[Plura-list] Battery rationality
Cory Doctorow
doctorow at craphound.com
Fri Dec 6 08:05:16 EST 2024
Read today's issue online at: https://pluralistic.net/2024/12/06/shoenabombers/
Today's links
* Battery rationality: Ringing down the curtain on 9/11's security theater.
* Hey look at this: Delights to delectate.
* This day in history: 2009, 2014, 2019, 2023
* Upcoming appearances: Where to find me.
* Recent appearances: Where I've been.
* Latest books: You keep readin' em, I'll keep writin' 'em.
* Upcoming books: Like I said, I'll keep writin' 'em.
* Colophon: All the rest.
^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^
⛺️ Battery rationality
After 9/11, we were told that "no cost was too high" when it came to fighting terrorism, and indeed, the US did blow *trillions* on forever wars and regime change projects and black sites and kidnappings and dronings and gulags that were supposed to end terrorism.
Back in the imperial core, we all got to play the home edition of the "no price is too high" War on Terror game. New, extremely invasive airport security measures were instituted. A "no-fly" list as thick as a phone book, assembled in secret, without any due process or right of appeal, was produced and distributed to airlines, and suddenly, random babies and sitting US Senators couldn't get on airplanes anymore, because they were simultaneously too dangerous to fly and also not guilty enough to charge with any crime:
https://pluralistic.net/2021/01/20/damn-the-shrub/#no-nofly
We lost our multitools, our knitting needles, our medical equipment, all in the name of keeping another boxcutter rebellion from rushing the cockpit. As security expert Bruce Schneier repeatedly pointed out back then, the presence of (for example) glass bottles on the drinks trolley meant that would-be terrorists could trivially avail themselves of an improvised edged weapon that was every bit as deadly as 9/11's box cutters.
According to Schneier, there were exactly *two* meaningful security measures taken in those days: reinforcing cockpit doors, and teaching basic self-defense to flight crews. Everything else was "security theater," a term coined to describe the entire business, from TSA confiscations to warehouses full of useless "chemical sniffer" booths that were supposed to smell out bombs on our person:
https://www.motherjones.com/politics/2010/01/airport-scanner-scam/
Security theater isn't just about deploying measures that don't work - it's also about defending yourself against risks that *don't exist*. You know how this goes: in 2001, Richard Reid - AKA "The Shoenabomber" - tried to blow up a plane with explosives he'd hidden in his shoes. It didn't work, because it's a stupid idea - and then we all took off our shoes for a quarter-century:
https://en.wikipedia.org/wiki/Richard_Reid
In 2006, a gang of amateur chemists hatched a plan to synthesize explosives in an airplane toilet sink, scheming to smuggle in different reagents and precursors in their carry-on luggage, then making a bomb in the sky and taking down the plane and all its passengers. The "Hair Gel Bombers" were caught before the could try their scheme, but even if they had made it onto the plane, they would have failed. Their liquid explosive recipe started with mixing up a "piranha bath" - a mixture of sulfuric acid and hydrogen peroxide - that needs to be kept *extremely cold* for a *long* time, or it will turn into instantly lethal gas. If the liquid bomb plot had gone ahead, the near-certain outcome would have been the eventual discovery of an asphyxiated terrorist in the bathroom, lips blue and lungs burned away, face down in a shallow sink filled with melting ice-cubes:
https://en.wikipedia.org/wiki/2006_transatlantic_aircraft_plot
The fact that these guys failed utterly didn't have any impact on the dramaturges who ran the world's security theater. We're still having our liquids taken away at airport checkpoints.
Why did we have to defend ourselves against imaginary attacks that had been proven not to work? Because "no price was too high to pay" in the War on Terror. As Schneier pointed out, this was obvious nonsense: there is a 100% effective, foolproof way to prevent *all* attacks on civilian aircraft. All we need to do is institute a 100% ban on air travel. We didn't do that, because "no price is too high to pay" was always bullshit. Some prices are *obviously* too high to pay.
Which is why we still get to keep our underwear on, even after Umar Farouk "Underwear Bomber" Abdulmutallab's failed 2009 attempt to blow up an airplane with a bomb he'd hidden in his Y-fronts:
https://en.wikipedia.org/wiki/Umar_Farouk_Abdulmutallab
It's why we aren't all getting a digital rectal exam every time we fly, despite the fact that hiding a bomb up your ass *actually works*, as proven by Abdullah "Asshole Bomber" al-Asiri, who blew his torso off with a rectally inserted bomb in 2009 in a bid to kill a Saudi official:
https://en.wikipedia.org/wiki/Abdullah_al-Asiri
Apparently, giving every flier a date with Doctor Jellyfinger is too high a price to pay for aviation safety, too.
Now, theatrical productions can have very long runs (*The Mousetrap* ran in London for 70 years!), but eventually the curtain rings down on every stage. It's possible we're present for the closing performance of security theater.
On September 17, the Israeli military assassinated 12 people in Lebanon and wounded 2,800 more by blowing up their pagers and two-way radios whose batteries had been gimmicked with pouches of PETN, a powerful explosive. This is a devastating attack, because we carry a *ton* of battery-equipped gadgets around with us, and most of them are networked and filled with programmable electronics, so they can be detonated based on a variety of circumstances - physical location, a specific time, or a remote signal.
What's more, PETN-gimmicked batteries are super easy to make and effectively impossible to detect. In a breakdown published a few days after the attack, legendary hardware hacker Andrew "bunnie" Huang described the hellmouth that had just been opened:
https://www.bunniestudios.com/blog/2024/turning-everyday-gadgets-into-bombs-is-a-bad-idea/
The battery in your phone, your laptop, your tablet, and your power-bank is a "lithium pouch battery." These are manufactured all over the world, and you don't need a large or sophisticated factory to make one. It would be effectively impossible to control the manufacture of these batteries. You can make batteries in "R&D quantities" for about $50,000. Alibaba will sell you a full, turnkey "pouch cell assembly line" for about $10,000. More reputable vendors want as little as $15,000.
A pouch cell is composed of layers of "cathode and anode foils between a polymer separator that is folded many times." After a machine does all this folding, the battery is laminated into a pouch made of aluminum foil, which is then cleaned up, labeled, and flushed into the global supply chain.
To make a battery bomb, you mix PETN "with binders to create a screen-printed sheet" that's folded and inserted into the battery, in such a way as to produce a shaped charge that "concentrat[es] the shock wave in an area, effectively turning the case around the device into a small fragmentation grenade."
Doing so will reduce the capacity of the battery by about 10% or less, which is within the normal variations we see in batteries. If you're worried about getting caught by someone who's measuring battery capacity, you can add an extra explosive sheet to the battery's interior, increasing the thickness of a 10-sheet battery by 10%, which is within the tolerance for normal swelling.
Once the explosive is laminated inside its (carefully cleaned) aluminum pouch, there's no way to detect the chemical signature of the PETN. The pouch seals that all in. The PETN and other components of the battery are too similar to one another to be detected with X-ray fluorescence, and the multi-layer construction of a battery also foils attempts to peer inside it with Spatially Offset Raman Spectroscopy.
According to bunnie, there are no ways to detect a battery bomb through visual inspection, surface analysis or X-rays. You can't spot it by measuring capacity or impedance with electromechanical impedance spectroscopy. You *could* spot it with a high-end CT scan - a half-million dollar machine that takes about 30 minutes for each scan. You *might* be able to spot it with ultrasound.
Lithium batteries have "protection circuit modules" - a small circuit board with a chip that helps with the orderly functioning of the battery. To use one of these to detonate a PETN-equipped battery, you'd only have to make a small, board-level rewiring, which could deliver a charge via a "third wire" - the NTC temperature sensor that's standard in batteries.
