Apple Open Letter… eh

[ Updated below, but I’m leaving the text here as I originally wrote it. ]

 

By now, just about everyone has seen the open letter from Apple about device encryption and privacy. A lot of people are impressed that such a company with so much to lose would stand up for their customers. Eh, maybe.

I have to somewhat conflicting thoughts on the whole matter:

1)

If Apple had designed security on the iPhone properly, it would not even be possible for them to do what the government is asking. In essence, the government plan is for Apple to develop a new version of iOS that they can “upgrade” the phone to, which would bypass (or make it easier to bypass) the security on the device. Of course, it should not be possible to upgrade the OS of a phone without the consent of a verified users, so this is a bug they baked in from the beginning — for their benefit, of course, not the government’s.

Essentially, though they have not yet written the “app” that takes advantage of this backdoor, they have already created it in a sense. The letter is therefore deceptive as written.

2)

The US government can get a warrant to search anything. Anything. Any. Thing. This is has it has been since the beginning of government. They can’t go out and do so without a warrant. They can’t (well, shouldn’t) be able to pursue wholesale data mining of every single person, but they can get a warrant to break any locked box and see what’s inside.

Why should data be different?

I think the most common argument around this subject is that the government cannot be trusted with such power. That is, yes, the government may have a reasonably right to access encrypted data in certain circumstances (like decrypting known terrorist’s phones!) but the tools that allow that also give them the power to access data under less clear-cut circumstances as well.

The argument then falls into a slippery slope domain — a domain in which I’m generally unimpressed. In fact, I would dismiss it entirely if the US government hadn’t already engaged in important widespread abuse of similar powers.

Nevertheless, I think the argument that the government should not have backdoors to people’s data is one of practical controls rather than fundamental rights to be free from search.

 

I have recommendations to address both thoughts:

  1. Apple, like all manufacturers, should implement security properly, so that neither they nor any other entity possess a secret backdoor.
  2. Phone’s should have a known backdoor, a one-time password algorithm seeded at the time of manufacture, and stored and managed by a third party, such as the EFF. Any attempts to access this password, whether granted or denied, would be logged and viewable as a public record.

I don’t have a plan for sealed and secret warrants.

 

[ Update 2/17 11:30 CA time ]

So, the Internet has gone further and explained a bit more about what Apple is talking about and what the government has asked for. It seems that basically, the government wants to be able to to brute-force the device, and wants Apple to make a few changes to make that possible:

  1. that the device won’t self-wipe after too many incorrect passwords
  2. that the device will not enforce extra time-delay between attempts
  3. that the the attempts can be conducted electronically, via the port, rather than manually by the touch screen

I guess this is somehow different than Apple being able to hack their own devices, but to me, it’s still basically the same situation. They can update the OS and remove security features. That the final attack is brute force rather than a backdoor is hardly relevant.

So I’m standing behind my assessment that the Apple security is borked by design.

Privatization, aluminum sky-tube edition

This Congress still has some must-pass legislation to complete.

That includes a reauthorization bill that contains a bunch of much-needed reforms for the agency. But they slipped in a doozey of a change: complete privatization of air traffic control. The plan is to create a separate government-chartered independent non-profit to run the whole show, with the intention, of course, that it will be run much more efficiently than the ZAN-ARTCC-ATOPgovernment ever could. I liked quote from an unnamed conservative groups from another Hill article:

“To us it is an axiomatic economic principle that user-funded, user-accountable entities are far more capable of delivering innovation and timely improvements in a cost-effective manner than government agencies.”

Axiomatic, eh? Well, I think I see your problem…

Anyway, it’s worth taking a step back to think about this proposal from a few different angles. First, let’s remember what the FAA does. Really, there are three main activities:

  1. Write regulations
  2. Allocate funds for aviation-related programs (AIP and similar) and
  3. Run ATC (Note: the FAA’s ATC arm is called “ATO,” but I’ll keep calling it ATC here)

Honestly, there has always been something of a conflict between the needs of air traffic control with safety as top priority and efficiency and cost as lower priorities, and the rest of the organization’s needs. It is a small miracle that the FAA’s ATC runs the safest airspace in the world. But miracle or not, it is a fact.

