HTTPS Everywhere – what is it good for?

There’s a growing chorus of voices in infosec these days, calling for the effective deprecation of unencrypted traffic over the web. The only useful purpose port 80 serves these days, they argue, is to redirect to port 443.

Their arguments tend to run along these lines:

  1. HTTPS is the right way to handle encryption on your website (and other services, too). That’s true. It’s a well-established, well-understood standard that has gone through some awkward moments, but has emerged from the process as a robust and easy-to-use security layer on your web server.
  2. HTTPS protects you from unethical ISPs/states/actors who like to inject your traffic with unwanted ads and other nasties. That’s somewhat true, but requires a little unpacking, because there are some notable edge cases:
    1. Many corporations install their own certificate authority on approved devices, and use their own certificates to intervene in communications between you and other secure sites. This allows them to sit in the middle of your communication with your bank, for example.
    2. Anyone who can get access to either of the end points can simply watch the unencrypted traffic on either end, rendering any security measures in the communications protocol moot.
    3. Setting up and breaking down a secure session is an extremely difficult process that is well-understood by a very few people. The theory is clear enough, but applying it in practice can get hairy. The 2016 WPAD exploit is a prime example. It was demonstrated that you could use a near-obsolete, insecure method of discovering your network’s proxy settings to eavesdrop on secure communications. (Of course, if you could manipulate that setting, you could pretty much do what you want to the browser anyway. The point here is that there are ways for people to eavesdrop on your secure communications and leave you none the wiser, with or without HTTPS.)
    4. Establishing the identity of remote sites is still a bit fraught. It’s better today than it was in the past, but an SSL cert on its own is insufficient in the absence of a broader, systematic web of trust. These things require international cooperation, protocols and standards. Not all parties want the same thing, and few indeed are focused only on what’s best for the end user’s privacy. HTTPS Everywhere doesn’t move the markers in this part of the debate.
    5. Cross-site tracking cookies are a much more pernicious and troubling way for unscrupulous commercial actors to inject themselves into your day to day web traffic.

None of these are arguments against the use of HTTPS. You should use it when you can. Just because the other guy’s going to win doesn’t mean you shouldn’t at least make him work for it. But these are considerations that have to be borne in mind when people start suggesting that a web with HTTPS everywhere is a safer, more private place for everyone.

  1. HTTPS is growing in use. Get on board! That’s an argumentum ad populum. It’s a useful observation—and a Good Thing—but not reason to move in and of itself.
  2. Plain old HTTP is insecure, and untrustworthy. The first part is true, and people should know it. Google Chrome’s recent decision to mark all plain text websites as insecure is a good move. But the question of trust is more a practical than a technical issue. In other words, you can communicate securely with an untrustworthy information source, and you can communicate insecurely with a trustworthy source. Trust between end points needs to be distinguished from trust in the communications medium. Technical experts who advocate for HTTPS everywhere sometimes confuse the two. Non-technical people often do. Which means we have to be extremely circumspect about what we promise when we talk about making things more secure for them.
  3. HTTPS is secure and will protect you from eavesdropping. Yes it is, and no it will not. Yes, the protocol is solid. It’s really easy to do right (which is incredibly important for security), and it works for the purpose intended. But it’s only one part of a much, much bigger picture. As Bruce Schneier is fond of saying, the bad guys only need to find one way to win. Most systems have more than one way in. Many systems allow state-sanctioned eavesdroppers in through the front door.
  4. Encrypting even normal traffic means that you’re protected from state surveillance across the board. If they can’t differentiate your traffic, it makes it harder for them to single out the things they object to. Sad to say, the real world doesn’t work that way.

If a state wants to watch what you’re accessing over the web, they will find a way. At very least, they will know the end points you’re connecting to. If they’ve singled you out for observation, you’re going to face issues even if you use TOR, VPNs and other tools. Between compromised devices, networks and information providers, your options are quite limited if people decide to watch you individually.

