Archive for 2016


The Core of Apple v. FBI

If you haven’t read Apple’s open letter to customers yet, you really should. As Apple points out,

Some would argue that building a backdoor for just one iPhone is a simple, clean-cut solution. But it ignores both the basics of digital security and the significance of what the government is demanding in this case.

In today’s digital world, the “key” to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.

Rich Mogull expands upon this concept in a very convincing way that gets to the core of the issue here.

Everything, all of it, boils down to a single question.

Do we have a right to security?

Vendors like Apple have hit the point where some of the products they make, for us, are so secure that it is nearly impossible, if not impossible, to crack them. As a lifetime security professional, this is what my entire industry has been dreaming of since the dawn of computers. Secure commerce, secure communications, secure data storage. A foundation to finally start reducing all those data breaches, to stop China, Russia and others from wheedling their way into our critical infrastructure. To make phones so secure they almost aren’t worth stealing, since even the parts aren’t worth much.

To build the secure foundation for the digital age that we so lack, and so desperately need. So an entire hospital isn’t held hostage because one person clicked on the wrong link.

The FBI, DOJ, and others are debating if secure products and services should be legal. They hide this in language around warrants and lawful access, and scream about terrorists and child pornographers. What they don’t say, what they never admit, is that it is physically impossible to build in back doors for law enforcement without creating security vulnerabilities.

One of the significant reasons I have been so enthused by Apple throughout the years is that their hardware is focused upon providing technical solutions that not only make the world a better place, but do so in manners that aim to eliminate real world challenges.

Take TouchID for instance. No other company has created a solution that is as secure and because of this purity, it is all but impossible for bad guys to hack the software to gain access to your banking information that has formed the security basis for Apple Pay. As a result, fraud is impossible with Apple Pay unless someone actually has possession of your credit card information, which really has nothing to do with Apple Pay fraud at all (and which is no different than stealing a person’s wallet. It’s more stealing than it is fraud).

TouchID is so brilliant precisely because the security design places every aspect of the implementation upon the hardware itself. The fingerprint information gets stored within a walled off area of the processor, a secure element that received device-specific provisioning when manufactured, unavailable to any system or network besides the TouchID sensor. The data is not saved in software, accessible for clever hackers to search out vulnerabilities. No, it resides on the hardware itself, and when the phone is locked, all keys to files and keychain items are wiped and inaccessible until the read-only secure element processes a fingerprint match received from TouchID input.

Let’s apply what the FBI is requesting in the San Bernardino case to Apple Pay, because it demonstrates the exact point that Mogull is making. Fleshing out the technical-nature of this example helps us understand the hypotheticals posed. If Apple were to design a backdoor into Apple Pay, they would be destroying the integrity of the security design behind Apple Pay altogether, exposing the software to everyone and giving anyone with the know-how access to reverse engineer the design in order to expose potential weaknesses. Software is merely instructions and there’s always a way to work around those instructions. This simple fact is precisely the problem with digital security since computers were invented.

Said another way, if Apple were to design an exception for the FBI by requiring software workarounds, we will forever be dealing with systems that are inherently insecure. The horrible atrocity in San Bernardino already occurred. But in the government’s desire to gain access to information surrounding the event (assuming that it proves useful at all) will only create more danger for citizens, since all data will be subject to abuses to bad guys with ill-intent (and speaking nothing to the potential for government overreach).

I’ll end with another paragraph from Mogull.

The FBI wants this case to be about a single phone used by a single dead terrorist in San Bernadino to distract us from asking the real question. It will not stop at this one case, that isn’t how the law works. They are also teaming with legislators to make encrypted, secure devices and services illegal. That isn’t conspiracy theory, it is the stated position of the director of the FBI. Eventually they want systems to access any device or form of communications, at scale. As they already have with our phone system. Keep in mind that there is no way to limit this to consumer technologies, and it will have to apply to business systems as well, undermining corporate security.


A couple political, but not partisan, thoughts

  1. Paul Krugman highlighted Speaker Paul Ryan’s absurd comments denying Obama credit for the current state of the economy after Obama highlighted his actions in getting us to this stage in major portions of Obama’s State of the Union address on Tuesday.Speaker Ryan stated:

    “I think the Federal Reserve has done more,” he said. “What’s happening is people at the high end are doing pretty darn well because of loose money from the Fed. And all these regulations, all this uncertainty, all these taxes are giving us weak economic growth.”

