged use of defeat devices, Plaintiffs could still succeed with their fraud claims. The true issue with regard to Plaintiffs’ fraud claims is whether or not Ford materially deceived (under the various state laws) its consumers. The Court finds that Plaintiffs have sufficiently stated a claim for fraud, under state laws, without relying on Ford’s alleged use of defeat devices. […] Plaintiffs’ overpayment theory is sufficient to provide standing to sue Bosch LLC because of its role in the use and concealment of a cheat device that allegedly constrained the emissions control system of the vehicles purchased by Plaintiffs.

That’s still a very long way from Ford executives being accountable for anything, let alone facing criminal charges for deceptive practices.

Last time I checked the only CEO scandal at Ford was firing the guy who failed to build electric cars fast enough for market demand after the company proudly removed regulatory requirements to build electric cars faster and quickly destroyed its own fleet of them.

Try to figure that one out.

With the widely promoted news about VW cheating America basically lit a fire under German regulators, while seemingly doing little domestically about the same. Have you heard of any real diesel emission cheating impacts to Ford or GM? And those aren’t the only three. Many car companies were cheating…

The impact to VW has had the perversely competitive effect of passively warning American manufacturers about emissions cheating by making an example of a foreign company that is held back now under real accountability to its regulators.

I’d suggest we consider at this point whether German behavior is some kind of time-capsule from Allied 1940s ethical thinking about doing the right thing, instilled during the Eisenhower occupation of Germany; a mindset sadly that has faded away in modern America.

Imagine today seeing posters like this one that told Americans to read and appreciate black history in order to defeat fascism:

US anti-fascism posters encouraged Americans to read about black history and culture

Industries of Nazi Germany infamously went along willingly with obviously toxic policies of Hitler such as using slaves to build vehicles. Only when bombs were raining down on Nazi car executives’ own heads did change begin, and even then reparations have been slow.

“The ghost of the Third Reich will hang over every Volkswagen car unless the company takes action and provides justice to the thousands of its former slave labourers around the world,” Mr Weiss said.

Some Nazis who experienced the ill-gotten wealth from white-nationalism have even recently said they don’t object to how their company used to engage in slavery to increase their own wealth.

…her remarks that the firm did nothing wrong when it employed 200 forced labourers during World War II were thoughtless. […] Former forced labourers have failed to obtain compensation from Bahlsen in individual lawsuits, with German courts citing statute of limitations laws. […] Verena Bahlsen has also been criticised for boasting about her wealth and love of conspicuous consumption. “I own a fourth of Bahlsen and I am very happy about that. I want to earn money and buy a … yacht,” she said at a business event in Hamburg earlier this month.”

The difference today in Germany, after Allied bombing campaigns cleared the way, seems to be that government prosecutors are in position and willing to go after abusers early, with real authority to hold executives accountable and force their course-corrections.

Google’s Loophole Army Fights “Right to be Forgotten”

Google has successfully defended a plan to keep links in countries other than where people live, as a court has just ruled a citizen’s national right to delete information does not automatically extend to data stored in another country.

“The balance between right to privacy and protection of personal data, on the one hand, and the freedom of information of internet users, on the other, is likely to vary significantly around the world,” the court said in its decision.

The court said the right to be forgotten “is not an absolute right.”

This ruling allows narrow legal loopholes for Google similar to how they avoid national tax requirements, rotating a global identity among Ireland, the Netherlands, and Bermuda.

While the EU has successfully upheld privacy as a human right (“UDHR Article 12. No one shall be subjected to arbitrary interference with his privacy…”), which is showing signs of being adopted by US states, Google is litigating for ways to delay or deny link deletion as part of that right.

And while I’m not a lawyer, I’m told the Court technically has stated there still can be a global application if ordered by the supervisory authority, but it is no longer considered an “automatism”.

The positive spin for the loophole is that Google doesn’t have to abide by a citizen’s request to be forgotten, even if that citizen has an entire nation backing their request as a legal one. Surveillance capitalism having a lack of responsibility to human rights means more money in Google’s pocket, just like if they avoid paying taxes or walk away from any other social-good contract that local markets require of them. In its most charitable light, a mechanism for preserving information against someone’s wishes could be justified if data loss would cause harms.

This, however, is not that case as the “loss” would be revenues Google wants to realize without getting authorization by owners of assets/data. Google litigates this as a “responsible actor” for preservation of data against censorship to appear interested in freedom of speech, yet there are far better ways to avoid censorship than litigating loopholes and havens for advertising revenue databases.

