China and its Discontents

I can’t believe I missed this major story earlier this month: “hacktivists” attacked Saudi Aramco’s 30,000 computer-network. What is surprising is the method–instead of the standard Denial of Service attack (DoS), they managed to introduce malware onto Aramco systems. Even more interestingly, however, was the statement released by the purported originators of the attack, “Cutting Sword of Justice”:

It said the company was the main source of income for the Saudi government, which it blamed for “crimes and atrocities” in several countries, including Syria and Bahrain. Saudi Arabia sent troops into Bahrain last year to back the gulf state’s Sunni Muslim rulers against Shiite-led protesters. Riyadh is also supporting Sunni rebels against the Syrian government of President Bashar al-Assad.

The group blames Saudi Arabia for interfering in Bahrain and Syria. In a basic geopolitical analysis of the Middle East, who would be the only player angry at Saudi Arabia for those interventions? Iran and its client terrorist network, Hezbollah. They are the only actors who have something to lose when the Sunni monarchists in Bahrain hang onto power or if Bashar al-Assad falls from power.

Furthermore, Jeffrey Carr gave a stunning explanation at InfoSec Island on why it’s not only plausible but likely Hezbollah and the Iranians were behind the attack: the malware used in the Saudi Aramco attack, Shamoon, is likely a reverse engineering of the Wiper virus which hit the Iranian oil ministry in April. Only Iran and its attackers (likely Israel or the U.S.) had access to the Wiper Virus. In addition, Hezbollah reportedly has covert members embedded in Aramco as employees who could carry out such an attack. Finally, Carr notes, the Iranians have more obvious motives than revenge or religion as cited in the public “hacktivist” statements–Saudi Arabia supported the recent US-EU oil embargos on Iran and replaced oil imports from Iran with others.

This is a disturbing trend, and inevitable since U.S. and Israeli-sponsored cyberattacks on Iran came to light. Cyberattacks will continue to escalate among Iran, Russia, China, the West, Western allies, and unaffiliated groups, untouched by any sort of international legal regulatory framework. Such activity will become, and probably already is, the normal state of affairs. Given this situation, it is impossible to predict when a cyberattack will result in an “overt,” conventional military response, as one almost certainly will in the future. This is one of the biggest strategic uncertainties facing the future–and unfortunately, it doesn’t look like any actor wants to or can fix it.

UPDATE: Qatar’s RasGas has also just been a victim of cyberattack. It’s unclear at this point if any group has taken responsibility, or if it was the same virus. My bet is that Iran and/or Hezbollah are also responsible.

UPDATE 2: The Wall Street Journal confirms that the virus used in the RasGas cyberattack was also Shamoon.

The library has just published responses to a summary of the questions asked during the “14 Days” comment period back in February. I find many of the answers inadequate.

Question after question, the library and computing center staff writing the responses don’t directly address the question, and offer annoyingly vague and unhelpful answers that can never lead to a successful resolution. What do I mean by this? The answers either restate the current policy of the library, or say ‘our hands are tied,’ or ‘we’ll consider this in the future.’ The Trinity community cannot hold the library responsible to these answers – there’s no metric by which we can evaluate success, and thus, no success is likely to be achieved. Let’s take a look at some of the questions and answers:

• Switching Microsoft Exchange to Google Apps.
  • Computing Center Response: Many educational institutions have moved student e-mail services to Google, and we’ve been monitoring the success of these.  Although we have concerns associated with administration and security of data, Google continues to make upgrades and improvements that address many of these.  We are planning to re-evaluate the use of Google Apps for Trinity this coming fall.
  • My response: Who’s going to evaluate the switch? How are you going to evaluate the switch? Is there going to be any participation across the Trinity community? What exactly are your concerns? Google Apps for educational institutions is completely free. In the collegiate vicinity, Wesleyan and Connecticut College both use Google Apps. As I wrote in an SGA blog post recently, Google even released a tool to migrate all Microsoft Exchange information to Google Apps seamlessly. As has been pointed out before, the library (and the college) could save so much money by not paying licensing fees to Microsoft, server costs, and the additional labor costs of IT administration. This would be a boon for Trinity. Seriously, Google Apps would save us a boatload of money. Check out this website, designed to calculate the costs of Google Apps for businesses, to get an overestimate for the costs for non-profit Trinity.
• More printing dollars, printing too expensive, more printers around campus, system slow, printers jam.
  • Computing Center Response: We are currently evaluating all components of the printing system (printing hardware, print release stations, and print payment software) to determine if there are ways to make the printers more error-free and shorten the time to print. We do not expect to be able to allocate more funding for printing at this time, but we are working with the SGA to determine ways of keeping printing costs manageable while still providing the service.
  • My response: Again, what is the evaluation process? “We are working…” is a non-answer answer, since “keeping printing costs manageable” is meaningless if you cannot lower the costs. With the money you could save by switching to Google Apps, you could easily give every student unlimited printing and fix every problem associated with printing. We may decide against unlimited printing for environmental reasons, but you could at least increase it back to $25 again. This could eventually have a Google-centric solution too. Just this morning, I was reading about a new Google project to develop a cloud-based printing system, Google Cloud Print, in conjunction with Google’s new operating system, Chrome OS. The system works both with Chrome OS and other operating systems. While the project is still early in development, Google has released the code and documentation as open-source. With the fast pace of development of Google projects, this could eventually be used by Trinity.
• Open up entrances to the building, especially the long walk doors; find turnstile alternatives; too many non-Trinity guests at night.
  • Library Response: The current building entrances and access policies have been designed to protect 1) the students, staff, and faculty who work in and use the library, and 2) the equipment and collections contained within it. We are attempting to achieve a balance between allowing students the freedom to come and go when they please, and ensuring the safety and security of students and their belongings when they are in the building. At this time, we cannot open up any more entrances without sacrificing a degree of security, but as we plan for building improvements in the coming years, we will bear in mind the desire for easier access.
  • My response: I concede this is a difficult problem. But this post doesn’t identify the specific barriers to changing student access to the library. The Level B entrance is currently opened through an RFID scanner, as is the Level A entrance after library hours. Why can’t this system be implemented in the inner doors on the main quad? This system has costs, but I’ve already identified serious cost-savings which could also pay for this. And unlike other costs, this is a one-time expense. This potential entrance is not staffed as the Level A and B entrances are, but neither are the Level A and B entrances staffed at night. It’s less clear what the barriers are to opening up the glass doors around the main stairwell. There has not always been a turnstile at the main entrance – this was only added in the past few years. I do not have the answers to make the layout more efficient – but these issues must be explicated further, something not accomplished by this response.
• Enable rooms used for guest lectures (McCook, Washington room, etc.) easy video and audio recording and make recordings available online on the Trinity website or ITunes U (so they can be watched on an IPhone).
  • Library Response: Lectures cannot be taped without permissions from the lecturer, and there are many lectures and events that occur on campus every year. So, at this time we record lectures only upon request. To request that a lecture be taped, please contact Media Technology Services (http://www.trincoll.edu/Academics/AcademicResources/media/default.htm.) Recorded lectures will then be placed on a server for viewing as streaming video.
  • My response: What about iTunes U? This response makes no mention why we can’t do this. It is a great promotional tool, not only for taping lectures, but also for uploading all kinds of student creative output. Student music groups could (and do, at other colleges) upload music directly to iTunes U for distribution. Trinity could offer both a selection of videos from Trinity courses, and guest lectures. The requirement of a permission form is not a major impediment to this. Right now, students and professors have to be knowledgeable about and actively seek out this form and Media Technology Services. The use of the service and form could be advertised and made the default option for major lectures.
• Creation of a Trinity wiki?
  • Computing Center Response: Anyone with a Trinity login can create a personal wiki at http://personal.trincoll.edu. Once logged in, use Site Settings to allow others to edit and view your wiki. This wiki will be viewable only by people with Trinity College logins that you have given permission to access.
  • My response: A personal wiki defeats the purpose of a Trinity-wide wiki. I don’t want a wiki on personal.trincoll.edu/personal/wyale! I want a wiki on wiki.trincoll.edu! “Given permission to access?” The idea is that everyone is able to access it!

Not mentioned in any of the questions or responses was that Blackboard could potentially be eliminated through the switch to Google Apps also. This is a far more complicated transition because we currently run the administration of Bantam Bucks through the Blackboard Commerce system. The Blackboard website, however, could completely be substituted with Google Apps. I’m unfamiliar with Moodle and what role it could play in this transition.

This is a long post, I know, but I have only focused on a fraction of all of the comments submitted and responses received.

Sourced from: Trinity College Student Government Association » William Yale

According to the Boston Globe, it is a waste of our time and doesn’t do anything to improve security. Can someone please tell the Computing Center to stop asking us to change our passwords every few months or so?

Sourced from: Trinity College Student Government Association » William Yale

Something that caught my eye recently was this post over at one of the many Google blogs, outlining a new tool Google developed to migrate email, calendar, and contact data from Exchange to Google Apps. In the library’s recent 14 Days comment system, I left a note mentioning how I would like to see the college transition from an email system based around Microsoft Exchange to one based on Google Apps. This new tool seems like the perfect way to do that. Google Apps is free and I believe a superior product. The Computing Center ought to look immediately into making this transition, especially with all of the other cost-saving measures the Administration has enacted or is considering.

