Skating on Stilts -- the award-winning book

Now available in traditional form factor from Amazon and other booksellers.

It's also available in a Kindle edition.

And for you cheapskates, the free Creative Commons download is here.

Stilts Scoops Drudge, The Atlantic, and Reuters by … Two Years

Matt Drudge and The Atlantic are hyperventilating, and Mark Hosenball of Reuters is bragging, about what The Atlantic calls an “exclusive” report that DHS “routinely monitors dozens of popular websites, including Facebook, Twitter, Hulu, WikiLeaks and news and gossip sites including the Huffington Post and Drudge Report.” 

There are just two problems with this exclusive news report. It isn’t news and it isn’t exclusive. 

Readers of this blog could have learned exactly the same thing in one of my posts from, uh, February of 2010. 

Here’s what I said two years ago:

With his usual nudge-and-wink, Matt Drudge invites us to be dismayed that “BIG SIS” — his moniker for Janet Napolitano — is “Monitoring Web Sites for Terror and Disaster Info.” Drudge links to a story saying that DHS will be monitoring social media like Twitter, as well as websites like Drudge, to keep abreast of events during the Winter Olympics. The source of the story is a twelve-page “Privacy Impact Assessment” issued by DHS.

This isn’t the first Privacy Impact Assessment (PIA) on DHS’s use of social media. A few weeks earlier, DHS wrote a similar assessment of using social media during Haitian rescue operations.

I am indeed dismayed, but not for Drudge’s reasons.  True, it’s disappointing that neither the Volokh Conspiracy nor www.skatingonstilts.com is deemed worthy of government monitoring.  But what’s really dismaying is that DHS and its Privacy Office felt obliged to labor over two separate and painfully obvious privacy assessments just to do things that you and I would do by simply firing up our browsers.

That’s it.  The story is that people at DHS are, gasp, browsing the Internet. As I said then, there’s no scandal, other than the electrons wasted by DHS agonizing over the privacy implications of browsing Internet sources to find out what’s happening in the world.  And if it was a nonstory in February of 2010, what does that make it in January of 2012?

Actually, it's a lesson -- that both the mainstream media and the blogosphere are doggedly overreporting anything that could be deemed a privacy violation by government, especially DHS.  If you only followed these things casually, you’d be sure that DHS was constantly violating Americans’ rights, and reports like this would be a key bit of evidence.  But when you give the “story” a little scrutiny, all you find is an agency that needs to know what’s happening in an emergency and that is looking at public social media sites for information, just like the rest of us.  There’s no privacy issue there at all, despite the heavy breathing and the headlines.

Kind of makes you wonder how many more phony privacy violations you’ve been conned into believing, huh?

UPDATE: Mark Hosenball of Reuters says that he never called his report an exclusive, since he knew about the 2010 assessment; the "exclusive" label was applied by The Atlantic, not Hosenball.  I changed the first line to avoid tagging him with the statement.

Testifying against SOPA

I will be testifying next Wednesday against SOPA, reprising my concerns about its impact on implementation of new web security protocols. I've blogged those concerns here and here. The hearings are being held by Darrell Issa (R-CA), chair of the House Oversight and Government Reform Committee, who is troubled by the Judiciary Committee's determination to take SOPA to the floor without hearing from witnesses on this issue. More details here.

Air France 447 and the Future of Socially Engineered Cyberwar

I recently read Popular Mechanics’ riveting article reconstructing the last minutes Air France 447, which in 2009 disappeared without explanation over the Atlantic between Rio and Paris. Using the cockpit transcript, the article reveals that the pilots essentially flew a fully functioning passenger jet into the sea. Why?  It appears that a temporary loss of flight speed data and then the disconnection of autopilot systems panicked a copilot into lifting the nose of the plane.  He then more or less kept the stick pulled all the way back as the plane lost forward speed and plunged into the ocean, paying no attention to dozens of blared stall warnings. Here’s a bit of the transcript and Popular Mechanics’ commentary:

02:10:55 (Robert) Putain!
Damn it!
Another of the pitot tubes begins to function once more. The cockpit's avionics are now all functioning normally. The flight crew has all the information that they need to fly safely, and all the systems are fully functional. The problems that occur from this point forward are entirely due to human error.
02:11:03 (Bonin) Je suis en TOGA, hein?
I'm in TOGA, huh?
Bonin's statement here offers a crucial window onto his reasoning. TOGA is an acronym for Take Off, Go Around. When a plane is taking off or aborting a landing—"going around"—it must gain both speed and altitude as efficiently as possible. At this critical phase of flight, pilots are trained to increase engine speed to the TOGA level and raise the nose to a certain pitch angle.
Clearly, here Bonin is trying to achieve the same effect: He wants to increase speed and to climb away from danger. But he is not at sea level; he is in the far thinner air of 37,500 feet. The engines generate less thrust here, and the wings generate less lift. Raising the nose to a certain angle of pitch does not result in the same angle of climb, but far less. Indeed, it can—and will—result in a descent.
While Bonin's behavior is irrational, it is not inexplicable. Intense psychological stress tends to shut down the part of the brain responsible for innovative, creative thought. Instead, we tend to revert to the familiar and the well-rehearsed. Though pilots are required to practice hand-flying their aircraft during all phases of flight as part of recurrent training, in their daily routine they do most of their hand-flying at low altitude—while taking off, landing, and maneuvering. It's not surprising, then, that amid the frightening disorientation of the thunderstorm, Bonin reverted to flying the plane as if it had been close to the ground, even though this response was totally ill-suited to the situation. 

The article offers a final observation on what things were like in that cockpit, minutes from the crash:

Over the decades, airliners have been built with increasingly automated flight-control functions. These have the potential to remove a great deal of uncertainty and danger from aviation. But they also remove important information from the attention of the flight crew. While the airplane's avionics track crucial parameters such as location, speed, and heading, the human beings can pay attention to something else. But when trouble suddenly springs up and the computer decides that it can no longer cope—on a dark night, perhaps, in turbulence, far from land—the humans might find themselves with a very incomplete notion of what's going on. They'll wonder: What instruments are reliable, and which can't be trusted? What's the most pressing threat? What's going on? Unfortunately, the vast majority of pilots will have little experience in finding the answers.

That all sounds right.  But like everything else these days, it made me think about cyberwar.  Some of the most effective tactics used by our adversaries have a social engineering component.  That is, they know how humans react to certain situations and take advantage of that reaction to gain control of our computers.  They know we’re likely to open messages and click on links sent by superiors in our organization. They know we will accept friend requests from people who are already connected to a lot of our friends.  Stuxnet took advantage of social engineering of a sort by making sure that the systems reported normal activity to the humans in the control center while sending abnormal requests to the machines.  The humans believed what their controls told them.

What does this have to do with the crash of AF447?  The reaction of the AF447 pilots was tragically human.  Once we lose faith in computer systems, especially in an emergency, all of us are likely to ask, “What instruments are reliable, and which can't be trusted? What's the most pressing threat? What's going on?” And if we have only minutes to make a decision, we’re likely to lock on a fragment of our training and keep trying it. The evidence that we’re failing disastrously just makes us pull harder on the stick.

So:  Why can’t that reaction be engineered? Put another way, could a hacker have caused the AF447 crash, not by directly overriding the pilots but by manipulating their very human reactions? I should stress that I don’t believe a hacker did that.  Quite the reverse. I’m asking whether future cyberattacks will try to manipulate the human beings behind the computers. 

On reflection, the answer is obvious.  All of war is an effort to manipulate the opponent into a different, defeated frame of mind. But the logical conclusions are pretty troubling. Even as we begin to deploy automated defenses against remote sabotage, attackers will turn to social engineering to defeat them. Once again, this gives the offense far more options than the defense. 

Thus, imagine that we decide to improve our cyberdefenses by redesigning critical military or civilian systems so that computers alone cannot cause catastrophic missteps. That’s good, but it simply challenges the attacker to find a way to influence not just the computers but also the humans – to panic the humans into a catastrophic misstep. Even if the attacker can’t fly our planes into the sea, maybe he can get our pilots to do it for him. Even if he can't cross the air gap to bring down our nuclear plants, he might be able to fake an emergency in the operations center that leads to the same outcome.

As AF447 shows, the key to such an attack is to create doubts about what is true in a situation where decisions must be made in minutes.  Then, as AF447 shows, humans revert to muscle memory and to training, which in some cases can lead rather predictably to disaster.

We’re already seeing rudimentary social engineering in cyberattacks.  We need to get ready for something a lot more sophisticated.

SOPA-rope-a-dopa

Critics of the Stop Online Piracy Act (H.R. 3261) have had an impact.  A manager’s amendment has been offered by Lamar Smith, R-TX, the Judiciary Committee chairman.  I was critical of the first version.  Here’s my take on the new version.

This version contains several provisions aimed at the security concerns raised about the first version.  The new bill insists that it is imposing no technology mandate and that it should not be construed to impair the security of the domain name system or the network of an ISP that receives an order. And it whittles away at the original requirement that ISPs must “block and redirect” visitors to pirate sites. Now, the ISPs are only obliged to block those efforts, not to redirect the subscribers to an alternative site that warns against piracy. ISPs also get a safe harbor that allows them some assurance that they don’t have to redesign their networks to carry out the blocking.

Unfortunately, the new version would still do great damage to Internet security, mainly by putting obstacles in the way of DNSSEC, a protocol designed to limit certain kinds of Internet crime. Today, it’s not uncommon for crooks to take over Internet connections in hotels, coffee shops and airports -- and then to direct users to fake websites.  Users sent to a fake banking site are prompted to enter account and password data, which is used to loot the account. DNSSEC prevents such attacks by giving each website a signed credential that must be shown to the browser by the domain name system server before the connection can be completed.

That’s a great idea, but crooks will predictably try to override it.  Their best bet is to claim that the website doesn’t have a signed credential – a claim that will be plausible at least during the transition to DNSSEC.  What should a browser do if a website says it doesn’t have a signed credential yet?  The site might be telling the truth, or it might be a fake site backed by a DNS server that’s been tampered with.  To find out, the browser needs to ask a second DNS server, and if that server doesn’t give an answer, a third and a fourth server until it gets an answer. That’s the only way to keep criminals from blocking the real DNS credentials and offering their own.

Unfortunately, the things a browser does to bypass a criminal site will also defeat SOPA’s scheme for blocking pirate sites.  SOPA envisions the AG telling ISPs to block the address of www.piracy.com.  So the browsers get no information about www.piracy.com from the ISP’s DNS server. Faced with silence from that server, the browser will go into fraud-prevention mode, casting about to find another DNS server that can give it the address.  Eventually, it will find a server in, say, Canada.  Free from the Attorney' General’s jurisdiction, the server will provide a signed address for piracy.com, and the browser will take its user to the authenticated site.

That’s what the browser should do if it’s dealing with a hijacked DNS server.  But browser code can’t tell the Attorney General from a hijacker, so it will end up treating them both the same. And from the AG’s point of view, the browser’s efforts to find an authoritative DNS server will look like a deliberate effort to evade his blocking order.

The latest version of SOPA will feed that view.  It allows the AG to sue “any entity that knowingly and willfully provides …a product … designed by such entity or by another in concert with such entity for the circumvention or bypassing of” the AG’s blocking orders.

It’s hard to escape the conclusion that this provision is aimed squarely at the browser companies. Browsers implementing DNSSEC will have to circumvent and bypass criminal blocking, and in the process, they will also circumvent and bypass SOPA orders. The new bill allows the AG to sue the browsers if he decides he cares more about enforcing his blocking orders than about the security risks faced by Internet users. Indeed, the opaque language about “another in concert with such entity” makes perfect sense in the context of browser extensions.  It allows the AG to sue not just browsers but also add-ons with this feature.

OK, that’s the law.  Now imagine you are Microsoft, or Google, or Apple, or Mozilla.  The DNSSEC guys come to you and ask you to implement DNSSEC.  It won’t increase your revenue, they admit, but it will make the Internet much safer for your users.  You want to be a good internet citizen, so you think maybe you should devote some precious code-writing resources to the cause.  But first you ask your lawyers whether they foresee any problems. 

“Well, yes,” they’d have to say. “If you add code to the browser that implements DNSSEC, you’ll have to add code that circumvents criminal hijackings of the DNS system.  And that code can be declared illegal by the Attorney General pretty much whenever he likes.  You can litigate about it, of course, but if you lose, the AG can shut down all shipments of your browser until it’s been revised to the satisfaction of his staff and their advisers in Hollywood.”

Faced with that advice, would you implement DNSSEC?

Neither would I. 

In fact, I wouldn’t even allow the DNSSEC guys to write an extension that implemented their protocol. And so, by poising a sword of Damocles over the browser companies, SOPA will kill DNSSEC. 

Let’s hope that the opposition to SOPA hasn’t punched itself out against the first version of the bill, because this version is badly in need of a knockout punch.

More content than the Wall Street Journal -- and no paywall!

The Wall Street Journal recently published a round-robin dialogue on privacy featuring Jeff Jarvis, danah boyd, Chris Soghoian, and me. Our vibrant discussion was quite heavily compressed for publication, so two of the other participants have now published their contributions in full.  Jeff Jarvis's is here, and danah boyd's is here. Publishing the full version on the web seems like good practice generally, so I'm following suit, with a few edits to avoid cross-referencing material that hasn't been put on the web.  The Wall Street Journal's questions are in bold italics.

How much should people care about privacy?

 That’s like asking how much they should care about the weather. Some, for sure. If we don’t, we’re liable to end up deeply uncomfortable from time to time.

 But let’s not kid ourselves. Privacy is like the weather in another way, too. For all the complaining, no one is going to do much about it.

 They can’t. The price of storing and analyzing data is dropping exponentially; and keeping that data hidden is a hopeless task.

 So, in the end, we will adjust.  Privacy is the most adaptable of rights. 

 Sometimes our sense of what is private shrinks. The man who invented the right to privacy, Louis Brandeis, was appalled that ordinary newsmen could snap his picture and print it in the paper without so much as a by-your-leave.  And most of us can sympathize, if we remember the shock of seeing ourselves in a photo, looking quite different than we imagined.  But no one today thinks that photography is a privacy violation. We’ve adjusted to the new technology. 

 And sometimes our sense of privacy grows. Most of us would be deeply uncomfortable at the idea of having strangers sleeping in our homes, listening to our family conversations, and gossiping about us over the back fence. But Brandeis never gave the privacy risk posed by his servants a second thought.

 It's tempting, in that first uncomfortable moment when new technology starts to shrink our old sense of privacy, to ask for new laws to protect us from change.

 They won’t. Sooner or later, the laws on the books will yield to Moore’s law. But in the meantime, bad laws can do a lot of damage.

 Maybe it made sense to tell the FBI in Hoover’s day that its agents couldn’t compile clippings files on Americans who weren't suspected of acting improperly. But by the time of 9/11, when any coed could assemble clips files on her blind dates -- in seconds, for free, with the help of Google -- did it really make sense for FBI agents to be the only people in the country barred from printing out name searches?

 So, sure, we should care about privacy. But we should also care about dumb privacy laws whose cost we won’t appreciate until it’s too late.

 What is the harm that can be inflicted by bad privacy laws? Will it prevent us from catching terrorists or drug cartels?

 Bad privacy laws abound, but the harm they do is too often downplayed in the media. 

 Take the story of September 11 itself. As the attacks loomed, the secret court that approves national security wiretaps had plunged the FBI into turmoil -- but over privacy, not terrorism. Perhaps reacting to charges that it was merely a rubber stamp, the secret court had begun aggressively protecting Americans’ privacy -- by imposing harsh, career-killing sanctions on an FBI agent who failed to observe the Wall between law enforcement and intelligence.

 As described in Skating on Stilts, the court’s harsh punishment was still reverberating when the FBI learned that two al Qaeda operatives had entered the US. Members of its massive Cole bombing task force begged for a chance to track them down.  But no one was willing to risk the secret court’s wrath by using a criminal task force to pursue intelligence leads.