Bunnie gets into a lot more detail in his post. It's frankly terrifying, because it's hard to read this without concluding that, indeed, any battery in any gadget could actually be a powerful, undetectable bomb. What's more, supply chain security *sucks* and bunnie runs down several ways you could get these batteries into your target's gadget. These range from the nefarious to the brute simple: "buy a bunch of items from Amazon, swap out the batteries, restore the packaging and seals, and return the goods to the warehouse."
Bunnie's point is that, having shown the world that battery bombs are possible, the Israelis have opened the hellmouth. They were the first ones to do this, but they won't be the last. We need to figure out something before "the front line of every conflict [is brought] into your pocket, purse or home."
All of that is scary af, sure, but note what *hasn't* happened in the wake of an *extremely successful*, nearly impossible to defeat explosives attack that used small electronics of the same genus as the pocket rectangles virtually every air traveler boards a plane with. We've had *no* new security protocols instituted since September 17, likely because no one can think of anything that would work.
Now, in the heady days when the security theater was selling out every performance and we were all standing in two-hour lines to take our shoes off, none of this would have mattered. The TSA's motto of "when in trouble, or in doubt, run in circles, scream and shout" would have come to the fore. We'd be forced to insert our phones into some grifter's nonfunctional billion-dollar PETN dousing-box, or TSA agents would be ordering us to turn on our phones and successfully play eleven rounds of Snake, or we'd be forced to lick our phones to prove that they weren't covered in poison.
But today, we're keeping calm and carrying on. The fact that something awful exists is, well, *awful*, but if we don't know what to do about it, there's no sense in just doing *something*, irrespective of whether that will help. We could order everyone to leave their phones at home when they fly, but then no one would fly anymore, and obviously, no one seriously thinks "no price is too high" for safety. Some prices are just too high.
I started thinking about all this last week, when I was in New Delhi to give a keynote for the annual meeting of the International Cooperative Alliance, which was jointly held with the UN as the inauguration of the UN International Year of Coops, with an address from UN Secretary General Antonio Guterres:
https://2025.coop/
When I arrived in New Delhi, my hosts were somewhat flustered because Indian Prime Minister Narendra Modi had just announced that he would give the opening keynote, which meant a lot of rescheduling and shuffling - but also a *lot* of security. I was told that the only things I could bring to the conference center the next day were my badge, my passport and my hotel room key. I couldn't bring a laptop, a phone or a spare battery. I couldn't even bring a pen ("they're worried about stabbings").
Modi - a lavishly corrupt authoritarian genocidier - has a lot of reasons to worry about his security. He has actual enemies who sometimes blow stuff up, and if one of them took him out, he wouldn't be the first Indian PM to die by assassination.
But the speakers and delegates gathered in the hotel lobby the next morning, we were told that we *could* bring phones, after all. Because of course we could. You can't fly people from all over the world to India and then ask them to forego the device they use as translator, map, note-taker, personal diary, and credit card. Some prices are just too high.
They took a *lot* of security measures. Everyone went through a metal detector, naturally. Then, we were sealed in the plenary room for more than an hour while the building was sealed off. Armed men were stationed all around the room, and the balcony outside the room was ringed with snipers:
https://www.flickr.com/photos/doctorow/54165263130/
We were prohibited from leaving our seats from the time Modi entered the room until he left it again, despite the fact that the PM was never more than a few steps from the single most terrifying bodyguard I'd ever seen:
https://www.flickr.com/photos/doctorow/54164805776/
And yet: the fact that we were less than two months out from an extremely successful, highly public demonstration of the weaponization of small batteries in personal electronics did not mean that we all had to leave our phones at the hotel.
After that, I'm tempted to think that, just possibly, security theater's curtain has rung down and its long SRO run has come to an end. It's a small bright spot in a dark time, but I'll take it.
^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^
⛺️ Hey look at this
* How Can U.S. and Mexican Workers Build Cross-Border Solidarity? https://www.labornotes.org/blogs/2024/12/how-can-us-and-mexican-workers-build-cross-border-solidarity
* Why did Silicon Valley turn right? https://www.programmablemutter.com/p/why-did-silicon-valley-turn-right
* Six hours under martial law in Seoul https://www.theverge.com/24312920/martial-law-south-korea-yoon-suk-yeol-protest-dispatch
^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^
⛺️ This day in history
#15yrsago TSA can’t redact documents properly, releases s00per s33kr1t operations manual http://cryptome.org/tsa-screening.zip
#15yrsago Photographers win British war on photography? https://www.independent.co.uk/news/uk/home-news/police-uturn-on-photographers-and-antiterror-laws-1834626.html
#15yrsago What do ISPs charge the law to spy on you? https://cryptome.org/isp-spy/yahoo-spy.pdf
#10yrsago Museums and the future history of the information age https://www.youtube.com/watch?v=qqPZ7blfVFo
#10yrsago Irish government retroactively legalizes GCHQ surveillance revealed in Snowden docs https://www.irishtimes.com/business/technology/state-sanctions-phone-and-email-tapping-1.2027844
#10yrsago Buy your own TSA-surplus pornoscanner for $8K https://web.archive.org/web/20141202204614/https://www.ebay.com/itm/111519265986
#10yrsago Senator Jay Rockefeller singlehandedly kills Freedom of Information Act reform https://web.archive.org/web/20141227173812/https://e-pluribusunum.com/2014/12/05/threatening-legacy-senator-jay-rockefeller-stands-alone-holding-back-historic-foia-reform-in-the-usa/
#10yrasago High court rules that English/Welsh prisoners should be allowed to read books https://www.theguardian.com/society/2014/dec/05/prison-book-ban-unlawful-court-chris-grayling
#10yrsago National Response Center: now THAT’s a logo https://memex.craphound.com/2014/12/06/national-response-center-now-thats-a-logo/
#5yrsago Prasad’s Law: there’s always enough health spending to concentrate wealth, never enough to diffuse it https://www.nakedcapitalism.com/2019/12/why-hospitals-never-have-enough-nurses-the-explanatory-power-of-prasads-law-of-wealth-concentration.html
#5yrsago The retreat of “scientific selfishness,” a literature review https://www.the-tls.co.uk/politics-society/economics/greed-is-dead
#5yrsago 95% of America’s largest voting districts’ mailservers lack basic anti-phishing protection https://techcrunch.com/2019/12/05/major-voting-districts-vulnerable-email-security/
#5yrsago Radicalized is one of the CBC’s best books of 2019! https://www.cbc.ca/books/the-best-canadian-fiction-of-2019-1.5382741
#1yrago Privacy first https://pluralistic.net/2023/12/06/privacy-first/#but-not-just-privacy
^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^
⛺️ Upcoming appearances
* ACM Conext-2024 Workshop on the Decentralization of the Internet (Los Angeles), Dec 9
https://conferences.sigcomm.org/co-next/2024/#!/din
* IA et “merdification“ d’internet: peut-on envisager un nouveau web? (Remote), Dec 12
https://www.unige.ch/comprendre-le-numerique/conferences-publiques1/cycle-5-2024-2025/ia-et-merdification-dinternet-peut-envisager-un-nouveau-web/
* Should a Public Telecom Be An Election Issue/Davenport NDP (Remote), Dec 15
https://www.davenportndp.ca/public_telecom_town_hall
* ISSA-LA Holiday Celebration keynote (Los Angeles), Dec 18
https://issala.org/event/issa-la-december-18-dinner-meeting/
* Picks and Shovels with Dan Savage (Seattle), Feb 19
https://www.eventbrite.com/e/cory-doctorow-with-dan-savage-picks-and-shovels-a-martin-hench-novel-tickets-1106741957989
* Cloudfest (Europa Park), Mar 17-20
https://cloudfest.link/
* DeepSouthCon63 (New Orleans), Oct 10-12, 2025
http://www.contraflowscifi.org/
^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^
⛺️ Recent appearances
* Enshittification: Why Everything Suddenly Got Worse and What to Do About It (HOPE XV)
https://www.youtube.com/watch?v=YrciT_dc2sc&list=PLcajvRZA8E0_tLLEh1COeAv-TcaDna2k1&index=32
* How To Keep IoT From Becoming An IoTrash (Def Con)
https://www.youtube.com/watch?v=tA7bpp8qXxI
* How Big Tech made Trump 2.0 (Real News Network)
https://therealnews.com/how-big-tech-made-trump-2-0
^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^
⛺️ Latest books
* The Bezzle: a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books (US), Head of Zeus (UK), February 2024 (the-bezzle.org). Signed, personalized copies at Dark Delicacies (https://www.darkdel.com/store/p3062/Available_Feb_20th%3A_The_Bezzle_HB.html#/).
* "The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org). Signed, personalized copies at Dark Delicacies (https://www.darkdel.com/store/p3007/Pre-Order_Signed_Copies%3A_The_Lost_Cause_HB.html#/)
* "The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
* "Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com. Signed copies at Dark Delicacies (US): and Forbidden Planet (UK): https://forbiddenplanet.com/385004-red-team-blues-signed-edition-hardcover/.
* "Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com
* "Attack Surface": The third Little Brother novel, a standalone technothriller for adults. The *Washington Post* called it "a political cyberthriller, vigorous, bold and savvy about the limits of revolution and resistance." Order signed, personalized copies from Dark Delicacies https://www.darkdel.com/store/p1840/Available_Now%3A_Attack_Surface.html
* "How to Destroy Surveillance Capitalism": an anti-monopoly pamphlet analyzing the true harms of surveillance capitalism and proposing a solution. https://onezero.medium.com/how-to-destroy-surveillance-capitalism-8135e6744d59?sk=f6cd10e54e20a07d4c6d0f3ac011af6b) (signed copies: https://www.darkdel.com/store/p2024/Available_Now%3A__How_to_Destroy_Surveillance_Capitalism.html)
* "Little Brother/Homeland": A reissue omnibus edition with a new introduction by Edward Snowden: https://us.macmillan.com/books/9781250774583; personalized/signed copies here: https://www.darkdel.com/store/p1750/July%3A__Little_Brother_%26_Homeland.html
* "Poesy the Monster Slayer" a picture book about monsters, bedtime, gender, and kicking ass. Order here: https://us.macmillan.com/books/9781626723627. Get a personalized, signed copy here: https://www.darkdel.com/store/p2682/Corey_Doctorow%3A_Poesy_the_Monster_Slayer_HB.html#/.
^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^
⛺️ Upcoming books
* Picks and Shovels: a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books, February 2025
* Unauthorized Bread: a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2025
^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^
⛺️ Colophon
Today's top sources:
Currently writing:
* Enshittification: a nonfiction book about platform decay for Farrar, Straus, Giroux. Status: first pass edit underway (TKs and FCKs)
* A Little Brother short story about DIY insulin PLANNING
* Picks and Shovels, a Martin Hench noir thriller about the heroic era of the PC. FORTHCOMING TOR BOOKS FEB 2025
Latest podcast:
Spill, part five (a Little Brother story) https://craphound.com/littlebrother/2024/12/01/spill-part-five-a-little-brother-story/
This work - excluding any serialized fiction - is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.
https://creativecommons.org/licenses/by/4.0/
Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.
^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^
⛺️ How to get Pluralistic:
Blog (no ads, tracking, or data-collection):
Pluralistic.net
Newsletter (no ads, tracking, or data-collection):
https://pluralistic.net/plura-list
Mastodon (no ads, tracking, or data-collection):
https://mamot.fr/@pluralistic
Medium (no ads, paywalled):
https://doctorow.medium.com/
Twitter (mass-scale, unrestricted, third-party surveillance and advertising):
https://twitter.com/doctorow
Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):
https://mostlysignssomeportents.tumblr.com/tagged/pluralistic
"*When life gives you SARS, you make sarsaparilla*" -Joey "Accordion Guy" DeVilla
More information about the Plura-list
mailing list