Slashdot Mirror
Bruce Schneier on Security Tradeoffs
Anonymous Smile writes "Business Week has an interview with Bruce Schneier on his new book 'Beyond Fear.' He talks about the tradeoffs we've made in the name of increased security. (hint: we've done a poor job so far) Bruce furthers his tradition of being accessible by the non-technical crowd."
Am I only one, who finds this statement somehow amusing?
Dephine URL
We've all heard the absurd stories like a woman being forced to drink her breastmilk (in bottles) to prove it wasn't some type of explosive or whatever the hell they thought it could have been.
Yet I remember reading on Michael Moore's website about how right after 9/11 he noticed that despite the fact that nail clippers weren't allowed on planes, matches and lighters were because the Tobacco industry had complained to the government that not allowing matches doesn't allow their customers to light up once they get off the plane.
Later they were put back on the list of prohibited items but it's stuff like that which makes the whole security thing seem totally absurd sometimes.
Kick in the Head
Bruce talks a great deal about security tradeoffs. Despite the fact that he's a big security guy, he states that he doesn't lock his back door, because I know the risk of burglary is slight. A security expert who cannot be bothered to turn a knob on his door... eh, what?
Well, how would he know the risk of burglary? The risk of burglary is so multifactorial, does he just go on the statistics in his city as a whole? Does he consider taking into account that maybe there's been a rash of burglaries in his neighborhood, and he just hasn't heard about it yet?
He also states that he does not think about terrorism while traveling, and that he's generally trusting of people (what about social engineering?).
That said, he makes some great points... a lot of the "security" we've put in place post-911 is truly window-dressing. He's right about reinforcing cockpit doors and training passengers to fight back (that's a MAJOR paradigm shift from what we used to tell people... "just give them what they want and let the hostage negotiators handle it." Yeah... that worked great). I can't wait until the next set of hijackers gets beaten to death by the passengers.
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
Where I think the problem in post 911 security is awareness, and this is a people problem. Bruce is right, people that are more aware of their surroundings can easily notice things out of place. Instead what do we get from Wahsington, fear mongering and freedom stifling laws and legislation. The 911 attacks more than likely could not be easily duplicated since (at least in theory) we are aware of how they did it and (hopefully) in a better position to stop it. The bigger question is what are they planning to do in the future? And putting the entire population of the U.S. in under almost continuous surveillance is not the answer. It is not unlike other intelligence efforts, who is going to analyze all of that data? It wasn't all tha tlong ago that the director of the NSA stated his staff couldn't process all of the information they were gathering. Hopefully Bruce's book points out some simple steps that will actually improve security without "breaking the bank", be more effective than most of the current measures, and that some people in Washington actually read it!
It has been a long time since I have ever seen someone who has the ability to comunicate tech ideas to those who are "non-tech." Unlike most security experts Bruce Schneier seems to use the "uncommon" common sense approach. In the interview Bruce states "There's so much stupid security out there -- in airports, in office buildings, in the government. I wanted to give people the ability to see why some things are stupid and -- to the extent possible -- how to fix them. There are many dangers in the world, both real and perceived, and it's my hope that the book gives people a realistic sense of how to deal with risks and threats." If the US would adopt this man's ideas I would not be astounded by how much money the government would save and how much more secure we would all be.
really, the post 9-11 security craze is nothing more than a jobs program for the security industry. sure, the security here still sucks, it sucked before too. we're a (sometimes and mainly in theory) free society, but mostly an open society. we do make social exclusions, but really, we accept anyone as a neighbor (tho neighbor in another city if we don't like you, thanks, and don't forget to mow the lawn on the way out). we play security like its a game. we dodge our own security just to prove it can be done.
face it, security is an illusion. i'm more likely to die crossing the street (especially in my hood) than from a terrorist attack.