 And so we missed our last, best chance to stop the 9/11 attacks -- thanks to the secret court’s misplaced enthusiasm for a dubious privacy doctrine. That’s what turned me from a moderate privacy supporter into a profound skeptic. 

 Worse, because the secret court has never been held to account for its fecklessness, it is reportedly still following the same path -- imposing new and secret privacy restrictions on our intelligence agencies. And leaving us all at risk of becoming the next privacy victims.

 You've said that privacy advocates have helped turn our computers into surveillance machines; what privacy laws are you referring to? And how should it have been prevented? 

 There are indeed privacy laws that make computer defense much more difficult.  European laws protecting employee privacy make it harder to secure corporate networks, and U.S. privacy rules make it hard for the government to identify and warn Americans whose computers have been taken over by botnets. But the real problem is the way privacy groups have prevented the government from making policy changes in response to the growing danger of network attacks. 

 Take intrusion detection. Many corporate networks use technology that monitors networks to detect intrusions and alert administrators to threats. As long ago as the 1990s, the Clinton Administration proposed creating a Federal Intrusion Detection network, or FIDNet, that would do the same thing for civilian government networks.  It didn't happen. FIDNet was condemned by privacy groups as "a monitoring system that threatens privacy and other civil liberties.” Along with their allies in the press, privacy advocates made FIDNet so controversial that Congress killed it. When George W. Bush revisited the idea, it made even less progress.  Only now, after a third President has raised the alarm about network attacks, are we beginning to roll out coordinated intrusion detection for the civilian arms of government.  Of course we're a decade late; foreign governments have had ten years to steal all the information the privacy advocates now say they’re worried about – delays caused in large part by the privacy advocates themselves. 

If secret court orders protecting privacy led to 9/11, as you contend - isn't the answer to not have secret courts? Not that privacy is terrible?

 Secrecy may well be cloaking dubious rulings by the secret court, just as it cloaked the court's enforcement of the Wall. But we can't expose those rulings without also exposing the highly classified intelligence operations the court is overseeing.  To solve this kind of dilemma, the Congress's intelligence committees sometimes conduct classified investigations and release an unclassified summary of their findings.  Maybe the value of such an investigation is one thing that privacy advocates and I (and the Wall Street Journal) can all agree on.

 But the problem at its heart is not secrecy.  It's the court's willingness to create novel privacy and civil liberties protections.  That may sound like a good thing, but it cost us dearly in August 2001. We should consider that cost before we impose new privacy rules.

Adele Tops The Supremes

Why is there so much bad privacy law, and so many privacy victims? Here's my theory.  Privacy advocates exploit that first uncomfortable moment when we realize that technology is changing our world, offering a Luddite illusion that law can prevent uncomfortable change.  The result is laws and court rulings on privacy that quickly become quaint.

It’s not hard to find support for that view if you compare United States v. Jones, the GPS 4th Amendment case, with an article in today’s Washington Post about the rapid spread of license plate readers:

When stored over time, the collected data can be used instantaneously or can help with complex analysis, such as whether a car appears to have been followed by another car or if cars are traveling in a convoy. Police also have begun using them as a tool to prevent crime. By positioning them in nightclub parking lots, for example, police can collect information about who is there. If members of rival gangs appear at a club, police can send patrol cars there to squelch any flare-ups before they turn violent. After a crime, police can gather a list of potential witnesses in seconds. … Arlington police cars equipped with the readers regularly drive through the parking garage at the Pentagon City mall looking for stolen cars, checking hundreds of them in a matter of minutes as they cruise up and down the aisles.

At the same time that license plate readers are spreading across the landscape, companies like Google and Apple are investing heavily in location-based services for smartphones.  As a result, we’re rapidly losing any expectation that our location is private.  These fast-moving technologies make the technique at issue in Jones – whether law enforcement can physically attach a GPS tracking device to a suspect’s car – seem almost antediluvian.

Recall the moment that many journalists treated as the critical coup de grace for the government in Jones. Pressing the SG’s office about GPS tracking of Supreme Court Justices, Chief Justice Roberts asked, “So your answer is yes, you could tomorrow decide that you put a GPS device on every one of our cars, follow us for a month; no problem under the Constitution?” Many reporters and lawyers thought that this question was a killer for the government, likely hoping that the Court will ride to privacy’s rescue and  impose constitutional constraints on such tracking.

That may be so, but what the Court says about location privacy in Jones is not likely to stand the test of time. It’s as caught in the present moment as Adele’s “Someone Like You” – and a little less likely to endure. If the case had come up ten years ago, the Court, unthreatened by the location revolution, would likely have accepted the SG’s answer -- that the FBI could physically follow the Justices’ movements in public without causing a constitutional concern, and a GPS device shouldn’t be viewed differently. And if the case came up ten years from now, the SG would answer, “Chief Justice Roberts, we don’t need to attach a GPS device to your car.  We can already track its movements with no warrant in a license plate database that is always getting bigger and more effective.  And we already have subpoena access to the third party location-based service providers that you all authorized when you activated your smart phones. Hell, soon, those services are going to merge.  People will mount dirt-cheap cloud-connected license-plate reading cameras on their cars as protection against a hit-and-run or road-rage attack -- or to help the police find a kidnapper. No one is going to expect privacy in their car’s location then.”

In 2021, I predict, thirty-somethings will snuggle nostalgically to “Someone Like You,” and reminisce about the days when their parents didn’t know where they were – while smugly congratulating themselves that their kids will never be able to do the same to them.

And if the Court imposes constitutional restrictions on GPS tracking in Jones? What will be the ruling’s fate in 2021?  It seems to me that the debate is going to end in one of two ways.  Either constitutional restrictions on GPS devices will become a forgotten corner of the law, as law enforcement moves to newer location tracking techniques, or the Court will begin a campaign it cannot win – trying to regulate a host of location technologies in a vain effort to preserve twentieth century notions of privacy.

That's where dumb privacy law comes from.

 

Photo credits:  Thanks to Francis Storr in Flickr and to Amazon.co.uk

Finding Fault with the Stop Online Piracy Act

Once again, Congress is being asked to make bad rules that will hurt network security, but this time the blame doesn't fall on the privacy lobby.  This time the booby prize goes to the intellectual property lobby.

Below is an op-ed I wrote for Politico this week on the security consequences of the copyright enforcement bills now on the Hill -- PROTECT IP and the Stop Online Piracy Act.  As it happens, the House Judiciary Committee held a hearing on the proposal on Wednesday, when the op-ed appeared, and some of the questioning turned on my op-ed.  Indeed, I gather that it contributed to an unexpectedly ragged performance from Hollywood's normally smooth witnesses.

Unfortunately, the Politico article was posted behind a paywall.  That's pretty ironic for an op-ed questioning the value of over-enforcing the copyright laws. So I'm posting it here, too:

Everyone knows that internet security is bad and getting worse.  Recognizing the problem, Congress is hard at work on cybersecurity, with a number of bills on the table.  Ironically, at the very same time, Congress is getting ready to pass a copyright enforcement bill that could kill our best hope for actually securing the internet.

How did that happen?  Let’s start with the internet, where fake websites cost users millions of dollars in fraud losses every year.  Unless we find a better system for locking down website identities, this and other forms of online crime will continue to skyrocket.

It turns out that internet engineers have already designed a system to solve this problem -- a set of technical rules that go by the unlovely name of DNSSEC. Under these rules, an Internet website will be given identification credentials by the same company that registers its Internet name.  Thus, when Citibank claims the domain name citibank.com, the registry who issues the name will at the same time lock that name to a particular Internet address. From then on, anyone who types “citibank.com” into his browser will be sent to one and only one Internet address.  Under the new system, the browser simply will not take the user to a site that isn’t verified by Citibank’s unique credentials.

That’s protection that the people who bank online need today. 

Why don’t they have it?  Two reasons.  The first is friction.  Moving to the new rules won’t be free.  It will require a lot of work by browser companies, internet service providers, domain registries, and others – many of whom may never get any direct benefit from the change.  Naturally, these companies are a little slow to spend money that just makes the internet overall safer; that’s the tragedy of the commons.  But as the need for security becomes obvious to all, we’re slowly overcoming that friction, thanks in part to the leadership of my old agency, the Department of Homeland Security, in getting government to adopt the new procedures.

The second problem is new. It is Hollywood’s desperate desire to keep foreign websites from delivering pirated movies and music to American computers.  To do that, the movie industry wants a law that will require internet service providers block their customers from going to those sites.  Instead, the users are supposed to be sent to a site that warns them against copyright infringement.

 Hollywood has sold that idea to Congress, and bills are now moving through both houses to impose this “block and redirect” obligation on internet service providers.  And they’re moving fast. The Senate bill is out of committee, while the House judiciary committee is holding hearings on a similar bill this week.

 This is far faster than Congress’s cybersecurity effort, and it runs directly counter to that effort. Because “block and redirect” is exactly what crooks are doing today to bank customers.  If the bills become law, the security system won’t be able to tell the difference between sites that have been blocked by law and those that have been sabotaged by hackers. Indeed, it isn’t hard to imagine crooks redirecting users to sites that say, “You were redirected here because the site you asked for has violated copyright,” while at the same time planting malware on the user’s computer. 

 What’s more, the bill will likely break the fragile consensus that my former agency, the Department of Homeland Security, has spent years helping to build around the switch to DNSSEC.  If the bill passes, practically everyone who needs to make changes to implement DNSSEC will instead be on the phone to their lawyers, asking whether they will be sued for adopting a security technology that makes the mandated “block and redirect” system even more difficult. 

If “block and redirect” could stop Hollywood’s bleeding, perhaps a case could be made for undermining everyone’s security in order to protect the studios’ intellectual property. But it won’t stop the bleeding.  Even today, if someone is blocked and redirected away from his favorite pirate website, he can find many simple ways to defeat the block. He can paste his favorite pirate website’s number (rather than its name) into the address box on his browser.  Or he can simply tell his computer to look up the site’s address on a Canadian server instead of an American one.

Passing this bill will make Hollywood feel better, and richer. 

For about a minute. 

It will leave the rest of us hurting and poorer for years.

 

Privacy Victims by the Million: Law Turns Parents and Children into Liars … and Criminals?

A recent report by Danah Boyd and others reveals that turning parents and children into liars is a principal effect of the Children’s Online Privacy Protection Act, or COPPA.  According to Consumer Reports, 7.5 million kids under 13 have joined Facebook. Since Facebook prohibits kids of that age from the service, that’s 7.5 million children who lied in the signup process.  And most of them got help in telling the lie from their parents.  According to Boyd’s study, the vast majority of parents were aware that their children joined Facebook before reaching 13; in fact, more than two-thirds of these parents helped their under-age kids join. 

That’s a lot of lying.

COPPA more or less forces Facebook into excluding thirteen-year-olds.  The law and the FTC regs implementing it set stringent limits on the kinds of information that web services can collect from kids under 13 in the absence of “verifiable parental consent.” Obtaining verifiable consent requires mail, fax, phone calls, or credit card numbers; email is allowed only if accompanied by a cryptographically secure digital signature. It is quite deliberately a hassle.  And once the consent is received, the service is charged with knowledge that the customer is a child, which triggers special legal protections and limits, not to mention FTC and state attorney general oversight. 

All in all, unless you’re running a site focused exclusively on preteens, you’d be crazy to let them join.  Facebook isn’t crazy.  It excludes children.  But staying off Facebook isn’t really an option for kids with a social life, or grandparents for that matter. So the real effect of the law and Facebook’s policy is to force children and their parents to lie about the child’s age.

Teaching kids to lie isn’t exactly a government policy to be proud of.  But federal law has another unintended legal consequence in store for those parents and kids.  As Orin Kerr and I have pointed out, Facebook users who violate the site’s terms of service also violate the Computer Fraud and Abuse Act, at least according to the Justice Department. Which would make every one of those parents and children guilty of a federal misdemeanor.

By my count, that’s well over ten million misdemeanors, not to mention ten million privacy victims.

Now, you might ask, “Who the hell is the government to take away the decision whether my kids can join Facebook?”  Actually, most parents feel exactly this way.  When the study asked them who should have the final say about whether or not their child should be able to use online services, 93% chose the parents, 3% opted for the company providing the service, 2% chose the government, and  2% would leave the decision to the child.

So how did we end up with an online regime that is this intrusive, stupid, and unpopular? 

It wasn’t easy.  It took a lot of lobbying, and the story may help explain why we have so many stupid privacy rules.

First, in the 1990s, when parents and children were just beginning to go online, no one knew what that would be like.  There was a lot of free-floating anxiety.   By the late 1990s, the Federal Trade Commission and groups like the Consumer Federation of America were maneuvering to focus that anxiety on fear that evil websites would extract information from trusting youngsters without parental knowledge.  My guess is that the Commission and the consumer groups wanted an overarching online privacy law, and they thought that a law focusing on children’s privacy would be a good first step. 

The FTC released a study in 1998 that painted the online industry in dark colors:

The results with respect to the collection of information from children are … troubling. Eighty-nine percent of children's sites surveyed collect personal information from children. While 54% of children's sites provide some form of disclosure of their information practices, few sites take any steps to provide for meaningful parental involvement in the process. Only 23% of sites even tell children to seek parental permission before providing personal information, fewer still (7%) say they will notify parents of their information practices, and less than 10% provide for parental control over the collection and/or use of information from children. The Commission's examination of industry guidelines and actual online practices reveals that effective industry self-regulation with respect to the online collection, use, and dissemination of personal information has not yet taken hold.

Later, in testifying before Congress, the FTC highlighted a few extreme examples:

One child-directed site collected personal information, such as a child's full name, postal address, e-mail address, gender, and age. The site also asked a child extensive personal questions about financial information, such as whether a child previously had received gifts in the form of stocks, cash, savings bonds, mutual funds, or certificates of deposit; who had given a child these gifts; and whether a child had put monetary gifts into mutual funds, stocks or bonds. The site also asked for family financial information including whether a child's parents owned mutual funds. Apparently in exchange for providing this information, a child was entered into a contest. Elsewhere on the Web site, contest winners' full names, age, city, state, and zip code were posted.

Another child-directed site collected personal information to register a child for a chat room. The information included a child's full name, e-mail address, city, state, gender, age, and hobbies. The Web site had a lotto contest that asked for a child's full name and e-mail address. Lotto contest winners' full names were posted on the site. For children who wished to find an electronic pen pal, the site offered a bulletin board service that posted messages, including children's e-mail addresses. While the Web site said it asked children to post messages if they were looking for a pen pal, in fact anyone of any age could visit this bulletin board and use the Web site information directly to contact a child.

Those examples would have a lot less power today, partly because the gathering of online data doesn't seem as alien or scary as it did in 1998.  We've given our email addresses to a lot of sites without being stalked by predators.  We also know that there are practical limits on web services data collection and usage. Sites that ask kids for too much information are unlikely to prosper because, as Boyd’s study shows, parents play a pretty big role in their preteens’ decision to join a service. 

But in 1998 the FTC's stories were seen as disturbing portents of a dystopian future. And how could we head off this future?  Not to worry; the FTC also had a solution.  Casting itself as a vigilant defender of parental rights, the Commission told Congress that the solution was – what else? – an expansion of Commission authority over online privacy practices: "As a result of our activities over the past three years, the Commission has developed significant expertise regarding children's privacy. … The Commission strongly supports the approach adopted in this legislation."

The bill was enacted later that year.

Where were the privacy groups while this was going on?  On the case, sort of.  The Center for Democracy and Technology testified in favor of the overall bill, but it wanted changes to give parents even less knowledge about their kids’ online activities; it asked (with some success) for modification of provisions that would have given parents access to any information their child provided to a website and alerted them when the child gave his email address to a website. 

If you were a parent in 1998, you probably felt pretty good when you heard about COPPA’s passage.  You’d been told that it was going to protect your kids’ privacy by empowering you. But in fact, it mainly empowered a government agency to decide what your kids can do online.  And the privacy groups you thought were on your side?  They were more interested in protecting your kids from, well, you.

