Slashdot Mirror

That would be open to 'forcing' though, as large groups from one party could conspire to follow persons of interest into the booths. That's getting pretty theoretical, but random important guy's (voting) privacy is just as worthy of protection as everybody else's.

Have you seen Rivest's 3 ballot system? Look here:
http://www.schneier.com/blog/archives/2006/10/new_ voting_prot.html
http://theory.csail.mit.edu/~rivest/Rivest-TheThre eBallotVotingSystem.pdf

I haven't read these, but they popped up while tracking it down:
http://www.cs.princeton.edu/~appel/voting/Strauss- ThreeBallotCritique2v1.5.pdf
http://www.cs.princeton.edu/~appel/papers/Defeatin gThreeBallot.pdf

They appear to be of interest.

And US Marines has used it since at least early 2004.
Silly String wasn't such a silly battle order, their supplier finds

And an anonymous comment in the Schneier blog claims Silly String was originally invented for doing exactly this kind of work.. in the Korea war.

I'm sure a military historian will find that the first use of throwing light strings to discover tripwires was less than a month after the first use of tripwires. :)

You have to love email forwards disguised as news articles.

This has been floating around for years -- I first saw it as a piece promoting British Special Forces ingenuity. Our very own Bruce Schneier mentioned it (and the suppressed Cockeyed piece) around this time last year.

Their was a post a couple of weeks ago on Bruce Schneier's blog about getting data off a "secure" RFID credit card:
http://www.schneier.com/blog/archives/2006/11/skim ming_rfid_c.html

I wrote a short paper concerning RFID technology about a year ago, it mostly concerned the hardware and systems architecture. There was no shortage of reports and studies of RFID keys being cracked like the mobile speedpass http://www.jhu.edu/news_info/news/home05/jan05/rfi d.html.

http://www.ti.com/rfid/shtml/news-releases-rel02-1 0-05.shtml. Some of these passive rfid tags have no access control whatsoever. Meaning one take a small RFID programmer into their favorite store and start changing prices, or worse, write a virus to the RFID tag so the next time it's polled it'll get injected into their SQL DB. Possibly compromising their entire POS system. Ironically, this sort of stunt if done well enough could result in a jackpot of creditcard numbers so it wouldn't matter if you used an RFID enabled card or not at that point :).

Some random RFID links.
http://www.schneier.com/blog/archives/2005/03/rfid _security_a.html
http://www.rfidgazette.org/2004/06/rfid_101.html
http://www.rfidjournal.com/article/articleview/133 9/2/129/
http://www.technovelgy.com/ct/Technology-Article.a sp?ArtNum=20
http://www.enigmatic-consulting.com/Communications _articles/RFID/Link_budgets.html

A nice article on RFID virus attack
http://www.cbronline.com/article_news.asp?guid=B96 0208D-9ECF-4F0B-B964-4DD779BFF905

http://www.computerworld.com/securitytopics/securi ty/story/0,10801,100459p2,00.html

From which comes a nice quote, this is from 2005.
"The TI technology is vulnerable to attack because it uses a decade-old, 40-bit cryptographic key to encrypt communications between the RFID DST tags and readers, the researchers found. TI also used an unknown and proprietary encryption algorithm on its DST devices. But Rubin's team reverse-engineered the secret algorithm by observing how DST tags responded to specially crafted challenges. Once they guessed the algorithm, researchers created a software program that could be used in so-called brute-force attacks on DST devices to recover the secret cryptographic keys, Rubin said."

The site, http://rfidanalysis.org/ that hosted these findings no longer exists but you could probably find it cached on the net somewhere, wayback machine maybe.

Remember that RFID represents a system and not one piece of technology. The implementation of the system is dependent on the deployment plan. I could make an "RFID system" with 2 933Mhz radios and a pair of 8-bit microcontrollers from digikey for around $150. Sure, you could pull my data out of the air, but technically speaking I'm using RFID. I could also build my own RFID key system with 2048-bit encryption to act as the keys to my car. It's not that difficult to develop, really just assembling existing technologies. RFID can be done "right" and it is a promising technology. I wouldn't shun it for alot of commercial applications but for personal applications, well ask yourself the question. Is this thing a necessary part of your life?

