Tag Archives: security

Links: Data Drama, Coups, France, Cyber Security, Wealth Distribution

Last week, GDELT was suspended and three researchers left the project. This huge data set on media reports (not only) about conflicts got a lot of buzz (here and elsewhere). Now it seems that several parties are arguing about whether or not the underlying data was properly licensed. You can find some of the speculations in this thread on “Political Science Rumors”, page 3 and following.

Kalev Leetaru, the designer of the data set, now seems to have set up a new website and promises that everything will be fine:

While this whole situation would have been easily avoided with just a little communication and avoided a lot of unnecessary angst, the silver lining is that it has demonstrated just how widely-used and important GDELT has really become over the past year and we are tremendously excited to work with all of you in 2014 to really explore the future of “big data” study of human society.

Speaking of big data projects: Jay Ulfelder’s 2014 coup forecasts are up:

Coup forecast 2014 by Jay Ulfelder
Coup forecasts 2014 by Jay Ulfelder. Each shade represents a fifth of the distribution. Historically, you can expect 80% of coups to occur in the dark red countries…

Please read the full post for Jay’s caveat regarding interpretation and information on how the probabilities are calculated.

Somehow I had missed Jeffrey Stacey’s post on France’s “re-emergence as a major power”:

Few noticed several years ago that France conducted the EU operation in Chad almost entirely on its own, and the same for the UN operation in the Ivory Coast (both were largely ignored in Washington). There was an unsuccessful raid of al-Shabbab conducted in Somalia in early 2013, but France intervened in the highly unstable Central African Republic at the end of 2013. In-between France demonstrated particular skill in conducting its Mali intervention, which has been heralded as a successful demonstration of an alternative way to intervene compared to the experience of U.S.-led allies in Iraq and Afghanistan.

The French operation was impressive at the outset in that it took only three months to go from a decision in Paris to achieve operational boots on the ground. French military sustainability was amply demonstrated, with its contingency force growing to 5000 deployed troops midway through the intervention (only 7 troop fatalities occurred). The French with Chadian support accomplished their military objectives with relative ease in harsh field conditions, beyond the gaze of any reporters and therefore less likely that France would suffer diplomatically from any images of its troops killing Islamic fighters (a brigade has remained in Mali after the successful election of a new president). All of this was accomplished with broad and deep support across elite and public opinion.

At the Monkey Cage, Henry Farrell has announced a series of posts on cyber security. The first posts discusses “why people fight so hard over cybersecurity”.

Oxfam: "Working for the Few"
Oxfam: “Working for the Few”

Finally, you will probably have noticed Oxfam’s campaign about how 85 people are as rich as the bottom half of the world’s wealth distribution. This is from a report called “Working for the Few”.

Long-term followers of the IR Blog might remember my skepticism regarding cleverly phrased claims about wealth distribution: As long as you don’t oppose all kinds of capital accumulation, there will always be some small group owning much more than some bigger group.

Still, I think Tim Hartford and Alex Tabarrok miss a couple of important points in the casual way they deal with inequality. (See the comment section at Marginal Revolution for a discussion on how phrasing matters.)

Again, from a moderate perspective, the point here is not ‘expropriate them all‘. But we need to ensure that everyone has a decent income and improve taxation in order to mitigate capitalism’s tendencies to reward capital more than labor. The Economist has a short discussion of Thomas Piketty’s new book on the issue. More here. I have a feeling there will be many heated discussions over the year.

Links: New Blogs, New Crises, NSA Reform, Ethics in Academia

global-matters

Our colleagues from the Center for Global Politics (CGP) at Freie Universität Berlin have set up a blog called “Global Matters”. The idea is promising:

every two weeks the CGP posts a question related to an important topic in current affairs – and presents short but profound comments from distinguished International Relations experts and practitioners from all over the world

Good luck and have fun! The current post is on conflict in South-East Asia. (Also, there seems to be a tendency at our university to pretty grandiose names for blogging projects…)

Speaking of new blogs: Dan Nexon, of Duck of Minerva fame, now runs a personal blog called Hylaean Flow. Much of it will probably deal with insights from his role as editor for ISQ and the publishing process in general (via the Duck, where they also posted the new Game of Thrones trailer, just in case you missed it)

Tyler Cowen presents opinions from different people on “Which countries will have the next financial crisis?” If you’re a citizen, resident or investor in one of the following, now might be the time to worry: Denmark, Sweden or Norway (high private household debt), Singapore (a lot of loans), Malaysia or the Philippines (economic bubble), Ukraine (although Russia helped), Canada (real estate bubble), Thailand, Turkey, Greece, India or Indonesia (Tyler’s picks).

