August 2007
Mon Tue Wed Thu Fri Sat Sun
« Jul   Sep »
 12345
6789101112
13141516171819
20212223242526
2728293031  

Month August 2007

Congress Needs to Consider Retroactive Immunity for Telecom Companies…For A Price

I’m still pondering McConnell’s interview, discussed in the previous post, and it strikes me that he said something which opens a potential level for the Congress to use as an investigatory tool.

McConnell’s top priority for Congress on revising FISA legislation is gaining retroactive immunity for the telecom companies who have assisted the NSA with the illegal wiretapping program over the last five years:

Now if you play out the suits at the value they’re claimed, it would bankrupt these companies. So my position was we have to provide liability protection to these private sector entities. So that was part of the request. . . .

The issue that we did not address, which has to be addressed is the liability protection for the private sector now is proscriptive, meaning going forward. We’ve got a retroactive problem. When I went through and briefed the various senators and congressmen, the issue was alright, look, we don’t want to work that right now, it’s too hard because we want to find out about some issues of the past. So what I recommended to the administration is, ‘Let’s take that off the table for now and take it up when Congress reconvenes in September.’ . . . No, the retroactive liability protection has got to be addressed.

Glenn Greenwald is right, I think this is the first time a top official has pretty much admitted the complicity of telecom companies in the illegal wiretapping program. And that gives the Congress a possible plan, an investigatory path into the lawlessness of this Administration, and beyond, into Executive overreach in general (as previously discussed.)

When Congress returns, it should re-convene hearings on the FISA legislation, especially since that “six month” clause forces them to re-authorize or re-examine. In the process, they should indeed address retroactive immunity for the telecom companies.

The price for retroactive immunity must be full, public, and complete cooperation by the telecom companies. Not disclosing technical detail; any hearings that require sensitive information as part of testimony will naturally follow the usual rules for classified briefings and testimony. But policy decisions and directives from the Administration and especially the White House must be fully and publicly disclosed. On the record, under oath.

No oath, no testimony, no immunity. And no CEO, after their respective boards of directors get done with them. Regardless of political affiliation, political donations, or ties of friendship, no telecom company CEO and its board will pass up the deal. Major shareholders, mutual funds, and the holders of corporate debt won’t let them.

And we’ll get the testimony and hearings we need in order to shape FISA law in accordance with both constitutional principles AND the exigencies of our current situation.

And we’ll see what happens once it’s all out, on the record. Everyone, even a President with the track record of this one, is innocent until proven guilty. But let’s just say the data isn’t trending in the right direction for Mr. Bush. Or will the Republicans decide this is their “Barry Goldwater visits the Oval Office” moment?

McConnell: Americans Will Die Because We Discussed Wiretapping….?

In recent comments to the El Paso Times, Director of National Intelligence Michael McConnell has apparently claimed that even discussing the legality of our wiretapping and electronic surveillance program will result in the deaths of Americans:

    Q: Even if it’s perception, how do you deal with that? You have to do public relations, I assume.

    A: Well, one of the things you do is you talk to reporters. And you give them the facts the best you can. Now part of this is a classified world. The fact we’re doing it this way means that some Americans are going to die, because we do this mission unknown to the bad guys because they’re using a process that we can exploit and the more we talk about it, the more they will go with an alternative means and when they go to an alternative means, remember what I said, a significant portion of what we do, this is not just threats against the United States, this is war in Afghanistan and Iraq.

    Q. So you’re saying that the reporting and the debate in Congress means that some Americans are going to die?

    A. That’s what I mean. Because we have made it so public. We used to do these things very differently, but for whatever reason, you know, it’s a democratic process and sunshine’s a good thing. We need to have the debate.

This is a pretty bizarre twist on the whole wiretapping discussion, and really has to call into question McConnell’s own claims of being "apolitical."   Americans will die as a direct result of having Congressional debate on the subject?  Seriously?

Apparently, McConnell’s "reasoning" (and we’ll use that term loosely for the duration) is that debate in Congress informs our enemies about our tactics and capabilities.  Of course, there’s a point to secrecy about detailed capabilities and tactics, and Congress and the Executive Branch have in place practices for closed hearings and briefings, and for handling law-making concerning classified activities.  These practices appear to work, as far as any of us can really tell. 

