The Good Ol’ Days

Do you remember the good old days? Back when political parties didn’t team up with foreign powers on multiple occasions to use illegally obtained material for personal gain?

[Aaron] Nevins confirmed to the [Wall Street] Journal that he told hacker Guccifer 2.0 to “feel free to send any Florida based information” after learning that the hacker had tapped into Democratic Congressional Campaign Committee (DCCC) computers last summer. From the DCCC, Guccifer 2.0 released internal assessments of Democratic congressional candidates, known as “self-opposition research,” to GOP operatives using social media. Nevins told the Journal that, after receiving the stolen documents from the hacker, he “realized it was a lot more than even Guccifer knew that he had.” The stolen DCCC documents also contained sensitive information on voters in key Florida districts, breaking down how many people were considered dependable Democratic voters, undecided Democrats, Republican voters and the like. Nevins made a war analogy, describing the data he received to Guccifer 2.0 as akin to a “map to where all the troops are deployed.”

After Nevins published some of the material on the blog HelloFLA.com, using his own pseudonym, Guccifer 2.0 sent a link of the information to close Trump associate Roger Stone — who is currently under federal investigation for potential collusion with Russia.


What the Journal story does indicate, however, is that a GOP operative who presented himself as working with Mike Flynn, a top Trump adviser with numerous dodgy Russian ties himself, actively solicited Clinton emails from hackers he believed to be Russian and assumed to be affiliated with the Russian government. Once he obtained a stash of unverified emails presented as the deleted Clinton emails, this operative then suggested the hackers release the cache to WikiLeaks one month after the DNC WikiLeaks dump and a month before the Podesta WikiLeaks dump.

*sigh*, I sure miss those days.

The Mechanisation of Hate

Over time, I’ve believed anti-feminism is a cult of sorts. Their use of memes was a deciding factor, but there are other tells. One exploits our instincts as a social species.

In order to encourage those social bonds, we have a need to be loved. This creates a loyalty to a social group, which we repay by advancing the needs of the group. We band together to gather food, fend off predators or other groups, and so on.
But if love forms bonds, couldn’t a lot of love form a really strong bond? Or overcome resistance to forming a bond? This is the rationale behind “love-bombing:” by showering your target with love, you hope to generate a relationship that otherwise wouldn’t happen. The term was even coined by a cult. The flip-side is hate-bombing, or showering someone with hate in the hope of causing emotional distress.

Via PZ, I learned that anti-feminists have a very similar concept: red-pilling.

“Redpill,” for the blissfully unaware, is a slang term in certain alt-right-adjacent internet communities like the men’s rights crew. It refers to that famous Matrix scene where Neo takes the red pill and sees things as they really are. When alt-right dudes use it, they generally mean “convince other white people that we’re better than others,” and many of them are not shy about trying to redpill their friends and families.

“It’s a new label for an old idea,” said Ryan Lenz, who gathers information on hate groups for the Southern Poverty Law Center’s Intelligence Project, and edits their Hatewatch blog.

That Vice article points out some common tactics, like building empathy and using bargaining to expose people to your propaganda. Laci Green appears to be the latest person to fall victim.

In late May, seemingly out of the blue, Green dramatically shifted her tone on harassment. Where once she supported the abused, she suddenly began questioning why there’s “more than two genders” and arguing that “both sides of the argument are valid” for everything from racism to transphobia to misogyny. In a stunning example of her newfound hypocrisy, she called feminist YouTuber and fellow member of her anti-harassment Facebook group Kat Blaque a “sociopath,” […]

In a series of videos, Green revealed that her shift was a result of “red pilling,” the term for a twisted Matrix-inspired recruitment process coined by men’s rights advocates, pick-up artists, and the “alt right.” The process involves a recruiter who attempts to position white supremacists as oppressed truth tellers while spinning phony racial and gender science as “free speech” that’s being trampled on by feminists and the political left.

The parallels between religious cults and the anti-feminist movement are chilling; I didn’t even realise there was a flip-side to love-bombing until I thought of examples drawn from anti-feminism. But there’s an ingredient we can add which makes things oh-so-much worse.

You can see the outlines of it in message boards like 4chan: someone announces a target, and other commenters swarm that person with love or hate. This is the early steps of the mechanisation of hate, in this case the automation of love/hate-bombing, and it’s gotten very sophisticated. The next logical step would be to get money involved in the process, and that’s already happened.

