Category: Stephen Bryen

199269_5_.jpg

Brennan, Trump, and Russia: Bloody Noses


Former CIA Director John Brennan has given an interview in which he made three points about the Russians and President Donald Trump. In reverse order: 

  • Mr. Trump is a very selective consumer of U.S. intelligence and rejects what he does not like or support. This creates problems within the U.S. intelligence establishment and, to some degree undermines the CIA’s credibility abroad. 
  • Regarding cyber operations to respond to Russian attacks on the U.S. electoral system, he noted that it was important in the Obama administration to avoid a cycle of actions and retaliation that in the end would just be disruptive. 
  • Russia’s intention in attacking Hillary Clinton’s campaign, in Brennan’s view, was to bloody Mrs. Clinton before she was elected in the hope of making her a weaker President.  Though unstated, it appears that Director Brennan, who says the Russian operation was directly ordered by Vladimir Putin, believes that Putin regarded Trump as much less of a threat to Russian interests than Mrs. Clinton.

It is a rather odd conclusion, but one that has merit nonetheless. It is odd because unlike Mrs. Clinton, Donald Trump favored a very strong U.S. military and significant increases in U.S. defense spending. That was not a position of Mrs. Clinton or of the Obama administration, though she claimed she wanted to do more than Obama. Why is it, then, that Putin would favor a president leading a reinvigorated U.S. military?

The answer may lie with Russia’s perception of its own standing vis a vis the United States. From the Russian point of view, the United States could defeat Russia just by spending more and by using its industrial might to turn out ever more sophisticated weapons. While Russia has clearly modernized its military and its weapons, it is a long way from being able to deploy any significant number of weapons systems, especially front-line aircraft (such as the stealthy Su-35), and land forces, including its new tank (the T-14 Armata), which would be important if the Russians had any military ambitions in Europe.

Putin could and has, therefore, put on a pretty good show in Syria against an enemy with little ability to stop the Russian air force. But outside of that, despite shows of bravado, Russia’s military is not in good shape. From this point of view, Trump’s investment in the U.S. military really doesn’t change anything much for a Russia that sees itself already unable to take on the U.S. militarily.

Hillary Clinton, on the other hand, was seen as a political hardliner and troublemaker, especially regarding Russian operations in Ukraine. The Russians would believe that when she was president her team would include such people as Victoria Nuland, who was especially hostile to Russia and its Ukrainian operations.  Weakening Hillary as much as possible would have made sense to Russia.

On the economic level, Russia depends for its well-being on the sale of oil and gas, and other commodities in the world market. Oil prices have been low for some time, making it hard for the Russians to meet their budget requirements. And the Russians realize that the U.S. is the newest emerging oil and gas power in the world.  Fracking will make America a future major exporter of oil and natural gas (in the form of LNG). 

This goes back to the question of President Trump. It is clear that Mr. Trump has an agenda in his head regarding Russia, but there are serious doubts that he can do much with it under the current political circumstances.

The Trump agenda appears to start with the idea that Mr. Trump as a successful businessman, which the President attributes largely to his negotiating skills, can find a modus vivendi on many bilateral U.S.-Russia issues including Syria, cyber issues, and Ukraine. Already he has begun to change things regarding CIA support for opposition groups in Syria, and Russia and the United States are working on some sort of cooperative alliance on cyber security.  It is just as likely that the Ukrainian issue is also within their discussions and – to venture a guess – it is some sort of lease deal for the Crimea and a settlement of the insurgency in east Ukraine that may well be under active discussion.

Mr. Trump’s problem is that he is a very weak president, torn by internal dissension including from his National Security Advisor and his Defense Secretary, and without any real Congressional support.  Any deal with the Russians could cause a furor and expose Mr. Trump to public humiliation over his efforts at negotiation with an international rival, particularly if the deal was on Ukraine.  Therefore, Trump is walking on grenades, any one of which can explode at any time.

The surprise for the Russians is that Mr. Trump won the election. In an effort to demonstrate his skill in foreign affairs, Trump is now working to reorder America’s policy in various ways, particularly as regards the Russians. But if he continues to pursue his agenda without building support inside his own administration and on Capitol Hill, he will lose.  The result is all of this may backfire on the Russians and Putin.  Instead of bloodying Hillary, Putin’s nose may be bleeding as Russia faces a militarily stronger United States with an energy surplus and a president increasingly frustrated but determined to find a “success.”

Former CIA Director John Brennan has given an interview in which he made three points about the Russians and President Donald Trump. In reverse order: 

  • Mr. Trump is a very selective consumer of U.S. intelligence and rejects what he does not like or support. This creates problems within the U.S. intelligence establishment and, to some degree undermines the CIA’s credibility abroad. 
  • Regarding cyber operations to respond to Russian attacks on the U.S. electoral system, he noted that it was important in the Obama administration to avoid a cycle of actions and retaliation that in the end would just be disruptive. 
  • Russia’s intention in attacking Hillary Clinton’s campaign, in Brennan’s view, was to bloody Mrs. Clinton before she was elected in the hope of making her a weaker President.  Though unstated, it appears that Director Brennan, who says the Russian operation was directly ordered by Vladimir Putin, believes that Putin regarded Trump as much less of a threat to Russian interests than Mrs. Clinton.

It is a rather odd conclusion, but one that has merit nonetheless. It is odd because unlike Mrs. Clinton, Donald Trump favored a very strong U.S. military and significant increases in U.S. defense spending. That was not a position of Mrs. Clinton or of the Obama administration, though she claimed she wanted to do more than Obama. Why is it, then, that Putin would favor a president leading a reinvigorated U.S. military?

The answer may lie with Russia’s perception of its own standing vis a vis the United States. From the Russian point of view, the United States could defeat Russia just by spending more and by using its industrial might to turn out ever more sophisticated weapons. While Russia has clearly modernized its military and its weapons, it is a long way from being able to deploy any significant number of weapons systems, especially front-line aircraft (such as the stealthy Su-35), and land forces, including its new tank (the T-14 Armata), which would be important if the Russians had any military ambitions in Europe.

Putin could and has, therefore, put on a pretty good show in Syria against an enemy with little ability to stop the Russian air force. But outside of that, despite shows of bravado, Russia’s military is not in good shape. From this point of view, Trump’s investment in the U.S. military really doesn’t change anything much for a Russia that sees itself already unable to take on the U.S. militarily.

