How changes in glass changed working conditions

From Nicholas Carr’s “(re)framed” (Rough Type: 3 June 2011):

I’m reminded of an interesting passage in the book Glass: A World History:

As we have seen, one of the rapid developments in glass technology was the making of panes of window glass, plain and coloured, which was particularly noticeable in the northern half of Europe [after the twelfth century]. One very practical effect of this was on working conditions. In the cold and dark northern half of Europe people could now work for longer hours and with more precision because they were shielded from the elements. The light poured in, yet the cold was kept out. Prior to glass only thin slivers of horn or parchment were used and the window spaces were of necessity much smaller and the light admitted, dimmer.

The widespread corruption at the heart of Greek culture

From Michael Lewis’s “Beware of Greeks Bearing Bonds” (Vanity Fair: 1 October 2010):

In just the past decade the wage bill of the Greek public sector has doubled, in real terms—and that number doesn’t take into account the bribes collected by public officials. The average government job pays almost three times the average private-sector job. The national railroad has annual revenues of 100 million euros against an annual wage bill of 400 million, plus 300 million euros in other expenses. The average state railroad employee earns 65,000 euros a year. Twenty years ago a successful businessman turned minister of finance named Stefanos Manos pointed out that it would be cheaper to put all Greece’s rail passengers into taxicabs: it’s still true. “We have a railroad company which is bankrupt beyond comprehension,” Manos put it to me. “And yet there isn’t a single private company in Greece with that kind of average pay.” The Greek public-school system is the site of breathtaking inefficiency: one of the lowest-ranked systems in Europe, it nonetheless employs four times as many teachers per pupil as the highest-ranked, Finland’s. Greeks who send their children to public schools simply assume that they will need to hire private tutors to make sure they actually learn something. There are three government-owned defense companies: together they have billions of euros in debts, and mounting losses. The retirement age for Greek jobs classified as “arduous” is as early as 55 for men and 50 for women. As this is also the moment when the state begins to shovel out generous pensions, more than 600 Greek professions somehow managed to get themselves classified as arduous: hairdressers, radio announcers, waiters, musicians, and on and on and on. The Greek public health-care system spends far more on supplies than the European average—and it is not uncommon, several Greeks tell me, to see nurses and doctors leaving the job with their arms filled with paper towels and diapers and whatever else they can plunder from the supply closets.

A handful of the tax collectors, however, were outraged by the systematic corruption of their business; it further emerged that two of them were willing to meet with me. The problem was that, for reasons neither wished to discuss, they couldn’t stand the sight of each other. This, I’d be told many times by other Greeks, was very Greek.

Tax Collector No. 1—early 60s, business suit, tightly wound but not obviously nervous—arrived with a notebook filled with ideas for fixing the Greek tax-collection agency. He just took it for granted that I knew that the only Greeks who paid their taxes were the ones who could not avoid doing so—the salaried employees of corporations, who had their taxes withheld from their paychecks. The vast economy of self-employed workers—everyone from doctors to the guys who ran the kiosks that sold the International Herald Tribune—cheated (one big reason why Greece has the highest percentage of self-employed workers of any European country). “It’s become a cultural trait,” he said. “The Greek people never learned to pay their taxes. And they never did because no one is punished. No one has ever been punished. It’s a cavalier offense—like a gentleman not opening a door for a lady.”

The scale of Greek tax cheating was at least as incredible as its scope: an estimated two-thirds of Greek doctors reported incomes under 12,000 euros a year—which meant, because incomes below that amount weren’t taxable, that even plastic surgeons making millions a year paid no tax at all. The problem wasn’t the law—there was a law on the books that made it a jailable offense to cheat the government out of more than 150,000 euros—but its enforcement. “If the law was enforced,” the tax collector said, “every doctor in Greece would be in jail.” I laughed, and he gave me a stare. “I am completely serious.” One reason no one is ever prosecuted—apart from the fact that prosecution would seem arbitrary, as everyone is doing it—is that the Greek courts take up to 15 years to resolve tax cases. “The one who does not want to pay, and who gets caught, just goes to court,” he says. Somewhere between 30 and 40 percent of the activity in the Greek economy that might be subject to the income tax goes officially unrecorded, he says, compared with an average of about 18 percent in the rest of Europe.

The easiest way to cheat on one’s taxes was to insist on being paid in cash, and fail to provide a receipt for services. The easiest way to launder cash was to buy real estate. Conveniently for the black market—and alone among European countries—Greece has no working national land registry. “You have to know where the guy bought the land—the address—to trace it back to him,” says the collector. “And even then it’s all handwritten and hard to decipher.”

On he went, describing a system that was, in its way, a thing of beauty. It mimicked the tax-collecting systems of an advanced economy—and employed a huge number of tax collectors—while it was in fact rigged to enable an entire society to cheat on their taxes.

Tax Collector No. 2—casual in manner and dress, beer-drinking, but terrified that others might discover he had spoken to me—also arrived with a binder full of papers, only his was stuffed with real-world examples not of Greek people but Greek companies that had cheated on their taxes. He then started to rattle off examples (“only the ones I personally witnessed”). The first was an Athenian construction company that had built seven giant apartment buildings and sold off nearly 1,000 condominiums in the heart of the city. Its corporate tax bill honestly computed came to 15 million euros, but the company had paid nothing at all. Zero. To evade taxes it had done several things. First, it never declared itself a corporation; second, it employed one of the dozens of companies that do nothing but create fraudulent receipts for expenses never incurred and then, when the tax collector stumbled upon the situation, offered him a bribe. The tax collector blew the whistle and referred the case to his bosses—whereupon he found himself being tailed by a private investigator, and his phones tapped. In the end the case was resolved, with the construction company paying 2,000 euros. “After that I was taken off all tax investigations,” said the tax collector, “because I was good at it.”