If you’re not being singled out, they probably don’t care what you’re looking at. They might care about individual sources, but in cases like that, they’ll just block the site sources.

But wait—what about someone who’s not yet been targeted, and doesn’t want to be? Good question. There’s a marginal case there, but again, using HTTPS Everywhere is probably not going to be the decisive factor. It sure isn’t in China.

There are very good reasons to support the spread of HTTPS. Anybody who tells you otherwise is just… wrong. You should use it when you’re doing anything that involves your personal information. That includes everything from chatting with friends about what movies are good to transferring millions into your superyacht fund.

But to conclude from this that ‘the only purpose for port 80 these days is to redirect to HTTPS’ is a bit naïve, sad to say. It assumes that there are technical solutions to social/political problems. That’s not necessarily true:

  1. We’d be vastly better off with regulatory/legislative intervention to stop ISPs and others from messing with your web traffic. The reason for this is that removing the mandate to inject gunk into your web traffic is a far more effective way of circumscribing what ISPs are allowed to do. Let’s call it (part of) Net Neutrality. With or without HTTPS, we still need this regulation. Politically, cynical ISPs can point to HTTPS Everywhere and use it as an argument against net neutrality regulation. It’s not entirely rational, but that’s not to say the argument would be ineffective.
  2. When changing collective behaviour, it’s often better to proscribe the behaviour rather than prescribe the technical cure. People will always seek ways to fulfil the letter of the law and still achieve their own selfish ends. So an emphasis on better law is generally more effective than emphasising better tech.
  3. State actors and other surveillance groups generally don’t care that you’re looking at public access websites. When they do care, they just block the site at the ISP level. Yes, there are edge cases where you can get in before they know it matters, but that’s true with and without HTTPS. Encryption does add a slight advantage when it comes to internet whack-a-mole, but it’s only slight. And it’s likely to be ephemeral.
  4. If someone really wants to track you, they will compromise your end points, not the network layer. This is what China does. They just sit people inside the offices of the main online services. Law enforcement and signals intelligence agencies do much the same thing. They’ll either compromise your devices, or they’ll compromise the other end-point, often with the assistance of the service provider. The FBI attempted this with TOR, with partial success.
  5. HTTPS is easy, yes, but easy is not the same as simple. Just because you’ve got your cert properly set up doesn’t mean you’re safe. Focusing on HTTPS to the exclusion of other considerations or overselling its benefits could create a false sense of security. It’s far easier to designate something ‘untrusted’ than it is to determine that the same thing is ‘trusted’. We need to be careful about what we’re selling when we say that HTTPS Everywhere makes us more secure.

Widespread use of HTTPS is a Good Thing, and should be encouraged. But mandating its use everywhere is of limited additional utility where your practical security is concerned.

In a nutshell, universal HTTPS alone is insufficient to change or curb malicious human behaviour; and the additional measures that are necessary don’t require HTTPS everywhere to succeed.

HTTPS everywhere would achieve only a marginal and possibly ephemeral gain. In practical terms, people who are most vulnerable to unwanted collective or individual surveillance by state actors gain very little from this.

But let’s keep perspective: Opposing HTTPS Everywhere is a foolish waste of time and effort. We should encourage its spread. What we should NOT do, though, is pretend that the end of port 80 is the end of our privacy concerns, or even a particularly notable win. It’s a marginal improvement at best.

My beef is with people who think this is a big win for privacy. It’s emphatically not.

Living with depression is better than the alternative. Until it’s not.

Preface: People need to understand that, for a lot of us, no amount of affirmation is going to change how we feel. Depression is treatable in many cases, but not necessarily curable in any case. This means that sentimentalising the problem is emphatically the wrong approach.

It is for me, at least. It drives me up the fucking wall to have to listen to people tell me how good I am, how much better the world is with me in it, how if I just stick with it a little longer, things will get better.

Because here’s the thing: They may get better for you, but for me they don’t.

