You're playing at equivocation. Obscurity is an enemy not knowing how your system works. Secrets are the pieces of information that are not part of the process of how your system works but are critical to security. While it seems like they're similar, they're not. So most strong digital security systems rely not at all on obscurity, only on secrets.
But, ultimately, I'm advocating not throwing away security just because it isn't perfect. You may not need the baby, but the bathwater might still be useful.
I don't think that's what you're arguing. I don't disagree with that. If you can get some obscurity cheaply, go for it. Some obscurity is better than none. You just can't rely on it.
Regardless, you were advocating adding obscurity as a solution to a security problem. The thing is that that is not a solution and you should never treat it as such. If a system needs to access a database and has the rights to access the database, encrypting the database cannot be relied on to protect against the compromise of that system. If that system can access the database, the compromised version of that system also can. A "solution" that creates obscurity but doesn't actually solve the problem should not be presented as a solution. It's dangerous and counterproductive.
let's study the complete failure to notice that someone was mentally ill enough to perform such an act
Easy after the fact, hard before the fact, unless you want to imprison a substantial fraction of the population in mental institutions because there's a chance they might hurt someone in the future.
how easily that person was able to obtain the guns and ammunition to do it
Stealing them from his mother?
and how easily he gained access to the school
Shooting people and objects that were denying him access?
Switzerland issues fully automatic assault rifles (real assault rifles, not just "scary looking semi-autos") to every mentally competent male of military-eligible age. The type of weapons that are incredibly difficult to acquire in the US (for those of us not obscenely wealthy, anyway)
Switzerland's gun control is very different from ours, but is more strict. For one, while they issue automatic rifles to militia members (generally at the age of 20), those weapons are either returned or converted to semi-automated at the end of militia service, at the age of 30. There is no longer any at-home government-issued ammunition. Purchase and distribution of ammunition is highly controlled; for the most part it's only available at shooting ranges and only for use at those ranges. A carry permit is required to have the gun in public at all, and generally you can only get those if you work in security.
If the radiation is so infinitesimal to not present a hazard, why won't my dentist not allow herself to go through the scanner,
I can't answer the motivations of other individuals. In my limited experience, dentists and technicians at dentists' offices don't really know all that much about X-rays. (Yours might, I don't know.)
and why does my dentist put this heavy lead shield around me when scanning my jaw for bad teeth?
For one, I think she's legally required to. For another, those X-rays are an enormously higher dosage than the backscatter machines. (A dental X-ray is about 5 uSv. A backscatter scan is about 0.05 uSv.)
When she takes the xray, I am in a room of my own, with lead lined walls, ceiling and floor. The xray controls (button to initiate the scan) are out of range in another area.
They're actually required to be much better protected than you are, because they are subjected to occupational exposure -- they're using the X-ray machine very frequently, whereas you're only in its presence once every year or so. Unless your dental office is weird, though, the walls, ceiling, and floor are not lead-lined. However, the controls should be on the other side of either a wall or a sheet of metal, out of line of sight of the X-ray generator.
Sure, just like there are no alpha or beta particles, per se. They're He2+ nuclei and electrons.
Referring to them as "radiation" and calling them "alpha rays" and "beta rays" is common, semi-archaic physics terminology. Regardless, it's entirely correct when talking about radiation to call alpha and beta particles emitted as a result of a radioactive process "alpha rays" and "beta rays".
They're rays in that the particles travel in a straight line with a particular momentum. Straight line radiating from a point--that's a ray!
Also, since they're particles, they're also actually rays, in that they are waves.
How is the privacy risk overstated? The government has no right to see search me. They search me, therefore I have no privacy. How is that overstated?
You perhaps see the logic error here. I say it's sometimes overstated. You state it one way and ask how that is overstating the privacy risk. Maybe it's not -- I said sometimes! I'm not a legal scholar, so I can't comment on your particular interpretation of the situation. It's a little surprising, though, if it's a violation of the 4th Amendment, that this claim is not heard more often by notable legal scholars or, say, courts.