The Greek state was not just corrupt but also corrupting. Once you saw how it worked you could understand a phenomenon which otherwise made no sense at all: the difficulty Greek people have saying a kind word about one another. Individual Greeks are delightful: funny, warm, smart, and good company. I left two dozen interviews saying to myself, “What great people!” They do not share the sentiment about one another: the hardest thing to do in Greece is to get one Greek to compliment another behind his back. No success of any kind is regarded without suspicion. Everyone is pretty sure everyone is cheating on his taxes, or bribing politicians, or taking bribes, or lying about the value of his real estate. And this total absence of faith in one another is self-reinforcing. The epidemic of lying and cheating and stealing makes any sort of civic life impossible; the collapse of civic life only encourages more lying, cheating, and stealing. Lacking faith in one another, they fall back on themselves and their families.

The structure of the Greek economy is collectivist, but the country, in spirit, is the opposite of a collective. Its real structure is every man for himself. Into this system investors had poured hundreds of billions of dollars. And the credit boom had pushed the country over the edge, into total moral collapse.

The Vatopaidi monastery, along with 19 others, was built in the 10th century on a 37-mile-long-by-6-mile-wide peninsula in northeast Greece, called Mount Athos. Mount Athos now is severed from the mainland by a long fence, and so the only way onto it is by boat, which gives the peninsula the flavor of an island. And on this island no women are allowed—no female animals of any kind, in fact, except for cats. The official history ascribes the ban to the desire of the church to honor the Virgin; the unofficial one to the problem of monks hitting on female visitors. The ban has stood for 1,000 years.

The ferry chugs for three hours along a rocky, wooded, but otherwise barren coastline, stopping along the way to drop monks and pilgrims and guest workers at other monasteries. The sight of the first one just takes my breath away. It’s not a building but a spectacle: it’s as if someone had taken Assisi or Todi or one of the other old central-Italian hill towns and plopped it down on the beach, in the middle of nowhere. Unless you know what to expect on Mount Athos—it has been regarded by the Eastern Orthodox Church for more than a millennium as the holiest place on earth, and it enjoyed for much of that time a symbiotic relationship with Byzantine emperors—these places come as a shock. There’s nothing modest about them; they are grand and complicated and ornate and obviously in some sort of competition with one another. In the old days, pirates routinely plundered them, and you can see why: it would be almost shameful not to, for a pirate.

Otherwise the experience was sensational, to be recommended to anyone looking for a taste of 10th-century life. Beneath titanic polished golden chandeliers, and surrounded by freshly cleaned icons, the monks sang; the monks chanted; the monks vanished behind screens to utter strange incantations; the monks shook what sounded like sleigh bells; the monks floated by waving thuribles, leaving in their wake smoke and the ancient odor of incense. Every word that was said and sung and chanted was Biblical Greek (it seemed to have something to do with Jesus Christ), but I nodded right along anyway. I stood when they stood, and sat when they sat: up and down we went like pogos, for hours. The effect of the whole thing was heightened by the monks’ magnificently wild beards. Even when left to nature, beards do not all grow in the same way. There are types: the hopelessly porous mass of fuzz; the Osama bin Laden/Assyrian-king trowel; the Karl Marx bird’s nest. A surprising number of the monks resembled the Most Interesting Man in the World from the Dos Equis commercial. (“His beard alone has experienced more than a lesser man’s entire body.”)

For most of the 1980s and 1990s, Greek interest rates had run a full 10 percent higher than German ones, as Greeks were regarded as far less likely to repay a loan. There was no consumer credit in Greece: Greeks didn’t have credit cards. Greeks didn’t usually have mortgage loans either.

But this question of whether Greece will repay its debts is really a question of whether Greece will change its culture, and that will happen only if Greeks want to change. I am told 50 times if I am told once that what Greeks care about is “justice” and what really boils the Greek blood is the feeling of unfairness. Obviously this distinguishes them from no human being on the planet, and ignores what’s interesting: exactly what a Greek finds unfair. It’s clearly not the corruption of their political system. It’s not cheating on their taxes, or taking small bribes in their service to the state. No: what bothers them is when some outside party—someone clearly different from themselves, with motives apart from narrow and easily understood self-interest—comes in and exploits the corruption of their system.

John Steinbeck on how Europe & America view poverty

From Nathaniel Benchley’s interview of John Steinbeck in “The Art of Fiction No. 45” (The Paris Review: Fall 1969, No. 48):

I wonder whether you will remember one last piece of advice you gave me. It was during the exuberance of the rich and frantic twenties and I was going out into that world to try to be a writer.

You said, “It’s going to take a long time, and you haven’t any money. Maybe it would be better if you could go to Europe.”

“Why?” I asked.

“Because in Europe poverty is a misfortune, but in America it is shameful.”

Why did Thomas Jefferson bring a stuffed moose to France?

From David G. Post’s “Jefferson’s Moose” (Remarks presented at the Stanford Law School Conference on Privacy in Cyberspace: 7 February 2000):

In 1787, Jefferson, then the American Minister to France, had the “complete skeleton, skin & horns of the Moose” shipped to him in Paris and mounted in the lobby of his hotel. One can only imagine the comments made by bemused onlookers and hotel staff.

This was no small undertaking at that time — I suppose it would be no small undertaking even today. It’s not as if he had no other things to do with his time or his money. It’s worth asking: Why did he do it? What could have possessed him?

He wanted, first, to shock. He wanted his French friends to stand back, to gasp, and to say: There really is a new world out there, one that has things in it that we can hardly imagine. He wanted them to have what Lessig called an “aha! moment” in regard to the New World from out of which Jefferson (and his moose) had emerged.

But there was another, more specific, purpose. He wanted to show them that this new world was not a degenerate place. The Comte de Buffon, probably the most celebrated naturalist of the late 18th Century, had propounded just such a theory about the degeneracy of life in the New World. Jefferson described Buffon’s theory this way:

“That the animals common both to the old and new world, are smaller in the latter; that those peculiar to the new, are on a smaller scale; that those which have been domesticated in both, have degenerated in America; and that on the whole the New World exhibits fewer species.”

