The RISKS Digest
Volume 27 Issue 80

Monday, 17th March 2014

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Malaysia Airlines Flight MH370 network hacked?
Andrew Douglass
As the Web Turns 25, Its Creator Talks About Its Future
Nick Bilton
What the Internet of 2025 Might Look Like
Brian R. Fitzgerald
Cyberattacks Could Paralyze U.S., Former Defense Chief Warns
Patrick Thibodeau
"The Future of Internet Freedom"
Eric E. Schmidt and Jared Cohen
Worrying about NSA? Concentrate on Experian instead
George Sadowsky
NSA wants to infect **millions** of computers
Dan Gillmor
Who watches the watchers?
Henry Baker
Governor Christie's New Scandal: Verizon's Fiber-Optic-"Digital Bridge" Gate
Bruce Kushnick
Man called Bitcoin's father denies ties, leads LA car chase
Lauren Weinstein
Re: Anne Rice
David E. Ross
Re: TrustyCon and the RSA con NSA poll
the wharf rat
Re: Apple's GotoFail Security Mess
John Beattie
Re: Applied Systems Theory
George Ledin
Re: Threat Modeling: Designing for Security
Paul Edwards
BOOK: Rebecca Slayton: Arguments That Count
Info on RISKS (comp.risks)

Malaysia Airlines Flight MH370 network hacked?

Andrew Douglass <>
Wed, 12 Mar 2014 14:23:39 -0400

I'm hoping it's nonsense that such commingling would ever be approved in the
first place.

* The concern was that the passenger in-flight entertainment system would be
  connected to critical systems for managing the safety and maintenance of
  the aircraft.

* Passenger seatback entertainment systems come with ethernet and USB ports,
  which would in theory enable access to a hacker to the critical computer

  [There is still lots of speculation regarding this incident, and lots
  of definitude that may or may not eventually be determined.  PGN]

As the Web Turns 25, Its Creator Talks About Its Future (Nick Bilton)

"ACM TechNews" <>
Wed, 12 Mar 2014 11:31:29 -0400 (EDT)
Nick Bilton, *The New York Times*, 11 Mar 2014
  [Via ACM TechNews, Wednesday, March 12, 2014]

The creators of the World Wide Web, including Sir Tim Berners-Lee, worry
that companies could destroy the open nature of the Internet in their quest
to make more money.  The World Wide Web Foundation estimates that every
minute, billions of connected users send each other hundreds of millions of
messages, share 20 million photos, and exchange at least $15 million in
goods and services.  "I spent a lot of time trying to make sure people could
put anything on the Web, that it was universal," Berners-Lee says.
"Obviously, I had no idea that people would put literally everything on it."
However, despite all of the advances brought about by the World Wide Web, he
says people need to realize that a current battle around so-called network
neutrality could permanently harm the future of the Web.  "The Web should be
a neutral medium.  The openness of the Web is really, really important,"
Berners-Lee says.  "It's important for the open markets, for the economy,
and for democracy."  He plans to spend the next year working with Web
consortia to spread awareness of these issues.  "It's possible that people
end up taking the Web for granted and having it pulled out from underneath
them," he says.

What the Internet of 2025 Might Look Like (Brian R. Fitzgerald)

"ACM TechNews" <>
Wed, 12 Mar 2014 11:31:29 -0400 (EDT)
Brian R. Fitzgerald, *The Wall Street Journal*, 11 March 2014
  [Via ACM TechNews, Wednesday, March 12, 2014]

As the Internet approaches its 25-year anniversary, the Pew Research Center
has released responses from science and technology experts about what the
future Internet might look like.  Pew had asked a group of experts in
various fields what impact they thought the Internet would have in 2025 on
social, political, and economic processes.  Experts predict the Internet
will be thoroughly embedded in homes and integrated into people's daily
lives, with some noting a rise in wearable technology, massive open online
courses, and business model changes.  "We may literally be able to adjust
both medications and lifestyle changes on a day-by-day basis or even an
hour-by-hour basis, thus enormously magnifying the effectiveness of an ever
more understaffed medical delivery system," predicts University of
California, Berkeley software developer Aron Roberts.  Massachusetts
Institute of Technology senior research scientist David Clark says devices
will become increasingly autonomous.  "More and more, humans will be in a
world in which decisions are being made by an active set of cooperating
devices," Clark says.  Google chief Internet evangelist and ACM president
Vint Cerf says business models will need to adapt to the economics of
digital communication and storage.  He also says, "We may finally get to
Internet voting, but only if we have really strong authentication methods

Cyberattacks Could Paralyze U.S., Former Defense Chief Warns (Patrick Thibodeau)

"ACM TechNews" <>
Wed, 12 Mar 2014 11:31:29 -0400 (EDT)
Patrick Thibodeau, *Computerworld* 11 March 2014
  [Via ACM TechNews, Wednesday, March 12, 2014]

Former U.S. Secretary of Defense Leon Panetta on Tuesday said a large-scale
cyberattack against U.S. infrastructure is "the most serious threat in the
21st century."  Panetta emphasized the need for improved cyberdefense and
public education about cyberattack risks and said a large-scale attack could
"devastate our critical infrastructure and paralyze our nation."  He
compared the impact of a cyberattack to the damage caused by Hurricane
Sandy.  "We have to take steps to better defend ourselves against this
threat," Panetta said.  "The American people need to understand that that
this is not about hacking and identity theft, it has the potential for a
major attack on the United States."  Meanwhile, the U.S. Justice
Department's Richard Downing warned that international cybercriminals are
becoming more involved with organized crime, which makes their activities
harder to stop.  Downing also said extradition difficulties and evidence
gathering are obstacles to stopping cybercriminals, particularly in less
technically-advanced countries.  In addition, Georgetown University's
Catherine Lotrionte estimated that losses from international intellectual
property theft average about $300 billion a year.

"The Future of Internet Freedom" (Eric E. Schmidt and Jared Cohen)

Lauren Weinstein <>
Wed, 12 Mar 2014 08:59:53 -0700
  The details aren't pretty. In Russia, the government has blocked tens of
  thousands of dissident sites; at times, all WordPress blogs and Russian
  Wikipedia have been blocked. In Vietnam, a new law called Decree 72 makes
  it illegal to digitally distribute content that opposes the government, or
  even to share news stories on social media.  And in Pakistan, sites that
  were available only two years ago - like Tumblr, Wikipedia and YouTube -
  are increasingly replaced by unconvincing messages to "Surf Safely."
A later version appeared as an op-ed in *The New York Times* on 12 Mar 2014.

Worrying about NSA? Concentrate on Experian instead

George Sadowsky <>
March 10, 2014 at 1:34:06 PM EDT
14 Mar 2014 (via Dave Farber)
Experian Lapse Allowed ID Theft Service Access to 200 Million Consumer Records

In October 2013, KrebsOnSecurity published an exclusive story detailing how
a Vietnamese man running an online identity theft service bought personal
and financial records on Americans directly from a company owned by
Experian, one of the three major U.S. credit bureaus. Today's story looks
deeper at the damage wrought in this colossal misstep by one of the nation's
largest data brokers.

Vietnamese national Hieu Minh Ngo pleaded guilty last week to running the ID
theft service

Last week, Hieu Minh Ngo, a 24-year-old Vietnamese national, pleaded guilty
to running an identity theft service out of his home in Vietnam. Ngo was
arrested last year in Guam by U.S. Secret Service agents after he was lured
into visiting the U.S. territory to consummate a business deal with a man he
believed could deliver huge volumes of consumers' personal and financial
data for resale.

But according to prosecutors, Ngo had already struck deals with one of the
world's biggest data brokers: Experian. Court records just released last
week show that Ngo tricked an Experian subsidiary into giving him direct
access to personal and financial data on more than 200 million Americans.

NSA wants to infect **millions** of computers (via Dave Farber)

Dan Gillmor <>
March 12, 2014 at 12:24:32 PM EDT
Even paranoid people were underestimating the threat, it seems:

Who watches the watchers?

Henry Baker <>
Tue, 11 Mar 2014 16:53:07 -0700
A.k.a. "Quis custodiet ipsos custodes?"—a Latin phrase attributed to the
Roman poet Juvenal.

A version of Russell's Paradox states "The barber is a man in town who
shaves all those, and only those, men in town who do not shave themselves."
This "diagonalization" argument is also used to prove the undecidability of
logical problems.

Clearly, Senator Feinstein, as one of the watchdogs of the intelligence
agencies, has been just as shocked and surprised as the rest of us to find
out how lawless and ungovernable these intelligence agencies have become.
But the ancient Romans clearly understood the problem that the watchers all
too easily become unwatchable.