Peter

The machines will recognize account holders' thumbprints, eliminating the need for a personal identification number

Why can't these idiots ever understand that fingerprints aren't secrets?

So now I can collect a fingerprint from someone (you know you leave them on everything you touch, right?) and have instant access to their bank account?

Mandatory reading for biometric proponents: Fun with fingerprint readers

This was stored as an image for some reason

"At the STM, the information is combined into a format called a PIN block, scrambled, then passed along the network. The intermediate steps are called switches, and these are rarely owned by the cardholder's bank. So at each step, the PIN block is unscrambled and rescrambled with a new key i a machine called a hardware security module (HSM). It's at these intermediate points where hackers could trick the machines into divulging PINs, Israeli researchers say."

Actually a UK security researcher published a method of getting the HSM to divulge the master key. These are delivered to the bank and require two people to enter unique keys to program for use. The method involved successively entering these keys the results from which the master key can be deduced. The original URL seems to have disappeared.

http://www.schneier.com/blog/archives/2006/11/atta cking_bankc.html

On another note, does anyone remember when phantom withdrawals were a regular occurrence here in the UK. Well later on it was discovered that the staff at the card issuing facility had discovered a way of producing ATM cards with the same three PINs. They then sold on the PINs to the criminal fraternity. That URL has also disappeared.

Warning RANT!

Then the people creating the current systems should all be fired. What kind of computer scientist doesn't understand that with any random access storage there is a risk of accidental or intentional destruction or alteration, at any time, in a random fasion. That's why it's called uhh random access. Hello? This is like a CS 101 second week quiz question. They even still call it RAM!

Any write once technology will be infinately better. Which one is academic. You can use a variety of write once technologies with a diverse amount of write confidence levels, number of rereads possible and techniqiue used, and cost. Just write the votes at they happen, in a sequential fasion, in a way that you cannot backtrack and rewrite.

• a dot matrix printer?
• a laser printer?
• a cdrw?
• a writable dvd?
• a WORM tape drive?
• Sevral of the above?

Why the hell are do Sarb-Ox and Hipaa require worm tape and encryption in many cases, yet our voting systems have nothing but the seat of their pants.

As an aside Bruce Schneier chimed in on this recently. I wonder if this had any effect on NIST's comments.

Unlike every other airplane security measure -- including reinforcing cockpit doors, which could have prevented 9/11 -- the airlines didn't resist this one, because it solved a business problem: the resale of non-refundable tickets. Before the photo ID requirement, these tickets were regularly advertised in classified pages: "Round trip, New York to Los Angeles, 11/21-30, male, $100." Since the airlines never checked IDs, anyone of the correct gender could use the ticket. Airlines hated that, and tried repeatedly to shut that market down. In 1996, the airlines were finally able to solve that problem and blame it on the FAA and terrorism.

"Don't click on links in email messages. Type the URL in your browser manually." - bit overkill. Check to see where they're going first. And your mail client shouldn't have any active content enabled for viewing mail in the first place, so a JavaScript onmouseover/onmouseout/onclick handler attached to a link would have no effect anyway. If you're following the other suggestions on the list, this doesn't matter anyway, since your email is plain text and any links that appear in the body of the mail message are a result of the mail client automatically highlighting what looks like a link.

Not necessarily overkill. An exploit which existed for quite sometime are Unicode characters which look the same as an US ASCII character. E.g., the greek omicron looks pretty much exactly like an "o". Someone could jolly well have you think you're going to "www.mozilla.com" when it's actually written with an omicron and is, in fact, a completely different site. Or there are a lot of other blocks in Unicode, e.g., the cyrillic (russian) block that has characters which look just like an US ASCII character to you, but to a computer (e.g., to the DNS server) they're a completely different character code.

For reference, see Bruce Schneier.

So if your mail client supports UTF-8, and honours the encoding in the headers, you can stare at that link long and hard and even in text mode, and it will look legit.

"Disable the preview pane in all your inboxes." - That's what you disable any sort of active content for in the first place - it should be the default in any reasonable mail client to not have any sort of active content running in your mail client.

