Slashdot Mirror
Schneier On the War On the Unexpected
jamie found this essay by Bruce Schneier, The War on the Unexpected. (It originally appeared in Wired but this version has all the links.) "We've opened up a new front on the war on terror. It's an attack on the unique, the unorthodox, the unexpected; it's a war on different. If you act different, you might find yourself investigated, questioned, and even arrested — even if you did nothing wrong, and had no intention of doing anything wrong. The problem is a combination of citizen informants and a CYA attitude among police that results in a knee-jerk escalation of reported threats... After someone reports a 'terrorist threat,' the whole system is biased towards escalation and CYA instead of a more realistic threat assessment... If you ask amateurs to act as front-line security personnel, you shouldn't be surprised when you get amateur security."
people using the excuse of a boogieman in the shadows to lash out against those they don't understand and/or fear?
unheard of in all of human history.
America is at war with terrorism. America has ALWAYS been at war with terrorism.
Is a war against an emotion... Anything which can cause fear is therefore subject to the war. In that way it's the perfect war for politicians.
Deleted
Our whole lives are spent dealing with people and their reactions to what is 'acceptable' and taking the risk that what you try and accomplish is 'unexpected'. Wear long hair in the executive world? Get fired. Dye your hair green in high school? Get teased. Run down a street naked? Get arrested.
Humans are exceptional at detecting differences, its part of our nature, intellectually - we integrate similar concepts and differentiate between different ones. Our brains pick out differences. Thats why profiling at airports actually works.
Its nice to see someone publish something about this, but its hardly insightful.
I want to delete my account but Slashdot doesn't allow it.
Comment removed based on user account deletion
This sounds like a throwback to the 50's and early 60's when "Communism" was the buzz word, and a conforming America was key to not being "outed" as a Commy.
Shameless plug alert: Game server control panel
...if their goal was to create fear in the U. S. population.
The fear is real. I hate to admit it, but it affect me.
Everyone knows that there will be further terrorist attacks on the U. S. On the one hand, we're not serious about beefing up homeland security, which is a disappointment to me--I was expecting at least a competent, good-faith effort. But we're doing all the "security theatre" stuff and none of the expensive, difficult, serious stuff. On the other hand, the Iraq war has inflamed passions in the Muslim world and created enemies where we didn't have them before. So the threat is getting worse and our defenses are not getting much better and all the "security theatre" just keeps reminding us of the issue.
On my last plane trip, the gate was near security, and my wife and I were watching as some woman got some kind of very, very extended attention from the TSA people. She was dressed in some kind of dark robe that covered her body, her head, and most of her face; it looked to me like a burkha, but I don't really know anything about such things. She also had a somewhat disfigured face, with a golf-ball-sized lump of some kind on one side of her forehead.
From our vantage point it was all pantomime. I don't know why they were searching her. But they would ask her questions, then wave those handheld metal-detector frisking things, have her sit down for a while, go away and come back with other officials who would ask her more questions and so forth. After about a half an hour she was still sitting there in the security area waiting. They announced that our flight was boarding and we got on and don't know anything more.
What I hated myself for was that I personally was creeped out by this person and her appearance. And what I particularly hated myself for was that the things creeped me out were a) her style of dress, and b) her disfigured face.
Part of me was indignant at what looked from a distance to be discriminatory treatment. And part of it was great relief that she was not on my flight.
I think it's time for new moderator points.
"+1 Terrorist" and "-1 Sheep".
Whether you want to swap the signs depends on your political preference.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
Choice 1: Over react and be labeled a fascist.
Choice 2: Do nothing and be blamed when people die.
No wonder we only get shit bags running for public office.
Virginia is for lovers. EVE is for griefers.
people are spoiled and every time something bad unexpected happens they can't accept it. result of living in one of the safest and affluent societies on earth.
so if something does happen the media jumps on it with all kinds of "investigative" reporting about how some insignificant clue had been dismissed or how some proposed law wasn't passed that could have prevented this. and they attack government agencies in the process along with congress getting involved with subpeonas and investigations. so the police to CYA just start to investigate idiotic things and bugging people
For those interested in hearing Bruce Schneier dispassionately and quite reasonably shred a lot of the "security" measures implemented since 9/11, I suggest reading his book Beyond Fear. The subtitle says it all: thinking sensibly about security in an uncertain world. The book was reviewed on Slashdot not long ago.