I cope better on some days than others. I’ve had a lot of practice. I find ways to experience joy in the midst of overwhelming sorrow. But that doesn’t mean the sorrow goes away. You may have trouble grasping this—lord knows I do—but you can feel good about yourself and be the same worthless person you were when you woke up this morning. There is no contradiction there.

People think that when we say, ‘it’s all in your head’ it’s therefore transient, ephemeral and mutable. It’s not. You can change what you think about it, but you cannot change the thing itself.

So if, in the course of reading this, you find yourself wishing me well… don’t. I’m not well. I never have been, and I never will be. But I have a life. It’s a good one, and I’m not stupid enough to fail to recognise that. So kindly refrain from reminding me.

Now, on to my confession…. Continue reading

SHAME

People’s attitudes toward women are ruining lives, and it’s sickening

A few days ago, I heard news about someone whom I’ve known for almost as long as I’ve been in Vanuatu. She was tied by her hair to a post and beaten senseless by her partner.

Save your anger. I don’t want to hear it. Your outrage is meaningless to me.
You did this. Every single one of you.

Admit it: you loved it when they posted a false report that a local woman had been arrested for prostitution. She was framed and shamed simply because she’d had more than one partner. And you automatically believed she was guilty.

You loved it when a local man was wrongly accused of sexual assault and consorting with prostitutes. He was outed because he refused to lie about someone else. The threat could only work because you were willing to believe the woman was a whore.

You downloaded and shared copies of the intimate photos taken of a young professional who was tricked into sharing them with a man who swore that he was single. His wife takes him back, and the woman he lied to is the one who’s punished. Every time she walks into a meeting, she has to ask herself, ‘have they seen them?’

Yes, she was naïve. Do you think that justifies years of anguish?

You blamed her. You blamed her for being treated cruelly by others.

Blame yourself. You heard your neighbours fighting. You heard that woman cry out. You saw her tears.

You. Not someone else. Not someone down the road or in the next yard.

You’re reading this and thinking I’m talking about everyone else. I am talking about you.

For months, you did nothing after your neighbour buried his wife under a nakatambol tree. You didn’t even ask where she was.

You let a girl jump to her death from a moving bus. You let her death go unpunished. And then to add insult to injury, you warned young women not to travel at night.

You didn’t lift a finger when that faith healer groped and sexually assaulted your daughter. Just changed churches and warned your daughter to look after herself. You were the one who sent her to him.

You let a pastor—a pastor—beat a woman in broad daylight in the main street of town, and you did nothing but stand around gawping.

Stop shifting the blame. Stop pretending that it’s not all men. Because it is all men. It’s all of us. Every single one of us. Yes, me too.

And you.

Not the other readers: YOU

When is it going to dawn on you that the way we treat our women is our national shame? What is it going to take?

My shame is real. I’ve known this woman for over a decade, and when we were neighbours, I made sure nothing happened to her. But I moved on and she didn’t. And I said nothing last week when she showed up with a black eye. I didn’t want her to feel bad. Now this happens, and I’m ashamed of my cowardice. I did nothing to support her.

No longer.

But anything I do won’t make one bit of difference if the rest of you continue being the callous, uncaring people that you’ve been. Don’t deny it. There is not an adult in Vanuatu who hasn’t turned a blind eye toward abuse. If you think you’re not part of the problem, then you’re a bigger part of it than you know.

You read that clickbait smear. You read that post, and you believed it. Even now, you’re twisting around, trying to find a way to defend your prejudice. You can’t. It was a pack of lies.

But you believed it because that’s what you think women are like.

I can’t even bring myself to care whether I’ve changed your mind any more. All I have to say is shame. Shame on me for letting a friend hurt so much. For letting so many suffer. Shame on me for letting you get away with it.

I don’t know how I’m going to sleep tonight. But to my shame, I know I will.
And shame on you. It could all change tomorrow. But it won’t. Because of you.

If you really are sincere about wanting to make things better, read this again, and accept in your heart of hearts that I am talking about you. And for once in your life, feel a bit of shame for your role in this suffering.

