Robot Killers

According to the Obama administration, between 2009 and 2015, 473 drone strikes killed about 2500 combatants and about 100 non combatants.

Last week, the Dallas Police department used a robot to kill the police shooter.

As far as I know, all of these events have had human operators, supposedly exercising human judgement.  

The thing is, many reports about drones and robots leave one with the impression that these are autonomous devices, without a human in the loop. It isn’t like that.

I do not think there is a real difference between a sniper on a hilltop killing from a mile away and a drone operator killing from 10,000 miles away.  Both have a human pulling the trigger. We can and should talk about ways to further reduce non-combatant deaths, but sniper rifles and drones are much safer for our guys than bayonets and hand grenades.

The real discussion ought to be about autonomous vs human-in-the-loop.

The unfortunate fact is, we already have lots of truly autonomous devices killing people on their own initiative.  They are called land mines.

Stingray countermeasures

A Stingray is a cell tower lookalike device.  It broadcasts its presence and nearby phones connect to the Stingray thinking it is a legitimate tower.  The Stingray can then log each phone or act as a man in the middle to incercept call metadata, text messages, or even call contents.

There are a number of public databases of legitimate cell towers.  For example,  Some databases are government, for example, the FCC license database, while others are crowdsourced.

It should be possible to modify a phone to only connect to towers which are legitimate by checking the purported tower ID against a cached copy of the database for the local area.  A stingray could, of course, use the id of a real tower, but that would disrupt communications in the whole area. This might not prevent the Stingray from logging the presence of such a phone, since the Stingray could hear the protocol handshake with the legitimate tower.

It should also be possible for a phone to passively listen for tower broadcasts, and to compare the tower ID against the database,  An unknown ID might be a new legitimate tower or it might be a Stingray.

It is likely quite difficult to get at and modify the low level radio software in a commercial smartphone, but there is a complete open source suite of cell infrastructure software at

That code could serve as a starting point for a software defined radio device for detecting and tracking Stingrays.  One could make a box with a red light on top which lights up when there is an unknown tower in the area.

In some areas, use of Stingray devices requires a warrant, but this is not universal.  The courts have also determined that use of location data from legitimate cell towers does not require a warrant



PIN Escrow

The FBI has dropped their request to require Apple to write code to unlock the terrorist iPhone.  Supposedly a third party offered a way in.  Yesterday the FBI said they did get in, so they no longer need Apple’s help.

For those whose first instinct is to distrust the government, this looks like the Justice department realized they were going to lose in court and hastily discovered a way out. “Never mind”.  This preserves their option to try again later when public opinion and perhaps law would be more on their side.  I am a little reluctant to think Justice would outright lie to a federal judge, but it wouldn’t be the first time.

This morning on NPR there was a different sort of heartbreaking story.  A woman and her baby were murdered, and there might be evidence on the woman’s phone, but it can’t be unlocked.  So what to do?

My idea is “PIN Escrow”.  Everyone should have a letter written with a list of their accounts and online passwords, to be opened by someone in the event of death or disappearance.  Everyone should have a medical power of attorney and so forth as well, to give a family member or trusted friend the power to act for you in the event of a sudden disability.  Just add your smartphone PIN to the letter,

In the alternative, one could write an app that encrypts your pin with the public key of an escrow service and sends it off.  This facility could even be built into the OS, with opt-in (or even opt-out, after a sufficient public debate), so it would automatically track changes.  The government could operate such a service, or it could be private.  There could be many such services.  Some could be offshore.  Some could use key-sharing for the private key, so PIN recovery could not be done in secret.

Let’s leave it up to individuals whether they want someone to have the power to unlock their phone in the event of an emergency.

From a security perspective, a PIN escrow service would be a dangerous and attractive target, so such a thing would have to be well designed in order to be trustworthy.  It should be kept offline, with no network connection.  The private key should be in a hardware key module.  Several people would have to collude in order to unlock a key, and there ought to be hardware safeguards to prevent bulk PIN recovery.

This is not a general back door for government surveillance, it wouldn’t grant remote access to a phone.  It wouldn’t be useful for hacking into criminal’s or terrorist’s phones (if they are smart), but it might help in cases where the phone owner is the victim of tragedy or accident.

And if you change your mind about having your PIN escrowed?  Just change your PIN.