Hillary Clinton, on the other hand, was seen as a political hardliner and troublemaker, especially regarding Russian operations in Ukraine. The Russians would believe that when she was president her team would include such people as Victoria Nuland, who was especially hostile to Russia and its Ukrainian operations.  Weakening Hillary as much as possible would have made sense to Russia.

On the economic level, Russia depends for its well-being on the sale of oil and gas, and other commodities in the world market. Oil prices have been low for some time, making it hard for the Russians to meet their budget requirements. And the Russians realize that the U.S. is the newest emerging oil and gas power in the world.  Fracking will make America a future major exporter of oil and natural gas (in the form of LNG). 

This goes back to the question of President Trump. It is clear that Mr. Trump has an agenda in his head regarding Russia, but there are serious doubts that he can do much with it under the current political circumstances.

The Trump agenda appears to start with the idea that Mr. Trump as a successful businessman, which the President attributes largely to his negotiating skills, can find a modus vivendi on many bilateral U.S.-Russia issues including Syria, cyber issues, and Ukraine. Already he has begun to change things regarding CIA support for opposition groups in Syria, and Russia and the United States are working on some sort of cooperative alliance on cyber security.  It is just as likely that the Ukrainian issue is also within their discussions and – to venture a guess – it is some sort of lease deal for the Crimea and a settlement of the insurgency in east Ukraine that may well be under active discussion.

Mr. Trump’s problem is that he is a very weak president, torn by internal dissension including from his National Security Advisor and his Defense Secretary, and without any real Congressional support.  Any deal with the Russians could cause a furor and expose Mr. Trump to public humiliation over his efforts at negotiation with an international rival, particularly if the deal was on Ukraine.  Therefore, Trump is walking on grenades, any one of which can explode at any time.

The surprise for the Russians is that Mr. Trump won the election. In an effort to demonstrate his skill in foreign affairs, Trump is now working to reorder America’s policy in various ways, particularly as regards the Russians. But if he continues to pursue his agenda without building support inside his own administration and on Capitol Hill, he will lose.  The result is all of this may backfire on the Russians and Putin.  Instead of bloodying Hillary, Putin’s nose may be bleeding as Russia faces a militarily stronger United States with an energy surplus and a president increasingly frustrated but determined to find a “success.”



Source link

Is Syria Wagging the Russian Dog?


The U.S. has shot down a Syrian Su-22 near Ja’Din and close to the strategic dam at Al Tabqa.  The Sukhoi 22M series, the model in the Syrian inventory, is an old and relatively slow aircraft primarily used for bombing targets.  First produced in 1970, the Russians improved the model over the twenty years it was manufactured (until 1990).  It is entirely noncompetitive against top U.S. jet fighters including the F-18 that shot down the Syrian Sukhoi.

It is unlikely the Syrian pilot had any warning before being shot out of the sky.  Indeed, the warning issue is what is at the heart of the dispute between Russia and the United States, and it may tell us more than the Russians would like us to know about their unstable relationship with Syria.

According to the Combined Joint Task Force official report, at around 4:30 P.M. Syria time, there was a Syrian attack on Ja’Din which was held by the Syrian Democratic Forces, or SDF. The SDF is “multi-ethnic and multi-religious alliance of Kurdish, Arab, Assyrian, Armenian, Turkmen and Circassian militias.”  The SDF took a number of casualties before Coalition aircraft chased the Syrians away.  Immediately on the heels of the Syrian attack, the U.S. made use of what is called the deconfliction hotline and called the Russians.  A little more than two hours later, another Su-22 was bombing in the same area and this is the plane that the U.S. shot down.  There was no further call to the hotline, and while not precisely stated it is nearly certain that the Su-22 was not warned in any way by the approaching F-18.  

The U.S. action is consistent with the agreements reached with the Russians.  However, the Russians are claiming the U.S. did not use the hotline.  Without saying so, they are likely treating the second incident as one that was separate from the first.  Of course, this is something of a reach on their part, but it is probably the only response the Russians could have given under the circumstances because the Syrians went ahead with another airstrike on their own after the deconfliction warning was initially given.

Why would the Syrians do this?  It boils down to an argument between the Russians and the Syrians over how to treat the Kurds.  Last year, the Russians sponsored a peace proposal for the Kurds that would have given them autonomy inside a new Syrian constitution that ultimately would have divided the country into cantons, keeping the appearance of central Syrian Alawite control but in reality changing the nature of the existing unitary state into something different and perhaps acceptable to all sides in the conflict.  Moscow flew in a delegation of experts from the Foreign Ministry and Defense Ministry to meet with the regime and Kurdish representatives.  It appears to have been Moscow’s view, which is largely President Putin’s idea, that this solution would achieve a number of important goals: move the peace process forward and separate the Syrian Kurds from the Americans.  Apparently, the Russians failed to do their homework, for while the Syrian Kurds appeared to be onboard, the Assad regime was contemptuously against the deal and rejected it out of hand, the result being the Moscow delegation was sent home emptyhanded or worse.  The current Syrian regime attack on the Kurds near Ja’Din should be seen exactly in this context. 

Assad does not want to be pushed into any deal by his sponsors.  Neither do the Iranians or Hizb’allah.  But the Russians have repeatedly signaled that they want the Syrian problem resolved.  The reasons for this are not hard to see.  The Russians, even though their arms sales have spiraled up thanks to their successful show of force in Syria, are bleeding money.  They can ill afford to stay in Syria for very long.  Furthermore, there are Russian casualties and this information, though suppressed has a way of getting around in Russia and undermines Putin’s popularity.  There is also the risk of a big confrontation with the United States, something the Russians really want to avoid; and an equal risk that if the Russians lose control there can be provocations by Iran and Hizb’allah plus Syria against Israel that will trigger a general war that would wipe out the Syrian regime.  That would be a terrible defeat for the Russians.

This is very tricky waters for the United States too.  A big confrontation with the Russians is a very bad idea with unforeseeable and dangerous consequences.  The U.S. interest in Syria is not at all strategic; ISIS, as much as it is a threat to stability in some countries, doesn’t amount to much and in any case is slowly being defeated.  Indeed, with far less military commitment, the U.S. is objectively doing far better against ISIS than against the Taliban in Afghanistan.  The best policy for the United States is to stay the current course and destroy ISIS.  At the same time, the U.S. is obliged to protect its allies, especially the Kurds (even strong-arming the Turks) and this is precisely the point of the shoot down this week.