Then do something about it. Every day. Until the job is done, and the shame is gone.

Coates is not wrong

Posting this here because Twitter doesn’t always lend itself to nuance. (I know! I was gobsmacked too!)

Ta Nehisi Coates gets a lot of pushback from all sides for his polemical stance. It is abundantly true that his view, while popular among intellectuals, is not widely shared. Few people see through his lens on American history with quite the same acuity as he does.

That’s not entirely his fault. Just because you agree with someone’s premises doesn’t that you necessarily have to accept all of their conclusions. His Case for Reparations is a classic example. The line of logic is nearly inescapable. It is possible to quibble around the edges, to thicken the mix by introducing other variables, but the essay stands on its own.

Like the statue in the park, it endures despite the pigeon shit and graffiti.

But I still consider actual reparations a political pipe dream.

I have read Coates more deeply than widely, so if I miss something obvious here, please forgive me. But people who object to The First White President seem to do so because of his insistence of seeing the entire Trump presidency in terms of race. They accuse him, in fact, of buying into the very world-view he abjures. In today’s New York Times, Thomas Chatterton Williams overlays the German idea of Sonderweg, or ‘special path’ on Coates’ narrative of blackness.

That’s neither kind nor accurate. Coates is not advocating a view of history defined by race; he is admonishing people to accept that America’s history is defined by a particular view of race. Or, if you prefer the more modest argument: Black American’s history is defined not by how they saw themselves, but how others saw them.

If this is sonderweg, it’s through a glass, darkly.

The difference between those two statements seems to escape many. The discourse around Coates’ writing is happening almost exclusively among the intelligentsia—which is only natural, of course; that’s who he is speaking to. These are the people to whom his arguments apply the least.

That last paragraph is a mea culpa. I’m as guilty as any in that regard. But I can offer two observations that support his thesis:

Everything I have seen of local politics—the way that people impose their world view on their immediate surroundings—in the American South supports what Coates says. From road works to mental health services to store hours to zoning by-laws, prejudice and race are baked inextricably into its formulations.

Back during the Dot-Com Boom, I explored the idea of moving to the States to work. I had a lot of American clients, they paid well, and offered some really ambitious opportunities. But I was constantly confronted with the realisation that buying the American Dream meant buying into this nightmare too, at least implicitly.

Even in San Francisco, that bastion of liberalism, the divisions run deep. Lost in the city while searching for a store, I was stopped by a cop. He told me he would escort me back to my car. “You’re gonna turn it around, and never come back here,” he told me, explaining, “The natives are restless.”

I did turn around. And I’ve never been back to San Francisco.

Is just one racist cop enough to convince me that Coates’ depiction of race as a guiding vision is valid? Of course not. That was just the most vivid example.

My second point—and historians might have a field day with this one:

Isn’t America the only nation in history to have fought a bloody civil war over slavery—in which the enslaved were the object, but not the subject, of the effort?

An entire nation ripped itself apart on behalf of the victims of monumental injustice, and neglected actually to enfranchise, or meaningfully involve, those it fought to free.

The United States of America is unique. Its history is defined, if not driven, by a peculiar and distinct view of race. And yes, Donald Trump is the First White President. It would be foolish to deny it.

That’s not all he is, of course, but it is what he is. And Coates is right: it’s useful and productive to look at him in that light.

Outside Influences

Something that’s been bothering me about ‘outside’ influences….
 
One of the common refrains that you hear whenever someone advocates for change–here in Vanuatu, and throughout the world–is that these are foreign ideas imposed by radically different cultures. In other words, they’re incompatible with the way of life we’ve enjoyed since we were created according to our particular culture’s creation story.
 
But most progressive ideas are not foreign ideas. They’re not ‘western’, and they certainly are not incompatible.
 
How do I know? Because I know my own culture. I come from a deeply conservative Irish background, and there is nothing in my heritage that drove me to protest nuclear proliferation, to oppose government corruption, to advocate for environmental causes, or to oppose violence against women and children.
 
