The first bananas in the US were only brought in by small-time importers in the mid-1800s, to be sold in specialty stores. The first company dedicated to importing bananas (which is fun to imagine as a mission statement on an office poster) was the Boston Fruit Company. In 1870, the founder bought 160 cases of bananas in Jamaica and then sold them in Jersey City a couple weeks later. That went well, and he kept scaling up. The company is called Chiquita today.
Think about how you’d make bananas a thing. You’d want them to be sweet. Not too soft, not too firm. Grown in dense bunches for easy picking. You’d want to be able to pick them before they’re ripe, so that you’d have time to ship them thousands of miles. You’d want to be able to ripen them in storage. You’d want them to have thick rinds, to protect the flesh against damage in transit. And you’d want them to be seedless, for easy eating.
By the 1950s, that drive for improvement meant that there weren’t a dozen-plus types of banana on the shelf at the grocery store. There was one, the Gros Michel banana. That cultivar uniquely had all the right traits. It also had another trait that people didn’t know about — susceptibility to Panama disease, a fungal disease that, once it takes hold, infects the land permanently. From the 1920s through the 1950s, hundreds of thousands of acres of Central America went from being used exclusively for banana production to killing any Gros Michel tree that touched the soil.
Subscribe for free to get a new post from us at Open Source Defense every Monday.
How did the industry solve that? They switched to a different, Panama-disease-resistant banana cultivar, the Cavendish banana. The Cavendish was a hit. It’s likely the only banana you’ve ever eaten, because it’s pretty much the only one that’s exported to wealthy countries. But the success only came from even further centralizing banana production. Cavendishes cannot reproduce sexually. They “reproduce” by farmers taking offshoots of a Cavendish tree and planting them independently as new trees. This isn’t so much reproduction as cloning. All Cavendish trees are genetically identical clones. A new strain of Panama disease that does kill Cavendish bananas was discovered in 1993. That strain is now present throughout southeast Asia. If it spreads, there is no known cure for it. The only way to stop it from killing every Cavendish would be to engineer a new, genetically resistant sub-cultivar, even further centralizing banana production.
For Hezbollah, the bananas were pagers.
They used to talk on the phone. When that stopped working, they went to even more centralized messaging apps. When that stopped working, they went to pagers, which as comms go are actually pretty decentralized. But in terms of manufacturing, pagers are extremely centralized. So centralized, in fact, that Hezbollah got all their pagers from one manufacturer. That manufacturer turned out to be a Mossad front, so one day the entire monoculture of pagers exploded all at once.
This is where it’s easy to get into a debate about the situation on the Lebanon-Israel border. And that’s a fine debate, but it’s out of our scope. From a purely technological standpoint, a sophisticated state executing a major supply chain attack is a new frontier in the ability of central actors to install off switches on people throughout a society. Even across borders, to international targets of their choice. There are two modes of thinking about a tool like that.
The first mode is to litigate how the tool should be used. Think of good uses, think of bad uses, and make structures that pressure people into the former and out of the latter. You can think of this as everyone in The Lord of the Rings debating what to do with the One Ring.
The second mode is to say, “Forget how to use it, we need to throw this ring into Mount Doom.”
That second mode has its attractions. Centralized power is, well, powerful, and there are plenty of examples even within the US where it is misused. But it’s just not realistic for it not to exist. Technology marches on, and centralized actors (governments or otherwise) are going to get access to it. We talked about this tension a few weeks ago in the context of eventually-ubiquitous surveillance drones:
But on the other hand … is that actually right? What’s the principle there? That police shouldn’t have cutting-edge technology? There was a time when radios were cutting-edge technology. Then it was cars. Then it was computers. If you need the cops, you’d want them to have all of those things.
Maybe the principle is that police shouldn’t have technology that can be abused. But the trouble with that is that every technology can be abused. Cameras are a zeitgeisty example, but hell, there’s a piece of tech we talk about every week that’s easy to abuse — a gun. “The police, but only equipped with tech they can’t abuse” is the same as saying “the police, but equipped with no tech at all”.
…
So let’s add one more goal: the law enforcers should highly competent at safeguarding your rights, and extremely incompetent at taking them away. But that’s just a question of intent, right? A cop’s tools don’t care whether he’s showing up to take away your attacker or take away your guns. How do you arm the police with awesome tech to do the former without making it easier for them to do the latter?