Sourced from: Trinity College Student Government Association » William Yale

Chris Anderson’s recent article in Wired on the benefits of abundance versus scarcity got me thinking. Can treating processing power as abundant, and thus opening up creativity, innovation, and success, be something that I can apply to political campaigns? The prime question is: what should be considered the abundant factor in campaigns? Voters?

Tech Is Too Cheap to Meter: It’s Time to Manage for Abundance, Not Scarcity

Campaigns often treat voters as rather expensive entities. Millions are spent on direct mail, prime-time advertisements, and even telemarketing tools. In low turnout primaries, some candidates end up spending upwards of a $100 on each actual voter. One need only look at the last candidate I put energy into, Terry McAuliffe, who spent $90 per voter for the June primary. With all that money spent, how did his opponent Creigh Deeds turn the tide? What if (to the campaigns at least) every vote “didn’t” count?

The most surprising implication in this statement is that campaigns don’t need to work for every vote. This should have already been bored into me. Countless times, I’ve been told to drop a long phone conversation, or to not answer every obscure policy wonk, or not spend an inordinate amount of my time at any one door. Quantity rather than depth is bred into every campaign worker’s mentality because voter’s won’t remember more than two minutes of a conversation anyway.

This philosophy is not, however, worked into the macro level. Although you as an individual will not talk to that voter again, the campaign certainly will; through mass media and thousands of other volunteers, scarce voters will be hawkishly guarded. In the McAuliffe campaign, telemarketing calls were the communication mode du jour. This technique, meant to amplify the abilities of volunteers, instead magnified the problem. The more voters heard about Terry over the phone, the less sure they were about their support. Towards the end, we dropped telling people about Terry at all, focusing solely on Deeds. People don’t remember much about your particular conversation, but they do remember how you and everyone’s uncle called their house ten times.

Terry’s campaign had two key parts backwards. They treated voters as scarce and public patience and goodwill as abundant. This passage from Anderson’s article on cell phone companies and voicemail storage mirrors this:

They managed the scarcity they could measure (storage) but neglected to manage a much more critical scarcity (customer goodwill). No wonder phone companies are second only to cable TV companies in “most hated” rankings.

They also gave the most attention to what should have gotten the least attention. At the individual level, it pays to spend more personal time with a voter (as explained later). At the macro level, it doesn’t pay to push more contacts (i.e., spend more of the campaign’s time) with every voter.

Imagine a hypothetical campaign in which more voter contact was not always the end goal. What, instead of micro-targeting, would seed the campaign’s message across a wide swath of abundant voters? The voter’s themselves! A campaign that relied on an abundance of voters to spread its message becomes a movement, which is why campaigns rarely qualify.

In a scarce-voter world-view, the priority of campaigns is control – dictate the message, work directly through mass media, and don’t deviate. In an abundant-voter world-view, supporters would carry their personalized and human voice of support organically to exponentially growing numbers of people. In abundant-voter campaigns, there is a degree of trust and empowerment transferred between the campaign and the average supporter. Rank and file volunteers are encouraged to voice their support in as many diverse ways as possible because ultimately, personal relationships carry aboard more supporters than going off-message loses voters. Abundant-voter campaigns use phone tools to ensure name recognition and minimal tracking numbers, but ultimately put the most faith in long-lasting, in-depth, personal contact with campaign workers and volunteers. This starts with canvassing, but is fully realized in one-on-one meetings, house parties, and non-campaign socialization (which can all still be tracked quite effectively for accountability purposes). I only need to remember one piece of advice to re-affirm this idea: ‘They’ll come in for Barack, but they stay because of you.’ Finally, abundant-voter campaigns use television, mass-media, and stump speeches to engage voters in the same way campaign workers do in person: by treating voters, on a policy level, as intellectually-equal to the most senior campaign strategists.

It’s hard to change the prevailing philosophy solely in favor of statistics and ever-increasing numbers of voter contacts. This view is cemented in the minds of campaign strategists. Obama’s campaign took the abundant-voter philosophy. Many columnists would argue that since Obama’s campaign did not catapult an issue lasting Obama, it does not count as a movement. I disagree. A generational shift in organizational thinking is coming, and not just in campaigns. A new group of Americans, and many more born after them, who are inspired to organize government, business, and non-profits with the abundant-philosophy of the Obama campaign will radically transform society. I only hope that the administration lives up to the promise of its campaign.