Category: Uncategorized

Nobody Needs Privacy Except Me And My Mistress

Jeremy Paxman spent a whole career interrogating and humiliating politicians over mistakes they made and very definitely over supposed transgressions in their private lives (eh). The BBC – that’s us, in other words – paid him a prince’s ransom for it. The TV programmes he worked on reported in detail on the phone-hacking scandal and, time and again, on incidents where the police or the intelligence services overstepped their authority. There’s a decent chance he was personally targeted by one or other of the tabloids at some point in his career – he was a celebrity in London and therefore by definition a target. He told the Leveson inquiry that Piers Morgan personally told him how to hack voicemail accounts.

Yet, here he is denying that anyone needs privacy.

“Personally I am prejudiced on this question on security and privacy, what is it you are all doing that you are so concerned about? Do you think anyone is really interested in your sex lives? They are not! I can’t understand this.”

This is pukey enough. Morgan wanted to intercept Sven-Goran Eriksson’s phone calls, illegally, precisely in order to spy on his sex life. And it’s not as if he, Paxman, hasn’t had plenty to hide himself (one, two). But it gets worse. Paxman’s talk at InfoSec Europe was titled Governments, Businesses & Other Scoundrels: Why Trust Anyone?, a title that projects the I’m-tough-and-cynical-a-proper-grownup act we paid him so much for. But here’s what he had to say:

“I am prepared to trust the security forces. I think they by and large do a brilliant job. And I think they are kept under reasonable supervision. And I think when people who know about these things tell us, suppliers of communication mechanisms ought to be more responsible, I am rather inclined to take their side.”

Trust no-one, then, except spies. Question the powerful, unless they actually are. That’s some cask-strength establishment cynicism right there. You might consider voting against this today.

The pre-history of the Friedman unit

Those of us who blogged through the Iraq War will of course remember the Friedman unit, a measurement of time defined as how long it will take until things are OK in Iraq, conventionally equal to six months, named for Thomas “Airmiles” Friedman of the New York Times. But I didn’t realise the unit has a prior history. Not until I read Waugh in Abyssinia, that is.

OK so; this is the book Evelyn Waugh wrote about the Italian invasion of Ethiopia, that would become the source for his novel Scoop!. It’s a very strange book. Waugh divides it into three parts, and there’s no reason not to tackle it in the same way. The first third is a potted history of imperialism in the Horn of Africa, startlingly radical (he basically adopts a Hobson/Lenin economic-determinist explanation) and very critical of the British (mostly for hypocrisy). His account of the complicated way in which Ethiopia was both a target of imperialism and an expansionist empire itself, and his insistence on the transformative importance of the League of Nations’ international recognition of the country, is great.

The second contains Waugh’s narrative of his travels and the war. This is basically why the book is still read – it’s classic impressionistic travel writing, with good jokes about reporters prefiguring Scoop, fine prose, and a subtle account of a pre-modern society trying to be modern.

What he’s going on about here is one of the key forms of the state in the 20th century – the development dictatorship. Waugh is very good on the conflicts inherent in this, the contract-hunting chancers and weirdos drawn to it, and the ambivalence of the whole project. Ambivalence about modernity is the core theme of his work, and development dictatorship gave him enormous scope to, ah, develop it. One of the key things you have to grasp about him is that although his self-presentation in his old age was as someone who’d been a deep reactionary all along, his books aren’t often like that. He plays up the old git shtick, and then leaps on a train de luxe to the front line. The contradiction is where the art gets in, and why the journey to Ethiopia inspired him.

The third section, though, is completely weird. Waugh went back to Ethiopia after the Italians occupied it, and at this point his scepticism seems to have completely failed him. He kicks off mocking journalists in Djibouti who tell him the war isn’t over and guerrillas are everywhere, warms up by insulting British MPs who make the mistake of caring what happened to the Ethiopians, and travels up the line to Addis Ababa. On the way he observes that every bridge, tunnel, and choke point is heavily guarded by tired, nervous Italian soldiers. No matter.

He goes to see the Italian governor, who has installed himself in the emperor’s palace, surrounded by the few sticks of dictator chic the looters didn’t steal or torch. Six months, they agree. He bashes “liberals” some more. Guerrillas break into the city centre in company size, exactly as the guy he was shitposting says, and he gets shot at. Six months, he says, and everything will be OK. Not just the unit size, or the security situation, but the characteristic architecture and interior design of the Friedman unit has been defined. He has another dig at a British MP for believing that the Ethiopian resistance government still exists. They’ll be put in the bag, in six months. Rather as the Americans never did get Saddam’s appointed deputy, the Italians never did catch it.