Feinstein: CIA searched Senate computers

Transcript: Sen. Dianne Feinstein says CIA searched Intelligence Committee

Sen. Dianne Feinstein on Tuesday morning accused the CIA of violating
federal law, detailing how the agency secretly removed documents from
computers used by the Senate Intelligence Committee.  The following is a
complete transcript of Feinstein's speech, courtesy of Federal News Service.

Good morning.  Over the past week, there have been numerous press articles
written about the Intelligence Committee's oversight review of the
detention and interrogation program of the CIA.  Specifically, press
attention has focused on the CIA's intrusion and search of the Senate
Select Committee's computers, as well as the committee's acquisition
of a certain internal CIA document known as the `Panetta Review.' I
rise today to set the record straight and to provide a full accounting of
the facts and history.

Let me say up front that I come to the Senate floor reluctantly.  Since
January 15th, 2014, when I was informed of the CIA search of this
committee's network, I've been trying to resolve this dispute in a
discreet and respectful way.

I have not commented in response to media requests for additional
information on this matter, however the increasing amount of inaccurate
information circulating now cannot be allowed to stand unanswered.

The origin of this study, the CIA's detention and interrogation program,
began operations in 2002, though it was not until September, 2006 that
members of the intelligence committee, other than the chairman and the vice
chairman were briefed.  In fact, we were briefed by then-CIA Director Hayden
only hours before President Bush disclosed the program to the public.

A little more than a year later, on December 6th, 2007, a New York Times
article revealed the troubling fact that the CIA had destroyed video tapes
of some of the CIA's first interrogations using so-called enhanced
techniques.  We learned that this destruction was over the objections of
President Bush's White House counsel and the director of national

After we read—excuse me—read about the tapes of the destruction in the
newspapers, Director Hayden briefed the Senate Intelligence Committee.  He
assured us that this was not destruction of evidence, as detailed records of
the interrogations existed on paper in the form of CIA operational tables
describing the detention conditions and the day-to-day CIA interrogations.

The CIA director stated that these cables were, quote, a more than adequate
representation, end quote, of what would have been on the destroyed tapes.
Director Hayden offered at that time, during Senator Jay Rockefeller's
chairmanship of the committee, to allow members or staff review these
sensitive CIA operational cables, that the videotapes—given that the
videotapes had been destroyed.

Chairman Rockefeller sent two of his committee staffers out to the CIA on
nights and weekends to review thousands of these cables, which took many
months.  By the time the two staffers completed their review into the
CIA's early interrogations in early 2009, I had become chairman of the
committee and President Obama had been sworn into office.

The resulting staff report was chilling.  The interrogations and the
conditions of confinement at the CIA detentions sites were far different and
far more harsh than the way the CIA had described them to us.

As a result of the staff initial report, I proposed and then-Vice Chairman
Bond agreed and the committee overwhelmingly approved that the committee
conduct an expansive and full review of the CIA's detention and
interrogation program.

On March 5th, 2009, the committee voted 14-1 to initiate a comprehensive
review of the CIA detention and interrogation program.

Immediately, we sent a request for documents to all relevant executive
branch agencies, chiefly among them the CIA.  The committee's preference was
for the CIA to turn over all responsive documents to the committee's office,
as had been done in previous committee investigations.

Director Panetta proposed an alternative arrangement, to provide literally
millions of pages of operational cables, internal emails, memos and other
documents pursuant to a committee's document request at a secure location in
northern Virginia.  We agreed, but insisted on several conditions and
protections to ensure the integrity of this congressional investigation.

Per an exchange of letters in 2009, then-Vice Chairman Bond, then-Director
Panetta and I agreed in an exchange of letters that the CIA was to provide
a, quote, stand-alone computer system, end quote, with a, quote, network
drive segregated from CIA networks, end quote, for the committee that would
only be accessed by information technology personnel at the CIA who would,
quote, not be permitted to share information from the system with other CIA
personnel, except as otherwise authorized by the committee, end quote.

It was this computer network that notwithstanding our agreement with
Director Panetta was searched by the CIA this past January—and once
before, which I will later describe.

In addition to demanding that the documents produced for the committee be
reviewed at a CIA facility, the CIA also insisted on conducting a
multi-layered review of every responsive document before providing the
document to the committee.  This was to ensure the CIA did not mistakenly
provide documents unrelated to the CIA's detention and interrogation program
or provide documents that the president could potentially claim to be
covered by executive privilege.

