The Daily Parker

Politics, Weather, Photography, and the Dog

Two on data security

First, Bruce Schneier takes a look at Facebook's privacy shift:

There is ample reason to question Zuckerberg's pronouncement: The company has made -- and broken -- many privacy promises over the years. And if you read his 3,000-word post carefully, Zuckerberg says nothing about changing Facebook's surveillance capitalism business model. All the post discusses is making private chats more central to the company, which seems to be a play for increased market dominance and to counter the Chinese company WeChat.

We don't expect Facebook to abandon its advertising business model, relent in its push for monopolistic dominance, or fundamentally alter its social networking platforms. But the company can give users important privacy protections and controls without abandoning surveillance capitalism. While some of these changes will reduce profits in the short term, we hope Facebook's leadership realizes that they are in the best long-term interest of the company.

Facebook talks about community and bringing people together. These are admirable goals, and there's plenty of value (and profit) in having a sustainable platform for connecting people. But as long as the most important measure of success is short-term profit, doing things that help strengthen communities will fall by the wayside. Surveillance, which allows individually targeted advertising, will be prioritized over user privacy. Outrage, which drives engagement, will be prioritized over feelings of belonging. And corporate secrecy, which allows Facebook to evade both regulators and its users, will be prioritized over societal oversight. If Facebook now truly believes that these latter options are critical to its long-term success as a company, we welcome the changes that are forthcoming.

And Cory Doctorow describes a critical flaw in Switzerland's e-voting system:

[E]-voting is a terrible idea and the general consensus among security experts who don't work for e-voting vendors is that it shouldn't be attempted, but if you put out an RFP for magic beans, someone will always show up to sell you magic beans, whether or not magic beans exist.

The belief that companies can be trusted with this power [to fix security defects while preventing people from disclosing them] defies all logic, but it persists. Someone found Swiss Post's embrace of the idea too odious to bear, and they leaked the source code that Swiss Post had shared under its nondisclosure terms, and then an international team of some of the world's top security experts (including some of our favorites, like Matthew Green) set about analyzing that code, and (as every security expert who doesn't work for an e-voting company has predicted since the beginning of time), they found an incredibly powerful bug that would allow a single untrusted party at Swiss Post to undetectably alter the election results.

You might be thinking, "Well, what is the big deal? If you don't trust the people administering an election, you can't trust the election's outcome, right?" Not really: we design election systems so that multiple, uncoordinated people all act as checks and balances on each other. To suborn a well-run election takes massive coordination at many polling- and counting-places, as well as independent scrutineers from different political parties, as well as outside observers, etc.

And even other insecure e-voting systems like the ones in the USA are not this bad: they decentralized, and would-be vote-riggers would have to compromise many systems, all around the nation, in each poll that they wanted to alter. But Swiss Post's defect allows a single party to alter all the polling data, and subvert all the audit systems. As Matthew Green told Motherboard: "I don’t think this was deliberate. However, if I set out to design a backdoor that allowed someone to compromise the election, it would look exactly like this."

Switzerland is going ahead with the election anyway, because that's what people do when they're called out on stupidity.

Duke killed public transit?

CityLab reports that my alma mater has doomed the Durham-Orange Light Rail Transit project in North Carolina:

DOLRT has consumed more than $130 million in public money. In 2011 and 2012, voters in Durham and Orange counties approved half-cent sales taxes to fund transportation improvements, including the light rail, to better connect major employers like UNC-Chapel Hill, Duke University, N.C. Central University, a VA hospital, and businesses in bustling downtown Durham. Construction of the estimated $2.7 billion project was to start next year; an application to the Federal Transit Administration was due this spring for federal funding of $1.25 billion. The state agreed to contribute $190 million.

But all this came to a screeching halt on February 27, when Duke University officials said they would not sign a cooperative agreement. (The project required 11 partners to ink cooperative agreements; only Duke, Norfolk Southern, and the North Carolina Railroad Company, which manages a major rail corridor, remain unsigned.) A week later, Duke declined a request to participate in a mediated negotiation with GoTriangle, the region’s transportation authority.

