Letter to the Ambassador from Bahrain to the US
To: Her Excellency Ms. Houda Ezra Ebrahim Nonoo, Ambassador of the Kingdom of Bahrain to the United States of America
It is with great concern that I have read of the suppression of peaceful protesters on Lulu Square by armed force. Such violent and extra-legal actions by the security forces damage the standing of Bahrain in the world community and threaten its internal stability.
I strongly urge you to inform the King and his Government of the concerns of the American people in this regard, and to urge His Majesty to step in to dismiss the current Government and to hold those responsible for the armed and violent attack on peaceful protesters in the square accountable to the full extent of the law.
I thank Your Excellency in advance for her prompt attention to these matters.
Henry Edward Hardy
Copyright © 2011 Henry Edward Hardy
US using illegal mercenary forces in Pakistan?
The use of mercenaries or mercenary-like private armed forces by the US is forbidden by Anti-Pinkerton Act of 1893 (5 U.S.C. § 3108). See Weinberger v. Equifax, 557 F.2d 456, 462 (5th Cir. 1977), cert. denied, 434 U.S. 1035 (1978). The use of mercenaries is forbidden under international law by the International Convention against the Recruitment, Use, Financing and Training of Mercenaries.
However, the New York Times reports today that the US is making use of mercenary forces in Pakistan, including a group allegedly under the control of Duane “Dewey” Claridge, notorious for his alleged role in the Iran-Contra scandal: “One of the companies employs a network of Americans, Afghans and Pakistanis run by Duane Clarridge, a C.I.A. veteran who became famous for his role in the Iran-Contra scandal. Mr. Clarridge declined to be interviewed. “
Copyright © 2010 Henry Edward Hardy
This was written in response to a thread on the facebook group, The Constitution of the United States of America, titled, Do you think a President should have to serve in the military because he is Commander in Chief?
To ask, “Do you think a President should have to serve in the military because he is Commander in Chief?” is completely the wrong way of posing this question. The proper way of framing it is, “Do you think that the Commander-in-Chief should always be a civilian, elected President, in order to secure a democratic republic from military control?”
As James Madison said: “In time of actual war, great discretionary powers are constantly given to the Executive Magistrate. Constant apprehension of War, has the same tendency to render the head too large for the body. A standing military force, with an overgrown Executive, will not long be safe companions to liberty. The means of defense against foreign danger, have been always the instruments of tyranny at home. Among the Romans it was a standing maxim to excite a war, whenever a revolt was apprehended. Throughout all Europe, the armies kept up under the pretext of defending, have enslaved the people.” 
This principle of civilian control has been and remains the fundamental precept upon which the command and control of the US Armed Forces depends and from which it draws its legitimacy:
“From the birth of democracy in ancient Greece, the idea of the citizen-soldier has been the single most important factor to shape the Western way of war. In a democracy, combatants bear arms as equals, fighting to defend their ideals and way of life. They are citizens with a stake in the society they have vowed to defend. They do not fight as mercenaries, nor are they guided by coercion or allegiance to the whims of a dictatorial leader. Rather, their motivation stems from a selfless commitment to an idea that far exceeds the interests of any individual member of the society. For the armed forces officer of the United States, this ethos began with the militiamen who defended their homes, secured the frontier, and won a war of independence against the most formidable military power of that era. The American military tradition has since been governed by a strict adherence to the primacy of civilian control and, within that framework, has continued to champion the role of the citizen-soldier as the defender of the nation’s ideals.” 
 Max Farrand. 1911. Records of the Federal Convention of 1787. New Haven: Yale University Press. 1:465. Civilian control of the military
Copyright © 2010 Henry Edward Hardy
I sent the below to some friends when asked to join a letter advocating “Network neutrality”:
I am generally opposed to any federal or state regulation of what internet service providers can do vis a vis routing and BGP, packet prioritization etc. I do think that telcos should continue to function as common carriers, and that all commercial ISP’s should be required to reveal their packet prioritization and bandwidth clamping as part of consumer protection regulation, rather than being allowed to use the “up to 1.5 megabytes per second fast” kind of formulation in advertising.
There is no capital-I “Internet”. And there has not been since the NSF backbone shut down April 30, 1995. There is merely a loose association of networks who have agreed to share traffic over RFC-documented protocols. Each of the networks is entirely autonomous and self-governing.
It is the autonomous, voluntary, and self-governing aspects of the internet which are most important to preserve, not “net neutrality”. Internet freedom means that we allow other people to do things on their network which we personally don’t like (and may not allow on our network).