Though it may be hard to appreciate from our more enlightened 21st century perspective, this was deadly serious stuff — both as science and, more to our point here, as politics; to Jefferson, Buffon’s theory had ominous political implications, for it was, as he put it, “within one step” of the notion that man, too, would degenerate in the New World. Thus, it could and did give a kind of intellectual cover to the notion that man in the New World could not be trusted to govern himself.

Sometimes a picture — or, better yet, a carcass — is worth a thousand words. So out comes the moose; larger than its European counterparts (the reindeer and caribou), its brooding presence in downtown Paris would surely make observers think twice about Buffon’s theory. Jefferson was no fool; he knew full well that one data point does not settle the argument, and he would provide, in his “Notes on the State of Virginia,” a detailed refutation of Buffon’s charge, page after page of careful analysis of the relative sizes of American and European animals.

4 sources of tension between science and religion

From Steven Weinberg’s “Without God” (The New York Review of Books: 25 September 2008):

But if the direct conflict between scientific knowledge and specific religious beliefs has not been so important in itself, there are at least four sources of tension between science and religion that have been important.

The first source of tension arises from the fact that religion originally gained much of its strength from the observation of mysterious phenomena – thunder, earthquakes, disease – that seemed to require the intervention of some divine being. There was a nymph in every brook, and a dryad in every tree. But as time passed more and more of these mysteries have been explained in purely natural ways. Explaining this or that about the natural world does not of course rule out religious belief. But if people believe in God because no other explanation seems possible for a whole host of mysteries, and then over the years these mysteries were one by one resolved naturalistically, then a certain weakening of belief can be expected.

Of course, not everything has been explained, nor will it ever be. The important thing is that we have not observed anything that seems to require supernatural intervention for its explanation. There are some today who cling to the remaining gaps in our understanding (such as our ignorance about the origin of life) as evidence for God. But as time passes and more and more of these gaps are filled in, their position gives an impression of people desperately holding on to outmoded opinions.

The problem for religious belief is not just that science has explained a lot of odds and ends about the world. There is a second source of tension: that these explanations have cast increasing doubt on the special role of man, as an actor created by God to play a starring part in a great cosmic drama of sin and salvation. We have had to accept that our home, the earth, is just another planet circling the sun; our sun is just one of a hundred billion stars in a galaxy that is just one of billions of visible galaxies; and it may be that the whole expanding cloud of galaxies is just a small part of a much larger multiverse, most of whose parts are utterly inhospitable to life. As Richard Feynman has said, “The theory that it’s all arranged as a stage for God to watch man’s struggle for good and evil seems inadequate.”

A third source of tension between science and religious belief has been more important in Islam than in Christianity. Around 1100, the Sufi philosopher Abu Hamid al-Ghazzali argued against the very idea of laws of nature, on the grounds that any such law would put God’s hands in chains. According to al-Ghazzali, a piece of cotton placed in a flame does not darken and smolder because of the heat of the flame, but because God wants it to darken and smolder. Laws of nature could have been reconciled with Islam, as a summary of what God usually wants to happen, but al-Ghazzali did not take that path.

Al-Ghazzali is often described as the most influential Islamic philosopher. I wish I knew enough to judge how great was the impact on Islam of his rejection of science. At any rate, science in Muslim countries, which had led the world in the ninth and tenth centuries, went into a decline in the century or two after al-Ghazzali. As a portent of this decline, in 1194 the Ulama of Córdoba burned all scientific and medical texts.

Nor has science revived in the Islamic world. … in 2002 the periodical Nature carried out a survey of science in Islamic countries, and found just three areas in which the Islamic world produced excellent science, all three directed toward applications rather than basic science. They were desalination, falconry, and camel breeding.

Something like al-Ghazzali’s concern for God’s freedom surfaced for a while in Christian Europe, but with very different results. In Paris and Canterbury in the thirteenth century there was a wave of condemnations of those teachings of Aristotle that seemed to limit the freedom of God to do things like create a vacuum or make several worlds or move the heavens in straight lines. The influence of Thomas Aquinas and Albertus Magnus saved the philosophy of Aristotle for Europe, and with it the idea of laws of nature. But although Aristotle was no longer condemned, his authority had been questioned – which was fortunate, since nothing could be built on his physics. Perhaps it was the weakening of Aristotle’s authority by reactionary churchmen that opened the door to the first small steps toward finding the true laws of nature at Paris and Lisieux and Oxford in the fourteenth century.

There is a fourth source of tension between science and religion that may be the most important of all. Traditional religions generally rely on authority, whether the authority is an infallible leader, such as a prophet or a pope or an imam, or a body of sacred writings, a Bible or a Koran. …

Of course, scientists rely on authorities, but of a very different sort. If I want to understand some fine point about the general theory of relativity, I might look up a recent paper by an expert in the field. But I would know that the expert might be wrong. One thing I probably would not do is to look up the original papers of Einstein, because today any good graduate student understands general relativity better than Einstein did. We progress. Indeed, in the form in which Einstein described his theory it is today generally regarded as only what is known in the trade as an effective field theory; that is, it is an approximation, valid for the large scales of distance for which it has been tested, but not under very cramped conditions, as in the early big bang.

We have our heroes in science, like Einstein, who was certainly the greatest physicist of the past century, but for us they are not infallible prophets.

A history of the negative associations of yellow

From Allen Abel And Madeleine Czigler’s “Submarines, bananas and taxis” (National Post: 24 June 2008):

Depicted in frescoes and canvases from the early Middle Ages onward in the robes of the betrayer of the Christ, “Judas yellow” devolved into an imprint of depravity, treason and exclusion.

