History, Security

Origins of “Information Security”

Leave a comment

I’ve promised for a while, years really, to write-up the etymology of the word “hacker”. This always is a popular topic among the information security crowd. Although I regularly talk about it at conferences and put it in my presentations, the written form has yet to materialize.

Suddenly I instead feel compelled to write about a claim to the origins of the phrase “information security”. Credit goes to the book “Code Girls” by Liza Mundy, a bizarrely inaccurate retelling of cryptography history. While I don’t mind people throwing about theories of why hacker came to be a term, for some reason Mundy’s claim about “information security” shoves me right to the keyboard; per her page 20 Introduction to the topic:

[The 1940s] were the formative days of what is now called “information security,” when countries were scrambling to develop secure communications at a time when technology was offering new ways to encipher and conceal. As in other nascent fields, like aeronautics, women were able to break in largely because the field of code breaking barely existed. It was not yet prestigious or known. There had not yet been put in place elaborate systems of regulating and credentialing–professional associations, graduate degrees, licenses, clubs, learned societies, accreditation–the kinds of barriers long used in other fields, like law and medicine, to keep women out.

First of all, the reader now expects to see evidence of these “elaborate systems of regulating and credentialing” with regard to information security. I suspect Mundy didn’t bother to check the industry because there are none. Quite the opposite, the CISSP is regularly bashed as entry-level and insufficient proof of information security qualification, and experts regularly boast of having orthogonal degrees or none at all.

Second, she’s contradicting her own narrative. Only a page earlier she’s holding the field of code breaking as “storied British operation that employed ‘debs and dons’: brilliant Oxford and Cambridge mathematicians and linguists–mostly men, but also some women…”. So which is it? Information security was not prestigious and known, or it was a “storied” field of the highest caliber schools?

As an aside I also find it frustrating this book about recognizing women of code breaking calls Bletchley “mostly men, but also some women”. The British operation was resistant at first to women and the same dynamics as in the US shifted the balance, as the site itself will tell you:

The Bletchley Park codebreaking operation during World War 2 was made up of nearly 10,000 people (about 75% of this number was women). However, there are very few women of that are formally recognised as cryptanalysts working at the same level as their male peers.

Mundy dismisses this as “…there also were thousands of women, many from upper-class families, who operated ‘bombe’ machines…” almost as if she’s buying into a boorish and misogynist narrative dismissing the code breaking capabilities as “some women” and tossing out the rest as a bunch of wealthy knob turners. Who does she think went to Oxford and Cambridge? Meanwhile Bletchley historians tell us about the women “codebreaking successes and contribution to the Battle of Cape Matapan, which put the Italian Navy out of World War 2”.

Mundy also gives credit only to the British operation for breaking Enigma, which is patently false history as I’ve written about before.

So, third, she mentions the US resurrected its code breaking from WWI. This punches a hole through her theory that information security origin was 1940s. Not only does a link to WWI indicate the field is older, it begs the question why she would even suggest such a late start date when there are also sources linking it to the US Civil War and earlier?

Enigma cracking started at the end of WWI and the Polish put their top mathematicians on it because they recognized relevance to the threat from a neighboring state, as history tends to repeat. The British focused on Spanish and Italian code-breaking in the 1930s because Franco and Mussolini were more interesting to them as threats to their domain. Mundy hints at this on page 14 when she admits information security students of the 1940s relied on earlier work:

The instructors would be given a few texts to jump-start their own education, including a work called Treatise on Cryptography, another titled Notes on Communications Security, and a pamphlet called The Contributions of the Cryptographic Bureaus in the World War–meaning World War I…

Anyway, aside from these three fundamental mistakes, a core piece missing from her analysis is that the US fell behind on code breaking and had to catch up because of isolationist tendencies as well as white supremacists in the US pressuring their country to remain neutral or even assist with Nazi aggression. Mundy mentions this briefly on page 13 and sadly doesn’t make the political connections.

[Captain, U.S.N. Laurance Frye] Safford elaborated on the qualifications they wanted by spelling out the kind of young women the Navy did not want. “We can have here no fifth columnists, nor those whose true allegiance may be to Moscow,” Safford wrote. “Pacifists would be inappropriate. Equally so would be those from persecuted nations or races–Czechoslovakians, Poles, Jews, who might feel an inward compulsion to involve the United States in war.”