I learned all those things on my own. Yes, I am happy and grateful to be able to stand on the shoulders of giants in all of these things. The people who pioneered these concepts in Vanuatu–Marc Neil-Jones, Wan Smolbag, Merelyn Tahi, Grace Molisa, Florence Leingkon, and now Stephanie Ephraim–are not western dupes. They are all the opposite of easily led.
 
People who have the strength to campaign for justice, who have the courage to belief that we owe our children a better world… they’re not stooges of the New World Order. They are your brother, your sister, your auntie, your dad.
 
Respect for kastom? Yes. Absolutely. As long as kastom means peace and harmony FOR ALL.
 
But when ‘respect’ means sit down and shut up and wait your turn (which will never come, because it’s always my turn), that’s not kastom. That’s just plain old wrong.
 
Our culture should stand strong against outside influences? Well… I don’t know. Culture–all culture, everywhere–is changing every day, every moment. Kastom and culture are who we are today. They are who we are yesterday, too. And tomorrow.
 
And each of those is different.
 
Oppose change if you must. But if you do, at least to honest enough to attack the idea on its merits, not merely because it’s ‘not ours’.
 
Nobody told Flo she didn’t have to take it any more. Nobody told Steph to get cussing mad. Nobody told Grace to denounce injustice. Nobody told Merelyn to devote herself to saving lives.
 
Their experience, their insight, and their activism is born out of the blood and soil of Vanuatu just as much as Independence was.

Searching for JJ

Some people spend their lives in endless, often fruitless pursuit of an Academy Award. Those people are not from Vanuatu.

Vanuatu woke up today to a rather startling piece of news. Tanna, a movie filmed entirely with amateur indigenous actors on location in and around the kastom village of Yakel, was a finalist for the Best Foreign Language Film Oscar. Then it rolled over and went back to sleep.

When I got the news of the nomination, I began a full-court press to get a reaction from the cast.

That turned into an adventure.

I confess it freely: My heart skipped a beat. Not just because of the inarguable beauty of the film. Not just because it is woven of the same stuff that persuaded me to make a new life in the South Pacific so many years ago.

Mostly, it was because I wanted to see the look on Marceline’s face.

Marceline plays a key role in Tanna’s tragic story. She was nine years old when the movie was made. Significant parts of the film are viewed through her eyes, and her innocence is the gateway to unutterable grief before the credits roll.

I met Marceline on her very first day outside of the island of Tanna. She had never seen a town as big as Port Vila (POP. 50,000) before, and it was exhausting. When she and some of the cast showed up at our radio station late in the afternoon, she was done in. I asked her a few questions in Bislama, and received monosyllabic answers in return. Before the interview was even halfway done, she was full length on the leather couch, sound asleep, her head in cast-mate Marie Wawa’s lap.

Marceline’s world in Tanna is not a fiction. It’s not a memory, either. The scenes you see in Tanna are still playing themselves out today. Her clothing might be a little more natty than what you saw in the film, but grass skirts are still the going thing.

My heart went out to the little girl as I watched her struggling to come to terms with a place that had car after car after car, a place that was noisome and dusty and loud.

I started to take her photo at one point, but immediately relented when I saw her begin to flinch.

One of the stars of the movie Tanna, nine year-old Marceline, smiles during the gala premiere of the movie at Tana Cine in Port Vila. Tanna opens to the public tomorrow.

How in the world was she going to be able to deal with the strobing tumult of the red carpet? The cast members were en route to the Venice Film Festival, following Tanna’s selection in the prestigious Critic’s Week. The film went on to win the People’s Choice award and the Critic’s Award for cinematography.

On their return, I caught up with the group at the airport, shortly before they headed back to their island. Marceline seemed perfectly at home in her skin, a changed creature from the shy and hesitant child I’d seen only a couple of weeks before.

“How did it go?” I asked her in Bislama. “When all the photographers were taking your photo all at once, how did you manage it?”

