Category Archives: Current Affairs

Some awesome documentaries

My ex boyfriend really enjoyed watching documentaries (and he even got me to pronounce the word correctly!) so I’m going to start a new “documentary” section for my blog, so maybe I’ll spend more time watching them and sharing them here. A good place I’ve found to look for some good ones: https://www.reddit.com/r/Documentaries/

Me watching the North Korean documentary
Me watching the North Korean documentary

 

 

 

The very thought provoking things I’ve watched lately:

Vandana Shiva: Food, Ethics, and Sustainability

(start on 24:50. from here: http://www.yesmagazine.org/about/vandana-shiva-speaks-at-seattle-town-hall)

This Is What Democracy Looks Like (Seattle 1999 WTO)

All Wars Are Bankers’ Wars

North Korea Exposes the Western Propaganda

A local initiative for the people’s right to privacy

“Gentlemen do not read each other’s mail.”

This was said by Henry L. Stimson in 1929 in support of the US State Department’s defunding of the Black Chamber program that was used to decipher foreign ambassador communications. At that time, Stinson was the Secretary of State under President William Howard Taft. Stinson’s opinion, however, is said to have changed while he served as the Secretary of War under President Herbert Hoover and President Franklin D. Roosevelt, in which the United States government relied heavily on the enemy’s decrypted communications during wartime.

Mass surveillance is a crime against people, not just the American people. The people did not ask for it, not even the special interests behind the development of the Patriot Act. Secret mass surveillance and secret laws are instituted and accepted by people in power, to gain and maintain power, which are acts that are illegitimate of a developing democracy. They are illegitimate acts of a country that developed the Internet.

Civilly speaking, cryptographically encrypting information before transmission is the same as licking and sealing a letter before mailing it. It is the same as closing a clear glass door on a telephone booth before having a private conversation. It is the same as putting on clothes to protect things expected to remain private.

I expect that only entities that privately sign digital certificates that create the foundation for private chats, private socializing, and secure transactions on the internet can decrypt my information. It should be illegal for entities beyond the original signer of public key infrastructure certificates to have a copy of the private key in such a way that allows said entity to view or record the decrypted content that is expected to remain private between two specific parties. It should also be illegal for any entity to attempt to break or subvert encryption mechanisms on common-carrier infrastructure as long as that data is being transmitted or being stored on American soil, no matter the nationality of the person transmitting their encrypted internet content. It is time for the United States to learn from its mistakes and emerge as a civil liberties leader.

What I would like to do is identify other leaders throughout the United States that want to pass a shared city law that makes illegal the above acts. We should all vote for and approve these laws in tandem to reduce the risk of federal or state legal threats. Cities need to come together to protect local internet infrastructure.

Governance representatives are failing to protect the nature of our constitutional protections in law and debate.  They are failing to understand the importance of the Internet. Federal representatives are literally working backwards at times, with the Patriot Act, CISPA, PIPA, and the TPP as perfect examples. It is time to work from the ground up and enact local laws that affect local internet infrastructure.

We cannot let special interest groups, that bribe our representatives, write our laws for us. The interest of the people needs to be voiced through local law. Let us tell state and federal government that it is not okay to subvert public law with secret law, and that mass surveillance cannot be tolerated, period. Law enforcement has worked, successfully, for hundreds of years without mass surveillance. The city laws that I am proposing do not inhibit the normal procedure of law enforcement to acquire a warrant, through justified evidence, to obtain private information about specific individuals to prevent or punish crime.

In addition to hosting DNS root servers and the Seattle Internet Exchange, the Westin datacenter connects us to billions of un-Americans on the other side of the Pacific Ocean. Many other cities throughout the United States host similar infrastructure. These communication points are ideal for the placement of unethical surveillance equipment, and we must make this act illegal in our cities. Let us put pressure on our state by protecting local resources, the technology that ensures the security of our online communications, and the integrity of our local businesses.

From https://www.aclu.org/sites/default/files/assets/lavabit_brief_of_us.pdf, it is clear that sometimes our founding legal frameworks are not explicit.

