Bruce Schneier brought to our attention the performance and ease of use of off-the-shelf data-mining tools for social networking analysis. With a few million CDR that sort of tool can identify user communities in the physical, temporal and social dimensions. ThorpeGlen’s graphical user interface screenshots are particularly impressive.

Needless to say that SIM swapping does not work as the IMEI is still available - that is old news. But swapping both SIM and teminal is not the solution either anymore as behavorial analysis can nowadays still yield a match. This may be the end of  the road for communications security in durable networks by pure compartimentalization. Instead of acquiring random prepaid accounts, clandestine operators should now focus on creating sufficient decoy activity so that the social signal is drowned in enough misleading connexions - and maybe only stolen accounts provide enough credible noise to evade profiling. Doing that without a single mistep is going to be difficult, especially under the sort of pressure that justify such precautions.

But whatever the performance of  the analysis system, casual mobile phone use in a clandestine context is getting more risky - if  this is an off-the-shelf system, just imagine what custom systems can do for the most advanced nations.

Who these days has not witnessed the embarrassing failure modes of Microsoft Windows ? Blue screens of all hues and an assortment of badged dialog boxes make each crash into a very public display of incompetence.

I will not argue that Windows is more prone to failure than other operating systems - that potential war of religion is best left alone. What I am arguing is that failure modes should be graceful, or at least more discreet.

A black screen is neutral : the service is not delivered, but at least the most trafficked billboard in town is not hammering everyone with a random pseudo-technical message that actually means “my owners are clueless morons”.

Even better than a black screen : a low level routine that in case of system failure may display something harmless. Anything but an error message.

With so many information screens in the transportation industry, automated teller machines of all sorts and a growing number of advertising screens on roadsides, a properly and specifically configured system is necessary. What about “Microsoft Windows - Public Display Edition” ? Of course, users of Free Software don’t have to wait for a stubborn editor to understand the problems its customers are facing.

When the stakes are high enough, the costs of not managing risk through graceful degradation cannot be ignored. But let’s not underestimate the power of user inertia…

I stumbled upon this gem in Hannah Arendt’s book The Origins of Totalitarianism :

“The Okhrana, the Czarist predecessor of the GPU, is reported to have invented a filing system in which every suspect was noted on a large card in the center of which his name was surrounded by a red circle; his political friends were designated by smaller red circles and his nonpolitical acquaintances by green ones; brown circles indicated persons in contact with friends of the suspect but not known to him personally; cross-relationships between the suspect’s friends, political and nonpolitical, and the friends of his friends were indicated by lines between the respective circles. Obviously the limitations of this method are set only by the size of the filing cards, and, theoretically, a gigantic single sheet could show the relations and cross-relationships of the entire population. And this is the utopian goal of the totalitarian secret police: a look at the gigantic map on the office wall should suffice at any given moment to establish, not who is who or who thinks what, but who is related to whom and in what degree or kind of intimacy. The totalitarian ruler knows that it is dangerous to send a person to a concentration camp and leave his family and particular milieu untouched; [It is a common practice in Soviet Russia to arrest whole families; Hitler's "Health Bill" also foresaw the elimination of all families in which one member was found to be afflicted with a disease.] the map on the wall would enable him to eradicate people without leaving any traces of them-or almost none. Total abolition of legality is safe only under the condition of perfect information, or at least a degree of knowledge of private and intimate details which evokes the illusion of perfection”.

Hannah Arendt’s nightmare social mapping system was somewhat mitigated by the technological limits of her time - The Origins of Totalitarianism was published in 1951 and in her mind the information processing technology capable of supporting an extensive social graph was still about as far away as it seemed to the Czarist secret police. But today we are all busy building representations of the social graph to support and enrich our interactions. We are busy on social networking tools making the secret police’s work and making their dream come true.

Have we lost our minds and forgotten about the dangers ? Not quite : privacy management remains at the center of most social graph use cases. But this is a superficial defense : if a totalitarian state was to emerge among our society I know I would be as good as dead - or rather disappeared without a trace.

Luckily I am an European and I therefore enjoy the benefits of a life with historically high levels of freedom. But evil is never as far away as we imagine, and the generation of our grandparents who experienced totalitarism will not remain among us much longer to remind us that.

“You must remember, my fellow-citizens, that eternal vigilance by the people is the price of liberty, and that you must pay the price if you wish to secure the blessing. It behooves you, therefore, to be watchful in your States as well as in the Federal Government” — Andrew Jackson, Farewell Address, March 4, 1837

In spite of the hype surrounding micro and nano UAV and how important they are becoming to winning the struggle for tactical information, I can’t find any reference about how to defend against them. As their current use is mostly on the strong side of asymmetrical warfare, it seems that the industry and the users have simply set the problem aside for now.

But it won’t be long before two high-technological forces equipped with swarms of nano UAV will find themselves fighting against each other, and they will both certainly clamor for a better fly swatter. Since I can’t foresee very large fly swatters being part of standard issue kit anytime soon, there is a clear need for some new form of air defense against air vehicles as small as a mapple seed.

Will we see micro air defense units in action, complete with toy-size automatically guided artillery, dust-like shrapnel and tiny missiles ? This heralds the appearance of new dimensions in the tactical environment, and those familiar with nanotechnological prospective will have recognized the first step of a downscaling war.

Meanwhile I think about the potential for pest control - selectively killing flying intruders seems definitely better than spraying nerve agents in my home…

Mentioning video surveillance, a sticker on the T2 tram line in Paris refers to it as “video protection”. Considering the dubious efficiency of video surveillance for crime deterrence in unpatrolled spaces, I think we have a beautiful specimen of pristine security bullshit with bonus points for creative use of newspeak. While thinking about it I could almost hear a friendly security agent tell me “please sir, it is for your own safety”. I hope it is the last time I read “video protection” as a way to muddle the negative connotations of video surveillance under a layer of weasel fur, but I guess not.

And while I am at it, let it be known that I am not against video surveillance. I am against the incoherent, inefficient and  expensive dogmatic use of video surveillance for political purposes by flattering popular paranoia with a warm and fuzzy pixie dusted security blanket. Video surveillance is a mildly dissuasive technological extension of patrol work that requires real time attention and human resources for reaction and investigation - like all fortifications it is useless if it is not sufficiently manned. And like all tools it is more than useless if acquired for no profitable purpose other than furthering the personal ambitions of political leaders.