Apple v FBI

I’m beginning to build up a full head of steam.  The first step seems straightforward.  I’m going to write my congressman.  It may not have much effect, but if enough of us write, it might.

Here’s my letter to Massachusetts Senator Elizabeth Warren.  I’ll be sending similar letters to Sen. Ed. Markey and Rep. Katherine Clark.

2016, March 16

The Honorable Elizabeth Warren
317 Hart Senate Office Building
Washington, DC 20510

Dear Senator Warren:

I write about the Apple FBI affair.  Please oppose any attempt by government to weaken the security and privacy of all Americans by demanding security “backdoors” in our technology or to require the conscription of Americans or American companies to weaken their own security.

First, regarding backdoors. I hold a PhD in Electrical Engineering and have worked with computer systems and computer security for over 40 years.  I am coauthor of the well-regarded book on E-commerce systems “Designing Systems for Internet Commerce.”  In other words, I know quite a lot about this area.  There is simply no way to create a backdoor that does not also reduce the security of the system for everyone.

Second, speaking as an ordinary citizen, I do not know how the courts will rule on the government’s request to use the All Writs Act to compel Apple to write software to unlock the San Bernadino iPhone, but my own view is that the constitution does not and should not allow it.

The government is being deliberately disingenuous when it claims this case is only about one terrorist’s phone. I have no sympathy for the killers, but the privacy and security of everyone is at risk should the government prevail.  Should that happen, I expect you to propose and support legislation that outlaws backdoors and forbids the conscription of individuals or companies into the government’s service.  This has happened before.  In 1980, Congress passed the Privacy Protection Act of 1980 which corrected the overreach of government in Lurcher v. Stanford Daily.

Sincerely yours,

Lawrence C. Stewart

Smartphone Security

Zdziarski’s Blog of Things has an article about possible enhancements to iOS security, in the wake of the Apple vs FBI affair.

Another idea is one I’ve mentioned before: Duress Passwords

If you are asked to unlock your phone, you could use a different finger, the duress finger, and the fingerprint sensor could appear to accept it, but erase the phone.  If you enter the duress password, the phone could erase itself or, perhaps, just start recording what is going on and uploading it to the cloud.

Another idea are Landmine Passwords.  These are passcodes whose purpose is to defeat brute force searches.  If you avoid landmines within hamming distance one or two of the correct passcode you would have litle chance of hitting one while trying to enter the correct code, but any searcher would be very likely to hit one before hitting the correct passcode.


I am ashamed of my Massachusetts governor Charlie Baker.  He has joined the chorus of (typically) Republican politicians who want to turn away helpless women, children, and families from our doors because of the remote chance that among them is a terrorist.

This is pandering of the worst sort. Pretty much everyone in this country is a refugee or descended from one,  My mother came here in 1939 on the run from Nazi Germany. This is different how?

It is too bad, really, until today, I kind of liked him.


Town Meeting

Here in New England, many towns are run by Town Meetings.  It is very democratic. Things that need voting, such as the budget, accepting gifts of land, and putting up no-left-turn signs at popular intersections are written up as articles for Town Meeting.  Any resident who wants a say in how things are run has to show up.

Votes used to be taken by the moderator’s estimate of ayes and nays, and if that seemed close, by standing votes, and if that seemed close, by counts taken by pairs of volunteers.

These days we using Electronic Voting.  Each voter gets a little wireless keypad.  When the voiting lamp is on “the window is open” you press 1 to record a Yes or 2 to record a No.

This got me thinking.  It sometimes happens that a small subset of residents is Very Upset about something, like those no-left-turn signs.  Eventually, the rest of us get sleepy, and someone makes a non-debatable motion to close debate.  This requires an immediate vote and a 2/3 majority.  How about making the process continuous?  The voting gizmos have 10 buttons, I think you should be able to press “terminate debate” at any time, and whenever the total goes over 2/3 that’s it.

I would also recommend buttons for “the current speaker is annoying” and so forth, the results of which are put up on the jumbotron, but tiny steps for tiny feet.

And why do sponsors of popular articles, like the new solar panels, go on for 10 minutes presenting all the details of something that is going to win in a landslide anyway?