THE FOURTH AMENDMENT DOES NOT PROHIBIT OBTAINING ENCRYPTION KEYS FOR THE PURPOSE OF DECRYPTING COMMUNICATIONS THAT THE GOVERNMENT IS LAWFULLY AUTHORIZED TO COLLECT

Let us build our own laws for our expectations of privacy. For example, as described in the book, Toward an Information Bill of Rights & Responsibilities (http://yawnbox.com/?p=283):

Preamble

Information privacy is the claim of individuals to determine what information about them is disclosed to others and encompasses the collection, maintenance, and use of identifiable information. Privacy is an important value in a democratic society. For individuals, it enhances their sense of autonomy and dignity by permitting them to influence what others know about them. For associations, privacy enhances the ability of individuals to function collectively by permitting the association to keep deliberations and membership and other activities confidential. For society, privacy fosters individual and associational contributions to society, promotes diversity, and limits undesirable conduct and abuse of authority by government and other institutions.

Privacy is not an absolute right. It must be balanced with competing values and interests, including First Amendment rights, law enforcement interests, and business or economic interests in information. The following Code of Information Rights and Responsibilities attempts to strike an appropriate balance between privacy and competing interests, in an environment shaped be technological breakthroughs in the ability of organizations to collect and disseminate personal information.

A number of characteristics of the new information environment make it imperative to adopt a Code of Information Rights and Responsibilities. These include:

  • Technological enhancements in the ability to capture, store, aggregate, exchange, and synthesize large quantities of information about individuals, their transactions, and their behavior;
  • Proliferation of powerful computing capacity to the desktop;
  • Creation of worldwide networks through which information about individuals can easily, cheaply, and quickly flow;
  • Increasing use of target marketing, modeling, and profiling;
  • New technological abilities that permit individuals to access personal data maintained by others;
  • Decreasing cost of computing technology used to manipulate data;
  • New social and cultural values and developments regarding personal information.

Two general principles apply to all of the provisions of the Code of Information Rights and Responsibilities. First, an individual is entitled to greater protection and due process when information is used to make determinations about his or her rights, benefits or opportunities. Second, the protection of privacy must be interpreted consistently with First Amendment principles. Resolving the inherent tensions between the values of privacy and the First Amendment must take place on a case-by-case basis.

The scope of the Code of Information Rights and Responsibilities is limited to individual and associational privacy as defined above, and does not cover government and corporate interests in secrecy. It addresses how activities of information keepers and processors involving the collection, maintenance, and use of personal information should be evaluated when privacy interests overlap or conflict with other interests, values, or significant community needs.

First Principles

A. Collection
There should be limits on the ability of information keepers and processors to collect personal information. Information should only be collected when relevant, necessary, and socially acceptable.

A-1.
Information should be collected directly from the individual whenever possible.

A-2.
When not collecting information directly from the individual, notice, access, correction, and other rights should be provided if the information is used to determine rights, benefits, and opportunities.

B. Notice/Transparency
Individuals providing information to an information keeper and processor have the right to receive, at the time that information is provided, a notice of information practices describing how the information will be used, maintained, and disclosed. Information keepers and processors must provide a copy of notice of information practices upon request. There should be no secret systems containing personal information. Individuals have a responsibility to make informed choices about how information about them is to be used.

C. Access and Correction
Individuals have the right to see and have a copy of any information about themselves maintained by others, consistent with the First Amendment and with other important public and private policy interests. Individuals have the right to seek correction of information that is in error. When a correction is made, the individual may require that copies of the corrected information be provided to all previous recipients. Where this is a disagreement about the accuracy of information, the individual may include along with the disputed information a statement of disagreement.

D. Use
Information may only be used for a purpose that is identified and described at the time that the information is collected. Other uses may be permitted only if they are not inconsistent with the original understanding.

E. Disclosure
Disclosures other than those described at the time of collection may be made to third parties only with the consent of the individual or where required by law. Explicit consent by the data subject shall be required for personal information of the highest sensitivity and may be implied for less sensitive personal information. (Whether consent must be express [opt-in] or may be implied [opt-out] is an open question.)