For Putin, the shoot down of the Su-22 is a defeat, but not a defeat against the Americans.  It is a defeat handed to Putin by the Syrians who have boxed him in and made his hotline and his efforts to find a bridge to the Americans a failure so far.

Now Putin has to decide if he can do an end run on Assad.  It is too bad that the U.S. administration, under fire by the Congress over Russia, has its hands tied.

The U.S. has shot down a Syrian Su-22 near Ja’Din and close to the strategic dam at Al Tabqa.  The Sukhoi 22M series, the model in the Syrian inventory, is an old and relatively slow aircraft primarily used for bombing targets.  First produced in 1970, the Russians improved the model over the twenty years it was manufactured (until 1990).  It is entirely noncompetitive against top U.S. jet fighters including the F-18 that shot down the Syrian Sukhoi.

It is unlikely the Syrian pilot had any warning before being shot out of the sky.  Indeed, the warning issue is what is at the heart of the dispute between Russia and the United States, and it may tell us more than the Russians would like us to know about their unstable relationship with Syria.

According to the Combined Joint Task Force official report, at around 4:30 P.M. Syria time, there was a Syrian attack on Ja’Din which was held by the Syrian Democratic Forces, or SDF. The SDF is “multi-ethnic and multi-religious alliance of Kurdish, Arab, Assyrian, Armenian, Turkmen and Circassian militias.”  The SDF took a number of casualties before Coalition aircraft chased the Syrians away.  Immediately on the heels of the Syrian attack, the U.S. made use of what is called the deconfliction hotline and called the Russians.  A little more than two hours later, another Su-22 was bombing in the same area and this is the plane that the U.S. shot down.  There was no further call to the hotline, and while not precisely stated it is nearly certain that the Su-22 was not warned in any way by the approaching F-18.  

The U.S. action is consistent with the agreements reached with the Russians.  However, the Russians are claiming the U.S. did not use the hotline.  Without saying so, they are likely treating the second incident as one that was separate from the first.  Of course, this is something of a reach on their part, but it is probably the only response the Russians could have given under the circumstances because the Syrians went ahead with another airstrike on their own after the deconfliction warning was initially given.

Why would the Syrians do this?  It boils down to an argument between the Russians and the Syrians over how to treat the Kurds.  Last year, the Russians sponsored a peace proposal for the Kurds that would have given them autonomy inside a new Syrian constitution that ultimately would have divided the country into cantons, keeping the appearance of central Syrian Alawite control but in reality changing the nature of the existing unitary state into something different and perhaps acceptable to all sides in the conflict.  Moscow flew in a delegation of experts from the Foreign Ministry and Defense Ministry to meet with the regime and Kurdish representatives.  It appears to have been Moscow’s view, which is largely President Putin’s idea, that this solution would achieve a number of important goals: move the peace process forward and separate the Syrian Kurds from the Americans.  Apparently, the Russians failed to do their homework, for while the Syrian Kurds appeared to be onboard, the Assad regime was contemptuously against the deal and rejected it out of hand, the result being the Moscow delegation was sent home emptyhanded or worse.  The current Syrian regime attack on the Kurds near Ja’Din should be seen exactly in this context. 

Assad does not want to be pushed into any deal by his sponsors.  Neither do the Iranians or Hizb’allah.  But the Russians have repeatedly signaled that they want the Syrian problem resolved.  The reasons for this are not hard to see.  The Russians, even though their arms sales have spiraled up thanks to their successful show of force in Syria, are bleeding money.  They can ill afford to stay in Syria for very long.  Furthermore, there are Russian casualties and this information, though suppressed has a way of getting around in Russia and undermines Putin’s popularity.  There is also the risk of a big confrontation with the United States, something the Russians really want to avoid; and an equal risk that if the Russians lose control there can be provocations by Iran and Hizb’allah plus Syria against Israel that will trigger a general war that would wipe out the Syrian regime.  That would be a terrible defeat for the Russians.

This is very tricky waters for the United States too.  A big confrontation with the Russians is a very bad idea with unforeseeable and dangerous consequences.  The U.S. interest in Syria is not at all strategic; ISIS, as much as it is a threat to stability in some countries, doesn’t amount to much and in any case is slowly being defeated.  Indeed, with far less military commitment, the U.S. is objectively doing far better against ISIS than against the Taliban in Afghanistan.  The best policy for the United States is to stay the current course and destroy ISIS.  At the same time, the U.S. is obliged to protect its allies, especially the Kurds (even strong-arming the Turks) and this is precisely the point of the shoot down this week.

For Putin, the shoot down of the Su-22 is a defeat, but not a defeat against the Americans.  It is a defeat handed to Putin by the Syrians who have boxed him in and made his hotline and his efforts to find a bridge to the Americans a failure so far.

Now Putin has to decide if he can do an end run on Assad.  It is too bad that the U.S. administration, under fire by the Congress over Russia, has its hands tied.



Source link

Problems and Pitfalls in Self-Driving Cars


I love cars, but not as much as lawyers love cars, who especially must dream of loving the emerging class of self-driving cars.

Think about it. If you have an accident in a self-driving car, the fault is with the car company, not with any driver. This simple fact must be causing huge joy in Lawyerville. The prospect of filing against big car companies, dealerships, and insurance companies has to be an emerging profit center for lawyers and their clients.

Why do we need self-driving cars? People have been driving cards for 120 years or more, and yes, drivers make mistakes and have accidents. But accidents also happen because of some mechanical issues — for example a blown tire, bad brakes, locked steering, engine failure, transmission breakdown, electrical system failure, slippery roadway. Are self-driving cars going to be able to cope with mechanical breakdowns? No one knows yet. Think about software bugs and errors. And you can add to that the risk of your car being hacked. Cars won’t be any more secure than any other computer system; and all self-driving models will be Internet connected for a host of reasons. So sending them erroneous instructions should be a piece of cake for any hacker over eight years old, and that does not include the professional hackers, criminals or antagonistic governments and terrorists who want to cause chaos in America.

But still the question lingers — why do we need self-driving cars?

One argument for them is that a self-driving car means less wear and tear on drivers, especially emotional wear and tear. Will there be less road rage, anxiety attacks and exhaustion in a car that drives itself? The answer (to a degree) is a qualified “yes” if you, the driver, trust Emil, the self-driving software that is running your car trip. Is Emil up to snuff? Does Emil understand the threats popping up “out there” in the real world? Is Emil reliable? (I decided to call my future self-driving software Emil. You can substitute your favorite name for Emil.) Anyway, opinion polls show that people are afraid of self-driving cars.