He completely falls head over heels in love with the Italian contractors who are building a new road as a counterinsurgency project (it’s going to be done in six months), and announces that the Ethiopians never bothered to build any roads, forgetting that he already praised one of theirs a hundred and fifty pages back. It’s a header right into the deep end of the trahison des clercs.

And we probably better talk about the racism. At this period of his career Waugh has a weird habit where he’s quite capable of being respectful of foreigners’ institutions, character, or appearance…and then he throws in a massive, jarring insult. It’s never integral to his point, but rather chucked in as a style statement, a sort of sprezzatura of turds. This always makes him sound weirdly American, because the style he adopts and the choice of epithets come from there. Rather than the kind of patronising imperial condescension you expect, you get a shot of the Klan, of burning crosses on suburban lawns, corpses towed behind Ford V-8s. Tellingly, he kids himself the Italian conquerors are like…the pioneers of the American West.

The point would be made to him in due course. By the time he came to write the Sword of Honour trilogy, he’s cut it out. It took the second world war to do that. But what interests me is that he didn’t start off writing like that. He got it from somewhere, but where?

Quick campaign post

This Chris Cook piece about campaigning strategy is good. Here’s something I noticed which he doesn’t call out specifically. The party leaders’ activities by ITV region are actually very similar. Going by Chris’s table, Theresa May has made 23 visits and Jeremy Corbyn 22. Both leaders have concentrated their operations on two regions, Greater London and the West Midlands. May visited Central 5 times, as did Corbyn. She appeared in London 5 times, while Corbyn did so 6 times. In total, Corbyn’s visits to these two regions represent half his total, while May’s represent 44% of hers. The distinction should not be treated as particularly important, as it’s accounted for by precisely two visits. I would cautiously support Cook’s contention that he’s trying to get on the regional news as often as possible with an enthusiastic turnout of activists by going to seats where there is a good membership base. This at least turns his meetings to some use. Alternatively he actually expects the Labour share of the vote to be up on last time – look at the concentration of visits around a 5% swing. That would be…brave?

The NHS hack and GCHQ

It looks like the worldwide ransomware attack on Windows XP machines originates from one of the exploits in the so-called Shadow Brokers dump, a collection of exploits developed or bought by the NSA. Oliver Rivers asks: Where was GCHQ?

Well, the answer is more like: Where was CESG? Or LCSA? Through the Second World War and the Cold War, the UK maintained a structural distinction between the agency responsible for collecting signals intelligence on its enemies, and the one responsible for protecting its own systems from them. During WW2, the centre of offensive signals intelligence was at Bletchley Park, as everyone knows. It drew on resources from the secret services, from the Foreign Office, from the RAF Signals Branch’s Y Service, and from the Royal Navy. Army SIGINT became more important in the cold war.

There was also, however, a centre in London devoted to what we would now call security assurance. This agency, known as the London Communications Security Agency (or Group, or Service, or Centre – it got reorganised a lot), had the job of verifying the security of cryptographic systems developed by everyone else. As it happened, the biggest such project of the war was Rockex, created by the radio-focused Section VIII of Special Operations Executive to communicate with their spies in occupied Europe and the Far East. Rockex turned out so well that the military turned to it to distribute the intercepts from Bletchley Park to commanders in the field, and the Foreign Office used it for diplomatic communications worldwide.

We kept going rather like this. The development, and operation, of cryptographic systems was decentralised. The military, and the secret services, and industry built things, while the defensive security group (whose name changed all the time) defined standards they had to comply with and provided expert support. On the other hand, the offensive GCHQ spied on HM Enemies, however defined.

There is not a hard line between their functions. For a start, they share common technology. If you want to provide information security assurance, you need to be able to test it, which means you’re capable of spying. The technology of information security is supremely dual-use. But this is also true of classical intelligence. Kim Philby headed the counter-intelligence branch of MI6, the spies responsible for spying on the other lot’s spies. The defensive side would like to know about the attackers; the attackers often find out first from the defence.

Classical human intelligence agencies usually are divided up this way. SIGINT agencies are a bit different. GCHQ has, since 1941, had the sole right to brief the prime minister outside the Joint Intelligence Committee process with a selection of its choicest takes. This reflects an important truth about its work. SIGINT is the steroid of intelligence – whatever you think of it, whatever it does to your democratic health, it makes you stronger. It may not make you smarter, but if there is an effective crypto break of some sort, it will deliver you the other side’s literal words. Also, it can deliver quickly. One of the greatest achievements of Bletchley Park was to deliver decrypts in close to real time. In a nuclear world, this is desperately valuable.