The book takes a very general approach to security, analyzing it with the most basic categorizations, while using very clear real-life examples to illustrate. The final chapters deal specifically with security against terrorism, particularly since 9/11. His conclusion is that, from a security standpoint, most of the measures put in place - additional airport scrutiny, massive centralized databases looking for suspicious patterns, the move towards national ID cards, etc. - are largely ineffective as security measures. The massive trade-off of decreased privacy and liberty coupled with enormous cost for these measures make them especially unreasonable. In short, the widespread perceived risk and culture of fear it has fostered has made our response to the new terroristic threat wildly out-of-proportion with the actual risk.
It's mostly preaching to the choir here at Slashdot, but I think this book should be as widely read as possible.
More likely the kind of reactions he's talking about has to deal with thrill killers. The 9/11 guys didn't do so much that was out of the norm to ring any real bells (yeah, yeah, I know, if you were there it would have set off the alarms in your head. yeah, I know that.) but the actions of thrill killers is often noticeable by those around them because of long time association and a change in behavior.
But my real wondering is: Since when has Slashdot become the outpost for the war on terror articles? Everything posted here anymore seems to be political. What was that Taco was saying the other day about loosing control of his website? Dude, it's already happened.
Dedicated Cthulhu Cultist since 4523 BC.
If you think that the next administration - Republican or Democrat - is going to be substantially different, you haven't been paying attention for very long.
It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
All security analysis, whether physical or electronic, starts with looking at patterns. An IDS is a perfect example, it looks for patterns and reports on them. Guess what, Bruce? IDS have false positives, a lot of them. It takes a trained security professional to analyze what the IDS thinks is an alert and determine whether it's a real threat.
Eventually someone came up with IDS systems that analyze your normal IDS traffic, and start to alert on things that aren't normal. For example, if you have a link you only see SSH connections on, and all of a sudden there are FTPs, it will alert. Again, a trained security professional looks at the alert and decides if it's a real threat.
The IDS system is analogous to the people on the street reporting strange events, except the people on the street have more intelligence than a typical IDS system (for example, I've never seen this guy (FTP) in my neighborhood, but someone just moved in across the street, ah yes he just unlocked the door there, must be the new owner). People know what is unusual, what doesn't fit into their neighborhood, more so than IDS systems.
And the police officer is analogous to the security professional. A person (IDS) reports an event to me. I take in as much information as I can, and determine whether it's a real threat. If I don't have enough information, I get it. If I can't, I continue to monitor the activity. If it looks threatening, I escalate it.
However, Bruce, when you say that police shouldn't rely on the individuals on the street to help with security, you're like saying I should take down my IDS systems. It's a ridiculous statement. You say it's amateurish? Well, without individuals on the street calling in things they think is unusual, then police don't know someone is unusual. Just like an IDS system, if it doesn't tell me something is anomalous, I don't know whether to go in and check it.
The simple fact is that because people didn't report the unusual behavior of many of the 9/11 attackers, e.g. taking flight lessons that only focused on flying, getting pulled over without licenses, getting pulled over with illegal immigration statuses.... BECAUSE no one reported that activity, they went and hijacked 4 aircraft and killed 3000 people.
Specifically, Bruce... when you say we've opened up the war on the unusual, this is EXACTLY what more modern IDS/IPS systems do, they don't look at signatures, they look at UNUSUAL TRAFFIC. When it finds UNUSUAL TRAFFIC it REPORTS IT to you, then you INVESTIGATE IT, you QUESTION THE PEOPLE INVOLVED, and if they did something against policy you REMOVE THEM FROM THEIR JOBS. YES BRUCE, THIS IS WHAT YOU DO.
Also, on another rant. What's YOUR solution, Bruce? You tell us how NOT to do it, but you have no solutions yourself. Oh wait, you do... you tell us we should do EXACTLY what you rant against:
Yes, I can agree that some people blow shit out of proportion, this happens everyday and is part of the human nature (especially for those that love drama). But that doesn't mean we should stop this activity, law enforcement just needs to become better at detecting the actual threats and escalating incidents at the same time fine-tuning their "IDS" systems to what is real threats. This isn't something that will happen overnight, but doesn't mean we should stop it completely!
full of win
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
I hear NPR mention a "war on terror", and I want to call in a correction/complaint.
A war on terror or fear is quite different than a war on terrorism.
And a war on terrorism is quite different than a war against terrorists.
And of course a war on terrorists is quite different that a war against a specific group.
A war against an generic term, a tactic or unspecified groups of people cannot be won.
(It cannot be lost either).
How about:
Choice 3: React appropriately and install security measures that work, without unduly stressing people?
The problem isn't that there are two extremes the people in power must choose from, the problem is that the two choices you gave are actually being done at the same time.
Would slashdot post a counter-terror expert talking about computer security if he had no experience whatsoever in that field?
Then why would slashdot post a computer security expert talking about counter-terrorism or law enforcement when he has no experience whatsoever in that field?
"It Just Don't Look Right" is a time-tested law enforcement mantra. It isn't something George W. Bush cooked up after 9/11 -- it's around because so many crimes, and so many terrorist plots have been busted up by investigating the unusual and unexpected.
Oh things will change....you know that ficus plant that W. keeps round....the liberals are toally getting rid of it when they move into the White House
You expect people without a fundimental understanding of chemistry of basic physics to give you a realisitic threat assesment? These are the same folks who have conflated an urban legend about mixing two chemicals, and managed to make it so I can't take a bottle of gatoraid on a flight. And you remember right after 9/11, all of the guardsmen with guns at the airport? Well they all had empty clips.
The real problem is these idiots are in charge. When we start to respect knowledge and wisdom, and elevate those posessing both in abundance, only then will this crap end.
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming
This administration? Do you really think that this is where all of this started? Man, you're fairly naive.
Ruby Ridge, Waco, Oklahoma City.
And even that's not the beginning.
Dedicated Cthulhu Cultist since 4523 BC.
You have more chance of being killed next time you get in a car or try to cross the road. Or being murdered by your neighbour. Or having a heart attack from to omuch fast food.
The terorist threat is TINY and shouldn't have been allowed to affect life at all.
Whether that woman was wearing a burkha or not is immaterial. Your disproportionate levels of fear are the problem here.
People, en masse, are indeed stupid. (Should I reference Nietzsche?) How ironic that this should come up today; I came into work this morning, and took the back stairway as I usually do, but I passed some wierd looking device that was sitting in the corner of the hallway. The device had been there the evening before, when I left, and it had been "running" throughout the night. It had several hoses coming off of it and I had no idea what it was used for - and I know about ALL KINDS of strange devices in my business (biomedical/biochemical research). So the question arose in my mind: "Should I ask someone who works nearby if they know what this is? ...It could be a ...bomb... and I know some groups that would seriously consider our area for a bomb..." But here's where I drew the line: I examined it for a moment, and decided, "This device is way too complex for a terrorist bomb or a prank." So I just went on my way. Here's why: If a terrorist is going to plant a bomb somewhere, isn't it obvious wisdom to NOT draw attention to it? What kind of dumb-ass does it take to have the knowledge to build a significant bomb, place it without getting caught in the process, but make it horrifyingly obvious that it is a bomb?
You didn't call anyones attention to it, did you? You just confirmed to me that a way to plant a bomb where you work is to just make it look compex enough.
Thanks, Yoda.
A fallacy the "war on terror" (and the war on drugs for that matter) is a way for a set of people to describe complex social problems in a way that they can easily manipulate people. It is much easier to convince people to give up there freedom, etc in the name of helping to win a war. Stop using these terms.
I was a Canadian tourist in Boston in April. I walked through Boston Commons Park at 10am on a beautiful Sunday morning, seven steps from my hotel. I said good morning to a few people in the park. Ten minutes later, two police approached and interrogated me. Apparently, some crazy women to whom I said "good morning" promptly left the park and reported me as a sex offender / pedaphile.
The police were firm but polite in their in-park ten-minute interrogation. They said things like "maybe you shouldn't walk around in public parks." and "don't you think it's a bad idea to say 'good morning' to a complete stranger?". They believed me when I said I was Canadian -- after seeing my passport and driver's licence. (yeah, passport wasn't enough for them. I have no clue how they were able to authenticate an Ontario driver's licence, Massacheusets has something that looks like it's off a 1985 inkjet.)
It was really just one crazy woman -- I greeted many people during the week, and others, notably injured Kelly, and also fishing Steve, were exceptionally nice.
All the same, I was glad when they let me leave the country five days later.