Another argument is that self-driving cars will be safer because the software is programmed to be safe. People run red lights, jump stop signs, make illegal U-turns, don’t always stop for pedestrians, and drive in lanes where they are prohibited. Thus, a smart self-driving car will not commit any of these sins and offenses, so making driving far safer.

I believe the argument for safety has some merit, but these features could be incorporated in cars that otherwise need to be driven by people, not machines. For example, software that “sees” a red light through sensors will prevent a car from advancing through the red signal zone. And there already is software that will apply your brakes if there is an obstacle, including people, in the roadway. These safety systems, and more that will come on the scene in future, are a great technology application for two reasons: they prevent accidents and they educate drivers properly on safety procedures and safe driving.

Improvements can always be made for safety systems. Some new cars are equipped with blind spot monitors, usually installed in the side mirrors. These are really sophisticated sensors that see where the driver cannot. Right now most of them blink a warning in the mirror which, if the driver looks and reacts, can help prevent an accident. But suppose the blind spot detector is improved so you can’t steer into a car in your blind spot. That would be adding a form of autonomous security that would be a step forward and entirely within reach, since all the technology components already exist and are inexpensive. (Incidentally, the special sensors in blind spot monitors were, and maybe still are, controlled if used in military equipment under the U.S. munition’s laws known as the ITAR. Here’s a military version of a blind spot monitor.)

Another argument for self-driving cars is that cars can automatically be rerouted to a destination if there are impediments such as construction, accidents, or congestion. Many GPS devices already have this feature, and WAZE which is a community-based traffic and navigation application for smartphones can give drivers nearly real-time advice. WAZE and WAZElike applications can be integrated into self-driving systems where the choice is up to the self-driving system and not the driver. But is this a good idea? It is hard to say with certainty, but one thing that has been clearly learned is that WAZE and other GPS traffic monitoring systems can be spoofed. This means false information can redirect traffic, or cause major problems on roadways. Spoofing can fool humans too. Irate homeowners in Los Angeles spoofed WAZE to move traffic away from their neighborhoods.

Shir Yadid and Meital Ben-Sinai, “fourth-year students at Technion-Israel Institute of Technology, hacked the incredibly popular WAZE GPS map, an Israeli-made smartphone app that provides directions and alerts drivers to traffic and accidents. The students created a virtual traffic jam to show how malicious hackers might create a real one.” Even the police, angry over WAZE-users fingering hidden police cars to avoid speeding tickets have spoofed WAZE with phony sightings of police cruisers. So while a WAZE-type solution may be handy, it has definite pitfalls. In an automated system, the driver might find himself directed to drive into a river or onto a one-way highway.

For some time, there has been an argument that traffic on highly congested roadways can be eased, or at least smoothed out, if car speeds and distances between vehicles can be managed. Some highways today have sequencing lights at roadway entrances designed to space out cars before they enter roadways. But if the roads are really tightly jammed, these systems have little value and just agitate people even more.

The idea of sequencing on the roadways is based on the often-observed phenomena that congestion happens in “waves” and that once you break out of a wave there is “blue sky” ahead. Most of us have noticed this, forced to slow down on a 65-mph highway to a crawl, then spending ten minutes in stop start driving, and then all of a sudden everything opens up. There are no accidents to see, and no visible explanation for the tie-up. But it happens because drivers tend to squeeze their vehicles together in clumps where the next car back has to go slower, and these clumps start slowdowns. If you can de-clump the vehicles driving would be easier and faster without hitting the brakes.

Sequencing can best be done if all cars have sequencing systems which probably will need to be linked to high accuracy GPS monitoring capable of reading individual car speeds and anticipating clumping. For security reasons errors are introduced into the U.S. GPS service and, as a result in its present manifestation it is not accurate enough for vehicle sequencing. The European Galileo satellite system does have the needed accuracy (down to a few inches) thanks to a special passive hydrogen maser atomic clock, but Galileo is not a free system and it is not yet fully deployed.

Without active sequencing gaining traffic efficiencies from self-driving cars is unlikely to be achieved in the next decade or two. That does not mean that some of the derivative technology can’t be used in standard vehicles: even real-time advice on the right speed to maintain to avoid traffic jams would be a good step (provided that everyone had it and used it, which is an educational as well as a technological problem).

Would a self-driving car free up the former driver to do some work while driving? Perhaps if the former driver was not nervous and not constantly scanning the horizon. But it might also take away a great pleasure, listening to music or podcasts, which any driver can do now, and keeping an eye on the outside world. One of the amazing thing about today’s drivers is how they instinctively multitask, sometimes at the risk of their lives (as in texting or talking on cell phones). But there is good multitasking and bad. The good multitasking is for the driver’s mind to have free time to think and wonder. Will we lose that with self-driving cars? The jury is out.

I love cars, but not as much as lawyers love cars, who especially must dream of loving the emerging class of self-driving cars.

Think about it. If you have an accident in a self-driving car, the fault is with the car company, not with any driver. This simple fact must be causing huge joy in Lawyerville. The prospect of filing against big car companies, dealerships, and insurance companies has to be an emerging profit center for lawyers and their clients.

Why do we need self-driving cars? People have been driving cards for 120 years or more, and yes, drivers make mistakes and have accidents. But accidents also happen because of some mechanical issues — for example a blown tire, bad brakes, locked steering, engine failure, transmission breakdown, electrical system failure, slippery roadway. Are self-driving cars going to be able to cope with mechanical breakdowns? No one knows yet. Think about software bugs and errors. And you can add to that the risk of your car being hacked. Cars won’t be any more secure than any other computer system; and all self-driving models will be Internet connected for a host of reasons. So sending them erroneous instructions should be a piece of cake for any hacker over eight years old, and that does not include the professional hackers, criminals or antagonistic governments and terrorists who want to cause chaos in America.

But still the question lingers — why do we need self-driving cars?