    So, according to Ryan, Obama deserves no credit for the Bernanke led Fed monetary decisions back in 2011, since it was all Bernanke. Yet, back in 2011, then-House Budget Chairman Paul Ryan criticized those Bernanke Fed policies.

    Representative Paul D. Ryan of Wisconsin, the new chairman of the House Budget Committee and a vocal skeptic of the Fed’s bond-buying effort, told Mr. Bernanke: “My concern is that the costs of the Fed’s current monetary policy — the money creation and massive balance sheet expansion — will come to outweigh the perceived short-term benefits.”

    Mr. Ryan described “a sharp rise in a variety of key global commodity and basic material prices,” and an increase in interest rates of longer-term Treasury securities. And while conceding that American consumers were not yet experiencing substantially higher prices, Mr. Ryan warned that “the inflation dynamic can be quick to materialize and painful to eradicate once it takes hold.”

    Mr. Ryan all but accused Mr. Bernanke of devaluing the dollar, saying, “There is nothing more insidious that a country can do to its citizens than debase its currency.”

    So Ryan’s argument is that Obama deserves no credit for Fed policy that led to our current state of the economy, but Ryan hated the Fed policy that led to our current state, and would have likely been dismantled and replaced them with an austerity plan that has worked oh so well for the rest of the world around us.

  2. This brings me to another point that seems like a somewhat common retort of the Obama presidency by right-of-center folks (that has leaked into the public consciousness generally). I was speaking to a relative over the holidays and his general view regarding current economic optimism went something like this: People are so quick to applaud Obama for restoring the economy, but let’s be honest, we were in such bad shape anyone could have made things better.Such a viewpoint underscores the tremendously horrible job our media does in explaining even the most basic policies we take as a nation to manage our economy. In 2008 (and even ’til this day) there’s a consensus from the right that the proper course of action in dire economic situations is to adopt more austere measures (aka spending cuts, decreasing welfare and job insurance benefits, etc.) to fight against troubles plaguing a lagging economy. It doesn’t matter the challenges facing that economy, whether they be major employment slack, an abnormal banking sector that isn’t loaning money as typically done, or a real estate market that was in tailspin due to the plethora of oversold, bad mortgages that were bundled with other good mortgages causing pretty much all of them to be tainted and therefore deeply hindering real-estate secured consumer spending that kept our economy afloat since right after the turn of the millennium. 

    The underlying economic policies of both parties is a hugely important difference between them and we have examples all around the globe of nations who embraced the same strategies backed by the GOP when recession hit. So there’s a major difference between the American economy over the past seven years, that welcomed investment by the Government to overcome decreased private spending, as opposed to nations who took a very different, much more austere plan, in Europe, South America, and Asia, who are still struggling—and creating downward pressures upon the world economy today.
    The bailout of General Motors. Ensuring that TARP was properly pushed and passed. Quantitative Easing. All examples of efforts Obama backed that, had they not been passed, would have left our country in an entirely different economic reality. In Europe, we watch Germany demand that debt ridden countries like Greece make good on their debts before assisting further. And we wonder why the U.S. Economy is very different than the EUs today. These things matter.

  3. Finally, a completely unrelated thought that I found intriguing from Christie’s State of the State. He announced an effort to increase access to care for mental health and substance abuse in his address.

    Today, I’m very proud to announce a historic financial commitment of more than $100 million to increase access to care for mental health and substance use.

    We’re going to provide more competitive reimbursement rates for services and providers.

    As demand for services continues to grow, we also need to widen access. Increased reimbursement rates will help improve critical services and provide more treatment capacity. The investment we’re making will change lives and get more people into treatment earlier, instead of the emergency room or prison later. It’s the fiscally responsible thing to do – and it’s the morally right thing to do.

    Let’s highlight that last sentence: It’s the fiscally responsible thing to do – and it’s the morally right thing to do. Fiscally responsible.

    I can’t see Christie winning the presidential primary with the current political winds. I’ve said it many times that 2016 feels eerily similar to 1968 in terms of historic relevance to the world of political science. Many people smarter than me believe we’re overdue for a political realignment of the parties, and the rise of Trump and Sanders feels like there might be something interesting going on.

    But I think at some point, Christie will play a role in rebranding the GOP, because, despite his actual policies’ dissonance, he understands how to pull at the heartstrings of normal, everyday people. That’s why that whole fiscally responsible thing intrigues me. Since Reagan, the GOP definition of fiscally responsible, at least when addressing populist ideas, is that cuts = fiscally responsible. Over this same period, democrats, in my opinion, less successfully, have argued that fiscal responsibility = finding savings.