She shot me a worldly, knowing look, and said, “You get used to it. After a while, it’s no problem.”

The next time they came to Port Vila, it was for the Vanuatu premiere of the film, at our only actual cinema. Marceline and the rest of the core cast members were there, all dressed up in their ceremonial regalia.

This time, when I pointed the camera at her, she gave me a smile as wide as a river.

Starring in one of the most notable films of the year doesn’t quite have the same cachet in Vanuatu as it does elsewhere. For one thing, people have to know about it.

We contacted the Cultural Centre, which facilitates contact with Tanna’s traditional villages. They told us that the phone number they had didn’t work anymore, but there was good news: JJ and Dain, producer and lead actor respectively, had moved up in the world.

They’d both left the island and found employment. As night watchmen with a local security company.

No number was available, but this is Vanuatu, after all. We decided to use the tried and tested coconut telegraph method.

The Cultural Centre worker told us that JJ—whom the world knows as the interpreter on Channel 4’s wildly popular Meet The Natives—was still around. He’d acted as ambassador/interpreter/facilitator between a group of Tannese men from a village that bestowed demigod status on Prince Phillip, and their hosts at different locations in the UK, including Prince Phillip himself.

JJ, happily ensconced at the Daily Post office after a day-long search for him.

JJ is a man about town. He’s gregarious, knowing, worldly and warm-hearted. He’s also a gifted promoter and knows how to keep himself in the story. An essential person, in other words, if you want to spend six months creating a film based on tragic events that are still vividly etched in the memories of the people of Yakel village.

Dain is utterly the man he portrays in Tanna. Laconic, deeply honourable and dignified, terse almost to a fault. And smouldering. Sadly, he’s also gone back to Tanna. He’d had enough of punching the clock.

And we won’t see Marceline until she transits through on her way to Los Angeles.

But we soldiered on throughout the day, fruitlessly searching for JJ, our last best hope. Our Modus Operandi was simple: Find a place he’d been seen, go there, and ask where we could find him.

Again and again, I said the magic words ‘Academy Award’. No bite. People smiled and said, ‘Oh, that’s nice.’

‘It’s the highest possible prize a movie can win,’ I said.

‘Is it? That’s very good,’ they replied, in the tone a parent takes when a child brags about that shot they took at soccer.

Nobody had seen JJ, and nobody was particularly fussed about that, least of all JJ. We tracked down his dad, though.

‘Do you know where he got to?’ I ask.

‘Oh who knows with that boy? He goes where he wants,’ said Dad, half fondly, half peevishly.

‘Well,’ I said, ‘the entire world wants to hear from him. We really anxious to get him down to the radio station for an interview.’

‘Okay,’ said Dad, nodding gravely. ‘How’s tomorrow?’

‘Tomorrow’s fine. But today would be much better.’

We got back to the station, ran our nightly news piece on the difference between an American Oscar nominee and a Ni Vanuatu nominee. I put the finishing touches on this story and was moments away from filing…

Our receptionist said to me, ‘Boss, there’s a man to see you.’

‘Who?’

‘He says he’s from Tanna.’

JJ, at last. He came sauntering in with a casual smile.

I ushered him up to our studio and quickly into the interview. He was imperturbable.

‘Going back to LA is like going back to my home,’ he said with a grin. He’s not exaggerating much. JJ has been a key fixer on two significant television series, and the cast of Tanna have strolled down so many red carpets that they’re beginning to think that’s what a building entrance looks like.

The lesson we take from the day is almost Zen. The movie star who works as an occasional night watchman can wander around town all day without a care in the world or a penny in his pocket, and sleep better at night than Meryl or Leonardo have in their lives.

We finish the interview, take a few photos—in which JJ demonstrates his ineffable cool—and when we’re done and walking to the door, he says to me, ‘They told me you would pay for my bus fare if I came down?’

This won’t get better soon

It’s already become clear that the White House explicitly overrode a DHS determination that contended the ban didn’t apply to Green Card holders and other valid, vetted residents. The ACLU is reporting that some officials are not abiding by a number of stay order issued at courts in at least three locations.