Disabling active content will go a long way, but won't defend you against buffer overflows. If you have a preview pane enabled in Outlook, you can't even (easily) delete such a virus without becoming infected, because the moment you've clicked on it, the buffer overflow has already happened. So, yes, by all means, please do disable the active content, but also do disable the preview pane.

"Don't use Java, JavaScript, and ActiveX." - It's not Java and JavaScript that you need to worry about so much, it's ActiveX. And since the only browser that will run ActiveX is MSIE, that's already been taken care of by one of the other suggestions farther down this list.

A lot of exploits are/were based on JavaScript exploits, believe it or not. A lot of the fake-ui phishing attacks use JavaScript to, for example, spawn a window without the toolbars and URL bar and with a faked set of bars there. And a lot of cross-site scripting attacks rely on JavaScript to do the dirty work. It may be a badly designed site, rather than a vulnerability of JavaScript itself, but you can do a lot worse than disabling one piece of the puzzle that they rely on. Etc.

As for ActiveX, heh. Don't dismiss that so quickly. I know at least one marketter-turned-(bad-wannabe-)programmer who was telling me about how he cleverly uses Mozilla to be safe from all the IE exploits, but installed some plugin that executes ActiveX in Mozilla. Now I don't know what plugin that is, and wasn't too interested to find out, but I found it funny that someone could be that clueless. The moment you install the same inherent vulnerability in Mozilla, then all that false feeling of security is just Cargo Cult.

Or see the many people who think they're somehow secure because of ditching IE... when all they've done is download some "3rd party browser" that's just a funky border around IE. There are thousands of those "browsers" by now.

So, yeah, I'd insist on hammering that one separately into people's heads. Because, as above, if you just tell them "don't use IE because it's not secure", but they don't understand why and what parts, they'll find a way to shoot themselves in the foot unknowingly.

>Why do we all need to vote on the same day?

I believe the theory behind the law is to avoid gamesmanship and discouraged voters if the results are announced before voting finishes.

>Why do we need to congregate at designated areas?

Because coercion and vote buying is part of the threat model. Go into a booth where nobody can see you vote and both threats are mitigated.

>I can do my banking securely online, why not vote?

You can't, not in the age of phishing. Further answer from Bruce Schneier's blog: One of the dumber comments I hear about electronic voting goes something like this: "If we can secure multi-million-dollar financial transactions, we should be able to secure voting." Most financial security comes through audit: names are attached to every transaction, and transactions can be unwound if there are problems. Voting requires an anonymous ballot, which means that most of our anti-fraud systems from the financial world don't apply to voting. (I first explained this back in 2001.)

>I just don't see security being a huge problem.

Stolen passwords, shared passwords, forgotten passwords, keyloggers, mysterious 500 errors, undue influence applied to vulnerable voters, difficulty in reaching poor or highly mobile voters. I'd go on but I have to run an errand.

The idea that there's a "magic code" you can enter to edit ATM internals is ridiculous.

Remember the kid that tried to check out a 'black listed' book for a report and got a visit from the HSD?

Financial security comes from auditing. Auditing requires records of who did what. Voting systems require anonymity, so auditing can't be done.

Bruce Schneier has an excellent short piece on this.

"Some have argued in favor of touch-screen voting systems, citing the millions of dollars that are handled every day by ATMs and other computerized financial systems. That argument ignores another vital characteristic of voting systems: anonymity. Computerized financial systems get most of their security from audit. If a problem is suspected, auditors can go back through the records of the system and figure out what happened. And if the problem turns out to be real, the transaction can be unwound and fixed. Because elections are anonymous, that kind of security just isn't possible."

http://www.schneier.com/blog/archives/2004/11/the_ problem_wit.html

http://www.schneier.com/blog/archives/2004/12/safe _personal_c.html

December 13, 2004
Safe Personal Computing

I am regularly asked what average Internet users can do to ensure their security. My first answer is usually, "Nothing--you're screwed."

But that's not true, and the reality is more complicated. You're screwed if you do nothing to protect yourself, but there are many things you can do to increase your security on the Internet.
[...]

Around 45,000 transportation-related deaths take place in the US every year. That's 15 times the number of premature deaths that occurred on 9-11. Every year.