As a result, they have always wanted to be an integral fourth service, pulling all the resources together, making their unique access and capability worth something. This was consummated in the UK when the London-based security functions were rolled into GCHQ when the new building in Cheltenham opened back in the Blair years. Terribly, something similar has happened in NSA since Edward Snowden went on the run.

The problem here is that the two missions conflict. When the offensive mission discovers something, its incentive is to hoard it. This is the hoard recently leaked. When the defensive mission discovers something, its incentive is to fix it. But only the offensive one gets to brief the prime minister. Only the offensive one drops startling insights into startling people onto the prime minister’s desk. The defensive mission can hope only for peace, and the appreciation of its professional peers so long as it is allowed to tell them. Its world is more adult, more intrinsic in motivation, more genuine in its commitment to public service. It is like the justification that the offensive side uses for its sins.

It is fairly clear that the offensive side will win the agency’s internal politics so long as the two are forced to live in the same fishtank. This cohabitation is, however, optional and somehow we did without it when it mattered most. Free CESG!

The NHS hack and technical debt

So the NHS got hacked. Jeremy Hunt saved £5m a year in payments for extended Microsoft support and now look what’s happened. This reminded me of something important.

Software engineers have a concept of “technical debt” that is worth remembering. Technical debt arises when you decide to put some work off to the future, so you can get on with something more important in the moment. So there was that annoying bug, but you thought it was more important to finish the integration with Salesforce and your customers definitely thought so. You knew you needed to do the security audit, but there were all those bugs to tackle. You wouldn’t have designed the whole thing this way, had you known anyone would use it, but rebuilding the core of the application? There are more immediate concerns.

It’s like debt for a number of reasons. First of all, you’ve got to pay it off in the end. If you don’t do the security audit, one day you’ll be on the news. If you don’t do the big redesign, one day you’ll hit some sort of limit. If you don’t keep up with the maintenance, one day the whole project will just be too crufty to advance further.

Secondly, though, the optimal level of technical debt is not necessarily zero. Debt is useful. We incur technical debt when we choose to prioritise some tasks over others. This allows us to commit more of our resources to goals we consider important, on condition we eventually get after the others. This has an important consequence.

An organisation can put up with more technical debt if its ability to pay it off – to fix it – is also growing. If the inventory of deferred work grows faster than the capability to do it, though, it’s heading for ruin.

And finally, as with any kind of debt, it’s very important to recognise that it exists and to account for it. One of the best ways to give a false impression of success in business is to find a way to borrow without accounting for it. Leverage increases returns.

With technical debt, you’re essentially borrowing from yourself. The flow of cash that would otherwise have been used to retire the technical debt is available for some other purpose. This looks like there’s been a saving – a reduction in the actual costs of doing business. But in fact, there is no saving. Work that needs doing has not been done. It will need doing in the future. Swapping future money for money today is the very definition of debt.

As I say, the optimal level of technical debt is not zero. But let’s think about this more broadly.

When institutions want to save, especially governments, the first thing they do is cancel big capital projects. That’s easy – they are well defined lump sums. The second thing they do, though, is to cancel maintenance. The nice thing about cancelling maintenance is that stuff usually works for quite a while. You have the cash, and the repayment is in the future. Debt, see? And wonderfully, you don’t need to book it anywhere. When John Major privatised the railways, Railtrack plc reduced the track mileage it replaced annually by two-thirds. Not surprisingly, it managed to pay dividends right up to the bitter end, borrowing from its assets by running up technical debt.

So. Remember when the fella said he was fixing the roof while the sun was shining?

Some links on my current preoccupations

If you want something completely weird, try this. The Swiss government is still so furious about the whole business with the whistleblower who sold German tax authorities a stack of CD-ROMs with lists of tax evaders that they had their intelligence service spy on the German excisemen. But German counterintelligence found out about it somehow. Since the 1st of December, a secret warrant has been out for their arrest, and now they’ve snagged the 54-year old Daniel M., a Swiss citizen, in Frankfurt am Main, on suspicion of espionage for a foreign power namely Switzerland since at least January 2012.

So German and Swiss spooks are chasing each other around Rheinhessen? Who ordered that? Also, I had imagined that the Swiss might be trying to warn the account holders that they were coming under suspicion, but the Swiss seem to have had a more aggressive solution in mind as they were trying to identify the individual German officials involved in the deal.