One argument for them is that a self-driving car means less wear and tear on drivers, especially emotional wear and tear. Will there be less road rage, anxiety attacks and exhaustion in a car that drives itself? The answer (to a degree) is a qualified “yes” if you, the driver, trust Emil, the self-driving software that is running your car trip. Is Emil up to snuff? Does Emil understand the threats popping up “out there” in the real world? Is Emil reliable? (I decided to call my future self-driving software Emil. You can substitute your favorite name for Emil.) Anyway, opinion polls show that people are afraid of self-driving cars.

Another argument is that self-driving cars will be safer because the software is programmed to be safe. People run red lights, jump stop signs, make illegal U-turns, don’t always stop for pedestrians, and drive in lanes where they are prohibited. Thus, a smart self-driving car will not commit any of these sins and offenses, so making driving far safer.

I believe the argument for safety has some merit, but these features could be incorporated in cars that otherwise need to be driven by people, not machines. For example, software that “sees” a red light through sensors will prevent a car from advancing through the red signal zone. And there already is software that will apply your brakes if there is an obstacle, including people, in the roadway. These safety systems, and more that will come on the scene in future, are a great technology application for two reasons: they prevent accidents and they educate drivers properly on safety procedures and safe driving.

Improvements can always be made for safety systems. Some new cars are equipped with blind spot monitors, usually installed in the side mirrors. These are really sophisticated sensors that see where the driver cannot. Right now most of them blink a warning in the mirror which, if the driver looks and reacts, can help prevent an accident. But suppose the blind spot detector is improved so you can’t steer into a car in your blind spot. That would be adding a form of autonomous security that would be a step forward and entirely within reach, since all the technology components already exist and are inexpensive. (Incidentally, the special sensors in blind spot monitors were, and maybe still are, controlled if used in military equipment under the U.S. munition’s laws known as the ITAR. Here’s a military version of a blind spot monitor.)

Another argument for self-driving cars is that cars can automatically be rerouted to a destination if there are impediments such as construction, accidents, or congestion. Many GPS devices already have this feature, and WAZE which is a community-based traffic and navigation application for smartphones can give drivers nearly real-time advice. WAZE and WAZElike applications can be integrated into self-driving systems where the choice is up to the self-driving system and not the driver. But is this a good idea? It is hard to say with certainty, but one thing that has been clearly learned is that WAZE and other GPS traffic monitoring systems can be spoofed. This means false information can redirect traffic, or cause major problems on roadways. Spoofing can fool humans too. Irate homeowners in Los Angeles spoofed WAZE to move traffic away from their neighborhoods.

Shir Yadid and Meital Ben-Sinai, “fourth-year students at Technion-Israel Institute of Technology, hacked the incredibly popular WAZE GPS map, an Israeli-made smartphone app that provides directions and alerts drivers to traffic and accidents. The students created a virtual traffic jam to show how malicious hackers might create a real one.” Even the police, angry over WAZE-users fingering hidden police cars to avoid speeding tickets have spoofed WAZE with phony sightings of police cruisers. So while a WAZE-type solution may be handy, it has definite pitfalls. In an automated system, the driver might find himself directed to drive into a river or onto a one-way highway.

For some time, there has been an argument that traffic on highly congested roadways can be eased, or at least smoothed out, if car speeds and distances between vehicles can be managed. Some highways today have sequencing lights at roadway entrances designed to space out cars before they enter roadways. But if the roads are really tightly jammed, these systems have little value and just agitate people even more.

The idea of sequencing on the roadways is based on the often-observed phenomena that congestion happens in “waves” and that once you break out of a wave there is “blue sky” ahead. Most of us have noticed this, forced to slow down on a 65-mph highway to a crawl, then spending ten minutes in stop start driving, and then all of a sudden everything opens up. There are no accidents to see, and no visible explanation for the tie-up. But it happens because drivers tend to squeeze their vehicles together in clumps where the next car back has to go slower, and these clumps start slowdowns. If you can de-clump the vehicles driving would be easier and faster without hitting the brakes.

Sequencing can best be done if all cars have sequencing systems which probably will need to be linked to high accuracy GPS monitoring capable of reading individual car speeds and anticipating clumping. For security reasons errors are introduced into the U.S. GPS service and, as a result in its present manifestation it is not accurate enough for vehicle sequencing. The European Galileo satellite system does have the needed accuracy (down to a few inches) thanks to a special passive hydrogen maser atomic clock, but Galileo is not a free system and it is not yet fully deployed.

Without active sequencing gaining traffic efficiencies from self-driving cars is unlikely to be achieved in the next decade or two. That does not mean that some of the derivative technology can’t be used in standard vehicles: even real-time advice on the right speed to maintain to avoid traffic jams would be a good step (provided that everyone had it and used it, which is an educational as well as a technological problem).

Would a self-driving car free up the former driver to do some work while driving? Perhaps if the former driver was not nervous and not constantly scanning the horizon. But it might also take away a great pleasure, listening to music or podcasts, which any driver can do now, and keeping an eye on the outside world. One of the amazing thing about today’s drivers is how they instinctively multitask, sometimes at the risk of their lives (as in texting or talking on cell phones). But there is good multitasking and bad. The good multitasking is for the driver’s mind to have free time to think and wonder. Will we lose that with self-driving cars? The jury is out.



Source link

at-painter-og-image.png

The Fallout from WannaCry


There was a joke going around thirty years ago, a not very good joke but like any two-edged sword it cut either way, that said that Israel was a “one disk” country. The meaning was that everyone copied stuff from their friends and didn’t pay for it.

At that time there was not much worry about computers or security, there were no smartphones (the Blackberry was just emerging), and the Internet was there but not the gargantuan edifice it is today.  

But copying at that time was mostly a problem for the music industry, and as computer processors, storage and memory improved, it also became a worry for film producers who feared losing revenue.  But still we were in early days.

Today much of the fraud in the computer business is illegally copied software. Big American companies, and probably big companies in Europe and some in Asia, are careful to use only licensed software because of the fear they might get caught pirating software from commercial vendors. But smaller companies are less inclined to worry about such things and, in some countries, stealing commercial software is quite common, even for major industries including banking.

That is why it is so interesting that Russia and China experienced a large number of ransomware attacks recently, part of the WannaCry exploit. In Russia, there are a large number of users (including probably some in government agencies) who use pirated software. One of the problems of pirated software is that you cannot easily keep the software up to date. That’s because in most cases to do so requires that you go with your registered and authenticated copy to the software manufacturer for updates. If yours is illegal, you don’t do that, or perhaps you try to figure out what the patch or update is, and install it yourself. By and large this left computers in Russia heavily exposed to the ransomware attack, which angered Vladimir Putin who, partly correctly, blamed NSA in the United States for his troubles.

