Monday, July 25, 2022

Hacking the French Internet—With a Saw

 

In the early hours of Wednesday, April 27, some highly informed and determined individuals uncovered conduit boxes at three locations to the east, north, and south of Paris.  Inside these boxes were the inch-thick fiber cable bundles that make up the highest-density long-haul backbone of the Internet.  Probably using battery-powered saws, they cut each cable in two different places and ran off with the chunk in between, making the break much more difficult to repair.  Splicing fiber-optic cables is a delicate laboratory-style operation that has to be carried out with very specialized equipment, and the physical repairs to the cables occupied technicians for reportedly "several dozen hours."

 

In the meantime, ten different Internet services suffered various degrees of disruption before workarounds were figured out to bypass the cuts.   Individual users saw some problems:  loss of connections or slowed service.  But once the bypass routes were in operation, service returned to normal. 

 

This incident is of concern not so much for the actual damage it caused—hardly any for users and just some extra repair work for the Internet operators—as for what it says about the people who carried it out.  For one thing, they knew exactly where to go.  While some companies unwisely publish maps of their networks, most do not, and the public maps are scarcely at the level of detail needed to locate particular junction boxes in a street.  In mystery-story parlance, this vandalism was an inside job, perpetrated by people who knew exactly what they were doing and how to access the most critical part of the Internet infrastructure. 

 

For another thing, the attacks were coordinated at three points simultaneously.  This says at least three, and probably more, people were involved.  One wacko or disgruntled employee with a battery-powered Saws-All is one thing, but three cool knowledgeable operators is something else again.

 

Pardon my amateur sleuthing, but this doesn't sound like a one-and-done attack to me.  It looks more like a dress rehearsal for something bigger.  And the something bigger could be very big indeed.

 

One of the operational strengths of the Internet is its robustness in the face of failures in individual connecting cables.  Any network that conveys traffic like the Internet does will show this kind of robustness as long as there are few or no "isolated" nodes:  important terminals carrying a lot of traffic that have only one way of connecting to the network.  The original design of the ARPANET, the Internet's military predecessor, built in the ability to withstand considerable damage to individual connections and nodes with a war in mind.  This was in the late 1960s when the Cold War and the prospect of nuclear bombs taking out large chunks of infrastructure was a very real possibility.  So if you imagine a real net, like a fishing net, and judge its ability to hold fish, this ability will not be severely compromised if you take a pair of scissors and randomly snip a few strings here and there.

 

But if someone who knows what they're doing plans a careful attack intended to isolate a particular critical part of the network from the rest of it, the fishnet—or the Internet, for that matter—is not so invulnerable.  Depending on the age and history of certain important nodes, this sort of attack might or might not be that easy. 

 

In a place like New York City, where cable conduits have been in place since the late 1800s and myriads of permissions and keys and God knows what else has to be got through to gain access to cables, such a plan might be well-nigh impossible.  But what about some of these fairly new giant server farms in rural parts of Idaho, or wherever Google chooses to put them?  I'm sure they have physical security as well as the usual IT security measures in place.  But simply by the necessity of the case, most of the huge gobs of data that goes in and out of those places travels by fiber cable.  And somebody, somewhere, knows where all those cables are buried.  And not even Google can afford to have armed patrols of all their cable routes 24/7. 

 

Such an exploit would have to be coordinated in a way similar to the 9/11 attacks, with recruiting of traitorous insiders, rehearsals, and need-to-know coordination among the members of the conspiracy.  I will let any novelists among my readers take it from there, because the story could be a good one. 

 

The main question that remains unanswered by the investigation of the French incident, and which would have to be answered before we have to worry about anything like that in the U. S. or elsewhere, is:  why would anybody want to do such a thing?  Speculation in France has focused on "radical ecologists" who are simply protesting the existence of the Internet and want to cause symbolic trouble.  Thinking more along the lines of money, one could hardly hold a whole server farm for ransom without first carrying out one's threat, because announcing it in advance would instantly alert the intended victim to mount security measures to prevent the attack. 