Net Neutrality

I wrote a letter to the editor of the Wall Street Journal today.  In my opinion, Internet service providers and backbone providers should be “common carriers”.  They should not be allowed to charge different rates for different bits, and they shouldn’t be allowed to even look at the traffic other than for routing.  Today I was so offended by the disingenuousness and misrepresentation of L. Gordon Crovitz’ op-ed that I felt compelled to respond:

Timothy Lemmer
Letters Editor
Wall Street Journal

Regarding “The Great Internet Power Grab” by L. Gordon Crovitz, Feb. 8, 2015.  Mr Crovitz is misinformed or disingenuous.

The FCC proposes to reclassify broadband Internet access services – consumer access to the net – as a telecommunications service rather than as an information service.  The FCC does not propose to regulate content providers or startups providing innovative services, or end users of any sort.

Mr. Crovitz proposes we should be so afraid of unlikely future abuses by regulators that we should not move to stem current and actual abuses by the cable and telephone industries that provide the majority of internet access.

  • Verizon spies on customer communications to install tracking cookies (1)
    Comcast demands payments from content provider Netflix merely to get access to customers (2)
  • ATT blocks customers who attempt to encrypt their own email (3)
  • These are actual abuses by companies exploiting their near monopoly positions to damage competition, harm innovation, and endanger customer privacy.

It would be great if Congress would get its act together to promote innovation and forbid discrimination.  Until then, the FCC appears to be doing its best to protect the public from the telecom companies who are the current unaccountable gatekeepers of the net.

Lawrence Stewart
Wayland, MA



Aaron Swartz

Aaron Swartz, 26, committed suicide the other day, evidently hounded to his death by overzealous prosecutors.

I didn’t know Mr. Swartz, and I don’t condone his actions of a couple of years ago, where it is alleged that he attached equipment to the MIT computer network to steal academic articles from the JSTOR database in order to release them to the public.

However, the more I learn about the conduct of the government in prosecuting Mr. Swartz, the angrier I get.

For those lacking any context, go read what Larry Lessig had to say in

or what Cory Doctorow had to say in

Here is the letter I’ve sent to my Senator, Elizabeth Warren.  I’ve sent a similar letter to Sen. John Kerry

I call to your attention the recent suicide of Aaron Swartz.  It looks
very much to me like the US Justice Department hounded him to his
death by overzealous prosecution of a victimless “crime” if it even was
a crime.

Larry Lessig writes on the case:

I would like to know what you are doing to hold the prosecutors and
their bosses at Justice to account for this affair.

I voted for you in part for your history of representing the issues
of ordinary people against big business.  Please also represent us
against the oppressive power of government.

-Larry Stewart

I’ve sent the following email to Rafael Rief, President of MIT

I understand that the Swartz affair started before you became president of MIT, but I think you should explain to the community what happened, why it happened, and exactly what principles MIT holds.

From what I’ve heard, MIT provided the pretext necessary for the US Attorney ****** to hound Aaron Swartz to his death.

 See, for example, Larry Lessig’s account at

It may well be that Mr. Swartz was guilty of something, and it may be that MIT favored prosecution, but once MIT started such a ball rolling MIT became responsible in part for the damage it caused.  At the minimum, MIT had an obligation to track the case and to speak out loudly when it began to go off the rails of proportional justice in such a dramatic way.

-Larry Stewart ’76

(name removed because I am not sure I got it right)

I don’t know what the right answers are in this case, but I am beginning to think we should handle failures of justice in the same way we handle airplane crashes.  Do we need an equivalent of the National Transportation Safety Board to investigate?  Such a group could find out what happened, why it happened, and what legal, procedural, training, and technical measures are needed to keep it from happening again.  And their reports and proceedings should be open.

We now have so many laws and crimes, and so many are ill-defined, that likely everybody is “guilty” of something.  When the full oppressive power of government can be brought to bear on anyone at the discretion of individuals or groups with their own agenda, then no one is safe.


About an hour after I wrote to MIT President Reif, he wrote to the community.  Obviously he’s well ahead of me on this one, since his message must have already been in progress.   Professor Hal Abelson will be leading a thorough analysis of MIT’s involvement.  I await the report with interest.





SOPA and ProtectIP Followup


I wrote to both my senators, Kerry (D) and Brown (R) about SOPA and ProtectIP.  I sent substantially the same letter to both:

I urge you to vote against SOPA/ProtectIP.

