History, Security

The Security Paradox: Higher Investment Leads to Less Safety

Leave a comment

A new history book called “Hidden Gifts” dives into the complexity of Middle-East stability and comes up with this enticing premise:

…embroiled in a paradox—an ever-increasing demand for security despite the increasing supply…

Except, this isn’t a paradox.

Unregulated increases in security have an inversion effect, which is exactly why Facebook boasting about its massive spend has made it also the worst platform.

Compare Facebook to Equifax, for example. The latter had tightly constrained/managed spend and efficiencies that stabilized it and made it a leader in safety. The difference is the ethics of supply.

This is how the “imperial interests” mentioned by the new history book make its paradox thesis… not a paradox.

Here’s the full thesis of “Hidden Gifts”, where you can see the crucial link to “interests” guiding the supplies.

From Napoleon Bonaparte’s invasion of Egypt in 1798 to the foreign interventions in the ongoing civil wars in Syria, Yemen, and Libya today, global empires or the so-called Great Powers have long assumed the responsibility of bringing security to the Middle East. The past two centuries have witnessed their numerous military occupations to ‘liberate’, ‘secure’, and ‘educate’ local populations. Consulting fresh primary sources collected from some thirty archives in the Middle East, Russia, the United States, and Western Europe, Dangerous Gifts revisits the late eighteenth- and nineteenth-century origins of these imperial security practices. It questions how it all began. Why did Great Power interventions in the Ottoman Levant tend to result in further turmoil and civil wars? Why has the region been embroiled in a paradox—an ever-increasing demand for security despite the increasing supply—ever since? It embeds this highly pertinent genealogical history into an innovative and captivating narrative around the Eastern Question, freeing the latter from the monopoly of Great Power politics, and also foregrounding the experience and agency of the Levantine actors: the gradual yet still forceful opening up of the latter’s economies to global free trade, the asymmetrical implementation of international law from their perspective, and the secondary importance attached to their threat perceptions in a world where political and economic decisions were ultimately made through the filter of global imperial interests.

Facebook’s security officer spent more on security because he wanted less safety, which would further balloon his own interests in self enrichment (and his friends). It’s no coincidence he purchased a $3 million home in the hills above Silicon Valley. Would anyone think of him as a descendant of Napoleon?

Before he was hired to drive Facebook’s infamous collapse of safety he was at Yahoo for only about a year, where he secretly pulled $2 million out of their budget to hand out to his friends and followers (under the line item: “bug bounty”), which did exactly nothing in terms of platform safety. Yahoo after he left had to report their biggest breaches of safety in their history.

It’s perhaps counter-intuitive, yet if you place an ethics filter over security spend you can see how sometimes massive investments proposed by immoral security leaders are in fact predictably going to reduce safety, giving them an excuse to demand more.

More investment therefore can lead to more safety, yet only if that investment has proper governance — adheres to principles of ethics like inherited rights and external accountability for harms.

I’m reminded of the days before “mutually assured destruction” had its total meltdown in the Cuban Missile Crisis.

The unregulated hawks of America were trying to cook up another fictional “knockout punch” with a weapon (Project Pluto) that would demoralize the Soviets by being so egregiously awful to them.

This is a good reminder that the Japanese considered the nuclear bombs to be nothing more than a drop of rain in a hurricane that had lasted many months. In fact, the actual reason for rapid capitulation of the Japanese at the end of WWII was a fear of Soviet troops walking into their territory and seizing control.

In addition, the cost to American lives of the Manhattan Project is estimated to have been higher than what the Japanese suffered from it. And obviously it led to even further harms elsewhere, as well as destabilization of the world afterwards…

An expensive nuclear-ramjet-powered missile nonetheless following the fictional narrative of nuclear bombing, was conceived to fly around the world four times, dumping toxic radiation as it went, while lobbing hydrogen bombs with questionable accuracy.

Insanity? An excellent reminder of how “security investment” can be totally out of control without some basic morality as its guide.

Source: Herbert F. York, “The Debate Over the Hydrogen Bomb,” Scientific American, (Oct 1975) p. 110. Click to enlarge.

Security

New Ways to Predict the Future With Machines Reading the Present

Leave a comment

Usually I like to talk about making predictions about the future based on a reading of history.

However, I found two recent articles that forced me to think about more current publications helping to set a future course of science. Think Google, but not so evil because nothing to do with advertising.

First is a story about “Giant” that announced an index of 107 million papers in a way that cleverly navigates around present copyright laws.

Some researchers who have had early access to the index say it’s a major development in helping them to search the literature with software — a procedure known as text mining. Gitanjali Yadav, a computational biologist at the University of Cambridge, UK, who studies volatile organic compounds emitted by plants, says she aims to comb through Malamud’s index to produce analyses of the plant chemicals described in the world’s research papers. “There is no way for me — or anyone else — to experimentally analyse or measure the chemical fingerprint of each and every plant species on Earth. Much of the information we seek already exists, in published literature,” she says. But researchers are restricted by lack of access to many papers, Yadav adds. Malamud’s ‘General Index’, as he calls it, aims to address the problems faced by researchers such as Yadav.

Second is a paper on the prediction of research trends using computational analysis of available papers.

Here, we demonstrate the development of a semantic network for quantum physics, denoted SEMNET, using 750,000 scientific papers and knowledge from books and Wikipedia. We use it in conjunction with an artificial neural network for predicting future research trends. Individual scientists can use SEMNET for suggesting and inspiring personalized, out-of-the-box ideas. Computer-inspired scientific ideas will play a significant role in accelerating scientific progress, and we hope that our work directly contributes to that important goal.

Source: PNAS, January 28, 2020, vol. 117, no. 4. “The edges are formed when two concepts coappear in a title or abstract of any of the 750,000 papers”

It’s always tempting to invoke Douglas Adams’ famous “42” story when reading these types of articles.

The methods used look more mathematical, and rushed to conclusion, compared with something the seasoned historian might do to validate trends or meaning.

Security

Testing Things the “Wrong Way” is the Right Way to Test

Leave a comment

Yesterday I have a talk at ISACA-SF where I repeatedly emphasized how AI auditing is about testing things in a way that breaks them.

This shouldn’t be news to anyone used to testing things, and yet many of the platforms somehow are trying to respond to algorithm failure by telling people to stop the tests.

I documented in my talk Amazon and Tesla doing it especially plainly, showing that their preferred response to security flaws is for people to stop testing for them. It’s like the 1980s all over again, despite bug bounties and stunt hacking having become so popular.

Here’s a perfect example from Facebook.

In 2017, I got fed up. I filmed a little experiment with the now-co-host of my podcast, Luke Bailey. We made a brand new Facebook account and I spent the week manually liking conservative Facebook pages and then every subsequent page the platform recommended for me. The Right-wing Ryan radicalized and hard. My feed jumped from normal Republican content to creepy boomer posts about sexy women to Alex Jones posts within a week.

Facebook was very mad about this! Their response was, at the time, the most aggressive they had ever been with me: “This isn’t an experiment; it’s a stunt. It isn’t how people set up or use Facebook, and suggesting so is misleading.”

I should also point out in 2017 a researcher reporting a vulnerability would have expected a massive bug bounty payment in an infamous reward system of Facebook. However, in this story the security failure was so bad, the vulnerability so deep, Facebook security responded with the opposite — they told the researcher to stop doing things in ways that prove a systemic lack of safety on the site related to business logic flaws (BLF).