"You never want a serious crisis to go to waste." - Rahm Emanuel
it's truly a matter of providing a deterrent... "target-hardening" as we used to call it in the military. Make a task too difficult, and the perp will move on to easier pickings, it's human nature.
Many home burglaries are done by youths, or people looking for easily-fencable goods (typically to support a drug habit of some kind)... few are done by pros. Some burglars will simply go around a neighborhood, trying doors until they find one that's unlocked. A simple deadbolt would go a long way toward deterring this kind of casual thief.
The professional is a VERY different animal, whether he's a car thief, or a home burglar. The determined car thief will bring along wheel dollies and a panel truck/trailer if he really wants your car... he might even line that trailer with metal screen if he's out to defeat your LoJack transmitter. Bottom line: it's very difficult to guard against a calculating, intelligent, and determined thief.
That said, simple measures will go a long way... to not even take simple measures to secure your home might even open you up to legal liability. If you have a pool, you must provide a secured enclosure or gate, lest a neighborhood kid drown (and you would be sued, likely successfully, for not having taken such a "reasonable" measure). If you own guns, it might be argued that you had the obligation to lock your doors... I certainly wouldn't want to be sued because a gun I owned wound up on the floor of a neighborhood Stop-N-Rob, next to a dead clerk, simply because some crystal-meth user was able to simply wander into my home and steal said gun... I can think of more than a few plaintiffs' attorneys that might argue that angle in a wrongful death suit.
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
Once again, Schneier shows why he's at the top of his game. Perhaps we should petition to get him and Lessig together to do a radio show (not that either of them have any time to do this).
Geeks would be in their glory.
Rich...
Ignore Alien Orders
Hopefully some bright men in the EU parliament will consider the laws passed in the USA before they blindly try to copy them into laws applying in European countries
You might be making the assumption that EU parliamentarians aren't in the firing line of lobbyists and corporate moneymen.
At least some of the decisions made in the US were with an eye to the "security industry". There's money to be made in the EU too, and it's unlikely they'll have failed to notice. Laws passed which end up giving those in authority more power, and which grant money to "industry", are likely to be popular to those signing off on the decisions, no matter what their nationality... .
What I appreciate most about his interview was his balanced approach -- that security measures since 9/11 are flawed, but we should try to FIX them rather than throw the baby out with the bathwater. It seems you hear one extreme or the other -- folks are either on the Ashcroftian end of the spectrum and want to tread on all privacy rights in the name of "keeping us safe", or they are radical libertarians (small "L") who want to have absolute freedom and do things like declassify all government documents and remove all immigration barriers, which don't seem very prudent either. Bruce's approach to finding the best balance of liberty and security -- even having a concept of a "balance" of the two -- is refreshing, and I hope policy-makers take notice.
If the book is as good as the interview, in fact, I might get an extra few copies and send to my senators and congressman. Who knows, $50 spent on gift books could save millions wasted on ineffective security measures like face recognition in airports.
Maybe they want to hire people that are interested in reading about Bruce Schneier's work. After all, that generally means that you aren't some MCSE that only cares about programming in VB or Java or some other worthless language.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
The back of his previous book, 'Secrets and Lies', contained enthusiastic quotations from Mary Meeker, dotcom cheerleader at Morgan Stanley, and from Jay Walker, the founder of priceline.com. Now 'Beyond Fear' elicits yet another effusive remark from Jay Walker, now founder of U.S. HomeGuard. Is this because Schneier and Walker share the patent that invented buyer-driven e-commerce? Acknowledge the affiliation, Mr. Schneier...you aren't just slightly ashamed of this patent, are you?
I've read halfway through the book so far, and I'm certain I'll finish it.
An important message I've taken away is that attacks are very rare. Schneier mentions several times how physically safe we are in open, democratic countries, and contrasts this safety to totalitarian (my word) regimes.
He also drives home that you can't spend all of your resources on a plethora of one-in-a-million or once-per-century events. Risk analysis is essential.
Read the book! An interview doesn't nearly do it justice.