Bruce Schneier on Security Tradeoffs

Anonymous Smile writes "Business Week has an interview with Bruce Schneier on his new book 'Beyond Fear.' He talks about the tradeoffs we've made in the name of increased security. (hint: we've done a poor job so far) Bruce furthers his tradition of being accessible by the non-technical crowd."

I like this statement

[MoonFog]

Q: You have been critical of efforts to better secure the U.S. and the world in the wake of September 11. What do you think are the biggest mistakes we've made in those efforts? A: I think the biggest mistake is that we've made policy decisions while scared. We've passed laws that are expensive, both in terms of money and fundamental liberties, without giving us a corresponding increase in actual security. In other words, we've made bad security tradeoffs.

Hopefully some bright men in the EU parliament will consider the laws passed in the USA before they blindly try to copy them into laws applying in European countries..

Sounds interesting

[yoshi1013]

The whole security thing is very flawed on a number of levels, some of them political.

We've all heard the absurd stories like a woman being forced to drink her breastmilk (in bottles) to prove it wasn't some type of explosive or whatever the hell they thought it could have been.

Yet I remember reading on Michael Moore's website about how right after 9/11 he noticed that despite the fact that nail clippers weren't allowed on planes, matches and lighters were because the Tobacco industry had complained to the government that not allowing matches doesn't allow their customers to light up once they get off the plane.

Later they were put back on the list of prohibited items but it's stuff like that which makes the whole security thing seem totally absurd sometimes.

Schneier speaking

[scubacuda]

Schneier's talks are incredibly accessible, especially when you consider how accomplished he is.

• designed the popular Blowfish encryption algorithm
• his Twofish was a finalist for the new Federal Advanced Encryption Standard (AES))

(I heard him talk about a year and a half ago)

Re:A study in contradictions

[Frater+219]

A security expert who cannot be bothered to turn a knob on his door... eh, what?

I used to work for a guy who had a saying on this subject: "Locks are to keep your friends out." That is to say, security measures impose barriers to unauthorized access, but these barriers are only so high -- if you have enemies willing to break down your door, locking it will not help you; if you don't, what function does locking serve?

Well, one function of a lock, or a password, is its social effect: it says, loud and clear, "Keep out -- this place is only for those who have the key." Most people want to think of themselves as nice and respectful people. Most people aren't crackers or thieves, and will respect a security measure simply because someone went to the bother of putting it there. Against these people, you set a password on your account simply so they will realize it is not a public resource. You lock your machine room door so they won't wander in randomly in search of a terminal to check their email.

Securing things against concerted attackers is different from securing them from wandering friends. You rarely need to enact security measures that will keep a concerted attacker out forever -- only ones that will keep him out long enough for you to notice his assault and cuff him. Bank safes are rated in minutes: rather than proclaiming a safe "uncrackable", the rating states how long a certain level of attacker will take, to crack the safe. So as long as the bank has their security guard come by more often than that, it doesn't matter that the safe isn't perfectly uncrackable.