F. Accuracy
Information keepers and processors must take appropriate steps to assure the accuracy, completeness, timeliness, and security of the information. Information keepers and processors must devote adequate resources to these functions.

G. Enforcement
Rules about the collection, maintenance, use, and disclosure of information should be enforced through suitable mechanisms, such as administrative processes, professional standards, civil actions, criminal penalties, government or private ombudsmen, and other means.

H. Oversight
There is a need for an independent federal entity to conduct privacy oversight and policy-making activities.

  • Information keepers and processors and others should be encouraged to explore technical means to protect privacy.
  • There should be an exploration of other means to promote self-determination in the use of personal information, including proprietary rights and dual control mechanisms.
  • The creation of information trustees who maintain personal data on behalf of diverse information keepers and processors should be considered.
  • There is a need to explore the rights and responsibilities of individuals and information keepers and processors when changes in the use and disclosure of information are developed after the time of collection.

Together we must begin drafting a law that can be shared by the people, city governance, and our local businesses. Together we must approve these measures and begin putting a stop to mass surveillance on any and all people, not just Americans, while also demonstrating our right to privacy.

Spearheading a Wikisource repository for political speeches

How did President Obama think about a politically-sensitive topic that concerns you a year before his presidency? How about 5 years before his presidency? 10 years? How far back in his public service does his opinion matter?

Politicians talk a lot. Everyday. Their public speeches should showcase their absolute and relative opinions about how they think Government should affect you. Where can you go to see what they said? How compassionate were they about the issues that matter to you? Did they lie? Did their opinion change? Why did it change? We can’t even begin to answer these questions unless we document them.

This project aims to have citizens use their cell phone’s video recorder to document the speeches of local, state, and national representatives. These videos will be uploaded to Wikisource.org, openly licensed using the Creative Commons, and transcribed so that search engines can index these important words.

The goals of phase one:

  • Develop a standard Wikipedia-modeled framework for properly documenting public political speeches
  • Spread the word to everyone so people know to record their representative’s public speeches
  • Spread the word to netizens who wish to transcribe and verify the transcriptions
  • Spread the word to journalists and researchers to constructively use this data
  • Wiki 1,000 political speeches within a one-year time span

Example: Remarks by the President on Osama bin Laden

 

Low-quality, high-entropy information incites war

This article is practice for my ongoing and developing theory of fundamental information classification. I do this for fun.

From the SANS NewsBites Vol. 14 Num. 76 email:

The Financial Services Information Sharing and Analysis Center (FS-ISAC) has issued a warning to US financial institutions to be alert for cyberattacks following outages on the public websites of Bank of America and JP Morgan Chase. There are reports that several banks are being targeted by distributed denial-of-service (DDoS) attacks, but the others have not been named. The warning from the FS-ISAC comes just two days after the FBI issued a fraud alert warning that cyber criminals may be launching attacks as a distraction from attempts to conduct fraudulent wire transfers. National security officials in the US now believe that Iran is behind the attacks on the bank sites, and they may have been launched in retaliation for US sanctions on Iranian banks.

Source-provided link: Officials see Iran, not outrage over film, behind cyber attacks on US banks

The primary information of this specific article includes: “Iran” “attacks”, and “US”. Information classification has been discussed here: http://yawnbox.com/736. Information entropy has been discussed here: http://yawnbox.com/385.

All possible facts aside…

A group of purported hackers in the Middle East has claimed credit for problems at the websites of both banks, citing the online video mocking the founder of Islam. One security source called that statement “a cover” for the Iranian government’s operations.

A “…source…” existing at all is primary-derivative information, because the primary information would exist without the support of this derivative information — in other words, the information network(s) that this article is, is bettered by the inclusion of this derivative information.

All in-network information (having to do with the primary information) should start out with a “primary-” indicator. All in-sub-network information, or, information concerning supportive information (secondary, meta, operational, or derivative) should start out with a “primary-[secondary,etc]-” indicator. Dependencies should always be explicit when identifying information classifications and information network definition.

