Epistemological Relativism

After hearing of the Supreme Court’s decision regarding detainee’s rights at Guantanamo Naval Station I decided it was time to read their opinion. No, I have not read the entire 125 page document. I just finished reading the eight page syllabus. For those that are living under a rock, the detainees at Guantanamo Bay have been held there without the entitlement of the Writ. This basically means that they have not been given the opportunity to question the legality of their imprisonment. As a result, many of the detainees are held there indefinitely. Now, this is a gross oversimplification. There are many other factors at play such as the location of the detention center, it’s status as a territory, the citizenship of the detainees and their status as “enemy combatants”. Based on these and other factors the court ruled that the detainee’s rights to the Writ cannot be suspended. I have to say at first, because of the “at war” considerations, I thought this was a bad decision. After reading, some reflection and a few interesting conversations I now think this was a good decisions. It is, of course, not without difficulties, but the decision heads in the appropriate direction.

One of the main themes touched on in the Syllabus is the Writ’s ability to ensure individual liberty. If the conditions by which the Writ may be suspended are broadened our liberties will have been significantly curtailed.

That the Framers considered the writ a vital instrument for the protection of individual liberty is evident from the care taken in the Suspension Clause to specify the limited grounds for its suspension: The writ may be suspended only when public safety requires it in times of rebellion or invasion.

The problem is that the Guantanomo scenario is unique. Some argue that because Guantanamo isn’t a United States territory that the Constitution has little influence or power. The Court does agree that this uniqueness presents challenges for effectively resolving the dilemma.

None of the cases the parties cite reveal whether a common-law court would have granted, or refused to hear for lack of jurisdiction, a habeas petition by a prisoner deemed an enemy combatant, under a standard like the Defense De- partment’s in these cases, and when held in a territory, like Guantanamo, over which the Government has total military and civil control.

The Court, thankfully, does not agree that the location of the detention center determines where and when the Constitution applies. We cannot simply claim that because Cuba is sovereign over Guantanamo that we must obviate the entitlements to the Writ.

but it does not accept the Government’s premise that de jure sovereignty is the touchstone of habeas jurisdiction.

Furthermore, to draw a clear line in the sand, it is not the place of the Executive or Legislative branches to determine where the law should be applied.

The Constitution grants Congress and the President the power to acquire, dispose of, and govern territory, not the power to decide when and where its terms apply.  To hold that the political branches may switch the Constitution on or off at will would lead to a regime in which they, not this Court, say “what the law is.”

The Court, through the Syllabus, understands that there are other considerations when extended the entitlements to Writ to detainees. “Due process” in this context takes time. It may be the case that the governement and/or military have very good reasons for detaining individuals. At the end of the day, at some reasonable point in time and in this context they must be allowed to understand why they are being held.

This holding should not be read to imply that a habeas court should intervene the moment an enemy combatant steps foot in a territory where the writ runs.

I think the Court understands the complexity of the situation. This isn’t a straight-forward case of a citizen being withheld certain rights. This isn’t a straigh-forward case of detention on U.S. soil. There are aspects terrorism, intelligence information, “aliens” that are intertwined in this case. We have to protect the country from foreign hostilities, but it cannot come at the expense of the liberty of citizens or, worse still, at the expense of our countries heritage of preserving liberty through due process.

 In considering both the procedural and substantive standards used to impose detention to prevent acts of terrorism, the courts must accord proper deference to the political branches.  However, security subsists, too, in fidelity to freedom’s first principles, chief among them being freedom from arbitrary and unlawful restraint and the personal liberty that is secured by adherence to the separation of powers.

Whether you perform “threat modeling”, conduct “design reviews” or engage in “risk assessments” for the purpose of identifying and hopefully correcting design flaws in an application’s design there is always a lingering question of completeness and accuracy. I’ll try not to derail the conversation and talk about what you do with the flaws (ie, how you rate them, prioritize them and a method for correction) you’ve found even though I really want to.