When Green created her anti-harassment Facebook group, it was largely in response to the rising trend of “response videos,” YouTube videos created by trolls who have devoted their lives to attacking feminist content. Creators of these videos often claim that their content does not itself constitute harassment, while simultaneously ignoring the actions of their followers, who frequently bombard their targets with an overwhelming number of slurs and violent messages. […]

Troublingly, up until recently, such videos were not only supported by YouTube, but incentivized. Because response videos are so easy to make, it was easy for reactionary YouTubers to churn out a lot of content, which YouTube then prioritized in an algorithm that favored prolific output, high view counts, and abundant comments — even if those comments were toxic. Gaming the very closely held secret of the YouTube algorithm became a de facto path to internet stardom, and the format was perfect for response-video creators.

This puts a dollar tag on hate. It’s no longer just about promoting your group or winning new members, you can actually make a good living off of hating on feminism. This is yet another parallel to religion, especially Christianity, which has always used various means to extract funds from its supporters to line the pockets of its preachers. It feeds into a self-feeding cycle of hate, where preachers clamber to earn the cash of followers by whipping up their hatred.

There is no easy way to defeat this, as it relies on deeply embedded parts of our psyche. Speaking up about it and educating people is probably the best tactic in the short-term, while in the long-term we work on dismantling or altering systems which promote it.

Russian Hacking Videos

In the last part of my series on the DNC hack, I mentioned that I watched a seminar hosted by Crowdstrike on how it was done. Some Google searching didn’t turn up much at first, but it did reveal other videos from Crowdstrike and other security firms. I’m still shaking my head at the view counts of some of these; shouldn’t reporters have swarmed them?

Ah well. If you’d like to see how these security companies viewed the DNC hack, here are some videos to check out.

[Read more…]

Russian Hacking and Bayes’ Theorem, Part 4

Ranum’s turn! Old blog post first.

Joking aside, Putin’s right: the ‘attribution’ to Russia was very very poor compared to what security practitioners are capable of. This “it’s from IP addresses associated with Russia” nonsense that the US intelligence community tried to sell is very thin gruel.

Here’s the Joint Analysis Report which has been the focus of so much ire, as well as a summary paragraph of what the US intelligence agency is trying to sell:

Previous JARs have not attributed malicious cyber activity to specific countries or threat actors. However, public attribution of these activities to RIS is supported by technical indicators from the U.S. Intelligence Community, DHS, FBI, the private sector, and other entities. This determination expands upon the Joint Statement released October 7, 2016, from the Department of Homeland Security and the Director of National Intelligence on Election Security.

They aren’t using IP addresses or attack signatures to sell attribution, they’re pooling all the analysis they can get their hands on, public and private. It’s short on details, partly for reasons I explained last time, and partly because it makes little sense to repeat details shared elsewhere.

I agree with most experts that the suggestions given are pretty useless, but that’s because defending against spearphishing is hard. Oh, it’s easy to white list IP access and lock down a network, but actually do that and your users will revolt and find workarounds that a network administrator can’t monitor.

The reporting on the Russian hacking consistently fails to take into account the fact that the attacks were pretty obvious, basic phishing emails. That’s right up the alley of a 12-year-old. In fact, let me predict something here, first: eventually some 12-year-old is going to phish some politician as a science fair project and there will be great hue and cry. It really is that easy.

I dunno, there’s a fair bit of creativity involved in trickery. You need to do some research to figure out the target’s infrastructure (so you don’t present them with a Gmail login if they’re using an internal Exchange server); research their social connections (an angry email from their boss is far more likely to get a response); find ways to disguise the URL displayed that neither a human nor browser will notice; construct an SSL certificate that the browser will accept; and it helps if you can find a way around two-factor encryption. The amount of programming is minimal, but so what? Computer scientists tend to value the ability to program above everything else, but systems analysis and design are arguably at least as important.

I wouldn’t be surprised to learn of a 12-year-old capable of expert phishing, any more than I’d be surprised that a 12-year-old had entered college or ran their own business or successfully engineered their own product; look at enough cases, and eventually you’ll see something exceptional.

By the way, there are loads of 12-year-old hackers. Go do a search and be amazed! It’s not that the hackers are especially brilliant, unfortunately – it’s more that computer security is generally that bad.

