Charlie Stross: August 2009 Archives

I'm off to Copenhagen tomorrow, where, along with Gwyneth Jones, I'm one of the guests of honour at Fantasticon, the Danish national SF convention.

Meanwhile, I leave you with this tag: WTF? (I particularly like — in an admire-from-a-distance kind of way, please don't mistake this for actual must-have-'em desire — Chicken Poop Lip Balm, Inflatable Toast, black toilet paper, and the book "How to Increase your IQ by Eating Gifted Children".)

I feel this tag deserves a metaphor that embraces the invisible hand, the long tail, and melting clocks, but for once I'm fresh out of bon mots.

Regular readers may recall my question on August 13th about the whys and wherefores of the disappearance of the Arctic Sea, which subsequently reappeared off the coast of Africa in the middle of a full-dress Russian Navy panic, with rumours of piracy in the Baltic and stolen secret cargoes ...

Today an Asia Times in-depth report asserts:

[ex-Russian military officer] Filin said the crates (loaded on board in Kaliningrad) could have contained four X-55 strategic cruise missiles (without front sections) and devices to implement an air launch from military planes of the SU-24 type, provided that the aircraft were retrofitted as carriers of a single cruise missile.
And to add to the fun:
Last Thursday, the former commander of defense forces of Estonia, Tarmo Kiuts, repeated the same presumption. He said on board the Arctic Sea most probably were Russian X-55 missiles that the vessel was carrying to Iran.

In its latest version, official Russian television said ecologists had hijacked the Arctic Sea because they had ran out of fuel for their boats.

Piratical ecologists, or arms dealers smuggling cruise missiles to Iran. Which reality tunnel do you subscribe to?

Some of you may have had problems posting comments yesterday. That's because we're in the process of upgrading the blog to handle threaded commenting, and there was a template screw-up. We've reverted to the system default template for now; this means you must preview your comment at least once before you hit the post button. Otherwise you may get an error message.

We now return you to your regular featured programming, sort-of. (I'm off on Friday to Copenhagen for an SF convention, and will probably have neither bandwidth nor time for blogging between then and next Wednesday.)

This blog is not only my personal soapbox, it's my public face. Folks who read what I post here may or may not thereafter buy my books. Consequently, these days I try to avoid writing about stuff that is likely to be controversial. Call it the chilling effect of capitalism; I can say what I want if and only if I'm willing to do without that portion of my book royalties that comes from the folks I piss off.

There are some folks I can do without, mind you. (If you're a BNP member or voter you can fuck off right now. I don't care if you don't buy my books; I don't want your bloody money.)

However, this comes at a cost. I don't like biting my tongue continuously. I have strong opinions on a number of subjects — including politics — and what use is a soapbox if I can't use it from time to time?

(Click the link below to continue reading if and only if you don't mind me expressing strong views that may be contrary to your own.)

Three tenuously-related pieces of news have caught my eye recently.

Firstly: NDNAD, the UK's National DNA Database, run by the Forensic Science Service under contract to the Home Office contains DNA "fingerprints" for lots of folk — 5.2% of the population as of 2005, or 3.1 million people. Some of them are criminals; some of them are clearly innocent, but were either charged with a crime and subsequently found not guilty, or had the misfortune to be detained but not subsequently charged (that is: they're not even suspects). The Home Office takes a rather draconian view of the database's utility, and objects strenuously to attempts to remove the records of innocent people from it — it took threats of legal action before they agreed to remove the parliamentary Conservative Party's Immigration spokesman from the database (which he'd been added to in the course of a fruitless investigation into leaked documents that had embarrased the government) — so if senior opposition politicians have problems with it, consider the prospects for the rest of us.

In use ...