What happened?

In a letter to GoTriangle, Duke President Vincent Price and other officials cited issues with the light rail’s alignment along Erwin Road in Durham, which runs next to the university’s sprawling medical complex. Price expressed concerns that magnetic interference could hurt high-tech diagnostic and research equipment. Other issues included construction disruption that could affect a utility line, and vibrations from digging and placing the supports for an elevated track, and legal liability. In declining further talks, the Duke leaders said that the project’s route “poses significant and unacceptable risks to the safety of the nearly 1.5 million patients who receive care at our hospital and clinics each year, and the future viability of health care and research at Duke.”

That seems...unlikely. So what is Duke really complaining about? It's unclear. But that they brought this point up now and not in 2016 or even earlier seems intentional. And that's really crappy.

Oops, pardon me!

This morning two bad things happened to convicted felon and all-around slimy guy Paul Manafort. First, he got sentenced to another 47 months in jail as a result of his second conviction:

In [Federal] court Wednesday, Judge Amy Berman Jackson criticized Manafort and his defense attorneys for repeatedly blaming his hard fall from power on his decision to work for Trump, which attracted the attention of the special counsel investigating Russian interference in that campaign.

“This defendant is not public enemy number one, but he’s also not a victim either,” Jackson said. “There’s no question this defendant knew better, and he knew exactly what he was doing.”

The question of whether anyone in Donald Trump’s campaign “conspired or colluded with” the Russian government “was not presented in this case,” she said, so for Manafort’s attorneys to emphasize that no such collusion was proved, she said, is “a non-sequitur.”

Just minutes later, a state grand jury in New York indicted Manafort on 16 felony counts that could keep him in prison for the rest of his life:

The new state charges against Mr. Manafort are contained in a 16-count indictment that alleges a yearlong scheme in which he falsified business records to obtain millions of dollars in loans, [Manhattan district attorney Cyrus] Vance said in a news release after the federal sentencing.

“No one is beyond the law in New York,” he said, adding that the investigation by the prosecutors in his office had “yielded serious criminal charges for which the defendant has not been held accountable.”

The indictment grew out of an investigation that began in 2017, when the Manhattan prosecutors began examining loans Mr. Manafort received from two banks.

Remember, whatever clemency Manafort could get under the President's pardon power, that power does not extend to state crimes. The same goes with related state-level investigations into the Trump Organization and the president himself that appear to have started within multiple New York law-enforcement agencies.

Josh Marshall has written often that the Trump Organization's business "would never survive first contact with law enforcement." As anyone who has followed Donald Trump's career over the year knows, this is axiom. And it is happening.

Once is accident, twice is conspiracy...

The House of Commons voted 391-242 this evening to reject PM Theresa May's slightly-revised Brexit deal, further throwing the country's prospects after March 29th into chaos:

Because of this defeat, tomorrow Commons will vote on whether to leave the EU without a deal, and if that vote fails, there will be a vote Thursday on whether to extend Article 50. If that vote fails...holy mother forking shirtballs, the UK is forked.

The world panics about an airplane

Two Boeing 737 Max 8 airplanes have crashed shortly after takeoff in the last few months, killing hundreds of passengers and crew. As a result, the European Union, the UK, China, and other countries have grounded the model pending investigations. Notably, the FAA has not. In the US, only American and Southwest are flying the new plane.

This is, simply put, panic. But no one wants to be the guy who will get blamed if another one goes down, even though that is highly improbable.

The Lion Air crash in Indonesia back in October seems related to a software change in the 737 Max 8 that the pilots didn't know about. That accident is still under investigation. Obviously so is Monday's crash in Ethiopia, with the flight data and voice recorders only retrieved yesterday.

While the Washington Post runs a story about how similar the crashes appear, and the President spouting off about how planes are too complex to fly these days, I turn to fellow pilot James Fallows for a dose of reason:

In the Lion Air crash, the pilots apparently kept trying to pull the plane’s nose back up. The MCAS system kept pushing it down. The automated system eventually won. The question that’s not yet answered about that crash is why the pilots didn’t turn off or disable this system. Such fail-safe override controls are built into every automated flight system I’ve ever heard about. As Patrick Smith discusses in his post, it’s possible that the pilots didn’t understand how the new MCAS system worked, or what it would be trying to do. It’s possible that they didn’t know where the overrides were. It’s possible that … well, anything might have occurred.

