Pluralistic: Battery rationality (06 Dec 2024)


Today's links



A vintage Ray-O-Vac battery; the 'o' in Ray-O-Vac has been replaced with a demonic hellmouth cropped from an medieval manuscript. From the top of the battery, a giant mushroom cloud emerges, against a starry backdrop.

Battery rationality (permalink)

After 9/11, we were told that "no cost was too high" when it came to fighting terrorism, and indeed, the US did blow trillions on forever wars and regime change projects and black sites and kidnappings and dronings and gulags that were supposed to end terrorism.

Back in the imperial core, we all got to play the home edition of the "no price is too high" War on Terror game. New, extremely invasive airport security measures were instituted. A "no-fly" list as thick as a phone book, assembled in secret, without any due process or right of appeal, was produced and distributed to airlines, and suddenly, random babies and sitting US Senators couldn't get on airplanes anymore, because they were simultaneously too dangerous to fly and also not guilty enough to charge with any crime:

https://pluralistic.net/2021/01/20/damn-the-shrub/#no-nofly

We lost our multitools, our knitting needles, our medical equipment, all in the name of keeping another boxcutter rebellion from rushing the cockpit. As security expert Bruce Schneier repeatedly pointed out back then, the presence of (for example) glass bottles on the drinks trolley meant that would-be terrorists could trivially avail themselves of an improvised edged weapon that was every bit as deadly as 9/11's box cutters.

According to Schneier, there were exactly two meaningful security measures taken in those days: reinforcing cockpit doors, and teaching basic self-defense to flight crews. Everything else was "security theater," a term coined to describe the entire business, from TSA confiscations to warehouses full of useless "chemical sniffer" booths that were supposed to smell out bombs on our person:

https://www.motherjones.com/politics/2010/01/airport-scanner-scam/

Security theater isn't just about deploying measures that don't work – it's also about defending yourself against risks that don't exist. You know how this goes: in 2001, Richard Reid – AKA "The Shoenabomber" – tried to blow up a plane with explosives he'd hidden in his shoes. It didn't work, because it's a stupid idea – and then we all took off our shoes for a quarter-century:

https://en.wikipedia.org/wiki/Richard_Reid

In 2006, a gang of amateur chemists hatched a plan to synthesize explosives in an airplane toilet sink, scheming to smuggle in different reagents and precursors in their carry-on luggage, then making a bomb in the sky and taking down the plane and all its passengers. The "Hair Gel Bombers" were caught before the could try their scheme, but even if they had made it onto the plane, they would have failed. Their liquid explosive recipe started with mixing up a "piranha bath" – a mixture of sulfuric acid and hydrogen peroxide – that needs to be kept extremely cold for a long time, or it will turn into instantly lethal gas. If the liquid bomb plot had gone ahead, the near-certain outcome would have been the eventual discovery of an asphyxiated terrorist in the bathroom, lips blue and lungs burned away, face down in a shallow sink filled with melting ice-cubes:

https://en.wikipedia.org/wiki/2006_transatlantic_aircraft_plot

The fact that these guys failed utterly didn't have any impact on the dramaturges who ran the world's security theater. We're still having our liquids taken away at airport checkpoints.

Why did we have to defend ourselves against imaginary attacks that had been proven not to work? Because "no price was too high to pay" in the War on Terror. As Schneier pointed out, this was obvious nonsense: there is a 100% effective, foolproof way to prevent all attacks on civilian aircraft. All we need to do is institute a 100% ban on air travel. We didn't do that, because "no price is too high to pay" was always bullshit. Some prices are obviously too high to pay.

Which is why we still get to keep our underwear on, even after Umar Farouk "Underwear Bomber" Abdulmutallab's failed 2009 attempt to blow up an airplane with a bomb he'd hidden in his Y-fronts:

https://en.wikipedia.org/wiki/Umar_Farouk_Abdulmutallab

It's why we aren't all getting a digital rectal exam every time we fly, despite the fact that hiding a bomb up your ass actually works, as proven by Abdullah "Asshole Bomber" al-Asiri, who blew his torso off with a rectally inserted bomb in 2009 in a bid to kill a Saudi official:

https://en.wikipedia.org/wiki/Abdullah_al-Asiri

Apparently, giving every flier a date with Doctor Jellyfinger is too high a price to pay for aviation safety, too.

Now, theatrical productions can have very long runs (The Mousetrap ran in London for 70 years!), but eventually the curtain rings down on every stage. It's possible we're present for the closing performance of security theater.

On September 17, the Israeli military assassinated 12 people in Lebanon and wounded 2,800 more by blowing up their pagers and two-way radios whose batteries had been gimmicked with pouches of PETN, a powerful explosive. This is a devastating attack, because we carry a ton of battery-equipped gadgets around with us, and most of them are networked and filled with programmable electronics, so they can be detonated based on a variety of circumstances – physical location, a specific time, or a remote signal.

What's more, PETN-gimmicked batteries are super easy to make and effectively impossible to detect. In a breakdown published a few days after the attack, legendary hardware hacker Andrew "bunnie" Huang described the hellmouth that had just been opened:

https://www.bunniestudios.com/blog/2024/turning-everyday-gadgets-into-bombs-is-a-bad-idea/

The battery in your phone, your laptop, your tablet, and your power-bank is a "lithium pouch battery." These are manufactured all over the world, and you don't need a large or sophisticated factory to make one. It would be effectively impossible to control the manufacture of these batteries. You can make batteries in "R&D quantities" for about $50,000. Alibaba will sell you a full, turnkey "pouch cell assembly line" for about $10,000. More reputable vendors want as little as $15,000.

A pouch cell is composed of layers of "cathode and anode foils between a polymer separator that is folded many times." After a machine does all this folding, the battery is laminated into a pouch made of aluminum foil, which is then cleaned up, labeled, and flushed into the global supply chain.

To make a battery bomb, you mix PETN "with binders to create a screen-printed sheet" that's folded and inserted into the battery, in such a way as to produce a shaped charge that "concentrat[es] the shock wave in an area, effectively turning the case around the device into a small fragmentation grenade."

Doing so will reduce the capacity of the battery by about 10% or less, which is within the normal variations we see in batteries. If you're worried about getting caught by someone who's measuring battery capacity, you can add an extra explosive sheet to the battery's interior, increasing the thickness of a 10-sheet battery by 10%, which is within the tolerance for normal swelling.

Once the explosive is laminated inside its (carefully cleaned) aluminum pouch, there's no way to detect the chemical signature of the PETN. The pouch seals that all in. The PETN and other components of the battery are too similar to one another to be detected with X-ray fluorescence, and the multi-layer construction of a battery also foils attempts to peer inside it with Spatially Offset Raman Spectroscopy.

According to bunnie, there are no ways to detect a battery bomb through visual inspection, surface analysis or X-rays. You can't spot it by measuring capacity or impedance with electromechanical impedance spectroscopy. You could spot it with a high-end CT scan – a half-million dollar machine that takes about 30 minutes for each scan. You might be able to spot it with ultrasound.

Lithium batteries have "protection circuit modules" – a small circuit board with a chip that helps with the orderly functioning of the battery. To use one of these to detonate a PETN-equipped battery, you'd only have to make a small, board-level rewiring, which could deliver a charge via a "third wire" – the NTC temperature sensor that's standard in batteries.

Bunnie gets into a lot more detail in his post. It's frankly terrifying, because it's hard to read this without concluding that, indeed, any battery in any gadget could actually be a powerful, undetectable bomb. What's more, supply chain security sucks and bunnie runs down several ways you could get these batteries into your target's gadget. These range from the nefarious to the brute simple: "buy a bunch of items from Amazon, swap out the batteries, restore the packaging and seals, and return the goods to the warehouse."

Bunnie's point is that, having shown the world that battery bombs are possible, the Israelis have opened the hellmouth. They were the first ones to do this, but they won't be the last. We need to figure out something before "the front line of every conflict [is brought] into your pocket, purse or home."

All of that is scary af, sure, but note what hasn't happened in the wake of an extremely successful, nearly impossible to defeat explosives attack that used small electronics of the same genus as the pocket rectangles virtually every air traveler boards a plane with. We've had no new security protocols instituted since September 17, likely because no one can think of anything that would work.

Now, in the heady days when the security theater was selling out every performance and we were all standing in two-hour lines to take our shoes off, none of this would have mattered. The TSA's motto of "when in trouble, or in doubt, run in circles, scream and shout" would have come to the fore. We'd be forced to insert our phones into some grifter's nonfunctional billion-dollar PETN dousing-box, or TSA agents would be ordering us to turn on our phones and successfully play eleven rounds of Snake, or we'd be forced to lick our phones to prove that they weren't covered in poison.

But today, we're keeping calm and carrying on. The fact that something awful exists is, well, awful, but if we don't know what to do about it, there's no sense in just doing something, irrespective of whether that will help. We could order everyone to leave their phones at home when they fly, but then no one would fly anymore, and obviously, no one seriously thinks "no price is too high" for safety. Some prices are just too high.

I started thinking about all this last week, when I was in New Delhi to give a keynote for the annual meeting of the International Cooperative Alliance, which was jointly held with the UN as the inauguration of the UN International Year of Coops, with an address from UN Secretary General Antonio Guterres:

https://2025.coop/

When I arrived in New Delhi, my hosts were somewhat flustered because Indian Prime Minister Narendra Modi had just announced that he would give the opening keynote, which meant a lot of rescheduling and shuffling – but also a lot of security. I was told that the only things I could bring to the conference center the next day were my badge, my passport and my hotel room key. I couldn't bring a laptop, a phone or a spare battery. I couldn't even bring a pen ("they're worried about stabbings").

Modi – a lavishly corrupt authoritarian genocidier – has a lot of reasons to worry about his security. He has actual enemies who sometimes blow stuff up, and if one of them took him out, he wouldn't be the first Indian PM to die by assassination.

But the speakers and delegates gathered in the hotel lobby the next morning, we were told that we could bring phones, after all. Because of course we could. You can't fly people from all over the world to India and then ask them to forego the device they use as translator, map, note-taker, personal diary, and credit card. Some prices are just too high.

They took a lot of security measures. Everyone went through a metal detector, naturally. Then, we were sealed in the plenary room for more than an hour while the building was sealed off. Armed men were stationed all around the room, and the balcony outside the room was ringed with snipers:

https://www.flickr.com/photos/doctorow/54165263130/

We were prohibited from leaving our seats from the time Modi entered the room until he left it again, despite the fact that the PM was never more than a few steps from the single most terrifying bodyguard I'd ever seen:

https://www.flickr.com/photos/doctorow/54164805776/

And yet: the fact that we were less than two months out from an extremely successful, highly public demonstration of the weaponization of small batteries in personal electronics did not mean that we all had to leave our phones at the hotel.

After that, I'm tempted to think that, just possibly, security theater's curtain has rung down and its long SRO run has come to an end. It's a small bright spot in a dark time, but I'll take it.


Hey look at this (permalink)



A Wayback Machine banner.

This day in history (permalink)

#15yrsago TSA can’t redact documents properly, releases s00per s33kr1t operations manual http://cryptome.org/tsa-screening.zip

#15yrsago Photographers win British war on photography? https://www.independent.co.uk/news/uk/home-news/police-uturn-on-photographers-and-antiterror-laws-1834626.html

#15yrsago What do ISPs charge the law to spy on you? https://cryptome.org/isp-spy/yahoo-spy.pdf

#10yrsago Museums and the future history of the information age https://www.youtube.com/watch?v=qqPZ7blfVFo

#10yrsago Irish government retroactively legalizes GCHQ surveillance revealed in Snowden docs https://www.irishtimes.com/business/technology/state-sanctions-phone-and-email-tapping-1.2027844

#10yrsago Buy your own TSA-surplus pornoscanner for $8K https://web.archive.org/web/20141202204614/https://www.ebay.com/itm/111519265986

#10yrsago Senator Jay Rockefeller singlehandedly kills Freedom of Information Act reform https://web.archive.org/web/20141227173812/https://e-pluribusunum.com/2014/12/05/threatening-legacy-senator-jay-rockefeller-stands-alone-holding-back-historic-foia-reform-in-the-usa/

#10yrasago High court rules that English/Welsh prisoners should be allowed to read books https://www.theguardian.com/society/2014/dec/05/prison-book-ban-unlawful-court-chris-grayling

#10yrsago National Response Center: now THAT’s a logo https://memex.craphound.com/2014/12/06/national-response-center-now-thats-a-logo/

#5yrsago Prasad’s Law: there’s always enough health spending to concentrate wealth, never enough to diffuse it https://www.nakedcapitalism.com/2019/12/why-hospitals-never-have-enough-nurses-the-explanatory-power-of-prasads-law-of-wealth-concentration.html

#5yrsago The retreat of “scientific selfishness,” a literature review https://www.the-tls.co.uk/politics-society/economics/greed-is-dead

#5yrsago 95% of America’s largest voting districts’ mailservers lack basic anti-phishing protection https://techcrunch.com/2019/12/05/major-voting-districts-vulnerable-email-security/

#5yrsago Radicalized is one of the CBC’s best books of 2019! https://www.cbc.ca/books/the-best-canadian-fiction-of-2019-1.5382741

#1yrago Privacy first https://pluralistic.net/2023/12/06/privacy-first/#but-not-just-privacy


Upcoming appearances (permalink)

A photo of me onstage, giving a speech, holding a mic.



A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)



A grid of my books with Will Stahle covers..

Latest books (permalink)



A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • Picks and Shovels: a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books, February 2025

  • Unauthorized Bread: a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2025



Colophon (permalink)

Today's top sources:

Currently writing:

  • Enshittification: a nonfiction book about platform decay for Farrar, Straus, Giroux. Status: first pass edit underway (TKs and FCKs)

  • A Little Brother short story about DIY insulin PLANNING

  • Picks and Shovels, a Martin Hench noir thriller about the heroic era of the PC. FORTHCOMING TOR BOOKS FEB 2025

Latest podcast: Spill, part five (a Little Brother story) https://craphound.com/littlebrother/2024/12/01/spill-part-five-a-little-brother-story/


This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.


How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Medium (no ads, paywalled):

https://doctorow.medium.com/

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://twitter.com/doctorow

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla