The Kaseya Ransomware Attack Is a Really Big Deal

Screen Shot 2021-07-19 at 2.26.52 PM
(Managed Service Provider image by the Canadian Centre for Cybersecurity)

Matt Tait, as normal, has good insights into just why the Kaseya ransomware attack1 was such a big deal:

In short, software supply chain security breaches don’t look like other categories of breaches. A lot of this comes down to the central conundrum of system security: it’s not possible to defend the edges of a system without centralization so that we can pool defensive resources. But this same centralization concentrates offensive action against a few single points of failure that, if breached, cause all of the edges to fall at once. And the more edges that central failure point controls, the more likely the collateral real-world consequences of any breach, but especially a ransomware breach will be catastrophic, and cause overwhelm the defensive cybersecurity industry’s ability to respond.

Managed Service Providers (MSPs) are becoming increasingly common targets. It’s worth noting that the Canadian Centre for Cybersecurity‘s National Cyber Threat Assessment 2020 listed ransomware as well as the exploitation of MSPs as two of the seven key threats to Canadian financial and economic health. The Centre went so far as to state that it expected,

… that over the next two years ransomware campaigns will very likely increasingly target MSPs for the purpose of targeting their clients as a means of scaling targeted ransomware campaigns.

Sadly, if not surprisingly, this assessment has been entirely correct. It remains to be seen what impact the 2020 threats assessment has, or will have, on Canadian organizations and their security postures. Based on conversations I’ve had over the past few months the results are not inspiring and the threat assessment has generally been less effective than hoped in driving change in Canada.

As discussed by Steven Bellovin, part of the broader challenge for the security community in preparing for MSP operations has been that defenders are routinely behind the times; operators modify what and who their campaigns will target and defenders are forced to scramble to catch up. He specifically, and depressingly, recognizes that, “…when it comes to target selection, the attackers have outmaneuvered defenders for almost 30 years.”

These failures are that much more noteworthy given that the United States has trumpeted for years that the NSA will ‘defend forward‘ to identify and hunt threats, and respond to them before they reach ‘American cybershores’.2 The seemingly now routine targeting of both system update mechanisms as well as vendors which provide security or operational controls for wide swathes of organizations demonstrates that things are going to get a lot worse before they’re likely to improve.

A course correction could follow from Western nations developing effective and meaningful cyber-deterrence processes that encourage nations such as Russia, China, Iran, and North Korea to punish computer operators who are behind some of the worst kinds of operations that have emerged in public view. However, this would in part require the American government (and its allies) to actually figure out how they can deter adversaries. It’s been 12 years or so, and counting, and it’s not apparent that any American administration has figured out how to implement a deterrence regime that exceeds issuing toothless threats. The same goes for most of their allies.

Absent an actual deterrence response, such as one which takes action in sovereign states that host malicious operators, Western nations have slowly joined together to issue group attributions of foreign operations. They’ve also come together to recognize certain classes of cyber operations as particularly problematic, including ransomware. Must nations build this shared capacity, first, before they can actually undertake deterrence activities? Should that be the case then it would strongly underscore the need to develop shared norms in advance of sovereign states exercising their latent capacities in cyber and other domains and lend credence to the importance of the Tallinn manual process . If, however, this capacity is built and nothing is still undertaken to deter, then what will the capacity actually be worth? While this is a fascinating scholarly exercise–it’s basically an opportunity to test competing scholarly hypotheses–it’s one that has significant real-world consequences and the danger is that once we recognize which hypothesis is correct, years of time and effort could have been wasted for little apparent gain.

What’s worse is that this even is a scholarly exercise. Given that more than a decade has passed, and that ‘cyber’ is not truly new anymore, why must hypotheses be spun instead of states having developed sufficient capacity to deter? Where are Western states’ muscles after so much time working this problem?


  1. As a point of order, when is an act of ransomware an attack versus an operation? ↩︎
  2. I just made that one up. No, I’m not proud of it. ↩︎
Link

Which States Most Require ‘Democratic Support’?

Roland Paris and Jennifer Walsh have an excellent, and thought-provoking, column in the Globe and Mail where they argue that Western democracies need to adopt a ‘democratic support’ agenda. Such an agenda has multiple points comprising:

  1. States getting their own democratic houses in order;
  2. States defending themselves and other democracies against authoritarian states’ attempts to disrupt democracies or coerce residents of democracies;
  3. States assisting other democracies which are at risk of slipping toward authoritarianism.