Is this what happened in the Ethiopian Airlines case as well? Was the AOA-sensing system that triggers the MCAS flawed or broken? Were the automatic controls trying to push the plane down, down, down, while the pilots fought to keep it up? Did the pilots try to override or disable the system? (For instance, by lowering the plane’s flaps, which happens on every landing and is designed to automatically disable the MCAS system.) Were they caught by surprise and unaware of what that system was doing? Were they fully aware, but still unable to alter the fatal path down?

Or was something else, something entirely unrelated, responsible for this crash? Something that had nothing to do with this model of airplane, or these new automated systems? At the moment, I believe no one knows. That is what Boeing, the Ethiopian authorities, the National Transportation Safety Board, and the world’s airlines are trying to figure out. There are enough differences between the two crashes—for instance, in the fluctuations in speed and altitude before impact—that the causes could turn out to be wholly unconnected.

Fallows links to "Ask the Pilot" Patrick Smith, with this also reasonable thought:

For pilots, dealing with the unwanted nose-down command would be, or should be, straightforward. The MCAS commands, faulty or not, can be overridden quickly through a pair of disconnect switches. Why the Lion Air pilots failed to do this, if in fact they did, is unclear, but unaware of the system’s defect in the first place, we can envision a scenario in which they became overwhelmed, unable to figure out in time what the plane was doing and how to correct it.

“Though it appears there’s a design flaw that Boeing will need to fix as soon as possible,” I wrote in November,“passengers can take comfort in knowing that every MAX pilot is now acutely aware of this potential problem, and is prepared deal with it.”

The Ethiopian accident, though, makes us wonder. With the Lion Air crash fresh on any 737 MAX pilot’s mind, you’d expect the crew to have recognized the malfunction right away and reacted accordingly. Did a disconnect somehow not work? Were they so inundated by a cascade of alarms, warnings, and erratic aircraft behavior that they failed to recognize what was happening? Or was the problem something else completely?

We won't know for a long time, in any event no sooner than the FDR and CVR data gets analyzed.

Semi-annual time-change angst

I'm not going to link to any of the articles published in the last few days about how no one likes changing the clocks to and from Daylight Saving Time. Suffice to say, the debate hinges on two simple questions: how early do you want the sun to set, and how late do you want it to rise, in winter?

For a concrete example, if you live in Chicago, do you want the sun to rise at 7:19 or 8:19 on January 3rd (the latest of the year)? And if the sun rises at 8:19 that morning, is that an acceptable price to pay for the sun setting at 5:20 (instead of 4:20) on December 8th (the earliest of the year)?

A switch to year-long DST would mean that the sun would rise over Lake Michigan after 7am from October 12th until March 17th—five months of morning gloom, offset by the sun never setting before 5pm.

On the western edge of US time zones, the results would be truly weird. Just across Lake Michigan from Chicago is Benton Harbor, Mich. Year-long DST would make the earliest sunset there occur at 6:14pm. But the latest sunrise would be at 9:14am, with the sun rising after 9am from December 7th through January 31st, and the sun rising after 8am from October 17th through March 14th. After 7am? August 22nd through April 19th. Yes, permanent DST would relegate places like Western Michigan, Western Nebraska, and Idaho to nine months of gloomy mornings.

Ultimately I think this is why the permanent-DST proposals will go nowhere in the US. The parts of the US most sensitive to late sunrises (farming areas) will be the ones most affected.

And hey, won't Spain be fun when permanent DST comes to Europe in two years. The sleepy town of Pontevedra, Spain, on the west coast of that country and at about the same latitude as Chicago, will enjoy sunrises at 10:04am in January should Spain go permanently to UTC+2. (But hey, the sun will never set there before 7pm, so maybe that's a good trade-off?)