Again Mundy is citing information security field expertise that existed long before the 1940s. And you have to really take in the irony of Safford’s antisemitism and political position here given that it comes after Polish cryptographers already had cracked Enigma and were the foundation to Bletchley Park focus on German cryptography. Further to the point, as the NSA history of Safford claims, he saw himself as the person who actively tried to involve the United States in war.

He recognized the signs of war that appeared in the diplomatic traffic, and tried to get a warning message to Pearl Harbor several days before the attack, but was rebuffed by Admiral Noyes, the director of Naval communication.

Several days. A bit late Safford. Imagine how many years of warning he might have had if he hadn’t demanded “persecuted nations or races” be excluded from information security roles.

America was behind because it didn’t perceive itself a persecuted nation, it failed to expend resources on information security in a manner commensurate with the risk. There were pro-Nazi forces actively attempting to undermine or sabotage the US feedback loops by pushing a head-in-sand “neutrality” position all the way to Pearl Harbor.

By the time these “America First” agents of Nazi Germany were exposed and incarcerated, women simply offered a more available home front resource compared with men abruptly being sent to fight in field (same as in Britain, France, Poland etc). Of course women were as good if not better than the men. It was procrastination and the pre-war political position to allow aid Nazi Germany (GM, Standard Oil, etc) that created a desperate catch-up situation, opening the doors to women.

Information security formative days started long before the 1940s, but just like today the absence of feeling threatened led decision makers to under-invest in those who studied it, let alone those who practiced professionally without degrees or certifications. The question really is whether women would have been pulled into information security anyway, even if the US had not been under investing in the years prior. British history tells us definitively yes, as 75% of Bletchley staff were women.

Does that percentage sound high? Mundy herself says on page 20 that 70% of US Army and 80% of US Navy information security staff were women. Fortunately she doesn’t discount the Americans as wealthy knob-turners, and instead glorifies every American woman’s role as essential to the war effort. Mundy writes well, but her history analysis is lacking and sometimes even self-defeating.

History, Security

Self-Driving Uber Murders Pedestrian

Leave a comment

Although it still is early in the news cycle, so far we know from Tempe police reports that an Uber robot has murdered a women.

The Uber vehicle was reportedly headed northbound when a woman walking outside of the crosswalk was struck.

The woman was taken to the hospital where she died from her injuries.

Tempe Police says the vehicle was in autonomous mode at the time of the crash and a vehicle operator was also behind the wheel.

First, autonomous mode indicates to us that Uber’s engineering team now must admit their design decisions led to this easily predictable disaster of a robot taking a human life. For several years I’ve been giving talks about this exact situation, including AppSecCali where I recently mentioned why and how driverless cars are killing machines. Don’t forget the Uber product already was caught ignoring multiple red lights and crosswalks in SF. It was just over a year ago that major news sources issued the warning to the public.

…the self-driving car was, in fact, driving itself when it barreled through the red light, according to two Uber employees…and internal Uber documents viewed by The New York Times. All told, the mapping programs used by Uber’s cars failed to recognize six traffic lights in the San Francisco area. “In this case, the car went through a red light,” the documents said.

This doesn’t sufficiently warn pedestrians of the danger. Ignoring red lights really goes back a few months before the NYT picked up the story, into December 2016. Here you can see me highlighting the traffic signals and a pedestrian, asking for commentary on obvious ethics failures in Uber engineering. Consider how the pedestrian stepping into a crosswalk on the far right would be crossing in front of the Uber as it runs the red light:

Second, take special note of framing this new crash as a case where someone was “walking outside of the crosswalk”. That historically has been how the automobile industry exonerated drivers who murder pedestrians. A crosswalk construct was developed specifically to shift blame away from drivers going too fast, criminalizing pedestrians by reducing driver accountability to react appropriately to vulnerable people in a roadway.

Vox has an excellent write-up on how “walking outside of the crosswalk” really is “forgotten history of how automakers invented”…a crime:

…the result of an aggressive, forgotten 1920s campaign led by auto groups and manufacturers that redefined who owned the city streets.