Furthermore, it is also true that ATC has been slow to modernize. This is for several reasons. First, yes, government bureaucracy, of course. But there are other reasons, such as having congress habitually cut and delay funding for new systems (NB: when you are on temporary reauthorization, you don’t buy new things; programs do not progress. You just pay salaries.) Another problem is that the old systems, as cranky and obsolete as they are, work, and it’s just not a simple matter to replace a working system, tuned over decades with new technology, particularly if you require no degradation in performance in the process.

So does this justify privatization? Will a private organization do better in this respect? Well, here are some ideas for thought, in no particular order:

  • a private organization will use fees to fund itself. This might be good, because they should be able to raise all the money they need, but then again, fees might grow without control. A private organization running ATC is essentially a monopoly. Government control is a monopoly, too — except that you can use the levers of democracy to manage it
  • a fee-run organization will be mostly responsive to whomever pays the fees. In this case, it would be the airlines, and among the airlines, the majors would have the most bargaining power. Is this the best outcome? How will small carriers fare when it comes time to assign landing slots or assign routes to flight plans? How will general aviation do under such a system? Will fees designed for B747‘s coming into KEWR snuff out the C172 traffic coming into KCDW?
  • Regulatory capture is a problem for any industry-regulating government entity. Does the appointment of an all-industry board of directors for a private organization that assumes most of those functions “solve” that problem making total capture a fait accompli?
  • Will this new organization be self supporting or will it still depend on government money? How will it perform when there is an economic or industry slump? If there is a bankruptcy, who will foot the bill to keep the lights on?
  • When the inevitable budgets shortfalls come, how will labor fare? Will they have to sacrifice their contracts in order to help save the company?
  • I don’t know, but I’m just guessing, that nobody at the top of the FAA’s ATC today makes a million dollars a year. Will it be so under an private organization? If so, where might that money come from?
  • Does an emphasis on efficiency server the flying public? To that matter, do the flying public’s interests diverge from those of the airlines, and if so, how are they represented in the new organization’s decision-making?

I honestly have not considered or study this matter enough to have a strong opinion, but so much of it causes the hairs on my neck to stick out.

I’ll give the authors of this new bill credit for one thing: they managed to get the ATC union (NATCA) on board, essentially by promising continuity of their contracts and protections. I’m not sure if that comes with guarantees in perpetuity. One thing I noticed immediately is that current employees would be able to pay into the federal retirement system. New employees…

 

[ Full disclosure: I am a general aviation pilot and do not pay user fees to use ATC, and like it that way. I do understand that this is a subsidy I enjoy. ]

 

 

 

Freedom from v. freedom to: aviation edition

The FAA is still in its rule-making process for drones (or as they call them, UAS — unmanned aircraft systems), but they have announced that all drone operators must register themselves and their aircraft online. There will be a $3 fee (waived for early-registrants until 1/20/2016) and the registration lasts three years.

A quad-copter, quad-coptering.
A quad-copter, quad-coptering.

Some drone enthusiasts and some libertarians are up in arms. “It’s just a new technology that they fear they can’t control!” “Our rights are being curtailed for no good reason!” “That database will be used against us, just wait and see!”

I have a few thoughts.

First, I have more than a smidgeon of sympathy for these views. We should always pause whenever the government decides it needs to intervene in some process. And to be frank, the barriers set by the FAA to traditional aviation are extremely high. So high that general aviation has never entered the mainstream of American culture, and given the shrinking pilot population, probably never will. The price to get in the air is so high in terms of training that few ever get there. As a consequence, the price of aircraft remains high, the technological improvement of aircraft remains slow, rinse, repeat.

In fact, I have often wondered what the world might be like if the FAA had been more lax about crashes and regulation. Perhaps we’d have skies filled with swarms of morning commuters, with frequent crashes which we accept as a fact of life. Or perhaps those large volumes of users would spur investment in automation and safety technologies that would mitigate the danger — at least after an initial period of carnage.

I think I would be upset if the rules were like those for general aviation. But in fact registration is pretty modest. I suspect that later, there will be some training and perhaps a knowledge test, which seems quite reasonable. As a user of the National Airspace System (both as a pilot and a passenger) I certainly appreciate not ramming into solid objects while airborne. Registration, of course, doesn’t magically separate aircraft, but it provides a means for accountability. Over time, I suspect rules will be developed to set expectations on behavior, so that all NAS users know what to expect in normal operations. Call it a necessary evil, or, to use a more traditional term, “governance.”