This pernicious legislation would give the government the power to shut down websites and internet domains with no evidence, no due process, and no redress, essentially at the behest of private interests.

Even without this new legislation, the government is <already> seizing domains without due process. In a recent example, a domain was seized and not returned for a year, in violation of numerous “policies” without any opportunity for the people whose property was seized to confront their accusers or even learn the charges. In the end it turned out there was no evidence at all.

SOPA and ProtectIP will make the current intolerable overreach of the US Government with respect to the internet immeasurably worse.
-Lawrence Stewart, PhD
Software Engineer

I sent my senators an email.  Others sent cash.  According to, Sen. Kerry received $358,270 from pro-PIPA groups and $403,422 from anti-PIPA groups (plus $4,485,003 from big media generally), and Sen. Brown received $473,745 from pro-PIPA groups and $152,173 from anti-PIPA groups.  It’s hard to draw any conclusion from the money flow except that Kerry is more senior.

I have now received answers from my senators.  Here they are:

From Senator John Kerry <

Dear Dr. Stewart:

Thank you for your letter regarding the Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act (PROTECT IP Act).  I appreciate hearing from you on this important issue.

I have long championed the cause of innovation and an open Internet.  Firms operating on and off the Internet strongly rely on intellectual property laws to help protect their investments and ensure a just return for their goods and services.  Online piracy and copyright infringement hurts our economy and costs American businesses more than 200 billion dollars a year.  Many infringers operate from foreign countries in order to avoid US law enforcement.  As a result, under current law, American authorities are limited in what they can do to bring these rogue sites to justice.

As you know, the PROTECT IP Act was intended to protect American businesses from intellectual property theft on foreign websites.  Among other things, the bill would provide the Attorney General with the authority to seek a court injunction against a foreign website that engages in copyright infringement.  The court could also require U.S. websites to block access to websites found to be dedicated to infringing activities.  For example, search engines could be required to disable links to the website that is found to be violating copyright of a US company.

However, there are a number of serious and legitimate concerns regarding the scope of the legislation, as well as the potential for abuse, censorship, or other unintended consequences.   The authors recognize the legislation still needs work and I will oppose any proposal that would fundamentally undermine or impede the ability of people to communicate, compete, and innovate using the Internet.

I am pleased that Majority Leader Reid has indefinitely postponed Senate consideration of the PROTECT IP Act, and I will continue to review and work to improve legislation to both protect the intellectual property of American businesses and to ensure the web remains free and open.  As I consider proposals to address these issues, I will keep your views in mind.

Thank you again for contacting me on this topic.  Please don’t hesitate to reach me again on this or any other issue in the future.

From Senator Scott P. Brown <>

Dear Dr. Stewart,

     Thank you for contacting me regarding the Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property (PROTECT IP) Act (S. 968).  I am strongly opposed to this legislation.

     As you know, Senator Patrick Leahy (D-VT) introduced S. 968 on May 12, 2011.  The PROTECT IP Act aims to provide law enforcement with tools to stop websites dedicated to online piracy and the sale of counterfeit goods.  However, many Americans feared that S. 968 would stifle freedom of expression and harm the Internet.

     The Internet has been a source of dynamic growth in our economy and is responsible for employing many people in Massachusetts.  I have very serious concerns about increased government interference in this area and the effect of the PROTECT IP Act and the Stop Online Piracy Act (H.R. 3261, House companion legislation) on the Internet.  On January 18, 2012, I announced my opposition to the PROTECT IP Act.  You will be pleased to know that with opposition to the bill mounting, on January 20, 2012, the Senate Majority Leader announced that the scheduled vote on the PROTECT IP Act has been indefinitely postponed.

     Again, thank you for sharing your views with me.  As always, I value your input and appreciate hearing from you.  Should you have any additional questions or comments, please feel free to contact me or visit my website at


Well.  The letter from Sen. Brown is completely straightforward.  Internet Good, PIPA Bad.  The letter from Sen. Kerry is quite a piece of mealy-mouth apology for the entertainment industry. However, Sen. Kerry is willing to admit that PIPA “needs work”.

I kind of think the right thing for Massachusetts might be Elizabeth Warren and Scott Brown.  Too bad Sen. Kerry is not up for reelection.