The negative spin for the loophole is that Google is using its ad-revenue warchest to fund its role as a freeloader, using infrastructure and collecting data in order to create high-walled hiding places where they can charge access. This is not unlike the colonial model designed to embed local “business networks” for exploitation and expropriation (theft) of local assets to remote locations to be held against the wishes of creators and owners.

Did the French or British ever argue its museum collections are really preserving speech against censorship in nations they colonized? Asking for a friend who worries their high salary at Google is dirty money.

…thousands of African cultural artifacts taken during the colonial period to be returned to their respective countries, if requested.

1985 TWA Hijacker Wasn’t Arrested on Greek Island

Update September 22:

“Man arrested in Greece had nothing to do with 1985 hijacking and murder, victim’s brother tells Military Times


The FBI most wanted list since 2006 has included Mohammed Ali Hammadi, a Lebanese member of the Iranian-backed terror group Hezbollah. A $5m bounty was posted in 2007.

A TWA Boeing 727 flight in 1985 was hijacked by him and his associates, who assaulted passengers and crew members for 17 days. They also murdered a US citizen, Navy Diver Robert Dean Stethem.

[Pilot] Testrake’s urgent message to the Beirut control tower was broadcast around the world: “We must, I repeat, we must land, repeat, at Beirut. . . . Ground, TWA 847, they are threatening to kill the passengers, they are threatening to kill the passengers. We must have fuel, we must get fuel. . . . They are beating the passengers, they are beating the passengers.”

ABC News Nightline: Hijacking of TWA 847 14 June 1985

These hijackers demanded release of all Arab prisoners, particularly the over 700 Lebanese and Palestinians that were held by Israel in southern Lebanon (related to Reagan’s 1983 “aggressive self-defense” policy and the suicide bombing of US Embassy in Beirut).

Today Greek police announced on the island of Mykonos they had taken action two days ago on September 19th based on a warrant issued by German authorities:

…several Greek media outlets identified the detainee as Mohammed Ali Hammadi, who was arrested in Frankfurt in 1987 and convicted in Germany for the plane hijacking and Stethem’s slaying. Hammadi, an alleged Hezbollah member, was sentenced to life in prison but was paroled in 2005 and returned to Lebanon.

Germany had resisted pressure to extradite him to the United States after Hezbollah abducted two German citizens in Beirut and threatened to kill them.

He disembarked from a Turkish cruise ship and was held at island passport control. It appears to have been the result of a routine database check on tourists, during the peak cruise ship month for Mykonos (handling over 700,000 cruise passengers in 2019).

How could he be free and vacationing freely in Greece? Ronald Reagan, as mentioned earlier, failed in 1987 to convince Germany to extradite Hammadi. Germany instead by 1989 tried and convicted the terrorist of murder among other crimes (he had been caught walking liquid explosives through the Frankfurt airport) and put him away with a life sentence.

Then the sentence ended early in 2005 and Hammadi was escorted by Germany back to Beirut aged 41 (President Bush failed to extradite him). This prompted his placement on the FBI list for a decades-long hunt as he apparently enjoyed his freedom.

Conservative pundits in 2010 promoted a “Pakistani source” that the CIA killed Hammadi with a drone strike. So there’s still a chance reports today are wrong. Greek police news, for example, described the arrested man as aged 65. Hammadi would be 55 now (41 in 2005).

Apple Concedes in Right-to-Repair Fight

There are a lot of ways to tell this story about Apple allowing people to repair devices at a shop not owned and operated by Apple. It’s a wise move and here’s a personal anecdote why I would say so.

Nearly 25 years ago I worked as an authorized Apple repair engineer. I’d pore over videos sent to the independent repair shop I worked in. High-quality productions on CD from the manufacturer gave me x-ray vision, to see every step of decomposing and assembling Apple hardware.

In one hilarious day at work I was tossed a broken Apple product at noon by my manager and told to have it sorted out over lunch. Soon I had every screw and nut carefully removed down to the last one, parts laid out across the giant work space.

That means I did not just pull a part and replace using the “consumer-friendly” method of preset tabs and levers, common in today’s world. Instead I took apart, tested and rebuilt that device to be like new, given a carefully orchestrated training model from Apple themselves.

I said hilarious because when my manager returned from lunch he said “Damnit Davi, just pull a bad part and swap it. Do you have to understand everything? You could have joined us for lunch.”