And yes, the state of computer security is fairly abysmal. Poor password choices (if people use passwords at all), poor algorithms, poor protocols, and so on. This is irrelevant, though; the fact that house break-ins are easy to do doesn’t refute the evidence that someone burgled a house.

Hey, that was quick. Next post!

Hornbeck left off two possibilities, but I could probably (if I exerted myself) go on for several pages of possibilities, in order to make assigning prior probabilities more difficult. But first: Hornbeck has left off at least two cases that I’d estimate as quite likely:

H) Some unknown person or persons did it
I) An unskilled hacker or hackers who had access to ‘professional’ tools did it
J) Marcus Ranum did it

I’d argue the first two are handled by D, “A skilled independent hacking team did it,” but it’s true that I assumed a group was behind the attack. Could the DNC hack be pulled off by an individual? In theory, sure, but in practice the scale suggests more than one person involved. For instance,

That link is only one of almost 9,000 links Fancy Bear used to target almost 4,000 individuals from October 2015 to May 2016. Each one of these URLs contained the email and name of the actual target. […]

SecureWorks was tracking known Fancy Bear command and control domains. One of these lead to a Bitly shortlink, which led to the Bitly account, which led to the thousands of Bitly URLs that were later connected to a variety of attacks, including on the Clinton campaign. With this privileged point of view, for example, the researchers saw Fancy Bear using 213 short links targeting 108 email addresses on the hillaryclinton.com domain, as the company explained in a somewhat overlooked report earlier this summer, and as BuzzFeed reported last week.

That SecureWorks report expands on who was targeted.

In March 2016, CTU researchers identified a spearphishing campaign using Bitly accounts to shorten malicious URLs. The targets were similar to a 2015 TG-4127 campaign — individuals in Russia and the former Soviet states, current and former military and government personnel in the U.S. and Europe, individuals working in the defense and government supply chain, and authors and journalists — but also included email accounts linked to the November 2016 United States presidential election. Specific targets include staff working for or associated with Hillary Clinton’s presidential campaign and the Democratic National Committee (DNC), including individuals managing Clinton’s communications, travel, campaign finances, and advising her on policy.

Even that glosses over details, as that list also includes Colin Powell, John Podesta, and William Rinehart. Also bear in mind that all these people were phished over roughly nine months, sometimes multiple times. While it helps that many of the targets used Gmail, when you add up the research involved to craft a good phish, plus the janitorial work that kicks in after a successful attack (scanning and enumeration, second-stage attack generation, data transfer and conversion), the scale of the attack makes it extremely difficult for an individual to pull off.

Similar reasoning applies to an unskilled person/group using professional tools. The multiple stages to a breach would be easy to screw up, unless you had experience carrying these out; the scale of the phish demands a level of organisation that amateurs shouldn’t be capable of. Is it possible? Sure. Likely? No. And in the end, it’s the likelihood we care about.

Besides, this argument tries to eat and have its cake. If spearphishing attacks are so easy to carry out, the difference between “unskilled” and “skilled” is small. Merely pulling off this spearphish would make the attackers experienced pros, no matter what their status was beforehand. The difference between hypotheses D and I is trivial.

There’s even more unconscious bias in Hornbeck’s list: he left Guccifer 2.0 off the list as an option. Here, you have someone who has claimed to be responsible left off the list of priors, because Hornbeck’s subconscious presupposition is that “Russians did it” and he implicitly collapsed the prior probability of “Guccifer 2.0” into “Russians” which may or may not be a warranted assumption, but in order to make that assumption, you have to presuppose Russians did it.

Who is Guccifer 2.0, though? Are they a skilled hacking group (hypothesis D), a Kremlin stooge (A), an unknown person or persons (H), or amateurs playing with professional tools (I)? “Guccifer 2.0 did it” is a composite of existing hypothesis subsets, so it makes more sense to focus on those first then drill down.

I added J) because Hornbeck added himself. And, I added myself (as Hornbeck did) to dishonestly bias the sample: both Hornbeck and I know whether or not we did it. Adding myself as an option is biasing the survey by substituting in knowns with my unknowns, and pretending to my audience that they are unknowns.

Ranum may know he didn’t do it, but I don’t know that. What’s obvious to me may not be to someone else, and I have to account for that if I want to do a good analysis. Besides, including myself fed into the general point that we have to liberal with our hypotheses.