But at a high level — the level we’d read about in the news — I’d be shocked to hear that anyone doesn’t know that the NSA routinely monitors electronic communications internationally, and has done so for decades, across many generations of technologies.  After all, the NSA is an outgrowth of WWII signals intelligence groups. 

Or we might assume that folks overseas, including perhaps the bad guys, had read James Bamford’s history of the NSA, "Body of Secrets:  Anatomy of the Ultra-Secret National Security Agency," (a good book by the way), or his previous book, The Puzzle Palace.  Or you could extrapolate from fiction and entertainment and watch the Will Smith/Gene Hackman action thriller Enemy of the State.   Or literally dozens, if not hundreds, of other sources. 

Really.  Seriously.  McConnell clearly knows, as the former director of the NSA itself, and a player in D.C., that (1) the bad guys know we tap phones, monitor email and other electronic transactions, and gather a variety of other non-human-source intelligence, and (2) Congressional debate will be on the legality and processes involved in authorizing such activities, not the details of the technology for acquisition and processing.

So nice try, Mr. McConnell, on the "I’m apolitical, just doing my job" bit.  I’m not buying it.  Your comments are, at best, a misstatement.  At worst, they’re deliberately inflammatory hogwash of the kind we keep seeing from this Executive Branch, which will say anything to avoid having oversight, rules, or statutory limits to its authority.

 

Reflections on complexity on the occasion of diagnosing computer problems

At least twice in the last two days, I’ve had friends or neighbors pose computer problems to me. At least one was my own fault, having given a friend a (fully licensed, purchased from the MS Store) copy of Windows XP to “fix” their laptop via reinstallation. The other is a gentleman here on the island, from whom I’m in the process of buying a small boat to putt around between the islands. In the latter case I answered the usual questions about occupation and history, and since I nearly always answer that question with something about software or computers, I guess being involved in the second incident was my fault, too.

In the first case, the problem was that my friend tried to reinstall XP Pro SP2 over a Dell OEM installation of Windows Media Center, and got an error saying that the product key was invalid. It only took one email for my friend, who’s probably accustomed to folks like me asking seemingly simplistic questions like “did you mistype the code?” to convince me that, indeed, this was a real error. In the second case, a neighbor here on the island knew I was in the software business and asked me why his HP inkjet printer didn’t seem to install and work correctly on his Mac running OS X.

In both cases I was initially stymied. In the second case, I’m still stymied, but I’m buying the guy’s boat so I might help him figure it out tomorrow.

In the first case, a quick Google on the problem revealed that other people have exactly the same problem. Reinstalling a personal (i.e., non-Enterprise) license key for XP Pro over Media Center seems to reject perfectly valid license keys. Of course, even though I worked at Microsoft and have worked with Windows since the 3.1 days, I have absolutely no clue why it does this. I just know enough about the complexity of the Windows code base and have enough anecdotal experience not to be shocked in the slightest. Similarly, I’m not shocked that I could have a serious amount of experience with computers and code and still not have a clue.

I suspect the reason for this is that software engineers actually have two core skills, not one. Sure, software engineers are extremely good at abstraction: the skill of looking at a set of particulars, and creating a model of generalizations to represent any other set of particulars that share all or some of the relationships we imagine to exist within the original case. That task of abstraction is the same one shared by mathematicians, physicists, population geneticists, and other creators of mathematical models. But software engineers, and systems administrators, as opposed to pure computer scientists, have a second skill which is equally crucial. The ability to catalog a large number of actual cases, their causes, and their solutions. In other words, the skill to capture and contextualize and apply the lore of computing.

The first ability, I think, is what people expect when they ask me what might be causing their technology to have a problem. The ability to see a rational abstraction behind the seemingly random behavior that’s occurring, and thus to diagnose what’s wrong. But in reality, the extent of one’s command of lore — of detail, contextualized by situation and software version and architecture — governs one’s ability to solve such problems, particularly remotely — without the computer in question in your hands. The reason is the fundamental complexity of the situation. On top of the hardware runs an operating system, with a specific set of rules. That operating system can be tiny, like MS-DOS 3.3, or utterly massive, like the 60+ million lines of C code that purportedly make up Windows XP. On top of this midgit (or giant), rests a layer of drivers — bit of the operating system contributed typically by hardware vendors that allow the whole thing to work on their hardware. And on top of this three-layer cake runs your applications, today often themselves multi-million line pieces of software code. Code that might also depend critically on being able to communicate to other computers, across a network, to gather data via HTML or other “protocols,” which are essentially small languages that all computers must speak fluently in order to not misunderstand one another.