    Christie’s solution is to invest $100 million into a program—not cut funding. That’s not a traditional GOP view, these days. Of course investments like this are estimated to produce $400 to $700 million, but that’s the type of argument liberals make when explaining why the Affordable Care Act, or food stamps, or the EITC, or unemployment insurance is a good deal. The GOP typically lambasts that sort of idea, since they feel government spending interferes with market forces and crowds out investments.

    I don’t really have an ultimate point for bringing this up. I merely find it intriguing that a Republican with such a big spotlight is making arguments like that. Feels modestly Keynesian. 


AT LONG LAST…MY “STAR WARS: EPISODE VII” REVIEW. THE FORCE AWAKENS & THE RISE OF IDIOT JOURNALISM.

This was so satisfying to read. I loved the big shock at the end related to the author of the HuffPo piece. Response pieces like this won’t do anything to rid the world of clickbait; even so, it provides such catharsis.

By the way, I enjoyed “The Force Awakens” and thought the meta-storytelling techniques were hugely satisfying. J.J. Abrams gets the cultural influence Star Wars has played and makes repeated nods to this. For instance, Han Solo not being on the Millennium Falcon for 30 years is used as a plot device in the film, but I can’t help but think that the real reason for this plot decision is because we haven’t been on the Millennium Falcon for 30 years. We are part of the story.

My money is on Rey being a Skywalker, but I’m deeply rooting for her to be a Kenobi for so many reasons.

Well, I’ve waited a few weeks to write my “Star Wars: The Force Awakens” review and finally, after multiple viewings and numerous vibrant discussions, I feel that I’m ready to give this movie the review it truly deserves.

I gave the film a ton of time to sink in. I analyzed the story structure and plot. I got to know the characters, both new and old, and came to understand the motivations and performances of the actors portraying them. I prepared myself to gush over the rollicking relationship between Poe Dameron and his new Stormtrooper pal, Finn, the brilliant puppeteering of BB-8 and the star-making performance of Daisy Ridley as the burgeoning Jedi known simply as Rey. I was ready to tell you about how much I adored the direction the filmmakers took with the legacy characters of Han, Leia and Luke while making Adam Driver’s Kylo Ren one of the most layered and interestingly flawed villains I’ve ever seen. I was excited to prognosticate over clues that were left in the film to set up the remainder of the series. Sure, the movie has its flaws. It’s a little heavy on the nostalgia and there are a few moments that are little too convenient for me, but there are a million other things I loved that quickly outweighed those problems. I’ve spent the last few weeks searching for precisely the right words to convey just how excited “The Force Awakens” has made me for the future of the franchise and planning how I would use those words to write a fair and balanced review.
But as I sit down to write that review…I simply can’t.

And here’s why…

The Huffington Post’s article, “40 Unforgivable Plot Holes in ‘Star Wars: The Force Awakens”.

Over the last few weeks I saw this article reposted over and over both by folks in the film industry and outside of it. The reposts often carried captions from Facebook users like “Yep!” or “This is exactly my problem”. Oh shit. Did I miss something? Maybe the Huffington Post and half of Facebook saw something I didn’t. I needed to know more. So I read the article. I read it numerous times. In the end, I came to my own conclusion…

The Huffington Post has no idea what the fuck it’s talking about.

I don’t know about the rest of you but I’ve grown exhausted with the horseshit, hater culture that online, millennial ‘journalists’ use to click-bait their way to some sort of self-perceived intellectual high ground. Hate first. Don’t bother asking questions later.

After all the thought and effort I put into prepping my review, the Huffington Post article had somehow stunted my ability to write about the new “Star Wars” movie. But I refused to be deterred. Thus, this article is not intended to review “The Force Awakens”. It’s intended to rip the head off the Huffington Post’s dumb-ass review and shit down its still-gasping esophagus.

Now, keep in mind I’m not a professional reviewer or even a journalist. I’m just a regular guy who has spent the better part of his life dedicated to studying story structure, plot, character, scene study and script development while working on twenty some-odd motion pictures over the last seventeen years. I might not be the guy to question the Huffington Post’s lofty review, but I’ll give it a shot.

So what are these “40 Unforgivable Plot Holes” and why is the Huffington Post ass-backward in their review? I blame it partly on the click-bait era. I also think that being a contrarian dick makes people feel intelligent. But those aren’t the reasons the review is horseshit. It’s horseshit because it really seems like the reviewer didn’t watch the movie at all.

Let’s take a look at these 40 “holes” and see just how hard I can plug them.

Take a read. It’s worth it.