Thanks -- I wasn't remembering the 9/11 figures correctly (some of the early death-toll figures you heard were much larger), which perhaps not concidentally, is something Bruce Schneier was saying: "The final death toll from 9/11 was less than half of the initial estimates, but that didn't make people feel less at risk."

Now, more so than ever, I hope that the PS3 fails! It sickens me to think of wide spread proliferation of this console in home all across the world draining all that power :( Consumer electronics are one of the first things that need to become more energy efficient if we are going to taclke this little problem that we're getting ourselves into...

From http://www.schneier.com/blog/archives/2006/10/crea te_your_own.html

Image of a doctored boarding pass:
http://photos1.blogger.com/blogger/6601/1598/1600/ osama-boarding-pass.jpg

Here is a very quick PHP hack to edit a boarding pass template. Edit the boarding pass above to white out the areas to change and save it as nwa_pass.png. This code can be called with:

bp.php?name=Tom%20Tuttle&date=29OCT2006&flight=US1 7B

There should be enough fields here that even non-PHP programmers get the idea.

A web server with PHP and GD are required. Wrap this in standard php opening and closing brackets.

ATTN: FBI Agents -- this took about 15 minutes. Anyone with any amount of PHP experience can do this.

$pass = "nwa_pass.png";
$name_loc = array( 202, 138 );
$date_loc = array( 55, 230 );
$flight_loc = array( 55, 250 );

$name = $_GET['name'];
$date = $_GET['date'];
$flight = $_GET['flight'];

header("Content-type: image/png");

$im = imagecreatefrompng("./" . $pass);

$black = imagecolorallocate( $im, 0, 0, 0 );
imagestring( $im, 4, $name_loc[0], $name_loc[1], $name, $black );
imagestring( $im, 4, $date_loc[0], $date_loc[1], $date, $black );
imagestring( $im, 4, $flight_loc[0], $flight_loc[1], $flight, $black ); /* Output the image */
imagepng($im);
imagedestroy($im);

http://www.schneier.com/blog/archives/2006/10/crea te_your_own.html

You didn't see the spectacular failure of security in airports that preceded the Sept. 11th attacks by mere hours? Haven't you noticed the fact that the so-called security measures enacted since then are unlikely to prevent an identical attack? Or are you saying that because a successful attack hasn't been carried out recently, we are therefore secure? That's a very dangerous stance. It assumes that because vulnerabilities haven't been exploited, they aren't a problem. That's like saying that because some critical vulnerability in your operating system of choice hasn't been exploited yet, the vendor might as well not issue a fix; we should only fix a problem once half the boxes on the 'net have been infected with the as-yet-unwritten virus that exploits the problem. Soghoian pointed out a problem that has been known for months and yet hasn't been repaired. He did this to draw attention to the security theater that exists surrounding airline travel; he was trying to highlight the fact that our government doesn't take security seriously, but only tries to foster the appearance of safety while failing to address real issues.

If you want another example, read this: http://www.swiss.ai.mit.edu/6805/student-papers/sp ring02-papers/caps.htmf

For a wealth of information about problems with our airport and airline security, start reading archives of Bruce Schneier's Crypto-Gram: http://www.schneier.com/crypto-gram.html

Indeed. Some interesting articles have been written about how to fly without an ID, including the "Identity Project, asking people to try to fly with no ID and report their experiences.

"Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety."
- Benjamin Franklin.

Or as Bruce Schneier puts it here:

".. Privacy is a basic human need.

"A future in which privacy would face constant assault was so alien to the framers of the Constitution that it never occurred to them to call out privacy as an explicit right. Privacy was inherent to the nobility of their being and their cause. Of course being watched in your own home was unreasonable. Watching at all was an act so unseemly as to be inconceivable among gentlemen in their day. You watched convicted criminals, not free citizens. You ruled your own home. It's intrinsic to the concept of liberty. ..

Schneier recently wrote up such a proposal using only paper ballots coby Rivest of RSA fame.

For the first option you have months to find all the exploits you can, and thirty seconds to exploit them. For the second option, you have thirty seconds to find and use the exploits.

It seems to me the second would be more secure.