Complexity is the enemy of things “just working.” And it’s the enemy of even computer professionals being able to understand the systems they build. We can visualize a few interactions; we can even visualize a few histories of interactions. But nobody can visualize all of the interactions and possible states that even a moderately large piece of software (forget Microsoft Office, Windows, the Linux kernel, or Mac OS X) can display. Heck, human beings can’t visualize the geometry of a vector with more than three dimensions! How are we possibly going to understand the state space (i.e., possible behavior) of a piece of software with 66 million lines of code and megabytes of internal state variables?

We can’t, in detail. We do so statistically. We test things over partial ranges of their possible behaviors. Hopefully the important range of their behaviors, in terms of how often users can get their system into the same state. Even understanding the scope of the range of possible behaviors is a massive challenge, witnessed by the continued research into code coverage, automated testing, and the like. The current popularity of unit testing probably represents a programmer-driven effort to simply reduce the dimensionality of the state space. Unit testing reduces, by pursuing automated means of verifying the lowest level of “contracts” within the software itself, the size of the state space by large factors.

But what’s left after good, serious modern testing and QA is still a lot of possible behavior, and only some key pathways, the deepest, most intentional valleys through the overall “landscape” of behaviors, are documented or recorded. Much of the state space of a modern commercial software program is still deeply terra incognita, as a simple consequence of the overall complexity and coupling present in our systems.

Thus, I was encouraged by this post about Erlang on Lambda the Ultimate, a prominent blog about programming languages and the associated computer science. The designer of Erlang, Joe Armstrong, has this to say:

The Erlang flagship project (built by Ericsson, the Swedish telecom company) is the AXD301. This has over 2 million lines of Erlang.

The AXD301 has achieved a NINE nines reliability (yes, you read that right, 99.9999999%). Let’s put this in context: 5 nines is reckoned to be good (5.2 minutes of downtime/year). 7 nines almost unachievable … but we did 9.

Why is this? No shared state, plus a sophisticated error recovery model. You can read all the details in my PhD thesis.

Interesting. And impressive. It’s possible that there’s an approach here for reducing complexity to manageable, understandable, plannable levels. Objects, aspects, and other recent software innovations aim to reduce dimensionality, allowing more of the total state of a program to be explicitly designed, rather than showing up as emergent run-time behavior.

It seems clear, though, that getting a handle on complexity in software is critical — if we’re going to be able to diagnose what goes on inside our software, and thus if we’re going to be able to trust it. For commerce. For security. For privacy. And for exercising our rights in a democracy, since more and more, software is involved when we vote and make decisions.

Taking Impeachment Seriously

Over the last year, I’ve gone from not wanting the Democrats to waste political capital on impeachment proceedings to feeling that the effort is critical to the health of our democracy.  I think I’m ready to articulate why, and more importantly, outline the issues for which I still believe that the normal electoral process is the more appropriate cure.  This "sea change" in my thinking on the issue corresponds roughly to a change from thinking tactically about the 2006 election to thinking more broadly about the health of our democratic progress, although that tactical thinking was simply wrong from a constitutional standpoint — no matter what the stakes in that election.  I’ll also recommend John Nichol’s excellent small book, The Genius of Impeachment:  The Founder’s Cure for Royalism.  I started writing this before I read Nichols, and in fact I bought his book precisely because it’s got great references to early English custom and American history that I hope to use in arguing my case, but I strongly recommend his treatment, which is obviously better documented, more detailed, and often much better written than my comments below.   

In short, I’ve become convinced that impeachment proceedings against President Bush and Vice President Cheney are not just the appropriate remedy for the massive executive overreach we’ve seen in the last eight years, but an essential corrective for ensuring that future administrations — Democrat or Republican — do not simply continue where Mr. Bush leaves off.  Given massive expansions of executive power during the 20th century, and especially from Nixon onward (including the Democratic Clinton Administration), we have ample evidence that normal electoral process is insufficient as a corrective to executive overreach.  Stronger medicine is required.  And fortunately, strong medicine is precisely what the Founders gave us, in the form of impeachment.

