Slashdot Mirror

← Back to Stories (view on slashdot.org)

Schneier's Keynote At Linux.conf.au

Posted by kdawson on from the necessary-security-theater dept.

Stony Stevenson writes "Computer security expert Bruce Schneier took a swipe at a number of sacred cows of security including RFID tags, national ID cards, and public CCTV security cameras in his keynote address to Linux.conf.au (currently being held in Melbourne, Australia). These technologies were all examples of security products tailored to provide the perception of security rather than tackling actual security risks, Schneier said. The discussion of public security — which has always been clouded by emotional decision making — has been railroaded by groups with vested interests such as security vendors and political groups, he claimed. 'For most of my career I would insult "security theater" and "snake oil" for being dumb. In fact, they're not dumb. As security designers we need to address both the feeling and the reality of security. We can't ignore one. It's not enough to make someone secure, that person needs to also realize they've been made secure. If no-one realizes it, no-one's going to buy it,' Schneier said."

3 of 138 comments (clear)

  1. Re:In other words . . . by ppanon · · Score: 5, Insightful

    No. What Bruce has realized is that, in the boardroom and the lunchroom (where almost nobody knows any better), security theatre often will kick the ass of real security practices because it's marketed by professional sales teams. It also often can be delivered for less (because it can be priced for what the market will bear).

    If you want real security to be provided, you have to learn to sell it at least as well as the snake-oil. You have to make it sufficiently visible, but non-impeding, that people feel safe.

    It's about understanding the human/political side of the equation that can make the difference between a successful deployment and a perceived failure.

    --
    Laissez lire, et laissez danser; ces deux amusements ne feront jamais de mal au monde. - Voltaire
  2. Re:In other words . . . by QuantumG · · Score: 4, Insightful

    It's an interesting theory but are you aware of anyone who thinks the bullshit we go through at the airport is for anything other than appearances? It's not just geeks and smart asses who know this, it is everyone.

    --
    How we know is more important than what we know.
  3. The Reality and Perception of Security by canterbury+rod · · Score: 4, Insightful
    In Bruce Schneier's keynote address at Linux.conf.au, he essentially admonishes that "security theater" is not only a necessity, it's a critical component that needs to accompany real security solutions. In the article, he states

    the best security solution will fail if it doesn't cater to both the reality and perceptions to do with security. He's affirming that sales in the marketplace will be driven when security theater and real security products are matched. That's when end-users will also experience a real sense of security.