One key question is the relative worry weights you assign to private debt vs. bad institutions.

What about the rest of the world?  The eurozone is seeing ongoing credit contraction and perhaps deflation too.  Japan just announced a surprisingly large and apparently persistent current account deficit.  And the United States?  Things look pretty good, but in fact by the standards of historical timing we are soon due for another recession.

I’ll put my money on Turkey.

On cyber security and surveillance: Bruce Schneier has an excellent piece on how the NSA and other agencies threaten national (U.S.) security. The text is a commentary on the reform debate in the United States; let’s wait and see what President Obama will announce on Friday. Meanwhile, the tone in Germany gets angrier. As the “no spy” treaty seems to be canceled, now some people make the case for retaliation through the TTIP and other transatlantic negotiations.

PS. At the Monkey Cage, there’s a short interview with Peter Singer, whose book on cyber security and cyber war looks very interesting.

Last but not least, two items reflecting on academic practice. First, Megan MacKenzie has written on the ethics of adjunct professors and other “casual” posts in (U.S.) departments. She presents four reasons to be careful about taking these jobs and four ways for permanent staff to improve the situation. A lot of this probably also holds for the European context.

Second, Burcu Bayram on how to tell MA students that pursuing a PhD might not be the best option for them: Should you be the blunt “dream-crusher” or try a more empathetic approach?

“Tailored Access Operations” are exactly what I want the NSA to do

Happy New Year everyone! We’re back from our winter break. (Actually, some members of the IR Blog editorial board are still enjoying their time off, but I guess they will return to their desks eventually.)

At the 2013 Chaos Communication Congress in Hamburg, Jacob Applebaum gave a talk that summarized what is known about the NSA’s “Tailored Access Operations” unit. You can watch the video above. Basically, “tailored access” means that these are high-tech “hackers” that acquire intelligence on high-profile targets. Their arsenal includes tiny wireless chips inserted into hardware that is intercepted on the way to customers (!) as well as a special kind of bug that can be accessed by radar waves. Given that the information is from 2009, they probably have even more sophisticated tools now.

The related SPIEGEL story is here (in English). Bruce Schneier has collected a couple of links on the topic, and currently presents one of the exploits every day.

In the Guardian, Matt Blaze makes a very important point: “The NSA’s Tailored Access Operations show there’s a way to be safe and get good intelligence without mass surveillance”. The crucial difference is that between (A) civil-rights-abusing mass surveillance (as currently discussed, again, in the German cabinet) and (B) targeted surveillance of people that were chosen based on meaningful criteria. As Blaze puts it:

TAO is retail rather than wholesale.

That is, as well as TAO works (and it appears to work quite well indeed), they can’t deploy it against all of us – or even most of us. They must be installed on each individual target’s own equipment, sometimes remotely but sometimes through “supply chain interdiction” or “black bag jobs”. By their nature, targeted exploits must be used selectively. Of course, “selectively” at the scale of NSA might still be quite large, but it is still a tiny fraction of what they collect through mass collection.

For over a decade now, the NSA has been drowning in a sea of irrelevant data collected almost entirely about innocent people who would never be selected as targets or comprise part of any useful analysis. The implicit assumption has been that spying on everyone is the price we pay to be able to spy on the real bad guys. But the success of TAO demonstrates a viable alternative. And if the NSA has any legitimate role in intelligence gathering, targeted operations like TAO have the significant advantage that they leave the rest of us – and the systems we rely on – alone.

When I wrote earlier that “we are genuinely shocked by the extent to which our friends feel the need to spy on us and don’t think twice about it”, I was mainly referring to mass surveillance. Wiretapping chancellor Merkel is disrespectful, but I expect her to expect this kind of thing as an occupational hazard. What I find unacceptable, on the other hand, is that systematically eroding the integrity of communications networks and the meaning of “privacy” should be the new normal.

In other words: I’m far more comfortable with the idea that U.S. operatives secretly plant a bug in some suspected terrorist’s computer in Berlin than with the fact that all kinds of “metadata” on German (and other) citizens are being collected non-stop.

Putting a stop to individual-level surveillance seems implausible to me, and also impossible seeing that U.S. legislators would have to decide to shut down pretty much all of what intellifence agencies are about. But is it really that far-fetched (or naive) to hope for some consensus in favor of civil rights? Even if you don’t care about somewhat lofty and abstract pro-privacy arguments, U.S. and European business is being hurt by the NSA’s horrible reputation, and then there’s always the risk that backdoors may be used by more than one party…

“Tailored access” is exactly what I want the NSA to do. But please leave my telecoms provider alone and stop tracking my mobile phone “just in case”.