Whenever a new profile is submitted, the NDNAD's records are automatically searched for matches (hits) between individuals and unsolved crime-stain records and unsolved crime-stain to unsolved crime-stain records - linking both individuals to crimes and crimes to crimes. Matches between individuals only are reported separately for investigation as to whether one is an alias of the other. Any NDNAD hits obtained are reported directly to the police force which submitted the sample for analysis.
Now, this in itself is merely a steaming turd in the punchbowl of the right to privacy: but its use as a policing intelligence tool is indisputable. While there are some very good reasons for condemning the way it's currently used (for example, its use in the UK has sparked accusations of racism), I can't really see any future government forgoing such a tool completely; a DNA database of some kind is too useful. So what interests me here is the potential for future catastrophic failure modes.

I'd like to note in passing that the cost and effort required to conduct DNA sequencing is dropping like a stone, following a path faster than Moore's Law — the price of sequencing has fallen off a cliff, and an exhausting personalized genome sequence can now be had for around $50,000 and a couple of weeks' work. For comparison, back in 1998 or thereabouts the same job had taken several years and $100M. We're en route to hand-held realtime sequencers within the very near (5-10 year) future. And, aside from medicine, the consequences will be interesting ...

This week sees the publication of a paper that suggests that standard molecular biology techniques such as PCR, molecular cloning, and recently developed whole genome amplification (WGA), enable anyone with basic equipment and know-how to produce practically unlimited amounts of in vitro synthesized (artificial) DNA with any desired genetic profile. See also: faking up a crime scene. Because of the nature of DNA evidence it's actually physically easier to distribute it around a location than it would be to fake conventional forensic evidence such as fingerprints.

Meanwhile, in Australia ... oh, this one almost beggars belief:

Police computer security experts claimed responsibility for taking over the cybercrime forum as part of a sting operation on ABC's Four Corners TV programme ... The Feds had reportedly configured their own systems as a honeypot designed to track and trace denizens logging into the forum. Police gained access to the forum not through infiltration but after raiding the Melbourne home of the forum's alleged administrator last Wednesday. ... Unfortunately the wheels fell off the scheme, because the officers involved failed to set a password on the database behind the honeypot site.
Yes: they tried to guddle a bunch of hackers and forgot to set the root password on the MySQL database they were using to store the evidence.

Combined with other instances of mind-boggling stupidity this is beginning to convince me that policing and IT security work are incompatible; that is, that the culture, training, and career structure of policing is generally inimical to understanding IT security. The vast majority of police work is about tracking down and apprehending lawbreakers after a crime has been committed; the vast majority of offenses are committed on the spur of the moment by not-terribly-bright folks with poor impulse control: and police are frequently expected to multi-task and deal with multiple cases in parallel. But in the INFOSEC sector the paradigm is turned on its head — it's necessary to carefully consider and plan to defend against attacks that haven't happened yet and to work on the assumption that the attacker is intelligent, tenacious, and has invested a vast amount of effort in advance planning. Even if they haven't, even if the attacker is merely a script kiddie playing with a tool someone else invented, you're up against the inventor's brain rather than the idiot attacking you — the rifle designer rather than the trigger man.

What are the risks of a national DNA database maintained for policing intelligence purposes, once DNA evidence faking becomes possible?

Well, one possibility is that, if sequence information for a named individual can be obtained from the database, your upper class of criminal might well use it to frame rivals — spreading it around the site of a bank robbery or wholesale drug distribution hub, for example.

Another possibility is that if the database is inadequately secured — and with cops waving handheld scanners with live broadband connections around, that's not a wild stretch — we might see some alarming injection attacks on the database, along the lines of short tandem repeat sequences tied to the name and other details of extremely violent criminal. If you really hate someone and want to fuck them up, stick their DNA in such a database, tagged as belonging to a violent serial rapist or armed robber.

Why do I think this is a problem? Well, the NDNAD is a single, fat, juicy target for hackers: to do its job it must remain accessible to police officers all over the country, which in turn means it has to be online, and therefore difficult to secure. To a wily hacker it's a priceless target: one they can use to both mislead ongoing police investigations and assault their rivals (using the police as a proxy). And the singular nature of the database makes it a single point of failure for the forensic science service.