This isn’t just history.  The story of COPPA is by and large the story of most privacy legislation: a new technology emerges, followed by a “privacy panic” over how it might be misused (often engineered by interested agencies and privacy groups), followed by hasty legislation with large-scale unintended consequences -- and, soon, a new class of privacy victims.

If I were a libertarian, I’d be particularly troubled by the FTC’s role in this drama. In the name of privacy and parental control, we let the FTC create a legal regime that expanded government’s authority over the Internet and took away parents’ ability to control their childrens’ online memberships, at least without lying.

And this weird mix of the authoritarian and the libertarian is not a bug unique to COPPA; it is a deliberate feature embraced by most of the privacy lobby whenever they talk about setting privacy rules for the private sector.  Considering how many supporters of privacy legislation tend to be dubious about government authority, it’s remarkable how often privacy legislation empowers some bureaucrat to regulate some part of the economy more aggressively. 

Photo credit: http://www.flickr.com/photos/joebehr/5130944038/sizes/o/in/photostream/

Well, that’s all right then

The British Commonwealth has endorsed an end to the traditional preference for sons over daughters in royal succession.  Said British Prime Minister David Cameron, "The idea that a younger son should become monarch instead of an elder daughter simply because he's a man … this way of thinking is at odds with the modern countries that we've all become.”

So, instead of letting its ruler be determined by an accident of biology, the UK will now choose its ruler based on … a different accident of biology.

Counterterrorism: Why President Obama Loves Travel Data as Much as He Loves Drones

Anyone who’s read Skating on Stilts knows I am a big believer in using travel data for counterterrorism purposes.  What’s more interesting is that the Obama administration has been just as enthusiastic.  Some of the reasons for its enthusiasm showed up in testimony to the House Homeland Security Committee last week, when the Department of Homeland Security released stories about its use of travel data that I had not seen before. 

Remember Faisal Shahzad, the Times Square bomber who was pulled off a plane at JFK as it was preparing to leave the country?  It turns out that travel data was his nemesis, helping DHS and the FBI track him at every turn:

  Early in this investigation, the Federal Bureau of Investigation (FBI) learned of Shahzad‘s cell phone number from a report shared by DHS.  The FBI ran the phone number in their ACS system and was able to connect it to the DHS report. Through good interagency cooperation, the FBI asked DHS if it had encountered any individual who reported this phone number during border crossings.  DHS searched its PNR database for the phone number, identified Shahzad, and learned other information he had provided to DHS.  DHS then provided the additional data to the FBI.  Later, Shahzad attempted to flee the United States, but DHS‘s analysis of departing passenger data identified him before departure and DHS removed him from the aircraft.

Najibullah Zazi was the guy who rented a truck and drove cross country to set off explosives in the New York City subway. It turns out we used travel data to identify the scope of the conspiracy and to interrogate him. According Indian news sources, Tom Bush, testifying for Customs and Border Protection, revealed that:

"Using PNR data, DHS and CBP worked closely with the FBI to crosswalk the names of his co-travelers against open counter-terrorism cases inside the United States and determined his co-travelers were being trained during the same trips to Pakistan in the same training camps. Zazi was arrested on September 19th, 2009, and the information from his PNR records were used in his questioning and his indictment. Zazi pled guilty in February 2010."

Particularly impressive was the use of travel data to identify David Headley, the American who did reconnaissance work for the Mumbai attacks

"Law enforcement intelligence information implicated a specific person in the plotting of a 2008 Mumbai attack, as well as the possible attacks against a Danish newspaper office. … Starting with a very common first name, David, a partial travel itinerary and a very vague travel timeframe, CBP was able to review its PNR data in connection with other DHS databases…. Within 24 hours, CBP was able to provide the FBI with the person's full name, address, passport number, travel history and other information useful to law enforcement pursuing him. You may know that person as David Headley, who pled guilty in March 2010."

In short, travel data has been crucial in keeping Americans alive during the ten years since 9/11.  And during the same decade, the European Union has been doing everything it can to cripple our use of travel data.  It’s forced four rounds of negotiation on privacy standards for travel data and then has blown up every deal it’s reached, always threatening to cut off the flow of data if the US doesn’t keep talking.

With that record, you’d be forgiven if you wondered whether Europe’s elite thinks it’s a good thing to keep Americans alive. 

Or maybe, with that record, you’d be forgiven if you stopped wondering.

Misadventures in Mustang

 Reposted below is the complete journal of Gordon and Stewart's trek through Mustang, Nepal, in chronological order.

The Royal Audience

It’s time for our audience with the raja.

There’s just one problem.

“What else can I wear?” I ask my son, Gordon.

I mean it literally. The raja and his remnant kingdom are tucked high in the Himalayas between Tibet and Nepal at an altitude of 12,000 feet and more. And with the shadows growing long, I am cold.

So, protocol can go hang. What I want to know is whether there are any more clothes I can put on before we meet the Raja of Lo. I'm wearing a watch cap, a rain jacket, cargo pants, and long underwear.  Not enough.  After walking four days to get to Lo Manthang, the kingdom's ancient capital, we’ve already got on all the clean clothes we brought with us. And most of the dirty ones.

I feel a little guilty. I spent nearly four years representing the United States in meetings with foreign officials -- meetings where it was a major faux pas to wear the wrong lapel pin. The kingdom of Lo has can trace its roots to 1380; it has had a king about three times as long as the United States has had a president. And I am going to sit down with its king wearing dusty hiking shoes and a watch cap.

I am pretty sure our protocol officer wouldn’t have approved.

Our guide entered the room. “Quickly please!” he said. “The raja will see you now.” I rise to my feet and head down to the street, stopping only to tuck a small bottle of local whiskey into my pocket.

Saturday, May 14

The bus from Kathmandu to Pokhara bumps and squeals down the steep, winding grade. The high-pitched squeal of brakes is an annoyance, except when the road pitches down and we can see, too easily, over the road’s edge. Then, the wail of the brakes has a kind of comfort in it.

We are leaving behind the press and clamor of Kathmandu. Out on narrow terraces eked from steep hillsides, we see farmers harvesting corn, cutting down everything and carrying out bundles of corn stalks on their backs.

Hours later we arrive in Pokhara – a bustling little south Asian town at Annapurna’s feet. The next day, we are up early for the short flight around Annapurna to Jomsom.

 

Sunday, May 15

We arrive at 5:30 for a 6 am flight. At 6, nothing has happened. We're on Nepal time now. When it finally takes off a couple of hours later, the flight rises over some steep hills, turns right at the giant peak, then cruises up a steep valley, with mountains rising above us on both sides.

The plane doesn’t exactly descend to land in Jomsom. We just keep flying at more or less the same altitude until the airfield rises to meet us.

Jomsom was until recently the jumping off point for most treks into the ancient kingdom of Lo. The kingdom and the territory around it are now known as Mustang, and Mustang has long been restricted territory. Foreigners were barred until the 1990s, and even now a permit (and a hefty fee) is required to trek in Mustang. Jomsom is the administrative and governmental capital of the region.

Nepal’s officials check our permits for the Mustang restricted area. They also tell us to change our plans. Our entire trek was planned around a festival in Lo Manthang – a religious ceremony featuring indigenous music, dancing, masks and costumes. But it turns out to be a moveable feast, and the event has been moved back a couple of weeks. We can't postpone our trek at this point. We'll have to miss the festival. It’s like this morning’s flight, I think. If you’re on a timetable, you’re bound to be disappointed in Nepal. Rolling with the flow is the only path to contentment. And, on trips like this, nominal goals like the festival are in the end a kind of maguffin – the term Alfred Hitchcock used for the otherwise meaningless object that drives the plot.

Besides, we've got another maguffin. Three of them, actually. We’re carrying books and toys for three of Mustang’s schools. This is almost a tradition for us; when we hiked the Inca Trail to Machu Picchu in Peru, we brought a bunch of our kids' outgrown toys and helped a local group distribute them at a mountain schoolhouse. This time, I've gotten advice about local schools from the Alex Lowe Charitable Foundation. Our kids are grown, and their kids are too young to have castoff toys, so I've solicited contributions from friends and colleagues, who have loaded us up with 25 pounds of books and toys. We need to find the schools and drop off three loads as we work our way up the valley to Lo Manthang. Our first dropoff is in Kagbeni, at the end of today's hike.

Mustang is in the rainshadow of the Himalayas, with annual rainfall roughly equivalent to the Great Plains of North America. The mountain slopes are steep and arid but they do not drop into a V-shaped valley. Instead they stop abruptly at a wide flat expanse of gravel with a thin braided river – the Kali Gandaki – wandering among the rocks. The original valley floor must have filled with centuries of glacial runoff. Perhaps someday this will be a pastoral scene, with a river ambling back and forth through grassy meadows. But for now the valley holds nothing but softball-sized rocks from edge to edge. In this whole expanse, there is one tree and no grass. The valley must be filled with raging snowmelt each spring, stripping away any plants that have gained a foothold since the last flood.

Working up the valley, we cross the braided river a couple of times on wooden bridges cobbled together from random debris. Then our path rises to a new road clinging to the right side of the valley, just above the river bed. We start out at a brisk pace, but even with porters to carry much of the load, I’m soon sweating and lagging, losing ground whenever I stop to take a photo. It’s a short day, with little altitude gain, but we’re already at 2800 meters and not in hiking shape. I'm glad when, after an hour and a half of hiking, we come to a small village with a teahouse. We order sweet milky tea and rest.

Refreshed, another half an hour of walking brings us to Kagbeni. The lodge has a great glassed-in dining room overlooking the largest green patch for ten miles around – 4 acres of oats and barley that dip and wave in the constant wind like the sea. It’s mesmerizing.

Liesl Clark of the Foundation has told me to look up Kunga Tashi, who leads the School Board and runs the “Dancing Yak” Restaurant. Kunga turns out to be a strikingly young man with a passion for the school. He tells me that it has recently expanded and now takes boarders as young as four and as old as sixteen. Especially in the higher grades, almost all the kids who want an education must become boarders. There are only about six or seven schools beyond tenth grade, and they have to serve a nearly roadless region the size of West Virginia.

Thanks to foreign and Nepalese government assistance, the school charges nothing for tuition, room or board. The Foundation's contribution is an extremely well stocked library to which we'll be adding toys and some books and maps. The smallest kids are on break, and they come in to road-test the toys. The most immediate hit is a set of two blocks with half of a vehicle pictured on each face. If kids successfully pair the front and back end of the vehicle – a fire engine, say, or a motorcycle – they are rewarded with a sound that matches the vehicle.

I know just enough Nepali to communicate this concept to a gaggle of four-year olds. “G 
ood?” “No good?” I ask, pairing the fire engine with the motorcycle. “No good,” they shout. When I finally get it right, with their help, they are startled with delight at the fire engine's loud siren. Then each kid gets a chance to match a different vehicle and discover the sounds of success.

I am determined to get some play value from this toy because I had my doubts about bringing wooden toys, which are almost as heavy as they are politically correct. In the end, though, the weight was worth it. And the kids’ enthusiasm for the other toys – tinker toys, jigsaw puzzles, and a set of Dr. Seuss flash cards – made it feel like Christmas.

We get a tour of the school and plenty of tea. They have no computers for the kids. A Danish group had sent one a couple of years ago, but the mouse doesn’t work. At the suggestion of Liesl Clark, we've also collected laptops from friends and colleagues. These we've left with the Open Learning Exchange in Kathmandu, where they'll be refitted with Linux and some Nepali and English learning programs. Liesl asked that we not take the laptops themselves to the schools because the students and faculty will need training before the computers are actually used. Considering their weight, we're happy to oblige. In any event, the school doesn't now have table space or a free room to put computers in.

It’s building more, though. The young men at work on the new building clearly understand twenty-first century global fashion. They wear low-slung, gravity-defying pants and a variety of branded shirts. As an apparent concession to Kagbeni's constant wind, they have covered their faces, often with kerchiefs that make them look like train robbers or wannabe-anarchist WTO protesters. But their work methods are closer to the ninth century. To move a large pile of rocks fifteen feet, they form two lines and toss stones rhythmically from one worker to the next, bucket brigade style.

Leaving the school, we have time to explore Kagbeni. Women are daubing a mani wall in traditional colors made from local minerals. Mani walls hold a long string of prayer wheels. Passersby can walk to the left of the wall and turn the entire string of prayer wheels without breaking stride.

Signs of religious devotion are everywhere in Kagbeni. It is an ancient monastery town -- though it looks more like a fortress. And perhaps it was. Fortresses are established to protect valuable assets, and the most precious resource in this dry and vertical land is probably the 4 acres of flat and irrigated barley just outside our hostel. The Buddhist monastery here dates to the 1400’s and was once maintained by hundreds of monks who farmed land up and down the valley but could retreat to defend the fortified town in a time of war. Now, though, the monastery's population has dwindled to 40 – half of them students – plus a couple of remarkably large and mean guard dogs, who bark fiercely down from a rooftop that isn’t quite far enough above our heads.

The main worship room of the monastery shows telltale signs of the monastery's declining fortunes; much like an over-stretched British peer’s stately home, it mixes impressive art and history with cracked windows and tawdry modernizing touches, like the twisty fluorescent bulb that hangs down in front of a centuries-old statue of Buddha.

 

Monday, May 16

Today we’ll finally leave the vast gravelly bed of the Kali Gandaki river, climbing to 3,000 meters. We begin by dropping to the Kali Gandaki and crossing a few of its braided channels on makeshift wooden footbridges. The trail then takes us up onto hills and cliffs overlooking the river.

We set a blistering pace, bolstered by maximum strength ibuprofen. Sandstone rises on all sides, often as great cliffs. In a few places, manmade caves have been hacked from the sandstone, probably in the days when raiders marched regularly through the valley. The caves may once have been reached by steps and handholds carved from the rock, but these have long ago eroded away.

After a few hours, we stop for lunch at Chhusang, the last truly Nepali village along our route. From here we’ll climb away from the Kali Gandaki and into regions more influenced by Tibet's culture than Nepal’s.

Like all the villages, Chhusang's gardens have high walls to keep out wandering livestock. We walk next to a shallow stream that has been diverted to slab along the hillside and then drop to the walled gardens. There it irrigates a several-acres oasis -- startling green against a landscape that otherwise resembles the drier parts of Wyoming.

Crossing the Kali Gandaki for the last time on a metal foot bridge, we immediately begin climbing a slippery sand and gravel trail that wriggles chaotically up a steep slope – and marks the real boundary between Nepal and the ancient Tibetan kingdom of Lo.

The altitude makes itself felt now; we strain to breathe deeply enough to keep moving. After an unrelenting 15 minutes, we’ve raised our altitude two or three hundred meters and are entering Chelle, the first Tibetan village of the region.

Chelle too has the region's distinctive walled oases, dominated by stands of apple trees that look nothing like the apple trees of North America. The architecture of the town is distinctive too, and so is the atmosphere. There are far more animals; indeed, they share the town, and even the homes, with the human residents.

Cows, mules, and goats get the bottom floor of most homes, while people get the top floors. The homes feature an interior atrium, making it easy for the residents to keep an eye on their livestock. A roof closes off the atrium, often topped with glass or plastic to let in light. Otherwise, the roofs are flat, habitable spaces that add what amounts in this dry country to a third f loor. Thigh-high stacks of firewood act like balcony walls at the edge of the rooftops.

I ask whether residents burn the wood in the winter. No, I'm told. The wood is too valuable to burn.  If they need a fire, most residents burn twigs and cow dung.  These firewood parapets aren't about utility; they're about prestige.  Firewood is so rare and expensive that having a cord or two on top of your house is a status symbol -- and thus too precious to burn.

It’s noticeably colder here, and I wonder aloud how having an open atrium works in the long Himalayan winter. Turns out, many of the villagers drive their horses and marketable livestock south along the river, sell the livestock, pen the horses, and head to balmy Pokhara to get temporary jobs.

Lo in winter is a harsh land, with waist-deep snows. But it's just a 6-day walk to a balmy climate. Who wouldn't go if they could? It reminds me of all the wheat farmers in Manitoba who lock their barns and fly to Arizona for the winter.

With every square yard of farmland precious enough to tend by hand, and every animal a part of the family home, overpopulation is always a risk. There just isn't enough land to keep subdividing it foreach new generation. In response, I’m told, the Lo people have devised some remarkable cultural innovations.

In the old days, and perhaps even today, brothers might share not just a farm, but a wife. That way, the fields can be handed down from one set of brothers to a single set of descendants. Marrying two men to one woman didn’t produce an excess of old maids, locals say, because girls were often scarce. I don’t have the heart to ask why.

In any event, the gender mismatch might not last long. If a wife didn't produce an heir, her husbands were allowed to take a second wife; the alternative, not having another generation to inherit the fields, was unthinkable.

Finally, the last resort for sons and daughters who didn't inherit or find a mate with prospects was one that the second sons of European nobles would have recognized – organized religion. Unmarried men and women were sent to monasteries where they worked and held the land in common.

 

Tuesday, May 17

We start today by continuing the grim uphill that brought us into Chelle, but the trail soon levels off to something more reasonable. We pass a piece of heavy machinery working on the road. Lord only knows how they got it up the slope that so disheartened us, but it’s a reminder that this region won’t be accessible only to walkers much longer.

The Chinese have already built a good dirt road from the Tibetan border to well south of Lo Manthang, so that only the country we’re hiking today separates the Nepali and the Chinese roads.

The isolation tells. We are now deep in the last traditional Tibetan territory left in the world. Rams' skulls hang over doorways. At meals we are offered Tibetan bread (lightly fried, pita-like, and tasty) and Tibetan beer imported from the other side of the border. We pass people crushing rocks by hand to make the mineral dyes that color the mani walls and the gompas, or monasteries.

Stretching our day to 8 hours, we take several long slabbing trails in and out of side valleys, gaining altitude steadily until we hit 3700 meters. The trail is wide – probably to accommodate herds of goats and horses – but the dropoff is steep. Sidetrails lead to heart-stopping suspended footbridges.

We are suffering a little from altitude – on the uphill slopes, breathing itself feels like a chore. We’re stronger on this third day, but that doesn’t make the uphill sections easy.

Arriving at last in Ghiling, an hour past our original destination, we admire the monastery and hear that the monks are celebrating Buddha’s birthday. We head up.

In the main room of the temple, six or seven monks sit in two facing rows perhaps eight feet apart. A long thin table stands before each row of monks. Some of the monks are young boys of perhaps twelve;
others are mature men. One of the younger monks is reading a bit hesitantly from a piece of paper that has been folded so often it is coming apart in his hands. When he finishes, all the monks begin chanting. A worshipper makes the rounds, bowing to each monk and putting a few bills on a light scarf resting in front of the monk. The monk folds the scarf over the money and resumes chanting, throwing what look like small seeds in the air and ringing a bell at frequent intervals. The chanting reaches a climax with a sudden burst of drumming and horn playing – loud and dissonant to my ears. Then the chanting resumes.

A monk gives me a flashlight so I can see the pictures on each wall. They seem a weird mix of Buddhist and Hindu representations, very bright and well-executed. And well-preserved, if the inscription – 1797 – can be relied upon.

Tonight’s lodging is the most basic yet and the weather is colder, but we have beds and warm blankets. The toilet, however, does not bear further description.

 

 

Wednesday, May 18

We can hear the monks chanting as we get up, followed by children's voices. Apparently, the whole village begins its day at the gompa.

We begin ours with a soul-destroying haul out of the valley, past the villagers watering their horses and tending to their herd. It’s only a 300 meter climb, but the altitude requires a self-conscious deep breathing rhythm if I don’t want to stop every 20 steps. I may finally have to admit that Gordon can now out-hike me. He is keeping up with our guide while I consistently lag back a few yards or more.

When we get to the top we’re just over 4000 meters. We descend rapidly to Ghemi, where we have an early lunch. The scenery is beginning to change, opening out into big dry hills, a bit more watered than New Mexico or Utah but with the same broad vistas of a rolling country mixed with eroded sandstone in vivid yellow and orange.

As always in a country of irrigated oases, the last mile or two to the next village is downhill. We’ve got some toys and books for the school in this town, called Tsarang. We don’t know much more about it than the name of the headmaster, and at first our guide reports that it’s closed. But the tearoom proprietor recognizes the name and remembers Liesl Clark and her two kids. She calls the headmaster, Mr. Bista, and he shows us to the school.

Many of the teachers are nuns, or anis, and the students can become monks or nuns if they have a calling, says the headmaster. The Ani School, as it’s called is far more basic than the school in Kagbeni. The kitchen is a simple stove and a few pots. Classrooms have nothing but blackboards and benches for sitting and for writing. The school does have an impressive solar electrical system but no way to store power, so anything requiring electricity needs to be done while the sun shines. The school also has one pretty new desktop computer (though a laptop would have been better given the power setup); the headmaster confessed that he knew nothing of the computer or what software it runs.

In contrast to the extremely basic facilities elsewhere, the library is spectacular – a big room with floor to ceiling bookshelves filled with Tibetan, Napal, and English works. Many US elementary schools have no better.

We hand over our maps and books, and I set to work on an enormous inflatable globe donated by a partner who asked only for photos of me blowing the damn thing up at altitude. An odd mix of generosity and cruelty, I thought, but he’ll get his photo.

The kids descend on the toys, paying special attention to a toy I had my doubts about – a felt house with felt furnishings that can be stuck to the house – felt chairs, felt tables, plus toilets, cats, dogs, bathtubs, clothes for the Mother and Father, and on and on, a cornucopia of felt goods that look grotesquely excessive in this simple school.

Many of the items are clearly not familiar household items in Tsarang. (I doubt most of these kids have used a sit-down toilet in their lives.) But the teacher uses the toy as a horizon-broadening device, describing each item as she helps the kids place it in the felt home. Mostly this works. But her explanation for the bubble-bath foam that goes with the bathtub is greeted with a mix of merriment and disbelief.

 

Thursday, May 19

Hard beds make for a bad night. On the whole, the room beds have been fine – narrow cots with a very firm foam mattress. More disturbing is the lack of sheets and pillowcases. The pillows (also very firm, bordering on unyielding) have permanent looking cases covered with embroidered designs – too fancy to change every day or even every week. Ditto for the blankets. As I lay awake last night listening to an indefatigable barking dog, just the barest hint in the air left me convinced that some traveler has thrown up on my blanket -- and that washing it in cold water wasn’t quite good enough.

Today’s hike is a sprint to Lo Manthang. We mostly follow the new Chinese road, which climbs steadily without the steepness of a footpath.

We walk for a time with a European aid official. The official was pleasant and clearly loved Nepal. But the official reminded me again that our aid programs have a kind of moral vanity at their heart, as rich nations pay poor ones to do things we wish we were doing. This official bemoaned the Chinese road, not just as hegemony (“The Chinese are imposing their goods on Mustang”), but for the change it will surely bring (‘they insist on making the same mistakes as us”).

I, too, will be sad when the road breaks through the last few kilometers to Chelle, and goods and people begin moving swiftly throughout Mustang. When that happens, hiking from in Mustang will become a choice, a form of recreation, and not simply the only way to see the country. Plus, the traffic will make the trip nasty and dangerous for walkers.

But I know that is simply an aesthetic preference, and one that it would shameful to impose on people who measure their net worth in cords of firewood. What kind of aid program, I wondered, do you get from countries whose officials believe that roads are a “mistake” for less developed countries? Apparently a lot of very well engineered footbridges, to hear what this official was proudest of. Maybe suspension footbridges are a good idea, but there is a whiff of patronization in such a gift: “We'll help you walk, but don't ask us to help you drive!”

Four hours of concentrated hiking brings us at last to Lo Manthang. This walled city was once the seat of an independent kingdom. The king and the kingdom were Tibetan in culture, but they also had close ties to Nepal. The Loba, or Lo people, spent several centuries exploiting the low pass that leads to Tibet, trading salt from India for crops and animals from the Tibetan plateau. The ruling dynasty has been a dependency of Nepal for a century or more. The current raja of Lo retained some autonomy until the 1990s, when he accepted the rank of Colonel in Nepal’s army in exchange for more complete integration into Nepal’s government. Then, in 2008, when Nepal's royal family abdicated and Maoists joined Nepal’s government, the last vestiges of the Kingdom of Lo were also abolished. The raja, born in 1933, still lives in Lo Manthang and mediates local disputes, but he has no formal authority.

The raja met with the first few visitors allowed into Manthang in the 1990s, and their accounts of the meetings are quite charming. We discover that the raja still grants audiences to trekkers. It is necessary to buy an admission ticket for the palace, a great hulk in the center of town, and to bring a traditional scarf or prayer flag.

And one more thing, says our guide. It would be good to bring him a present.

Hmm. This is complicated. I am not carrying a lot of extra gear suitable for a gift.

“Would he like a toy?” I ask.

Not likely, I'm told. But a bottle of whiskey would not be amiss. Perhaps that’s when doubts about this audience began to creep in.

But still. I’ve never been received by royalty before. This could be exciting. I dust off the talent for pleasant chats with foreign officials that I once had to draw on every week while in government. Will he speak English, I wonder, or will we have to wait for translation? What is the proper protocol for introducing Gordon, for entering the audience room? What about photographs? I have no protocol officer to advise me; I'm going to have to improvise. And then
there’s my clothes. It’s too cold to wear anything less, but I’m pretty sure that dusty boots and a watch cap aren’t the usual attire for royal audiences in other parts of the world.

Meanwhile, we have time to explore the city. The walls are impressive – twenty feet high, with watchtowers that are even higher. And they would have to be, becau
se apart from a steepish hillside below one wall, Lo Manthang has no natural defenses to work with – no cliffs, riverbanks and the like. There’s a river at the foot of the hillside – or at least a creek, because without irrigation there would be no agriculture and no city in this vast dry land. A tiny tributary runs right into the city, but there’s little room for agriculture within the walls.
Instead, Lo Manthang is a warren of high homes in the traditional layout – animals on the ground floor, living quarters above, and a flat roof for working in the sun.

Temples are everywhere, along with monks, who support a large monastery here. Outside the palace, there's a square where people congregate to watch the tourists, to spin prayer wheels, and to chat. This is where the residents will hold the Tiji festival in a couple of weeks.

A light rain is falling, but it cannot drive the villagers away. As in many other parts of Mustang, the heart of social life here is the public faucet, where women gather to wash pots, clothes and themselves. Everyone is friendly, and only a few are importunately selling souvenirs. Walking the alleys of Lo Manthang, I understand the spell that Nepal casts on Westerners. Almost all of the residents are dignified and friendly. There’s isn't the whiff of predation that often taints encounters with the locals in poor countries. Even the salesmen take no for an answer. And, after two toy distribution sessions, what impresses me most about the c
hildren is their discipline and cooperation. Not one child has grabbed a toy to play with alone. They take great care to handle the new toys cautiously and to share them with others.

Our guide enters the room. “Quickly please!” he says. “The raja will see you now.”

We assemble in front of the palace and a young woman gestures us up the stairs. It's the biggest building in Lo Manthang, but it doesn’t look much like a palace. What it does look like is a major reconstruction project that was halted halfway through, with piles of dirt and abandoned planks lying about in lightless gloom. The stairs are bare planks, rising like a ladder laid against a house. You really need a handrail. There is one, but it's simply a rounded strip of wood nailed to the stairs themselves. Surprisingly, that works fine, because the stairs rise so steeply that two or three steps bring the handrail to waist level. We climb two levels in the gloom. It's a five-story palace, and it occur

s to me that perhaps the bottom two floors have been reserved for livestock, following a traditional Tibetan layout.

Sure enough, after climbing through the dark, we at last come to a living area, where an open atrium lets in light from the roof. We head up a third set of stairs. I’ve just seen a few people walk down these steps; they bent an inch or more when stepped on, so I try to stay close to the handrail.

Assembling at the top of the stairs, we are at last given a quick protocol lesson. Hold your scarf draped over both hands, and extend them to the king when you are presented. He will put it over your head, we’re instructed.

We enter the audience room. It has a dusty charm – good rugs, plenty of wooden furniture, and many pictures and other decorations on the wall. I approach the king. He is an old man seated on a comfortable bench.

Best of all, he’s wearing a watch cap and dusty boots.

We line up, scarves are placed over our heads, and we sit for a cup of tea. I put my bottle of whiskey on a table beside the king. He beams at me.

We sit, silent. The king occasionally looks over at us, but he obviously feels no need to make small talk. OK, I think, time to call on my rusty diplomatic chit-chat.

I open with praise for Mustang. It is translated. He gives me another smile. I introduce Gordon. Another smile, but less wattage. It’s becoming clear that small talk from visitors is not especially welcome. Instead, we’re told that when we’re finished our tea, we can kneel beside the king for a photo. We chug our tea and kneel for photos. The audience is over.

We make our way down the rickety stairs. The handrails are more necessary but less visible on the way down. We must go slowly, feeling for each step. When we get to the construction zone, my suspicions about livestock are confirmed. From the shadows, a mastiff begins barking. He’s savage, and determined to get at the intruders. Holes in the palace wall provide just enough light to see him in profile, straining against a chain and kicking up dust as he lunges at us. Taking the steep steps slowly and carefully becomes less of a priority. Half walking, half sliding, we burst through the palace door and tumble into the street.

 

Friday, May 20

Today and tomorrow, instead of moving on, we will make Lo Manthang our base for day trips. Today we rent a horse to get to Choser, a small village about an hour or two from town and the site of the third and last school where we’re dropping off books and toys.

It's an Asian mountain horse – a pony, really. I could walk alongside him with my arm slung companionably over his back. Horses in Mustang are guided largely by the grunts and whistles and shushes of their herdsmen. They're mainly used as pack animals, and using verbal cues lets a single herdsman guide the whole pack train from behind on the mountain trails.

Leaving the walled city, we move through dust as fine as talc. It rises in great clouds as we walk. The villages all have a rhythm. In the morning as we’re leaving, herdsmen are dr

iving their livestock out of the village and up to the hills where there is a bit of grass. Bells on cows and horses ring as they pass. Herds of goats also move toward the hills, the kids jumping on every wall they pass through the villages, dancing with enthusiasm.

One reason this region was closed to foreigners until the 1990s was its role as a center of armed resistance when China invaded Tibet. Not all Tibetans met the invaders with spirituality and passive resistance. The Khampas were a Tibetan tribe that fought back. Famous and feared as warriors, they wore their hair long and fought China for decades after the 1950 invasion, raiding from refuges across the border in Nepal. Mustang was one of their principal staging areas because it had such a low pass into Tibet. I discover that the CIA supported the Khampa warriors, even flying some to Colorado for advanced training. CIA support for the insurgents gradually diminished, ending for good in the early 1970s. Not much later, the Nepalese government, likely under heavy pressure from China, forced the Khampas to disarm.

After that experience, it is no surprise that the Chinese have built a road across their border and into the heart of Mustang. They want to be sure that they can respond in force if guerrilla war ever returns to the region. Meanwhile the road makes it easy for Chinese officials to visit Lo Manthang. As we hike along the road, a convoy of late-model SUVs suddenly rounds the turn and heads toward us at high speed. We scramble out of the way as the cars, two white and two black, splash through a stream and past us.

The Nepalese tell me not to get too close to the Mustang-Tibet border. “Local people can cross there. They’re known,” says one, “but if we Nepalese go there, maybe they’ll arrest us, torture us. We don’t know.”

The third school is a public boarding school for the district. It serves 120 students. Students spend 8 months of the year in Choser, but in winter the whole school transfers to Pokhara; it’s just too cold to stay in Mustang.

The Chinese government, evidently on a charm offensive here, has paid for the construction of a science lab that’s still being completed. It contains a large multipurpose room with twenty Compaq laptops running Windows 7. The school also boasts a large array of solar power panels to power the place. The library, though, is the least impressive we’ve seen.

