I’ve realized recently that I have no real idea of what’s happening in Iraq. On the one hand, we have bubbly optimists like Chrenkoff. On the other, people like Wall St Journal reporter Farnaz Fassihi, whose email is getting wide circulation.

The Iraqi bloggers I read (generally) sound more optimistic than despairing, which is good. It’s clear to me that the US needs to stay the course, as bad as that may well become, because pulling out would be an unmitigated disaster. Al Qaeda got a huge boost from the (US backed) Islamist victory over the Soviet Union in Afghanistan. Withdrawing from Iraq would give them another huge boost, even if they’ve lost in Afghanistan to the US.

(From Editor and Publisher on Fassihi, via BoingBoing.)

[Update: several people have asked, how can you believe that “it’s anything but *cked up over there?” My answer is reading the Iraqi blogs, it just doesn’t seem that what they’re witnessing is either the doom and gloom of the left wing press, or the sunshine of the right-wing press. Its really hard for me to judge what’s really going on at any sort of macro level.]

Nevada Gaming Commission vs. Diebold

It’s always good to see our best resources being applied to the most important things in society, like voting. The “independant” validation, paid for by the software creators, is closed to the public. But when the Nevada Gaming Commission gets into the act, it seems they know a scam when they see one. (Disclaimer: I voted in that Defcon study, but have no evidence my vote was counted.)

For more information, see the Black Box Voting book page, Avi Rubin’s site, or Rebecca Mercuri’s site. Dr. Mercuri was the first one I know of to start beating this drum, and we owe her a vote of thanks.

[Update: The story isn’t actually new. I’d heard Nevada was requiring audit trails, but hadn’t heard it was the NGC that was responsible until Randal Schwartz pointed it out to me. (I’d link to the message, but it hasn’t been through moderation yet.)]

Travel, Speaking Plans in October

I’m speaking at the Atlanta Chapter of the High Tech Crime Investigative association, October 11th, on a “Privacy Industry View of Reducing Cybercrime.” This is an extended version of Zero-Knowledge’s talk we gave to law enforcement.

I’m speaking at the Inaugural Security Leadership conference, in Arlington, Texas on the 19th, on “Beyond Penetrate, Patch and Pray,” which is a new talk that I haven’t put online yet.

I’ll be attending (but not speaking at) Phreaknic in Nashville, on the 22nd and 23rd.

"A Roadmap for Forgers"

Ed Felten has a great post over at Freedom To Tinker about Rather-Gate:

In the recent hooha about CBS and the forged National Guard memos, one important issue has somehow been overlooked — the impact of the memo discussion on future forgery. There can be no doubt that all the talk about proportional typefaces, superscripts, and kerning will prove instructive to would-be amateur forgers, who will know not to repeat the mistakes of the CBS memos’ forger. Who knows, some amateur forgers may even figure out that if you want a document to look like it came from a 1970s Selectric typewriter, you should type it on a 1970s Selectric typewriter. The discussion, in other words, provides a kind of roadmap for would-be forgers.

On top of educating forgers, the debate, at least for those who followed it, has provided an education in document authentication. So not only are the forgers smarter, but so is the general public. That’s a very good thing.

Many security problems are built into products because the designers don’t know about a problem, or become convinced that no one else will discover it. A better educated public helps to address both these issues: Designers are more likely to know about problems, and once they know them, management is less likely to dismiss them as improbable or obscure.

Cultural Imperialism At Its Best

Abdul Hadi al-Khawaja is being detained for 45 days over charges of inciting hatred against the [Bahrain] regime. His Bahrain Centre for Human Rights (BCHR) ignored warnings it had contravened association laws, a government statement said. The centre had protested at the arrest, saying Mr Khawaja was just “practising his basic rights, namely free speech”.

There are times I love cultural imperialism, and this is one of them. The idea that some rights are inalienable has spread around the world, and made the world a better place.

(Via BBC)

"Tomorrow is Zero Hour"

More than 120,000 hours of potentially valuable terrorism-related recordings have not yet been translated by linguists at the Federal Bureau of Investigation, and computer problems may have led the bureau to systematically erase some Qaeda recordings, according to a declassified summary of a Justice Department investigation that was released on Monday.

The problems, unsurprisingly, are managerial:

The F.B.I. “has not prioritized its workload nationwide to ensure a zero backlog in the F.B.I.’s highest priority cases – counterterrorism cases and, in particular, Al Qaeda cases,” the report found.

The 9/11 Commission report found flaws with the “lead office” system that the FBI has, where the office where a case originates gets all the credit. I wonder if that plays in here?

Audio recordings that relate to Qaeda investigations are supposed to be reviewed within 12 hours of interception under F.B.I. policy. But the report found that deadline was missed in 36 percent of nearly 900 cases that the inspector general reviewed. In 50 Qaeda cases, it took at least a month for the F.B.I. to translate material.

Heads ought to be rolling at this point.

Quotes are from a New York Times story, see also what the BBC had to say. The title, incidentally, is from a September 10th intercept.

Overall, it doesn’t make much difference that the Army kicked out nine linguists for being gay. That’s less than 1% of the workforce at the FBI. But it does indicate that our national priorities remain somewhat skewed.

Maybe if we stopped insisting that security and liberty are always opposed, and started talking about how liberty and security can complement each other, we’d be doing better?

The Two 9/11 Commisson Reports

I’ve just finished the 9/11 commission’s report. (Or use the Pdfhack version, a fine example of what can be done in the absence of copyrights.)

One of the things that stands out for me is the stark contrast between the history and the recommendations. The history is excellent. The recommendations, less so. My largest critique is that after the largest attack on American soil since the civil war, they fail to think big. They spend time drawing lines on org. charts.

Regular readers will note that I spend a lot of time looking at airline security. The recommendations there (around page 383) are clearly weak. More ID cards will not change things. We need to consider broader changes.

For example, they could have considered the drug war. The easiest way to smuggle weapons of mass destruction into the US would be to pack them in cocaine. Perhaps changes there are in order?

I’m not the first to notice this. Elizabeth Drew wrote a long article for the New York Review of Books, and the Center For Strategic and International Studies has an
analysis (PDF) worth reading. An English professor at DeAnza college also caught my eye.