As a legal instrument, at least one scholar sees this particular Executive Order as so incredibly flawed that it won’t stand up to a sustained legal attack by the ACLU, CAIR and others.

Most worrying though are the reports circulating that the drafting process bypassed the normal interdepartmental and legal review stages, and that DHS was only briefed on the content of the Executive Orders as they were being signed. This doesn’t sound like an administration that’s particularly worried about adhering to the letter of the law, or bringing a lot of people into the conversation. Not sure how that will stand up over time. Politics is often petty and vengeful, and the White House is already leaking like a sieve. It might be that their incompetence is what does them in. It may be that their unwillingness to share power will do it.

My personal feeling is that neither one will stop them. I think people severely underestimate the lengths that this administration will go to to see this through. When Donald Trump promised the people of America that he would never back down, that he would do everything to advance the cause… I think he was speaking literally. When Steve Bannon says that we’re at war with Islam, I think he believes it fervently. When Flynn and others portray their work as an existential fight, I think they’re sincere in that.

Left-leaning people and other opponents have mobilised quickly, but they’re expecting the administration to react the way they would react. They think that public shaming, legal action and political activism will drive Donald Trump’s administration back. I fear they’re wrong. They will be seen as traitors and subversives, and they’ll be treated accordingly, through formal and informal means. They don’t realise that their resistance will ultimately have to be physical. They should be reading up on their Thoreau right about now….

Did Russia ‘hack the election?’ Yes and No

Here’s a quick summation of where we stand, based on public domain analysis and reporting, vis-à-vis the purported Russian ‘hack’ of the US Presidential election.

Anyone who claims that the Podesta emails were not real is delusional. There’s no real dispute over that.

Anyone who believes that Julian Assange isn’t biased against Hilary Clinton is also delusional. Mr Assange also shows a disturbingly willful blindness to find any problems with the state of civil liberties and human rights in Russia—this, again, is not really subject to controversy.

Anyone who believes that Assange can be certain about the origin of the Podesta emails doesn’t understand chain of custody. His de facto imprisonment in the Ecuadorian Embassy makes it physically impossible for him to objectively, empirically verify any claims of provenance. If this were evidence for the courts, he wouldn’t be allowed to testify as to the provenance of the emails.

Anyone who has examined the pattern of overt and covert activities as already detailed by public domain sources that has been judged with a high or a moderate level to confidence to originate from the Russian state would be foolish to deny that there isn’t a strong preponderance of evidence that yes, Russia conducted an anti-Clinton (dis)information campaign.

On-the-record print and TV interviews with avowed state-paid Russian trolls who profess a strong preference for Donald Trump constitute probitive evidence of a classic old-school dezinformatsiya effort. It’s something that both sides used frequently in the Cold War. RT’s overt anti-Clinton editorial slant is obvious, and strongly contributory. Assange’s frequent appearances on the channel are evidence of nothing more than a bit of narcissism on his part.

The fact that the APT28 modus operandi is consistent with well-documented spying activities against the Bundestag as well as the TV5 cyber-attack is a substantive plank in the circumstantial case. The fact that APT28 code was almost exclusively developed in a Russian language build environment, in the Moscow time zone is damning. The fact that that they used of bit.ly as an URL-obfuscator—and then committed a rooky OPSEC slip-up that allowed investigators to see what other individuals were targeted by the same account—is compelling. The fact that APT28 source has been found in the wild doesn’t diminish the likelihood that this particular use of it originated from the Russian state. The use of encryption keys and certs (e.g. the way the software ‘phones home’ securely) pretty much makes it impossible for third parties to use the code without significant—and obvious—re-engineering. There is no evidence of such changes. In fact, at least one cert used in the Bundestag hacks was re-used in this effort.

The evidence suggesting that Guccifer 2.0 is almost certainly not Romanian (as ‘he’ claimed), and is probably a Russian speaker, is not probitive, but it’s strongly contributory to a conclusion that the account is a sock puppet, probably linked to a Russian source.