I) is also a problem for the “Russian hackers” argument. As I described the DNC hack appears to have been done using a widely available PHP remote management tool after some kind of initial loader/breach. If you want a copy of it, you can get it from github. Now, have we just altered the ‘priors’ that it was a Russian?

This is being selective with the evidence. Remember “Home Alone?” Harry and Marv used pretty generic means to break into houses, from social engineering to learn about their targets, surveillance to verify that information and add more, and even crowbars on the locks. If that was all you knew about their techniques, you’d have no hope of tracking them down; but as luck would have it, Marv insisted on turning on all the faucets as a distinctive calling card. This allowed the police to track down earlier burglaries they’d done.

Likewise, if all we knew was that a generic PHP loader was used in the DNC hack, the evidence wouldn’t point strongly in any one direction. Instead, we know the intruders also used a toolkit dubbed “XAgent” or “CHOPSTICK,” which has been consistently used by the same group for nearly a decade. No other group appears to use the same tool. This means we can link the DNC hack to earlier ones, and by pooling all the targets assess which actor would be interested in them. As pointed out earlier, these point pretty strongly to the Kremlin.

I don’t think you can even construct a coherent Bayesian argument around the tools involved because there are possibilities:

  1. Guccifer is a Russian spy whose tradecraft is so good that they used basic off the shelf tools
  2. Guccifer is a Chinese spy who knows that Russian spies like a particular toolset and thought it would be funny to appear to be Russian
  3. Guccifer is an American hacker who used basic off the shelf tools
  4. Guccifer is an American computer security professional who works for an anti-malware company who decided to throw a head-fake at the US intelligence services

Quick story: I listened to Crowdstrike’s presentation on the Russian hack of the DNC, and they claimed XAgent/CHOPSTICK’s source code was private. During the Q&A, though, someone mentioned that another security company claimed to have a copy of the source.

The presenters pointed out that this was probably due to a quirk in Linux attacks. There’s a lot of variance in which kernel and libraries will be installed on any given server, so merely copying over the attack binary is prone to break. Because of this variety, though, it’s common to have a compiler installed on the server. So on Linux, attackers tend to copy over their source code, compile it into a binary, and delete the code.

You can see how this could go wrong, though. If the stub responsible for deleting the original code fails, or the operators are quick, you could salvage the source code of XAgent.

“Could.” Note that you need the perfect set of conditions in place. Even if those did occur, and even if the source code bundle contains Windows or OSX source too (excluding that would reduce the amount of data transferred and increase the odds of compilation slightly), the attack binary for those platforms usually needs to be compiled elsewhere. Compilation environments are highly variable yet leave fingerprints all over the executable, such as compilation language and time-stamps. A halfway-savvy IT security firm (such as FireEye) would pick up on those differences and flag the executable as a new variant, at minimum.

And as time went on, the two code bases would diverge as either XAgent’s originators or the lucky ducks with their own copy start modifying it. Eventually, it would be obvious one toolkit was in the hands of another group. And bear in mind, the first usage of XAgent was about a decade ago. If this is someone using a stolen copy of APT28/Fancy Bear’s tool, they’ve either stolen it recently and done an excellent job of replicating the original build environment, or have faked being Russian for a decade without slipping up.

While the above is theoretically possible, there’s no evidence it’s actually happened; as mentioned, despite years of observation by at least a half-dozen groups capable of detecting this event, only APT28 has been observed using XAgent.* None of Ranum’s options fit XAgent, nor do they fit APT28’s tactics either; from FireEye’s first report (they now have a second, FYI),

Since 2007, APT28 has systematically evolved its malware, using flexible and lasting platforms indicative of plans for long-term use. The coding practices evident in the group’s malware suggest both a high level of skill and an interest in complicating reverse engineering efforts.

APT28 malware, in particular the family of modular backdoors that we call CHOPSTICK, indicates a formal code development environment. Such an environment would almost certainly be required to track and define the various modules that can be included in the backdoor at compile time.

And as a reminder, APT28 aka. Fancy Bear is one of the groups that hacked into the DNC, and is alleged to be part of the Kremlin.

Ranum does say a lot more in that second blog post, but it’s either similar to what Biddle wrote over at The Intercept or amounts to kicking sand at Bayesian statistics. I’ve covered both angles, so the rest isn’t worth tackling in detail.