So, what about completeness and accuracy? Many organizations now go about performing some sort of activity prior to the construction of their widgets. Most probably think they’re doing a decent job. But how do we know? Is it the volume of flaws that are discovered? This is more like a warning light on an automobile than a measurement of the completeness of the efforts. I know, our buddies Saltzer and Schroeder have spoken about proving a negative requirement and I agree with them. I tend to think that this notion of completeness and accuracy are rolled up into a more well-known concept of code coverage. No, it’s not perfect, but it does a decent job here. Of course there is no “code” to cover in the sort of per-construction activities we perform. We deal with the raw materials that will eventually materialize into code. We don’t have the luxury of measuring the scope of our activities based on properties of the code (the number of lines, critical regions, etc). So how do we measure coverage? Do we rely upon methodological adherence? That seems dangerous. What about the quality of the design artifacts? Do they have use cases? The sort of inspection that we can perform seems to be proportional to the amount of time one has taken to articulate the design. But that only makes it more probable that we will be more complete and accurate. We can’t use that to measure our coverage either.

There are two aspects that contribute to quality code coverage ; identification of security code paths (I know there is no code yet) and depth of analysis. The first is the process whereby all untrusted points of input and output in the design are discovered and validated. In my world very few points are trusted, but there are levels of trust. The next is depth of analysis. It is not enough to go through a series of binary questions like “do you authenticate this communication channel” even if there is a well-defined policy governing authentication requirements. It isn’t just the coarse-grained patterns we’re speaking of here. It is the *design* of those patterns that must be evaluated. This is, I think, where many security efforts go awry. They boil down analysis and expertise into questions and answers. Questions do not achieve the depth of analysis criteria for code coverage. Without a doubt if a design doesn’t answer yes to these fundamental questions you’re at a hard stop, but for those that can answer yes you must go deeper.

So, are you confused? “Code coverage” in pre-construction security efforts must consider the methods to identify (and validate) inputs and outputs and the degree of analysis performed upon that data. How do we do this? I don’t know. What we can do is use these two categories (there may be more) as controls points for the consistency and/or reliability of our data. For example, if we’ve simply reviewed available documents to discover the project’s design elements there is probably a greater margin for errors and omissions. It follows then that our code coverage will not be as complete as it could have been. Yes, I know, it is only probabilistic. But that may be the best we can do. I’ll leave it up to everyone (all two of you) else to consider whether what I’m saying is valid. Good luck.

I had a very interesting discussion with my carpool buddy about those atheism versus theism debates that are all the rage these days. He had some very astute observations despite his self-proclaimed lack of knowledge (he’s agnostic and I’m kidding). He noticed how the various camps typically claim that their side was the victor. See, debates aren’t exactly like the UFC. There isn’t a tap-out, a referee stoppage or a decision in the end. Instead, it is just a bunch of fans cheering for their fighter. What’s worse is that it is unlikely that one side would switch to the other as a result of such a brawl, but it is still entertaining and a great fuel source for conversation.

We discussed how atheistic arguments are sometimes made up of refutations of theistic arguments. Now, there is nothing wrong with this. If you can demonstrate that premises are incorrect or invalid you have successfully torpedoed the conclusion. What we observed is that in some cases this method (the refutation of theistic arguments) is successful. If they are successful (I think they are in some cases) then the argument for god is refuted. I agree with this. However, and I know this is obvious here, by refuting a positive proposition we have in no way confirmed it’s negative. In other words, refuting an argument for the existence of god does not get us to the truth claim that there is no god. I know, “the burden of proof is on you to prove god”. I agree. But if I cannot conjure up proof or my proofs are refuted, we simply slide into agnosticism. I can’t jump over the chasm into atheism without some logical help (I need some arguments). At the heart of it atheistic propositions, just like their theistic counterparts, are knowledge claims.

This of course led to all sorts of discussions regarding the problem of knowledge (a favorite of mine). Rarely, if ever, do I get the opportunity to talk about something that I think is fun and yet painful. So, I was sort of like the abominable snow man in this Looney Toons spoof. We talked about deduction and induction and the challenges of a priori knowledge. We talked about what meta-justification is. We even ventured off into the notions of “proof”. It seems that many today view scientific knowledge and proof in  the same way and forget that even within science there are a priori assumptions at play; nevermind the fun that ensues when we talk about sense data and what that data represents. Needless to say debates are a great way to pass the time of a long commute!

Over the past couple of years I’ve documented my thoughts (in unpublished form) about the ultimate aim of education. Topics regarding virtue, utility, benefits to the state and socialization can be found all throughout my meandering thoughts. I stumbled across an excellent summary and thought I’d share.

For a true education aims at the formation of the human person in the pursuit of his ultimate end and of the good of the societies of which, as man, he is a member, and in whose obligations, as an adult, he will share.

- Pope Paul VI, Gravissimum Educationis (Declaration on Christian Education) October 28, 1965

In this short summary a proper balance between divine purposes and human existence is articulated. Education is more than being trained in a particular craft. It is also more than knowledge of things. It is a complete integration of techne, arete, episteme and other elements. Too much of one and not enough of the other leaves man underdeveloped and ill-equipped to participate in all facets of human existence in the 21st century. What do you think?

For those that weren’t aware I’m the Latin and Science teacher for our daughter. This was our first year of Latin and I used Prima Latina to introduce our daughter to Latin pronunciation, vocabulary and syntax. The set of books and cds allow us to use visual, aural and read/write mechanisms to acquire the language.

How did we do? If measurement is simply the volume of information retained by the student I think we did great. My daughter has memorized vocabulary, short prayers, verb conjugations, 1st declension nouns and other bits. I also know that we don’t (or shouldn’t measure) success in this one way. However, this text seems to teach to that end exclusively. I’m a fan of memorization where it works and in language acquisition it is a necessary feature when we are not learning directly. Yet, I still feel as though the text should have or could have made things a little more interesting. We all know that when children are interested in a topic they learn more effectively, perform better and acquire a greater body of information. When they are not, well, we know what happens there.

This is I think the failing of the text; It provides no real opportunities to cultivate interest, fun or anything else. It is simply a brute-force technique. I say this because my daughter, although she has learned all of the material (read: memorized) bemoans latin quite frequently. It is not because it takes tons of time, but because it is just tedious. Again, tedium is an unfortunate part of how we experience things, but when tedium can be avoided it should. In this case it wasn’t.

Prima Latina teaches ecclesiastical latin. I’m not a purist (or maybe I am), but this form of latin seems rather odd to teach unless you’ll be participating in some sort of liturgy. I would have liked to have seen the text teach latin in its classical forms. I had to rewrite the pronunciation rules provided in the text, avoid certain audio section and perform other minor surgeries on the material in order to align it more closely with its classical heritage. In summary, Prima Latina was useful for the arrangement of very introductory material, vocabulary lists, derivatives and tests. Those expecting stories, pictures, translation opportunities (short sentences) that make for a more well-rounded approach or those that would like to teach classical latin would do well to look elsewhere.

I’m on my latest book in our ‘08 reading bonanza. I’ve tried to read a variety of historical, philosophical and religious texts thus far (you can review the current list here). Since it *is* a race and I don’t yet have the desire to tackle the Barthian corpus, I selected Dogmatics in Outline. It is a short 150ish page book that is literally an outline of Barth’s theology (if I can make such a coarse assessment). I’m only 30 pages into it and as early as the second page you can see Barth’s emphasis on God’s transcendence and the limits of human reason to acquire any sort of meaningful (real) knowledge of God. What’s interesting is that in my recent reading of Russell’s Problems of Philosophy I’ve found similar themes regarding the limits of human reason.  I can say with some honesty that for a time I thought human rationality was the panacea for all human challenges. It seems to me from my reading of Barth that he is under no such illusion.  While conceding the human reason can figure things out, with respect to God Barth will not give an inch.