By the 12th century, European Jews were compelled to wear yellow hats, prostitutes were bound by yellow sashes and yellow flags flew above the pus-stained hovels of the Black Death. From this would descend our own yellow of cowardice and insanity, and the yellow badges of the star-crossed Jüden of the Third Reich.

CCTV in your plane’s cabin?

From Michael Reilly’s “In-flight surveillance could foil terrorists in the sky” (New Scientist: 29 May 2008):

CCTV cameras are bringing more and more public places under surveillance – and passenger aircraft could be next.

A prototype European system uses multiple cameras and “Big Brother” software to try and automatically detect terrorists or other dangers caused by passengers.

The European Union’s Security of Aircraft in the Future European Environment (SAFEE) project uses a camera in every passenger’s seat, with six wide-angle cameras to survey the aisles. Software then analyses the footage to detect developing terrorist activity or “air-rage” incidents, by tracking passengers’ facial expressions.

“It looks for running in the cabin, standing near the cockpit for long periods of time, and other predetermined indicators that suggest a developing threat,” says James Ferryman of the University of Reading, UK, one of the system’s developers.

Other behaviours could include a person nervously touching their face, or sweating excessively. One such behaviour won’t trigger the system to alert the crew, only certain combinations of them.

Criminals working together to improve their tools

From Dan Goodin’s “Crimeware giants form botnet tag team” (The Register: 5 September 2008):

The Rock Phish gang – one of the net’s most notorious phishing outfits – has teamed up with another criminal heavyweight called Asprox in overhauling its network with state-of-the-art technology, according to researchers from RSA.

Over the past five months, Rock Phishers have painstakingly refurbished their infrastructure, introducing several sophisticated crimeware packages that get silently installed on the PCs of its victims. One of those programs makes infected machines part of a fast-flux botnet that adds reliability and resiliency to the Rock Phish network.

Based in Europe, the Rock Phish group is a criminal collective that has been targeting banks and other financial institutions since 2004. According to RSA, they are responsible for half of the worldwide phishing attacks and have siphoned tens of millions of dollars from individuals’ bank accounts. The group got its name from a now discontinued quirk in which the phishers used directory paths that contained the word “rock.”

The first sign the group was expanding operations came in April, when it introduced a trojan known alternately as Zeus or WSNPOEM, which steals sensitive financial information in transit from a victim’s machine to a bank. Shortly afterward, the gang added more crimeware, including a custom-made botnet client that was spread, among other means, using the Neosploit infection kit.

Soon, additional signs appeared pointing to a partnership between Rock Phishers and Asprox. Most notably, the command and control server for the custom Rock Phish crimeware had exactly the same directory structure of many of the Asprox servers, leading RSA researchers to believe Rock Phish and Asprox attacks were using at least one common server. …

RSA researchers also noticed that a decrease in phishing attacks hosted on Rock Phishers’ old servers coincided with never-before-seen phishing attacks used on the Asprox botnet.

In this case, Rock Phishers seem to be betting that the spoofed pages used in their phishing attacks will remain up longer using fast-flux technology from Asprox.

“It just shows that these guys know each other and are willing to provide services to each other,” said Joe Stewart, a researcher at SecureWorks who has spent years tracking Asprox and groups that use fast-flux botnets. “This goes on in the underground all the time.”

The NSA and threats to privacy

From James Bamford’s “Big Brother Is Listening” (The Atlantic: April 2006):

This legislation, the 1978 Foreign Intelligence Surveillance Act, established the FISA court—made up of eleven judges handpicked by the chief justice of the United States—as a secret part of the federal judiciary. The court’s job is to decide whether to grant warrants requested by the NSA or the FBI to monitor communications of American citizens and legal residents. The law allows the government up to three days after it starts eavesdropping to ask for a warrant; every violation of FISA carries a penalty of up to five years in prison. Between May 18, 1979, when the court opened for business, until the end of 2004, it granted 18,742 NSA and FBI applications; it turned down only four outright.

Such facts worry Jonathan Turley, a George Washington University law professor who worked for the NSA as an intern while in law school in the 1980s. The FISA “courtroom,” hidden away on the top floor of the Justice Department building (because even its location is supposed to be secret), is actually a heavily protected, windowless, bug-proof installation known as a Sensitive Compartmented Information Facility, or SCIF.

It is true that the court has been getting tougher. From 1979 through 2000, it modified only two out of 13,087 warrant requests. But from the start of the Bush administration, in 2001, the number of modifications increased to 179 out of 5,645 requests. Most of those—173—involved what the court terms “substantive modifications.”

Contrary to popular perception, the NSA does not engage in “wiretapping”; it collects signals intelligence, or “sigint.” In contrast to the image we have from movies and television of an FBI agent placing a listening device on a target’s phone line, the NSA intercepts entire streams of electronic communications containing millions of telephone calls and e-mails. It runs the intercepts through very powerful computers that screen them for particular names, telephone numbers, Internet addresses, and trigger words or phrases. Any communications containing flagged information are forwarded by the computer for further analysis.

Names and information on the watch lists are shared with the FBI, the CIA, the Department of Homeland Security, and foreign intelligence services. Once a person’s name is in the files, even if nothing incriminating ever turns up, it will likely remain there forever. There is no way to request removal, because there is no way to confirm that a name is on the list.

In December of 1997, in a small factory outside the southern French city of Toulouse, a salesman got caught in the NSA’s electronic web. Agents working for the NSA’s British partner, the Government Communications Headquarters, learned of a letter of credit, valued at more than $1.1 million, issued by Iran’s defense ministry to the French company Microturbo. According to NSA documents, both the NSA and the GCHQ concluded that Iran was attempting to secretly buy from Microturbo an engine for the embargoed C-802 anti-ship missile. Faxes zapping back and forth between Toulouse and Tehran were intercepted by the GCHQ, which sent them on not just to the NSA but also to the Canadian and Australian sigint agencies, as well as to Britain’s MI6. The NSA then sent the reports on the salesman making the Iranian deal to a number of CIA stations around the world, including those in Paris and Bonn, and to the U.S. Commerce Department and the Customs Service. Probably several hundred people in at least four countries were reading the company’s communications.