We end the afternoon with a visit to caves built into local cliffs. Window holes poked through the rock wall expand into interlocking rooms that extend deep into the cliff. The rooms rise five stories high, one level linked to the next by crude ladders or carved foot-holds. Moving from one room to another sometimes means jumping over holes that lead to the level below. The ceilings are stained shiny black with soot from 2500 years of fires.

This is where local villagers used to hide out when raiding parties from Tibet or Nepal rode through the valley. The only problem was that if the raiders settled down for a siege, they could cut off the defenders' water. Once, the story goes, besieged cavedwellers had almost run out of water; desperate, some of them poured mustard oil over their heads and leaned out of the windows, dripping wet, to mock the invaders. Convinced that the villagers had plenty of water and that the siege had failed, the raiders moved on.

Today, the villagers are building an irrigation terrace at the foot of the caves. Everything must be done by hand. Men and women use picks to pull earth from the uphill side of the terrace. They shovel the loose earth onto stiff, flattened animal hides; other women drag the hides across the terrace and dump it on the downhill slope, extending the terrace by perhaps an inch or two. I think that they’ve probably been using the same techniques for the last 2500 years.

 

Saturday, May 21

 

After breakfast, we head up the valley, me riding, Gordon walking. We’re making for a gompa on a hill a few miles to the north. When we arrive, the gompa is locked. It looks down at heels, and finding the custodian takes so long that we nearly leave. When he does come panting up the trail from the village, though, the custodian proves to be a young, chatty fellow who is full of information. Not himself a monk, he nonetheless provides a detailed tour of the gompa's ceremonial hall. It has extensive murals, a wall of religious texts in special containers, and a host of musical instruments. In winter, he says, every village family but one heads for lower and warmer ground, along with most of the monks. He stayed this winter, enduring waist-high snows and bitter cold, shoveling snow off the gompa roof so no water could seep in to wreck the murals. It occurs to me that someone must have done this every winter for centuries to preserve the murals he's just shown me.

If you have to stay the winter, he says, it's better not to be a monk. The villagers who stay can eat their animals to keep up their strength. The monks are vegetarians, and vegetables aren’t easy to find in Mustang in winter. But the monks who stay through the winter have to live on potatoes they've buried in the dirt during the summer. True, they have a greenhouse to speed the arrival of summer vegetables, but it's late May now, and there are no new crops; the monks are still digging up last year's potatoes.

He takes us outside and points at the border with China – a series of low hills no different from those we’ve crossed many times already. No wonder the traders -- and the Khampas – were fond of Mustang. And no wonder the Chinese are working so hard to extend their influence here. The custodian tells us that the Chinese distributed food to all the villagers this winter. Despite the largess, he remains skeptical of their motives. Nepal has no troops on the border, he notes, while China has many. Nepalese crossing into China need to get permission for every trip, he adds, but Chinese officials cross the border at will, with no permission that he’s aware of. He confirms that the caravan we saw yesterday was Chinese.

In a nearby village a home is under construction. All of the houses we encounter seem to be built in the same general way. Even the modern materials incorporated into the houses follow a traditional pattern.

By far the most common building materials are sundried mud bricks, perhaps one foot long and six inches square. They can’t be kiln-dried because firewood is too scarce. So vacant fields are regularly filled with rows of bricks curing in the sun. They look like post-modern war memorials.

What wood is available is used mainly to frame doors and windows and to construct the higher floors. In the first floor, it looks as though stones surmounted by mud bricks make up the walls, although mud seems like a dubious load bearer.

For higher floors, poles are set in the ground to support large rafter-type horizontal poles. Across these main rafters are laid a series of lesser poles at two-foot intervals. These are then spanned by one-or-two-inch wooden strips. Atop the strips is hay impregnated with mud. At the end of the day, the houses are sticks and mud, and I realize that, without careful upkeep, all of this -- walls, buildings, whole gompas -- will melt back into the landscape. In fact, many of the hilltops carry ruins that are halfway through the transition from buildings to eroded mounds of dirt.

 

 

 

Monday May 23

Four hours of hard hiking with few stops takes us to Shyangmochen. We are back on the same trail we took on the way in, and we’re staying in the tearoom where we had lunch on our way to Gheling.

It seems a lot softer and more civilized on the way out than it did when we stopped for lunch so many days ago It has a hot water shower that actually gets above tepid (though the air temperature makes it a challenge not to lose all the warmth of the shower and then some while drying and dressing.) The lunch table is set up directly beneath a traditional Mustang skylight. There are electric lights and even a couple of power outlets. The beds and pillows have sheets and pillow cases. Really, it’s practically the Ritz.

Perhaps energized by the slightly lower altitude and the half day of hiking, I decide it’s time to wash a bunch of clothes. The village’s washing is done at the community tap, fed in an endless stream that flows out of the irrigation system. And back into it, for that matter, since any water that flows from the tap is recaptured for the crops downhill.

I share the tap with several women who are obviously better at this than I. They bring big metal bowls that they fill with soap, clothes, and water, working up an impressive lather while I’m rubbing a bit of hand soap into my clothes, one sock at a time. It doesn’t take long for me to learn what seems to be a universal female phrase for, “If you’re done messing about in a typically useless male way, would you reconnect the hose so we can get about our business?” I also learn not to stand about downwind of the tap when they’re vigorously rinsing.

The best part of doing the wash is the drying. The afternoon wind is again hitting 50 mph and the sun is out. I hang the wet clothes on a metal wire clothesline. It’s very satisfying when hiking to have reasonable confidence that in the morning your clothes will be not just cleanish but that you won’t be putting them on wet, which tends to take the joy out of clean clothes.

 

Tuesday, May 24

Today we are retracing our original path, making the long descent to Chelle, the last of the “Tibetan” villages along the trail.

We pass the same road construction machinery that blocked our path on the way up. The road builders have made visible progress since we passed this way last week. I have new appreciation for the difficulties the road builders will face. Finding a way for cars and trucks to navigate those grueling staircases won’t be easy. But with enough blasting powder, the road will get through, even if flash floods and rockfalls occasionally cut the road during wet seasons. And that will make an enormous difference in Mustang’s culture. We were privileged to see it before the trucks start grinding through the villages, bringing cheap beer, wifi hotspots, and HIV.

Back in Chelle, the teahouse that we had to ourselves last week is now packed. More than a dozen French trekkers are using the adjacent campground and enlivening the common rooms. Germans, New Zealanders, and others have taken over the remaining rooms. They are all bound for the Tiji festival in Lo Manthang.

All day on this leg we’ve met party after party hustling toward Lo Manthang for the same reason. I’m sorry we missed the festival, but in the end I suspect it’s a bit like our audience with the king – a maguffin, more exciting in prospect than in reality. And it turns out that by missing the festival we earned a bonus -- walking to Lo Manthang alone, scarcely seeing one foreigner a day, even after we stopped for the night. These trekkers will never be alone. They’ll be passing and repassing each other every day, queuing with each other outside the latrines, and straining Lo Manthang to the bursting point when they arrive.

To our eyes, the mass of festival trekkers on this leg looks like a freak – completely out of proportion to normal travel levels before or after the Tiji crowd. The Tiji bulge resembles a pig making its way through a python, or a baby boom making its way through a nation’s demography. But the Tiji trekkers, like the boomers, won’t see it that way. The crowds and the queues will be their normal, never changing as they move up the valley. They won’t realize how rare it was to meet other hikers on the trail just a few days on either side of the trek they took.

We’ve been looking for a chance to play carom, a game that we’ve seen porters playing all along the trail. Carom resembles pool, if pool were played with poker chips on a table about 3 feet square, with a raised lip and a hole in each corner. In the middle of the table are eleven poker chips. Each player has an outsized chip that he flicks at the other chips. The object is to be the first to drop your 5 chips and then the “queen” into the corner holes. A crack pool player, Gordon has deduced the rules.

Now we’ve found a carom joint that is willing to let us try our hand. When the raucous Nepali game ends, a few observers linger to watch the Westerners make a hash of their game. Accurately flicking a chip at a target turns out to be remarkably difficult. By luck, I get one chip almost on the lip of a hole across the table from me. Then I waste ten turns just trying to hit the damn thing, and when I do, it moves further from the hole. Gordon is better, but only at the theory. He understands the angles and possibilities better than I do, but his execution is just as bad. We battle to a tie, with each having a single chip, plus the crucial red queen, on the board. By then, all observers have drifted away in disgust, unable to extract even comic relief from our efforts. At that point it was safe for me to let Gordon win. That’s my story, anyway, and nothing will shake it; there were no witnesses.

 

Wednesday, May 25

We are leaving the last of Tibet behind today, descending from Chelle to the floor of the Kali Gandaki. To extract the maximum up-country time from our territory permit, we’ve left ourselves a single day to get to Kagbeni from Chelle – a hike that took two days on the way in.

It is a demanding day, in part because our guide wants to get as much hiking in before noon, when the winds will surely be raging up the river valley. So we plough on with only a couple of occasional five-minute stops at the top of steep climbs. The good news is that I can feel the altitude change. My legs get as tired as ever, but the sense that every step requires a special breathing rhythm is gone. Even on the steepest uphills, running out of breath is rare. Other symptoms, such as a hacking cough, also recede as we drop below 3000 meters for the first time in a week.

The Kali Gandaki remains as remarkable as ever. The valley floor is so flat and barren that it looks almost like a reservoir of stones -- as though a dam had been constructed downstream and the gravel and rocks had somehow floated to the top. This is more or less what environmentalists tell us will eventually happen to Lake Powell and other big hydropower lakes; they’ll fill with debris. I’m sure that they’re right to tell us how terrible that will be, but if the floor of the Kali Gandaki is any guide, it will also produce some dramatic landscapes.

Toward the end of the day, we drop to the floor of the Kali Gandaki. It is not as flat as it looks from a distance. Rocks slip under our feet with each step, and old channels, now dry, make the footing unpredictable. Worse, the bridge we used to cross the river has washed away. We have a choice – wade or climb back to the road running high along the valley wall,

By now, I’m damned if we’ll climb these cliffs one more time. The water is swift but not deep, perhaps a bit above our knees. With poles, that’s usually safe, though pushing things if the current is very strong.

The standard Western stream crossing technique is to take your socks off, put your shoes back on, cross the river, pour out the water, put on the socks, and walk in damp but not squelching-wet footgear for a few hours. Wearing shoes helps a bit with the shocking cold of mountain streams and a lot with the treacherous footing of the streambed. Braced against the stream with a strongly planted upstream pole and an insurance pole downstream, this technique has gotten us across some tough streams, including a memorable encounter with the Upper Yellowstone in thigh-high flood.

But the Nepali guides have a different idea. They want to cross barefoot. So we too tie our shoelaces together, drape them around our necks and start across barefoot. I can feel the rocks underfoot – a mixed blessing, but good for stability. What I haven’t counted on is the way being barefoot changes the enthusiasm with which you drive your upstream pole into the river, knowing that the current will inevitably drag the point back downstream a foot or more before it hits the gravel. At least you hope it hits gravel.

When we get to Kagbeni, feet unpunctured, the Tiji festival boom is over. No one in the inn is going to Lo Manthang. Kagbeni is also on the month-long Annapurna Circuit trail, and the inn is full of guests doing some portion of tha trek. There’s a large group of mature Japanese women and men, plus a gaggle of 20-something backpackers – Germans and Russians, mainly – who’ve hooked up by chance during their last few days of the Annapurna circuit. They spend much of the evening arguing about whether to walk or take the bus next day to Jomsom, and how far to go beyond Jomsom. They finally agree to walk to Jomsom, starting at 6 a.m. One Russian boisterously puts forward first one proposal then another. He seems oblivious to the group dynamic. Sooner or later, someone needs to tell him to stop throwing out disruptive new options and to get with the program. If this is what the Russian Duma is like, I think, it’s easy to see why so many Russians voted for Putin.

This gaggle of Europeans seems as isolated from Nepal as any packaged-tour group staying at the local Hilton. A tour group may remember Kathmandu as the place with the terrible breakfast buffet, while the Europeans remember it as the place where they met a bombshell German babe, but either way, the trip is more about them than about Nepal. Maybe that’s true for all of us.

What I find interesting is that this group isn’t full of gap-year college kids. These trekkers have finished school. Many have dropped out of professional-track jobs. Some expect to pick up a new job in a few months, others lost jobs in the 2008-09 recession and are waiting for better times. But Nepal isn’t that cheap. Just to eat, sleep and indulge in the occasional beer or a bus, those backpackers must be spending $10 a day, plus airfare in the thousands of dollars. I’m not sure how many college students in the West can get their parents to underwrite the cost of a month on the Annapurna Circuit, so the trek is left to a slightly more affluent crowd. I suppose it’s no surprise that even backpacking has gone upscale as global economies converge.

Next morning, the Euro gaggle ends up leaving a little before we do, around 7. They move, like a convoy, at the speed of the slowest ship. We pass them in the first hour and soon are able to drop our packs at the Jomsom airport hotel and keep going. We’ve decided to take a day trip down the valley to a town called Marpha, also on the Annapurna circuit.

Marpha is a big change from the country we’ve been trekking through. On the way, we pass the first bit of greenery we’ve seen all trip that isn’t walled up like Ft. Knox. It’s a simple, close cropped patch of lawn that no doubt serves a pasture for the occasional horse, but unlike Mustang, the landowners aren’t consumed by fear that someone else’s goat might sneak an illicit bite. Indeed, even the walls around gardens here are lower, more symbolic and casual than in Mustang; water is clearly more abundant here.

Marpha itself is a lovely town full of white-washed stone homes with dark red frames around doors and windows. Marpha is proud of its apples, and it should be. We have an apple pie for lunch – a cinnamon flavored core of chopped apple surrounded by a flaky, deep-fried crust. I buy some yak cheese to go with it, despite anxiety about eating uncooked food. But we’ve spent the trip worrying about how to sterilize anything that passes our lips, and so far we’ve been fine. Maybe the economic convergence that makes backpacking more expensive is also slowly reducing the risk of bad water even in countries as poor as Nepal.

We head back along the road. It is a taste of what Mustang trekkers will soon experience. We can go twenty minutes with no traffic, but we can never ignore the risk that a truck or bus will come barreling around a turn. They take up so much of the road that you always have to have to be ready to jump for the side of the road if a horn sounds behind you. Even the motorcycles expect you to move if you’re in the same rut they’ve chosen. The Annapurna circuit is quickly replacing trail with dirt road, and I mentally cross it off our list of likely future hikes.

We end our hike at the airport hotel. It’s not fancy, but it does let us take our first hot shower in ten days. What a heavenly way to end our trek.

The Science is Settled: You're Just Too Bone Stupid to Live

The Institute of Medicine, part of the National Academy of Sciences, has studied the problem of how to distribute antibiotics in the event of an anthrax attack.  It’s a big problem, because, as the study confirms, the antibiotics have to be in people’s hands (mouths, really) within 48 hours of an attack.  And it may take the government almost that long to realize we’ve been attacked.  So, the scientists had a choice between recommending (1) a Big Government solution, in which the government stockpiles the antibiotics, flies them to the affected area when needed, and relies on the near-bankrupt Postal Service to get them to the right people in time, or (2) letting people have (or buy) Medkit packets of antibiotics to store at home for an emergency.

The study was funded by HHS, so you won’t be surprised to discover that the Institute recommended (1) a Big Government solution.  The main reason it gives is that you and the rest of the public are just too bone stupid to be trusted with antibiotics.  But to spare your feelings, the Institute puts it this way:  letting you have antibiotics raises “the potential for inappropriate use in routine settings (e.g., using the antibiotics to treat a cold) and the potential for widespread inappropriate use in response to a distant anthrax attack, a false alarm caused by a nonanthrax white-powder event, or some other public health emergency for which antibiotics are not indicated.” 

But, really, “too bone stupid” is pretty much what they meant.  