This leads me to a fairly important conclusion: the can of worms — the hackable, fakable, fallible DNA database — is already here, and the law of bureaucracy says it isn't going away. But it needs to be secured. To do so, it's essential that it not be used as an authentication tool for identifying individuals. Moreover, DNA evidence can no longer be seen as sufficient on its own to secure a conviction in court. Online checks will still have a place — but only if they're used to match individuals against evidence found at crime scenes, and even then, only as an indicator (not as evidence in its own right).

This happens every year: Beloit College issues this heads-up to their staff, to try and remind them of the mind set of the incoming college year. Here's what the fresh graduates of 2013 know about the world ...

(Feeling old, now.)

I'm really going to have to add a public events sidebar to this blog, just as soon as I have time to poke around in search of Movable Type widgets designed for the job ...

Meanwhile, I'm very happy to announce two engagements for 2010:

Firstly, I'm due to be the English-language guest of honour at HAL-Con in Tokyo, Japan, from April 10th to 11th, 2010. HAL-Con is a bilingual English/Japanese SF convention (run by the team of SF fans who are hoping to host the next Japanese world science fiction convention in 2017).

(It's going to be fun getting there: HAL-Con is the weekend after the British Eastercon, which by pure happenstance is being held this year at the Radisson hotel at Heathrow. I foresee two consecutive convention weekends separated by a long-haul flight ...)

Secondly, I'm really pleased to announce that I'm one of the guests of honour at Readercon (along with Nalo Hopkinson), from July 8th to 11th 2010 in Burlington, MA (just outside Boston). Readercon is basically the SF convention for talking about SF as literature, and I'm very happy to be going there!

I'm back home, recovering from jet lag. And it's summer.

Summer in Edinburgh means: I have my office window open, overlooking the rumbling traffic and the street chatter and the occasional raucous discussion outside the pub on the other side of the street twelve metres below me. It's pleasantly warm, with a daytime temperature in the range 17-20 degrees, dipping to 12-14 degrees at night. (Anything over 24 degrees is a heat wave.) Humidity is 60-70%.

Last week, in Montreal, summer meant keeping the hotel room window curtained and shut, with the air conditioning on full blast: outdoors it was 27-35 degrees, with 70-80% humidity. A good ten degrees celsius hotter than it is here.

I didn't like that much. (Confession time: I moved to Edinburgh when I found summer in London to be unpleasantly hot. I can cope with warm weather as long as I've got a cold place to retreat to, but after two months in which the temperature in my apartment never went below 25 degrees at night, I gave up on London for good.)

Anyway — waving an obligatory finger at the inaccuracy of long range climate models — it looks like by the end of the century global average temperatures are going to be up by somewhere between 5 and 10 degrees. Assuming that the local consequences don't include shutting down the North Atlantic thermohaline circulation, Edinburgh in summer will feel more like Montreal. Even with the postulated shutdown, summer's going to be no cooler than it is today (but winter would be a good bit chillier).

There are productive vineyards in Yorkshire these days. Meanwhile, the Boredeaux and Rioja vineyards are under threat as the vine-growing temperature zones move north. (To put a fictional hook on it: the late 21st century natives of England will sell wine to France to pay for the imported nuclear-generated electricity that spins their air conditioners — assuming they're not devastated by tornados, which are already showing up with increasing frequency as hotter summers pump more energy into the atmosphere.)

As for Montreal? Think in terms of regular 40-45 degree summers. That's not going to be fun at all. But it's going to be better there than in the vicinity of Sydney (destined for routine 45-55 degree summers — the kind of heat that kills) or just about anywhere in sub-Saharan Africa.

(Postscript: to those of you who want to quibble over whether current climate change is anthropogenic in origin, I ask this question: if you wake up in the night and smell smoke, do you think to yourself, "oh, it's just a nearby lightning strike/bush fire — that's perfectly natural" and go back to sleep? Or do you get out of bed and do something about it anyway? To my mind it doesn't matter why climate change is happening, except insofar as it might affect our choice of technologies for remediation work — whether or not it's induced by human activities, we ignore it at our peril.)