While we viewed this as unnecessary, and raised concerns that it would delay
our investigation, the CIA hired a team of outside contractors who otherwise
would not have had access to these sensitive documents to read multiple
times each of the 6.2 million pages of documents produced before providing
them to fully cleared committee staff conducting the committee's oversight
work.  This proved to be a slow and very expensive process.

The CIA started making documents available electronically to the committee's
staff at the CIA leased facility in mid-2009.  The number of pages ran
quickly to the thousands, tens of thousands, the hundreds of thousands and
then into the millions.  The documents that were provided came without any
index, without any organizational structure.  It was a true document dump
that our committee staff had to go through and make sense of.

In order to piece together the story of the CIA's detention and
interrogation program, the committee staff did two things that will be
important as I go on.  First, they asked the CIA to provide an electronic
search tool so they could locate specific relevant documents for their
search among the CIA-produced documents, just like you would use a search
tool on the Internet to locate information.

Second, when the staff found a document that was particularly important or
that might be referenced in our file report, they would often print it or
make a copy of the file on their computer so they could easily find it
again.  There are thousands of such documents in the committee's secure
spaces at the CIA facility.

Now, prior removal of documents by CIA.  In early 2010, the CIA was
continuing to provide documents and the committee staff was gaining
familiarity with the information it had already received.  In May of 2010,
the committee staff noticed that the documents had been provided for the
committee—that had been provided for the committee's review were no
longer accessible.

Staff approached the CIA personnel at the off-site location, who initially
denied that documents had been removed.  CIA personnel then blamed
information technology personnel, who were almost all contractors, for
removing the documents themselves without direction or authority.

And then the CIA stated that the removal of the documents was ordered by the
White House.  When the White—when the committee approached the White
House, the White House denied giving the CIA any such order.

After a series of meetings, I learned that on two occasions CIA personnel
electronically removed committee access to CIA documents after providing
them to the committee.  This included roughly 870 documents or page of
documents that were removed in February 2010; and secondly, roughly another
50 that were removed in mid-May 2010.  This was done without the knowledge
or approval of committee members or staff, and in violation of our written
agreements.  Further, this type of behavior would not have been possible had
the CIA allowed the committee to conduct the review of documents here in the
Senate.  In short, this was the exact sort of CIA interference in our
investigation that we sought to avoid at the outset.

I went up to the White House to raise the issue with the then- White House
counsel.  In May 2010, he recognized the severity of the situation and the
great implications of executive branch personnel interfering with an
official congressional investigation.  The matter was resolved with a
renewed commitment from the White House counsel and the CIA that there would
be no further unauthorized access to the committee's network or removal of
access to CIA documents already provided to the committee.

On May 17th, 2010, the CIA's then-director of congressional affairs
apologized on behalf of the CIA for removing the documents.  And that as far
as I was concerned put the incidents aside.  This event was separate from
the documents provided that were part of the internal Panetta review, which
occurred later and which I will describe next.

At some point in 2010, committee staff searching the documents that had been
made available found draft versions of what is now called the internal
Panetta review.  We believe these documents were written by CIA personnel to
summarize and analyze the materials that had been provided to the committee
for its review.  The Panetta review documents were no more highly classified
than other information we had received for our investigation.  In fact, the
documents appeared based on the same information already provided to the
committee.  What was unique and interesting about the internal documents was
not their classification level but rather their analysis and acknowledgment
of significant CIA wrongdoing.

To be clear, the committee staff did not hack into CIA computers to obtain
these documents, as has been suggested in the press. [...]

  [This is a much longer item, but truncated for RISKS.  PGN]

Governor Christie's New Scandal: Verizon's Fiber-Optic-"Digital Bridge" Gate (Bruce Kushnick)

Lauren Weinstein <>
Fri, 7 Mar 2014 14:24:03 -0800
On March 7, 2014 at 3:28:16 PM, Bruce Kushnick ( wrote:
Governor Christie's New Scandal: Verizon's Fiber-Optic-"Digital Bridge" Gate

It is now clear that while Governor Christie is embroiled in 'bridgegate',
which is about clogging and blocking of traffic movement over a bridge,
another scandal is brewing. Christie's New Jersey Board of Public Utilities
is about to close the digital highways to 1/3 or 1/2 of the State's
residential and business customers, not to mention harming schools,
libraries, hospitals or the municipalities' services and economic growth in
these areas.

President Obama has announced plans for 'bridging the digital divide'. In
this scandal, Governor Christie's State Commission, his Attorney General's
Office and the state Consumer Rate Counsel are planning to allow Verizon to
simply erase the laws and commitments to have 100% of Verizon New Jersey's
territory upgraded, replacing the old copper wires with a fiber optic
service capable of 45 Mbps in both directions—and it was supposed to be
done by the year 2010.

That's right. Back in 1991, Verizon New Jersey claimed it would make New
Jersey the first fully fiberized state with a plan called "Opportunity New
Jersey". Customers paid Verizon about $15 billion dollars in excess phone
charges (and tax perks) to do this construction for over two decades, not to
mention additional rate increases along the way-- and these increase have
been built into current rates for the last 2+ decades.

And yet, on 29 Jan 2014, the NJ Board of Public Utilities (NJBPU) offered
Verizon a stipulation agreement that will extinguish this commitment, which
is only partially done. I'll get back to this.

I wasn't suspicious until I started digging into why the NJBPU would take
this ridiculous path. In fact, the State had actually woken up in 2012 and
issued a 'show cause order', asking Verizon why two towns, Greenwich and
Stow Creek, weren't already upgraded. And in 2013, the State ordered Verizon
to do the work.

But, what caught my eye was this—two weeks before, on January 14th, 2014,
a new President of the Board of Public Utilities was installed and she was
not only chosen by Governor Christie, but is part of his cabinet.

"Dianne Solomon was named by Governor Christopher J. Christie as President
to the N.J. Board of Public Utilities (BPU) on January 14, 2014. President
Dianne Solomon also serves as a member of the Governor's Cabinet. President
Solomon was nominated by Governor Chris Christie to serve as Commissioner to
the Board of Public Utilities on April 17, 2013, and confirmed by the New
Jersey Senate on June 27, 2013."  And all the State had to do was to just
enforce the laws. All it had to say was - 'You didn't complete the job. Now
upgrade 100% of your state territory or we'll audit the books and have you
give back the money'

Instead, we ask - Is it a coincidence that the State decided to erase the
laws at this juncture? Does Governor Christie know about this or was it his

There's an underbelly to this.

To read the rest of this article:

Man called Bitcoin's father denies ties, leads LA car chase

Lauren Weinstein <>
Thu, 6 Mar 2014 16:27:34 -0800  (Reuters, via NNSquad)

  A Japanese American man thought to be the reclusive multi-millionaire
  father of Bitcoin emerged from a modest Southern California home and
  denied involvement with the digital currency before leading reporters on a
  freeway car chase to the local headquarters of the Associated Press ...
  Newsweek included a photograph and a described a short interview, in which
  Nakamoto said he was no longer associated with Bitcoin and that it had
  been turned over to other people. The magazine concluded that the man was
  the same Nakamoto who founded Bitcoin ...  He was mobbed by reporters and
  told them he was looking for someone who understood Japanese to buy him a
  free lunch...  "I'm not involved in Bitcoin. Wait a minute, I want my free
  lunch first. I'm going with this guy," Nakamoto said, pointing at a
  reporter from AP...  "I'm not in Bitcoin, I don't know anything about it,"
  the man said again while walking down the street with several cameras at
  his heels ...

You just can't make this stuff up—even here in L.A.

Re: Anne Rice (RISKS-27.79)

"David E. Ross" <>
Thu, 06 Mar 2014 13:33:03 -0800
I find it interesting that, of all people, Anne Rice opposes the use of
pseudonyms.  She wrote several erotic novels under the pseudonyms Anne
Rampling and A. N. Roquelaure, presumably to hide the fact of her

Re: TrustyCon and the RSA con NSA poll (RISKS-27.79_

"the wharf rat" <>
Thu, 6 Mar 2014 22:43:58 -0500 (EST)
If 52% of the RSA conference attendees support NSA surveillance in its
current form, it might just mean that the NSA has a lot of people attending
the RSA conference.

  [Or more likely friends of the family?  PGN]

Re: Apple's GotoFail Security Mess (RISKS-27.76)

John Beattie <>
Thu, 13 Mar 2014 21:32:14 +0000   #GotoFail

My compiler tells me when there is unreachable code. Why doesn't Apple's?
Especially, why doesn't Apple's when it is being used to compile crypto code?

I don't agree with Langley at Google: whoever was responsible for this was
deeply unprofessional as a software engineer.