You might even, just to go above and beyond the call of duty, make some attempt to read the writings of people like Bruce Schneier, because you see, he's spent a lot of time thinking about things like this, and you might hurt his feelings if you figured it all out on your own in just a couple of minutes.

Yes, because restricting the dissemination of information to a small group of trusted people always succeeds in keeping it from virus/exploit writers! </sarcasm>

The Justice Department wants to make this problem even worse, by forcing ISPs and others to save our communications -- just in case we're someday the target of an investigation. This is not only bad privacy and security, it's a blow to our liberty as well. A world without ephemeral conversation is a world without freedom.

We can't turn back technology; electronic communications are here to stay. But as technology makes our conversations less ephemeral, we need laws to step in and safeguard our privacy. We need a comprehensive data privacy law, protecting our data and communications regardless of where it is stored or how it is processed. We need laws forcing companies to keep it private and to delete it as soon as it is no longer needed.

...but it *is* a fair question

Bullshit. It is not a fair question. It is one of two things: an ignorant question posed by those too selfish to think for themselves -or- a question posed by those who know better but want to control you.

Answer: http://www.schneier.com/essay-114.html

It's not that people are that willfully ignorant...

People are willfully ignorant when they are told flat out that there is a problem and, like this individual's idiot wife, choose to brush it aside instead of educating themselves about a threat and ignoring or not caring about the dangers of losing free society. There is NO excuse for willful ignorance and those who engage in it deserve to rot when the gates slam shut on them - perhaps a harsh philosphy but in our world it takes examples in order to modivate society.

Well, yes and no. There are a few problems with this hypothesis; one, and the most important of them, is that attacks have been conclusively back-traced to China. And yes, the guy who did it actually broke the law in the process, but c'est la guerre, non? The event is known as "Titan Rain," and it began with a series of targeted attacks against the Department of Energy. A computer security worker, in his spare time (and a wink/nod from the FBI) counter-hacked hosts that were the source of the attacks, eventually following the trail back to mainland China. There, he saw that the logins which executed commands were being performed locally, and that the devices were not forwarding pilfered data on to other hosts but were instead the repositories of that data.

Other things involve the fact that when you see attacks from China, you usually get one of two kinds of hosts: you get a wildly unpatched Windows box that's being used as a bot, or you get a decently-secured (usually linux or *BSD) system that is doing some rather specific things to a specific target. And last of all, let's not forget that most of the seminal works on information warfare were written by Chinese military officers, and that it's no secret whatsoever that China actually does have a significant infowar capability. We have no rules of engagement that classify hacking as an act of war, so they can get away with it; what are we going to do, bomb them over it? They have the world's largest standing army, are a (increasingly) crucial economic partner, and we're already overburdened militarily with a two-front war where we've bogged down fighting insurgents. They do it because they know they can get away with it, and they're correct in that thinking.

>the wire taps happen when there's a known terrorist on the end of the line.

The *legal* wiretaps happen when there's probable cause. Ask the Foreign Intelligence Surveillance Court for a warrant to record calls with a terrorist, and ye shall receive. Quote about that court: "I was shocked ... I was convinced that the judge would have signed anything that we put in front of him", from former intern Jonathan Turley.

The program under discussion here is an indiscriminate sweep that harms national security, and that evades the minimal oversight of the FISC.

Until all the DRM gets solidified (and legal downloadable larger-studio content won't happen without DRM, regardless of what anyone says) and the bandwidth to pull down large files reachs a larger share of the American populace I wouldn't waste my time either.

DRM is a pipe dream that will never happen. I happen to agreen with Bruce Schneier's views on DRM:

The reason we're seeing this -- and this is going to be the norm for DRM systems -- is that DRM is fundamentally an impossible problem. Making it work at all involves tricks, and breaking DRM is akin to "fixing" the software so the tricks don't work.

I have used the Opera browser for years, and I am very happy with it.

For what it's worth, Bruce Schneier is recommending that everyone renew their passports now so that you can avoid having a chipped one for another 10 years:

The security mechanisms on your passport chip have to last the lifetime of your passport. It is as ridiculous to think that passport security will remain secure for that long as it would be to think that you won't see another security update for Microsoft Windows in that time. Improvements in antenna technology will certainly increase the distance at which they can be read and might even allow unauthorized readers to penetrate the shielding.

As he says, "You don't want to be a guinea pig on this one."

He also says you can disable the chip by running the passport through the microwave, but "although the United States has said that a nonworking chip will not invalidate a passport, it is unclear if one with a deliberately damaged chip will be honored." My guess is that it would result in a long and painful trip to the customs interrogation area.

Want your bag to be more secure? Pack a gun, even a starter pistol counts.

Sometimes Cisco support breaks down, and their record on security provoked Bruce Schneier to say "Now it doesn't matter what they say -- we won't believe them. We know that the public-relations department handles their security vulnerabilities, and not the engineering department." With an open-source router, you could in theory have competitive support companies, with all the benefits that competition provides.

Until guaranteed-response support proves itself for open-source routers, most network admins with mission-critical equipment will want Cisco. But this is a classic disruptive technology: cheaper, not as good, opening new markets rather than serving existing ones.

Thank goodness there are people like you to save us from "nonsense" of those "quacks" at Scotland Yard, MI5, FBI, NSA, and the rest.

Good point, but then again, maybe you're looking for quacks in the wrong places. Also, here is some perspective published 19 days after the MSNBC article.

I guess it is "well known" that explosive could in no way be made from a wide range of readily available materials like peroxide as was used last year in the London subway attacks.

Yes, it looks like it would be pretty easy to make HTMD, especially on a plane.

The question here isn't whether or not there are bad guys out there. The question is about how to respond to them. It seems to me like we might be getting it wrong.

Thank goodness there are people like you to save us from "nonsense" of those "quacks" at Scotland Yard, MI5, FBI, NSA, and the rest.

Good point, but then again, maybe you're looking for quacks in the wrong places. Also, here is some perspective published 19 days after the MSNBC article.

I guess it is "well known" that explosive could in no way be made from a wide range of readily available materials like peroxide as was used last year in the London subway attacks.

Yes, it looks like it would be pretty easy to make HTMD, especially on a plane.

The question here isn't whether or not there are bad guys out there. The question is about how to respond to them. It seems to me like we might be getting it wrong.

Officials told NBC News that the alleged mastermind of the plot is still in Pakistan and has yet to be captured.

Some plotters had already purchased tickets on a flight to stage a test run planned for this weekend. The test run would have determined how easily the plotters could have gotten their materials past security and on board the planes.

The actual attack would have followed within days, officials told NBC News.

The NYPD officials said investigators believe the bombers used a peroxide-based explosive called HMDT, or hexamethylene triperoxide diamine. HMDT can be made using ordinary ingredients like hydrogen peroxide (hair bleach), citric acid (a common food preservative) and heat tablets (sometimes used by the military for cooking).

(CBS News) LONDON Police found martyrdom videos and bomb-making components during the investigation of the alleged plot to blow up U.S.-bound jetliners, prosecutors said Monday in announcing 11 people had been charged with terrorism offenses.
   

On the other hand, I also have problems with the left wing appeasers and the media who show terrorist propoganda (like the "Pallywood" type videos) over and over again, and talk about daily body counts without talking about the daily progress).

Give em 30 days at least.

Why? MS has proven it can fix a hole which allows reading of its DRMd content in 3 days.
http://www.schneier.com/blog/archives/2006/09/micr osoft_and_f.html

just put it on a very small USB thumbdrive on your keychain. Plug it into whatever computer you're using and browse the thumbdrive. Double click and go -- no need to worry about leaving personal information on your friend's computer.

You had better encrypt that thumbdrive in case the computer owner slurps all the data off it while it's plugged in.

That is a fantastic reply to, "If you're not doing anything wrong, you have nothing to hide." You should post that to Bruce Schneier's blog

As others have noted already in this thread, profile-based searches don't work, they are too easy to game. On the other hand, random searches don't work either - large terrorist organisations such as Al-Qaida could simply play the odds that at least some of their operatives would get through. 100% searches aren't economically viable. So, what to do? Bruce Scheier had some interesting stuff to say on this a few weeks backhttp://www.schneier.com/crypto-gram-0608.html. If you want to catch organised terrorists, the only answer is good counter-intelligence. All those searches and what not aren't designed to stop well-trained terrorists, they're aimed at nutcases that think they can strike a blow for their favourite cause. These people are susceptible to profiling, which is why you get profiled when when going through airports these days....