People often insinuate that the result of the X-ray backscatter inspection is equivalent to a nude photograph of you, which is not accurate. That's overstating the privacy invasion. (I also think it's overstating the added privacy invasion to claim that such a search is particularly different from the extensive searches you already were subject to in that situation.)
There is obviously a benefit, otherwise they wouldn't do it. But it isn't the benefit we expect, or what they tell us.
You have a lot of faith in people to do smart things, apparently, followed by a rather insane government conspiracy complex.
I don't see how it makes sense to use ANY machine at all.
I'm not saying there is. Only that one machine is strictly better than the other.
A question that you asked later, not originally. I haven't written the answer to that because I don't recall offhand and am busy.:p It's Army something something Health something. The original dosage calculations are actually in the device's patent, because doing something useful while being under a particular dosage is a design criterion for the device. IIRC the devices in practice don't deviate too much from the numbers cited in the patent.
We should stop this, and yes it did. You said, "I assume you got that number from the TSA?", which isn't really a question but certainly implies one, and I indicated that those numbers are not from the TSA.
Those are some bold generalizations that are accurate enough in this context. But note that some things can be detected in smaller quantities than they can reasonably be divided into. (Plutonium can be detected in incredibly small amounts, and photons can be detected individually.) Of course in the end it's just a matter of money--with enough money they could just buy everything and blow it all up legally.
The thing is that increasing the cost of an attack is a successful defense strategy, because it reduces the frequency of an attack. Trying to plan defense so that it never fails is a fool's goal--the point is to buy enough reduction in probability or frequency of success.
A reasonable and very rough estimate. I agree that scanners, and lots of other security measures, are well into poor cost-benefit territory. Of course, real measured effect is hard to come by.
That gives each checkpoint a 1% chance of finding a "bad guy" per year.
But of course the false positive rate is incredibly high, since the scanner cannot detect intent. The only way we'd get a solid estimate of how many bad guys were actually caught is if we successfully did a thorough investigation for each positive to weed out the false ones.
Making a rough estimate by the reports in the TSA's blog, the rate of people trying to bring items on airplanes that almost everyone agrees are a bad idea to have on an airplane is much higher than 1% per checkpoint-year. Yet I'd bet that their frequency of catching real bad guys is not so high.
I've seen this before. It's disagreed upon by experts, but I don't think these guys hold the prevailing opinion. Notably, their estimate of the difference is correct--a couple orders of magnitude. However, 2 orders of magnitude, or even 3, above what the X-ray backscatter scanners emit is still an incredibly small dose. I think this may have been written before radiation dosages for in-the-field scanners were publicly available. (Rough dosages for the prototype models have always been available, but understandably, people don't know if those figures are representative.)
deaths from car exhaust are probably at their historical low
Considering history goes back well before the invention of the automobile, or even of the internal combustion or steam engines, I'd say that it's guaranteed that deaths from car exhaust are not at a historical low.
I'm not convinced that the medical risk is bigger than the risk of terrorism it's designed to prevent. I might be convinced that it's bigger than its capacity to actually reduce that risk of terrorism. But for one, the medical risk is really, really small and for another, at that level both things are frustratingly difficult to accurately quantify.
I don't particularly think the scanners are effective at much of anything, especially if you compare them to the impact of other possible expenditures of the same amount of money (which you should). I don't know that there are any good numbers on this, or even if good numbers would be reasonable to obtain, but it is my opinion.
But the wavelength and penetrance is substantially different - we know an awful lot about the radiation exposure associated with flying. We know less about the effects of the radiation exposure from the backscatter scanners
That's not really true. Mostly what we know a lot about is the damage caused by particular radioisotopes, some sources of X-rays, and nuclear accidents. The rest is modeled. X-ray backscatter scanners emit a measured amount of X-rays at a known frequency that's well within the realm of what we know about.
