Nuclear Threats are Still Threats
Posted by Aaron Massey on 08 Aug 2016.
Much of my time is spent thinking about privacy, security, and regulatory compliance in the computing world. It is, therefore, easy to think that these are the most important concerns of their kind. They may not be. It is even easier to think that the most fruitful approach is to focus only on computing concerns. This could be wrong too. One of the other contenders must be nuclear weapons, which offers compelling similarities and differences for those interested in computing.
It is a fallacy of the worst kind to simply assume that we’ve somehow figured out how to manage them perfectly because we’ve lived with nuclear weapons for so long. Clearly, we have more experience with them, but does experience actually help here?1 It is entirely possible that familiarity hurts rather than helps. People generally only make monumental mistakes when they think they know what they are doing.
Nuclear weapons are, of course, still ridiculously powerful and, therefore, dangerous. And yet, a significant number of the most powerful nuclear weapons in NATO are located in a fundamentally unstable region. Why? There could be a compelling reason. And these weapons may actually be secure. I don’t know. I’m simply saying it’s surprising this isn’t more newsworthy than most of the stuff that’s discussed as news.
Why does it take an atypical Presidential candidate to surface a discussion of whether we should limit the President’s authority to nuke? How is it possible for ten people to obtain all the materials necessary for a dirty bomb? Shouldn’t more people be interested in these stories? Isn’t this exactly the sort of thing that should motivate serious thought?
These stories haven’t met the various non-news criteria required to make an impact in “traditional,” ad-supported news outlets, but some serious thinkers are giving them thought. The kerfuffle between Steven Pinker and Nassim Taleb is, perhaps, a good example. Essentially, Steven Pinker argues that if you look at the data, there’s a long-term trend towards peace rather than violence. Taleb argues that nuclear weapons have fundamentally changed the most appropriate techniques for analyzing the risk of catastrophic violence (PDF). In other words, the historical data is misleading or inappropriate for analysis of violence in the modern world. Pinker’s response ultimately points out that for real world planning purposes, it may simply be impractical to plan for every possible worst case scenario (PDF).
This debate is worth thinking about, even if you’re primary interest is computing privacy and security. Nuclear weapons and computing introduce similar asymmetries to their respective domains. It used to be that you needed to invest significant resources into an effort to obliterate a million lives. Now, all you need is a nuclear weapon. It used to be that you needed to invest significant resources to steal identity documents for a million people. Now, all you need is a flash drive. Computing professionals interested in privacy, security, and regulatory compliance would do well to read about these topics in a nuclear context.
Update 10 August 2016
There’s a rather interesting piece titled “Is America Any Safer?” in The Atlantic’s September issue that discusses several similar themes, including the possibility of a dirty bomb. It’s worth reading.
Many in the computer security world now realize this fallacy was the mistake made in the push to solve security concerns through user education initiatives. ↩