“One [ ] source…” is low-quality primary-derivative-operational information. It is “operational” because of the defined rule of there being one and only one source, from which the primary information is presumed to be based, creating a low-quality primary-derivative information dependency. The stakes on this dependency is high and the explicit nature of one-and-only-one, lacking diversity or specificity, can only get lower one more time (zero sources). Information entropy = high.

One “…security…” source is low-quality primarty-derivative-operational-meta information. It is “meta” (purely: an indication about the nature of non-meta information and not definitive enough to be operational or derivative, yet attempts to be operational) information in an attempt to support the “…source…” operational information, being that “security” has multiple (non-related) definitions that are dependent on third-party and/or non-communicated ideas. Information entropy = high.

Observational note: the inclusion of “…security…” to describe the “…source…” can go both ways in terms of supporting information or disinformation. It may be that fourth-tier information (primary=1st, -derivative= 2nd, -operational=3rd, -meta=4th) will always have this “either-or” effect. Or, perhaps, because it is dependent “meta” information.

“One security source called that statement “a cover”…” is low-quality primary-derivative-operational-derivative information. It is “derivative” information, in support of the operational information provided by the “source” (priamry-derivative) information. Due to the dependency on the upper-tier information (derivative and derivative-operational) and the stark “take my word for it (by an unknown actor)” play, information entropy = very high.

The attack is described by one source, a former U.S. official familiar with the attacks, as being “significant and ongoing” and looking to cause “functional and significant damage.” Also, one source suggested the attacks were in response to U.S. sanctions on Iranian banks.

“…[B]y one source…” is low-quality, primary-derivative-operational (see above) and primary-derivative-operational-derivative information. The additional, fourth-tier information classification (-derivative) is evident due to the fact that the language used distinguishes this source from the former source in the article. It is not “meta” information due to the fact that it is supportive in understanding the article’s supportive presumed-information. This additional information classification is further supported by the (still low-quality) primary-derivative-operational-operational information, or, the operational information that specifies that this source is “…a former U.S. official…”. Information entropy = high.

Observational note: Information can and likely always has multiple classifications.

“…[F]amiliar with the attacks…” is low-quality primary-derivative-operational-meta information. It is “meta” to the “…one source…” because it attempts to describe how well the source should understand the nature of the primary information of this article. It is implicit information, meaning that it is lacking any supportive information, yet is being used as supportive information for dependent upper-tier information.

Observational note: “implicit information” needs further definition. Perhaps it is simply high-entropy information, which requires an explanation, or it simply represents the nature of “meta” information.

“Also, one source suggested…” is low-quality and follows the same logic outlined above. This appears to be a third, unknown source. Information entropy = high.

The former head of cyber-security for the White House testified Thursday that “we were waiting for something like this from Iran.

“We” is low-quality primary-derivative-operational-meta information. It is “meta” because “we” (more than one, including s/he) is not supported by any explicit information–the sentence implicitly suggests close ties with the White House. It is attempting to support the third-tier operational information, or, the act of said group (second-tier derivative) expecting (third-tier operational) an attack “like” this. There is a disconnect here. At first glance, “we” reads as if explicit derivative (fourth-tier) information. It is very easy for me to read this sentence and presume that “we” is explicit given the implicit context of the quote. This portion of the article could be substantially bettered by the addition of derivative (fourth-tier) information. Information entropy: very high.

“…[L]ike…” is a huge red flag. This is low-quality primary-derivative-operational-meta information. Qualitatively, there are so many things that an “attack” can be like. US intelligence for government requires specificity. Information entropy = very high.

Retrospectively, all primary information networks that have dependencies on these  primary-derivative pieces of information have high to very-high entropy, meaning, the likelihood of misleading and/or disleading information is high to very high.

Information that is intended to conform an informee to an idea(s) can be dangerous. In the United States, citizens are often[1] exposed to information that compels an informee to generate information networks (knowledge) that align with the possibility of war between the US and Iran.

[1] http://www.aljazeera.com/programmes/listeningpost/2012/02/20122258252674477.html

This analysis of this single source is still dependent upon the likely existence of “secondary” information (the absence of primary information) and/or the likely existence of supportive (meta, operational, or derivative) information or misinformation.