Taking back control. A poll for NEF suggests that 81% of the public feels it has no control over the central government, while 70% feel they have no control over private companies that contract for public services. This neatly summarises the whole problem. You can shout at your MP and you have a reasonable chance of getting an answer. The MP can shout at this or that minister, government agency, or corporation and they have a reasonable chance of getting an answer. But try getting Sodexho, Npower, Veolia, some no-name NHS contractor, or your friendly local railway TOC to answer a question or do a goddamn thing. But it’s only the politicised minority that’s even aware of their existence. Hence the miasmatic, unfocused crankiness that permeates everything.

This also reminds me of something in Peter Mair’s acclaimed book Ruling the Void. Mair makes the excellent point that European integration – the process of wiring up the national polities with the European polity – means that discontent with the EU invariably also means discontent with the national polity. But – perhaps because he didn’t want to accept that anyone who disliked the EU might have a real problem – he didn’t follow the logic through to the conclusion that discontent with the national polity also ends up being discontent with the EU.

On which theme, here’s a good piece on the crisis of French provincial cities. The way I think of this is as follows: Europe used to be characterised by a party divide that roughly mapped onto an urban-rural divide. The countryside was organised by a network of associations that supported the conservative, or Gaullist, or Christian Democratic party. The city was organised by trade unions and other associations that supported the socialist or Social Democratic party. In the longue durée, the difference was really whether a city had developed a meaningful industrial working class; where it hadn’t, sometimes other political formations would survive to speak to specifically urban concerns. The example would be the Liberals surviving out west in the UK.

But this structure is changing. Sure, it looks roughly similar on a map, with red clusters in a blue sea. The content behind those labels, though, is changing. This change can be expressed as the effect of three flows – there’s the last wave of suburbanisation (like the lotissement) phenomenon in France, there’s a wave of re-urbanisation, and there’s also a tendency to super-urbanise. So the traditional rural constituency is being hollowed out by movement to the city, but these days the movement is direct to Paris, or London, or why not New York. At the same time, the exurbanites aren’t organised into the rural constituency because why would you join FNSEA if you’re not a farmer and you basically live on the motorway? Instead they become the classic fake news constituency, organised by the Facebook app for iPad, aka the weapon of mass destruction of our times.

Meanwhile, this piece by Mark Gregory for EY gets to something I worry about. A lot of Brexiters, and also lefties, understand the economy of London and the South-East as being basically about banks. They draw different conclusions from this; the first think we’ll be OK because just letting the finserv sector rip as a tax haven will work (never mind being tracked down by Swiss assassins), the second think we’ll be OK because bankers, fuck’em. But this misses a lot of important stuff. It makes a lot more sense to see it as an integrated professional services cluster that does software, architectural design, adverts, movies, drugs, and a whole lot of arcane specialities. Some of this is here because it’s linked to the financial centre – activity in the financial centre tends to drive demand for accountants and lawyers – but this is a subset of the total. One way to look at this is to say that it’s sucked up all the loose graduates from a large part of the world, and wouldn’t it be nice if we could kind of spread them out across the UK. Well, perhaps. But this assumes the specialisations aren’t complementary. I wonder.

More to the point, I wonder what degree of Brexit-related disruption would cause people to up sticks and go, and leave just the pure financial element.

And what about the guy who got us into this mess? David Cameron‘s £25k shed seems to concentrate every aesthetic trope of the Cameron years into one artefact. There’s the whole posh-people-go-to-festivals style – surely about to become terribly dated – but there’s also the killer detail that the light switches are made out of Bakelite. They don’t just look nostalgic; they’re chemically composed of the stuff. And, even posing on the steps of the thing, he’s still wearing his shiny black business brogues, a small bank playing a man on TV.

Design values are values, again

Here’s a good rant against bloat and ad-tracking and everything else Maciej Cieglowski has been warning you about for years. Now, somewhere on Twitter I saw @annehelen asking why it didn’t say anything about the look and feel of the nutter right’s websites. And I also saw this project, where a classic Cranky Old Engineer type swapped media diet with a fairly classic Lib Dem Type.

Hilarity ensued. More to the point, the project was a great example of some principles I keep going on about.

Trying to keep up with the world by only reading the Drudge Report was “a nightmare,” Leija said. Drudge aggregates news stories from multiple sources on the Internet and places them in a list with the same, small headline size. I found it hard over the course of the week to know what the important stories were,” Leija said. “I felt under-informed because all that tiny text creates a sense of not being able to tell what is important. It was depressing in a strange way.”

There are several design choices to discuss here. First of all, there’s the anti-design; this is a bit like Harris+Hoole, the chain of fake independent coffee houses run by Tesco. Throughout its existence, Drudge Report has projected a lo-fi, DIY aesthetic while mostly relying for news on briefings from Republican politicians and their staffers. This reminds me a bit of the biggest category of Chinese trolls here; the ones who seem normal and then turn out to have connections in the Public Security Bureau, who know the real story.

Second, there’s the Angus Steakhouse element. Microsoft Research worked out that there’s a reason spammers are so obvious. I’ve blogged this again and again. They’re trying to put off anyone who’s likely to get wise to them, as early as possible. You can try to spot the suckers, or you can arrange things so you only ever deal with people who have already flagged themselves as suckers. Which strategy would you pick? Spammers do this, and so do notoriously horrible London restaurants. It’s ugly for a reason; if you care that it’s an ugly, dodgy-looking mess, they don’t want you there.

Third, there’s some research about typography suggesting messages that are harder to read remain in the mind longer. On the other hand, more readable messages are more likely to be read and understood. There’s a trade-off between conveying information, and making converts. Interestingly, real typographers do behave a bit like this. Signage is usually modernist sans-serif fonts, body text in books is usually a greeked serif. This blog is the opposite, which may mean I’m a clown, or perhaps that I want you to remember that post of Yorksranter’s…but come back and read it again.

So much for type. What about the other stuff? Our guinea pig listens to the radio:

“I was shocked,” Knuth said. “I had never listened to a radio station like that before. I was shocked to see that it was actually just a series of programs of Rush Limbaugh-type guys. It was wall-to-wall programming of these cranky personalities, who were engaged mainly in complaining.”

After years of listening almost exclusively to public radio, which does not take advertising, Knuth was disturbed by the amount of air time taken up by ads on The Patriot, including one ad he heard repeatedly featuring former congressman and presidential candidate Ron Paul hawking a food dehydrator.

“I was just constantly frustrated.” Knuth said. “I like to know what happens in the world, and I constantly felt like I didn’t know anything, and also frustrated by the endless sales pitches, which made me annoyed.”

This reminds me of Daniel Kahneman’s work, or more precisely the deliberately crude gloss I wrote here as Kahneman for Thugs. Specifically, Target the Depleted…and Deplete the Targeted. People are easier to convince when they’re tired, ill, or distracted. You can use this to exploit them by picking people like that. It’s possible that audience pre-selection works a bit like this; the Angus Steakhouse model likes people who are too tired and cranky to care.

You can also make them like that by yelling, pouring an undifferentiated stream of irrelevant stories at them, and by filling up the visual field with noisy graphics. Interestingly, one of the best predictors of being banned as a troll is bad English, specifically, your score on standard metrics of readability. This suggests both that trolls are depleted, and that their misspelt yelling imposes cognitive costs on those around them.

Back at the source, our cranky engineer was still cranky, especially because people on Jezebel are really sweary and aggressive and the NYT is often wrong – tell us about it! – but interestingly he seemed happier about changing radio stations because he found NPR less abrasive. In some sense he was aware of the effort all the shouting consumed on his part. And he chose to undergo a “news blackout”, supposedly for other reasons.

So yes, it’s both a style statement and an element of technique.

Are you thinking what I’m thinking?

Thinking about Michael Howard’s interview fart over the weekend, I done a twitter and they liked it:

And then I remembered the sheer weirdness of standing in Parliament Square being addressed by Alistair Campbell the other day. I think it’s fair to say I never imagined my life would take that particular turn. But now it makes sense. One of the important political dualities is between the people who represent self-control and the public face, and the people who represent letting it blurt, as Lester Bangs titled. As with all dualities, the advanced student will notice that the point is to use them in combination, whether by presenting radical content as consensus or consensus and conservatism as exciting novelty.

You could call them the Ego Party and the Party of Id, and perhaps the civil service plays the super-ego. After all, are you thinking what I’m thinking? Here’s a party political broadcast on behalf of Michael Howard. Filthy!

Then, as well as perpetrating cod psychoanalysis I’m also doing billiard-ball realism here. Parties are not homogenous. If you realise that one of the major achievements of Thatcherism was the UK becoming a central actor in the European project – ’87, ’92, and all that – it’s perhaps worth remembering that those Normal European Countries people go on about usually have two conservative parties. Very often the divide is based on how Catholics responded to the Enlightenment and the Industrial Revolution. One party is founded on the early 20th century social theory and then NATO, the other on the Counter-Reformation and the Occupation.

The UK *gained* two conservative parties during the peak years of its integration in Europe. I don’t really mean UKIP, but rather the continuing fight over whether the Tories would be more like the German CDU or CSU. Would they be a party upholding a Euro-Atlantic multilateral order – the Ego Party – or a basically revisionist movement, the Party of Id? Howard made his choice even while John Major was trying to make the opposite choice stick.