But there is one interesting angle here: the class of UAS being regulated (those weighing between 0.55 lb and 55 lb) have existed for a long time in the radio-controlled model community. What has changed to make drones “special,” requiring regulation now?

I think it is not the aircraft themselves, but the community of users. Traditional radio-controlled models were expensive to buy, took significant time to build, and were difficult to fly. The result was an enthusiast community, which by either natural demeanor or soft-enforced community norms, seemed able to keep their model airplanes out of airspace used by manned aircraft.

Drones came along and that changed quickly. The drones are cheap and easy to fly, and more and different people are flying them. And they’re alone, not in clubs. The result has been one serious airspace incursion after another.

A lot of people seem to think that because drones aren’t fundamentally different technology from traditional RC hobby activity, that no new rule is warranted. I don’t see the logic. That’s not smart. It’s not about the machines, it’s about the situation.

Anyway, I think the future for drone ops is actually quite bright. There is precedent for a vibrant hobby along with reasonable controls. Amateur radio is one example. Yes, taking a multiple-choice test is a barrier to many, but perhaps a barrier worth having. Also, the amateur radio community seems to have developed its own immune system against violators of the culture and rules, which works out nicely, since the FCC (like the FAA) has limited capacity for enforcement. And it’s probably not coincidental that the FCC has never tried to build up a large enforcement capability.

Which brings me to my final point, which is that if the drone community is smart they will create a culture of their own and they will embrace and even suggest rules that allow their hobby to fruitfully coexist with traditional NAS users. The Academy of Model Aeronautics, a club of RC modelers, could perhaps grow to encompass the coming army of amateur drone users.

 

 

 

On BS detection

Coming after my last post, which took aim at Vox, I am hereby directing you to an interesting interview on Vox in which a researcher discusses his work on bullshit. Bullshit, as the researcher defines it is:

Bullshit is different from nonsense. It’s not just random words put together. The words we use have a syntactic structure, which implies they should mean something.

The difference between bullshit and lying is that bullshit is constructed without any concern for the truth. It’s designed to impress rather than inform. And then lying, of course, is very concerned with the truth — but subverting it.

This a pretty fascinating category, no? What is it for? The first thing that springs to mind is establishing authority, which, though distinct from lying, seems to be the basic groundwork for slipping in lies by shutting down critical faculties. Bullshit is like the viral protein coat necessary to deliver some RNA lie payload.

It seems to me that bullshit is particularly rampant these days, but perhaps someone with more knowledge of history will correct me. We live in a very complex, dynamic world, and simple heuristics built into our wetware seem rather outgunned when confronted with modern, well-engineered, state-of-the-art BS. Furthermore, I notice more and more people — not just those in the business of propaganda — who make their living, in part or wholly, by spinning bullshit. Bullshit about guns, vaccines, education, politics, food, religion, terrorism, how your dotcom is helping the world — you name it.

Bullshit arising from the San Bernadino killings angered me over the last few days. Gun control advocates filled my FB feed with pleas for gun control, but the facts of the situation seem to imply that these people would have been able to perpetrate their murder under any conceivable gun control regime, except, perhaps, for a total ban with confiscation. (Which I think we can all agree is not going to happen and probably shouldn’t.) The conservative media, of course, seems aflame with innuendo about Islam and violence, justifying fear of Muslim refugees and discrimination against them. Overall, it’s too early to make much sense of this tragedy, but whether you like gun control or restrictions on refugee immigration, there’s not much in this event to support a serious argument for either. Which is to say, everything on your Facebook feed that links this story to pretty much any cause is 100% pure bullshit.

I believe traditional thinking about bullshit is that, first, people who hear bullshit that confirms their priors just let it go unprocessed because, well, why not? And second, that processing everything you hear critically is work, and most people quite rationally avoid work when they can.

I (and this researcher) wonder, though, because some people have highly sensitive bullshit detectors and can sniff it out instantly, without consulting snopes.com or WebMD. And I know plenty of people who get angry about bullshit, even when it aligns with what they already believe.