UPDATE 2012-SEP-23

Some support my findings:

“Iran has not hacked the US banks,” Head of Iran’s Civil Defense Organization Gholam Reza Jalali told FNA on Sunday.

Source: http://english.farsnews.com/newstext.php?nn=9106241736

UPDATE 2012-OCT-03

Some more support my findings:

…none of the five experts interviewed for this article had any evidence to support claims the attacks were sponsored or carried out by Iran…

Source: http://arstechnica.com/security/2012/10/ddos-attacks-against-major-us-banks-no-stuxnet/

Citation needed

When people say that something is information, they probably really mean that it is presumed-information, very much like the notion of being presumed innocent until proven guilty.

https://xkcd.com/285/

In one of my most favorite blog posts ever, for satisfying the feeling of both accomplishment (subtle pleasures) and development, I disused a process for identifying disinformation surrounding the primary information in a news article. The focus, and the reason why I wanted to ‘out’ the disinformation, was the headline.

I only went so far as deconstructing the articles headline for two reasons; first, I am still developing my ideas and wanted to start with something small. Second, compared to how much time it takes for me to consume a normal news article, consuming it in this fashion takes considerably more time. I hope to eventually streamline some of these processes with the help of computer software, but first I need to practice and better understand this stuff.

Processing an entire article, and not just processing a headline and specific parts of an article, will take much longer. I have not committed enough time to try it, yet. But every so often, while reading an interesting article, I spot some presumed-information that is obviously needing support.

For instance, this article from Foreignpolicy.com titled, “All the Pentagon’s Lawyers”, contains a sentence that is screaming vagueness.

The United States was instrumental in the creation of the United Nations and the various international human rights treaties and institutions.

I could not help but think about the above XKCD comic after reading it.

The quote by Rosa Brooks, however much support the author (information producer) may think it provides, initiated a slippery slope condition for me (the information consumer), so much so that I was no longer thinking about the story of the article but instead how ill-used this specific byte of information is.

Aside, however stark this specific byte of information is, every sentence consumed should have its own probability-of-informativeness.

This is not to say that the sentence in question is not informative–it has highlighted an issue, obviously important to the information producer, that has been presumed by the information producer to be important, and relevant, to the primary information of the article.

So, what is this sentence, in the scope of inferred information classification, as stand-alone information? This is mostly a mental exercise, but critical for breaking information down for identifying entropy or misinformation. This is not exhaustive:

– Primary: the United States as a stakeholder
– Primary: the United Nations as a stakeholder
– Primary-meta: the notion of international human rights
– Primary-operational: the notion of creating treaties and institutions

What is clearly lacking here, as stand-alone information, is derivative information. To me, “The United States was instrumental [how]…” is where this could have easily been expanded, and ideally, in relation to the rest of the article.

What is the inferred information classification of the article? It seems that there are four ways of figuring this out:

1. Read the article-title
2. Read the article and describe it in a sentence or two
3. Visually depict the article by word-count
4. Visually depict the article by information-network

#1 is easiest, but only to obtain a general (and likely memorable) idea. #2 is easy, but describing it as if inputting its content into a Wikipedia article takes a bit of work. Especially for me since I have a reading-comprehension learning disability. It takes longer than most for me to synthesize written text, and is probably why I am so keen to break information down in this manner. #2 also has the strength of showing the articles retrospective subjectivity according to the information consumer.

There is a tool to make #3 in a snap: Wordle.net. However unfortunately, doing so severely lacks specificity:

#4 is where I hope to take this research, as I am unaware of any tool to help do this in any useful way. To accomplish this would be very complex, which mirrors the nature of information, let alone the nature of sharing information. Information should be understood according to the scope of the story provided (the shared network of information), but also in the larger context of an information network, where these bits and bytes link with the other bits and bytes of other available information by other information producers.

Back to the sentence in question, it is clearly derivative. Concerning the scope of the article, without following up in such a manner that would require me to do my own research, it does appear to be valid in use, and therefore is likely primary-derivative in nature. Hence the slippery slope–the information byte is derivative, but so much so that it is lacking its own derivative support to appear sound. There is so much entropy between this byte of primary-derivative information and the scope of this article that it, at first, appeared to be misinformation. Using information like this should be discouraged.