It is not just Russia, of course. There are four reasons why WannaCry became such a threat. These are:

  1. The underlying exploit was developed by the NSA and WannaCry was built on top of the NSA spyware. For some time NSA most likely used the exploit for spying or other special cyber-activist operations. At this point, all was secret.  But after Snowden, the NSA should have realized that many of their treasured software spyware systems were exposed. They should have quietly got the vendors such as Microsoft to build patches. But they delayed some seven or eight months, leaving the door open to hacker threats.  
  2. Microsoft indeed did work out a patch, but did not update older software, especially Windows XT which runs on many servers worldwide. It is quite true that Microsoft had told its customers a year or two ago they would no longer support Windows XT. But the meaning of this for consumers was they would have to go out and buy an upgraded version of Windows and, perhaps, also have to upgrade all their other software, especially custom software they built around XT. So they didn’t. Microsoft could have, alternatively, charged for patching XT as a way to compensate for lost revenues in continuing to support XT, but perhaps they were not interested in that business model. In any case, XT users were left in the lurch.
  3. While patches were available, one of the continuing problems facing computer users is keeping them up to date. Unfortunately, when you buy a computer operating system or any other software program, you think it is built to stand up to security threats. But the opposite is true. Not only is most software likely to be full of holes just off the shelf, but the problems rapidly multiply as hackers probe for hidden vulnerabilities. In software, there is no real warranty: even the support a vendor gives to his software is highly voluntary. Just read the lawyer’s statement stuck in the software box with so many disclaimers that the bottom line is you are on your own. To add to the problem, IT staffs are not always so diligent in maintaining systems, since much of their time is spent fixing bugs on workstations and crashes on the server.  Unlike desktop or laptop machines that can benefit from automatic updates (if the user opts to allow them), servers generally have to be shut down for patches to be applied, disrupting workflow. Thus, computer work often goes on when the rest of the organization is shut down, provided of course that it gets done at all. To all this one can add that even automated updates pose security problems, especially for government but also for industry too. Essentially you invite the software vendor into your machine in an entirely laissez faire manner: what happens next you don’t know, but tons of information could potentially be lifted from your server. This alone makes automatic updating very dangerous.
  4. Finally, there is a lot of software running on machines that wasn’t exactly paid for. It could be, though it is by no means certain, that the WannaCry ransomware has the biggest impact outside the United States (where resort to pirated software seems to have diminished). It would be interesting to be able to prove this point (I cannot). But one suspects that, like Russia and China, WannaCry exposed many not-so-legal implementations even in good-sized businesses and organizations around the world.

So what are the lessons (if any)? I suggest the following:

  1. NSA and other government agencies proactively using cyber intrusions for national security reasons must put in place rules to better protect against discovery of their operations, including how to mitigate any threat resulting from their operations, especially to the critical infrastructure. Clearly, NSA was laggard and mindless in protecting the public at large and, even worse, leaving the nation exposed to real danger. They can and must do better in future.
  2. Because software is not designed for security — at best it is an afterthought — the vulnerabilities and risks pile up, and while vendors may try to fix things as they go along, in many cases they are late to the party. For critical infrastructure applications this is a risk too far. As I have been advocating, the time has come for the U.S. government to sponsor a form of classified operating system and user software suites built from the ground up for security and available only to critical infrastructure operators. Doing this is well within the reach of technology, but it requires leadership. Because Washington almost always bows in the direction of the big software and hardware companies, progress has so far been retarded, or there has been no progress whatever. WannaCry demonstrates that Washington has been disregarding all the warning signs and has merrily spent billions on security that does not work, trying to retain the use of commercial off-the-shelf software that is a security nightmare. If it is not changed soon, Washington could leave our entire governmental, banking, communications, food supply, and military systems at risk of attack and instant meltdown. If you are looking for a cyber Pearl Harbor, here it is.

International enforcement regarding cyber intrusions is weak and in many cases nonexistent. Probably no one will catch the WannaCry cyberthugs, not because they don’t want to, but because they are protected by interests that are bigger than the hacker’s themselves. In the case of WannaCry the betting is on North Korea as the ultimate culprit. So what can you do? One could certainly proactively hit the North Koreans with a MOACA (Mother of All Cyber Attacks), but we won’t. That is because Washington isn’t so interested, except to complain, and our allies are worse. If the Russians got mad at the North Koreans instead of the NSA, maybe something would happen to “discourage” the North Koreans from these reckless attacks. But that also did not happen.  Most analysts have felt, for some time now that there is, as yet, no punishment that fits the crime (to crib indecently from Gilbert and Sullivan). Considerable work needs to be done so we can strike back at the perpetrators and their sponsors and do so in real time.

There was a joke going around thirty years ago, a not very good joke but like any two-edged sword it cut either way, that said that Israel was a “one disk” country. The meaning was that everyone copied stuff from their friends and didn’t pay for it.

At that time there was not much worry about computers or security, there were no smartphones (the Blackberry was just emerging), and the Internet was there but not the gargantuan edifice it is today.  

But copying at that time was mostly a problem for the music industry, and as computer processors, storage and memory improved, it also became a worry for film producers who feared losing revenue.  But still we were in early days.

Today much of the fraud in the computer business is illegally copied software. Big American companies, and probably big companies in Europe and some in Asia, are careful to use only licensed software because of the fear they might get caught pirating software from commercial vendors. But smaller companies are less inclined to worry about such things and, in some countries, stealing commercial software is quite common, even for major industries including banking.

That is why it is so interesting that Russia and China experienced a large number of ransomware attacks recently, part of the WannaCry exploit. In Russia, there are a large number of users (including probably some in government agencies) who use pirated software. One of the problems of pirated software is that you cannot easily keep the software up to date. That’s because in most cases to do so requires that you go with your registered and authenticated copy to the software manufacturer for updates. If yours is illegal, you don’t do that, or perhaps you try to figure out what the patch or update is, and install it yourself. By and large this left computers in Russia heavily exposed to the ransomware attack, which angered Vladimir Putin who, partly correctly, blamed NSA in the United States for his troubles.

It is not just Russia, of course. There are four reasons why WannaCry became such a threat. These are:

  1. The underlying exploit was developed by the NSA and WannaCry was built on top of the NSA spyware. For some time NSA most likely used the exploit for spying or other special cyber-activist operations. At this point, all was secret.  But after Snowden, the NSA should have realized that many of their treasured software spyware systems were exposed. They should have quietly got the vendors such as Microsoft to build patches. But they delayed some seven or eight months, leaving the door open to hacker threats.  
  2. Microsoft indeed did work out a patch, but did not update older software, especially Windows XT which runs on many servers worldwide. It is quite true that Microsoft had told its customers a year or two ago they would no longer support Windows XT. But the meaning of this for consumers was they would have to go out and buy an upgraded version of Windows and, perhaps, also have to upgrade all their other software, especially custom software they built around XT. So they didn’t. Microsoft could have, alternatively, charged for patching XT as a way to compensate for lost revenues in continuing to support XT, but perhaps they were not interested in that business model. In any case, XT users were left in the lurch.
  3. While patches were available, one of the continuing problems facing computer users is keeping them up to date. Unfortunately, when you buy a computer operating system or any other software program, you think it is built to stand up to security threats. But the opposite is true. Not only is most software likely to be full of holes just off the shelf, but the problems rapidly multiply as hackers probe for hidden vulnerabilities. In software, there is no real warranty: even the support a vendor gives to his software is highly voluntary. Just read the lawyer’s statement stuck in the software box with so many disclaimers that the bottom line is you are on your own. To add to the problem, IT staffs are not always so diligent in maintaining systems, since much of their time is spent fixing bugs on workstations and crashes on the server.  Unlike desktop or laptop machines that can benefit from automatic updates (if the user opts to allow them), servers generally have to be shut down for patches to be applied, disrupting workflow. Thus, computer work often goes on when the rest of the organization is shut down, provided of course that it gets done at all. To all this one can add that even automated updates pose security problems, especially for government but also for industry too. Essentially you invite the software vendor into your machine in an entirely laissez faire manner: what happens next you don’t know, but tons of information could potentially be lifted from your server. This alone makes automatic updating very dangerous.
  4. Finally, there is a lot of software running on machines that wasn’t exactly paid for. It could be, though it is by no means certain, that the WannaCry ransomware has the biggest impact outside the United States (where resort to pirated software seems to have diminished). It would be interesting to be able to prove this point (I cannot). But one suspects that, like Russia and China, WannaCry exposed many not-so-legal implementations even in good-sized businesses and organizations around the world.

So what are the lessons (if any)? I suggest the following:

  1. NSA and other government agencies proactively using cyber intrusions for national security reasons must put in place rules to better protect against discovery of their operations, including how to mitigate any threat resulting from their operations, especially to the critical infrastructure. Clearly, NSA was laggard and mindless in protecting the public at large and, even worse, leaving the nation exposed to real danger. They can and must do better in future.
  2. Because software is not designed for security — at best it is an afterthought — the vulnerabilities and risks pile up, and while vendors may try to fix things as they go along, in many cases they are late to the party. For critical infrastructure applications this is a risk too far. As I have been advocating, the time has come for the U.S. government to sponsor a form of classified operating system and user software suites built from the ground up for security and available only to critical infrastructure operators. Doing this is well within the reach of technology, but it requires leadership. Because Washington almost always bows in the direction of the big software and hardware companies, progress has so far been retarded, or there has been no progress whatever. WannaCry demonstrates that Washington has been disregarding all the warning signs and has merrily spent billions on security that does not work, trying to retain the use of commercial off-the-shelf software that is a security nightmare. If it is not changed soon, Washington could leave our entire governmental, banking, communications, food supply, and military systems at risk of attack and instant meltdown. If you are looking for a cyber Pearl Harbor, here it is.

International enforcement regarding cyber intrusions is weak and in many cases nonexistent. Probably no one will catch the WannaCry cyberthugs, not because they don’t want to, but because they are protected by interests that are bigger than the hacker’s themselves. In the case of WannaCry the betting is on North Korea as the ultimate culprit. So what can you do? One could certainly proactively hit the North Koreans with a MOACA (Mother of All Cyber Attacks), but we won’t. That is because Washington isn’t so interested, except to complain, and our allies are worse. If the Russians got mad at the North Koreans instead of the NSA, maybe something would happen to “discourage” the North Koreans from these reckless attacks. But that also did not happen.  Most analysts have felt, for some time now that there is, as yet, no punishment that fits the crime (to crib indecently from Gilbert and Sullivan). Considerable work needs to be done so we can strike back at the perpetrators and their sponsors and do so in real time.



Source link

The US Government Again Fails to Protect Sensitive Personal Information


Once again the U.S. government has failed to protect sensitive personal information, this time highly sensitive information on 4,000 Air Force officers. This information, contained in extensive 127-page individual security questionnaires known as SF-86 were found on a backup hard drive that was neither password protected or encrypted. In addition, extensive information on high-profile visitors to sites in Afghanistan was also on the same drive along with gigabytes of Outlook emails whose content has yet to be assessed.

This follows a number of other similar cases, the most notorious was the highly successful penetration of SF-86 files and other data held by the Office of Personnel Management (OPM) in June, 2015. In that case, 21.5 million American’s personal data was compromised, again involving the SF-86 security questionnaire. On top of that, 5.6 million fingerprints were also stolen. In applying for a security clearance, the government collects fingerprint data and photos.

Full disclosure: my personal data was also compromised in the OPM hack and I received an OPM letter and some worthless “free for a year” coverage of my personal data going forward.

Does the government have any responsibility to protect sensitive information?

Apparently, anyone who believes that the government has this responsibility is sadly misguided. Not only does the government not protect personal information, it hands it around to other agencies routinely and gives it to private contractors for “processing.”

Like your passport! You go to a passport office, fill out all the information, provide a birth certificate and all the requisite contact information, and you give the passport office photos, one of which will wind up embossed into your passport. Then the Passport Office sends all that (how, by mail?) to a private contractor to “process.” Who has access to it is anyone’s guess. The information is not classified and therefore is not formally protected in any manner.

The same holds true for your tax return, which you send in to the IRS. nowadays electronically. Maybe it is semi-encrypted when you electronically transmit the form, or your accountant does it for you, but when it arrives at the IRS it is stored as an ordinary file with no protection.

The SF-86 form is an especially pernicious example because it contains a vast amount of information, everything from every place you may have worked, who your friends and colleagues are, to your business involvements and who your family members and relatives may be. All of this provides hugely valuable information to potential adversaries who may be nation-states, but who also could be terrorist organizations.

