15 Jan 2015

The Myth of a Secure Military

War on Terror 39 Comments

[UPDATE below.]

On NPR today they were talking about cybersecurity. The host made a throwaway remark along the lines that with private businesses, you couldn’t expect a full-throated response to the threats his expert guests were discussing, because they responded to the profit motive and it “wasn’t like Los Alamos.”

Here the host was referring to the famous lab where physicists and other scientists worked on the atomic bomb during World War II, and then continued to work on nuclear weaponry. His point, of course, was that the military engaged in state-of-the-art security to protect such critical secrets, whereas you couldn’t expect Visa to do the same thing for its customers.

This statement was immediately ironic, because the very discussion of the episode centered on the “hacks” of Sony and Target, yes, but also Centcom. So it’s clear that the U.S. military (if we take the press accounts at face value) was not immune to the very threats they were discussing on the show. To repeat, one of the news hooks for their discussion was the fact that U.S. Central Command’s twitter account had supposedly been hacked by ISIS.

Yet beyond that irony, there is the problem that Richard Feynman–a Nobel laureate in physics–recounts the famous tale in his wonderful memoir that he had discovered a huge security flaw while working on the atomic bomb. Specifically, Feynman had discovered that if someone left his or her office safe open (during the day while everyone was working), Feynman could “casually” read the combination from the interior of the exposed lock. Then he would go to his office and write it down, such that he had the ability to open the safes of a growing number of employees.

At one point Feynman visited the office of a colonel, and boasted that he could crack the colonel’s safe. Here’s how Feynamn tells the story:

“The only reason you think they’re safe in there is because civilians call it a ‘safe.’” (I put the word “civilians” in there to make it sound as if he’d been had by civilians.)

He got very angry. “What do you mean—it’s not safe?”

“A good safecracker could open it in thirty minutes.”

“Can you open it in thirty minutes?”

“I said a good safecracker. It would take me about forty-five.”

“Well!” he said. “My wife is waiting at home for me with supper, but I’m gonna stay here and watch you, and you’re gonna sit down and work on that damn thing for forty-five minutes and not open it!” (Surely You’re Joking Mr. Feynman, 145-146)

Feynman naturally cracks the safe (because he had read the combination while the colonel was looking at paperwork and the safe door was open), and astonishes the military man. Then he candidly explains the security vulnerability.

In response, guess what the colonel did? Maybe he contacted the company and had them alter the design for their huge client, namely the U.S. federal government? Nope.

Instead what he did was send out a memo telling everybody whom Feynman had visited, to change the combination on his or her safe.

One last thing: The Soviets did steal the secrets to the atomic bomb, and one of their spies was at Los Alamos. (Historians dispute the importance of the Soviet spy or spies at Los Alamos, but the Soviets definitely had spies and they definitely built the bomb faster than if they had had to rely on their own scientists.) So contrary to the NPR host, it’s probably good that private businesses rely on the profit motive, rather than the incentives facing State officials.

 

UPDATE: After I posted this, it occurred to me that I really don’t know what considerations the colonel and his superiors may have gone through, once Feynman alerted them to the security vulnerability. For example, it’s possible they considered sending a memo to everyone, warning not to leave the safes open during the day, but then rejected this plan because people wouldn’t obey it, and the memo would give the idea to would-be spies who were not as clever as Feynman. And I suppose it’s possible that they did contact the safe manufacturers, but Feynman had gone back to civilian life before seeing tangible results from his warning. In any event, as far as Feynman could tell (and as he reported in his memoirs), the only change the military made was to do a one-off reset of the combinations for the safes of people with whom he had had contact.

39 Responses to “The Myth of a Secure Military”

  1. E. Harding says:

    Come on, a Twitter account! I’m reminded of
    xkcd.com/932/

    • Matt M says:

      What kind of person has so little going on in their life that they devote precious time and resources to reading U.S. Government twitter accounts anyway?

      Someone could hack the Twitter and Facebook and Pinterest account of every single U.S. government agency and my life would be 0% worse off for it…

  2. Bob Roddis says:

    Most people seem to have a bizarre belief that government actors have magical powers of omniscience and benevolence and that they are not subject to praxeological reality like mere mortals. I submit that Keynesians suffer from that syndrome. I’ve lately come to believe that the Tea Party types do too regarding foreign policy. I’ve had similar experiences as Tom Woods:

    With a demoralizing 2016 presidential election cycle virtually upon us, I thought you might enjoy this trip down memory lane. Click here to read it!