What man can know by his own power according to the measure of his natural powers, his understanding, his feeling, will be at most something like a supreme being, an absolute nature, the idea of an utterly free power, of a being towering over everything. This absolute and supreme being, the ultimate and most profound, this ‘thing in itself’, has nothing to do with God. It is part of the intuitions and marginal possibilities of man’s thinking, man’s contrivance. Mn is able to think this being; but he has not thereby thought God.   

-Karl Barth, Dogmatics in Outline (SCM Press, 1949) 15. 

You don’t get any beating around the bush with Barth. In many ways I agree with this theological reflection. In the past few centuries there has been a vigorous effort to “prove God”; to demonstrate through deductive arguments or experience of nature that God must exist. Human reason may be able to arrive at some vague notion of a divine power, but you’re very far indeed from anything that is communicated in the texts of Judaism, Islam and Christianity. I’m sure this need to prove God has arisen because for many centuries the existence of God has no longer been axiomatic. Barth is completely comformtable with the situation. For him,

Knowledge of God takes place where divine revelation takes place, illumination of man by God, transmission of human knowledge, instruction of man by this incomparable Teacher.   

-Karl Barth, Dogmatics in Outline (SCM Press, 1949) 16.

I know, I know, the modern, “I only *know* what I experience” person within us all is decrying this sort of “knowledge”. It’s fake, it can’t be trusted, it’s a mind game that we play on ourselves are the common responses. Barth, knowing this human emotion perceptively writes that,

The greatest hindrance to faith is again and again just the pride and anxiety of our human hearts.  

- Karl Barth, Dogmatics in Outline (SCM Press, 1949) 12.

This isn’t an apologetic or a comprehensive assessment of faith versus reason and their respective epistemic validity. I just wanted to point out that it is a modern “problem” that we struggle *in this way* with faith. We reflexively bar any sort of knowledge that we don’t immediately experience, but we don’t realize, in the way that Russell most certainly did (and Descartes before him), that that significantly and artificially limits what we can know (even though we already really know that we know). Confused? Yeah, me too. 

The man who has no tincture of philosophy goes through life imprisoned in the prejudices derived from common sense, from the habitual belief of his age or his nation, and from the convictions which have grown up in his mind without the co-operation or consent of his deliberate reason. To such a man the world tends to become definite, finite, obvious; common objects rouse no questions, and unfamiliar possibilities are contemptuously rejected. 

  - Bertrand Russell, The Problems of Philosophy (Oxford University Press) Chapter 15

On the Common Vulnerabilities and Exposures website there is a terminology page that presents two definitions; one for vulnerability and another for exposure. Having recently discussed and pondered the implications of broadly defining vulnerability, it was nice to see some precision. I’m surprised I hadn’t come across this before.

The challenge with one’s defintion of vulnerability surfaces when you attempt to calculate some form of probabilities or impact of a given vulnerability. Some “conditions” that are typically labeled as vulnerabilities by many tools are really nothing more than configuration errors or omissions. The CVE definitions make room for such errors and omissions by calling them exposures. The defining characteristic, in my estimation, is whether or not such a condition leads to the direct compromise. If it is direct, in most cases it is a vulnerability. If it is indirect or a “stepping stone” then it is an exposure.

