I spent a long time as a lacto-ovo vegetarian aspiring to go vegan but intimidated by the perception that there wasn't much to eat as a vegan (perhaps the same perception that omnivores have about lacto-ovo vegetarianism). One thing that comforted me in becoming vegan was the observation that my lacto-ovo vegetarian diet was already about 80% vegan (with the main exceptions being dessert foods, nachos, and pizza).
I'm sure there are a lot of other people who think veganism and lacto-ovo vegetarianism are good ideas but who are deterred from actually adopting them by the "nothing to eat" idea. For a while, I've been thinking about putting up a website with examples of things that I eat as a vegan to try to reassure people that there's a great diversity of good food available without animal ingredients. This is especially true in a wealthy modern multicultural society where we have a number of raw ingredients and news of cuisines that would probably have been impossible to imagine just 20 or 30 years ago, and is probably still unimaginable to many people around the world.
Nicol pointed out to me over the weekend that PETA has put up a web site with a superficially similar plan -- to convey the idea that lots of familiar foods are actually vegan. Their site is called I Can't Believe It's Vegan! and shows pictures of some foods that happen to be vegan.
The bizarre thing about the I Can't Believe It's Vegan site (hereinafter "ICBIV") is that pretty much all the foods shown are highly processed packaged junk foods from major companies like Kraft, Nabisco, Post, and so on. The message of the site seems to be that you don't have to give up these familiar packaged foods when you go vegan (and that, if you eat a lot of junk food, much of your diet is already vegan).
Now this is perfectly true, and nobody should know this better than I, since I eat a fair amount of junk food, and since I've long been impressed with just how much junk food turns out to be vegan. Junk food as a category is just not something that vegans have to give up. On the other hand, the main reason that junk food is vegan is often because so many of the ingredients are artificial and are not from any biological source whatsoever, at least not in the form in which it would be found in nature. There are lots of jokes about this even among non-vegans. There are examples of processed foods that are sold based on the idea that they are meat-flavored and turn out not to contain any meat, because the meat flavors are derived from artificial flavorings. Praveen suggests that some of the meat flavors of Top Ramen, for example, actually contain no meat at all. One can imagine a future vegan version of Cheetos or Cheez-wiz, because what, after all, do these products gain from actually including real dairy cheese? It sure doesn't taste like cheese anymore...
But I don't think the idea that Top Ramen is maybe secretly vegan is going to turn out to be a very exciting selling point for veganism -- and neither do I think ICBIV is a helpful contribution on this score. It's not that I think people shouldn't eat artificial flavors or processed foods. It's just that the foods pictured on the ICBIV site are almost without exception (1) not nutritious and (2) not foods that readers are likely to hold in high esteem as "good food". If you were to construct a vegan diet out of the things that the woman on the front page of ICBIV seems about to hug, you might actually get scurvy or some other nutritional disorder -- because you would be eating cookies, crackers, and chips all day long. Who considers these foods the mainstays of an appealing or interesting diet?
I keep reading about people in the inner city, lacking sources of fresh produce, becoming malnourished by subsisting on food from convenience stores and liquor stores. But now we know that some of them are probably accidentally eating vegan without even knowing it.
ICBIV feels like a weird love letter to the big processed food companies: See, we knew you guys could come up with something vegan in your product lines! Yay!
To repeat: I eat junk food, artificial flavors, and processed foods. I eat a lot of carbohydrates. I like eating these things. I'm glad that many of them are made without animal products. But I can't understand why anyone would use that fact as the centerpiece of any kind of vegan advocacy. As the sum total of a diet, these things are not glamorous or interesting or healthy.
Today I ate Thai food and Mediterranean food; Friday I made sandwiches with 15 ingredients. In addition to Thai and Mediterranean, I regularly eat at Ethiopian, Indian, Chinese, Japanese, Italian, Vietnamese, and Mexican restaurants, as well as soup/salad/sandwich and vegetarian restaurants. (As a lacto-ovo vegetarian, I also ate other Central American and South American food and had an easier time with Mexican food than I do now.) Although my diet is habit-influenced and could be quite a bit better balanced than it is, it isn't in the least boring or impoverished. I'd like to make a web site that shows off things like these; it feels like almost the opposite project of ICBIV. It would also be a great excuse to try new foods.
Chris Palmer and I went to
the
talk at Stanford that Matt Blaze
gave on his work with
Micah Sherr, Eric Cronin, and Sandy Clark on wiretapping vulnerabilities.
Here are my notes on what he said.
Wiretapping has become exciting because of reports on the
NSA Program,
but it's also interesting technically. We can examine how people
(with or without legal authority) actually tap telephones in the real world.
"Once we know how it works, our next question as security people is
always: how does it fail?"
This also leads to the question of the level of trustworthiness of
wiretap evidence.
We are working on studying eavesdropping through a research program:
what is required to build an eavesdropping-friendly or
eavesdropping-resistant network? How does eavesdropping work and
what kinds of noncryptographic countermeasures to it may exist?
What are the limitations of wiretapping devices?
Law enforcement telephone wiretapping is an old technology and
supposedly well-understood. It could be studied as an example of
a mature, reliable wiretapping system.
Traditional wiretap threat model: the risks are detection of the tap,
and obfuscation of content of communication. (The content could
potentially be encrypted, but it isn't conceptually possible to
encrypt the routing information end-to-end. The routing
intermediaries need to be able to access it. So you can get
transactional or routing information even in the presence of
end-to-end cryptography.) [Note: you could in theory encrypt
phone numbers en route to the phone company; the phone company
would know whom you're calling, but an eavesdropper in between
you and the phone company wouldn't know without the phone
company's co-operation.]
There is an industry called the TSCM industry that purports to be
able to detect wiretaps in some ways, for example via
time-domain
reflectometry.
Blaze doesn't have a high regard for the TSCM industry. It's expensive
and inconclusive. In his view, the best that a wiretap detection
consultant can say is that no wiretap has been found and that the
customer is invited to spend more money to pay for more sophisticated
tests. [It's possible to imagine tapping equipment in a modern
digital network that has absolutely no effect on the signal or on
the electrical properties of the local loop. So even if there were
perhaps good tests for wiretapping in the past, those might be
getting less useful over time.]
However, there is a question of whether wiretapping evidence is
reliable.
POTS is basically the same as it was 100 years ago -- with central
offices and circuit-switching. A phone from 100 years ago will
pretty much still work today. "Telephones are a remarkable example
of engineering optimization" because they were built to work with
very minimal requirements: just two wires between CO and the end
subscriber, don't assume that the subscriber has power, don't
assume that the subscriber has anything else. There is a DC current
loop that provides 48 V DC power. The current loop determines the
hook switch state. There's also audio signalling for in-band
signalling from phone to CO -- or from CO to phone -- or for voice.
It all depends on context and yet all these things are multiplexed
over two wires, including the hook state and the audio signalling
and the voice traffic.
If you wanted to tap this: you could do it in three different
ways.
- Via the local loop (wired or wireless/cellular).
- Via the CO switch (software programming).
- Via trunk interception (e.g. fiber, microwave, satellite)
with demultiplexing.
How do LEAs do it? Almost always at local loop or CO. (By
contrast, intelligence agencies are more likely to try to
tap trunks.)
Under U.S. law, wiretapping in general is illegal, with particular
exceptions. These include pen registers (traffic analysis
data) and full-content wiretaps (Title III and FISA). About
ten times as many pen registers as full content wiretaps occur.
It's harder legally, and also more expensive and labor-intensive,
to do full-content wiretaps.
Wiretap technologies:
- Call detail records via subpoena -- provided after the fact (like
a pen register, but retrospective)
- Older technology: Loop extender / dialup slave (both pen register
and full-audio)
- Newer technology: CALEA / J-STD-025A (also both pen register and
full-audio)
Q. What about cell phone location tracking?
A. There is an interface in CALEA for cell phone wireline interfaces.
Q. But does that include location?
A. No, not yet as a matter of the standards.
[Cf. EFF's
page on cell phone location tracking which makes clear that law
enforcement agencies have been routinely tracking cell phone users'
movements. I'm not sure whether Blaze understood the question from
the audience as related to this phenomenon.]
Loop extenders connect target line to a designated "friendly" line.
The part at the telco is the loop extender, and the part attached to the
friendly line back at the LEA is called a dialed number recorder (DNR)
or collection device. The loop extender must perform some kind of
electrical isolation to prevent detection. Interestingly, all of the
audio is always sent over the friendly line; the only difference between
a pen register and a full-audio collection is the configuration of the
collection device equipment at the LEA's premises. The phone company
can't directly control what LEAs see.
It's inconvenient to get this equipment in order to study it because
normally only authorized agencies are allowed to possess it.
18 USC 2512
may make it a felony to own the equipment. Vendors also won't necessarily
sell it to just anyone.
"So, we had to shop on eBay."
LEAs, like everyone else, sell their used equipment on eBay. Within
about a month, you'll get a lab full of wiretap equipment sold at
bargain-basement prices. (Also, they often accidentally sent you
recordings of old taps!) And it even looks like wiretapping equipment.
We were legal because we had an NSF grant which is a contract with the
Federal government. There is an exception that allowed government
contractors to acquire wiretap equipment. [18 USC 1252(2)(b)]
Loop extenders are owned by LEAs but are made to look like regular
telco equipment -- it doesn't look particularly suspicious. No overt
markings are preprinted. If you saw one on a utility pole or in a
telco rack, you would probably consider it totally unremarkable; it's
a small plastic piece of telecommunications equipment with a pair
going in and two pairs coming out. A loop extender costs about $200
new from the manufacturer. Blaze "never spent more than about $10 for
a slightly used one".
At the LEA you have a DNR ("dialed number recorder") which has an RJ11 input and then has an
audio output and a tape recorder controller. It also has a "minimize"
or mute button. The LEA is supposed to have a human being involved
who will attempt to prevent recordings of people or conversations that
are outside the scope of the warrant. It's very dull to sit there and
have to keep pressing the minimize button when the wrong thing comes
on the phone.
Q. Do LEAs actually use the minimize button?
A. Yes. These systems are designed for legal wiretaps to create
evidence that you can use in court. If you want to play by the rules,
then you use this. If you wanted to do an illegal or rogue wiretap,
there are simpler, cheaper ways with other equipment.
We found three countermeasures that let subjects manipulate the
recording process.
Countermeasure #1: manipulating captured digits. The dialed digits
are sent via in-band audio signalling as
DTMF tones. There is a tone
decoder at the telco, and also a separate tone decoder in the DNR at
the LEA. The DNR tone decoder tries to mimic the actions of the telco's
tone decoder.
The DTMF standards standardize a lot of different aspects of DTMF,
including the frequencies for the rows and columns. They specify
the amplitudes and other things. In general, the standards for encoders
are tighter than the standards for decoders. [Like Jon Postel's
rule.]
But what this means is that these standards are not single tones or
amplitude levels, but ranges. The sender is conservative and the
receiver is liberal. DTMF encoding has the same basic idea.
The analog eavesdropper's dilemma: "Whether a tone is accepted as a
valid DTMF digit depends on several parameters"; and there is no right
answer to what happens when you're on the edge between accepting and
rejecting a tone. The eavesdropper has a harder job because the
eavesdropper has not to "comply with the standard" but rather to mimic
the precise behavior of the equipment that was at the telco CO. And
this is true for each and every parameter specified in the standard.
Every analog decoder is necessarily going to be a little bit wrong --
too conservative or too liberal in some way.
You can use your phone switch as an oracle to figure out where its
accept/reject edges are -- based on whether call completion occurs.
It will be pretty consistent and accurate. You can do this for each
of the tone and amplitude and duration parameters. It takes about
30-120 minutes to do an exhaustive test with respect to all parameters.
Based on this information, you can produce "marginal" DTMF encodings.
Some of these are just outside or just inside what your local phone
switch will accept. We can call these "confusion" and "evasion"
digits. The former will be ignored by the switch but may be accepted
by the eavesdropper and the latter
will be accepted by the switch and may be ignored by the eavesdropper.
You can then practice confusion/evasion dialing. You can dial a
large number of digits and the eavesdropper will get, in practice,
totally wrong information. "You would just never get the same answer
on two different devices, but you could cause the calls to still
go through to the desired number." You'd have to recalibrate every
few days.
Countermeasure #2: false call records. Line status (on-hook,
off-hook) can't be communicated in-band because if it tried to
hang up the friendly line would hang up too. So line extenders use
in-band audio signalling. And the standard for loop extenders is
to transmit the DTMF C tone all the time to indicate that the line
is idle (on-hook).
Therefore, the DNR will deactivate itself when it hears a C tone
and activate itself when it no longer hears a C tone.
Q. Why does the friendly line hang up when you hang up?
A. It's hard to get the phone company to provision a "dry" circuit
(which is unaffected by DC on-hook/off-hook signals).
This is actually a lot like the blue box problem with regard to
2600 Hz tones. The telephone system used to use in-band signalling where
tones played within the communication channel itself would control the
communication equipment; this allowed phone phreaks to make free phone
calls by playing the right tone. (If someone you don't trust is using
your equipment, letting tones they play control how your equipment behave
can be a bit of a security risk.)
But wiretappers apparently didn't learn this lesson: "If in-band signalling was good enough for AT&T,
it should be good enough for the FBI." There is a close analogy
between the blue box vulnerability and the wiretap equipment's
vulnerability. Sure enough, sending a C tone down your target
line doesn't cause your call to hang up but it does call the DNR
at the LEA to ignore the communications coming in over the friendly
line. It indicates that the call has ended and turns off the
recording equipment.
You can therefore fake a lot of different events and cause the
evidence collected by the LEA to be wrong.
Countermeasure #3: disabling audio recording. You don't have to
send a full-volume C tone. You can send a very quiet C tone in the
background to suppress recording. This is sufficient. Either the
wiretap subject or the other party can do this. The automatic
gain control in the DNR will cause the DNR to detect the quiet C
tone.
Demo (same as on Blaze's web site) -- cheaper recorder (that wasn't
vulnerable to the C tone) could record the call but the professional loop
extender equipment couldn't.
Now, what about CALEA? Loop extenders are largely being
replaced by CALEA-compliant systems. Theoretically, these
signals are decoded at the switch and therefore most of these
countermeasures could be neutralized. "In principle, this
should mean that this is the end of the talk." The CALEA
design has the potential to be immune because of the way it
separates content from signal.
However, law enforce asked for backwards compatibility in
CALEA equipment. FCC refused to make this mandatory (and they
were correct from the point of view of making wiretapping more
reliable and effective). But
it turned out that many vendors implemented it anyway in
response to LEA requests. Therefore by default a large
amount of CALEA-compliant equipment actually causes the
C tone to be usable even here.
Consequently in many systems it's possible to disrupt
interception and also to confuse the eavesdropper by
introducing inaccurate call records. Someone who's being
wiretapped can falsely incriminate other parties. To
make this more accurate, they should actually get the
call detail records and then compare them with the
wiretap evidence.
Q. Can you play a C tone into your own phone line?
A. Sure, there's no law against it. It's easy to generate a
C tone on a computer. The law disfavors wiretapping by default
and therefore there is nothing illegal about a wiretap subject
trying to prevent wiretapping.
Q. Has this problem come up in court?
A. We looked at trial transcripts to try to find out.
Trial transcripts actually show many strange
malfunctions of wiretap equipment -- but defense attorneys
have never tried to challenge wiretap evidence. It
would be a fool's errand.
Q. Or has it just not come up?
A. Wiretap evidence is often just one piece of evidence that's
corroborated by other evidence. Therefore, even if the wiretap
equipment malfunctioned or were untrustworthy, it would be rare
that proving this would, by itself, lead to an acquittal.
Q. What percentage of switches implement the J-standard?
A. Almost all, but we don't know for sure.
Q. Couldn't you disable the equipment's response to the C tone?
A. Some vendors are able to do this in response to our research
and others are not.
Q. Are the backwards compatibility features turned on by default?
A. Yes, usually, and many of them can't even be turned off by the
end user.
Q. What about the other industry of outsourced wiretapping,
e.g. via VeriSign? They will act as the LEA on the LEA's behalf
so the LEA doesn't have to buy the equipment.
A. If the C tone processing is present on any one of those
interfaces then it will be vulnerable, but we don't know for
sure.
Q. Could your answering machine play the C tone as part of
your outgoing message, e.g. as your answering machine beep?
A. Yes.
We were curious how the wiretapper finds out the phone numbers
of incoming callers. The answer is that they use traditional
caller ID. If the target doesn't subscribe to caller ID, their
standard practice has been to call the phone company, impersonate
the wiretap subject, and order it for them. "So if caller ID
appears on your phone, don't necessarily regard it as a nice gift!"