In principle, each of these points make sense and can interoperate with one another. The vision is not to inject democracy into states but, instead, to protect existing systems and demonstrate their utility as a way of weaning nations towards adopting and establishing democratic institutions. The authors also assert that countries like Canada should learn from non-Western democracies, such as Korea or Taiwan, to appreciate how they have maintained their institutions in the face of the pandemic as a way to showcase how ‘peer nations’ also implement democratic norms and principles.

While I agree with the positions the authors suggest, far towards the end of the article they delicately slip in what is the biggest challenge to any such agenda. Namely, they write:

Time is short for Canada to articulate its vision for democracy support. The countdown to the 2024 U.S. presidential election is already under way, and no one can predict its outcome. Meanwhile, two of Canada’s closest democratic partners in Europe, Germany and France, may soon turn inward, preoccupied by pivotal national elections that will feature their own brands of populist politics.1

In warning that the United States may be an unreliable promoter of democracy (and, by extension, human rights and international rules and order which have backstopped Western-dominated world governance for the past 50 years) the authors reveal the real threat. What does it mean when the United States is regarded as likely to become more deeply mired in internecine ideological conflicts that absorbs its own attention, limits its productive global engagements, and is used by competitor and authoritarian nations to warn of the consequences of “American-style” democracy?

I raise these questions because if the authors’ concerns are fair (and I think they are) then any democracy support agenda may need to proceed with the presumption that the USA may be a wavering or episodic partner in associated activities. To some extent, assuming this position would speak more broadly to a recognition that the great power has significantly fallen. To even take this as possible–to the extent that contingency planning is needed to address potential episodic American commitment to the agenda of buttressing democracies–should make clear that the American wavering is the key issue: in a world where the USA is regarded as unreliable, what does this mean for other democracies and how they support fellow democratic states? Do countries, such as Canada and others with high rule-of-law democratic governments, focus first and foremost on ‘supporting’ US democracy? And, if so, what does this entail? How do you support a flailing and (arguably) failing global hegemon?

I don’t pretend to have the answers. But it seems that when we talk about supporting democracies, and can’t rely on the USA to show up in five years, then the metaphorical fire isn’t approaching our house but a chunk of the house is on fire. And that has to absolutely be our first concern: can we put out the fire and save the house, or do we need to retreat with our children and most precious objects and relocate? And, if we must retreat…to where do we retreat?


  1. Emphasis not in original. ↩︎
Link

The Answer to Why Twitter Influences Canadian Politics

Elizabeth Dubois has a great episode of Wonks and War Rooms where she interviews Etienne Rainville of The Boys in Short Pants podcast, former Hill staffer, and government relations expert. They unpack how government staffers collect information, process it, and identify experts.

Broadly, the episode focuses on how the absence of significant policy expertise in government and political parties means that social media—and Twitter in particular—can play an outsized role in influencing government, and why that’s the case.

While the discussion isn’t necessarily revelatory to anyone who has dealt with some elements of government of Canada, and especially MPs and their younger staffers, it’s a good and tight conversation that could be useful for students of Canadian politics, and also helpfully distinguishes of of the differences between Canadian and American political cultures. I found the forthrightness of the conversation and the honesty of how government operates was particularly useful in clarifying why Twitter is, indeed, a place for experts in Canada to spend time if they want to be policy relevant.

Overclassification and Its Impacts

Photo by Wiredsmart on Pexels.com

Jason Healey and Robert Jervis have a thought provoking piece over at the Modern War Institute at West Point. The crux of the argument is that, as a result of overclassification, it’s challenging if not impossible for policymakers or members of the public (to say nothing of individual analysts in the intelligence community or legislators) to truly understand the nature of contemporary cyberconflict. While there’s a great deal written about how Western organizations have been targeted by foreign operators, and how Western governments have been detrimentally affected by foreign operations, there is considerably less written about the effects of Western governments’ own operations towards foreign states because those operations are classified.

To put it another way, there’s no real way of understanding the cause and effect of operations, insofar as it’s not apparent why foreign operators are behaving as they are in what may be reaction to Western cyber operations or perceptions of Western cyber operations. The kinds of communiques provided by American intelligence officials, while somewhat helpful, also tend to obscure as much as they reveal (on good days). Healey and Jervis write:

General Nakasone and others are on solid ground when highlighting the many activities the United States does not conduct, like “stealing intellectual property” for commercial profit or disrupting the Olympic opening ceremonies. There is no moral equivalent between the most aggressive US cyber operations like Stuxnet and shutting down civilian electrical power in wintertime Ukraine or hacking a French television station and trying to pin the blame on Islamic State terrorists. But it clouds any case that the United States is the victim here to include such valid complaints alongside actions the United States does engage in, like geopolitical espionage. The concern of course is a growing positive feedback loop, with each side pursuing a more aggressive posture to impose costs after each fresh new insult by others, a posture that tempts adversaries to respond with their own, even more aggressive posture.