Is this some kind of immunity? Is it natural or can people be inoculated? And if the latter is possible, how do we go about it?

 

Garbage can strikes again

When I was in policy school, we learned about something called the “Garbage Can Model of Organizational Choice,” which for some reason has stuck with me. I don’t want to boil it down too much, but in it, Cohen, March, and Olson (and later, Kingdon) theorize that people are constantly coming up with “solutions” that more or less end up in a theoretical trash bin. Except, nobody ever empties the trash. Instead, it lingers. At the same time, the random stochastic process known as life generates a constant stream of problems. Every once in awhile, a “problem” comes along that fits a “solution” waiting in the trash can, and if there’s an actor who favors that solution who has been paying attention and waiting patiently, he trots it out and starts flogging hard.

In light of the Paris attacks, we’ve been seeing this from the security establishment in a big way. They like tools that let them see and watch everything, and they do not like anything that gets in their way. So, for example, banning encryption that they cannot defeat is a solution that sits in the trash can perpetually. That’s why it’s unsurprising that the ex-CIA director is calling for Edward Snowden’s hanging or Dianne Feinstein and other senators are railing against Silicon Valley for offering its users strong encryption.

It’s all about having an established agenda and seizing an opportunity when it comes along. Politics as usual, move along, these droids are not particularly interesting.

But there is actually something a bit interesting going on here. The actual facts and circumstances right now do not support the panopticon theory of governance favored by intelligence and law & order types. The terrorists in this case did not use encryption. They sent each other SMS and other messages completely in the clear. If you look in the Internet, you will find article after article debunking the notion that controls on encryption would have made a difference in these attacks at all.

In fact, given the circumstances of this particular case, it looks like the intelligence agencies already had all the tools they needed to stop this attack. They just didn’t. This, if anything, should be the actual story of the day!

Okay, so this is perhaps also not interesting to the jaded news junky. Maybe it’s a bit further down in the playbook, but we’ve all seen people who should be on the defensive go on the offensive in a big, loud way. But I still find it disturbing that the facts are not steering the debate at all. If you enjoy making fun of fact-free conservatives, then this is not the circus for you, either, as powerful Dems are behind this crap.

Various media outlets, even mainstream ones, are calling out the bullshit, but the bullshit continues.

Same as it ever was, or new, disturbing political discourse untethered to reality. You decide.

Oh, and just as an aside: you can’t stop the bad guys from using strong encryption. So what are you actually calling for?

 

 

 

Un-American Things

Barack Obama and Ted Cruz are currently having a bit of a one-sided insult match in response to the president suggesting that rejecting Syrian refugees, or only letting in refugees in who meed certain religious criteria, is un-American.

You won’t be surprised to hear that I think The President is right, of course. Our highest ideals are of opportunity and openness, and I think we all want to live in a country that is the destination for those in need to rebuild lives shattered through forces beyond their control.

But the president is also right in another way that I think is interesting. This country does not have a culture of risk-aversion. Or at least it doesn’t regarding most new things. I mean, let’s grant for the moment that letting in Syrian refugees means we are opening ourselves to some non-zero incremental risk of violence. Why shouldn’t we take that risk? We’re risk takers.

This is not a country that adopts the precautionary principle to food and environmental regulation. We don’t stop Uber and Airbnb before they get started because they might be unsafe. Nobody (federally) says, “sure, you can have a gun, after you show us you can handle it safely.” You want to use some new chemical you just invented in your industrial process? Have at it (generally), until we know it’s dangerous. So it goes. Nuclear power, moon exploration, homesteading the West. In the cases where we do have regulation, I think you’ll find 100% of the time that it came after something bad happened regarding the very thing being regulated.

And I think that’s more or less a fine, and certainly, very American philosophy. We’ve had some very bad outcomes here and there (leaded gas), but on average, the risks have worked out in our favor and we get more benefit than harm. In the case of Syrian refugees its a question of compromising our ideals to gain a little safety. Totally un-American.

 

What the other guys believe

How well do you understand the beliefs of those at the opposite political spectrum as yourself?

Being a semiprofessional policy nerd, so I thought I had a good handle on this. I know, for example, most of the conservative and liberal arguments for this or that policy proposal, and can (and do) rank them on their credibility all the time, constantly adjusting those  rankings as I learn more about the world. That’s a wonk’s life.

But here’s a different question: which of those arguments do they believe and feel are the most compelling?

Some JMU researchers have devised a little experiment to determine just that. It’s a short questionnaire. You should take it! They ask you a few questions about the best policy arguments from conservative and liberal viewpoints and then they ask you your own political orientation.

I learned something from my results. I was able to correctly identify the favored argument of political conservatives approximately zero percent of the time. 0 for 5!

Paul Krugman thinks liberals understand conservative reasoning better than conservatives do liberal reasoning. Well, he might be true with respect to the logic of the arguments, but at least for this guy, he’s dead wrong regarding the beliefs about the strengths of the arguments.

h/t Baseline Scenario

Leave it in the ground

About a decade ago, Alex Farrell, a professor in the UC Berkeley Energy and Resources Department, Alex Farrell, had a series of papers unpopular with environmentalists. They showed that, essentially, there was no peak oil. In fact, at prevailing prices of the time, one could profitably extract a supply of petroleum to last hundreds of years at current rates. The supply would come not just from traditional sources, but from Canadian bitumen and coal-to-liquids conversion. He also pointed out that this is a bad thing, because those alternative sources of petroleum products have ridiculously high carbon intensities. That is, they’d be much, much dirtier than regular oil.

Sadly, Professor Farrell did not live to see the story of peak oil fade from most environmentalists’ consciousness nor to see the price of oil has drop so dramatically. And, in fact, at today’s prevailing prices, influenced by fracking and cheap natural gas (which is not a short term substitute for oil but could be a long-term one), we just don’t need oil from the Canadian tar sands. There’s not really a strong economic case for it, and the environmental case is, well, awful. I guess there is still a story to be told about “continental oil independence,” but, well, that’s only physical independence. Unless we plan on declaring a state of emergency and militarily controlling oil transfer, oil is still a worldwide commodity,  and if there were some kind of oil crunch, we’d take the economic gut punch all the same.

I think Obama made the correct decision today, to nix the Keystone Pipeline.

Score one for common sense.

WSJ swipes at science

Rather interesting piece by Matt Ridley in the WSJ, making the case that spending on basic science is a waste. It’s definitely worth a read for it’s world-tipped-on-its-side-itude. [ Ridley, a Conservative member of the House of Lords, has some interesting views about many things, so a scan of his wikipedia page, linked above, is worthwhile if you’re going to read the article. ]

Though I will happily grant the author the point that the linear model of:

is incorrect and simplistic, I don’t think that’ll be news to anyone who has ever spent a few minutes thinking about any of those things. Yes, technological advance is chaotic. Yes, innovation comes from many places, and the arrows are not always in the same direction.

science_matrix

But stating that the direction is not always from science to tech is a very far cry from proving that we can get away without science altogether.

He’s right, of course, that not all science leads to anything particularly valuable, and even when it does, it’s hard to know in advance what will and won’t. Sometimes hundreds of years can pass between a discovery and the moment society knows what to do with it.

In fact, it is for those very reasons and man more that it makes sense for governments to fund science.

The rest of the piece is, unfortunately, worse. I don’t have enough time to criticize all the arguments in the piece, but a few quick call-outs:

In 2007, the economist Leo Sveikauskas of the U.S. Bureau of Labor Statistics concluded that returns from many forms of publicly financed R&D are near zero and that “many elements of university and government research have very low returns, overwhelmingly contribute to economic growth only indirectly, if at all.”

You don’t say? Yeah, you can’t point to the monetary benefits of science because it does not directly generate monetary benefits. I wonder if that has anything to do with the fact that you can’t sell public knowledge? But you can use it to make things, and sell those. Or use it to direct your own research and make something of that. Whodathunk? Also, in the process, you get a bunch of educated people that private actors will hire to make things.