The answer is actually central to gun rights: the way to solve problems with a new technology is to make more new technology. From “OSD 246: Eroom’s law”, quoting Steven Sinofsky:
the [executive order on AI] is from a culture that wants to regulate away tech problems instead of allowing people to innovate them away. “The best, enduring, and most thoughtful [scifi] writers who most eloquently expressed the fragility and risks of technology also saw technology as the answer to forward progress. They did not seek to pre-regulate the problems but to innovate our way out of problems. In all cases, we would not have gotten to the problems on display without the optimism of innovation.“
So a self-regulating system for modern police tech is something you’ve seen on gun forums forever: the police can have whatever they want, as long as I can have it too.
The same principle can apply to larger, more centralized actors than local police. Think large companies and elite intelligence agencies. If the Mossad can pwn a multinational supply chain to secretly make 5000 pagers into remote-controlled bombs, what are the odds that the NSA, Mossad, Chinese intelligence, MI6, and a half-dozen others can’t backdoor your phone? Not to do anything spectacular, and maybe not to do anything at all. Just to retain the ability to take a little peek if they ever really want to.
Play it out further. Think about remote kill switches in all new cars. Or 24/7 location monitoring, with the ability to dispatch a drone to your location. Or the ability to shut off your banking, or your comms. That’s all already doable today, and the rabbit hole only goes deeper. The incentives are just too strong, and the chokepoints in the hardware, software, and services are just too numerous. If you don’t worry about your government doing it to you, worry about a foreign one doing it. And vice versa.
So there isn’t really any use arguing about throwing the One Ring into the fires of Mount Doom. Any entity who could carry it there will just put it on instead.
Philosophically, gun rights are unusual in that they go the other way. (Remember gun rights? It’s a newsletter about gun rights.) The question is, what’s the optimal number of rings? Well, zero rings is just not going to happen. One ring is a bad idea, because someone will put it on and go full Gollum. So the optimal number of rings is, oh, 430 million. Anyone gets a ring as long as I get one too.
That’s a useful lens through which to evaluate security plans. Consider the effort to ban TikTok. Or regulate AI research. Or “do something” about mass shootings. The knee-jerk impulse is to centralize more. Build safety by centralizing power into ever fewer, ever bigger actors. But all that does is make a Cavendish banana.
Centralized actors are going to get more powerful. All of them, no matter how you feel about them. That’s how technology works. And that’s going to be fine, as long as decentralized actors continue to get more powerful too.
This week’s links
Some previous newsletter editions that are relevant to the essay above
If you like this newsletter and want to talk live with the people behind it, join the Discord server. The OSD team is there along with lots of our subscribers.
Am I the only one who has played the rogue poker game, Balatro? Gros michel is a great joker but dies easily, and cavendish is one of best jokers in the game. Now I get why they're cleverly named. But what gets my tinfoil hat on is the part about kill switches in cars, which they're already talking about mandating. They can already do some pretty sketchy stuff just via OnStar type services. We're going to need a new amendment to the constitution regarding data privacy and digital infiltration before long.
On the one hand, this pager attack leaves me feeling really uneasy for reasons I can't quite articulate.
But more to the point of this newsletter: if you weren't already assuming that USA, Israel, and China, _at minimum_, had the capacity to pull off this level of supply chain subversion, you were fooling yourself. For all we know, every microchip in the western world already has an NSA keylogger in it. Proceed accordingly
Am I the only one who has played the rogue poker game, Balatro? Gros michel is a great joker but dies easily, and cavendish is one of best jokers in the game. Now I get why they're cleverly named. But what gets my tinfoil hat on is the part about kill switches in cars, which they're already talking about mandating. They can already do some pretty sketchy stuff just via OnStar type services. We're going to need a new amendment to the constitution regarding data privacy and digital infiltration before long.
On the one hand, this pager attack leaves me feeling really uneasy for reasons I can't quite articulate.
But more to the point of this newsletter: if you weren't already assuming that USA, Israel, and China, _at minimum_, had the capacity to pull off this level of supply chain subversion, you were fooling yourself. For all we know, every microchip in the western world already has an NSA keylogger in it. Proceed accordingly