The difference between kinetic and cyber attacks

It’s striking — and worrying — that missile launches by North Korea, no matter how unimportant in the big picture, get worldwide news coverage every time they happen.

But North Korea’s ongoing cyberattacks, which are having serious effects and are raising startlingly large amounts of money for the regime are mentioned only on technical sites, and only occasionally.

We have to hope that military and government have a more balanced view of the relative threat — but it seems clear that politicians don’t.

Advertisements

Backdoors to encryption — 100 years of experience

The question of whether those who encrypt data, at rest or in flight, should be required to provide a master decryption key to government or law enforcement is back in the news, as it is periodically.

Many have made the obvious arguments about why this is a bad idea, and I won’t repeat them.

But let me point out that we’ve been here before, in a slightly different context. A hundred years ago, law enforcement came up against the fact that criminals knew things that could (a) be used to identify other criminals, and (b) prevent other crimes. This knowledge was inside their heads, rather than inside their cell phones.

Then, as now, it seemed obvious that law enforcement and government should be able to extract that knowledge, and interrogation with violence or torture was the result.

Eventually we reached (in Western countries, at least) an agreement that, although there could be a benefit to the knowledge in criminals’ heads, there was a point beyond which we weren’t going to go to extract it, despite its potential value.

The same principle surely applies when the knowledge is on a device rather than in a head. At some point, law enforcement must realise that not all knowledge is extractable.

(Incidentally, one of the arguments made about the use of violence and torture is that the knowledge extracted is often valueless, since the target will say anything to get it to stop. It isn’t hard to see that devices can be made to use a similar strategy. They would have a pin code or password that could be used under coercion and that would appear to unlock the device, but would in fact produce access only to a virtual subdevice which seemed innocuous. Especially as Customs in several countries are now demanding pins and passwords as a condition of entry, such devices would be useful for innocent travellers as well as guilty — to protect commercial and diplomatic secrets for a start.)

Democratic debates strategy

In an analysis of the language used by US presidential candidates in the last 7 elections, Christian Leuprecht and I showed that there’s a language pattern that predicts the winner, and even the margin. The pattern is this: use lots of positive language, use no negative language at all (even words like ‘don’t’ and won’t’), talk about abstractions not policy, and don’t talk about your opponent(s). (For example, Trump failed on the fourth point, but was good on the others, while Hillary Clinton did poorly on all four.)

In some ways, this pattern is intuitive: voters don’t make rational choices of the most qualified candidate — they vote for someone they relate to.

Why don’t candidates use this pattern? Because the media hates it! Candidates (except Trump) fear being labelled as shallow by the media, even though using the pattern helps them with voters. You can see this at work in the way the opinion pieces decide who ‘won’ the debates.

The Democratic debates show candidates using the opposite strategy: lots of detailed policy, lots of negativity (what’s wrong that I will fix), and lots of putting each other down.

Now it’s possible that the strategy needed to win a primary is different to that which wins a general election. But if you want to assess the chances of those who might make it through, then this pattern will help to see what their chances are against Trump in 2020.

Incumbency effects in U.S. presidential campaigns: Language patterns
matter, Electoral Studies, Vol 43, 95-103.
https://www.sciencedirect.com/science/article/pii/S0261379416302062

Tips for adversarial analytics

I put togethers this compendium of thngs that are useful to know for those starting out in analytics for policing, signals intelligence, counterterrorism, anti-money-laundering, cybersecurity, and customs; and which might be useful to those using analytics when organisational priorities come into conflict with customers (as they almost always do).

Most of the content is either tucked away in academic publications, not publishable by itself, or common knowledge among practitioners but not written down.

I hope you find it helpful (pdf):  Tips for Adversarial Analytics

Unexplained Wealth Orders

Money laundering conventionally focuses on finding the proceeds of crime. It has two deterrent effects: the proceeds are confiscated so that ‘crime doesn’t pay’; and discovering the proceeds can be used to track back to find the crime, and the criminals that produced it.

Since crimes prefer not to leave traces, the proceeds of crime used to be primarily in cash — think drug dealers. As a result, criminals tended to accumulate large amounts of cash. To get any advantage from it, they had three options: spend it in a black economy, insert it into the financial system, or ship it to another country so that its origin was obscured.