And, by the way, there are good reason to finance science with public money. Here’s one:

Let’s say knowledge “A”, obtained at cost a’ can be combined by technology entrepreneurs, P,Q,R to generate wealth p’,q’,r’. Without government funding of science, unless p’,q’,r’ each individually are more than a’, it won’t happen, because in the private investment scenario, the private investors has to recoup their costs alone. Even if p’ > a’, we still won’t see any of q’ and r’.  But with the public investment to get A, we get all of p’,q’,r’. When you throw in the uncertainty of the value of A at the time that it is being generated, it’s even harder for the private sector to justify. This has been known for a good while.

[ Aside: this is and other interesting aspects of innovation are covered in great detail, by the way, in the late Suzanne Scotchmer’s well thought out book, Innovation and Incentives. ]

Ridley also has a weird theory that technology has become a living organism, desiring to and able to perpetuate itself. I don’t half understand what that means, but it’s a strange foundation for an argument that government science doesn’t matter:

Increasingly, technology is developing the kind of autonomy that hitherto characterized biological entities. The Stanford economist Brian Arthur argues that technology is self-organizing and can, in effect, reproduce and adapt to its environment. It thus qualifies as a living organism, at least in the sense that a coral reef is a living thing. Sure, it could not exist without animals (that is, people) to build and maintain it, but then that is true of a coral reef, too.

And who knows when this will no longer be true of technology, and it will build and maintain itself? To the science writer Kevin Kelly, the “technium”—his name for the evolving organism that our collective machinery comprises—is already “a very complex organism that often follows its own urges.” It “wants what every living system wants: to perpetuate itself.”

Even if this is true, why believe that the innovation we would get from a purely technologically driven progress is the “best” innovation we can get, or even the innovation we want? Oh, that’s right, in the libertarian mindset, “we” doesn’t exist. So, it’s a good thing if, say, industry sink billions into fantastic facial moisturizer while cures for diseases that only affect the poor go unfunded.

Here’s another groaner:

To most people, the argument for public funding of science rests on a list of the discoveries made with public funds, from the Internet (defense science in the U.S.) to the Higgs boson (particle physics at CERN in Switzerland). But that is highly misleading. Given that government has funded science munificently from its huge tax take, it would be odd if it had not found out something. This tells us nothing about what would have been discovered by alternative funding arrangements.

And we can never know what discoveries were not made because government funding crowded out philanthropic and commercial funding, which might have had different priorities. In such an alternative world, it is highly unlikely that the great questions about life, the universe and the mind would have been neglected in favor of, say, how to clone rich people’s pets.

Ah, yes, the “counterfactual would have been better” argument. Of course, it comes with no particular theory or reason why private incentives would advance science, only the assertion that it would. Except, it turns out we do, in fact, have counterfactuals, because there are countries all around the world through history that made different prioritization of science, along with associated outcomes, and the answer is quite grim for the laissez faire folks, I’m afraid.

The rest of the article trots out a bunch of examples of interesting and important technologies, such as the steam engine, that came into being more or less without the underlying science to back them up. But I can make a list, too. Wozniak and Jobs made a computer in their garage, and — bang! — there came the internet. Except, the were already standing on giants, including boatloads of government-funded basic research (a lot of it defense-driven, yes) from which sprung semiconductors and the very notions of electronic computer. (Turing, Von Neumann)

Or lets take a look at radio. Sure, Marconi doing some early tinkering with spark gap transmitters allowed us to get some dit-dahs across the Atlantic without too much understanding, but even he was standing on Maxwell. And besides, the modern digital communications would not be possible without the likes of Fourier, Shannon, Nyquist, Hartley, all of which were doing science. (Some in private labs, though.)

I’m not historian of science, so I hope to soon read blogs from such people responding to this piece.

I’m unsettled by something else, though:

This is a full-throated, direct attack on government-funded science itself, printed in a mainstream publication.

It was not long ago that no serious political ideology in the US would have been broadly anti- public science research. Sure, we’ve seen serious efforts to undermine science in certain areas: climate change, danger of pesticides, etc, but nobody has come straight out and said that government should get out of the science business entirely.

Should be interesting to see if this is the start of a new long-term strategy or just one man’s rant.

 

 

Sophisticated Congress Simulator

Few people know that I wrote a very sophisticated simulator to determine the output of the Congressional Select Committe on Benghazi. It’s always satisfying to see simulation results match the real world.

Here’s me running the program:

Here’s the source code, in case you want to expand on the idea.