The USA intelligence community lacks credibility. It has relied far too much on its own much-sullied authority to make its arguments. But its credibility is laughable, and its patent insincerity and systematic dishonesty is demonstrated by a mountain of evidence. The fact that their assertions are consistent with open-source evidence indicates, however, that they’re not lying about everything—this time. That does nothing to diminish the fact that they’re driving a clear agenda, possibly because they don’t trust Donald Trump and they feel he’s compromised, or at least willing to put personal interest before national interest.

Conclusion: It’s not necessary to believe the CIA/NSA/FBI to conclude that there is a concerted Russian effort to subvert the integrity of key aspects of American democratic institutions, including the US Presidential election. The Russian state has motive, means, opportunity and there is sufficient evidence to suggest that, in absence of any more compelling explanation, they have probably been at it for quite some time. Did they ‘hack the election’? No. Did they sway it? They certainly put a lot of time and resources into the effort. Did they change the outcome? Probably not. The single event that correlates most closely with an actual swing in the electorate is James Comey’s letter to Congress concerning the Weiner laptop. Did they help swing it? Almost certainly, yes. There’s a compelling argument to be made that if countless sources—with Russian actors prominent among them—hadn’t worked so hard to poison the Clinton well, the Comey announcement wouldn’t have been so decisive.

Continue reading

Don’t argue as if the world were sane

Glenn Greenwald, in every respect a reputable, diligent and ferociously smart gadfly, continually forgets to remember that few people are as sane and as willing to be led by evidence as he is. It’s his great failing.

Nowhere is it more visible than in his incredulity toward the CIA and the rest of the US state security apparatus concerning their claims of Russian tampering in the election process. He is dead right to mistrust the CIA’s every utterance. Lying, after all, is a large part of what they do for a living. Likewise, a politicised and partisan FBI is not a useful source for agenda-free commentary on Russia’s disinformation campaign.

But none of the above provides a sufficient basis to say that Russia has not played a direct and active role in the subversion of the American democratic process. Using the espionage establishment’s lack of credibility to refute the claim of Russian meddling is completely illogical.

We discount or discard the CIA’s claims precisely because we know that they’ve done far, far worse countless times in the past. We know they’ve planted or spun innumerable stories. To people living in vulnerable parts of the world, it’s simply axiomatic that Voice of America and USAID are tools of American influence. We also know they regularly use economic leverage to bring about certain policies, and they regularly plant stories to tarnish the image of any government that doesn’t toe their line.

Yes, they’re hypocrites and liars. Nobody disputes that. Yes, they’re guilty of exactly the sins of which Russia stand accused. But if anything, that realisation should reinforce the suspicion that Russia might be giving back as good as it gets. (Or better, depending on where you stand and how you feel about the success of the campaign to tarnish Hillary Clinton’s reputation.)

The sins of which the Russians stand accused are exactly the things that powerful countries do. They do it continually, shamelessly and cynically. It’s what they do. Continue reading

Weapons of the Weak

Radio New Zealand journalist Johnny Blades created a memorable image last week when he posted a montage of six heads of government from some of the smallest states of the world, each standing at the podium at the United Nations General Assembly.

The leaders of these six countries—Vanuatu, Solomon Islands, Tonga, Nauru, Marshall Islands and Tuvalu—all raised the issue of continuing human rights abuses in West Papua, and advocated for its right to self-determination.

These representations should by rights have emerged from the Pacific Islands Forum in Palau, but if rumour is to be trusted, the organisation’s larger economies are responsible for the Forum’s resounding silence on the issue.

In a tacit demonstration of the unwillingness to live within the Forum’s constraints, a half dozen Pacific leaders engaged in an orchestrated manoeuvre, a chorus of complaint against the clear pattern of systemic disregard for the human rights of indigenous West Papuans.

Talk may be all we can do about it, but at least we can do that. Continue reading