Making things worse, the researchers and academics who are ostensibly charged with better understanding and unpacking what Western intelligence agencies are up to sometimes decline to fulfill their mandate. The reasons are not surprising: engaging in such revelations threaten possible career prospects, endanger the very publication of the research in question, or risk cutting off access to interview subjects in the future. Healey and Jervis focus on the bizarre logics of working and researching the intelligence community in the United States, saying (with emphasis added):

Think-tank staff and academic researchers in the United States often shy away from such material (with exceptions like Ben Buchanan) so as not to hamper their chances of a future security clearance. Even as senior researchers, we were careful not to directly quote NSA’s classified assessment of Iran, but rather paraphrased a derivative article.

A student, working in the Department of Defense, was not so lucky, telling us that to get through the department’s pre-publication review, their thesis would skip US offensive operations and instead focus on defense.

Such examples highlight the distorting effects of censorship or overclassification: authors are incentivized to avoid what patrons want ignored and emphasize what patrons want highlighted or what already exists in the public domain. In paper after paper over the decades, new historical truths are cumulatively established in line with patrons’ preferences because they control the flow and release of information.

What are the implications as written by Healey and Jervis? In intelligence communities the size of the United States’, information gets lost or not passed to whomever it ideally should be presented to. Overclassification also means that policy makers and legislators who aren’t deeply ‘in the know’ will likely engage in decisions based on half-founded facts, at best. In countries such as Canada, where parliamentary committees cannot access classified information, they will almost certainly be confined to working off of rumour, academic reports, government reports that are unclassified, media accounts that divulge secrets or gossip, and the words spoken by the heads of security and intelligence agencies. None of this is ideal for controlling these powerful organizations, and the selective presentation of what Western agencies are up to actually risks compounding broader social ills.

Legislative Ignorance and Law

One of the results of overclassification is that legislators, in particular, become ill-suited to actually understanding national security legislation that is presented before them. It means that members of the intelligence and national security communities can call for powers and members of parliament are largely prevented from asking particularly insightful questions, or truly appreciate the implications of the powers that are being asked for.

Indeed, in the Canadian context it’s not uncommon for parliamentarians to have debated a national security bill in committee for months and, when asked later about elements of the bill, they admit that they never really understood it in the first place. The same is true for Ministers who have, subsequently, signed off on broad classes of operations that have been authorized by said legislation.

Part of that lack of understanding is the absence of examples of how powers have been used in the past, and how they might be used in the future; when engaging with this material entirely in the abstract, it can be tough to grasp the likely or possible implications of any legislation or authorization that is at hand. This is doubly true in situations where new legislation or Ministerial authorization will permit secretive behaviour, often using secretive technologies, to accomplish equally secretive objectives.

Beyond potentially bad legislative debates leading to poorly understood legislation being passed into law and Ministers consenting to operations they don’t understand, what else may follow from overclassification?

Nationalism, Miscalculated Responses, and Racism

To begin with, it creates a situation where ‘we’ in the West are being attacked by ‘them’ in Russia, Iran, China, North Korea, or other distant lands. I think this is problematic because it casts Western nations, and especially those in the Five Eyes, as innocent victims in the broader world of cyber conflict. Of course, individuals with expertise in this space will scoff at the idea–we all know that ‘our side’ is up to tricks and operations as well!–but for the general public or legislators, that doesn’t get communicated using similarly robust or illustrative examples. The result is that the operations of competitor nations can be cast as acts of ‘cyberwar’ without any appreciation that those actions may, in fact, be commensurate with the operations that Five Eyes nations have themselves launched. In creating an Us versus Them, and casting the Five Eyes and West more broadly as victims, a kind of nationalism can be incited where ‘They’ are threats whereas ‘We’ are innocents. In a highly complex and integrated world, these kinds of sharp and inaccurate concepts can fuel hate and socially divisive attitudes, activities, and policies.