Feed belly or mind? The choice for me was clear. He didn’t much care for the fact that I had just finished academic studies under Virgil’s Georgics (29 BCE) phrase “Rerum cognoscere causas” (verse 490 of Book 2 “to Know the Causes of Things”)

Sometimes I even put a personal touch on these repairs. One Apple laptop sent by the DoD was used in GPS development for strike fighters, so I made its icon for the system drive look like a tiny F-16 Falcon.

The generic Apple MacOS environment as it shipped

An appreciation for that extra effort meant a nice note from the US gov on formal stationary. Apple wanted computing to be “personal” and that is exactly what repair shops like ours were doing for customers.

Three years later I was managing a team of engineers who would desolder boards and update individual chips. As good and efficient as we were, however, everyone knew there was an impending slide into planned obsolescence economic models. Accountants might have asked us how many Zenith TV repair technicians exist, given Zenith itself disappeared. Remember these?

Zenith TV were meant to be kept for generations and repaired by local electronics experts, if not yourself

Profit models on the wall seemed to rotate towards shipping any malfunctioning products back to manufacturers, who would forward them to Chinese landfills for indefinite futures, instead of to engineers like me or my team who would gladly turn them around in a week.

Anyway it was 2010 when I owned an Apple iPhone. It died abruptly. Locked out of repairing it myself by the company policy, I took it to a desk in their billboard-like sensory-overload retail/fashion store.

An Apple employee looked at the phone and told me a secret sensor showed red, so no warranty would be honored. There had been no moisture I was aware of, yet Apple was telling me I couldn’t return my dead device because they believed that faulty device more than me?

Disgusted with this seemingly illegal approach to warranty issues, I quickly and easily disassembled that iPhone, replaced their faulty red sensor with a new one, and returned again. Apple confirmed (as a stupid formality) the new sensor wasn’t showing red, and gladly swapped the phone with a brand new one instead of repairing mine.

I wasn’t wrong, their inability to engineer honestly was…as they were forced to admit three years later:

…owners that were denied warranty repairs over internal moisture sensors that falsely registered water damage are a step closer to collecting their share…

Immediately after they swapped my defective phone I sold the new one and stopped using any Apple products, as I announced in my HOPE talk that year.

Good news, therefore, that today Apple finally has gone back to a mode of operating that honors the important consumer right-to-repair, as Vice reports:

After years of fighting independent repair, Apple is rolling out a program that will allow some independent companies to buy official parts, repair tools, and diagnostic services outside of the company’s limited “authorized” program. It’s a big win for the right to repair movement…

I’ve written about this on my blog for nearly 15 years already, so it’s encouraging to see progress even if it does come late.

RIP Senator Wellstone.

Database Authentication Setting Leads to Arrest

Cloud-hosted data sadly has been turning out to be more prone to breach than those run in a traditional private architecture, and now people are facing arrest for using database products without authentication enabled.

It’s a bitter pill for some vendors to swallow as they push for cloud adoption and subscriptions to replace licensing. Yet we published a book in 2012 about why and how this could end up being the case and what needed to be done to avoid it.

Despite our best warnings we have watched ransomware emerge as a lucrative crime model. Software vendors have been leaving authentication disabled by default, hedging on even the most basic security tenets as “questioned” or delayed. Unfortunately this meant since at least 2015 private data ended up being widely exposed all over the Internet with little to no accountability.

Cloud made this problem even worse, as we wrote in the book, because by definition it puts a database of private information onto a public and shared network, introducing the additional danger of “back doors” for remote centralized management over everything.

Take for example today on the Elasticsearch website you see an obvious lack of security awareness in their service offering self-description:

Known for its simple REST APIs, distributed nature, speed, and scalability, Elasticsearch is the central component of the Elastic Stack, a set of open source tools for data ingestion, enrichment, storage, analysis, and visualization.

They want you to focus on: Simple. Distributed. Fast. Scalable.

Safe? The most important word of all is missing entirely.

Normal operations must include safety, otherwise the products should fail any “simple” test. Is a steam engine still allowed to be defined as “simple” if use means a good chance of burning the entire neighborhood down?

Hint: The answer is no. If you have high risk by default, you don’t have simple. And “distributed, fast, scalable” become liabilities like how a dangerous fire spreads, not benefits.

Should vendors be allowed to sell anything called “simple” or easy to use unless it specifically means it is safe from being misconfigured in a harmful manner? For databases that deploy to cloud that means authentication must be on by default, no?

Ecuador quickly has leaped into global leadership on this issue by raiding the offices of an Elasticsearch customer and arresting an executive who used a big data product simply configured to be unsafe.

Ecuadorian authorities have arrested the executive of a data analytics firm after his company left the personal records of most of Ecuador’s population exposed online on an internet server.