I'm still in Montreal, doing touristy things; flying home overnight tomorrow night, probably won't be fully recovered until Monday.

Meanwhile, can any of you tell me what this is all about? (Other than real life emulating a Ken Follett novel.)

Update Arctic Sea found, eight arrested for hijacking. Weird indeed, but perhaps not quite as weird as it seemed at first (if the Russian authorities are telling the truth).

You can listen to my Thursday evening chat with Paul Krugman here. (Warning: 13Mb of juicy mp3 download goodness; this is not a podcast, it's a raw file to stuff up the guts of your media player of hoice.) If listening's too hard on your ears, I gather a transcript can be found here. It may show up on YouTube later, too.

PS: Congratulations to Neil Gaiman on his shiny new rocketship (aka Hugo award) for best novel!

Not much to report so far, nor much time in which to report it, but: man, keeping up a conversation with Paul Krugman is hard work.

(Yes, I have an mp3 of our talk. It's also been video'd. Unfortunately the mp3 runs to 54Mb, so I'm not going to host it directly on my own server. Anyone know of any reasonably sane streaming audio hosting sites I should be looking at?)

I'm back home from visiting relatives, but I'm off to Montreal tomorrow for the world science fiction convention. If you're going, you can find my (public) schedule here. I'll update it as/when I have any updates to make.

As I'm spending today filling a suitcase and tomorrow filling an Airbus passenger seat, and presumably spending Wednesday recovering and Thursday through Monday running around like a blue-arsed fly, I may not be posting here much.

Today's bone of contention: on immigration and naturalization. The Labour government passed some legislation over the past couple of years, overhauling the UK's immigration system. Along other things, they switched to a points based system for assessing immigrants (hint: don't bother applying if you don't have a university degree and speak English — positive discrimination for the middle classes: not so good if you dropped out and founded a dot-com startup and became a millionaire, rather than graduating with a 2.2 and working as a cubicle drone). They've also brought in a bizarre "citizenship test" — an exam you're supposed to be able to pass before they'll permit you to beg for a passport.

Received wisdom among the Daily Mail set is that this is right and good and defends our precious bodily fluids the sanctity of our national identity. In practice, however ...

How many points do you score on the practice test?

(Hint: I'm a lazy good-for-nothing foreigner who's just asking to be deported. And I've lived here all my life. Second hint: some of the "correct" answers to the questions are factually incorrect, and reflect official thinking rather than actual reality.)

This is bullshit of the finest grade, little more than a test of rote memory (there's a guide book: buy, read, and memorize) rather than anything of actual relevance to daily life in the UK. But it's what the bureaucracy has produced — and now they're planning to add a patriotism test! Patriotism to be proven by participation in civil groupthink activities approved of by the immigration service and their management. (And immigrants who participate in activities that they think are un-British run the risk of being penalized.)

If you can come up with some words to express my disgust, please let me know; I'm about out of them.

PS: If you think I'm straining at gnats, try this for size: "Thousanda of the worst families in England are to be put in "sin bins" in a bid to change their bad behaviour, Ed Balls announced yesterday. The Children's Secretary set out £400million plans to put 20,000 problem families under 24-hour CCTV super-vision in their own homes. They will be monitored to ensure that children attend school, go to bed on time and eat proper meals." (Yes, I know it's the Ghastly Excess reporting this, not The Economist. Nevertheless. More there, if you can stomach it.) Who needs Big Brother when you've got New Labour to tuck you in bed beneath the watchful cameras? The immigration laws are just the canary in the coal mine ...



About this Archive

This page is an archive of recent entries written by Charlie Stross in August 2009.

Charlie Stross: July 2009 is the previous archive.

Charlie Stross: September 2009 is the next archive.

Find recent content on the main index or look in the archives to find all content.

Search this blog