 

Politically, there wouldn't be much percentage in knocking out, say, the internet service of a government-intensive place like Washington, unless you intended to mount a conventional-war attack at the same time.  And now we're getting into conspiracy-theory territory, a swamp I do not wish to penetrate. 

 

All I'm saying is that while such attacks on the physical structure of the Internet are possible, in the nature of things they do little practical harm.  And to cause a truly major disruption of service either to a specific geographical area or to a specific server farm (all of which have "mirror" or duplicate sites that could probably take up the slack without too much of a problem), the attackers would have to pursue a truly military-style and utterly secret plan that might be foiled by law enforcement anyway. 

 

So while it's bothersome that parts of the Internet can be foiled by something as simple as a circular saw, it doesn't look like you need to put this near the top of your worry list any time soon.

 

Sources:  Wired carried the story "The Unsolved Mystery Attack on Internet Cables in Paris," on July 22, 2022 at https://www.wired.com/story/france-paris-internet-cable-cuts-attack/. 

Monday, July 18, 2022

Road Taxes: A Drag on Electric Cars

 

As you probably know, most states rely on a tax on every gallon of gasoline sold for on-road use to pay for a good fraction of the expensive job of maintaining roads, bridges, and other transportation infrastructure.  The fraction varies from state to state, but a 2019 Consumer Reports study showed that about 28% of highway funding came from fuel taxes on average, 22% from registration fees, and the rest from a variety of sources such as tolls and bond funding.

 

I don't know when it occurred to me to wonder what will happen to this source of money when most of the cars on the road use electricity instead of gas, but probably not before it occurred to the state legislators, who have mostly decided to pursue a single remedy for this looming problem:  an annual fee specially assessed on every electric vehicle (EV). 

 

My own state of Texas has proposed charging up to $200 per car, and other states either plan to implement such a fee or already have done so.  While an annual fee is simple to administer, it loses a virtue that the gasoline tax had.  Under the old system, if you drove more, or drove a bigger vehicle, you paid more.

 

Beyond that, the same Consumer Reports study showed that the vast majority of proposed or existing EV fees were unfairly high, penalizing EV drivers compared to people who drive old-fashioned internal-combustion-engine (ICE) vehicles. 

 

The way the analysts figured this out was to calculate something they called a "maximum justifiable fee" for each state, which took into account the average vehicle miles traveled, the prevailing fuel economy standard, and the state's fuel tax rate.  This calculation essentially determined the average fuel tax drivers paid in that state, and assuming EV owners drive about as much as ICE owners, it's not fair to charge the EV owners more than the maximum justifiable fee.

 

Well, guess again.  Of the 28 states the report studied which had either a proposed or existing fee for EVs, only 8 wound up charging EV owners less than the maximum justifiable fee in a projected 2025 case study.  All the rest charged more, and three proposed fees (those in Missouri, Arizona, and Texas) that were more than twice the maximum justifiable amount. 

 

As of today, Texas is still mulling over the proposed fee, so at this point, all the EV drivers in Texas are freeloading on the gas-tax-paying majority.  But the legislatures won't let this go on indefinitely, and it's not clear how the situation will be resolved.

 

The federal government has recently muddied the waters further by making hundreds of millions of dollars available for EV infrastructure, mainly more charging stations.  While EV owners will be grateful for this boon, it throws a big monkey wrench in the economics of charging EVs, which is already skewed by such things as Tesla Motors' offer of free charging for the lifetime of some of its cars, although that policy appears to be fading into the sunset.

 

Nobody pays Exxon or Valero to build a new gas station, so if we're looking at fairness in the energy-supply area, the fossil-fuel people could call foul in the case of federally-subsidized charging stations.  So that makes the picture even more complicated.  If you own an electric vehicle, you may have received free electricity to charge it in the past, you may drive up to a government-subsidized charging station now or in the future, but you may get socked with an annual fee that makes you pay more for road maintenance than your ICE-driving friends.

 

The ethics of paying for public-use infrastructure such as roads, gas stations, and charging stations gets political pretty quickly.  But we can think of some extremes that almost everybody would say are wrong, regardless of their political persuasion.