I’ve Been Quiet Lately

I haven’t written much in a couple of weeks, and it’s because I’m studying a lot in addition to making headway on my dissertation proposal.  This summer, in addition to the proposal, I’m trying very hard to erase some of my deficits in the mathematical arena.  Darwin wrote, in his autobiography:

I attempted mathematics, and even went during the summer of 1828 with a private tutor (a very dull man) to Barmouth, but I got on very slowly.  The work was repugnant to me, chiefly from my not being able to see any meaning in the early steps of algebra.  This impatience was very foolish, and in after years I have deeply regretted that I did not proceed far enough at least to understand something of the great leading principles of mathematics, for men thus endowed seem to have an extra sense.

 

Precisely.  Studying the evolution of culture and cultural behavior, from a modern Darwinian perspective, is inherently a mathematical business.  Change is modeled as shifts in the frequencies of behaviors or traits, rather than outright transformations.  And this means that calculus, linear algebra, differential equations, and stochastic processes are critical tools.  Just as you wouldn’t hire a carpenter that knew how to build a cabinet, but didn’t have the tools to do the work, it’s hard to be an active researcher in this field and not have the right tools. 

So I’m reviewing, practicing, and going further than my previous education in math, and I’m enjoying it thoroughly.  I find that I’m one of those people that needs a purpose and a reason to learn things like the more abstract bits of math, and once I have a good reason, it seems to go smoothly.  But it’s also time-consuming, and it keeps me from writing more.  I thought I’d explain in case y’all wondered why I’ve been quieter than usual.

Invertebrate Democrats and “Warrantless Wiretapping”

As the details of precisely what the "Protect America Act of 2007" contains start to be analyzed, it’s pretty clear that Congress ought to be ashamed of itself.  Moving beyond the Newspeak name of the bill itself, it’s pretty clear that this law violates the Fourth Amendment. 

Marty Lederman, writing at Balkinization, analyzes the key ambiguities in the Senate version of the bill:

The key provision of S.1927 is new section 105A of FISA (see page 2), which categorically excludes from FISA’s requirements any and all "surveillance directed at a person reasonably believed to be located outside of the United States."

For surveillance to come within this exemption, there is no requirement that it be conducted outside the U.S.;no requirement that the person at whom it is "directed" be an agent of a foreign power or in any way connected to terrorism or other wrongdoing; and no requirement that the surveillance does not also encompass communications of U.S. persons. Indeed, if read literally, it would exclude from FISA any surveillance that is in some sense "directed" both at persons overseas and at persons in the U.S.

There are many aspects of electronic surveillance which present serious constitutional "grey" areas, and as a society we haven’t even begun to discuss these issues seriously.  But one issue is not grey, and I highlighted it in bold in Lederman’s analysis.  The Fourth Amendment requires that people (by which we can read "citizen" or "legal resident" although it’s not clear whether the Founders wished that distinction to be made) be immune from search (which now includes electronic search or surveillance) without a due process requirement that demonstrates the "reasonableness" of the search, which hundreds of years of Anglo-American legal tradition, American constitutional law, Congressional and state statute, and Federal case law says means probable cause, judicial consideration and issuance of warrants

Congress, in its second most spineless act in quite awhile (the Military Commissions Act and restriction of habeas corpus was worse), has ratified the Administration’s previous warrantless wrongdoings and gutted the Fourth Amendment in a wide variety of situations.  So why did a Congress cut the Judicial Branch out of the loop and give the Executive Branch the power not only to legally conduct surveillance on U.S. citizens, but also to be the arbiter of when it was acceptable to conduct such surveillance?

My guess is that Congress has shown yet again that the "potential attack on American soil" trump card works every time:  no rational discussion of threats and potential courses of action is possible when the opposing side can shout you down with the simple mention of 9/11.  The major challenge we face in American politics today is getting beyond sloganeering so we can have a rational national discussion about how we are conducting the defense of the Republic against criminal and military threats we face.  Congress will not do this by itself:  right now the 16 Democrats in the Senate (and others in the House) that voted for this unconstitutional bill likely did so because they’re afraid for their re-election prospects if they don’t vote to give the President every power he asks for, should something happen.