Such events are central to the current debate involving the potential harm caused by the NSA’s warrantless domestic eavesdropping operation. Even though the salesman did nothing wrong, his name made its way into the computers and onto the watch lists of intelligence, customs, and other secret and law-enforcement organizations around the world. Maybe nothing will come of it. Maybe the next time he tries to enter the United States or Britain he will be denied, without explanation. Maybe he will be arrested. As the domestic eavesdropping program continues to grow, such uncertainties may plague innocent Americans whose names are being run through the supercomputers even though the NSA has not met the established legal standard for a search warrant. It is only when such citizens are turned down while applying for a job with the federal government—or refused when seeking a Small Business Administration loan, or turned back by British customs agents when flying to London on vacation, or even placed on a “no-fly” list—that they will realize that something is very wrong. But they will never learn why.

General Michael Hayden, director of the NSA from 1999 to 2005 and now principal deputy director of national intelligence, noted in 2002 that during the 1990s, e-communications “surpassed traditional communications. That is the same decade when mobile cell phones increased from 16 million to 741 million—an increase of nearly 50 times. That is the same decade when Internet users went from about 4 million to 361 million—an increase of over 90 times. Half as many land lines were laid in the last six years of the 1990s as in the whole previous history of the world. In that same decade of the 1990s, international telephone traffic went from 38 billion minutes to over 100 billion. This year, the world’s population will spend over 180 billion minutes on the phone in international calls alone.”

Intercepting communications carried by satellite is fairly simple for the NSA. The key conduits are the thirty Intelsat satellites that ring the Earth, 22,300 miles above the equator. Many communications from Europe, Africa, and the Middle East to the eastern half of the United States, for example, are first uplinked to an Intelsat satellite and then downlinked to AT&T’s ground station in Etam, West Virginia. From there, phone calls, e-mails, and other communications travel on to various parts of the country. To listen in on that rich stream of information, the NSA built a listening post fifty miles away, near Sugar Grove, West Virginia. Consisting of a group of very large parabolic dishes, hidden in a heavily forested valley and surrounded by tall hills, the post can easily intercept the millions of calls and messages flowing every hour into the Etam station. On the West Coast, high on the edge of a bluff overlooking the Okanogan River, near Brewster, Washington, is the major commercial downlink for communications to and from Asia and the Pacific. Consisting of forty parabolic dishes, it is reportedly the largest satellite antenna farm in the Western Hemisphere. A hundred miles to the south, collecting every whisper, is the NSA’s western listening post, hidden away on a 324,000-acre Army base in Yakima, Washington. The NSA posts collect the international traffic beamed down from the Intelsat satellites over the Atlantic and Pacific. But each also has a number of dishes that appear to be directed at domestic telecommunications satellites.

Until recently, most international telecommunications flowing into and out of the United States traveled by satellite. But faster, more reliable undersea fiber-optic cables have taken the lead, and the NSA has adapted. The agency taps into the cables that don’t reach our shores by using specially designed submarines, such as the USS Jimmy Carter, to attach a complex “bug” to the cable itself. This is difficult, however, and undersea taps are short-lived because the batteries last only a limited time. The fiber-optic transmission cables that enter the United States from Europe and Asia can be tapped more easily at the landing stations where they come ashore. With the acquiescence of the telecommunications companies, it is possible for the NSA to attach monitoring equipment inside the landing station and then run a buried encrypted fiber-optic “backhaul” line to NSA headquarters at Fort Meade, Maryland, where the river of data can be analyzed by supercomputers in near real time.

Tapping into the fiber-optic network that carries the nation’s Internet communications is even easier, as much of the information transits through just a few “switches” (similar to the satellite downlinks). Among the busiest are MAE East (Metropolitan Area Ethernet), in Vienna, Virginia, and MAE West, in San Jose, California, both owned by Verizon. By accessing the switch, the NSA can see who’s e-mailing with whom over the Internet cables and can copy entire messages. Last September, the Federal Communications Commission further opened the door for the agency. The 1994 Communications Assistance for Law Enforcement Act required telephone companies to rewire their networks to provide the government with secret access. The FCC has now extended the act to cover “any type of broadband Internet access service” and the new Internet phone services—and ordered company officials never to discuss any aspect of the program.

The National Security Agency was born in absolute secrecy. Unlike the CIA, which was created publicly by a congressional act, the NSA was brought to life by a top-secret memorandum signed by President Truman in 1952, consolidating the country’s various military sigint operations into a single agency. Even its name was secret, and only a few members of Congress were informed of its existence—and they received no information about some of its most important activities. Such secrecy has lent itself to abuse.

During the Vietnam War, for instance, the agency was heavily involved in spying on the domestic opposition to the government. Many of the Americans on the watch lists of that era were there solely for having protested against the war. … Even so much as writing about the NSA could land a person a place on a watch list.

For instance, during World War I, the government read and censored thousands of telegrams—the e-mail of the day—sent hourly by telegraph companies. Though the end of the war brought with it a reversion to the Radio Act of 1912, which guaranteed the secrecy of communications, the State and War Departments nevertheless joined together in May of 1919 to create America’s first civilian eavesdropping and code-breaking agency, nicknamed the Black Chamber. By arrangement, messengers visited the telegraph companies each morning and took bundles of hard-copy telegrams to the agency’s offices across town. These copies were returned before the close of business that day.

A similar tale followed the end of World War II. In August of 1945, President Truman ordered an end to censorship. That left the Signal Security Agency (the military successor to the Black Chamber, which was shut down in 1929) without its raw intelligence—the telegrams provided by the telegraph companies. The director of the SSA sought access to cable traffic through a secret arrangement with the heads of the three major telegraph companies. The companies agreed to turn all telegrams over to the SSA, under a plan code-named Operation Shamrock. It ran until the government’s domestic spying programs were publicly revealed, in the mid-1970s.

Frank Church, the Idaho Democrat who led the first probe into the National Security Agency, warned in 1975 that the agency’s capabilities

“could be turned around on the American people, and no American would have any privacy left, such [is] the capability to monitor everything: telephone conversations, telegrams, it doesn’t matter. There would be no place to hide. If this government ever became a tyranny, if a dictator ever took charge in this country, the technological capacity that the intelligence community has given the government could enable it to impose total tyranny, and there would be no way to fight back, because the most careful effort to combine together in resistance to the government, no matter how privately it is done, is within the reach of the government to know. Such is the capacity of this technology.”

The importance of booze to the Pilgrims

From Sam Anderson’s “A History of Hooch“, a review of Iain Gately’s Drink: A Cultural History of Alcohol (6 July 2008):

Elizabethan England had a pub for every 187 people. (By 2004, the country was down to one for every 529 people.) The Pilgrims’ Mayflower was actually “a claret ship from the Bordeaux wine trade,” and a group of settlers who came over to join them brought 20,000 gallons of beer and wine but only 3,000 gallons of water.

Money involved in adware & clicks4hire schemes

From Chapter 2: Botnets Overview of Craig A. Schiller’s Botnets: The Killer Web App (Syngress: 2007):

Dollar-Revenue and GimmyCash are two companies that have paid for installation of their Adware programs. Each has a pay rate formula based on the country of installation. Dollar-Revenue pays 30 cents for installing their adware in a U. S. Web site, 20 cents for a Canadian Web site, 10 cents for a U.K. Web site, 1 cent for a Chinese Web site, and 2 cents for all other Web sites. GimmyCash. com pays 40 cents for U. S. and Canadian Web site installs, 20 cents for 16 European countries, and 2 cents for everywhere else. In addition, GimmyCash pays 5 percent of the webmaster’s earnings that you refer to GimmyCash.

How the Greek cell phone network was compromised

From Vassilis Prevelakis and Diomidis Spinellis’ “The Athens Affair” (IEEE Spectrum: July 2007):

On 9 March 2005, a 38-year-old Greek electrical engineer named Costas Tsalikidis was found hanged in his Athens loft apartment, an apparent suicide. It would prove to be merely the first public news of a scandal that would roil Greece for months.

The next day, the prime minister of Greece was told that his cellphone was being bugged, as were those of the mayor of Athens and at least 100 other high-ranking dignitaries, including an employee of the U.S. embassy.

The victims were customers of Athens-based Vodafone-Panafon, generally known as Vodafone Greece, the country’s largest cellular service provider; Tsalikidis was in charge of network planning at the company.

We now know that the illegally implanted software, which was eventually found in a total of four of Vodafone’s Greek switches, created parallel streams of digitized voice for the tapped phone calls. One stream was the ordinary one, between the two calling parties. The other stream, an exact copy, was directed to other cellphones, allowing the tappers to listen in on the conversations on the cellphones, and probably also to record them. The software also routed location and other information about those phone calls to these shadow handsets via automated text messages.

The day after Tsalikidis’s body was discovered, CEO Koronias met with the director of the Greek prime minister’s political office. Yiannis Angelou, and the minister of public order, Giorgos Voulgarakis. Koronias told them that rogue software used the lawful wiretapping mechanisms of Vodafone’s digital switches to tap about 100 phones and handed over a list of bugged numbers. Besides the prime minister and his wife, phones belonging to the ministers of national defense, foreign affairs, and justice, the mayor of Athens, and the Greek European Union commissioner were all compromised. Others belonged to members of civil rights organizations, peace activists, and antiglobalization groups; senior staff at the ministries of National Defense, Public Order, Merchant Marine, and Foreign Affairs; the New Democracy ruling party; the Hellenic Navy general staff; and a Greek-American employee at the United States Embassy in Athens.

First, consider how a phone call, yours or a prime minister’s, gets completed. Long before you dial a number on your handset, your cellphone has been communicating with nearby cellular base stations. One of those stations, usually the nearest, has agreed to be the intermediary between your phone and the network as a whole. Your telephone handset converts your words into a stream of digital data that is sent to a transceiver at the base station.

The base station’s activities are governed by a base station controller, a special-purpose computer within the station that allocates radio channels and helps coordinate handovers between the transceivers under its control.

This controller in turn communicates with a mobile switching center that takes phone calls and connects them to call recipients within the same switching center, other switching centers within the company, or special exchanges that act as gateways to foreign networks, routing calls to other telephone networks (mobile or landline). The mobile switching centers are particularly important to the Athens affair because they hosted the rogue phone-tapping software, and it is there that the eavesdropping originated. They were the logical choice, because they are at the heart of the network; the intruders needed to take over only a few of them in order to carry out their attack.

Both the base station controllers and the switching centers are built around a large computer, known as a switch, capable of creating a dedicated communications path between a phone within its network and, in principle, any other phone in the world. Switches are holdovers from the 1970s, an era when powerful computers filled rooms and were built around proprietary hardware and software. Though these computers are smaller nowadays, the system’s basic architecture remains largely unchanged.

Like most phone companies, Vodafone Greece uses the same kind of computer for both its mobile switching centers and its base station controllers—Ericsson’s AXE line of switches. A central processor coordinates the switch’s operations and directs the switch to set up a speech or data path from one phone to another and then routes a call through it. Logs of network activity and billing records are stored on disk by a separate unit, called a management processor.

The key to understanding the hack at the heart of the Athens affair is knowing how the Ericsson AXE allows lawful intercepts—what are popularly called “wiretaps.” Though the details differ from country to country, in Greece, as in most places, the process starts when a law enforcement official goes to a court and obtains a warrant, which is then presented to the phone company whose customer is to be tapped.

Nowadays, all wiretaps are carried out at the central office. In AXE exchanges a remote-control equipment subsystem, or RES, carries out the phone tap by monitoring the speech and data streams of switched calls. It is a software subsystem typically used for setting up wiretaps, which only law officers are supposed to have access to. When the wiretapped phone makes a call, the RES copies the conversation into a second data stream and diverts that copy to a phone line used by law enforcement officials.

Ericsson optionally provides an interception management system (IMS), through which lawful call intercepts are set up and managed. When a court order is presented to the phone company, its operators initiate an intercept by filling out a dialog box in the IMS software. The optional IMS in the operator interface and the RES in the exchange each contain a list of wiretaps: wiretap requests in the case of the IMS, actual taps in the RES. Only IMS-initiated wiretaps should be active in the RES, so a wiretap in the RES without a request for a tap in the IMS is a pretty good indicator that an unauthorized tap has occurred. An audit procedure can be used to find any discrepancies between them.

It took guile and some serious programming chops to manipulate the lawful call-intercept functions in Vodafone’s mobile switching centers. The intruders’ task was particularly complicated because they needed to install and operate the wiretapping software on the exchanges without being detected by Vodafone or Ericsson system administrators. From time to time the intruders needed access to the rogue software to update the lists of monitored numbers and shadow phones. These activities had to be kept off all logs, while the software itself had to be invisible to the system administrators conducting routine maintenance activities. The intruders achieved all these objectives.

The challenge faced by the intruders was to use the RES’s capabilities to duplicate and divert the bits of a call stream without using the dialog-box interface to the IMS, which would create auditable logs of their activities. The intruders pulled this off by installing a series of patches to 29 separate blocks of code, according to Ericsson officials who testified before the Greek parliamentary committee that investigated the wiretaps. This rogue software modified the central processor’s software to directly initiate a wiretap, using the RES’s capabilities. Best of all, for them, the taps were not visible to the operators, because the IMS and its user interface weren’t used.

The full version of the software would have recorded the phone numbers being tapped in an official registry within the exchange. And, as we noted, an audit could then find a discrepancy between the numbers monitored by the exchange and the warrants active in the IMS. But the rogue software bypassed the IMS. Instead, it cleverly stored the bugged numbers in two data areas that were part of the rogue software’s own memory space, which was within the switch’s memory but isolated and not made known to the rest of the switch.

That by itself put the rogue software a long way toward escaping detection. But the perpetrators hid their own tracks in a number of other ways as well. There were a variety of circumstances by which Vodafone technicians could have discovered the alterations to the AXE’s software blocks. For example, they could have taken a listing of all the blocks, which would show all the active processes running within the AXE—similar to the task manager output in Microsoft Windows or the process status (ps) output in Unix. They then would have seen that some processes were active, though they shouldn’t have been. But the rogue software apparently modified the commands that list the active blocks in a way that omitted certain blocks—the ones that related to intercepts—from any such listing.

In addition, the rogue software might have been discovered during a software upgrade or even when Vodafone technicians installed a minor patch. It is standard practice in the telecommunications industry for technicians to verify the existing block contents before performing an upgrade or patch. We don’t know why the rogue software was not detected in this way, but we suspect that the software also modified the operation of the command used to print the checksums—codes that create a kind of signature against which the integrity of the existing blocks can be validated. One way or another, the blocks appeared unaltered to the operators.

Finally, the software included a back door to allow the perpetrators to control it in the future. This, too, was cleverly constructed to avoid detection. A report by the Hellenic Authority for the Information and Communication Security and Privacy (the Greek abbreviation is ADAE) indicates that the rogue software modified the exchange’s command parser—a routine that accepts commands from a person with system administrator status—so that innocuous commands followed by six spaces would deactivate the exchange’s transaction log and the alarm associated with its deactivation, and allow the execution of commands associated with the lawful interception subsystem. In effect, it was a signal to allow operations associated with the wiretaps but leave no trace of them. It also added a new user name and password to the system, which could be used to obtain access to the exchange.

…Security experts have also discovered other rootkits for general-purpose operating systems, such as Linux, Windows, and Solaris, but to our knowledge this is the first time a rootkit has been observed on a special-purpose system, in this case an Ericsson telephone switch.

So the investigators painstakingly reconstructed an approximation of the original PLEX source files that the intruders developed. It turned out to be the equivalent of about 6500 lines of code, a surprisingly substantial piece of software.

How the settlers changed America’s ecology, radically

From Charles C. Mann’s “America, Found & Lost” (National Geographic: May 2007):

It is just possible that John Rolfe was responsible for the worms—specifically the common night crawler and the red marsh worm, creatures that did not exist in the Americas before Columbus. Rolfe was a colonist in Jamestown, Virginia, the first successful English colony in North America. Most people know him today, if they know him at all, as the man who married Pocahontas. A few history buffs understand that Rolfe was one of the primary forces behind Jamestown’s eventual success. The worms hint at a third, still more important role: Rolfe inadvertently helped unleash a convulsive and permanent change in the American landscape.

Like many young English blades, Rolfe smoked – or, as the phrase went in those days, “drank” – tobacco, a fad since the Spanish had first carried back samples of Nicotiana tabacum from the Caribbean. Indians in Virginia also drank tobacco, but it was a different species, Nicotiana rustica. Virginia leaf was awful stuff, wrote colonist William Strachey: “poor and weak and of a biting taste.” After arriving in Jamestown in 1610, Rolfe talked a shipmaster into bringing him N. tabacum seeds from Trinidad and Venezuela. Six years later Rolfe returned to England with his wife, Pocahontas, and the first major shipment of his tobacco. “Pleasant, sweet, and strong,” as Rolfe’s friend Ralph Hamor described it, Jamestown’s tobacco was a hit. By 1620 the colony exported up to 50,000 pounds (23,000 kilograms) of it – and at least six times more a decade later. Ships bellied up to Jamestown and loaded up with barrels of tobacco leaves. To balance the weight, sailors dumped out ballast, mostly stones and soil. That dirt almost certainly contained English earthworms.