    It seems especially relevant right now, since I’ve spent more time than I should have tonight reading through posts in a Tea Party Facebook group. I refuse to believe that conservatism was this vulgar when I belonged to it. The entire conservative intellectual tradition has given way to (1) allegations that Barack Obama is a secret Muslim, and (2) completely uncomprehending attacks on his foreign policy, oblivious to the fact that Obama is as much a creature of the bipartisan foreign-policy consensus as anyone.

    http://us5.campaign-archive1.com/?u=77713d21ff56f1c126607d2c5&id=f8740d791f&e=590249da93

    People do not and will not give up that belief system for anything. And anything that tends to contradict it just does not compute. I suspect that is why Keynesianism swept the world as it did. It merely verified and reinforced deeply and widely held beliefs in the magical nature of government action and actors. Piketty does the same thing for the left while O’Reilly and “fighting the Jihad” does the same thing for the “Tea Party” and Neocons.

    • Andrew says:

      I’ve spent more time than I should have tonight reading through posts in a Tea Party Facebook group. I refuse to believe that conservatism was this vulgar when I belonged to it.

      In fairness, there probably wasn’t a public forum for the type of people that post on a Tea Party Facebook group back when Tom was a conservative.

      • Matt M says:

        Indeed. This is an important critique of any and all criticisms that society in general is “more divided” or “more partisan” or that beliefs are “more extreme” than they were in the past. I don’t think this is necessarily true at all. It’s just that the removal of barriers to communication has resulted in it being very easy (sometimes unavoidable) to hear and read opinions dramatically different from your own.

        There were always extremist nutcases in the world. It just used to be that in order to hear them, you had to roam through the woods, stumble upon their compound, and convince them not to shoot you. Now all you have to do is google “southern poverty law center” (I kid, I kid… kinda)

        • Harold says:

          A rev=cent post here pointed to research by Pew Research said “The overall share of Americans who express consistently conservative or consistently liberal opinions has doubled over the past two decades from 10% to 21%.” That sounds like greater polarisation to me.

          “the removal of barriers to communication has resulted in it being very easy (sometimes unavoidable) to hear and read opinions dramatically different from your own.” Whilst this is true, it has also made it easier to seek out those that share your own views, even if they would be regarded as extreme by most people. Thus extreme views can be seen as mainstream by those that hold them.

    • Bob Roddis says:

      I don’t know if people are crazier now than 25 years ago. All I know is that I can link to excellent sources showing the Neocons demanding back in 2012 that Obama fund the Sunni (Al Qaeda) rebels in Syria and that such information (times 20) does not compute with the “Tea Party” crowd. Hey guys, where did ISIS come from?

      http://www.informationclearinghouse.info/article32021.htm

      Obama is under the sway of the Muslim brotherhood, don’t you know? And ISIS is the result of Obama being the Kumbaya Hug-the-Terrorist guy who foolishly left Iraq too soon!

      • E. Harding says:

        Obama is under the sway of the Muslim brotherhood, don’t you know?

        -His foreign policy has only symbolic differences with that of the Brotherhood in Syria and Libya, and America has little to no influence on events in Egypt. It gives it tribute every year for all seasons and reasons. Obama clearly isn’t under the sway of the Brotherhood in regards to Gaza, but is recognizing deteriorating U.S. relations with Likud.

    • Bob Roddis says:

      Millions of people apparently watch this guy and believe what he says on foreign affairs. There was nothing like this in 1990. This is just nuts.

      http://tinyurl.com/mg6nyld

      • E. Harding says:

        This is a common Syrian Rebel propaganda line, but it used to be true in much of the first half of last year. The Syrian opposition has gotten help from the Obama administration, but only just enough to lose.

    • guest says:

      Bob Roddis,

      As a former Neocon, I can say that you and Tom (in this case) are giving the Neocons far less credit than they deserve.

      The Left and the radical Muslims have the same goal: the destruction of what they believe is Capitalism.

      Obama DOES go out of his way to pander to the Muslims, refusing to place the blame for Islamic terrorism on the religion of Islam, itself.

      I understand that American foreign policy is a good reason to be pissed off at American military meddling, but these people will attack those who have done no such meddling, such as airplane passengers, office workers, and journalists.