Rosa Brooks, the author, probably knew that including this byte of information was a stretch because of her use of parenthesis (yet being its own sentence). This might only be a sign laziness, but I certainly cannot claim to remember to replicate 100% of my knowledge into information for others when writing. It is very interesting to see the diversity of branches and leaves in an intelligently created network of semantic information.

The .US and .CN’s Relationship Regarding National Cyber Defense

This post is still under development. Really, it’s a mess. Just making it public so I don’t have to log in to read and think about it.

Finally! My amateur information studies and current affairs interest collide. I am fascinated by a recent meeting of China’s Minister for National Defense Liang Guanglie and the United States Secretary of Defense Leon Panetta. So much so that I’d like to take this opportunity to analyze the event using some OSINT and some ideas that I’ve been toying with.

The information that I’d like to focus on–the primary information–revolves around the specific discussion of internet-based threats between the two countries. There are many genuine news articles covering Guanglie’s visit, many of which simply reiterate the same information, but there are less that concentrate on cyber defense issues.

Objectives:
  1. Collect related OSINT and define the primary information and information sub-classifications
  2. Graph on a 2-dimensional ERD the four preidentified “dimensions” (analysis of each dimension should output their own unique data)
    1. The people and organizations that the news media is about and their relationships (focus: classifications I-V)
    2. The people and organizations that document and process the information shared by ‘2A’ and their relationships (focus: classifications II-V)
    3. The information that ‘2B’ shares and the relationships between information for a single news article (focus: classifications I-V)
    4. The information that ‘2B’ shares and the relationships between information between all articles concerning the predefined primary information (focus: classifications I-V)
  3. Describe the relationships via information classification normalization (focus: dimension 2C and 2D), or, in other words, juxtapose all four dimensions
Goal:
  • To describe, as holistically as possible using internet-based media, the public’s theoretical whole-view of the event.
Note:
  • I’m actually going to limit myself on the number of information sources that I use since none of this is automated and it is all very theoretical. Ideally, an automated system, such as new functionality built into Google News, would be able to process all indexed articles on the web.
Classification I (primary) sources:
  1. http://www.bbc.com/news/technology-17989560
  2. http://www.v3.co.uk/v3-uk/news/2173196/chinese-security-chiefs-defuse-cyber-cold-war
  3. http://news.nationalpost.com/2012/05/08/u-s-and-china-working-together-to-prevent-cyberattacks/
  4. http://latimesblogs.latimes.com/world_now/2012/05/washingtonchinas-defense-minister-denied-monday-that-his-country-was-the-source-of-cyber-attacks-directed-at-the-us.html
  5. http://blogs.voanews.com/breaking-news/2012/05/08/us-china-to-cooperate-on-cyber-security-2/
  6. http://www.thejakartapost.com/news/2012/05/09/us-defense-chief-cyber-attacks-affect-both-nations.html-0
  7. https://www.ajc.com/news/nation-world/us-china-to-cooperate-1433185.html

Raw txt: http://anon.is/raw1.txt

Classification II-V sources:
  1. http://www.chinadaily.com.cn/cndy/2012-05/12/content_15275513.htm

 

https://en.wikipedia.org/wiki/Liang_Guanglie
https://en.wikipedia.org/wiki/Leon_Panetta

————————-
Retrospective observations:
  1. Are we, as information consumers on the net, just supposed to assume that the primary information is the condensed subject matter in an article’s title?
    1. Are we to presume that the author is aware?
    2. Why is information not clearly identified via classification or relationship description?
    3. The net provides vast OSINT. Why do news media organizations limit themselves by pulling targeted information out of other information sources?
  2. Why are those sources, at times, not hyperlinked?
    1. Why don’t said organizations design information gathering systems (#bigdata) to provide seamless information traversal using smart UX?
– Some do minor historical analysis and even less do trend analysis.

Information producer takeaways:

Information consumer takeaways: