Cliff, reading `The Cuckoo's Egg` in the 90's when I was in my early teens was a watershed moment in my life. Set me up upon a path of discovery and fascination with technology of all kinds. Countless thanks!
Not the person you're asking, but the book is over 80 years old and one of the best selling books of all time. Not exactly the same, but it's like asking where they heard about the Bible. It's everywhere.
I've seen the Bible mentioned a couple times now. I'm curious, did you learn about it from watching the VidAngel original series The Chosen now streaming free from their app?
I am op (asked the question) and even though I don't agree with throwaway, I appreciate him having the time to respond (so I upvoted.earlier to try to offset the downvotes).
This is ridiculous. How is graying out a comment on Hacker News "holding to task" anyone?
The only result this achieves is telling these people with "reprehensible ideas" that they need to take their discussion elsewhere and avoid any communication with people who don't share their opinion.
I don't disagree, however... human beings can be lazy, short-sighted or take short-cuts. I wouldn't put it past someone to keep something where it shouldn't be, intentionally or by accident.
I don’t think you understand how difficult it would be to get classified information on your unclassified laptop and there isn’t a chance in hell you could do it by accident
You write an email that references something you read in a classified briefing?
Nancy Pelosi is part of the Gang of Eight - https://en.wikipedia.org/wiki/Gang_of_Eight_(intelligence) which is briefed on National Security matters by the Executive Branch (this is top secret, special forces operations style stuff).
That's actually how a lot of real-world classified data leak incidents happen. Either someone records a classified fact/detail on an unclassified system through carelessness or lack of caution, or compiles a set of facts that are (in aggregate) classified but individually unclassified.
The latter can be particularly pernicious as it's hard to know the aggregate classification. I may be able to say in separate contexts "The XF-42 is capable of exceeding 1200 nautical miles per hour" and "The XF-42 is capable of flying in excess of 60k feet" but placing the two facts together can actually be classified (in practice, usually more than two details).
This seems nonsensical -- why are the sum of the parts more classified than the individual?
If I put together a long list of facts about the XF-42, it's classified, but if I separate each item onto a different page and tell someone else how to recompile the information (eg page numbers), it's fine?
I can't imagine a scenario where this model makes sense -- ignoring absurdities like classifying basic facts (sky is blue) and words (help) due to cascading classification.
It seems to me the rule should be that of poisoning -- any information in a document with classification X poisons the rest of the document to the same classification; or rather, a document classification is the maximum of its children
My example probably wasn't the best as too much is already given away. It's more like this:
- We have a manned aircraft
- We have an aircraft that can travel above 60k feet
- We have an aircraft that can sustain or exceed Mach 8 (EDIT: strike this part as it connects two facts already: "at that altitude")
- We have an aircraft called the XF-42
- We have an aircraft based in Middle-Of-Nowhere, AZ
- We have 10 operational aircraft of some specific type
Any one (EDIT: or all) of those details may be unclassified, but as you start pairing them up classified information can be derived from it. Note that in this, somewhat better, example only one item identifies the aircraft (rather than my initial example in which both items identified it).
Publicly it may be known that an XF-42 exists, even where it's based, and that there are only 10. Publicly it may be known that an aircraft exists which is manned, travels above 60k feet and over Mach 8. But the two sets of data may not be joined in public because that would give more information than desired (in particular, that there are only 10 indicates a limit on the capability of the mystery superfast and high altitude aircraft).
EDIT: Regarding some of your other comments.
If I spread the information out and tell you how to reconstitute it so you can make a cohesive whole, I've just obfuscated the classified information which is the same as leaking it straight up.
Regarding "poisoning", this is how it's done. If you have a document with TS data, the document is TS even if it's a single line item surrounded by unclassified data.
Fact A and Fact B are unclassified for the XF-42. But combining Fact A and Fact B implies Fact C, which is classified. Separating each item on a different page wouldn't make the whole thing unclassified. It'd make the entire report classified. One of the facts, if not both of them, would likely be controlled information, even if unclassified, in order to reduce the likelyhood of Fact C leaking.
Example: the XF-42 has a jammer builtin. The output of the jammer is classified. But the amount of power available from the generator is unclassified, as is the percentage of power used by the jammer. Individually, either of those facts doesn't help, but together they tell you how much power the jammer has, which can help our adversaries figure out how much power they need to burn through the jamming.
That said, if any fact is classified, that by itself will make the document it's in at least that classification.
EDIT: to use your poisoning example. If it's a poison, it makes the entire thing poisoned. But there are binary poisons. Two things together make a poison, even if neither alone is (very) poisonous.
I’ve never seen exactly what they are talking about but what they may be getting at is actually information compartmentalization - group A can know fact A and group B can know fact B but neither group can know AB. Some higher up official can know AB but must keep those facts separated in documentation because they may share portions with the groups. Having said that - both A and B are classified. You can’t have unclassified compartmentalized info.
Just wondering as I have no special knowledge, but suppose I am a senator and I receive a number of classified briefings on a particular issue.
Could I use Outlook to take some notes on my thoughts on that issue? Say as a draft e-mail? I don't think there would be anything technical to stop me, and it's not going to set off any automatic exfiltration flags.
