"Better Safe than Sorry!"

“Better safe than sorry” are the closing words in a NYT story, “A Colorado Town Tests Positive for Marijuana (in Its Water).”

Now, I’m in favor of safety, and there’s a tradeoff being made. Shutting down a well reduces safety by limiting the supply of water, and in this case, they closed a pool, which makes it harder to stay cool in 95 degree weather.

At Wired, Nick Stockton does some math, and says “IT WOULD TAKE A LOT OF THC TO CONTAMINATE A WATER SUPPLY.” (Shouting theirs.)

High-potency THC extract is pretty expensive. One hundred dollars for a gram of the stuff is not an unreasonable price. If this was an accident, it was an expensive one. If this was a prank, it was a financed by Bill Gates…Remember, the highest concentration of THC you can physically get in a liter of water is 3 milligrams.

Better safe than sorry is a tradeoff, and we should talk about it ask such.

Even without drinking the, ummm, kool-aid, this doesn’t pass the giggle test.

Dear Mr. President

U.S. President Barack Obama says he’s ”concerned” about the country’s cyber security and adds, ”we have to learn from our mistakes.”

Dear Mr. President, what actions are we taking to learn from our mistakes? Do we have a repository of mistakes that have been made? Do we have a “capability” for analysis of these mistakes? Do we have a program where security experts can gain access to the repository, to learn from it?

I’ve written extensively on this problem, here on this blog, and in the book from which it takes its name. We do not have a repository of mistakes. We do not have a way to learn from those mistakes.

I’ve got to wonder why that is, and what the President thinks we’re doing to learn from our mistakes. I know he has other things on his mind, and I hope that our officials who can advise him directly take this opportunity to say “Mr. President, we do not learn from our mistakes.”

(Thanks to Chris Wysopal for the pointer to the comment.)

Tacoma Narrows and Security

I always get a little frisson of engineering joy when I drive over the Tacoma Narrows bridge. For the non-engineers in the audience, the first Tacoma Narrows bridge famously twisted itself to destruction in a 42-mph wind.

The Tacoma Narrows bridge collapsing

The bridge was obviously unstable even during initial construction (as documented in “Catastrophe to Triumph: Bridges of the Tacoma Narrows.”) And so when it started to collapse, several movie cameras were there to document the event, which is still studied and analyzed today.

Today, people are tired of hearing about bridges collapsing. These stories undercut confidence, and bridge professionals are on top of things (ahem). When a bridge collapses, there’s a risk of a lawsuit, and if that was happening, no company could deliver bridges at a reasonable price. We cannot account for the way that wind behaves in the complex fiords of the Puget Sound.

Of course, these are not the excuses of bridge builders, but of security professionals.

I always get a little frisson of engineering joy when I drive over the Tacoma Narrows bridge, and marvel at how we’ve learned from previous failures.

What's Classified, Doc? (The Clinton Emails and the FBI)

So I have a very specific question about the “classified emails”, and it seems not to be answered by “Statement by FBI Director James B. Comey on the Investigation of Secretary Hillary Clinton’s Use of a Personal E-Mail System .” A few quotes:

From the group of 30,000 e-mails returned to the State Department, 110 e-mails in 52 e-mail chains have been determined by the owning agency to contain classified information at the time they were sent or received. Eight of those chains contained information that was Top Secret at the time they were sent; 36 chains contained Secret information at the time; and eight contained Confidential information, which is the lowest level of classification. Separate from those, about 2,000 additional e-mails were “up-classified” to make them Confidential; the information in those had not been classified at the time the e-mails were sent.

For example, seven e-mail chains concern matters that were classified at the Top Secret/Special Access Program level when they were sent and received. These chains involved Secretary Clinton both sending e-mails about those matters and receiving e-mails from others about the same matters. There is evidence to support a conclusion that any reasonable person in Secretary Clinton’s position, or in the position of those government employees with whom she was corresponding about these matters, should have known that an unclassified system was no place for that conversation.

Separately, it is important to say something about the marking of classified information. Only a very small number of the e-mails containing classified information bore markings indicating the presence of classified information. But even if information is not marked “classified” in an e-mail, participants who know or should know that the subject matter is classified are still obligated to protect it.

I will state that there is information which is both classified and available to the public. For example, the Snowden documents are still classified, and I have friends with clearances who need to leave conversations when they come up. They are, simultaneously, publicly available. There is a legalistic position that such information is only classified. Such rejection of reality is uninteresting to me.

I can read Comey’s statements two ways. One is that Clinton was discussing Snowden documents, which she likely needed to do as Secretary of State. The other is that she was discussing information which was not both public and classified. My assessment of her behavior is dependent on knowing this.

Are facts available to distinguish between these cases?

Happy Independence Day!

Since 2005, this blog has had a holiday tradition of posting “The unanimous Declaration of the thirteen united States of America.” Never in our wildest, most chaotic dreams, did we imagine that the British would one day quote these opening words:

When in the Course of human events, it becomes necessary for one people to dissolve the political bands which have connected them with another, and to assume among the powers of the earth, the separate and equal station to which the Laws of Nature and of Nature’s God entitle them, a decent respect to the opinions of mankind requires that they should declare the causes which impel them to the separation. [Ed: That article is jargon-laden, and interesting if you can wade past it.]

So, while it may be chaotic in the most negative of senses, there’d be some succor should we see a succinct success as England secedes from the United Kingdom. Of course, London, West-Virginia-style, secedes from said secession. Obviously, after this, the United Kingdom of Scotland, Northern Ireland and London should remain a part of the EU, dramatically simplifying the negotiation.

Or, perhaps, in light of the many British who were apparently confused about the idea that Leave meant Leave, or the 2% margin of the vote, it would be reasonable and democratic to hold another election to consider what should happen. A problem with democracy is often that a majority, however slim, votes in a way that impacts the rights of a minority, and, whilst we’re waxing philosophic, we would worry were the rights of that minority so dramatically impacted as the result of a non-binding vote. Perhaps a better structure to reduce chaos in the future is two votes, each tied to some super-majority. A first to negotiate, and a second to approve the result.

It doesn’t seem like so revolutionary an idea.