[…]

According to our reporting, a local data analytics company named Novaestrat left an Elasticsearch server exposed online without a password, allowing anyone to access its data.

The data stored on the server included personal information for 20.8 million Ecuadorians (including the details of 6.7 million children), 7.5 million financial and banking records, and 2.5 million car ownership records.

The primary question raised in the article is how such a firm ended up with the data, as it wasn’t even authorized.

Yet that question may have a deeper one lurking behind it, because database vendors failed to enforce authentication it undermines any discussion of authorization. Could Ecuador move to ban database vendors that make authentication hard or disabled by default?

A hot topic to explore here is what vendors did over the past seven years to prevent firms like the one in this story from ending up with data in the first place, as well as preventing further unauthorized access to the data they accumulated (whether with or without authorization).

A broad investigation of database defaults could net real answers for how Ecuador, and even the whole world, can clarify when to hold vendors accountable for ongoing security baseline errors that are now impacting national security, highlighting the true economics of database privacy/profit.


Update October 2019: An unprotected Elasticsearch cluster contained personally identifiable information on 20 million Russian citizens from 2009 to 2016.

Margaret Mead and Me

When I was a child, visiting an anthropology conference, Margaret Mead had me sit on her lap. My recollection is vague yet always is flavored by my mother telling me Mead asked me questions and wanted to know how I would evolve with two anthropologists as parents.

If Mead were alive today I’d maybe disappoint her to admit I strayed from anthropology into being a student of history instead. And I might defend my choice by telling her it helped me better understand stories she told such as this one:

Anthropological Intelligence, David Price, page 287

It surely sounds good for anthropologists to say they were engaged in a form of historic exceptionalism by serving to defeat fascism in the 1940s. However, historians probably could disagree with that framing and say an eternally valid moral choice was being made more than an historic one.

To be fair, she earlier had famously said:

Children must be taught how to think, not what to think. They must be taught that many ways are open to them.

The question then seems to be whether we can or would want to restrict “ways” for people (even anthropologists, or sons of anthropologists) by teaching how to think.

Who reasonably would predict (based on history) where a child will lead in the future? And I guess that was the point of Mead having me sit on her lap for questioning.

Take Your Bike Helmet Off and Hold Cars Accountable

There’s a new first-person account in the New Yorker of some cultural differences between cycling in Holland and America:

Angela van der Kloof, a cycling expert and project leader with the Delft mobility consultancy Mobycon, told me, “From a young age in the Netherlands, we’re trained to take note of others. Not by a teacher but by the way we do things. I think we are very much used to physical negotiation.” Dutch people live in small houses, ride on crowded trains, and generally jostle against one another—the Netherlands has the sixteenth-highest population density in the world. Navigating complicated traffic situations, calmly and systematically, came naturally to our neighbors.

The key to this story is actually how Dutch women had the power to organize and campaign for protecting children from being murdered by people operating cars:

With cars came carnage. In 1971 alone, thirty-three hundred people—including more than four hundred children—were killed on Dutch roads. A number of organizations, including a group named Stop de Kindermoord, or Stop the Child Murder, began agitating to take the streets back from automobiles.

Contrast this story with America, where cars are treated like guns and operators are allowed to commit indiscriminate murder as an expression of an individual’s power over society, which Next City has explained in qualitative examples:

Morgan stayed in the intensive care unit for another month. For the first two weeks, the doctors weren’t positive she would survive. By the end of it all, medical expenses totaled more than $500,000.

“I was scared to death,” says her husband, David Morgan.

His fear would soon turn to anger when he realized that local police had no interest in pursuing charges against the woman who nearly killed his wife. After the State Highway Patrol’s investigation concluded that there were no grounds for felony charges, the district attorney also demurred from pressing charges.

“As far as the state of Mississippi goes, you could be an armadillo hit on the road, and the state treats you just the same as a… cyclist,” Morgan says.

What the New Yorker article about cycling in Holland misses entirely, ironically, is that the density of crowds cited by those living in Holland is not a sufficient ingredient on its own. Next City explains this using NYC quantitative data. Clearly NYC is an American city where people also are used to physical negotiation:

Consider crash data from New York City, which has installed more than 350 miles of bike lanes. There were 14,327 pedestrian and cyclist injuries in 2012 as a result of vehicle crashes, but police cited only 101 motorists with careless driving, a rate of less than 1 percent.

The actual difference is thus not growing up in density, but rather the levels of political engagement by women.