We are now approaching two years since the OPM hack. What has Congress done? The answer is, absolutely nothing. What has been done by the executive branch to protect information? Once again the answer is absolutely nothing. Zero. Nada. Niente. etc.

What is wrong here? Why the inaction?

Part of the answer must be that the government really could care less about protecting personal information. A government that anyway is routinely spying on its constituents, without warrants and often without any discernable cause, or with half-baked suspicions that mostly fail to pan out, is not likely to consider that it has a sacred trust to protect its citizens. The lack of care shows.

It is a very bad and dangerous habit to disregard the security of a country’s citizens.

Then there is a fairly modern but nonetheless pernicious and stupid legal framework that begs to be changed. It was somewhat modified to account for the seeming sanctity of medical information — thus we have the Health Insurance Portability and Accountability Act of 1996, familiarly known as HIPAA. HIPAA provides for some important privacy standards, but it does not provide for encryption, only for access controls. But otherwise most data, like that in the SF-86, is not protected, just as the latest Air Force case makes clear.

The problem arises because personal information is not classified information. Government separates everything into two boxes: classified and not classified. And while it has recognized in recent years that some information is “sensitive but not classified,” such as technical information or law enforcement data, that recognition does not extend to protecting the “sensitive” information in the same way classified information is protected. Above all, the use of encryption is not allowed because only classified information is supposed to be encrypted, and the encryption methodology closely regulated by the National Security Agency (NSA) which also generously holds the keys to decryption.

The two-box approach to security is inherently flawed and dangerous, but it persists because that is the way it has been done during and since World War II. But as anyone who tells its Alexa to wake him or her each morning, who taps out text messages on his or her smartphone, or who talks to his Smart TV knows, the world has changed dramatically. Today you don’t need a spy to filch papers from a government office: the government office is at your fingertips anywhere in the world.  The only thing standing in front of us and preventing total ruin is that the plethora of data must give the world’s data thieves nightmares of inadequacy.

Isn’t it time to demand radical change in how our government protects our private, sensitive, personal information and thus help to safeguard our security and survival? Shame on the executive branch and the Congress for failing to do the right thing, and shame on ourselves from tolerating this dangerous nonsense.

Once again the U.S. government has failed to protect sensitive personal information, this time highly sensitive information on 4,000 Air Force officers. This information, contained in extensive 127-page individual security questionnaires known as SF-86 were found on a backup hard drive that was neither password protected or encrypted. In addition, extensive information on high-profile visitors to sites in Afghanistan was also on the same drive along with gigabytes of Outlook emails whose content has yet to be assessed.

This follows a number of other similar cases, the most notorious was the highly successful penetration of SF-86 files and other data held by the Office of Personnel Management (OPM) in June, 2015. In that case, 21.5 million American’s personal data was compromised, again involving the SF-86 security questionnaire. On top of that, 5.6 million fingerprints were also stolen. In applying for a security clearance, the government collects fingerprint data and photos.

Full disclosure: my personal data was also compromised in the OPM hack and I received an OPM letter and some worthless “free for a year” coverage of my personal data going forward.

Does the government have any responsibility to protect sensitive information?

Apparently, anyone who believes that the government has this responsibility is sadly misguided. Not only does the government not protect personal information, it hands it around to other agencies routinely and gives it to private contractors for “processing.”

Like your passport! You go to a passport office, fill out all the information, provide a birth certificate and all the requisite contact information, and you give the passport office photos, one of which will wind up embossed into your passport. Then the Passport Office sends all that (how, by mail?) to a private contractor to “process.” Who has access to it is anyone’s guess. The information is not classified and therefore is not formally protected in any manner.

The same holds true for your tax return, which you send in to the IRS. nowadays electronically. Maybe it is semi-encrypted when you electronically transmit the form, or your accountant does it for you, but when it arrives at the IRS it is stored as an ordinary file with no protection.

The SF-86 form is an especially pernicious example because it contains a vast amount of information, everything from every place you may have worked, who your friends and colleagues are, to your business involvements and who your family members and relatives may be. All of this provides hugely valuable information to potential adversaries who may be nation-states, but who also could be terrorist organizations.

We are now approaching two years since the OPM hack. What has Congress done? The answer is, absolutely nothing. What has been done by the executive branch to protect information? Once again the answer is absolutely nothing. Zero. Nada. Niente. etc.

What is wrong here? Why the inaction?

Part of the answer must be that the government really could care less about protecting personal information. A government that anyway is routinely spying on its constituents, without warrants and often without any discernable cause, or with half-baked suspicions that mostly fail to pan out, is not likely to consider that it has a sacred trust to protect its citizens. The lack of care shows.

It is a very bad and dangerous habit to disregard the security of a country’s citizens.

Then there is a fairly modern but nonetheless pernicious and stupid legal framework that begs to be changed. It was somewhat modified to account for the seeming sanctity of medical information — thus we have the Health Insurance Portability and Accountability Act of 1996, familiarly known as HIPAA. HIPAA provides for some important privacy standards, but it does not provide for encryption, only for access controls. But otherwise most data, like that in the SF-86, is not protected, just as the latest Air Force case makes clear.

The problem arises because personal information is not classified information. Government separates everything into two boxes: classified and not classified. And while it has recognized in recent years that some information is “sensitive but not classified,” such as technical information or law enforcement data, that recognition does not extend to protecting the “sensitive” information in the same way classified information is protected. Above all, the use of encryption is not allowed because only classified information is supposed to be encrypted, and the encryption methodology closely regulated by the National Security Agency (NSA) which also generously holds the keys to decryption.

The two-box approach to security is inherently flawed and dangerous, but it persists because that is the way it has been done during and since World War II. But as anyone who tells its Alexa to wake him or her each morning, who taps out text messages on his or her smartphone, or who talks to his Smart TV knows, the world has changed dramatically. Today you don’t need a spy to filch papers from a government office: the government office is at your fingertips anywhere in the world.  The only thing standing in front of us and preventing total ruin is that the plethora of data must give the world’s data thieves nightmares of inadequacy.

Isn’t it time to demand radical change in how our government protects our private, sensitive, personal information and thus help to safeguard our security and survival? Shame on the executive branch and the Congress for failing to do the right thing, and shame on ourselves from tolerating this dangerous nonsense.



Source link