At the same time, nations may perceive themselves to be targeted by Five Eyes nations, and deduce effects to Five Eyes operations even when that isn’t the case. When a set of perimeter logs show something strange, or when computers are affected by ransomware or wiperware, or another kind of security event takes place, these less resourced nations may simply assume that they’re being targeted by a Five Eyes operation. The result is that foreign government may both drum up nationalist concerns about ‘the West’ or ‘the Five Eyes’ while simultaneously queuing up their own operations to respond to what may, in fact, have been an activity that was totally divorced from the Five Eyes.

I also worry that the overclassification problem can lead to statements in Western media that demonizes broad swathes of the world as dangerous or bad, or threatening for reasons that are entirely unapparent because Western activities are suppressed from public commentary. Such statements arise with regular frequency, where China is attributed to this or to that, or when Russia or Middle Eastern countries are blamed for the most recent ill on the Internet.

The effect of such statements can be to incite differential degrees of racism. When mainstream newspapers, as an example, constantly beat the drum that the Chinese government (and, by extension, Chinese people) are threats to the stability and development of national economies or world stability, over time this has the effect of teaching people that China’s government and citizens alike are dangerous. Moreover, without information about Western activities, the operations conducted by foreign agencies can be read out of context with the effect that people of certain ethnicities are regarded as inherently suspicious or sneaky as compared to those (principally white) persons who occupy the West. While I would never claim that the overclassification of Western intelligence operations are the root cause of racism in societies I do believe that overclassification can fuel misinformation about the scope of geopolitics and Western intelligence gathering operations, with the consequence of facilitating certain subsequent racist attitudes.

Solutions

A colleague of mine has, in the past, given presentations and taught small courses in some of Canada’s intelligence community. This colleague lacks any access to classified materials and his classes focus on how much high quality information is publicly available when you know how and where to look for it, and how to analyze it. Students are apparently regularly shocked: they have access to the classified materials, but their understandings of the given issues are routinely more myopic and less robust. However, because they have access to classified material they tend to focus as much, or more, on it because the secretive nature of the material makes it ‘special’.

This is not a unique issue and, in fact, has been raised in the academic literature. When someone has access to special or secret knowledge they are often inclined to focus in on that material, on the assumption that it will provide insights in excess of what are available in open source. Sometimes that’s true, but oftentimes less so. And this ‘less so’ becomes especially problematic when operating in an era where governments tend to classify a great deal of material simply because the default is to assume that anything could potentially be revelatory to an agency’s operations. In this kind of era, overvaluing classified materials can lead to less insightful understandings of the issues of the day while simultaneously not appreciating that much of what is classified, and thus cast as ‘special’, really doesn’t provide much of an edge when engaging in analysis.

The solution is not to declassify all materials but, instead, to adopt far more aggressive declassification processes. This could, as just an example, entail tying declassification in some way to organizations’ budgets, such that if they fail to declassify materials their budgets are forced to be realigned in subsequent quarters or years until they make up from the prior year(s)’ shortfalls. Extending the powers of Information Commissioners, which are tasked with forcing government institutions to publish documents when they are requested by members of the public or parliamentarians (preferably subject to a more limited set of exemptions than exist today) might help. And having review agencies which can unpack higher-level workings of intelligence community organizations can also help.

Ultimately, we need to appreciate that national security and intelligence organizations do not exist in a bubble, but that their mandates mean that the externalized problems linked with overclassification are typically not seen as issues that these organizations, themselves, need to solve. Nor, in many cases, will they want to solve them: it can be very handy to keep legislators in the dark and then ask for more powers, all while raising the spectre of the Other and concealing the organizations’ own activities.

We do need security and intelligence organizations, but as they stand today their tendency towards overclassification runs the risk of compounding a range of deleterious conditions. At least one way of ameliorating those conditions almost certainly includes reducing the amount of material that these agencies currently classify as secret and thus kept from public eye. On this point, I firmly agree with Healey and Jervis.

Link

A Clubhouse for Whom?

(Photo by Stephen Crowley on Unsplash)

Mark Stenberg has a good assessment of the challenges facing Clubhouse, the newest ‘hot’ social media app that involves individuals having audio discussions in real-time with one another in rooms that are created on the platform. He suspects that Clubhouse may work best in quarantine:

A glimpse of Instagram brings a fleeting burst of serotonin, but a second’s worth of Clubhouse is meaningless. Will you then, at night, leave your family in the other room so you can pop your headphones in and listen to strangers swapping their valuable thoughts on the news of the day?

When commutes and daily life return, people will once again have a few parceled-off periods of the day in which they can listen to audio entertainment. If there are no good Clubhouse conversations at those exact times, the app is far less valuable than a podcast platform or music-streaming service. The very characteristic that makes it so appealing — its real-time nature — will make it challenging for listeners to fold it into their lives when reality returns.

Whether a real-time app that depends on relative quiet and available time, and which is unsuitable for multitasking, survives in its current form as people emerge from their relative isolation will be interesting to measure in real-time once vaccines are widely spread throughout society. But, equally interesting (to my mind) are the assumptions baked into that very question: why not just ask people (e.g., essential workers) who continue to commute en mass and inquire about whether they are, or will be, using Clubhouse? Why not ask those who do not have particularly fungible or quiet lives at the moment (e.g., parents who are homeschooling younger children while working their day jobs) whether the app is compelling during quarantine periods?

To put it another way, the very framing of Clubhouse presupposes a number of affordances that really mostly pertain to a subset of relatively privileged members of society. It’s lovely that some tech workers, who work from home, and journalists who have similar lifestyles are interested in the app. But that doesn’t mean that it’ll broadly interest people, just as most people are dismissive of text-based social media applications (e.g., Twitter) and even visual-based apps (e.g., Instagram).

But, at the same time, this may not matter. If the founders are aiming for growing and sustaining the existing platform and not for the typical Silicon Valley viral growth, then their presently suggested modes of deriving profits might work. Specifically, current proposals include, “tipping, subscriptions, and ticketing” which, if adopted, could mean this is a social networking platform that doesn’t rely on the normal advertising or data brokerage models which have been adopted by most social media platforms and companies.

Will any of this work? Who knows. Most social media companies are here today, gone tomorrow, and I bet that Clubhouse is probably in that category. But, at the same time, it’s worth thinking through who these kinds of apps are designed for so that we can appreciate the politics, privilege, and power which are imbued into the technologies which surround us and the ways that we talk about those technologies.

Link

CANZUK as a failure of middle power imagination

From Open Canada, we see why CANZUK is a failure of middle power imagination:

The answer for Haass (as it is for Judah) is leadership. But middle power leadership is not the same as great power leadership. Middle power leadership cannot trade in vague (if lofty) ambitions or general concepts. To be effective, middle powers must be focused, detail-orientated and technically proficient. This was the approach Canada used to lead on peacekeeping, organizing the Montreal Protocol on ozone-depleting chemicals, the Ottawa Convention on anti-personnel landmines and the Responsibly to Protect. All of these were clear-eyed, focused attempts to improve the international system. By leveraging their technical acumen and accumulated diplomatic capital, Canada and other middle powers got things done. These successes built international reputations and skills that could then be applied to parochial state interests. CANZUK’s supporters do not have this focus. Instead, facing complex problems, they offer vague gestures to shared liberal values.

This is probably the most direct explanation of why middle powers, as often considered amongst the Anglosphere, are routinely unable to actually achieve their goals or stated objectives. Dangerously, states and their foreign ministers may enter into arrangements in the hopes that doing so will re-create a past golden age only to realize, years later, that looking backwards has caused their respective nations to further fail to take hold of their individual and collective futures in the world stage.

While building alliances and tightening friendships can be helpful, they must be accompanied with clear and specific areas of policy coordination. Doing anything else will not enable middle powers to exert substantial power on the world stage.

Link

Russia, China, the USA and the Geopolitical and National Security Implications of Climate Change

Lustgarden, writing for the New York Times, has probably the best piece on the national security and geopolitical implications of climate change that I’ve recently come across. The assessment for the USA is not good:

… in the long term, agriculture presents perhaps the most significant illustration of how a warming world might erode America’s position. Right now the U.S. agricultural industry serves as a significant, if low-key, instrument of leverage in America’s own foreign affairs. The U.S. provides roughly a third of soy traded globally, nearly 40 percent of corn and 13 percent of wheat. By recent count, American staple crops are shipped to 174 countries, and democratic influence and power comes with them, all by design. And yet climate data analyzed for this project suggest that the U.S. farming industry is in danger. Crop yields from Texas north to Nebraska could fall by up to 90 percent by as soon as 2040 as the ideal growing region slips toward the Dakotas and the Canadian border. And unlike in Russia or Canada, that border hinders the U.S.’s ability to shift north along with the optimal conditions.