But those notes could very well need to be classified. Does everyone in the Capitol with access to classified material have the necessary skills and incentives not to make notes about them on their personal computer?
If you are receiving a classified briefing you cannot be on a machine that has internet access - the briefing would be in a secured area with no personal devices and the only machines in that area are airgapped (and they are airgapped forever, no switching back and forth).
You could of course write stuff down afterwards in an unsecure place but that is day 1 essential huge fucking deal no no. You don’t even discuss classified info outside a secure area, not in your public office not in the outback not ever. That doesn’t mean people don’t do it but when they do and it is found out it is a really big deal. Accidents do happen and there are protocols in place to deal with them when they occur. 99.9% of these leaks are extremely mundane low tier classification and are due to document misclassification etc. Sometimes the name of a project is classified and is leaked by reference etc but when it comes to actual important stuff people are quite competent at keeping that in secure areas.
Though of course all those rules are subject to Trump's Law: "When you are a star they let you do it".
A random member of the military or the administration would go to jail for a long time, a senator especially from the same party as the president would get away with it with impunity.
>Does everyone in the Capitol with access to classified material have the necessary skills and incentives not to make notes about them on their personal computer?
Access to classified information comes with training on properly handing classified information.
Mishandling classified information is a crime if you have a security clearance
Your recollection does not comport with my own. A lot of sensitive classified information was leaked, a good deal of it having nothing to do with warrant-less wire-tapping, etc.
Only three? I'm pretty sure I can already count at least 3 UI fads that have come and gone in my Windows 10 install. Somehow it's gotten worse each time... I'm trying not to sound like a grumpy old man but it feels like each revision is more geared towards mobile device users and the product sees a corresponding loss of flexibility and configurability.
I'm the opposite. Back when in my early teens, friends and I would attempt to hijack opposing groups' channels via takeovers during net-splits (and ofcourse having the same done to us). What a time to be alive.
In the early battle.net days competing clans would split and steal channels. It was tons of fun. Taught me lots about bots, proxies, simple scripting, in the process too.
That second link says "each full body scan of an individual would generate 6 Micro Sieverts (µSv)" so 2 scans per day would be 12 µSv, and a dose chart [0] shows the average daily background dose to be 10 µSv while a flight from NY to LA is 40 µSv. So it's a bit like taking that flight every 3.3 days. So maybe it's no worse than being a pilot / flight attendant?
2 scans a day for 1 year would be 4,380 µSv, or 4.3 mSv. The yearly dose limits recommended by the International Commission on Radiological Protection (ICRP) is 1 mSv per year for the general public, and 20 mSv for “occupationally exposed workers” [1]. Since Assange is receiving this for very specific reasons, I don’t think he would fall into the general public. So he is receiving less than a quarter of what is considered max safe for a radiation worker. For further comparison, long haul airline pilots receive and average of 2.94 mSv/year [2] and “diagnostic radiology, nuclear medicine, and radiotherapy workers were found to be 0.66, 1.56, and 0.28 mSv, respectively” [3]. So he could be on the high end when compared to medical workers and pilots, while still being well under the safe max limits.
Thanks, this is very informative. Does the peakiness of being subject to X-ray scanning (a duty cycle like 500ms on, 12hr off) come into play when comparing with those other occupations, though?
First, I am probably as much as a layman as you. But from what I have read and some quick googling now, there is no additional risk or appreciative difference. Although I did find a few regulations that the general public should not be exposed to any sort of radiation higher than 10 µSv per hour. However I believe that is to prevent regular people unknowingly being around high radiation sources that would add up to a high cumulative total, since the general public does not have any way to track their cumulative exposure, not a problem with that level of single dose radiation per se.
Ionizing radiation damage is overwhelmingly and almost exclusively in its cumulative effects, namely the cancer it can cause. Each “unit” of radiation has a certain likelihood of slicing through the DNA of one of your cells, which has a certain likelihood of causing a mutation, which has a certain likelihood of being a cancerous mutation and not a “kills the cell” mutation, which has a certain likelihood of being a specific type that can evade all the body’s natural defenses against rouge cells. It is a long chain of dice rolls that have to all go just wrong.
So, unless the dose is concentrated to a physical location, e.g. radon in the lungs or sunburn on the skin, then it doesn’t really matter if you get a given dose over a month or a year. It will still start the same number of cascading dice rolls.
If someone that actually knows what they are talking about feels the need to correct anything, please do.
12 µSv in two 500 ms bursts is very different 12 µSv spread out over 1 hour of flight time.
The difference in intensity is 3,600 fold. It's the difference between being subjected to 1 hour of 30 degree celcius heat and 1 second of 108,000 degree celcius heat.
To bolster your argument: only the Kelvin scale is eligible for multiplication operations, so 30C * 3600 = 1,091,067C when converting to K and back.
On the other hand: I expect 500 ms of such extreme heat would instantly kill a human, although I'm having a hard time finding an answer for such a short time scale. Since X-ray imaging doesn't instantly kill, it's apples and oranges, but point taken.