TSA fudged their numbers in icky misleading ways (calculating exposure as if it were spread throughout the body, etc)
Sort of. That's a common and very reasonable assumption when the dosage is many orders of magnitude below an acute dosage (which it is). Some people, after this became a big news item and political issue, disagreed. (Not that they necessarily had much opportunity to disagree beforehand.)
Chance of exposure to radioactive isotopes from nuclear accidents (there's been more than two): 100% Chance of exposure to radioactive isotopes from nuclear weapons: 100% Chance of exposure to radioactive isotopes from burning coal: very close to 1 for most parts of the world 100% Chance of ionizing some of your cellular chemistry by eating a banana: 100% Chance of ionizing some of your cellular chemistry by going into a basement: 100% Chance of ionizing some of your cellular chemistry by going outside: 100% Chance of ionizing some of your cellular chemistry by going into an airplane: 100% Chance of ionizing some of your cellular chemistry by changing the battery in a smoke detector: 100%
Chance of exposing yourself to environmental radiation: 100%, if you do any of the following: eat food or drink water (0.3 uSv/yr), breathe air (1.3 uSv/yr), are exposed to sunlight (0.4 uSv/yr), or are in the vicinity of objects made up of naturally-occurring elements (>0.5 uSv/yr)
Turns out quantifying amounts is pretty important when it comes to talking about radiation.
Incidentally, the world average exposure for radioisotopes dispersed around the globe by the Chernobyl accident (today) is about 2 microsieverts/year (uSv/yr). The radiation exposure from an X-ray backscatter scanner is 0.05 uSv/yr. So, one nuclear accident is actually exposing you to more than one X-ray backscatter scan per day.
Slashdot Mirror
What did you expect it to do? Magic?
Neither the SE nor the Gameboy had a color display.
Calling these assault rifles it like pointing at a car and calling it a truck.
To be fair, we do exactly that with SUVs.
Especially during the time when there were zero cars. Then a single car would have been responsible for infinite deaths.
Don't try to make clever statements by being bad at math.
During a time when there are zero cars, a single car isn't responsible for anything. There's zero cars. Hence, not a single car.
You're playing at equivocation. Obscurity is an enemy not knowing how your system works. Secrets are the pieces of information that are not part of the process of how your system works but are critical to security. While it seems like they're similar, they're not. So most strong digital security systems rely not at all on obscurity, only on secrets.
But, ultimately, I'm advocating not throwing away security just because it isn't perfect. You may not need the baby, but the bathwater might still be useful.
I don't think that's what you're arguing. I don't disagree with that. If you can get some obscurity cheaply, go for it. Some obscurity is better than none. You just can't rely on it.
Regardless, you were advocating adding obscurity as a solution to a security problem. The thing is that that is not a solution and you should never treat it as such. If a system needs to access a database and has the rights to access the database, encrypting the database cannot be relied on to protect against the compromise of that system. If that system can access the database, the compromised version of that system also can. A "solution" that creates obscurity but doesn't actually solve the problem should not be presented as a solution. It's dangerous and counterproductive.
But regardless, yes. See, the people conducting the study -- the "party" -- is not the TSA. Hence, "third party".
Who else did you expect to pay for the testing?
(Tests have also been done by the FDA and Johns Hopkins.)
[citation needed]
let's study the complete failure to notice that someone was mentally ill enough to perform such an act
Easy after the fact, hard before the fact, unless you want to imprison a substantial fraction of the population in mental institutions because there's a chance they might hurt someone in the future.
how easily that person was able to obtain the guns and ammunition to do it
Stealing them from his mother?
and how easily he gained access to the school
Shooting people and objects that were denying him access?
Switzerland issues fully automatic assault rifles (real assault rifles, not just "scary looking semi-autos") to every mentally competent male of military-eligible age. The type of weapons that are incredibly difficult to acquire in the US (for those of us not obscenely wealthy, anyway)
Switzerland's gun control is very different from ours, but is more strict. For one, while they issue automatic rifles to militia members (generally at the age of 20), those weapons are either returned or converted to semi-automated at the end of militia service, at the age of 30. There is no longer any at-home government-issued ammunition. Purchase and distribution of ammunition is highly controlled; for the most part it's only available at shooting ranges and only for use at those ranges. A carry permit is required to have the gun in public at all, and generally you can only get those if you work in security.
If the radiation is so infinitesimal to not present a hazard, why won't my dentist not allow herself to go through the scanner,
I can't answer the motivations of other individuals. In my limited experience, dentists and technicians at dentists' offices don't really know all that much about X-rays. (Yours might, I don't know.)
and why does my dentist put this heavy lead shield around me when scanning my jaw for bad teeth?
For one, I think she's legally required to. For another, those X-rays are an enormously higher dosage than the backscatter machines. (A dental X-ray is about 5 uSv. A backscatter scan is about 0.05 uSv.)
When she takes the xray, I am in a room of my own, with lead lined walls, ceiling and floor. The xray controls (button to initiate the scan) are out of range in another area.
They're actually required to be much better protected than you are, because they are subjected to occupational exposure -- they're using the X-ray machine very frequently, whereas you're only in its presence once every year or so. Unless your dental office is weird, though, the walls, ceiling, and floor are not lead-lined. However, the controls should be on the other side of either a wall or a sheet of metal, out of line of sight of the X-ray generator.
Sure, just like there are no alpha or beta particles, per se. They're He2+ nuclei and electrons.
Referring to them as "radiation" and calling them "alpha rays" and "beta rays" is common, semi-archaic physics terminology. Regardless, it's entirely correct when talking about radiation to call alpha and beta particles emitted as a result of a radioactive process "alpha rays" and "beta rays".
They're rays in that the particles travel in a straight line with a particular momentum. Straight line radiating from a point--that's a ray!
Also, since they're particles, they're also actually rays, in that they are waves.
How is the privacy risk overstated? The government has no right to see search me. They search me, therefore I have no privacy. How is that overstated?
You perhaps see the logic error here. I say it's sometimes overstated. You state it one way and ask how that is overstating the privacy risk. Maybe it's not -- I said sometimes! I'm not a legal scholar, so I can't comment on your particular interpretation of the situation. It's a little surprising, though, if it's a violation of the 4th Amendment, that this claim is not heard more often by notable legal scholars or, say, courts.
People often insinuate that the result of the X-ray backscatter inspection is equivalent to a nude photograph of you, which is not accurate. That's overstating the privacy invasion. (I also think it's overstating the added privacy invasion to claim that such a search is particularly different from the extensive searches you already were subject to in that situation.)
There is obviously a benefit, otherwise they wouldn't do it. But it isn't the benefit we expect, or what they tell us.
You have a lot of faith in people to do smart things, apparently, followed by a rather insane government conspiracy complex.
I don't see how it makes sense to use ANY machine at all.
I'm not saying there is. Only that one machine is strictly better than the other.
Not even by the U.S. Army Public Health Command?
A question that you asked later, not originally. I haven't written the answer to that because I don't recall offhand and am busy. :p It's Army something something Health something. The original dosage calculations are actually in the device's patent, because doing something useful while being under a particular dosage is a design criterion for the device. IIRC the devices in practice don't deviate too much from the numbers cited in the patent.
We should stop this, and yes it did. You said, "I assume you got that number from the TSA?", which isn't really a question but certainly implies one, and I indicated that those numbers are not from the TSA.
What evidence?
Read some more comments. You're certainly replying to enough of them.
Those are some bold generalizations that are accurate enough in this context. But note that some things can be detected in smaller quantities than they can reasonably be divided into. (Plutonium can be detected in incredibly small amounts, and photons can be detected individually.) Of course in the end it's just a matter of money--with enough money they could just buy everything and blow it all up legally.
The thing is that increasing the cost of an attack is a successful defense strategy, because it reduces the frequency of an attack. Trying to plan defense so that it never fails is a fool's goal--the point is to buy enough reduction in probability or frequency of success.
See reply to your other comment asking the same thing.
A reasonable and very rough estimate. I agree that scanners, and lots of other security measures, are well into poor cost-benefit territory. Of course, real measured effect is hard to come by.
That gives each checkpoint a 1% chance of finding a "bad guy" per year.
But of course the false positive rate is incredibly high, since the scanner cannot detect intent. The only way we'd get a solid estimate of how many bad guys were actually caught is if we successfully did a thorough investigation for each positive to weed out the false ones.
Making a rough estimate by the reports in the TSA's blog, the rate of people trying to bring items on airplanes that almost everyone agrees are a bad idea to have on an airplane is much higher than 1% per checkpoint-year. Yet I'd bet that their frequency of catching real bad guys is not so high.
From publicly-released results of third-party tests of the devices.
I've seen this before. It's disagreed upon by experts, but I don't think these guys hold the prevailing opinion. Notably, their estimate of the difference is correct--a couple orders of magnitude. However, 2 orders of magnitude, or even 3, above what the X-ray backscatter scanners emit is still an incredibly small dose. I think this may have been written before radiation dosages for in-the-field scanners were publicly available. (Rough dosages for the prototype models have always been available, but understandably, people don't know if those figures are representative.)
deaths from car exhaust are probably at their historical low
Considering history goes back well before the invention of the automobile, or even of the internal combustion or steam engines, I'd say that it's guaranteed that deaths from car exhaust are not at a historical low.
I'm not convinced that the medical risk is bigger than the risk of terrorism it's designed to prevent. I might be convinced that it's bigger than its capacity to actually reduce that risk of terrorism. But for one, the medical risk is really, really small and for another, at that level both things are frustratingly difficult to accurately quantify.
I don't particularly think the scanners are effective at much of anything, especially if you compare them to the impact of other possible expenditures of the same amount of money (which you should). I don't know that there are any good numbers on this, or even if good numbers would be reasonable to obtain, but it is my opinion.
But the wavelength and penetrance is substantially different - we know an awful lot about the radiation exposure associated with flying. We know less about the effects of the radiation exposure from the backscatter scanners
That's not really true. Mostly what we know a lot about is the damage caused by particular radioisotopes, some sources of X-rays, and nuclear accidents. The rest is modeled. X-ray backscatter scanners emit a measured amount of X-rays at a known frequency that's well within the realm of what we know about.
TSA fudged their numbers in icky misleading ways (calculating exposure as if it were spread throughout the body, etc)
Sort of. That's a common and very reasonable assumption when the dosage is many orders of magnitude below an acute dosage (which it is). Some people, after this became a big news item and political issue, disagreed. (Not that they necessarily had much opportunity to disagree beforehand.)
Chance of exposure to radioactive isotopes from nuclear accidents (there's been more than two): 100%
Chance of exposure to radioactive isotopes from nuclear weapons: 100%
Chance of exposure to radioactive isotopes from burning coal: very close to 1 for most parts of the world 100%
Chance of ionizing some of your cellular chemistry by eating a banana: 100%
Chance of ionizing some of your cellular chemistry by going into a basement: 100%
Chance of ionizing some of your cellular chemistry by going outside: 100%
Chance of ionizing some of your cellular chemistry by going into an airplane: 100%
Chance of ionizing some of your cellular chemistry by changing the battery in a smoke detector: 100%
Chance of exposing yourself to environmental radiation: 100%, if you do any of the following: eat food or drink water (0.3 uSv/yr), breathe air (1.3 uSv/yr), are exposed to sunlight (0.4 uSv/yr), or are in the vicinity of objects made up of naturally-occurring elements (>0.5 uSv/yr)
Turns out quantifying amounts is pretty important when it comes to talking about radiation.
Incidentally, the world average exposure for radioisotopes dispersed around the globe by the Chernobyl accident (today) is about 2 microsieverts/year (uSv/yr). The radiation exposure from an X-ray backscatter scanner is 0.05 uSv/yr. So, one nuclear accident is actually exposing you to more than one X-ray backscatter scan per day.