Links: Cyber Attacks, Trade Negotiations, Combat Drones

A Siemens device used to control centrifuges (via Wikimedia commons)
A Siemens device used to control centrifuges (by “Ulli1105” via Wikimedia commons)

Small anniversary: Link post #25. By the way, do you find these useful?

On cyber attacks, I would like to recommend three pieces that might not be for everyone, but are interesting to get a more technical understanding of what is going:

  • Ralph Langner has written a fascinating account of “Stuxnet”. It turns out that the U.S./Israeli (?) attack on Iranian nuclear centrifuges consisted not of one, but two separate types of computer virus, with trade-offs between effectiveness, predictability and stealth. The newer version used a less sophisticated way to damage centrifuges, but a much more sophisticated way to gain access in the first place and then spread across systems.
  • Nicholas Weaver summarizes the steps taken by U.S. intelligence agencies to access/hijack communications through the Internet’s backbone. This discussion of the NSA QUANTUM program is not too technical, but introduces a couple of phrases you might hear more often in the future. (via Bruce Schneier)
  • Jim Cowie discusses a different form of attack, in which internet traffic is redirected to get access to sensitive information. Fascinating for laypeople: Since we’re talking about milliseconds, “[t]he recipient, perhaps sitting at home in a pleasant Virginia suburb drinking his morning coffee, has no idea that someone in Minsk has the ability to watch him surf the web”. (But keep in mind that this comes form a private IT security company and is phrased to maximize PR effects.)

Two items on free trade negotiations:

First, Philip Murphy, the former U.S. Ambassador to Germany, is very confident that President Obama will manage to get approval from Congress for the Transatlantic Trade and Investment Partnership TTIP (via AICGS / Tobias Bunde).

Second, regarding the other U.S. free trade effort currently under negotiation – the Trans-Pacific Partnership TPP – you’ve probably heard that the part dealing with intellectual property rights was leaked last week. GWU PhD candidate Gabriel J. Michael has analyzed the way in which different countries proposed changes to the document (which is visible in the leaked text) and offers the following summary:

  1. The U.S. and Japan are relatively isolated in their negotiating positions.
  2. There appears to be a strong negotiating network between Singapore, Chile, Malaysia and New Zealand.
  3. Canada is up to something!

Some commentators pointed out that he might be neglecting an alternative explanation: that the U.S. and Japan are simply happy with the current document, as they have had a bigger say in creating the draft.

Irrespective of the arguments about causality, Michael’s blog post is a great example of what can be done with leaked documents and visualization! (via The Monkey Cage, where you can find more comments).

Finally, a quick follow-up on last week’s post on combat drones, again by Charli Carpenter at the Duck:

The Campaign to Stop Killer Robots secured an important victory last week when delegates of States Parties to the Convention on Certain Conventional Weapons (CCW) voted unanimously to take up the issue (…).

(…)

While this is an important and promising moment, the shape and trajectory of norm-building efforts will depend a great deal on the tenor and outcome of next May’s CCW meeting. And one thing is sure: if that meeting results in weaker norms that hoped for my human security advocates, NGOs may simply take their cause elsewhere.

Links: Drones; Forecasting; Ranking Researchers; Surveillance Logic

A combat drone, via Wikimedia commons
A combat drone, because that’s the most photogenic of all topics covered here today… (Wikimedia commons)

I hope you’re having a great week so far! My fellow bloggers have other obligations, so you’ll have to tolerate my incoherent link lists for the time being…

At the Duck of Minerva, Charli Carpenter makes a crucial point regarding the debate on military drones (emphasis added):

In my view, all these arguments have some merit but the most important thing to focus on is the issue of extrajudicial killing, rather than the means used to do it, for two reasons. First, if the US ended its targeted killings policy this would effectively stop the use of weaponized drones in the war on terror, whereas the opposite is not the case; and it would effectively remove the CIA from involvement with drones. It would thus limit weaponized drones to use in regular armed conflicts that might arise in the future, and only at the hands of trained military personnel. If Holewinski and Lewis are right, this will drastically reduce civilian casualties from drones.

I’d like to recommend a couple of links on attempts to forecast political events. First, the always excellent Jay Ulfelder has put together some links on prediction markets, including a long story in the Pacific Standard on the now defunct platform Intrade. Ulfelder also comments on “why it is important to quantify our beliefs”.

Second (also via Ulfelder), I highly recommend the Predictive Heuristics blog, which is run by the Ward Lab at Duke University. Their most recent post covers a dataset on political conflict called ICEWS and its use in the Good Judgment Project, a forecasting tournament that I have covered here on the blog as well. (#4 of my series should follow soon-ish.)

A post by Daniel Sgroi at VoxEU suggests a way for panelists in the UK Research Excellence Framework (REF) to judge the quality of research output. Apparently, there is a huge effort underway to rank scholars based on their output (i.e., publications) — and the judges have been explicitly told not to consider the journals in which articles were published. Sgroi doesn’t think that’s a good idea:

Of course, economists are experts at decision-making under uncertainty, so we are uniquely well-placed to handle this. However, there is a roadblock that has been thrown up that makes that task a bit harder – the REF guidelines insist that the panel cannot make use of journal impact factors or any hierarchy of journals as part of the assessment process. It seems perplexing that any information should be ignored in this process, especially when it seems so pertinent. Here I will argue that journal quality is important and should be used, but only in combination with other relevant data. Since we teach our own students a particular method (courtesy of the Reverend Thomas Bayes) for making such decisions, why not practise what we preach?

This resonates with earlier debates here and elsewhere on how to assess academic work. There’s a slippery slope if you rely on publications: in the end, are you just going to count the number of peer-reviewed articles in a CV without ever reading any of them? However, Sgroi is probably right to point out that it’s absurd to disregard entirely the most important mechanism of quality control this profession has to offer, despite all its flaws.

Next week, the Körber-Stiftung will hold the 3rd Berlin Foreign Policy Forum. One of the panels deals with transatlantic relations. I’m wonder if any interesting news on the spying scandal will pop up in time. Meanwhile, this talk by Dan Geer on “tradeoffs in cyber security” illustrates the self-reinforcing logic of surveillance (via Bruce Schneier):

Unless you fully instrument your data handling, it is not possible for you to say what did not happen. With total surveillance, and total surveillance alone, it is possible to treat the absence of evidence as the evidence of absence. Only when you know everything that *did* happen with your data can you say what did *not* happen with your data.

Links: Elections, Constitutions, PhDs, Instability, and Teaspoons

The teaspoon population in the author's research center
The teaspoon population in the author’s research center

Mark Kayser and Arndt Leininger sum up the results of their German election forecasting model and compare it to others. They had predicted a share of 47% for CDU/CSU and FDP (very close to the actual 46.3%). But they also point out that it’s much harder to predict the stability of coalitions…

Our model drew on previous election outcomes, characteristics of the government and of voters and, most originally, the relative economic performance of Germany in comparison to the two other most important economies in Europe (…). Our model fared at least as well as traditional polling, making us optimistic about the future of forecasting elections in general and forecasting German elections in particular.

The Comparative Constitutions project has launched a great new website called “Constitute” allowing everyone to get to know constitutions from all over the world. You can browse by country or by topic, but it seems that older versions are not included (via Monkey Cage).

Henry Farrell compares the controversy about the analyst Elizabeth O’Bagy to the case of former German defense minister Karl-Theodor zu Guttenberg, who had to resign in Germany (for plagiarism in his dissertation), but now works at a respected D.C. think-tank:

O’Bagy’s academic credentials were crucial to her status as an ‘expert.’ When these credentials exploded, so did her career. Zu Guttenberg’s value rests not on his purported academic training, but on his past political role and current political connections.

Jay Ulfelder argues that we live in a time of systemic instability, which is only inadequately captured by observers that stick to a perspective where “countries are a bit like petri dishes lined up on a laboratory countertop”. So we ought to think harder about connecting the dots between state failures, increasing piracy, the financial crisis, food prices, and long-time cycles of social unrest (which look slightly esoteric to me)…

…and since it’s Friday: Please make sure to read this research paper on the fate of teaspoons placed in the communal rooms of university research labs (via MR).

56 (80%) of the 70 teaspoons disappeared during the study. (…) The half life of teaspoons in communal tearooms (42 days) was significantly shorter than for those in rooms associated with particular research groups (77 days). The rate of loss was not influenced by the teaspoons’ value. (…) At this rate, an estimated 250 teaspoons would need to be purchased annually to maintain a practical institute-wide population of 70 teaspoons. (…) The loss of workplace teaspoons was rapid, showing that their availability, and hence office culture in general, is constantly threatened.

Syria, Chemical Weapons & Civil War: Is A Bad Plan Better Than No Plan?

syriareport

Yesterday, the United Nations published their report on the use of chemical weapons (CW) in Syria on August 21. You can read the conclusions above. Bottom line: Sarin has been used, but the report doesn’t explicitly blame either the Syrian regime or the rebels.

A few days earlier, on September 14, the Syrian government has officially requested to join the Chemical Weapons Convention (CWC). This is a reaction to the U.S. threat to launch an attack, paired with new diplomatic efforts by Russia (and others?). The UN has received all necessary documents now and the accession will be effective in mid-October.

So instead of witnessing yet another U.S. military campaign to punish a dictator, now we’re all warm and fuzzy about international law? It’s almost as if they are following Richard Price’s guide in Foreign Affairs step-by-step. German critics of an intervention (please note the great series of posts at Sicherheitspolitik-Blog) should be happy, too.

In addition, it looks like the UN Security Council – after months of paralysis and a grand total of one single press release mentioning Syria in 2013 – might actually pass a resolution soon. So Russia and the U.S. seem to have agreed on … something. To me, it is not entirely clear what to expect – but it seems to be focused on taking CW out of the picture.

Continue reading Syria, Chemical Weapons & Civil War: Is A Bad Plan Better Than No Plan?

Links: Taking Kids on Field Trips; Forecasting; Cyber Security; Syria’s Future; Football and Violence; New UN Blog; Honest Acknowledgments

Temperatures in Berlin are falling. Let’s wait and see what this means for the blog…

A great match to our little series on parenting:  Kim Yi Dionne writes about “taking children to an African country while you conduct research” (via the Duck)

Jay Ulfelder has two great posts on forecasting. One deals with common “screw-ups” in predictive models. The other is about the ethics of statistical forecasting, and the responsibility of researchers to be honest about their limits:

The fact that we use mathematical equations to generate our forecasts and we can quantify our uncertainty doesn’t always mean that our forecasts are more accurate or more precise than what pundits offer, and it’s incumbent on us to convey those limitations. It’s easy to model things. It’s hard to model them well, and sometimes hard to spot the difference.

Brandon Valeriano offers a comprehensive reading list on cyber security, nicely balancing intro stuff and very specialized articles.

Jeffrey Stacey writes about Syria’s future (“intervening not now but later”), with a big potential role for the EU:

It is difficult to predict which way the current conflict in Syria will end up, as even some sort of stalemate could be the result.  But if opposition forces were ultimately successful in defeating Assad’s forces then it would be difficult for Western governments to ignore their shared security interests in the assurance of post-conflict stability in Syria.

Andrew Bertoli has a paper about nationalism and aggression, arguing that countries that qualify for the football/soccer World Cup behave more aggressively. German weekly Zeit has an interview with him (h/t Tobias Bunde).

Instead of lamenting the state of the German twitter- and blogosphere, let’s try and improve networking! So far, I had completely overlooked the blog “Junge UN Forschung”, written by members of the German junior researcher’s working group for UN studies (h/t Christian Kreuder-Sonnen).

Finally, Dan Drezner offers 15 examples of a world where book acknowledgments are really honest, such as:

I’m grateful to Peter Klugman, a Big Shot in my field who made a useful offhand comment to me once. People reading this will hopefully think I really know him and therefore be impressed.

There’s No Balance of Cyber Threats

Map of APT1 activities
Map of APT1 activities (image taken from the Mandiant APT1 report)

In February, the American cyber security company Mandiant released a report “exposing one of China’s cyber espionage units” (PDF here). A large chunk of it boils down to three findings: The attacks on US infrastructures originated in China, they were orchestrated by a large and resourceful group, and Mandiant has studied that group to the extent where they can tell individual members apart.

Finally the authors point out that the activities of this “Advanced Persistent Threat #1” (APT1) have been tracked to a certain location in Shanghai, which also happens to host the headquarters of a Chinese military unit (PLA Unit 61398) dealing with cyber security. So Mandiant claims to be able to trace breaches into private U.S. security systems back to a unit of the People’s Liberation Army.

Cyber security analyst Jeffrey Carr has pointed out that the report leaves a lot to be desired, and that some of the claims about linking APT-1 to the PLA Unit 61398 appear to be wrong. There’s no reason to suspect that Carr naively wants to protect China. His comments rather illustrate the difficulty of attributing cyber “attacks” or “espionage” to particular actors.

Yet establishing such a chain of evidence is the whole point of the Mandiant report and the reason it got so much attention!

Continue reading There’s No Balance of Cyber Threats