Of course, this is all about psychology. The sun rises and sets on its own; only our need to agree on time causes these odd artifacts. Maybe in western Spain they'll simply start work at noon? (Or, more likely, switch to UTC+1 year-round.)

Trips to Europe will need EU registration starting in 2021

When I first heard this morning that visa-free travel to Europe would end for US citizens in 2021, I was dismayed. I remember how time-consuming it was to get a visa before the visa-waiver program started in the late 1980s. And I figured that the US would retaliate, requiring visas from Europeans, which would essentially destroy tourism between the two regions.

The reality isn't really anything like that. In fact, it merely brings the EU in line with what the US has required of visa-free travelers for years.

Starting in 2021, Americans will simply need to register with the EU equivalent of our Electronic System for Travel Authorization, or ESTA:

Currently, US citizens can travel to Europe for up to 90 days without any sort of travel authorization. ETIAS will change that.

Visa-free travelers, including US citizens, will need to request ETIAS authorization before visiting the Schengen Area. They can complete an application and pay a service fee of 7 euros (about $8) online. The authorization is valid for three years.

"Completing the online application should not take more than 10 minutes with automatic approval being given in over 95% of cases," the European Commission said in a statement.

The United States won't be the only country affected by the changes. From 2021, citizens from 60 countries will be required to apply for the ETIAS before entering the Schengen Area. Brazil, Canada, New Zealand, Singapore, Israel and Mauritius are among those countries.

So this should not affect taking a last-minute trip on the Eurostar, or crossing from Northern Ireland into the Republic. And it's fair; we've required ESTA registration from all overseas visitors for many years. I'm annoyed particularly at NPR for getting the details totally wrong in their newscast this morning.

Weekend reading list

Just a few things I'm reading that you also might want to read:

And finally, it's getting close to April and the Blogging A-to-Z Challenge. Stay tuned.

Is my party drifting into Corbynism?

Representative Ilhan Omar (D-MN) has made comments throughout her career that sound pretty clearly anti-Semitic. Three of my favorite columnists find this, and the party's response, alarming.

First, Bret Stephens, a Democrat:

Like many self-described progressives, Omar does not like Israel. That’s a shame, not least because Israel is the only country in its region that embraces the sorts of values the Democratic Party claims to champion. When was the last time there was a gay-pride parade in Ramallah, a women’s rights march in Gaza, or an opposition press in Tehran? In what Middle Eastern country other than Israel can an attorney general indict a popular and powerful prime minister on corruption charges?

For those who don’t get it, claims that Israel “hypnotizes” the world, or that it uses money to bend others to its will, or that its American supporters “push for allegiance to a foreign country,” repackage falsehoods commonly used against Jews for centuries. People can debate the case for Israel on the merits, but those who support the state should not have to face allegations that their sympathies have been purchased, or their brains hijacked, or their loyalties divided.

As the criticism of Omar mounts, it becomes that much easier for her to seem like the victim of a smear campaign, rather than the instigator of a smear. The secret of anti-Semitism has always rested, in part, on creating the perception that the anti-Semite is, in fact, the victim of the Jews and their allies. Just which powers-that-be are orchestrating thatcampaign? Why are they afraid of open debate? And what about all the bigotry on their side?

Second, Michele Goldberg, who is not a Democrat but is Jewish:

I think Omar deserves criticism. Criticism, however, is not the right word for what she’s faced. As one of the first two Muslim women in Congress — and the first to wear a hijab — Omar has been subject to a terrifying campaign of racist vilification, including a poster in the rotunda of the West Virginia Capitol linking her to 9/11. She is treated as a dangerous foreign interloper in American politics and the embodiment of anti-Semitism, even though her Republican colleagues routinely demonstrate far worse anti-Jewish bigotry.

House Democratic leaders have been widely panned for their handling of the Omar affair, but its contradictions put them in a near-impossible bind. To ignore her words would be to tolerate mild anti-Semitism, an unsavory proposition at any time, but especially now, when many Jews feel newly vulnerable in a country that’s long been a haven. To publicly rebuke her would mean joining in the over-the-top demonization of a black Muslim woman facing death threats. Ultimately, Democrats on Thursday settled on a resolution condemning anti-Semitism, anti-Muslim discrimination, and “bigotry against minorities,” a blandly inoffensive document that didn’t seem to satisfy anyone.