      I’m supposed to look at this and conclude that these are REASONABLE responses to military meddling?

      What I’m more justified in believing – however misguided – is that these people do not need American meddling as a justification for terrorism, and that their actions would seem to betray any sense that I could take them at their word, as Ron Paul urges us to do, that they really just want to be left alone and they don’t care whether or not we are free.

      If you asked these Muslims whether or not they think Capitalism is responsible for American foreign meddling, what do you think their response would be? It’s not JUST American foreign policy that upsets them.

      Yes, the American military needs to stop trying to help other countries – Israel included. But when you talk to Neocons, you MUST acknowledge that the aspects of America that were intended to secure individual liberty are under attack by both the Left and by Muslims.

      Otherwise, the Neocons are just going to assume that you’re blaming the free market – which is what they believe America stands for – for the world’s problems.

      P.S. If you find a way, watch the Glenn Beck Program that was aired on FOX several years ago. Also research “the Audacity of Hope Flotilla”.

  3. JimS says:

    And many who believe that the government and the military are rather inept often buy into conspiracy theories. Yet a true conspiracy theorist would say leaving the combo visible WAS part of the plan.

    Are they inept? Yes. The government and the military are comprised of humans and being human means we are prone to error. Are there conspiracies? Perhaps. But they are equally as prone to such shortcomings.

  4. Andrew says:

    While I agree with you, Bob, that the military is not perfectly secure (nothing is), the military is significantly more secure than the vast majority of private enterprises. And a big reason for this is that the military is not motivated by profit in the way that private enterprises are. The military spends an ungodly amount of money on security. A private enterprise couldn’t do that and stay profitable. Consumers don’t place as high of a premium on security as the military does.

    I would agree with you if you said that most private enterprises have a more optimal level of security given what they’re protecting. You could also say that private enterprises generally get a better ROI from their security spending than the military does. But the military is still far more secure than most private enterprises.

    • Scott Lazarowitz says:

      Well, then let’s take away the tax-thefts from the military (and obviously, the entire government), to put everyone on a “level playing field” (level in the sense that the private sector folks are not allowed to seize tax-theft dollars away from others involuntarily, as the government is allowed to do), and then let’s see who can provide for themselves the better security.

      • Andrew says:

        I’m not sure what you’re getting at.

        • skingpool says:

          What he is getting at is that the Military can spend ungodly amounts of money on security because they are living off of money taken from the private sector.

          • Andrew says:

            Well yeah. I was thinking he had something less obvious in mind.

    • Tel says:

      Why do you believe that spending more money on security will deliver more actual security once the motive to be frugal is taken away?

      I could spend a million dollars on a toaster (with other people’s money) and what comes out would be remarkably similar to the toast coming out of a $50 toaster.

      • Andrew says:

        This is why I mentioned ROI. I agree that private companies get more bang for their buck than the military when it comes to security spending. However, the military is spending so much more than private companies that they overwhelm their poor ROI.

        To borrow from your example, if you spent $10 million dollars, you could get ten toasters. And then you would have ten times as many toasters as the guy who spent $50 on one toaster. Even though you have been terribly inefficient with your funds, you still have way more toasters than the next guy.

    • Strat says:

      The reason why private companies don’t need to spend as much money on security is obvious. Private companies require a lot less information, and once they have used it (e.g. to check a customers credit) they dispose of it.
      The government collects and stores everything (there are a bunch of reasons why, but mostly because bad government policies lead to a need to create more bad government policies.)

      If you were to hack the databases of 95% of the Forbes 500 you would get very little of value. look @ sony, its profit is hardly impacted, and the reputational damage isn’t monetizable by the hackers.

      A good example is banks and payments companies that have much better security frameworks than almost all large government databases. Even with elevated privileges crediting a million dollars to your account would disappear in the overnight inter bank matching process, you’d also get arrested before the funds clear.

  5. khodge says:

    Thanks for the post! I’m still trying to figure out why it was Obama’s responsibility to scold North Korea for hacking a private Japanese company’s computer and why any of that should involve the resources of the US government.

    • E. Harding says:

      I think the U.S. government should have some interest in the fates of U.S. property owners’ property.

      • Major.Freedom says:

        They give us an offer we can’t refuse.

      • khodge says:

        Like a blank check?

