Beyond Fear

pres (Preston Tollinger) writes "I picked up Beyond Fear: Thinking Sensibly About Security In an Uncertain World basically because it was by Bruce Schneier. I am sure most Slashdot readers know Schneier's name and his work. The problem is, this book probably isn't for you (but might be perfect for someone you know)." To find out what he means by that, read on for the rest of Tollinger's review, below. Beyond Fear: Thinking Sensibly About Security In an Uncertain World author Bruce Schneier pages 256 publisher Copernicus Books rating 7 reviewer Preston Tollinger ISBN 0387026207 summary A worthwhile introduction to real-world (not just computer) security, aimed at a literate but non-technical audience. The Book Beyond Fear is described very well by its subtitle: this book helps you think sensibly about security. Don't expect the highly technical material you have seen in Schneier's previous books, but rather the more accessible material, much like you might read in his monthly newsletter. That doesn't mean the book is breezy: In Schneier's wordy but well-written manner, he describes a five-step process to analyze any particular security system or practice. The process helps you make sure you understand what you are protecting, what the tradeoffs are, and whether, in the end if it is worthwhile to implement the system.

He then goes on to apply this method to a series of security issues while covering the various types of security and their weaknesses. For the most part this not a technical evaluation of the tools used, but rather an analysis for each example of what the security goals are and how the tools and technology achieve or fail to achieve those goals. Even more importantly, he deals with the tradeoffs inherent in any security system.

Schneier applies this method not only to the global issues that have come up since 9/11, from airline security to protecting government secrets, but also to personal issues, including tradeoffs in personal home security. By doing so, he takes principles which might be hard for some to understand in the abstract and makes it clear how they apply in situations almost everyone has thought about.

By drawing parallels, for instance, between how you might select a home alarm system to how you might evaluate the use of face recognition at the airport, Schneier shows that you don't have to be a security "expert" to think logically about security. He brings to the forefront the tradeoffs that you made in these personal choices; for example, the downside of dealing with deactivating an alarm system every time you come home. Then, in turn, he shows how you must consider the problem of people being falsely identified by the face recognition system at the airport.

Given this strong framework, he then uses his method to analytically and dispassionately tear apart most of the silly and stupid security methods (note my dispassion here) that have been put in place or considered in the past few years, from airline security methods to national ID cards. With a combination of funny yet pointed anecdotes, clear statistics and the occasional Harry Potter reference, Schneier uses his talent for cogent, rational explanation to show how people can think about security in the modern world, instead of simply panicking at every ominous news report.

To Read Or Not To Read So it sounds like a good book and probably would be for some, but there was not enough new content for me to make it worth my limited reading time. Perhaps due to my general interest in security or just because waiting in line at the airport has already given me a lot of time to think, but I have already considered most of the ideas Schneier raises in Beyond Fear. I own a shredder, but not an alarm system, because I have considered the risks and costs. I dislike the idea of a National ID card because I was already afraid of what someone might do who got access to it, and already monitor my credit report. I have written my local representative that while his recent bill to remove SSNs from insurance cards is nice, it's far too late (and how about just getting people to stop using SSN's as passwords?).

If this describes you, skip the book. However you might note above I didn't say this was a waste of my money. This book is soon going to find its way into hands of friends and relations who need to think about security. It is a great introduction to a way of thinking that is critical in a post-9/11 world. It should be required reading for members of Congress before any more security laws are passed based only on the need to do something instead of rational thought.

Summary If you think consciously about security, know who Schneier is, or have ever noticed (and complained) that many airport security measures make no sense, you probably don't need this book. If you have only considered this topic in general, though, and want a book to focus your thoughts, Beyond Fear will do that. Finally, if you have friends who don't yet think this way (admit it, we all do), get this book into their hands.

You can purchase Beyond Fear from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Crypto

[Otter]

The process helps you make sure you understand what you are protecting, what the tradeoffs are, and whether, in the end if it is worthwhile to implement the system.

This is precisely why I don't bother with any encryption that isn't built in. Browser encryption - fine. Using PGP or RMSPG on my email -- as Dogbert asked, "Who would want to read your mail?" There is too much hassle involved, just on my end, never mind getting my sister or mother in law to read encrypted email. Unless you make a fetish of it for your own sake or you're sending something genuinely worth protecting, who cares?

Re:What's wrong with national IDs?

[Jeffrey+Baker]

It's really symptomatic of something else: American's don't trust their government. Over the last century the government and laws of the USA have really gotten out of control, but the population has mostly just let it slide. I mean it's illegal to smoke marijuana, but everyone does it anyway. It's illegal in many states to be involved in a blow job, or to arrange your furniture in a certain way, or to change the needle valves in your carburetor. All these laws are pretty stupid, but nobody really cares because they are unenforceable.

In addition the people of the USA have a tradition of just being criminals. Practically anyone has a smuggler or a bootlegger or a bookie in their family tree somewhere. These things were illegal but not really dishonorable. And in the beginning days of the country, it was possible for someone to fuck up their lives in one area and simply start over further west. So we've gotten used to ignoring the laws and taking advantage of anonymity.

The situation changes if the government suddenly becomes organized and informed. If the government has a good way to track who we are and what we are doing, all those things that are illegal will suddenly matter. So the reaction is to resist tracking and information programs. Of course, this is the incorrect reaction: what we should really be doing is reigning in our government and repealling stupid laws until we feel that we can trust it again. But that answer isn't as obvious.