Cycling historically has been described as an independence movement for women, which should put male-dominated legislative action impeding people cycling in its proper perspective. Also women cyclists in America tend to be more at risk from cars and thus more likely to design safety infrastructure, as drivers put them more at risk:

“What we found was that female cyclists had a significantly different experience riding than the male riders did. … Female riders tend to have more aggressive interactions with drivers than male riders did.” …researchers found — no surprise — that protected bike lanes offered the best protection. Cars stayed an average 7.5 feet from cyclists cruising along a bike lane separated from traffic by bollards. No bike lanes, more close calls.

A campaign like “Stop de Kindermoord, or Stop the Child Murder” emphasizes the rights of children to live free from harm by adults in cars. America is about as likely to see a campaign like that succeed as elect a woman President instead of a man repeatedly accused of harming children for his self-benefit.

Don’t forget, America remains the only country in the world that has failed to sign the Convention on the Rights of the Child.

Holding cars accountable for killing cyclists and pedestrians would be like Epstein going to jail decades ago for harming children, yet instead he was seen free and partying freely with the White House Occupant.

The bottom line is that the safety of roads is about political power. That is why putting on helmets is the wrong answer. When cycling below 12 mph, which is the vast majority of commuter cyclists, the right answer is to place responsibility of safety upon those operating heavily armored machinery.

In a world where others may be harmed by their actions, machine operators must be accountable. If you think this is foreshadowing the problem of holding drone owners responsible for killing people, you are right.

Bay Area Bicycle Law points out that from 2013 to 2017 3,958 Cyclists have died across the U.S. for an average of 792 each year. 98% (777 of the 792) were in accidents with motor vehicles and 83% of cyclists had helmets on when they were murdered.

Let me say that again, 98% were in accidents with motor vehicles and a whopping 83% died with helmets on. Do you see the problem?

California, with far less density than NYC or Holland, repeatedly has opposed helmet laws and for the right reasons (same as in Holland).

Peter Jacobsen, a Sacramento-based public health consultant, believes helmet laws may make streets less safe for cyclists. Australia and New Zealand recently introduced compulsory helmet laws, and bike use fell by 33 percent, he said. Numerous reports have found that cycling conditions improve with more riders on streets. By reducing the number of cyclists through helmet laws, conditions actually get more dangerous.

He also said studies have shown that motorists drive closer to cyclists with helmets on, and that helmets only reduce minor injuries, not fatalities. “Bike helmets are padding; they’re not armor,” he said.

Cars are armor. If cyclists put on armor, they’d be a car.

Not only do helmet laws decrease cycling by a significant amount, they do not show any real decrease in the death rate. In other words, data repeatedly shows how helmets impede cycling and thus make it less safe for the vast majority of cyclists.

Exceptions do exist and are important: habitually unsteady high-risk riders such as children and racers. These exceptions are easily handled, however, such as requiring helmets to compete in a race where contestants will gladly abide for the chance of winning.

The right formula is encourage more cyclists operating at speeds averaging below 12 mph in physically separated lanes, with NO adult requirement for helmets, and strict accountability for those who operate heavy (i.e. dangerous) machinery in the midst. Protecting the vulnerable shouldn’t be that difficult to figure out for our streets.

The fact that Holland has effectively already done it (as well as Denmark, Sweden, etc.) means America is running out of excuses to justify murderous drivers, as “A view from the cycle path” has illustrated quite simply:

“The absolute number of child fatalities dropped by 98% over a period of time when the population size and the proportion of trips made by bicycle both rose significantly.”

The answer to the problem of cars killing cyclists is directly related to how the American political system allows care and consideration for vulnerable populations at risk of being harmed due to a weapon authorization for individuals.

We need to be intelligent enough to start the move away from these American headlines:

Which means sites like Twitter need to recognize the harm from its role in peddling active calls to use cars to murder non-whites, and how this propaganda relates to “Republicans want to legalize running over pedestrians“:

…state Rep. Keith Kempenich, perversely suggested that shielding drivers who kill protesters was a necessary anti-terrorism measure.

All that being said, there recently have been at least two notable exceptions to the sad state of weaponized roadways in America:

  1. White supremacist use of car as weapon. Found guilty of first-degree murder
  2. Driver charged with intent to kill. 5 cyclists dead

What the Bird Said Early in the Year

Recently I was fortunate to have a gate unlocked that led onto grounds of Magdalen College, Oxford, England for a stroll along the “Addison Walk” around a small island in the River Cherwell.

A paragraph in the 1820 topographical guide to Oxford gives some perspective on the walk’s namesake (page 85):

On the north side of the grounds is a long walk, still termed Addison’s walk, once the chosen retreat of that writer, when intent on solitary reflection. In its original state no spot could be better adapted to meditation, or more genial lo his temper.

Shield of C.S. Lewis’ 1938 poem
No monuments to Addison were found along this walk, although apparently the Spanish oaks famously lining both sides were planted by Addison himself.

As I exited the secluded leafy path and crossed a bridge I couldn’t help but notice an engraved shield of C. S. Lewis placed upon on an old stone wall.

Lewis seemingly wrote this poem to contrast his faith in eternity with his disappointments in a series of ephemeral life events. Despite the age and environment of the poetry, I believe it provides excellent food for thought in our modern era of cloud computing.

I heard in Addison’s Walk a bird sing clear:
This year the summer will come true. This year. This year.

Winds will not strip the blossom from the apple trees
This year nor want of rain destroy the peas.

This year time’s nature will no more defeat you.
Nor all the promised moments in their passing cheat you.

This time they will not lead you round and back
To Autumn, one year older, by the well worn track.

This year, this year, as all these flowers foretell,
We shall escape the circle and undo the spell.

Often deceived, yet open once again your heart,
Quick, quick, quick, quick! – the gates are drawn apart.

It is said that in this poem Lewis was describing his feelings from taking walks along this same Oxford path I was on, where he engaged in deep philosophical/theological conversations with his “inklings” colleagues J.R.R. Tolkein and Hugo Dyson.

While some try to limit the poem’s relevance to Lewis’ own religious struggles (raised a Christian, after the death of his mother and in his teens he left the faith disappointed and rebellious, then returned later to his roots) his words seem much more broadly insightful.

If nothing else, we can recognize Lewis experienced many trust failures as he grew up, which tested his faith. This poem emphasizes how repeated failures need not be seen as terminal when belief matures to account for greater good. He found permanence by believing operations run on something beyond each instance itself.

Perhaps I should re-frame his poem in terms of a certain “open-source container-orchestration system for automating deployment, scaling and management”…and then we’ll talk about what the container said early in the deployment.

US Senator Argues for Jailing Facebook Execs

From a recent interview with Oregon’s Senator Wyden

Mark Zuckerberg has repeatedly lied to the American people about privacy. I think he ought to be held personally accountable, which is everything from financial fines to—and let me underline this—the possibility of a prison term. Because he hurt a lot of people. And, by the way, there is a precedent for this: In financial services, if the CEO and the executives lie about the financials, they can be held personally accountable.

Often in 2018 I made similar suggestions, based on the thought that our security industry would mature faster if a CSO personally can be held liable like a CEO or CFO (e.g. post-Enron SOX requirements):

And at Blackhat this year I met with Facebook security staff who said during the 2016-2017 timeframe the team internally knew the severity election interference and were shocked when their CSO failed to disclose this to the public.

Maybe the Senator putting it all on the CEO today makes some sense strategically…yet also begs the question of whether an “officer” of security was taking payments enough to afford a $3m house in the hills of Silicon Valley while intentionally withholding data on major security breaches during his watch?

Given an appointment of dedicated officer in charge of security, are we meant to believe he was taking a big salary only to be following orders and not responsible personally? Don’t forget he drew press headlines (without qualification) as an “influential” executive joining Facebook, while at the same time leaving Yahoo because he said he wasn’t influential.

To be fair he posted a statement explaining his decision at the time, and it did say that safety is the industry’s responsibility, or his company’s, not his. Should that have been an early warning he wasn’t planning to own anything that went awry?

I am very happy to announce that I will be joining Facebook as their Chief Security Officer next Monday…it is the responsibility of our industry to build the safest, most trustworthy products possible. This is why I am joining Facebook. There is no company in the world that is better positioned to tackle the challenges…

There also is a weird timing issue. The start to the Russian campaign is when Facebook brings on the new CSO. Maybe there’s nothing to this timing, just coincidence, or maybe Russians knew they were looking at an inexperienced leader. Or maybe they even saw him as “coin-operated” (a term allegedly applied to him by US Intelligence) meaning they knew how easily he would stand down or look away:

  1. June 2015: Alex Stamos abruptly exits his first ever CSO role after failing to deliver on year-old promises of end-to-end encryption, and also failing to disclose breaches**, to join Facebook as CSO. Journalists later report this as “…beginning in June 2015, Russians had paid Facebook $100,000 to run roughly 3,000 divisive ads to show the American electorate”
  2. October 2015: Zuckerberg tries to shame outside critics/investigators and claim no internal knowledge… “To think it influenced the election in any way is a pretty crazy”
  3. January 2017: US Intelligence report conclusively states Russia interfered in 2016 election
  4. July 2017: Facebook officially states “we have seen no evidence that Russian actors bought ads on Facebook”
  5. September 2017: Facebook backtracks and admits it knew (without revealing exactly how soon) Russian actors bought ads on Facebook
  6. September 2017: Zuckerberg muddies their admission by saying “…investigating this for many months, and for a while we had found no evidence of fake accounts linked to Russia running ads”, which focuses on knowledge of fake accounts being used, rather than the more important knowledge Russia was running ad campaigns
  7. September 2017: Zuckerberg tries to apologize in a series of PR moves like saying “crazy was dismissive and I regret it” and asking for forgiveness
  8. October 2017: Facebook’s Policy VP issues a “we take responsibility” statement
  9. October 2017: Facebook admits 80,000 posts from 2015 (i.e. from when Stamos started as CSO) all the way to 2017 (i.e. when Stamos was still CSO) reached over 120 million people. Stamos brands himself both as the influential officer in charge of uncovering harms yet also a wall flower paid an officer salary to not speak out. It does somehow come back to the point that the Russian Internet Research Agency allegedly began operations only after Stamos’ joined. Even if it started before, though, he definitely did not disclose what he knew when he knew it. His behavior echoes a failure to disclose massive breaches while he was attempting his first CSO role in Yahoo! (see step 1 above)

Given the security failures from 2015 to 2017 we have to seriously consider the implications of a sentence that described Stamos’ priors, which somehow are what led him into being a Facebook CSO

At the age of 36, Stamos was the chief technology officer for security firm Artemis before being appointed as Yahoo’s cybersecurity chief in March 2014. In the month of February, Stamos in particular clashed with NSA Director Mike Rogers over decrypting communications, asking whether “backdoors” should be offered to China and Russia if the US had such access.

There are a couple problems with this paragraph, easily seen in hindsight.

First, Artemis wasn’t a security firm in any real sense. It was an “internal startup at NCC Group” and a concept that had no real product and no real customers. As CTO he hired outside contractors to write software that never launched. This doesn’t count as proof of either leadership or technical success, and certainly doesn’t qualify anyone to be an operations leader like CSO of a public company.

Second, nobody in their right mind in technology leadership let alone security would ask if China and Russia are morally equivalent to the United States government when discussing access requests. That signals a very weak grasp of ethics and morality, as well as international relations. I’ve spoken about this many times.

If the U.S. has access it in no way has implied other governments somehow morally are granted the same access. Moreover it was very publicly discussed in 2007 because Yahoo’s CEO was told to not give the Chinese access they requested (when Stamos was 28):

An unusually dramatic congressional hearing on Yahoo Inc.’s role in the imprisonment of at least two dissidents in China exposed the company to withering criticism and underscored the risks for Western companies seeking to expand there. “While technologically and financially you are giants, morally you are pygmies,” Rep. Tom Lantos (D., Calif.)

If anything these two points probably should have disqualified him to become CSO of Facebook, and that’s before we get into his one-year attempt to be CSO at Yahoo! that quickly ended in disaster.

In 2014, Stamos took on the role of chief information security officer at Yahoo, a company with a history of major security blunders. More than one billion Yahoo user accounts were compromised by hackers in 2013, though it took years for Yahoo to publicly report…Some of his biggest fights had to do with disagreements with CEO Marissa Mayer, who refused to provide the funding Stamos needed to create what he considered proper security…

Let me translate. Stamos joined and didn’t do the job disclosing breaches because he was campaigning for more money. He was spending millions (over $2m went into prizes paid to security researchers who reported bugs). While his big-spend bounty-centric program was popular among researchers, it didn’t build trust among customers. This parallels his work as CTO, which didn’t build any customer trust at all.

The kind of statements Stamos made about Artemis launching in the future (never happened) should have been a warning. Clearly he thought taking over a “dot secure” domain name and then renting space to every dot com in the world was a lucrative business model (it wasn’t).

I’m obviously not making this up as you can hear him describe rent-seeking with a straight face. His business model was to use a private commercial entity to collect payments from anyone on the Internet in exchange for a safety flag to hang on a storefront, in a way that didn’t seem to have any fairness authority or logical dispute mechanism.