TWO HUNDRED AND FIFTY MILLION years ago the world contained a single landmass known to scientists as Pangaea. Geologic forces broke this vast expanse into pieces, sundering Eurasia and the Americas. Over time the two halves of the world developed wildly different suites of plants and animals. Columbus’s signal accomplishment was, in the phrase of historian Alfred Crosby, to reknit the torn seams of Pangaea. After 1492, the world’s ecosystems collided and mixed as European vessels carried thousands of species to new homes across the oceans. The Columbian exchange, as Crosby called it, is why there are tomatoes in Italy, oranges in Florida, chocolates in Switzerland, and hot peppers in Thailand. It is arguably the most important event in the history of life since the death of the dinosaurs.

But the largest ecological impact may have been wreaked by a much smaller, seemingly benign domestic animal: the European honeybee. In early 1622, a ship arrived in Jamestown that was a living exhibit of the Columbian exchange. It was loaded with exotic entities for the colonists to experiment with: grapevine cuttings, silkworm eggs, and beehives. Most bees pollinate only a few species; they tend to be fussy about where they live. European honeybees, promiscuous beasts, reside almost anywhere and pollinate almost anything in sight. Quickly, they swarmed from their hives and set up shop throughout the Americas.

Surveillance cameras don’t reduce crime

From BBC News’ “CCTV boom ‘failing to cut crime’” (6 May 2008):

Huge investment in closed-circuit TV technology has failed to cut UK crime, a senior police officer has warned.

Det Ch Insp Mick Neville said the system was an “utter fiasco” – with only 3% of London’s street robberies being solved using security cameras.

Although Britain had more cameras than any other European country, he said “no thought” had gone into how to use them.

Speaking at the Security Document World Conference in London, Det Ch Insp Neville, the head of the Met’s Visual Images, Identifications and Detections Office (Viido), said one of the problems was that criminals were not afraid of cameras.

He also said more training was needed for officers who often avoided trawling through CCTV images “because it’s hard work”.

One study suggests there may be more than 4.2 million CCTV cameras in the UK – the majority on private property – but until Viido was set up in September 2006 there had been no dedicated police unit to deal with the collection and dissemination of CCTV evidence.

From Owen Bowcott’s “CCTV boom has failed to slash crime, say police” (The Guardian: 6 May 2008):

Massive investment in CCTV cameras to prevent crime in the UK has failed to have a significant impact, despite billions of pounds spent on the new technology, a senior police officer piloting a new database has warned. Only 3% of street robberies in London were solved using CCTV images, despite the fact that Britain has more security cameras than any other country in Europe.

Out now: Microsoft Vista for IT Security Professionals

Microsoft Vista for IT Security Professionals is designed for the professional system administrators who need to securely deploy Microsoft Vista in their networks. Readers will not only learn about the new security features of Vista, but they will learn how to safely integrate Vista with their existing wired and wireless network infrastructure and safely deploy with their existing applications and databases. The book begins with a discussion of Microsoft’s Trustworthy Computing Initiative and Vista’s development cycle, which was like none other in Microsoft’s history. Expert authors will separate the hype from the reality of Vista’s preparedness to withstand the 24 x 7 attacks it will face from malicious attackers as the world’s #1 desktop operating system. The book has a companion CD which contains hundreds of working scripts and utilities to help administrators secure their environments.

This book is written for intermediate to advanced System administrators managing Microsoft networks who are deploying Microsoft’s new flagship desktop operating system: Vista. This book is appropriate for system administrators managing small networks of fewer than 10 machines up to enterprise-class networks with tens of thousands of systems. This book is also appropriate for readers preparing for the Microsoft exam MCDST 70-620.

I contributed two appendices to this book:

  • Appendix A: Microsoft Vista: The International Community
  • Appendix B: Changes to the Vista EULA

Appendix A, “Microsoft Vista: The International Community”, was about Microsoft’s legal troubles in Europe and Asia, and the changes the company had to make to Vista to accommodate those governments. Appendix B, “Changes to the Vista EULA”, explained that the EULA in Vista is even worse than that found in XP, which was worse than any previous EULA. In other words, Vista has a problematic EULA that users need to know about before they buy the OS.

Read excerpts: Front Matter (350 KB PDF) and Chapter 1: Microsoft Vista: An Overview (760 KB PDF). You can flip through the entire book, although you’re limited to the total number of pages you can view (but it’s a pretty high number, like 50 or so).

The origin of broadcast journalism

From Nicholas Lemann’s “The Murrow Doctrine” (The New Yorker: 23 & 30 January 2006: 38-43):

There is a memorable entry in William Shirer’s Berlin Diary in which he describes – as, in effect, something that happened at work one day – the birth of broadcast journalism. It was Sunday, March 13, 1938, the day after Nazi troops entered Austria. Shirer, in London, got a call from CBS headquarters, in New York, asking him to put together a broadcast in which radio correspondents in the major capitals of Europe, led by Shirer’s boss, Edward R. Murrow, who was on the scene in Vienna, would offer a series of live reports on Hitler’s move and the reaction to it.

A new way to steal from ATMs: blow ’em up

From Bruce Schneier’s “News” (Crypto-Gram Newsletter: 15 March 2006):

In the Netherlands, criminals are stealing money from ATM machines by blowing them up. First, they drill a hole in an ATM and fill it with some sort of gas. Then, they ignite the gas — from a safe distance — and clean up the money that flies all over the place after the ATM explodes. Sounds crazy, but apparently there has been an increase in this type of attack recently. The banks’ countermeasure is to install air vents so that gas can’t build up inside the ATMs.