Money laundering detection used to concentrate on these mechanisms. Many countries have made an effort to stamp out the cash economy for large scale purchases (jewels, cars, houses, art) by requiring cash transactions of size to be reported, and by removing large denomination currency from circulation (so that moving cash requires larger, more obtrusive volume). Most countries also require large cash deposits to banks to be reported. Preventing transport of cash across borders is more difficult — many countries have exit and entry controls on cash carried by travellers, but do much less well interdicting containers full of cash.

One reason why much of current money laundering detection is ineffective is that there are now wholesale businesses who provide money laundering as a service: give them your illicit money, and they’ll give you back some fraction of that money in a way that makes it seem legitimate. These businesses break the link between the money and the crime, making it almost impossible to prosecute since there’s no way to draw a line from the crime.

Unexplained wealth orders target the back end of the process instead. They require people who have and spend money in quantity to explain how they came by the money, even if the money is in the financial system and apparently plausible. This is extremely effective, because it means that criminals cannot easily spend their ill-gotten gains without risking their confiscation.

Of course, this is not a new idea. Police have always kept a look out for people who seemed to have more money than they should when they wanted to figure out who had committed a bank robbery or something similar.

The new factor in unexplained wealth orders is that the burden of proof shifts to the person spending the money to show that they came by it legitimately, rather than being on law enforcement to show that the money is proceeds of crime (which no longer works, because of the middemen mentioned above). This creates a new problem for criminals.

Of course, the development and use of unexplained wealth orders raises questions of civil liberties, especially when the burden of proof shifts from one side to the other.  However, unexplained wealth has always attracted the attention of taxation authorities and so these orders aren’t perhap as new as they seem. Remember, Al Capone was charged with tax evasion, not racketeering.

Unexplained wealth orders seem like an effective new tool in the arsenal of monay laundering detection. They deserve to be considered carefully.

What causes extremist violence?

This question has been the subject of active research for more than four decades. There have been many answers that don’t stand up to empirical scrutiny — because the number of those who participate in extremist violence is so small, and because researchers tend to interview them, but fail to interview all those identical to them who didn’t commit violence.

Here’s a list of the properties that we now know don’t lead to extremist violence:

  • ideology or religion
  • deprivation or unhappiness
  • political/social alienation
  • discrimination
  • moral outrage
  • activism or illegal non-violent political action
  • attitudes/belief

How do we know this? Mostly because, if you take a population that exhibits any of these properties (typically many hundreds of thousand) you find that one or two have committed violence, but the others haven’t. So properties such as these have absolutely no predictive power.

On the other hand, there are a few properties that do lead to extremist violence:

  • being the child of immigrants
  • having access to a local charismatic figure
  • travelling to a location where one’s internal narrative is reinforced
  • participation in a small group echo chamber with those who have similar patterns of thought
  • having a disconnected-disordered or hypercaring-compelled personality

These don’t form a diagnostic set, because there are still many people who have one or more of them, and do not commit violence. But they are a set of danger signals, and the more of them an individual has, the more attention should be paid to them (on the evidence of the past 15 years).

You can find a full discussion of these issues, and the evidence behind them, in ““Terrorists, Radicals, and Activists: Distinguishing Between Countering Violent Extremism and Preventing Extremist Violence, and Why It Matters” in Violent Extremism and Terrorism, Queen’s University Press, 2019.

 

Detecting abusive language online

My student, Hannah Leblanc, has just defended her thesis looking at predicting abusive language. The document is

https://qspace.library.queensu.ca/handle/1974/26252

Rather than treat this as an empirical problem — gather all the signal you can, select attributes using training data, and then build a predictor using those attributes — she started with models of what might drive abusive language. In particular, abuse may be associated with subjectivity (objective language is less likely to be abusive, even if it contains individual words that might look abusive) and with otherness (abuse often results from one group targeting another). She also looked at emotion and mood signals and their association with abuse.

All of the models perform almost perfectly at detecting non-abuse; they struggle more with detecting abuse. Some of this comes from mislabelling — documents that are marked as abusive but really aren’t; but much of the rest comes from missing signal — abusive words disguised so that they don’t match the words of a lexicon.

Overall the model achieves accuracy of 95% and F-score of 0.91.


Advertisements