This is the National Academy of Sciences, of course, so they’ve got scientific evidence of our stupidity.  Like, for example, the Center for Disease Control gave more than four thousand people in St. Louis special antibiotic medkits to hold for an emergency.  Months later, they went back and collected them.  They counted the people who had engaged in “inappropriate use in routine settings.” And they found, uh, four.  Not four percent, four people.  That’s one-tenth of one percent, last time I looked. 

Apparently we weren’t as dumb as the National Academy of Sciences would like to think, so they declared that this science wasn’t settled, in fact it wasn’t even worth thinking about.  Why?  Because participants were promised a $25 gift certificate if they completed the study. According to the National Academy’s report, this promise of a gift card so tantalized the unwashed masses that they pretended to be less stupid than the scientists know we really are. So the study didn’t count.

Once all that nasty unpredictable science was out of the way, the National Academy of Sciences was free to say what it wanted to say all along:  No antibiotics for you.

But the gob-smacking foolishness of relying on government distribution of antibiotics in an emergency was simply too obvious for even the Institute of Medicine and the National Academy of Sciences to completely ignore.  So they encouraged the distribution of some medkits to some people. 

Who, you ask? 

Do you really have to?  The study tentatively recommends that the life-saving kits be issued to “some first responders, health care  providers, and other workers that support critical infrastructure, as well as their families.” Apparently medical workers aren’t too stupid to live, according to the Institute of, uh, Medicine.  And neither are government workers – those postal workers, the cops that will have to accompany them, and anybody else in government who’s smart enough to call himself a first responder (want to bet that includes the Governor?). 

And their families too, of course.  We’ll need to repopulate, after all.

Have I been unfair to the authors?  It’s possible.  I went through the report fast, and with mounting blood pressure.  So I welcome corrections. Or jokes about government health care, as you choose.

The more important question is:  What can you do to protect yourself from this astonishing bit of policy malpractice? 

Here, at least, I can praise the report, because it acknowledges, a bit grudgingly, an option I highly recommend:  Ask your doctor for a prescription for antibiotics and stash them in a cool, dark,dry place (not your warm, light, wet bathroom).  If your doctor balks, you can quote this passage from the report:

Personal stockpiling might also be used for certain
individuals who lack access to antibiotics via other timely
dispensing mechanisms (for example, because of their
medical condition and/or social situation) and who de-
cide—in conjunction with their physicians—that this is
an appropriate personal strategy. This is allowed under
current prescribing practice and would usually be done
independently of a jurisdiction’s public health strategy
for dispensing medical countermeasures.

Of course you’re supposed to persuade your doctor that you’d “lack access to antibiotics via other timely dispensing mechanisms.” I suggest reading him the part about how the Postal Service will carry out the distribution. If that doesn’t convince him, maybe you need a smarter doctor.

Photo credit: http://www.flickr.com/photos/hukuzatuna/2536746395/

Will Jeff Bezos Bring Feudal Security to the Net?

The Kindle Fire is a remarkable innovation in the Apple mold:  taking a bunch of components that are pretty well known and combining them into a powerful new experience.  But unlike Apple, Amazon’s integrating vision isn’t visual design or even user delight.  Instead it’s far more ambitious -- a new vision of the entire Internet ecosystem.

OK, let me try that again without the Valley babble.  The Kindle Fire forks Android into an Amazon-designed and Amazon–controlled operating system.  So far, no surprises. Amazon owns and subsidizes the hardware, too, so it can design features that integrate operating system and processor tightly.  Again, nothing that Apple can’t do.  But then comes the clever, almost-new idea:  Fire uses its own browser, called Silk, which is designed to work with Amazon’s massive cloud computer.  So instead of downloading web pages one after the other and opening them on your computer, Amazon’s cloud stores and even opens them, sending you the end result.  This allows speedier downloads for a couple of reasons:  Caching of popular pages (or even parts of pages) avoids download delays when the original source is overloaded; and Amazon’s cloud can handle even the most processor-intense pages instantaneously, far faster than your wheezing desktop machine.  In short, your Internet experience on the Fire ought to be lightning quick.

There’s another advantage to this new vision of what might be called the Bezosnet.  The Bezosnet ought to be a lot more secure.  One way that hackers compromise your machine is by getting you to go to malware infected sites.  Just visiting the site triggers routines that take over the visitor’s computer.  But if the routine runs, not on a visitor’s computer but in a virtual environment at Amazon’s data center, the attacker’s code isn’t likely to work. 

In fact, it looks to me as though Amazon has a remarkable security opportunity here.  It controls the Fire hardware, the Fire operating system, and the Fire user’s internet connection. If a Fire tablet joins a botnet, Amazon will know immediately. It can quarantine the tablet and alert the owner.  Indeed, it can go further, performing diagnostics to figure out and remedy the security flaw the botnet exploited. If a Fire tablet starts sending beacons or massive encrypted data files to a Chinese controller site, Amazon can spot the pattern and alert the user or even block the transmissions.  No one else, not even Apple, maybe not even DoD, will have the same ability to drive security into all parts of the Internet ecosystem.

If Amazon exploits its security opportunity, this could be transformative for users. To take one example, most people are, or should be, wary about Internet financial transactions.  Small businesses that do electronic funds transfers are at enormous risk today.  Like consumers, their machines are easily compromised, but unlike consumers, their losses to hackers are not underwritten by the banks.  That’s costing them easily hundreds of millions of dollars a year. As small businesses come to appreciate the risk, Amazon has a chance to persuade them that a dirt-cheap Amazon Fire tablet is the only safe way to access their funds.

Competitively, that could put Amazon squarely in the stream of high-value Internet transactions.  Maybe it becomes a bank.  Maybe it forces Mastercard and Visa to give it a discount because fraud on Amazon-mediated transactions is lower. Maybe it takes on Google’s relationship with advertisers, since now Amazon has insight into information advertisers really want:  what are consumers actually buying and how much are they paying? Maybe it kills the prospects of ISPs and telcos hoping to transcend dumb pipe status and exploit their direct connection to consumers; that connection won’t be much use if Amazon controls and can encrypt the entire stream of communication.

For consumers, the Fire opens up a prospect of feudal security on the Internet.  We already know that we can’t protect our own machines from attack. For all the talk of insecurity in the cloud, it’s almost certainly more secure than the decentralized system we have now. To take one example, I have a lot more faith in Google’s ability to protect my gmail account than in the ability of my system administrator to do the same for my corporate account.  And I have more faith in Amazon’s ability to spot malware infested websites than in my ability to do the same, even with help from Google and antivirus software. Yes, you’re putting all your eggs in one basket, but you’re also hiring someone to guard that basket while you get on with life. Sooner or later, to get security, it looks as though we’re all going to have to pick a liege lord and shelter under his castle walls. And now Amazon has an chance to build the first string of forts and castles across the most desirable territory.

Of course, where there’s feudalism, there’s droit de seigneur. The price for security will be, probably must be, a loss of privacy, anonymity, and control to Amazon.  Right now, Amazon’s terms of service provide some contractual anonymity to users, but as a technical matter Amazon has total visibility into everything that happens on a Fire tablet.  That visibility is very likely necessary for security, and it is damn sure valuable for commercial purposes.  So it’s hard to imagine that it won’t be used for both purposes.

I can hear the privacy Luddites cranking up their outrage machinery now.  As usual, they'll be a day late.  But they’ll also be a dollar short, at least if I’m right that the alternative to sheltering under Amazon’s walls is living out on the plains alone, at the mercy of marauders. No one will thank the data protection authority that saves us from Amazon by pushing us into the arms of the Russia Business Network. What the authorities can do is police Amazon’s terms of service and perhaps hold Amazon to any promises of security with tough new liability rules.  But, like Regulation Z, which declares that credit card fraud can’t cost US consumers more than $50, a rule imposing liability on Amazon for Internet security breaches could turn out to be an enormous market advantage (not to mention a tough barrier to entry for imitators).

All in all, then, the Fire Tablet is potentially a very big deal.  Too bad I’m too cheap to buy one.

(As always when I get into the details of security technology, I do so with considerable humility about my grasp of, well, actual technical details. This is technology poetry, not prose, and a first draft of the poetry at that. I welcome technical corrections. )

Gaga Scats

I've never much appreciated Lady Gaga. Not because she's so committed to pop, or to over-the-top personal transformations; that doesn't keep me from working out regularly to Ke$ha
 or P!nk or Britney.  The real problem was that I didn't find Gaga's hooks that good or her rhythms that compelling.

But Lady Gaga's work with Tony Bennett, on Bennett's Duets II, has changed my mind.  Singing "The Lady Is A Tramp" she turns in a great performance, hanging in there with Bennett, ad-libbing, enjoying herself, and even doing a bit of respectable scat.  

Who knew? The woman is a musician.

Photo credit: By Domain Barnyard (Lady Gaga at CES 2010) [CC-BY-2.0 (www.creativecommons.org/licenses/by/2.0)], via Wikimedia Commons

The Law of Cyberwar: What FDR, Hitler, and the Blitz Can Teach Us

I’ve just finished a longish piece on cyberwar and the role of lawyers, published in Foreign Policy magazine.  Here’s how it begins:

Lawyers don't win wars. But can they lose one?

We're likely to find out, and soon. Lawyers across the U.S. government have raised so many show-stopping legal questions about cyberwar that they've left the military unable to fight or even plan for a war in cyberspace.

...

 

And here’s the part that inspired the title of this post:

By the 1930s, everyone saw that aerial bombing would have the capacity to reduce cities to rubble in the next war. Just a few years earlier, the hellish slaughter in the trenches of World War I had destroyed the Victorian world; now air power promised to bring the same carnage to soldiers' homes, wives, and children.

In Britain, some leaders expressed hardheaded realism about this grim possibility. Former Prime Minister Stanley Baldwin, summing up his country's strategic position in 1932, showed a candor no recent American leader has dared to match. "There is no power on Earth that can protect [British citizens] from being bombed," he said. "The bomber will always get through.... The only defense is in offense, which means that you have got to kill more women and children more quickly than the enemy if you want to save yourselves."

The Americans, however, still hoped to head off the nightmare. Their tool of choice was international law. (Some things never change.) When war broke out in Europe on Sept. 1, 1939, President Franklin D. Roosevelt sent a cable to all the combatants seeking express limits on the use of air power. Citing the potential horrors of aerial bombardment, he called on all combatants to publicly affirm that their armed forces "shall in no event, and under no circumstances, undertake the bombardment from the air of civilian populations or of unfortified cities."

Roosevelt had a pretty good legal case. The 1899 Hague conventions on the laws of war, adopted just two years after the Wright brothers' first flight, declared that in bombardments, "all necessary steps should be taken to spare as far as possible edifices devoted to religion, art, science, and charity, hospitals, and places where the sick and wounded are collected, provided they are not used at the same time for military purposes." The League of Nations had also declared that in air war, "the intentional bombing of civilian populations is illegal."

But FDR didn't rely just on law. He asked for a public pledge that would bind all sides in the new war -- and, remarkably, he got it. The horror at aerial bombardment of civilians ran so deep in that era that Britain, France, Germany, and Poland all agreed to FDR's bargain, before nightfall on Sept. 1, 1939.

Nearly a year later, with the Battle of Britain raging in the air, the Luftwaffe was still threatening to discipline any pilot who bombed civilian targets. The deal had held. FDR's accomplishment began to look like a great victory for the international law of war -- exactly what the lawyers and diplomats now dealing with cyberwar hope to achieve.

But that's not how this story ends.

...

Flight search done right

I find even good flight search sites, like Hipmunk, Yapta, and Kayak, a little frustrating.  Now Google Flight Search is getting ready to do what Google does best – transform Internet tools for free. Google's new travel search service is the first fruit from its acquisition last year of ITA Software, a travel search firm. 

Lots of travel sites trembled when Google bought ITA.  And well they should. 

This thing is cool. 

You kind of have to explore it yourself, but the visualization tools are excellent and will save you money.  Example: A weekend trip Burlington from Washington would cost $845 right now.  Last time I took that trip, I had to fly to Albany and drive to get a decent fare.  Now, thanks to Google Flight’s visualization of future weekend fares, I’ve discovered that United will sell me a $219 weekend ticket from Dulles to Burlington if I just make reservations about a month in advance.  (To see this example, go to the search page for that trip and click on the little calendar icon on the top right side of the page.)

That’s the kind of thing you could learn from the other sites only by laboriously typing dates over and over again, then waiting to see what turned up. With Google Flight, the low fare just jumps out at you.  There’s lots more geeky fun to be had with other tools, too. 

Poisoning the Hamburger Helper

The Obama Administration’s legislative proposals on cybersecurity are a distinctly mixed bag.  But probably the worst ideas are those put forward by the Justice Department, which last week testified about the need to update the Computer Fraud and Abuse Act. 

Again.

In fact, for the eleventh time since it was adopted in the 1980s.  We've seen this movie. Every time Congress gets exercised about cybersecurity, the Justice Department claims that the CFAA needs to be updated.  But “updated” almost always turns out to be a euphemism for “made more prosecutor-friendly.”

Justice’s latest proposals fit squarely into this mold.  Justice wants to create a new crime, hacking a critical infrastructure computer, with a mandatory minimum sentence of three years.  It wants to impose the same penalties on conspiracies and attempts as on successfully completed crimes.  It would get rid of first-time offender provisions in sentencing, increase sentences in general, allow civil forfeiture of hackers’ real estate, and make violation of the CFAA a RICO predicate, which would allow heightened penalties and private civil suits against violators.

Well, you might ask, why not get tough with hackers?  Surely we shouldn’t be playing pattycake with Anonymous and Lulzsec, let alone the foreign hackers endangering our national security.  That’s true, but the problem we have with those hackers is not the weakness of our criminal penalties but the fact that, most of the time, we can’t find them.  Until we do a better job of breaking the anonymity that protects them, increasing penalties for criminals we don’t catch will not make much difference. 

Take a look at the website where Justice maintains a representative list of its most significant prosecutions.  What’s striking is how few prosecutions it has to brag about – less than 50 – and how few of those (maybe half) represent cases in which we actually caught the kind of remote hackers we’re most threatened by. I’m willing to bet that there is no other federal criminal law that has been amended so often in prosecutors’ favor with so few successful prosecutions to show for it. 

The latest amendments are more of the same:  Shooting in the dark with a bigger gun. As protections against cyberattack, these amendments are useless.  They are added to the administration’s package mainly to give it the appearance of heft.

They are the legislative equivalent of Hamburger Helper.

Actually, they're worse than that.  The RICO provision is far more dangerous than it first appears. To explain, I’ll need to repeat some of what Orin Kerr has been saying for years, so if you’re already familiar with that, you can skip the next ten paragraphs.

***

As I’ve said, the remarkable growth in cyberattacks over the last quarter century has enabled Justice to turn the CFAA into what may be the most prosecutor-friendly criminal statute on the books.  What does “prosecutor-friendly” mean in practice?  That any competent prosecutor can find a way to indict and convict anyone who does anything Really Bad with a computer. 

With the CFAA, that’s mission accomplished:  The law imposes harsh criminal penalties on anyone who accesses a protected computer “without” or “in excess of” authorization.  The definition of a “protected computer” has been expanded until it covers any computer used in interstate or foreign communication, which in the Internet age is, well, every computer. As a practical matter, then, you can be indicted any time you do something on a computer that isn’t authorized. That term isn’t defined, but you can bet that if you do something Really Bad with a computer, it will turn out to be unauthorized.

Take Lori Drew, an overprotective, nasty mother who created a fake teenage-boy identity on MySpace in an effort to humiliate her daughter’s teenaged frenemy.  The scheme worked so well that the teen killed herself.  There’s no doubt that Lori Drew’s behavior was Really Bad, and it involved computers, so federal prosecutors decided it must violate the CFAA. And, mirabile dictu, it did.  By using a fake identity, Drew had violated MySpace’s terms of service, which meant that she had accessed a MySpace computer “in excess of” authorization. Drew was convicted, although in the end, with Orin Kerr’s help, the guilty verdict was overturned.