Now, the advantages faced by Canada might be eroded by a militant America, and those of Russia similarly threatened by a belligerent and desperate China (and desperate Southeast Asia more generally). Regardless, food and arable land are generally likely to determine which countries take the longest to most suffer from climate change. Though, in the end, it’s almost a forgone conclusion that we are all ultimately going to suffer horribly for the errors of our ways.

Link

Links for December 7-11, 2020

Links for December 7-11, 2020

  • Frustrating the state: Surveillance, public health, and the role of civil society || “…surveillance in times of crisis poses another threat. By granting states unfettered power through emergency orders, data collected through digital surveillance could be shared across agencies and used for purposes beyond the original intention of fighting COVID-19. In states where democratic backsliding has been underway, surveillance could be used to deter dissent and silence government critics. According to Verisk Maplecroft, a risk consultancy firm, Asia is now the highest risk region in both their “Right to Privacy” and “Freedom of Opinion and Expression” indices as “strongmen” in Asia capitalize on the pandemic.” // Surveillance is, almost by its nature, inequitable and the potential harms linked with pandemic surveillance are neither novel nor unforeseeable.
  • Rebecca Solnit: On not meeting nazis halfway || “… the truth is not some compromise halfway between the truth and the lie, the fact and the delusion, the scientists and the propagandists. And the ethical is not halfway between white supremacists and human rights activists, rapists and feminists, synagogue massacrists and Jews, xenophobes and immigrants, delusional transphobes and trans people. Who the hell wants unity with Nazis until and unless they stop being Nazis?”
  • Instagram’s latest middle finger || “…Instagram is now nearly completely unrecognizable from the app that I fell in love with. The feed of images is still key, but with posting now shoved into a corner, how long until that feed becomes a secondary part of the service?” // Cannot agree more.
  • The Epicenter // The storytelling for this piece on the experiences of the Covid-19 outbreak is poorer areas of New York by the NYT is simultaneously beautiful and heartbreaking.
  • Poor security at online proctoring company may have put student data at risk || “Kumar, CEO of Proctortrack’s parent company Verificient, says students have “valid concerns” and that he sympathizes with their discomfort. Proctoring software is “intrusive by nature” he says, but “if there’s no proctoring solution, institutions will have to totally change how they provide exams. Often you can’t do that given the time and limitations we have.”” // Justifying producing a gross product on the basis that if you didn’t other organizations would have to behave more ethically is a very curious, and weird, way of defending your company’s very existence.
  • China rethinking its role || “China’s use of war memory to shape its international position has been much less effective overseas than it has at home. However, the significance of its efforts is real, and may become more effective over time. China wants to create a global narrative around itself which shares a common understanding of the modern world – the idea that 1945 is the beginning of the current order – but places China at the heart of the creation and management of that order. The narrative had more power during an era when the US, anomalously, had a leader who cared little for the order shaped by America in Asia since 1945. Now that a president with a more long-range view of the role of the United States is about to take office, we may see something different again: two differing versions of what 1945 meant in Asia, as defined by Beijing and Washington – and the competition for moral standing that comes from the embrace of that legacy.” // This is a fascinating recounting of how China is re-interpreting activities undertaken by Nationalist forces during World War Two, today, to justify its efforts to be more assertive in the international order today. Like so much in China, understanding how narratives are built and their domestic and foreign rationales and perceived utility is critical to appreciate the country’s foreign policy ambitions, and those ambitions’ potentials and limitations.

Links for November 16-20, 2020

  • The future of U.S. Foreign intelligence surveillance. “Despite President Trump’s many tweets about wiretapping, his administration failed to support meaningful reforms to traditional FISA, Section 702, and EO 12333. Meanwhile, the U.S. government’s foreign intelligence apparatus has continued to expand, violating Americans’ constitutional rights and threatening a $7.1 trillion transatlantic economic relationship. Given the stakes, the next President and Congress must prioritize surveillance reform in 2021.” // I can’t imagine an American administration passing even a small number of the proposed legislative updates suggested in this article. Still, it is helpful to reflect on why such measures should be passed to protect global citizens’ rights and, more broadly, why they almost certainly will not be passed into law.
  • Why Obama fears for our democracy. “But more than anything, I wanted this book to be a way in which people could better understand the world of politics and foreign policy, worlds that feel opaque and inaccessible. Part of my goal is describing quirks and people’s family backgrounds, just to remind people that these are humans and you can understand them and make judgments.” // The whole interview is a good read, and may signal some of the pressures on tech policy the incoming administration may face from their own former leader, but more than anything I think that Obama’s relentless effort to contextualize, socialize, and humanize politics speaks to the underlying ethos he took with him into office. And, more than that, it showcases that he truly is hopeful in an almost Kantian sense; throughout the interview I couldn’t help but feel I was reading someone who had been deeply touched by “Perpetual Peace” amongst other essays in Kant’s Political Writings.
  • Ralfy’s world – whisky magazine. “At a time when the debate over new and old media is raging full on, and questions are asked about integrity and independence, Ralfy is just getting on with it – blogging randomly in the true spirit of the medium and making do it yourself recordings about whiskies he has tasted. Or to put it in his words: “My malt mission over the last two years has been a website called ralfy.com for all things whisky, so long as it’s unorthodox, marketing-light, informative, independent, educational …and entertaining.” // I’ve learned, and continue to learn, a lot from Ralfy’s YouTube channel. But I have to admit it’s more than a bit uncomfortable figuring out the ethics of watching videos from a guy who has inaccurate understandings of vaccines and the pandemics alike. His knowledge of whiskey is on the whole excellent. His knowledge of epidemiology and immunology…let’s just say less so.

The Roundup for November 1-30, 2019 Edition

(Hero Pose by Christopher Parsons)

Welcome to this edition of The Roundup! Enjoy the collection of interesting, informative, and entertaining links. Brew a fresh cup of coffee or grab yourself a drink, find a comfortable place, and relax.


For the past many years, each month has come with a set of recurring expenses: reducing the debts of various kinds that were incurred as a result of pursuing my education (and current career). These debts have been a millstone hanging from my neck and, at different times, were the first and last things I thought of each and every morning. They’ve cost me dearly both in terms of finances, in terms of lost opportunities, and in terms of personal loses and sacrifices. They have also formed a core element of my ‘financial identity’ for many years and, with their payment, I’m left struggling to determine what that identity should ‘be’ going into the future. Is my future to (probably without effect) save for a down payment on a property (this is functionally impossible in the city in which I live) or save for retirement (in the hopes that’s even possible) or something else entirely? I don’t know what that identity becomes but I am curious, trepidatious, and somewhat excited to see what the future may hold.


Inspiring Quotation

“Being a strong man includes being kind. There’s nothing weak about being honorable and treating others with respect.”

  • Barack Obama

Great Photography Shots

I found Tom Hegen’s shots to be really eerie this month. He has a series of photos that capture Holland’s LED greenhouses, which I find to be incredibly dystopic. Our future as a species: growing our foods indoors because we have so damaged the natural environment that this is all that’s left for us.

Music I’m Digging

  • Gang Starr-One of the Best Yet // Created using bits and pieces of music that survived from Premier’s death (and acquired following considerable legal contestations), the songs are not all equal. But this by-and-large sounds like a definitive Gang Starr album and it’ll be last we likely ever received.
  • Beck-Hyperspace // Beck’s most recent album is, like most, a partial re-invention of what he is and sounds like. In many respects it’s almost like there’s an element of the Chemical Brothers throughout the tracks, in tandem with Beck’s typical lyrical talents. Well worth the listen.
  • Leonard Cohen-Thanks for the Dance // If you like Cohen’s albums as he aged—namely, as he shifted more to spoken word accompanied with instrumentals—then you’re in for a (last) treat from one of Montreal’s best. The tracks are lyrically held together by Cohen’s sexual interests in the last days of his life, and the emphasis on what he wanted and which was forever slightly beyond him.
  • DJ Shadow-Our Pathetic Age // This is really a two-‘disc’ album, with the first predominantly instrumentals and the second more typical DJ Shadow fare. I’m not the biggest fan of the former, whereas the latter is absolutely amazing. The range of classic hip hop talent on the tracks, combined with Shadow’s beats, are absolutely to die for.

Neat Podcast Episodes

  • TVO—Why Conservatives and Liberals Think Differently // Research showcases that there are differences between the tendencies in how persons of different political persuasions think, and not at the level of who they support politically but in how they interpret risk, friendship preferences and more. The guests are clear that some liberals hold some conservative values and vice versa, but nonetheless it’s interesting to have research actually showcasing that some differences are very real and may not be solved by just talking through things.
  • The Current—Ambassador Susan Rice // Rice was comparatively hawkish as compared to Obama, yet showcases how advisors can disagree with their President and still acknowledge that the finals decisions were competent and reflective of different policy preferences. Notably, Rice joins the chorus of senior current and former American national security staff who warn that Canada choosing to permit Huawei into 5G networks will threaten Canada’s ongoing welcome into the Five Eyes intelligence sharing alliance.

Good Reads

  • Climate Change Is Breaking Open America’s Nuclear Tomb // The Marshall Island, where the USA conducted a vast number of nuclear tests in the 40s and 50s, is threatening to spill contained radioactive contaminants into the Pacific Ocean. Not only is the US government not doing anything to mitigate these risks, but also have only provided $4 million of the $2 billion owed to the Marshall Islands in damages for the government’s experiments. The costs of nuclear conflict, even in the absence of a shooting war, are born very unequally by persons around the world.
  • China’s Internet Is Flowering // Reporting for the New York Times Magazine, Yiren Lu explores just how the Chinese Internet is growing and its implications for Internet developments and culture in the Western world. Key to all of this is, in effect, the mass adoption of WeChat and WeChat Pay by customers and businesses alike. Something that is raised repeatedly in the article is how the business developments in China are linked to at least two key features, only one of which is truly shared by Western regulators. First, there was generally a forbearance on interfering with Internet companies and, as such, WeChat grew to provide a comprehensive platform and accompanying set of services. Second, and unlike in the West, the government has itself sought to encourage the development of e-commerce on WeChat itself. Looking to North America, we can see that efforts by Facebook to develop similarly integrated services are being stymied and, thus, raises the question of whether is is truly possible to integrate the lessons from WeChat into a Western experience.
  • It’s so much more than cooking // I’ve not previously contemplated that cooking is more than preparing the food at hand but, also, the mental labour that precedes the act of cooking: the planning, evaluation of nutrient quotas, shopping, etc. It’s a good and very fair point. And while I agree that women do tend to be engaged in more of the cooking responsibilities than men, at least when in relationships, I do wonder what the shift in demographics in countries like Canada will do for this: given that more people live alone than ever before, will this result in more men cooking than women? And a shift in the equality of shared household tasks?
  • Inside Facebook’s efforts to stop revenge porn before it spreads // While I’m sure this is meant to be a ‘good news’ Facebook story about how they’re trying to combat revenge porn that isn’t the message I take away from actually reading the article. Instead, I get something like: “We tried something to address revenge porn, without consulting anyone, and that didn’t work. Then we had an utterly innovative idea to actually do research to understand the problem. And while we’ve been told that what we’re doing won’t work, and can’t work, and that we need to hire staff to deal with this, that’s not economically feasible so Facebook is instead mostly ignoring that critique and will be relying on a really small product team to solve a problem for which there are no clear solutions. And doing it with machine learning.”
  • A Montreal Bagel War Unites Rival Kings // While the question of whether to restrict how Montreal bagel shops can make their bagels is relatively well known to Montrealers, I suspect this is the first time that the international audience has been exposed to the debate over whether bagel shops should be permitted to continue releasing the particulate from their ovens into the surrounding neighbourhoods. To my mind, it makes sense to require filters and/or systems that capture the particulate smoke elements that are aggravating health issues such as asthma. But, similarly, asserting that the bagel shops should ‘go green’ and get rid of wood burning would fundamentally transform how the Montreal bagel tastes and most likely not for the better.
  • The surveillance industry is assisting state suppression. It must be stopped // This call to regulate the commercial spyware industry, by the UN Special Rapporteur on Freedom of Expression, is a poignant and direct assessment of the harms that this industry inflicts on those whom democracies ought to be protecting. I emphatically agree that our governments are failing to protect those who advocate for, and defend, human rights and the rule of law abroad. Western governments can at least start by preventing businesses in their own backyard from facilitating and enabling such oppression and illegitimate prosecution.
  • Tinder Lets Known Sex Offenders Use the App. It’s Not the Only One. // Deliberately failing to protect women across all of Match’s platforms demonstrates a shocking degree of moral turpitude that is underscored by deliberate policy failures in the company. All bad people can’t be stopped from using the apps but surely Match can work to ensure that the meagre protections is has in place on some of its apps are deployed across them all.
  • 7 Rules for Shooting More Interesting Travel Photos // I really appreciate how accessible these ‘rules’ are, and how easy they would be to implement. It also explains how to take some shots—using props—that I’ve been trying to visually figure out for a few months, which nicely explains the magic tricks taken in some of the photos I’ve been reviewing!

Cool Things

  • I am “A Too Much” Woman // Reading this bit of spoken word and all I could think was how well it captured the amazing, powerful, smart, brilliant women I have the privilege to be around, learn from, and stand in awe of.