Re: Applied Systems Theory

George Ledin <>
Mon, 10 Mar 2014 12:42:28 -0700
The Inside Risks article by Nancy Leveson and William Young (CACM, February
2014, Vol.57, No.2, pages 31-35) is an excellent overview of the
systems-theoretic approach applied to the thorny problems of safety and

William and Nancy frame the differences between the concepts of safety and
security as rooted in the intents of the actions and the benevolence or
malevolence of the actors. It is an ancient conceptual structure developed
over centuries of experience. It is what distinguishes intentional torts
(civil wrongs) from negligence. The difference is crisp, even if negligent
behavior escalates to recklessness. Greater liability attaches depending on
the seriousness level of the result. The issue at hand is action versus
inaction, for there are consequences either way. The medieval but brilliant
notion of scienter deals with how innocent or guilty is the actor's
foreknowledge of the event.

Put simply, safety is the (relative) freedom from the occurrence or risk of
injury or loss. Security is the (relative) assurance that the danger of
injury or loss is mitigated. Therefore security is the (relative) guarantee
of safety. As Nancy and William state, an actor's purpose has limited

The problem is the lack of remedies or, more succinctly, the immaturity of
computer science, and, especially, software engineering.  We are stuck
somewhere between art (beautiful code) and pell-mell technological advance
in response to perceived needs or just for the heck of it, with the latter
ironically better done than the former.  Never mind what for - that's for
society to sort out.

My own thinking about malware (malicious or malevolent, but also malformed,
malignant and malappropriate) is that society gets what it deserves
irrespective of consciousness or lack thereof. The fact that most software
projects are examples of sloppiness, that security is almost always an
afterthought, and that zero-day exploits are a given, says that we are
complicit with the "bad guys" - whoever they are.  They are teaching us a
lesson - the same lesson, essentially, repeatedly, and we remain
unlearned. Worse than unlearned: unbothered.

Vulnerabilities or threats? Leveson and Young are correct. Focusing on
vulnerabilities, threats can, and ought to, be tested. And retested.
Knowing one's weaknesses has to be useful; benign neglect is so obviously
imprudent. This was my message anent teaching viruses, worms, trojans, and
other digital agents of devastation. It is, for obscure reasons, a message
that continues to be ignored. There is a strange predilection toward a force
majeure approach to best practices. When everyone is ignorant, ignorance is
excusable. Off the hook thanks to acts of God.

The holistic way recommended by the authors is destined, unfortunately, to
be overlooked. There are only so many hours in our busy days. And as I said,
thus far there are no remedies, the FTC does not know what to do, and a
regulatory agency dedicated to digital security is a political
impossibility. But let us keep trying.

Re: Threat Modeling: Designing for Security (Shostack, RISKS-27.79)

Paul Edwards <>
Sat, 8 Mar 2014 10:10:47 +1100
> When it comes to measuring and communicating threats, the most ineffective
> example in recent memory was the Homeland Security Advisory System—which
> was a color-coded terrorism threat advisory scale.  The system was rushed
> into use and its output of colors was not clear.

This movie is quite old, but still resonates on a number of levels:


BOOK: Rebecca Slayton: Arguments That Count

"Peter G. Neumann" <>
Mon, 17 Mar 2014 11:37:50 PDT
Rebecca Slayton
Arguments That Count:
  Physics, Computing, and Missile Defense, 1949-2012
MIT Press, Cambridge Massachusetts and London England
xi+325 pp. (including 179 references and a copious 21-page index)

This book is a delightful and remarkably insightful exploration how the
three topics in the subtitle were interrelated during the stated 63-year
time span.  It should be of considerable interest particularly to younger
people who might be wondering how we got to where we are technologically,
politically, economically, and otherwise (although some of us older folks
have lived through it, and are still likely to find many new nuggets they
did not know).  The book will also be very valuable to nontechnical folks of
all ages.  It is very readable.

It is also very well researched (although I found an error in the first full
paragraph on Page 168: `ARPA' should be `NSA', relating to something in

The table of contents lists these chapter titles:

1. Software and the Race against Surprise Attack
2. Framing an “Appallingly Complex'' System
3. Complexity and the “Art or Evolving Science'' of Software
4. “No Technological Solution''
5. What Crisi?  Software in the “Safeguard'' Debate
6. The Politics of Complex Technology
7. The Political Economy of Software Engineering
8. Nature and Technology in the Star Wars Debate
9. Conclusion: Complexity Unbound

Please report problems with the web pages to the maintainer