 

It would not be fair, for example, to let EV drivers totally off the hook with regard to road maintenance, and simply increase the gasoline tax on those few retrograde ICE-driving troglodytes who insist on warming up the planet, until they simply quit in disgust—or bankruptcy.  I say it wouldn't be fair, but I can imagine that this squeeze-'em-dry solution might appeal to certain progressive sectors who would like to see all fossil fuel use cease tomorrow. 

 

On the other hand, if we make fairness the paramount issue, it would seem that those who use the roads more ought to pay more.  And those whose vehicles are harder on the highways should pay more than people who drive Mini Coopers or motorcycles.  Most new vehicles are equipped with wireless Internet connectivity, electronic odometers, and GPS sensors that can easily be made to calculate how many miles have been traveled and on what kinds of roads.  The technology exists to come up with some kind of road-use fee schedule that would truly proportion one's taxation to the actual amount of use one made of various state and city roads. 

 

From a libertarian point of view, this approach would have the virtue of extreme fairness.  The gas tax never was more than a rough-and-ready attempt to do this kind of proportioning at a time when more exact methods were unavailable.  Under this scheme, if you drove a certain weight of car on a certain road, you would pay the same amount whether it used electricity or gasoline.

 

The problem with this idea would be its unpredictability.  In effect, every road would now be a toll road, and the more you drove, the more you'd pay.  But if the maximum justifiable fee is less than $100 on average, most drivers might not even notice it, especially if it was paid once a year along with the registration fee.  Somebody would have to pay for the software, but software is cheap once it's written.

 

I don't know how this is all going to turn out, but fairness seems to have been neglected up to now, and I hope justice prevails, or at least gets a word in edgewise.

 

Sources:  The 2019 Consumer Reports analysis is available at https://www.atlasevhub.com/resource/rising-trend-of-punitive-fees-on-electric-vehicles-wont-dent-state-highway-funding-shortfalls-but-will-hurt-consumers/.  The information on Tesla's free-electricity offer is available at https://electrek.co/2021/07/21/how-to-tell-if-your-tesla-qualifies-for-free-supercharging/. 

Monday, July 11, 2022

Abortion and Data Privacy: New Cause for Concern

 

With the June 24 Dobbs decision overturning of Roe v. Wade and Casey, the U. S. Supreme Court withdrew the nationwide blockade against the intention of many states to ban abortion to a greater or lesser degree.  Depending on where you live, abortion may already be illegal or will shortly become so. 

 

Texas, where I live, is one of the more aggressive states, having effectively banned most abortions since last fall by authorizing private citizens to sue anyone who assists in an abortion.  To the best of my knowledge, the penalties for performing abortion focus mainly on the providers.  But any woman who wants an abortion now faces a new forest of legal complications, including the possibility that law enforcement agencies may obtain extremely private information such as data from period apps in building a case that an abortion was performed.

 

In a recent Vox online piece, Sara Morrison pointed out that although women concerned about keeping their possible pregnancy status private should probably get rid of their period apps, that is not the only way you can be spied on, although period-app companies have a rather poor record when it comes to data privacy anyway. 

 

Most media companies have a boilerplate clause as part of that agreement everybody pretends to read (and nobody does), which allows them to share information with legally constituted law enforcement agencies that have a reason to obtain it.  So even if a woman sent a private text message to her closest friend saying that she thought she was pregnant, and a state police investigation thought it was relevant in prosecuting an abortionist, they could legally obtain that message. 

 

The concept of privacy lies mostly in tatters these days for anyone who spends any amount of time online, which is pretty much everybody.  While the Fourth Amendment to the U. S. Constitution guarantees the right to be secure in one's "persons, houses, papers, and effects," it does allow searches (presumably including online ones) in cases where a crime is suspected and a warrant for the search can be justified. 