“In the early days of the automobile, it was drivers’ job to avoid you, not your job to avoid them,” says Peter Norton, a historian at the University of Virginia and author of Fighting Traffic: The Dawn of the Motor Age in the American City. “But under the new model, streets became a place for cars — and as a pedestrian, it’s your fault if you get hit.”

This might help illustrate the problem from an engineering standpoint (pun not intended).

Source: Makati, the Philippines by PGAA Creative Design

Even more to the point, it was the Wheelmen cyclists of the late 1800s who campaigned for Americas paved roads. Shortly after the roads were started, however, aggressive car manufacturers manipulated security issues to eliminate non-driver presence on those roads.

We’re repeating history at this point, and anyone who cites crosswalk theory in defense of an Uber robot murdering a pedestrian isn’t doing transit safety or security experts any favors. Will be interesting to see how the accountability for murder plays out, as it will surely inform algorithms intending to use cars as a weapon.

Energy, History, Security

Meitnerium

Leave a comment

Scientific American has a nice write-up of the theoretical physicist who discovered nuclear fission and was denied credit, yet assigned blame:

While the celebrity Meitner deserved was blatantly denied her, an undeserved association with the atomic bomb was bestowed. Meitner was outright opposed to nuclear weapons: “I will have nothing to do with a bomb!” Indeed, she was the only prominent Allied physicist to refuse an invitation to work on its construction at Los Alamos.

  • 1878 born in Vienna, Austria, third of eight children in middle-class family
  • 1892 at age 14 offered no more school, by 19th-century Austrian standards for girls. begins private lessons
  • 1905 earns PhD in physics from University of Vienna
  • 1907 moves to Berlin to access modern lab for research. denied her own lab because a woman, given an office in a basement closet, forced to use bathroom in a restaurant “down the street”
  • 1908 publishes three papers
  • 1909 publishes six papers
  • 1917 given salary and independent physics position
  • 1926 first woman in Germany to be made full professor
  • 1934 intrigued by Fermi work, begins research into nuclear reaction of uranium
  • 1938 Nazi regime forces her to leave Germany, because Jewish
  • 1944 Nobel prize awarded to the Berlin man who ran the lab she used for experiments

Amazing to see how determined she was and how she blazed a trail for others to do good. And yet the things she did, men wouldn’t give her credit for, while the thing she opposed was blamed on her instead.

Food, History, Security

Lost History of American Bourbon: Knob Creek

Leave a comment

A friend recently went through my liquor cabinet and pulled out a mostly-empty bottle of Knob Creek. I had forgotten about it, although in the early-1990s it had been a favorite. It was introduced to me by a Milwaukee bartender in an old dark wooden dive of a bar on the city waterfront.

“I’ll take whatever” meant he poured me a glass of seltzer, stirred in a spoonful of very dark jam, threw an orange peel twist on top and told me “enjoy life, the old-fashioned way.” It sounded corny (pun not intended), especially when he also growled “this ain’t a bright lights and gin or vodka type place” (pre-prohibition, not a speakeasy).

“What’s with the jam?” I asked. He threw a thumb over his shoulder at a cast-iron looking tiny pot-belly stove against a black wall under a small brightly-lit window. I squinted. It was almost impossible to focus on except for its small red light. Steam was slowly rising from its top edges into the bright window. “Door County cherries” he said as he wiped the bar “pick’em myself. That’s my secret hot spiced mash.” This was an historic America, with heavy flavors from locally-grown ingredients, which contrasted sharply with what “popular” Milwaukee bars were serving (gin or vodka).

It was a very memorable drink. For years after I continued to have Knob Creek here and there, always thinking back fondly to that waterfront dive bar, and to the advice to avoid “bright lights and gin or vodka”. Knob Creek wasn’t exactly a replacement for the rye I really wanted, yet it was good-enough alternative, and I didn’t drink it fast enough to worry about its rather annoyingly high price of $15 a bottle.

Ok, so my friend pulls this old bottle of Knob Creek out of my cabinet. He’s drinking it and I’m telling him “no worries, that’s an old cheap bottle I can grab another…”. He chokes. “WHAAAT, nooo. Dude the Knob is one of Beam’s best, it’s a $50 bourbon. It’s the really good stuff.” Next thing I know my old Knob Creek bottle is in the recycling bin and I’m on the Internet wondering if I should replace it.

African-American Distillers May Have Invented Bourbon

A lot has changed in the world of American whiskey marketing since Knob Creek was $15

All the research I had done on Prohibition, a notoriously anti-immigrant white-supremacist movement targeting Germans and Irish, did not prepare me sufficiently for Jack Daniel’s recent adoption of its own history.

This year is the 150th anniversary of Jack Daniel’s, and the distillery, home to one of the world’s best-selling whiskeys, is using the occasion to tell a different, more complicated tale. Daniel, the company now says, didn’t learn distilling from Dan Call, but from a man named Nearis Green — one of Call’s slaves.

The real kicker to this Jack Daniel PR move is that it explains master distillers came from Africa, and slavery meant they ended up in regions that give them almost no credit today:

“[Slaves] were key to the operation in making whiskey,” said Steve Bashore, who helps run a working replica of Washington’s distillery. “In the ledgers, the slaves are actually listed as distillers.”

Slavery accompanied distilling as it moved inland in the late 18th century, to the newly settled regions that would become Tennessee and Kentucky.

[…]

American slaves had their own traditions of alcohol production, going back to the corn beer and fruit spirits of West Africa, and many Africans made alcohol illicitly while in slavery.

It makes sense, yet still I was surprised. And after I read that I started to pay attention to things I hadn’t noticed before. Like if you’ve ever watched “Hotel Rwanda” its opening song is “Umqombothi”, which has lyrics about a tradition of corn-mash used for beer in Africa.

Both the use of charred casks and corn mash foundations are being revealed by food historians as African traditions (even the banjo now, often associated with distilleries, is being credited to African Americans). Thus slaves from Africa are gradually being given credit as the true master distillers who brought Bourbon as a “distinctive product of the United States” to market.

Slave owners were not inclined to give credit, let alone keep records, so a lot of research unfortunately still is required to clarify what was going on between European and African traditions that ended up being distinctly American. That being said, common sense suggests a connection between African corn mash and master distiller role of African slaves that simply is too strong to ignore.

Prohibition Was Basically White Supremacists Perpetuating Civil War

If we recognize that master distillers using corn mash to invent Bourbon were most likely slaves from Africa, and also we recognize why and how Prohibition was pushed by the KKK, there is another connection too strong to ignore.

My studies had led me to believe anti-immigrant activists were behind banning the sale or production of alcohol in America. Now I see how this overlooks the incredibly important yet subtle point that master distillers were ex-slaves and their families on the verge of upward social mobility (Jack Daniel didn’t just take a recipe from Nearis Green, he hired two of his sons). The KKK pushed prohibition to block African American prosperity, as well as immigrants.

Let’s take this back a few years to look at the economics of prohibition. Attempts to ban alcohol had been tried by the British King to control his American colonies. In the 1730s a corporation of the King was charged with settling Georgia. A corporate board (“trustees”) was hoping to avoid what they saw as mistakes made in settling South Carolina. Most notably, huge plantations were thought to be undesirable because causing social inequalities (ironic, I know). So the King’s corporation running Georgia was looking at ways to force smaller parcels to create better distribution of wealth (lower concentrations power) among settlers. The corporation also tried to restrict use of Africans as slaves to entice harder working and better quality of settler and…believe it or not, they also tried to ban alcohol presumably because productivity loss.

These 1730s attempts to limit land grabs and ban slavery backfired spectacularly. It was the South Carolinian settlers who were moving into Georgia to out-compete their neighbors, so it kind of makes sense wealth was equated to grabbing land and throwing slaves at it instead of settlers themselves doing hard work. It didn’t take more than ten years before the corporation relented and Georgia regressed to South Carolina’s low settler standards. The alcohol ban (restricting primarily rum) also turned out to be ineffective because slaveowners simply pushed their slaves to distill new forms of alcohol from locally sourced ingredients (perhaps corn-based whisky) and smuggle it.

By the time a Declaration of Independence was being drafted, including some ideas about calling their King a tyrant for practicing slavery, it was elitist settlers of Georgia and South Carolina who demanded slavery not be touched. Perhaps it’s no surprise then 100 years later as Britain was finally banning slavery the southern states were still hung up about it and violent attacks were used to stop anyone even talking about abolishing slavery. While the rest of the Americas still under French, British, Spanish influence were banning slavery, the state of Georgia was on its way to declare Civil War in an expansionist attempt to spread slavery into America’s western territories.