Every Democrat present backed the resolution, but 23 Republicans voted against it. It was a reminder that while Democrats sometimes fail to live up to the ideals of multiethnic democracy, Republicans don’t seem to recognize those ideas at all. Omar needs to do better, but right now there’s still only one political party in America that is a safe place for hate.

Finally, Andrew Sullivan, who is neither a Democrat nor Jewish:

It should be possible to criticize Washington’s relationship with Israel without deploying crude and freighted language like this. But it got me wondering: Is it possible to write honestly about the Israel lobby’s power in D.C. without using any anti-Semitic “tropes” at all?

The basic facts are not really in dispute. A very powerful lobby deploys the money and passions of its members to ensure that a foreign country gets very, very special treatment from the U.S. Many of its supporters are Evangelical Protestants who want to accelerate the Second Coming. Others spring from an older and very American form of Christian Zionism. Many others are also American Jews with a commitment to Israel that has its roots both in the Torah and in a vow never to allow a second Holocaust.

The first bill introduced into the Senate in this Congress was one that made it illegal for any American to boycott goods from the West Bank, without suffering real economic consequences from their own government. It’s a federal bill designed to buttress several state bans on Americans’ right to boycott Israeli goods. Now here’s a clear case of conflict between the free speech rights of Americans and Israel’s continuing occupation of the West Bank. And the Senate voted for Israel’s occupation over the rights of its own citizens by a margin of 77– 23. One recalls what a former AIPAC head, Steve Rosen, said to Jeffrey Goldberg over lunch in 2005: “‘You see this napkin? In 24 hours, we could have the signatures of 70 senators on this napkin.” He was too modest.

I think this grotesque distortion of U.S. foreign policy deserves a much wider debate, but is constrained by cheap accusations of anti-Semitism. To give an example, if a critic of Israel were to use the exact same words as Steve Rosen, and argue that AIPAC is so powerful it could snap its fingers and have 70 senators’ signatures on a bill within 24 hours, he’d likely be deemed a bigot. And that is part of the Israel lobby’s power: its capacity to punish anyone for opposing it. It seems to me that it is simply a fact that the Israel lobby uses money, passion, and persuasion to warp this country’s foreign policy in favor of another country — out of all proportion to what Israel can do for the U.S. That comes perilously close to anti-Semitic tropes, but it’s also the truth. AIPAC, like the NRA, is a uniquely American phenomenon, and again like the NRA, full of an intense fanaticism that sometimes beggars belief. In many ways, this passionate intensity is understandable. History matters. But it’s not a rational way for a great power to conduct foreign policy. The one-way street has also corrupted Israel, wrecked its moral standing, and enabled the country to keep ratcheting toward the far right in self-destructive ways.

We're still nowhere close to the rampant anti-Semitism in Jeremy Corbyn's Labour party, but Sullivan is right that we need to discuss this further. 

Gosh, who do you root for?

The Times is reporting that Michael Cohen has sued the Trump Organization for $1.9m in unpaid legal fees:

The lawsuit, filed in New York Supreme Court in Manhattan, said that the Trump Organization had agreed to pay Mr. Cohen attorney’s fees or related costs connected to his work with the Trump Organization but had failed to live up to that promise.

Mr. Cohen is also seeking reimbursment for an additional $1.9 million he was ordered to pay in fines, forfeitures and restitution after he pleaded guilty to breaking campaign finance laws, tax evasion and lying to Congress, the lawsuit said.

The complaint said that around July 2017, Mr. Cohen and the Trump Organization entered an agreement under which the company would pay for Mr. Cohen’s legal fees and costs connected to investigations being conducted by Congress and Robert S. Mueller III, the special counsel who is investigating Russian interference in the 2016 election.

This should be interesting. I wonder if Trump will plead that the contract was unlawful because it served a corrupt purpose?