 

What is so different today from the circumstances in 1792, when the Bill of Rights was enacted, is that all of us leave electronic trails that are in legal gray areas in many cases.  Simply being on social media and using one's mobile phone creates gobs of data that clever analysts with adequate resources and access to commercial databases by means of search warrants can use to create an incredibly intimate portrait, including one's pregnancy status or attempts to obtain an abortion. 

 

Morrison says the ultimate solution is better data-privacy laws.  And she may be right.  The problem with this is that the entire economic basis of social media relies on the violation of the kind of privacy that data privacy laws would protect.  So unless the Big Tech giants figure out an entirely new revenue model, their heavy hands on the scale of justice will outweigh any desire on the part of the general public to be more private online.

 

This is not an easy column for me to write, because I am personally opposed to abortion.  At the same time, I realize that trying to enact (or revoke) a law that creates a situation which is hugely unpopular among a large segment of the public leads to situations in which law either loses respect or unduly harsh measures are used to enforce it.  Probably some of both will happen in the coming months as the nation readjusts to the new circumstances surrounding abortion.

 

Judging from the way Morrison wrote her article, she seemed to take the point of view of a woman who finds herself pregnant against her intention and wants to get an abortion, but lives in a state where abortion is now illegal.  What are the options?

 

Over half of current abortions are achieved by means of medication, which means the combination of mifepristone and misoprostol taken to induce a spontaneous abortion.  Many states are or will shortly take steps to make such medications illegal for use in abortion, and the natural first thought of many—to order them online—leaves one open to surveillance as explained above.

 

The next option would be to travel out of state to a place where abortions are still performed.  But in a state like Texas, even helping someone with travel arrangements could be grounds for a lawsuit—remote grounds, maybe, but who wants to do something that leaves their friends liable to be sued?  And everyone's whereabouts are being tracked 24/7, or at least the whereabouts of your phone, unless  you turn it off.  So as things stand, there are really not many places to hide.

 

Far from solving the problem, the Dobbs decision has brought abortion into the spotlight of public consciousness and debate in a way that perhaps hasn't been equaled since the original 1973 decision that legalized it by judicial fiat nationwide.  The real problem, the one that lies deeper than online privacy, or legal decisions or codes, is a cultural one.

 

We live in a hypocritical culture which both promises untrammeled freedom, and withholds from nearly everyone the means to realize that freedom, which is illusory in any case.  The culture has convinced millions of women that pregnancy and childbirth is simply not an option compared to all the other treasures of the world, and if a woman becomes a mother without meaning to, she must correct the error even if it means the death of an innocent being. 

 

This is a serious distortion of how the world is, and correcting it is going to take more than the passage or revocation of a few laws or judicial rulings.  But if Dobbs and its fallout get us to thinking about these things, there is at least hope that the truth will eventually emerge.  And it is only the truth that makes people truly free.

 

Sources:  Sara Morrison's "Should I delete my period app? And other post-Roe privacy questions" appeared on Vox at https://www.vox.com/recode/2022/7/6/23196809/period-apps-roe-dobbs-data-privacy-abortion.  I also referred to a list of what many of the states are doing about abortion laws at https://apnews.com/article/supreme-court-abortion-ruling-states-a767801145ad01617100e57410a0a21d.

Monday, July 04, 2022

Crouch's Razor: Device or Instrument?

 

If our modern culture ever had a honeymoon with technology, the honeymoon's been over for quite a while now.  From nuclear bombs to carbon emissions and social media, we are at least as aware of the drawbacks of technology as we are of its benefits, especially when it comes to what communications and information technologies have done to the way we interact and govern ourselves.  But what can an individual do to make things better? 

 

Andy Crouch, a Christian author and entrepreneur, thinks he has some answers.  A few years ago he wrote The Tech-Wise Family:  Everyday Steps for Putting Technology in Its Proper Place.  And now he's broadened his scope with another book:  The Life We're Looking For:  Reclaiming Relationship in a Technological World, which I learned about in a review published in The New Atlantis, a journal of technology and society.

 

The reviewer, a professor of theology at Abilene Christian University named Brad East, wasn't entirely happy with Crouch's latest.  And having just read the book myself, I tend to agree with some of his criticisms, namely that while Crouch offers some first-rate analyses, he is a little weak on specific solutions. 