So here’s the thing: the King’s corporation heads inadvertently had taught their colonies how slaves, alcohol and land were linked to wealth accumulation and power. White supremacists running government in Georgia and South Carolina (aspiring tyrants, jealous of the British King) wanted ownership for themselves to stay in power.

Prohibition thus denied non-whites entry to power and ensured racial inequality. Cheaters gonna cheat, and it seems kind of obvious in retrospect that prohibition by both the British King and the US government were clumsily designed to control the market.

The current era of bourbon enthusiasm is based on the products of about seven US distilleries. But before Prohibition, the US had thousands of distilleries! 183 in Kentucky alone. (When the Bottled-in-Bond act took effect in 1896, the nationwide count was reportedly over eight thousand). Each distillery produced many, many different brands.

Prohibition destroyed almost all of those historic distilleries.

From 8,000 small to 7 monster distilleries because…economic concerns of white supremacists running US government.

The KKK criminalized bourbon manufacturing. Thousands, including emancipated master distillers, were forced out of their field. Also in that Bottled-in-Bond year of 1896, incidentally, southern white-supremacists started erecting confederate monuments to terrorize the black population. By the time Woodrow Wilson was elected President in 1912 he summarily removed all blacks from federal government, which one could argue set the stage for a vote undermining black communities, and restarted the KKK by 1915. Prohibition thus arose within concerted efforts by white supremacists in America to reverse emancipation of African Americans, deny them social mobility, criminalize them arbitrarily, and disenfranchise them from government.

What’s War Got to Do With the Price of Knob Creek?

Have you ever heard of Otho Wathen’s defense of Whiskey during and after Prohibition?

Otho H. Wathen of National Straight Whiskey Distributing Co. points out: “The increase in 1934 (in drunken driver automobile accidents) for the entire country was 15.90 per cent. The increase in the repeal states, which included practically every big city where traffic is heaviest, was 14.65 per cent. …in the states retaining prohibition the increase was 21.56 per cent.”

I hadn’t heard of him until I read a blog post revealing that Knob Creek was a very old brand, bought inexpensively by National Distillers during the market collapse of Prohibition:

Knob Creek was first in use in 1898, by the Penn-Maryland Corp. I have looked through our archives here (I have the old history books from the companies we acquired when we purchased National Brands)

The blog even shows this “Cincinnati, Ohio” label as evidence of its antiquity:

This is an awkward bit of history, when you look at the origin story told by the Jim Beam conglomerate:

When the Prohibition was lifted in 1933, bourbon makers had to start from scratch. Whiskey takes years and years to make, but the drinking ban was overturned overnight. To meet their sudden demand, distillers rushed the process, selling barrels that had hardly been aged. Softer, mild-flavored whiskey became standard from then on. Full flavor was the casualty.

But we brought real bourbon back. Over 25 years ago, master distiller Booker Noe set out to create a whiskey that adhered to the original, time-tested way of doing things. He named it Knob Creek

They’ve removed the text about Knob Creek being a physical place. When I first bought a bottle it came with marketing that referenced Knob Creek Farm, a non-contiguous section of the Abraham Lincoln Birthplace National Historical Park. That’s definitely no longer the case (pun not intended) as all the marketing today says white distillers of Jim Beam are resurrecting pre-prohibition traditions, without specifying the traditions came from slaves.

From that perspective, I’m curious if anyone has looked into the Penn-Maryland decision to name its whiskey after an Abraham Lincoln landmark. Does it imply in some way the emancipation of distillers, which Beam now is claiming simply as pre-prohibition style? More to the point, if Jack Daniel is finding slavery in its origin story and making reference to the injustices of credit taken, will Beam take the hint or continue to call Knob Creek their recent innovation?

My guess, based on reading the many comments on the “post-age” Knob Creek now being made (the bottles used to say 9 year), Beam is moving further away from credit to master distillers who were emancipated by Lincoln. So I guess, to answer my original question, buying another bottle of Knob makes little sense until I see evidence they’re giving credit to America’s black master distillers who invented the flavor and maybe even that label.

In the meantime, I’ll just keep sipping on this 1908 Old Crow (Woodford)…