Here is a reporter trying to put the scheming in the most charitable terms:

In late 2010, iSEC was acquired by the British security firm, NCC Group, but otherwise the group continued operating much as before. Then, in 2012, Stamos launched an ambitious internal startup within NCC called Artemis Internet. He wanted to create a sort of gated community within the internet with heightened security standards. He hoped to win permission to use “.secure” as a domain name and then require that everyone using it meet demanding security standards. The advantage for participants would be that their customers would be assured that their company was what it claimed to be—not a spoof site, for instance—and that it would protect their data as well as possible. The project fizzled, though. Artemis was outbid for the .secure domain and, worse, there was little commercial enthusiasm for the project. “People weren’t that interested,” observes Luta Security’s Moussouris, “in paying extra for a domain name registrar who could take them off the internet if they failed a compliance test.”

Imagine SecurityScorecard owning the right to your domain name and disabling you until you pay them to clean up the score they gave you. Dare I mention that a scorecard compliance engine is full of false positives and becomes a quality burden that falls on the companies being scanned? Again, this was his only ever attempt at being a CTO (before he magically branded himself a CSO) and it was an unsuccessful non-starter, a fizzle, a dud.

From that somehow he pivoted into a publicly traded company as an officer of security. Why? How? He abruptly quit Artemis by taking on a CSO role at Yahoo, demanding millions for concept projects more akin to a CTO than CSO. He even made promises upon taking the CSO role to build features that he never delivered. Although I suppose the greater worry still is that he did not disclose breaches.

It was after all that he wanted to be called CSO again, this time at Facebook. That is what Wyden should be investigating. I mean I’m fine with Wyden making a case for the CEO to be held accountable as a starting point, the same way we saw Jeff Skilling of Enron go to jail.

It makes me wonder aloud again however if the CFO of Enron, Andrew Fastow, pleading guilty in 2004 to two counts of conspiracy to commit securities and wire fraud…is an important equivalent to a CSO of Facebook pleading guilty to a conspiracy to commit breach fraud.

Stamos says he deserves as much blame as anyone else for Facebook being slow to notice and stamp out Russian meddling in the 2016 presidential election

Ironically Stamos, failing to get anywhere with his three attempts at leadership (Artemis, Yahoo and Facebook) has now somehow reinvented himself (again with no prior experience) as an ethics expert. He has also found someone to fund his new project to the tune of millions, which at Blackhat some Facebook staff reported to me was his way to help Facebook avoid regulations by laundering their research as “academic”.

It will be interesting to see if Wyden has anything to say about a CSO being accountable in the same ways a CFO would be, or if focus stays on the CEO.

In any case, after a year of being CSO at Yahoo and three years of being CSO at Facebook, Stamos’ total career amassed only four years as a head of security.

Those four years unmistakably will be remembered as one person who sat on some of the biggest security operations lapses in history. And his 2015 tout he was taking an officer role because “no company in the world is better positioned” to handle challenges of safety continues to produce this legacy instead:

Another month, another Facebook data breach.

Or to put it another way, here is how outside investigators described the Facebook CSO legacy:

Paul-Olivier Dehaye, a data protection specialist, who spearheaded the investigative efforts into the tech giant, said: “Facebook has denied and denied and denied this. It has misled MPs and congressional investigators and it’s failed in its duties to respect the law.

“It has a legal obligation to inform regulators and individuals about this data breach, and it hasn’t. It’s failed time and time again to be open and transparent.”


** The Class-action lawsuit against Yahoo security practices under Stamos provides the following timeline:

2014 Data Breach: In November 2014, malicious actors were able to gain access to Yahoo’s user database and take records of approximately 500 million user accounts worldwide. The records taken included the names, email addresses, telephone numbers, birth dates, passwords, and security questions and answers of Yahoo account holders, and, as a result, the actors may have also gained access to the contents of breached Yahoo accounts, and thus, any private information contained within users’ emails, calendars, and contacts.

2015 and 2016 Data Breach: From 2015 to September 2016, malicious actors were able to use cookies instead of a password to gain access into approximately 32 million Yahoo email accounts.


Update September 7th, 2019:

In another meeting with ex-Facebook staff I was told when “CEO and CSO are nice people” that should mean they don’t go to jail for crimes, because nice people shouldn’t go to jail.

This perspective has me wondering what the same people would say if I told them Epstein had a lot of friends who said he was nice. I mean their “nice” get out of jail free card suggests to me some kind of context change might help.

I will raise the issue in my CS ethics lectures first using an example outside the tech industry: Should the captain of sunken ship face criminal investigation for saving self as 34 passengers died in an early morning fire? Then I will ask about behavior of the CSO on deck during Yahoo and Facebook breaches.