This kind of prosecutorial overreach is an inherent risk of the CFAA, given its reliance on the slippery concept of authorization.  As some civil liberties groups recently pointed out, the CFAA at its heart makes it a federal crime to violate a private contract, even a contract of adhesion like a social network’s terms of use:

If, for example, an employee photocopies an employer’s document to give to a friend without that employer’s permission, there is no federal crime (though there may be, for example, a contractual violation).  However, if an employee emails that document, there may be a CFAA violation.  If a person assumes a fictitious identity at a party, there is no federal crime.  Yet if they assume that same identity on a social network that prohibits pseudonyms, there may again be a CFAA violation.

I don’t want to be too hard on the drafters of the CFAA;  they faced a tough drafting problem.  Hackers cause terrible harm, but the things they do aren’t all that different from the things legitimate users do.  Legitimate users open files, modify code, install programs, and send data to remote sites.  So do hackers.  We know the difference between the two, but it’s not easy to express that difference without falling back on the notion that the good guys are authorized to do those things and the bad guys aren’t.

I think this means that any statute that criminalizes hacking is likely to be either too broad or not broad enough.  Congress chose broad language to make sure that hackers couldn’t get off on a technicality, but in the process it gave Justice enormous prosecutorial discretion. Justice Department official James Baker gave a persuasive defense of the "authorization" test in last week's testimony.  But the Department’s misuse of its broad discretion in the Lori Drew case suggests a need for greater accountability and discipline within the Department.  Requiring that the head of the Criminal Division sign off on all such cases -- and take the blame if they turn out badly -- may be a more workable solution than taking away the prosecutors’ discretion by changing the law.

Remarkably, though, that isn't even the worst problem created by the CFAA.  The law also creates a private cause of action, handing a big legal weapon to everyone from the RIAA to the Church of Scientology.  And private parties aren’t exactly showing a lot of restraint.  According to the Center for Democracy and Technology, at least one company has brought a CFAA counterclaim in a pregnancy discrimination case, seeking damages under the Act because its employee acted in excess of authorization on the corporate network.  What did she do?  She violated a corporate proscription on “excessive Internet use.”  Equally abusive is a case that Orin Kerr has pointed out – Sony’s threat to sue PS3 hackers because they used their own computers in violation of Sony’s licensing restrictions.

Maybe back in the 1980s, Congress thought that creating a civil action would unleash the plaintiff’s bar on real hackers.  If so, Congress was deluded. 

Civil CFAA lawsuits have proliferated but by and large they aren’t being filed against people who hack into systems.  Instead, they’re being brought by corporations against employees thought to have downloaded too much information from the corporate network before quitting.  They’re being brought by websites to keep competitors from using “scraper” software to collect their pricing data. Maybe those are bad things.  If so, they’re probably already torts under state law, and it’s hard to see why the cases should be in federal court.  And if they aren’t torts under state law, well, it’s even harder to see why they should be in federal court.  It’s the law of unintended consequences run amok.

***

OK, that’s the Gospel According to Orin Kerr. Now back to the latest proposal from Justice. 

Justice wants to make the CFAA one of the federal crimes that qualify as “racketeering activity” under the Racketeer Influenced and Corrupt Organizations Act, or RICO.  This would add RICO prosecutions to the long list of get-tough measures that Justice rarely uses against actual hackers because, well, because it can't catch most actual hackers.   

But that doesn't mean the amendment would have no effect.  Because, like the CFAA, RICO creates a private cause of action against RICO violators.  Actually it’s not just a private cause of action.  It’s a bonanza. Plaintiffs can recover treble damages plus attorney’s fees by bringing suit against “racketeers.” And what do you know, just like CFAA civil suits, it turns out that most RICO civil suits have been brought against ordinary businessmen, “rather than against the archetypal, intimidating mobster,” according to the Supreme Court. 

The Supreme Court and Congress have struggled for decades to curb abuses of civil RICO.  Now, almost casually, the Justice Department proposes to open another can of RICO liability for unintended defendants.  

How would that happen?  First, treble damages under civil RICO can be claimed by any person “injured in his business or property by reason of” a RICO violation.  18 U.S.C. § 1964(c).    A violation of RICO occurs, inter alia, when a “person employed by or associated with any enterprise engaged in” interstate or foreign commerce participates, “directly or indirectly, in the conduct of such enterprise’s affairs through a pattern of racketeering activity.”  (Sorry for the dense language; it may help to parse the language by thinking of a mobster who acquires partial ownership of a legitimate “enterprise” through threats of violence. He would be squarely covered by the provision, as long as he committed a  pattern of racketeering activity –- that is, more than one predicate crime.  But the words will sweep in far more conduct than classic mobster tactics, especially if Justice gets its way and violating the CFAA becomes a predicate offense.)

Pulling these elements together, let’s look at what the Justice Department’s proposal would mean for some of the unnecessary federal litigation now being brought under the CFAA.  We can start with the employer lawsuits against departing employees.  Employers who want to turn their CFAA claims into much more potent RICO claims would have to show that the departing employee committed two CFAA violations, which should be easy, since every unauthorized download is a new offense.  And, they'd have to show that they were injured in their business by reason of the racketeering; this they can do by showing the same damages that supported the CFAA case.  In short, on a quick look, the Justice Department seems to have created a massive incentive for companies to sue departing employees, and perhaps the companies they join, as racketeers.  Anyone who has a plausible CFAA case today will have a plausible RICO case once Justice gets its amendment. 

Okay, another one: How about CDT’s favorite case – the pregnant worker accused of a CFAA violation because of excessive Internet use?  Well, she probably violated the rule on Internet use more than once, which makes for a pattern of racketeering, and she’s employed by an enterprise, in whose affairs she participated by misusing its computers.  The enterprise has been injured, too, by virtue of not getting her full attention at work.  What do you know? She sounds like a racketeer too!  It would be malpractice not to hit her with a counterclaim for treble damages and attorneys’ fees.

(At this point, you may be wondering why the Obama administration, of all administrations, wants to give employers even heavier litigation weapons to use against their employees. Beats me.  Maybe it has something to do with trial lawyers.  Maybe it's just prosecutorial myopia.  James Baker's testimony doesn't even acknowledge the issue.)

OK, let’s try a harder problem.  You’re a copyright holder -- Jon Stewart, say -- and you’d like faster takedowns and more respect from YouTube.  Posting copyrighted material on YouTube is a violation of law and can lead to termination of your YouTube account.  The Lori Drew case tells us that the people who post clips in violation of that policy are using YouTube’s computers “in excess of authorization.” That’s a CFAA violation.  Do it twice and it becomes a pattern of racketeering, at least if Justice gets its way.  Now, the people doing the posting aren’t employees of YouTube, but they are “associated with” the YouTube enterprise, and they are participating indirectly in the conduct of YouTube’s affairs by virtue of their shocking CFAA violations.  What’s more, the Daily Show can claim injury in its business because it has lost viewers and ad revenue.  Presto!  Another racketeer takes the fall.  Maybe they’ll name Google as a co-conspirator just to keep it on its toes. 

Oh, and what about you, dear reader?  Have you ever violated the terms of service on a website?  Hell, have you ever read them?  C’mon, I’ve seen the comments on my privacy and TSA posts. Are you sure yours didn’t violate the site’s proscription on “abusive or denigrating comments”?  Cause if you did it twice, that’s a predicate, and this blog is an interstate enterprise that you are associated with and in whose affairs you are participating by virtue of your appalling violations of the terms of use and thus of the CFAA.  Best of all, the blog has what strikes me as a pretty upscale readership.  Treble damages and attorney’s fees would go a long way toward finally monetizing my blogging habit. 

(Had you going there, huh?  Actually, this blog doesn’t have any terms of use for commenters, so fire away. You’re safe.)

I’m not a RICO lawyer, thank God, so maybe I’m oversimplifying what it takes to make out a civil RICO suit.  But, what the hell, the lawyers representing departing or pregnant employees aren’t RICO lawyers either.  If the claim against them is plausible on its face, they will face overwhelming pressure to settle, quite possibly by abandoning good claims, especially if their next employer is dragged in as a co-conspirator.  Ditto for the YouTube uploaders.

And in exchange for all this uncertainty and injustice, what benefit can we expect in fighting actual criminals?  About as much as we’ve gotten from the CFAA’s private right of action, which is nothing, and from RICO’s private right of action, which is less than nothing. 

This is Hamburger Helper with a dose of cyanide.  

 Photo credits:

http://www.flickr.com/photos/arkangl/with/4709166389/ 

http://www.flickr.com/photos/like_the_grand_canyon/3853938360/lightbox/ 

Cyberwar: Iran's Counterattack?

Iran is to cyberwar what 1930s Spain was to airwar – contested ground where everyone tries out new technology and tactics.  After being on the receiving end of Stuxnet, which sabotaged the Natanz enrichment plant and showed that cyberweapons could replace cruise missiles, it looks as though the Iranian government has gone on the offensive.

The Dutch government’s electronic certification authority, DigiNotar, was compromised by a hacker in July of this year.  DigiNotar handled the hack badly, trying to fix the problem without disclosing it. As a result, DigiNotar's credentials are being revoked by all of the major browsers.  This means that most web users will not be able to verify the bona fides of any site that DigiNotar has vouched for.  That includes a lot of Dutch government sites, and there are some reports that the Dutch government is leaning on Microsoft to keep the credentials operative for another week.  It also means that DigiNotar will be either out of business or buried in lawsuits that could also reach its parent, VASCO Data Security International.

The hacker who pulled off the compromise has posted messages claiming that the hack was revenge for Dutch peacekeepers’ surrender of thousands of Muslim men to Serb militias during the Balkan wars; the men were executed. The hacker says nothing about Iranian government sponsorship.

So why do I think the Iranian government was involved?

To understand that requires a bit of background about the role of certificate authorities on the Internet.  One of Netscape’s cleverest technological innovations was its solution to the problem of Internet eavesdropping.  It used public key encryption to encrypt the channel between a website and each user.  The user could look up a site’s public key and use that key to encrypt all of the user's communications with the site.  (I’m oversimplifying here, but that’s the idea.)

The only problem was that the system was open to a “man in the middle” attack, where Mallory turns what's meant to be a secure link between Alice and Bob into two secure links with himself as a secret hub and Alice and Bob as unsuspecting spokes.

Put another way, if an Iranian user asks Google for its public key, and he uses it to encrypt his communications, how does he know that he's really using Google’s key?  If the Iranian government wants to read his Gmail, it could intercept his request and send him its own key.  He’d set up a secure channel with the government, which would then simply pass his login credentials on to Google.  For the rest of the session the government would sit in the middle, reading and passing on all the packets from both sides of the transaction.  Not good.

To prevent that, Netscape decided to bake a set of public keys into its browser.  The companies with the baked-in keys were certification authorities.  They could issue certificates vouching for the credentials of every site that wanted to offer secure, encrypted communications. 

It was a great system, lightweight and very secure.  But only if the certification authorities kept their credential-signing process completely secure.  If they didn’t, then users would not know who was at the other end of the line, the website they wanted or a man in the middle.

Occasionally, of course, some fraudster would use fake documents to persuade a certification authority to sign credentials for a site the fraudster didn’t own.  That sort of thing could be fixed pretty easily.  Browser providers had already recognized that there had to be a way to revoke website certificates obtained by fraud, so browsers now do an online check each time they use a certificate; in essence, they ask an online server whether the certificate they are about to use has been revoked. So a single fraudulently obtained credential can be rendered harmless as soon as the fraud is discovered.

What happened to DigiNotar was not so easily fixed.  It appears that the hacker gained control of the credential-signing process for some weeks during July of this year, and he signed credentials for hundreds of online sites, including Google, Microsoft, and the CIA.

Now, that’s deeply embarrassing, and it probably would have been enough on its own to spell the end of DigiNotar.  But what came next was even worse. 

Starting in August, according to investigators, online revocation checks for DigiNotar certificates jumped. Suddenly lots of people wanted to know whether the DigiNotar certificate for Google had been revoked.  This meant that hundreds of thousands of users were sure that DigiNotar was the authority that had signed Google’s credentials.  (In fact, Google signs its own credentials.) And 99% of the users asking about DigiNotar's certificate for Google came from Iran. (Even the 1% of requests that didn’t come from Iran seem to have come from proxies and TOR routers in other countries, meaning they too could have been Iranian users.)

Clearly a lot of Iranian users had been fooled into thinking that DigiNotar had issued Google’s credentials.  I can only think of one way that could happen – if the Iranian government and ISPs were systematically intercepting packets bound for Google and saying, in effect, “I’m Google. Here are my credentials, signed by DigiNotar.  Let’s go secure and foil any eavesdroppers.” The user’s browser would say, “Wait a minute while I check to make sure DigiNotar hasn’t revoked your DigiNotar credentials, Google… Ok, you check out, let’s talk.”  As soon as the user started sending his login name and password to the fake Google, the middleman would use those credentials to log in to Google, which would set up a secure communications channel with the middleman.  The entire session would be encrypted unbreakably at every point in the chain save the one that mattered:  the government listening post in the middle. The Iranian government would be sitting pretty -- Mallory between Alice and Bob.

Some observations, mostly additional reasons for thinking that this was an Iranian government operation, and what that means: 

• The notes posted by the DigiNotar hacker make him sound like a flake and a braggart, hardly the kind of postings you’d expect from the Iranian secret police. Maybe this is misdirection, or maybe he pulled off the exploit and then handed over his loot to the Iranian government, voluntarily or involuntarily. But the implementation of the man-in-the-middle attack was so quick and so smooth that it looks to me as though the hacker was working with the government from the start.
• The same hacker who compromised Diginotar claims to have carried out attacks on Comodo and Globalsign, two other certification authorities. Both companies agree that they were hacked, although Globalsign is not admitting that its credentials were compromised. Again, compromising certification authorities is a great idea if you're in the business of man-in-the-middle attacks; otherwise it's got mostly nihilistic look-at-me-trashing-your-infrastructure appeal, which might make you wonder why this hacker has specialized in such attacks if he doesn't work for the government.
• If this were an Iranian government op, the websites for which fake credentials were issued should be an Iranian government wish list -- all the places where it most wants to be in the middle between the site and Iranian users. If so, the point of the fake CIA certificate wasn't help hackers break into the CIA's network. The point was to impersonate the CIA on line – to lure dissidents into setting up an apparently secure communications channels with a foreign intelligence service.  Iranian government paranoia about the CIA’s influence is so profound it’s almost flattering, and the Iranian government probably is kidding itself that the election protests were the result of foreign meddling, not the government’s unpopularity. 
• In fact, the domains whose credentials were falsified do seem to be a kind of museum of Iranian government paranoia. Along with Google, Microsoft, and the CIA, the hacker made fake credentials for Mossad, MI6, Facebook, Skype, WordPress, Twitter, azadegi.com (an Iranian dissident site in Persian), Walla.co.il (a site in Hebrew), torproject.org, and Yahoo, along with others.  The full list is here.  In some ways, it’s an honor roll.
• It's also a tell -- more evidence that the attack on DigiNotar was government sponsored.  After all, if the DigiNotar hacker was really acting on his own, without government guidance, how did he manage to create so many certificates that would have so much value for an Iranian government man-in-the-middle attack?
• If this is cyberwar, it's an Iranian government war against its own people.  And a very dangerous one. The flood of revocation checks coming from Iran continued all through August, meaning that anyone in that country who logged on to Gmail or Hotmail or the other honor-roll sites has probably lost control of everything – not just emails they sent in August but their passwords, their stored emails, their stored files, anything that could be accessed by passwords they used in August.
• As a result, DigiNotar’s security breakdown could foretell a new human rights disaster, with hundreds of thousands of victims. And, since we know the IP addresses that checked DigiNotar’s certificates, we could probably identify each victim individually.
• Which raises this question: We know from the online revocation checks that three hundred thousand Iranian users were fooled into using fake  DigiNotar certificates for Google. The same information should be available for Microsoft, Facebook, and every other fake certificate that was issued by the hacker.  Those numbers are the big story, and I don't understand why reporters have dropped the ball on it, unless they don't appreciate its significance.
• Mozilla has done a particularly good job of dealing with this issue, communicating more details earlier than most browser companies. Most recently, it called on the certification authorities it bakes into its browser to audit their security -- and to put automatic blocks on some of the names, such as Google or Facebook, that are most likely to inspire man-in-the-middle attacks and least likely to change certificate authorities on short notice.  In contrast, Apple handled the whole affair pretty badly, taking days longer than the other big browsers to announce that it was revoking DigiNotar's credentials.
• Iranian dissidents probably could protect themselves from these attacks by installing a browser extension called CertPatrol, which warns you if a site you've visited before has suddenly changed its certificate authority.  CertPatrol likely would have told all those Gmail users that, instead of going to a "Google" site that Google vouched for, they were instead going to a "Google" site that DigiNotar vouched for. They could also protect their Google account by turning on Google's two-step verification process, which won't let you log on from strange IP addresses until you've typed in a separate code sent directly to your phone.