I'll end with a short example: last year I got on an SF MUNI streetcar at a station where the toll machines were broken. I paid my $1, but the machine didn't give me a ticket. No attendant was on duty so I just boarded the train anyway. Well, lo and behold here comes Fare Inspection Shitwit to check my ticket, which I didn't have, through no fault of my own. Inspector Shitwit gives me a ticket ($90 fine) for failure to have a ticket on the streetcar. Naturally I rebuked him profanely and threw the ticket in the trash. I don't have any intention of dealing with such rubbish. But now, six months later, there's a warrant for my arrest which will never be served by the SFPD and I will be unable to renew my driver's license, which is expired, until a year after the incident. If the government were *really* well organized I might even get arrested. I'm really afriad that in some well-organized, well-tracked future government regime, people will get in *real trouble* for not having a piece of paper that says you paid $1 to get on the bus.

Re:What's wrong with national IDs?

[SquadBoy]

Becuase they do not buy any security and they open many holes.
You may trust your government enough to know everything about you and to keep it all in one great big database but you have to keep in mind that here in America we don't so much. In fact we are an entire country founded on the thought that the government should get the fuck out of our lives. National IDs do nothing for security they do nothing to prevent idenitity theft they do nothing but put all of your personal info in one database that can be abused by those who have access to it and broken into and abused by those who do not. In Beyond Fear Bruce goes through this with the 5 step process. You spend a large amount of money and get nothing in return.

Think about it for a moment and I can only speak for the US but I'll walk you through the process.

I have a drivers license and a Social Security card. With those two forms of ID I can get any other form of ID that we have here in the US. Those two pieces of ID are in turn based on a birth cert. You can get a birth cert for a couple of hundred dollars. To implement a national ID they would have to figure out someway to figure out who everybody is and at this point it is impossible to prove who anyone is beyond accepting what their current IDs say. See the problem yet?

So national IDs will just give you another ID that says that you are who you claim to be. But if I don't like being that person anymore it would take a couple of hundred dollars and a bit of time to be someone else. There is *no* way that you can prove that anyone is anyone. Trying to do so is pointless and will merely cause problems for honest folks.

Re:What's wrong with national IDs?

[jeffy124]

some people somehow have this notion from some alarmist that says they'll check that ID everywhere you go and track you from point to point.

IMO, simple legislation that provides baseline standards for government-issued ID cards (eg, driver licenses) to have anti-fraud features are all that's needed.

I live in NJ, the state with the license that's easiest to forge. It's easy for someone to walk into a DMV, claim to be so-and-so, and say that they've lost their license. All you need is something like mother's maiden name. Numerous college students use this technique to get fake-IDs to buy alcohol, etc. (I should point out, NJ has changed this, and are phasing in new licenses over thenext few years, along with guidelines that require more than just mother's maiden name)

Re:Process vs Organized Security

[Slarty]

Airport security just doesn't work very well anyway, even now, after 9/11, when it's supposedly all beefed up.

My freaky experience: I took a trip to Florida, and in my carryon luggage (a backpack) was a buck knife with a 4-inch serrated-edge blade. I wasn't trying to smuggle it through on purpose... the last time I had used the backpack was on a camping trip (where knives are handy) and I simply hadn't unpacked the front zipper pocket, where the knife was.

Anyway, the knife made it cleanly through airport security. Twice. At two different "high-security" airports... and yes, it went through all the detectors and everything. I didn't even find the damned thing until I was on my last connecting flight. So yes, there are some major issues there.

To tie this back in with your post... I hate to generalize based on one incident, but the extra security just ain't giving us a whole lot of extra security. Which leads me to believe that you're right... one of the main "benefits" of all this was just to allow the authorities to take actions "in the name of security" that only serve to give them more power.

What that experience taught me is that I can't rely on those in authority to protect me, either me physically or my data or anything like that. Which means that citizens are going to have to start safeguarding themselves, and sometimes that may be in opposition to the "best interests" of the state. Which sure as heck don't seem to be our best interests much these days.

Re:there is a national ID system

[AJWM]

And California is about to massively devalue that ID by issuing drivers licenses to undocumented (aka illegal) aliens.

Logically, every other state in the union should refuse to recognize a CA drivers license as a valid ID, except maybe as proof of the ability to drive a car (about the same utility as the "international drivers license" you can get). I'm sure Californians will be real happy when TSA stops accepting their DLs as valid ID next time they try to board a plane.

You want a national ID? Get a passport.

Beyond Fear

[herwin]

I teach security to novices, and I have found Bruce's books extremely useful resources. As soon as read Beyond Fear, I incorporated some of his ideas in my lectures (although I expanded the 5-step process to 6 steps for the students). Well recommended.

Talking to non-techies

[isomeme]

I was chief architect several years ago at a pioneering (and now dead) movies-over-the-net company. Beyond the technical issues involved, our biggest problem was movie-industry execs who insisted on "absolute, guaranteed, unbreakable" security. Needless to say, this was a bit of a stumbling block, as there's no such thing.

When I gave security-related presentations to non-techies, I got in the habit of asking for a show of hands asking who had locked their front door when they left home that morning. Needless to say, all hands went up. I'd then point out that a thief could break a window, tunnel through a wall, dig up through the floor, cut a hole in the roof, or batter down a door if they were determined enough to get inside...so why did they bother locking the front door? Thinking about this got people into a more reasonable mindset to discuss cost/benefit ratios and attack scenario analysis.