        The president asserts that something affects US Citizens therefore the executive branch of the federal government is morally obligated to do something, regardless of how tangentially it affects any US Citizen’s private property rights (see Wickard v. Filburn where someone cannot grow food for himself without permission of the federal government), the federal government’s expertise (see the initial Obamacare rollout), or even without consulting the legislative branch of the government.

        • E. Harding says:

          What does the legislature have to do with anything? It’s there to make law, not to enforce it (which is the bureaucracy’s job).

          • Major.Freedom says:

            Why are you separating the legislature from the executive when it comes to laws? Enforcing laws presupposes making of laws. Yes they are different groups of people, but they are close enough to warrant a reply to someone who saw you write “the US government” as a single entity and followed that singular treatment.

    • guest says:

      I think “hack” is a loaded term.

      All “hacking” is is manipulating the signals on wires that are voluntarily connected to personal computers. It’s not like hackers are walking onto private property: the owner of the PC deliberately establishes a link to it from outside of his property.

      Hackers are, at worst, opportunists – not criminals.

      And as such, we do not need the government to protect us from non-crimes.

      Stop providing connections to your personal information, if you don’t want it discovered.

  6. Tel says:

    In 2007, President George W Bush was visiting Sydney for APEC with full secret service security plus New South Wales state police, plus Commonwealth federal police. You will remember this was the height of the terrorism scare and several wars going in the Middle East.

    Guests from various nations were stepping out of cars, when to everyone’s surprise one of the guests (within about 300 feet of the President) was that sneaky mastermind Osama Bin Laden! Turned up without an invitation, what a gate crasher. Some hours (and bail money) later the comedy team known as “The Chaser” show their security walkthrough on the public broadcasting channel.

    It’s on You Tube if you search around a bit.

  7. JimS says:

    What I find curious is why the combo is inside the safe? What good does that do? It is like having a spare key inside you car’s glovebox or ashtray (I knew someone who hid a spare under the hood which, of course, could only be opened by a lever inside the car.) or having a spare key for the house inside the house.

    • Bob Murphy says:

      No Jim you’re misunderstanding. The physical design of the safe was such that Feynman could pretend he was just absentmindedly fiddling with the safe door while it was open (in plain view of the occupant of the office), and he could “read” off the combo.

      • JimS says:

        Thanks for the clarification. Still, I wouldn’t put the other past them; a bit like the scene in the Holy Grail where they were supposed to jump out of the Trojan Rabbit they had all forgotten to get into. Still, what has the state or the Romans ever done for us, but I am mixing my movies now.

        By the way, make time to rent and watch “Of Gods and Men.” I think it is a very important movie for pacifists and I look forward to your comments on it. Great movie, but not for kids. I don’t think your son is ready for it.

  8. Josiah says:

    The Feynman book is great, but I would be careful about taking the stories in it at face value. It’s basically a compilation of stories Feynman used to tell at parties and many of them are probably either embellished or made up out of whole cloth.

    • Bob Murphy says:

      That’s funny, Josiah, I would guess Feynman is very accurate in his re-telling of those stories. Do you have any specific reason to say that?

      • Josiah says:

        Bob,

        A while back I tried to replicate the “bloodhound” experiment, which made me look at the stories in a diffierent light. A lot of the stories are based on Feynman not playing straight with people, playing jokes on people, etc. Several of the stories sound like jokes (e.g. “You Mean You Just Ask Them?”). And, of course, the book was put together by compiling stories Feynman told in between drum sessions, so it’s not like the guy was writing his autobiography.

        • Bob Murphy says:

          Did you try to replicate the “You Mean You Just Ask Them?” experiment?

          • Josiah says:

            I’m afraid I couldn’t get IRB approval for that one.

        • Harold says:

          I think I should read the book, but in the interim, any elucidation on the bloodhound expt?

  9. khodge says:

    If the problem of a rogue president (acting on nonexistent laws and heedless of any constitutional restraint) isn’t bothersome, perhaps we ought to take a step back: Who exactly are these US property owners whose rights are being trampled upon? Who has even petitioned the president to act? From what I have read, the only US citizens offended were offended by files maintained (but obviously not protected by) Sony.

    • Major.Freedom says:

      “Who here has a problem with us? Stand up and be recognized.”

      [silence]

      “Uh huh, that’s what we thought.” – Don Corleone.

Leave a Reply