As always when I venture too far into technical territory, I am quite aware that there are fine points I may be missing.  I welcome corrections and comments.

Better Swatch What You Say

Earlier this year, Bloomberg reporters sneaked onto a conference call that Swatch held with invited securities analysts.  The reporters taped Swatch executives’ two-hour exchange with the analysts, even though the call-in preliminaries included warnings that the call would be recorded for Swatch and that no other recordings should be made. When Bloomberg started selling its own transcript of the call, Swatch sued.

You might think that Swatch had some sort of privacy claim – that Bloomberg violated the wiretap or computer hacking laws.  In fact, though, Swatch registered its recording of the call with the US Copyright Office and sued Bloomberg for infringement. 

Bloomberg’s actions are controversial, for sure.  But how can copyright extend this far?  We live in a world where more or less everything can be recorded. If Swatch has a copyright claim here, what about former Senator George Allen? Having learned from his macaca moment six years ago, can he announce that he’s recording all his campaign events, so no one else can?  What about a police officer who objects to bystanders using their phones to film him in action?  Can he point to his cruiser-cam and accuse the bystanders of infringing copyright? 

That seems to be the view of Manhattan federal judge Alvin Hellerstein, 78, who approved Swatch’s copyright claim with little display of concern about its implications.  Denying the motion to dismiss, Judge Hellerstein blandly found that Swatch had met the requirements for claiming copyright: (1) the call was “fixed” on tape and (2) Swatch executives had exercised creativity during the call.  (Point 2 might give Swatch investors pause, of course, but that’s a different question.) 

Bloomberg will be free to assert a “fair use” defense at trial, but that’s cold comfort, especially if, as I suspect, Swatch’s registration of copyright allows it to seek massively punitive statutory damages.

You might think that Judge Hellerstein was forced into this unappetizing precedent by a broadly written copyright law?  But he wasn't.  In fact, the statute as written seems to require that Swatch give Bloomberg and everyone else 48 hours’ notice before Swatch could turn the call into a copyrighted performance.  But the court adopts Nimmer’s view and refuses that reading of the statute because limiting copyright damages claims “would serve no purpose.” 

And I suppose that’s true, as long as you can’t imagine the law serving any purpose other than enforcing copyright.

Mea Minima Culpa

At Ben Wittes's request, I've put up a post on Lawfare reflecting on the things I got wrong in the days after 9/11. I can't pretend it's much of an apology.  Here's the gist:

First, I misread the willingness of the press and the Pulitzer committee to stop celebrating disclosures of classified information. A few years later, two New York Times reporters Eric Lichtblau and James Risen, were actually awarded a Pulitzer for blowing the secrecy of the Bush administration anti-terror wiretap program.  given the doubts about its legality, that’s understandable.  But the same two reporters, along with the Times itself, shortly thereafter disgraced themselves by disclosing a secret Treasury Department program that tracked terrorist finances — a disclosure they made despite a complete lack of either scandal or illegality.

The second thing I got wrong was thinking that the press still mattered in the same old way.  I thought that the only way to influence the national conversation about terrorism was to persuade the editors of the Times to expand their Circle of Respectable Opinion to include a greater concern for security. Instead, the months after 9/11 created massive demand for independent bloggers who were willing to highlight stories and analyses that the press was filtering out. And so began a hemorrhage of readers, a loss of indispensability, that would fatally undercut the hold that mainstream media had on the national attention.

In an odd way, the two errors are connected.  Because the mainstream media didn’t take its loss of influence well.  In fact, it acted like a country parson who begins to deliver fire and brimstone sermons as his flock starts to dwindle. Remember the New York Times’s endless campaign in 2002 against the Augusta Country Club for, um, something or other? Its attack on Bush’s antiterror programs was part of that same doubled-down bet. But the mix of self-righteousness and flop sweat that infected the Times gradually forced anyone with views to the right of Manhattan’s Upper West Side to look elsewhere for news judgment.

Gut Feeling

This just in: The right kind of bacteria in your gut can literally change your mind – reducing anxiety in stressful situations.  Now we know why they call it intestinal fortitude. Because it is.

NYPD's Antiterror Tactics -- and Federal Turf

I have an op-ed in the NY Post, commenting on the role that bureaucratic turf fights may play in the Associated Press story looking for scandal in NYPD's counterterrorism efforts after 9/11. 

Here's a sample:

When you’re done [with the story], you find that NYPD is uniquely determined to find terrorists before they strike.  To do that, NYPD is willing to go far outside its borders -- to London, to Jerusalem, even to New Jersey.

It partners with counterterror analysts at the CIA.  It looks for leads in places where terrorists have been found before – in immigrant communities and in mosques, for example – and it doesn’t give terrorists a haven where they know the cops can’t  go.  It takes advantage of its diversity by asking its officers to hang out in communities where they blend in.  It recruits street sources wherever it can find them. It maps the neighborhoods it’s most concerned about.

Shocked yet?

Me neither. 

So what gives? How come we’re getting this story, at this length, at this time?

One possibility is turf.... 



Trekking in Mustang, Part 10

 

Wednesday, May 25

We are leaving the last of Tibet behind today, descending from Chelle to the floor of the Kali Gandaki. To extract the maximum up-country time from our territory permit, we’ve left ourselves a single day to get to Kagbeni from Chelle – a hike that took two days on the way in.

It is a demanding day, in part because our guide wants to get as much hiking in before noon, when the winds will surely be raging up the river valley. So we plough on with only a couple of occasional five-minute stops at the top of steep climbs. The good news is that I can feel the altitude change. My legs get as tired as ever, but the sense that every step requires a special breathing rhythm is gone. Even on the steepest uphills, running out of breath is rare. Other symptoms, such as a hacking cough, also recede as we drop below 3000 meters for the first time in a week.

The Kali Gandaki remains as remarkable as ever. The valley floor is so flat and barren that it looks almost like a reservoir of stones -- as though a dam had been constructed downstream and the gravel and rocks had somehow floated to the top. This is more or less what environmentalists tell us will eventually happen to Lake Powell and other big hydropower lakes; they’ll fill with debris. I’m sure that they’re right to tell us how terrible that will be, but if the floor of the Kali Gandaki is any guide, it will also produce some dramatic landscapes.

Toward the end of the day, we drop to the floor of the Kali Gandaki. It is not as flat as it looks from a distance. Rocks slip under our feet with each step, and old channels, now dry, make the footing unpredictable. Worse, the bridge we used to cross the river has washed away. We have a choice – wade or climb back to the road running high along the valley wall,

By now, I’m damned if we’ll climb these cliffs one more time. The water is swift but not deep, perhaps a bit above our knees. With poles, that’s usually safe, though pushing things if the current is very strong.

The standard Western stream crossing technique is to take your socks off, put your shoes back on, cross the river, pour out the water, put on the socks, and walk in damp but not squelching-wet footgear for a few hours. Wearing shoes helps a bit with the shocking cold of mountain streams and a lot with the treacherous footing of the streambed. Braced against the stream with a strongly planted upstream pole and an insurance pole downstream, this technique has gotten us across some tough streams, including a memorable encounter with the Upper Yellowstone in thigh-high flood.

But the Nepali guides have a different idea. They want to cross barefoot. So we too tie our shoelaces together, drape them around our necks and start across barefoot. I can feel the rocks underfoot – a mixed blessing, but good for stability. What I haven’t counted on is the way being barefoot changes the enthusiasm with which you drive your upstream pole into the river, knowing that the current will inevitably drag the point back downstream a foot or more before it hits the gravel. At least you hope it hits gravel.

When we get to Kagbeni, feet unpunctured, the Tiji festival boom is over. No one in the inn is going to Lo Manthang. Kagbeni is also on the month-long Annapurna Circuit trail, and the inn is full of guests doing some portion of tha trek. There’s a large group of mature Japanese women and men, plus a gaggle of 20-something backpackers – Germans and Russians, mainly – who’ve hooked up by chance during their last few days of the Annapurna circuit. They spend much of the evening arguing about whether to walk or take the bus next day to Jomsom, and how far to go beyond Jomsom. They finally agree to walk to Jomsom, starting at 6 a.m. One Russian boisterously puts forward first one proposal then another. He seems oblivious to the group dynamic. Sooner or later, someone needs to tell him to stop throwing out disruptive new options and to get with the program. If this is what the Russian Duma is like, I think, it’s easy to see why so many Russians voted for Putin.

This gaggle of Europeans seems as isolated from Nepal as any packaged-tour group staying at the local Hilton. A tour group may remember Kathmandu as the place with the terrible breakfast buffet, while the Europeans remember it as the place where they met a bombshell German babe, but either way, the trip is more about them than about Nepal. Maybe that’s true for all of us.

What I find interesting is that this group isn’t full of gap-year college kids. These trekkers have finished school. Many have dropped out of professional-track jobs. Some expect to pick up a new job in a few months, others lost jobs in the 2008-09 recession and are waiting for better times. But Nepal isn’t that cheap. Just to eat, sleep and indulge in the occasional beer or a bus, those backpackers must be spending $10 a day, plus airfare in the thousands of dollars. I’m not sure how many college students in the West can get their parents to underwrite the cost of a month on the Annapurna Circuit, so the trek is left to a slightly more affluent crowd. I suppose it’s no surprise that even backpacking has gone upscale as global economies converge.

Next morning, the Euro gaggle ends up leaving a little before we do, around 7. They move, like a convoy, at the speed of the slowest ship. We pass them in the first hour and soon are able to drop our packs at the Jomsom airport hotel and keep going. We’ve decided to take a day trip down the valley to a town called Marpha, also on the Annapurna circuit.

Marpha is a big change from the country we’ve been trekking through. On the way, we pass the first bit of greenery we’ve seen all trip that isn’t walled up like Ft. Knox. It’s a simple, close cropped patch of lawn that no doubt serves a pasture for the occasional horse, but unlike Mustang, the landowners aren’t consumed by fear that someone else’s goat might sneak an illicit bite. Indeed, even the walls around gardens here are lower, more symbolic and casual than in Mustang; water is clearly more abundant here.

Marpha itself is a lovely town full of white-washed stone homes with dark red frames around doors and windows. Marpha is proud of its apples, and it should be. We have an apple pie for lunch – a cinnamon flavored core of chopped apple surrounded by a flaky, deep-fried crust. I buy some yak cheese to go with it, despite anxiety about eating uncooked food. But we’ve spent the trip worrying about how to sterilize anything that passes our lips, and so far we’ve been fine. Maybe the economic convergence that makes backpacking more expensive is also slowly reducing the risk of bad water even in countries as poor as Nepal.

We head back along the road. It is a taste of what Mustang trekkers will soon experience. We can go twenty minutes with no traffic, but we can never ignore the risk that a truck or bus will come barreling around a turn. They take up so much of the road that you always have to have to be ready to jump for the side of the road if a horn sounds behind you. Even the motorcycles expect you to move if you’re in the same rut they’ve chosen. The Annapurna circuit is quickly replacing trail with dirt road, and I mentally cross it off our list of likely future hikes.

We end our hike at the airport hotel. It’s not fancy, but it does let us take our first hot shower in ten days. What a heavenly way to end our trek.

China Discloses Its Own Cyberattacks on National TV?

It appears that Chinese TV inadvertently disclosed custom-built software in the act of attacking Falun Gong websites.  In a story that originally broke on Falun Gong media outlets but has since been corroborated by others,  background footage from a government-run channel’s documentary “showed a piece of custom-built CIt appears that Chinese TV inadvertently disclosed custom-built software in the act of attacking Falun Gong websites.  In a story that originally broke on Falun Gong media outlets but has since been corroborated by others,  background footage from a government-run channel’s documentary “showed a piece of custom-built Chinese software actually launching a cyberattack against a U.S. target.” According to Security News Daily,

The clip shows a Chinese-language dialogue box with two drop-down menus, which, according to The Epoch Times, give users the option of selecting which IP addresses or specific websites to attack, followed by a button labeled, "Attack." The text above atop the software tool translates to "Select Attack Destinations," and is credited to the Information Engineering University of China's People's Liberation Army. In the video, which can be seen in its entirety here, the perpetrators apparently use or spoof an IP address belonging to the University of Alabama at Birmingham to attack Minghui.org, the main website of the Falun Gong, a Chinese spiritual practice banned in its homeland.

(The University later offered this statement: "It is impossible to tell how old the archival footage used in the military technology program is. UAB decommissioned the website in question in 2001. It appears from the Chinese video that the purpose was not to launch an attack from that website, but to block access to it. We are not aware of any attack, current or historical, involving that IP address.” )

What gives?  Are the Chinese dumb enough or insouciant enough to disclose on national TV a cyberattack program so well established that it has its own purpose-built software?  Ordinarily, we'd be left with no answers beyond this rather unsatisfying news story.  But the involvement of an American IP address almost certainly gives US prosecutors authority to investigate the incident as a possible violation of the Computer Fraud and Abuse Act.  

And right now, the website of the US Attorney in the Northern District of Alabama is highlighting such achievements as “Federal Judge Sentences Hueytown Tax Preparer To 2 ½ Years In Prison.” I’m guessing that, compared to policing Hueytown tax preparers, going after Chinese cyberattacks might look pretty good to federal investigators in Birmingham.

So perhaps someday we’ll get more definitive answers about that 6-second clip.

Trekking in Mustang, Part 8

Monday May 23

Four hours of hard hiking with few stops takes us to Shyangmochen. We are back on the same trail we took on the way in, and we’re staying in the tearoom where we had lunch on our way to Gheling.

It seems a lot softer and more civilized on the way out than it did when we stopped for lunch so many days ago It has a hot water shower that actually gets above tepid (though the air temperature makes it a challenge not to lose all the warmth of the shower and then some while drying and dressing.) The lunch table is set up directly beneath a traditional Mustang skylight. There are electric lights and even a couple of power outlets. The beds and pillows have sheets and pillow cases. Really, it’s practically the Ritz.

Perhaps energized by the slightly lower altitude and the half day of hiking, I decide it’s time to wash a bunch of clothes. The village’s washing is done at the community tap, fed in an endless stream that flows out of the irrigation system. And back into it, for that matter, since any water that flows from the tap is recaptured for the crops downhill.

 

I share the tap with several women who are obviously better at this than I. They bring big metal bowls that they fill with soap, clothes, and water, working up an impressive lather while I’m rubbing a bit of hand soap into my clothes, one sock at a time. It doesn’t take long for me to learn what seems to be a universal female phrase for, “If you’re done messing about in a typically useless male way, would you reconnect the hose so we can get about our business?” I also learn not to stand about downwind of the tap when they’re vigorously rinsing.

The best part of doing the wash is the drying. The afternoon wind is again hitting 50 mph and the sun is out. I hang the wet clothes on a metal wire clothesline. It’s very satisfying when hiking to have reasonable confidence that in the morning your clothes will be not just cleanish but that you won’t be putting them on wet, which tends to take the joy out of clean clothes.