The caveat sprinkled throughout the page makes it clear that there is some form of “reasonable security policy” by which to measure. This policy should not be confused with an organizations over-arching security policy, but those characteristics that are expected of a given product/application. This works nicely I think. It gets interesting in organizations whose core business is not the distribution of software. Why is this the case? Some environments having varying degrees of “reasonable security policies” when it comes to applications. Most of the time it is in the form of, at best, non-functional requirements or, at worst, some language thrown together ad-hoc from vague high-level security policies. The further away an organization is from this policy the more the notions of vulnerability and exposure merge together. This is only difficult when, as I mentioned early, one tries to measure probability and impact. A true exposure does not have the same measurable characteristics that a vulnerability does. For instance, vulnerabilities have properties like exploitability and reproducibility. These properties do not measure at all with exposures. Or if they do, they do not accurately communicate risk. The nature of a vulnerability is its ability to directly compromise. The measurement is an attempt to reflect the probability of that direct compromise. Exposures typically do not have that sort of capability . To measure them in such a way artificially inflates the inherent risks of exposures.

Are you still with my meandering? Good, because now we get back to the non-software selling organizations. In order to make these distinctions meaningful and the rating useful there must be an effort to create this sort of reasonable security policy (the kind mentioned above). Without such a standard things inevitably gravitate to the vulnerability class in order to rate it and have some corrective action performed. When this happens our measurements of risk behave in strange ways. For organizations in this situation it seems that the easiest way out is to create a minimal set of security requirements that directly address these exposures.

Starting in 2008 my wife and I will be competing in a bare-knuckles, knock-down, drag-out battle royale. The stakes are extremely high. Some would say the fate of the universe hangs in the balance. Over the course of the year we will engage in a reading grudge match. The person with the most books read by year’s end will be crowned the Ultimate Reading Champion. Here’s my current reading list:

• The Abolition of Man — C.S. Lewis (Done) 
• The Golden Compass — Philip Pullman (Almost done)
• What’s So Great About Christianity — Dinesh D’Souza (Almost done, but it is painful)
• American Colonies — Alan Taylor (Halfway)
• The Problems of Philosophy — Bertrand Russell (Not started)
• The Da Vinci Code — Dan Brown (Just started, but it may take a while as it is located in the bathroom)

Within the wide arena of everyday life we see evil in all of its ugly dimensions. We see it expressed in tragic lust and inordinate selfishness. We see it in high places where men are willing to sacrifice truth on the altars of their self-interest. We see it in imperialistic nations crushing other people with the batter rams of social injustice. We see it clothed in the garments of calamitous wars which leave men and nations morally and physically bankrupt

…evil is recalcitrant and determined, and never voluntarily relinquishes its hold short of a persistent, almost fanatical resistance. But there is a checkpoint in the universe: evil cannot permanently organize itself.

– Martin Luther King Jr., Strength to Love (Fortress Press, 1981) 78-79

I can appreciate King’s point regarding the checkpoint in the universe against evil. Because evil’s manifestation is most accurately characterized by self-interest, it is not hard to imagine why it is difficult for evil to organize and persist in the same unique way in which it originated. This self-interest is a force that constantly pulls at the fabric of evil itself. It attempts, inadvertently of course, to undo any sort of organization and cooperation that would give it the longevity that it really desires. Add to this internal conflict the external pressure of resistance and it does seem that evil is checked by both itself and external forces. Of course there are many cases where evil’s “brief” stay is anything but and for me to presume that even a short-term visitation of evil is enjoyable borders on the insane.

Sadly, this universal checkpoint only seems to prevent the spiral down to “all against all” and little else. Humanity’s unfortunate documented legacy is the way in which evil is stopped. It is not typically because we stops it, but because evil unwinds itself as it ventures closer to this universal barrier. It is nice that we have this emergency shut-off valve, but you would think that after the first few dozen activations we would figure out a way to prevent such runaway evil in the future. Regrettably, because humanity is capable of great good and great evil, because we individually swing back and forth between altruism and self-interest, it seems quite a feat to be able to eliminate evil altogether. Yet, many groups dream of and pursue such an ideal. How can we possibly eliminate evil without some sort of world-wide psychological surgery? What hope do we really have without such surgery? Does it mean our existence is merely an act of resigned survival or survival of the fittest?