That is not the only reason why to have random searches...

As the Guru of Security, Bruce Schneier, has pointed out, the biggest problem with profiling is that eventually, the bad guys will learn what the profile is you are looking for, and simply change their profile. Truly random searches *do* provide the best security if you are not searching everyone. Without a profile to avoid, bad guys will always have a chance of being singled out, and that will make them nervous...and if you have well trained security people, they will notice that person and single *them* out for extra checking. The threat of a search can be just as effective as the search itself!

I suggest people read Bruce's Blog, and/or subscribe to his security newsletter, Crypto-Gram:

http://www.schneier.com/crypto-gram.html

ttyl
          Farrell

It's probably not all that difficult to figure out these various factors if you start collecting statistics. It's the old "one of these things is not like the other" game, but with multiple variables. Get enough people to participate in a website which asks you questions on whether or not you were profiled and you can fill out checkboxes according to who you are, what you were carrying, how you dressed: jeans & t-shirt or business suit, MP3 player, laptop, portable gaming system, ethnicity, hair color, etc. Get a few thousand participating and you can probably figure a good deal of their criteria. Then publish it for the world to see and maybe these totally not random searches will become random and more effective.

Also of note is Schneier on profiling.

I take issue with a few of the things you've said. Let me start at the beginning.

Actually, this is one of the only real ways to do serious amounts of survelliance. In Orwell's day, a 1984 dystopia would've been impossible; the technological resources required to watch everyone at the same time would've been impossible.

Having recently (3 days ago) read 1984, the details are still fresh on my mind. Orwell's "Telescreens" are, indeed, always-on surveilance devices, but were not constantly monitored. He makes mention early in the book that you never know when the ministry spies were "plugged in" to your telescreen, but you always had to act like you were being watched, just in case. That makes it less like data mining (which is notoriously easy to circumvent) and more like a panopticon instead, which is useful more for its control value than for finding deviants.

As for surveilance via computer, bear in mind that it's exceedingly easier to monitor someone's activity by watching, not a webcam, but rather their keystrokes, screenshots, and network traffic. Google's new development is not a step toward anything in particular. In fact, knowing Google's track record, the whole project will be a non-trivial-to-activate, opt-in, experimental, Google Labs component with a very explicit and unambiguous warning about the potential privacy implications. It will be lapped up by hundreds of thousands of early adopters excited to see the future of targetted ads, upon which some Symantec-like company will denounce the whole mess as spyware, and claim that only We can protect you.

Scheiner wrote that book. It is Secrets & Lies. This quote from the preface sums it up:

The error of Applied Cryptography is that I didn't talk at all about the context. I talked about cryptography as if it were The AnswerTM. I was pretty naïve.

Scheiner wrote that book. It is Secrets & Lies. This quote from the preface sums it up:

The error of Applied Cryptography is that I didn't talk at all about the context. I talked about cryptography as if it were The AnswerTM. I was pretty naïve.

Any vendor that relies on a custom algorithm for their encryption technology shouldn't be trusted.

Products that implement cryptography are probably credence goods. It requires expensive and uncommon skills to verify that data is really being protected by the use of cryptography, and most people cannot easily distinguish between very weak and very strong cryptography.

Can you distinguish, by inspection, between a reliable automobile and a piece of junk that will barely last 2 years? I certainly can't. So I rely on reviews by people I trust when I buy a new car.

In the field of cryptography there are several people who have written peer-reviewed books about cryptography, are trusted in the community, and who occasionally review products. Bruce Schneier is one (there are others, use Google, this is not mean to be a puff for Schneier or his company).

There are also open-source cryptographic programs, which are peer-reviewed and definitely not snake-oil.

There is an interesting entry on Bruce Schneier's blog about a program called USBDumper. It runs somewhat invisibly in the background. Whenever someone inserts a USB thumbdrive into the computer it silently copies all of the contents to a directory. It could be a useful backup solution, or....(insert imaginative idea here). The program and full source are available.