 

This may be because Crouch is not a terribly systematic thinker.  But where he excels is in brief, pithy aphorisms, one of which I want to highlight today.  You may have heard of a thing called Ockam's Razor.  It refers to William of Ockham, a 14th-century monk and scholar who had a major influence on the progress of medieval thought.  His "razor"—a thing for cutting off needless fuzziness, as you may say—is summarized in the Wikipedia article on him as "one should always opt for an explanation in terms of the fewest possible causes, factors, or variables."  Scientists have seized upon Ockam's Razor as a way to choose among several different explanations for a given physical phenomenon.  While no more infallible than most of philosophy, the Razor has come in handy numerous times as an argument against a needlessly complicated explanation of something that can be explained much more simply.

 

All this is preliminary to Crouch's Razor, which I shall state as follows:  In considering the purchase or use of a new technology, ask whether it is a device or an instrument.  And of course, you need to know what the difference is.

 

Crouch attributes to the philosopher Albert Borgmann his special meaning for device:  a thing that replaces earlier tools or means of doing something by making the activity so much easier that human beings are not really required at all.  A good example of an early device is a phonograph used to play music.  Formerly, to hear a symphony orchestra, you'd have to go to a concert hall with a lot of other people (unless you were rich enough to afford your own orchestra), and the musicians would have to put in years of practice and rehearsal to produce a decent-sounding piece.  But after the device called the phonograph was invented, a ten-year-old could wind up the crank and put the needle on the record and hear something that approximated the same symphony.  And now, of course, it's infinitely easier to hear music at any time or place, and public spaces are filled with music (of a sort) for the production of which no human being's services are immediately required—the Muzak-makers play themselves.

 

An instrument, on the other hand, is something that augments human ability but also requires of us a certain amount of effort, concentration, and practice, keeping us in the loop as humans, so to speak.  A ukulele is an instrument in this sense.  I can testify from personal experience that a ukulele does not play itself.  You have to practice on it until the fingers of your left hand (if you're right-handed) have little calloused patches that make it less painful to hold down the strings (notice I didn't say painless!) so the chords come out clearly.  And you also have to learn which strings to hold down where.  In the hands of a good musician (which I am not), the ukulele can be a thing of joy, or at least happiness—if you like ukulele music, that is. 

 

As a Christian, Crouch has a clear anthropology in mind:  he says, "Every human person is a heart-soul-mind-strength complex designed for love."  Any new technology that helps people use or develop one or more aspects of that complex on its way to its designated purpose is to be sought, because it's an instrument.  On the other hand, if a new technology resembles a "superpower"—reducing what used to be the complex human achievement of one or more skilled workers to the programmed machinations of gears and bits—it's probably just a device, and you use it at your peril.

 

Crouch is not so simplistic as to issue blanket condemnations of things like mobile phones.  While he recognizes that the profit-driven social-media system that uses phones as its primary interface is probably one of modernity's worst devices in many of its aspects, he highlights an instrument that uses phones: an app developed by a friend of his to help sick people organize networks of helpers during their illnesses.  He urges users to ask, in effect, "Why am I getting this new piece of technology?  Will it help me become more of what I ought to be?  Or will it just let me satisfy my animal urges more easily?" 

 

Even if you can't quickly categorize an innovation as purely a device or purely an instrument, these are good questions to ask, and they aren't asked frequently enough.  As reviewer East noted, Crouch has no industrial-scale solutions to the problems caused by our embrace of devices that move the world ever closer to a single buzzing, clacking process with humans playing the roles of cogs in a machine.  The next time you are invited to take up or buy a new kind of technology, try applying Crouch's Razor and ask yourself:  is this a device or an instrument?  And if it's a device, think twice before you proceed.

 

Sources:  Andy Crouch's book The Life We're Looking For:  Reclaiming Relationship in a Technological World (Convergent, 2022) was reviewed by Brad East in the Summer 2022 issue of The New Atlantis, pp. 81-92.