“We reject: kings, presidents and voting. We believe in: rough consensus and running code”
–Dave Clark, “An Input/Output Architecture for Virtual Memory Computer Systems”, Ph.D. dissertation, Project MAC Technical Report 117, January 1974
Networks belong to the people who own them. There is no reason that I, as a person who owns a network, should have to pay for additional bandwidth charges to say, backhaul traffic for AT&T or Google over my network if they are not clients of mine, or that I should route their packets over my net at all if I don’t want to. Nor should I have to give a non-subscriber equal priority on my network as say, medical imaging facilities for a customer.
“Net neutrality” is a shibboleth; I think we should avoid using the term and talk instead about “common carrier” status for the telcos and large ISP’s and voice carriers.
Links to previous stuff I have posted on my blog regarding “net neutrality”: http://scanlyze.wordpress.com/?s=net+neutrality
I am posting the above comment also to my blog, http://scanlyze.wordpress.com/
Autonomous System (wikipedia)
Copyright © 2009 Henry Edward Hardy
Guardian inaccurate article: Alleged credit card scam raises new web security fears
To the Guardian Tech Editor:
published Tuesday 18 August 2009 20.43 BST
incorrectly describes the computer vulnerability, or “exploit” allegedly used by one Albert Gonzalez and unnamed others to allegedly steal and sell credit card information from several companies. The article also mis-characterizes the legal procedure used to bring the charges.
The article says,
“The charge sheet says that Gonzalez, along with two others who “resided in or near Russia”, in December 2007 injected “structured query language”, a computer programming language designed to retrieve and manage data, into the computers of companies such as Heartland, one of the world’s biggest credit and debit card payment processing companies.”
Structured Query Language is not a computer language such as C or FORTRAN. It cannot be “injected” anywhere. It is a format or language for querying or posting information to a computer database.
It sounds like your reporters read “SQL injection”, didn’t understand what that meant, and made up a likely sounding (but wrong) explanation.
A more correct description would be that the alleged fraudsters illegally accessed corporate databases, and inserted fraudulent information into them in order to gain access to those or other systems.
SQL injection is a well-known and preventable vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1804
Your writers apparently could not even be troubled to look up the defendant on wikipedia, see http://en.wikipedia.org/wiki/Albert_Gonzalez
The article refers to a “charge sheet”, the correct term in this case is “indictment”, see http://www.usdoj.gov/usao/ma/Press%20Office%20-%20Press%20Release%20Files/IDTheft/Gonzalez,%20Albert%20-%20Indictment%20080508.pdf
A “charge sheet” in US usage refers to the daily written record of events in a police station, it has little or nothing to do with Grand Jury proceedings. In the Commonwealth, it may refer to a final police report. It is not the same as an indictment brought by a Grand Jury. Confusing charges brought by police and charges brought by a Grand Jury is a fundamental error.
The most newsworthy item overlooked in this rather poor excuse for an article is the question of liability. Both the “wardriving” and “SQL Injection” attacks are well-documented and generally preventable. Thus there is the question of the liability of the companies allegedly victimized as they may have failed to take even the most basic computer security precautions with this sensitive data. Further, how was the defendant able to carry out the alleged attacks while at the same time allegedly acting as a consultant or informant to the US Secret Service? To what degree is the Secret Service liable for failing to prevent, or even possibly enabling, these attacks?
The article’s confusion of the acting US attorney for New Jersey, Ralph Marra, with the “acting US Attorney General” further detracts from the accuracy and reliability of your reportage. The Attorney General of the United States is Eric Holder. There is no “acting US Attorney General.” Your reporters should certainly have known this if they were even moderately well-informed. Basic fact-checking by your editors should have caught and prevented this error from being published.
In the future, please don’t have articles written by people who A) have no idea what they are writing about in either the legal or technical sphere and B) don’t do even a basic job of research and fact-checking. Editors must fact-check and verify all references to technical descriptions, legal proceedings, and offices held by public officials.
Henry Edward Hardy
The subtitle refers to “‘Biggest ever’ case involves 130m cards”
Who says it is the “biggest ever” case? This unattributed quote appears nowhere in the article, which does not state anything of the kind. Was it simply made up by a copy editor?
I would also note that the title of the Guardian article claims that the incident “raises new web security fears.” This is bullocks. Wardriving and SQL injection are neither new issues nor are they web-dependent; how to defend against them is well-understood and documented; and fear-mongering about them isn’t warranted or appropriate.
Copyright © 2009 Henry Edward Hardy