  • [HJH: On top of that, from what I’m reading APT28 prefers malware-free exploits, which use existing code on Windows computers to do their work. None of it works on Linux, so its source code would never be revealed via the claimed method.]

Quotas are Awesome

I’ve always been a fan of gender quotas. Think about it: sexism is largely unconscious and subtle, which means it has a disproportionate impact on subtle or indirect means of correcting gender imbalances. Blunt methods are more likely to succeed, and are more honest. If we truly think the genders are equal, why not bake that into our policies? Just be sure to incorporate non-binary people, too.

But there’s another good reason to endorse them. Emphasis mine:

Our study provides a unique window on quotas and, at the same time, pushes forward the measurement of competence in political selection. It uses the fact that, in 1993, Sweden’s Social Democratic party voluntarily introduced a strict gender quota for its candidates. In internal discussions of the reform, the party’s Women’s branch observed that some men were more critical than others. The quota became known colloquially as the “Crisis of the Mediocre Man,” since the incompetent men had the most to fear from an influx of women into politics.

If all genders are equal, but one gender has more representatives than the others, then by necessity there must be more mediocre members of that gender represented. Their average competence would be less than that of all other genders. We can measure that! And as yet another study found, quotas do indeed increase overall competence.

Within each local party, we compare the proportion of competent politicians in elections after the quota to the 1991 level. The figure below show some striking results. The left panel illustrates our estimates for politicians of both genders with black dots showing the change in the proportion of competent representatives in a party which is forced to increase their share of women (by 100 percentage points). The right panel splits the results by men and women (blue dots for men and pink dots for women). It shows distinctly that the average competence of male politicians increased in the places where the quota had a larger impact, and that the effect is concentrated to the three elections following the quota. On average, a higher female representation by 10 percentage points raised the proportion of competent men by 3 percentage points! For the competence of women, we observe little discernible effect.

Figure 1, from http://blogs.lse.ac.uk/businessreview/2017/03/13/gender-quotas-and-the-crisis-of-the-mediocre-man/Subdividing the men into leaders and followers reveals another interesting finding; there is clear evidence of a reduction in the proportion of male leaders (those at the top of the ballot) with mediocre competence. This suggests that quotas work in part by shifting incentives in the composing party ballots. Mediocre leaders are either kicked out or resign in the wake of more gender parity. Because new leaders – on average – are more competent, they feel less threatened by selecting more able candidates, which starts a virtuous circle of higher competence.

Embrace your inner socialist, and consider gender quotas. It’s good for business!

Community Scientism

Existential Comics is… a bit of a weird read. Crudely drawn, a bit obsessed with nihilism, it nonetheless hits some very powerful notes. And in their latest comic, they struck a chord close to home.

At Science HQ. DAWKINS: Philosophy! Ha. Nothing could be more useless. HARRIS: Exactly, all the so called philosophical problems will be solved with science. TYSON: Yes, it's all empty speculation, wheras we scientists us EVIDENCE. DE BEAUVOIR: NO SCIENTIFIC FACT CAN GIVE A PURPOSE TO OUR LIVES! DAWKINS: Who are you? DE BEAUVOIR: WE ARE THE PHILOSOPHY FORCE FIVE!!Confession time: not too long ago, I probably would have been standing next to Science Headquarters. I never would have called philosophy useless, and I thought Harris in particular was underplaying how difficult it would be to create a moral system from science, but I did buy into things like this.

Science is the best method humankind has devised for understanding causality. Therefore the scientific method is our most effective tool for understanding the causes of the effects we are confronted with in our personal lives as well as in nature. There are few human traits that most observers would call truly universal. Most would consent, however, that survival of the species as a whole, and the achievement of greater happiness of individuals in particular, are universals that most humans seek. We have seen the interrelationship between science, rationality, and rational skepticism. Thus, we may go so far as to say that the survival of the human species and the attainment of greater happiness for individuals depend on the ability to think scientifically, rationally, and skeptically.

In the handful of years since then, I’ve realized that science is both a business and a career. That alone is enough to warp the scientific record and induce false results. But the rot extends even further, right into the scientific method itself, and the only way out is through philosophy. If you’d prefer the short version (emphasis mine):

The above derivation is one reason why the frequentist confidence interval and the Bayesian credible region are so often confused. In many simple problems, they correspond exactly. But we must be clear that even though the two are numerically equivalent, their interpretation is very different.

Recall that in Bayesianism, the probability distributions reflect our degree of belief. So when we computed the credible region above, it’s equivalent to saying

“Given our observed data, there is a 95% probability that the true value of μ falls within CRμ” – Bayesians

In frequentism, on the other hand, μ is considered a fixed value and the data (and all quantities derived from the data, including the bounds of the confidence interval) are random variables. So the frequentist confidence interval is equivalent to saying

“There is a 95% probability that when I compute CIμ from data of this sort, the true mean will fall within CIμ.” – Frequentists

Note the difference: the Bayesian solution is a statement of probability about the parameter value given fixed bounds. The frequentist solution is a probability about the bounds given a fixed parameter value. This follows directly from the philosophical definitions of probability that the two approaches are based on.

So while many in the atheo-skeptic sphere are singing the praises of science, I’m filled with existential dread from things like this.

That question has been central to [John] Ioannidis’s career. He’s what’s known as a meta-researcher, and he’s become one of the world’s foremost experts on the credibility of medical research. He and his team have shown, again and again, and in many different ways, that much of what biomedical researchers conclude in published studies—conclusions that doctors keep in mind when they prescribe antibiotics or blood-pressure medication, or when they advise us to consume more fiber or less meat, or when they recommend surgery for heart disease or back pain—is misleading, exaggerated, and often flat-out wrong. He charges that as much as 90 percent of the published medical information that doctors rely on is flawed. His work has been widely accepted by the medical community; it has been published in the field’s top journals, where it is heavily cited; and he is a big draw at conferences. Given this exposure, and the fact that his work broadly targets everyone else’s work in medicine, as well as everything that physicians do and all the health advice we get, Ioannidis may be one of the most influential scientists alive. Yet for all his influence, he worries that the field of medical research is so pervasively flawed, and so riddled with conflicts of interest, that it might be chronically resistant to change—or even to publicly admitting that there’s a problem.

Come to think, that could explain why I read the comics I do.

Cup of Babylon

I recently got into an argument over how big a cup is. I’d thought that measurement came in only two sizes, Imperial and Metric, so I hit up Wikipedia.

1 U.S. legal cup 240mL
1 U.S. customary cup 236.5882365mL
1 Metric cup 250mL
1 Imperial cup 284mL
1 Canadian customary cup 227.3045mL
1 cup in some Latin American countries 200mL
1 contemporary Japanese cup 200mL
1 historic Japanese cup 180.3906836mL

… This is why we cannot have nice things.

Whoops

Back here, I admonished The Intercept for being careless about the handling of classified info. I’ve since learned it’s a bit more complicated than that.

The Intercept did indeed muck up, but it was over a then-completely-anonymous source and they tend to be treated with less care than known-but-anonymous sources. Meanwhile, no-longer-anonymous Reality Winner (no really, that’s her name) left a paper trail behind her which would have let the NSA track her down once they knew the document had been leaked. By trying to source the document, The Intercept triggered the audit which caught Winner.

Their sourcing was done sloppily, but The Intercept don’t have a monopoly on blame here.

Squirting Right

Ever heard of the Sea Squirt? It’s a memorable creature.

What’s most fascinating about the sea squirt is that, almost as soon as it stops moving, its brain is absorbed by its body. Being permanently attached to a home makes the sea squirt’s spinal cord and the neurons that control locomotion superfluous. Once the sea squirt becomes stationary, it literally eats its own brain.

This tells us something important: brainpower is strongly related to movement. If you don’t go anywhere, you don’t need that much computational power between your ears.

While there are those like Sean Hannity who are reliable cheerleaders for all things President Trump, much of the conservative news media is now less pro-Trump than it is anti-anti-Trump. The distinction is important, because anti-anti-Trumpism has become the new safe space for the right. […]

For the anti-anti-Trump pundit, whatever the allegation against Mr. Trump, whatever his blunders or foibles, the other side is always worse.

But the real heart of anti-anti-Trumpism is the delight in the frustration and anger of his opponents. Mr. Trump’s base is unlikely to hold him either to promises or tangible achievements, because conservative politics is now less about ideas or accomplishments than it is about making the right enemies cry out in anguish.

There’s been a remarkable shift in US politics. The Right-wing has largely become the “anti-Left:” whatever the Left is in favor of, the Right opposes. This has some advantages, like making it easy to leverage fear and removing the possibility of contradiction. Truth and feelings become synonymous.

[NEWT] GINGRICH: The current view is that liberals have a whole set of statistics that theoretically may be right, but it’s not where human beings are.

CAMEROTA: But what you’re saying is, but hold on Mr. Speaker because you’re saying liberals use these numbers, they use this sort of magic math. These are the FBI statistics. They’re not a liberal organization. They’re a crime-fighting organization.

GINGRICH: No, but what I said is equally true. People feel more threatened.

CAMEROTA: Feel it, yes. They feel it, but the facts don’t support it.

GINGRICH: As a political candidate, I’ll go with how people feel and I’ll let you go with the theoriticians.

But if you define yourself as the opposite of something else, other people define your position for you. If you cannot contradict yourself, you do not have to waste time and energy searching for contradictions. In the intellectual sphere, you drift under the power of others, and otherwise cannot be moved.

If you cannot move, why do you need a brain? No wait, let me rephrase that: why do you need to think? There’s no need to teach critical thought, and plenty of reason to oppose it. Intellectuals become the enemy, experts the target of scorn. This makes you easily manipulated. Hucksters flock in to take advantage of you.

It doesn’t have to be this way. Conservatives used to hold to specific positions in US politics, some of which were progressive. Should any Republicans or conservatives wander onto this post, I implore you: think, before you glue yourself down and lose that ability.

The Intersection of Intersex and Trans*

Shiv blogged about a fascinating article on TransAdvocate. The title gives you a good preview: “An intersex perspective on the trans, intersex and TERF communities.” It seems some intersex people are drawn to “gender critical” feminism; on the surface, they argue against surgery and claim to push back against the notion of binary gender.

But, when you get into the details,

intersex advocates and “gender critical feminists” have very different end positions on medical interventions into the sexed body. Intersex advocates believe that no intervention should be forced–but also that once an intersex person is old enough to give full informed consent, that hormonal, surgical, or others interventions should be performed if that’s what the individual truly wants. Many, many, many intersex people do choose interventions of their own free will. …  Intersex people often seek hormone replacement therapy to masculinize or feminize their bodies, or surgeries to move their urethras to allow neater or standing urination, or any of a wide number of other interventions. And intersex advocates support all of these choices. We just wish them to be free choices, not forced by doctors or parents or social shaming.

Gender-critical feminists, on the other hand, turn out to hold a very different position: that all interventions into the sexed body are mutilations, not just those imposed without consent. Just as it is a mutilation to surgically alter the innocent bodies of intersex babies, they say, it is a pointless self-mutilation for an adult to choose to have their sexed body medically altered, because sex cannot be changed. …  The only healthy and feminist response to unhappiness with one’s body presented is to learn to accept it as it is. For intersex people, this just replaces the rigid regime of forcing medical interventions with a rigid regime of withholding them. Switching one constraint on intersex people for another isn’t the motivation for this gender critical position–I don’t know if they are even aware that intersex people desire some medical interventions. The main purpose of their argument that one must accept the natural body is to tell trans people that they must give up on the “delusion” that one can be born with a penis but really be a woman, or born with a vagina but really be a man, or born a human being and really be a member of some alternative sex.

This is but one of the many insights Cary Costello’s article offers. At one point, I summarised early TERFs as “lesbians squicking out over potential penis.” It was unabashedly superficial, but I’m not the only one to notice the fixation on genitals.

But participating in discussions with gender crits, it quickly becomes apparent that they are indeed transphobic–and apparently obsessed with penises. They talk about them constantly, and presume that all trans women have them (because they say even a trans woman who has genital reconstructive surgery now simply possesses an “inverted penis”). And penises are always presented as dangerous–“natal [cis] girls” might see them in locker rooms and be traumatized, trans-protective laws would mean no woman could ever be sure the person in the next stall didn’t have a penis, and thus pose a threat to her. This obsession with other people’s genitals and validation of the idea that people should be upset by those with the “wrong ones” runs completely counter to the interests of intersex people. …  In painting trans women’s bodies as deceptive, dangerous and disgusting, transphobic feminists paint those born sex variant with the same brush.

But I didn’t point you to the article just because it pokes holes in TERF ideology; there are excellent observations about the overlap between the trans* and intersex communities, with suggestions for improvement. No spoilers, though, you’ll have to read those for yourself. Cary Costello’s article deserves a second shout-out.