A new iPhone app:
“Point the camera at a plane and you’ll see the flight number, aircraft registration, speed, altitude and how far away it is!”
Tag Archives: security
It really is a blue moon…
David Brooks wrote a column that’s reasonable about security.
Are the Secret Service security theater?
Speaking of Tom Barnett, he recently had a post where he lays into Michaele and Tareq Salahi for their crashing of the state dinner between President Obama and Prime Minister Manmohan Singh of India, calling for their arrest and trial.
I posted a longish reply, including the quote from Kohr. Tom’s comments are moderated and it hasn’t appeared yet. He has a thing about the length of comments, while I operate on what might be called Ebert’s Principle — No good comment is too long, no bad comment is short enough. But, hey, it’s his sandbox. Then again, this is mine.
One of the things I said in my comment to Tom was, “The only thing we have to fear is fear itself.” I strongly believe that. I agree the Salahis shouldn’t be news, but that’s because both a) the president should be accessible enough to the citizenry that this story wouldn’t be unusual, and b) if such events happen less frequently than once a year I’d be surprised. It’s precisely because we “shield” such information from the public that every encounter with the topic is unfamiliar ground. As it happens, Bruce Schneier has a recent post on how unfamiliarity feeds into fear.
Because of the back and forth nature of comments, I try to think ahead in the discussion, and anticipate what’s going to be said next. What I thought Tom would come back with would be the issue of presidential safety. To lay out my position there, I also said in my comment to him that just like the only guaranteed way to stop airplanes from crashing into buildings is to ground them, like we did after 9/11, the only guaranteed way to keep the president safe from all threats is to make his bubble even smaller than it already is. And even that might not make the president any safer.
I’m now going to use a metaphor, because Big Google is listening, after all. It’s imperfect, as are all metaphors. I ask you to please keep your mind’s eye on the larger point I’m making, and not on the flaws of the metaphor itself.
I think many people are familiar with Hollywood’s Walk of Fame. One of the features there are inlaid tile mosaic stars to honor various luminaries of entertainment.
Imagine there was one particular star known to be attractive to very destructive vandals. As one might expect, that star would have exceptionally high protection. The curious thing about the vandals targeting that star is how focussed they are in harming only that one star, and nothing else around it. So security for the star is set up to “flood the zone” and keep access to the star very tightly controlled.
However, if one vandal decided, “If I don’t care about leaving the other stars intact, and accept that there will be a tremendous amount of damage to the sidewalk, the street, the security detail, random pedestrians and drivers going by, etc… Well, if I set off a big enough boom then that one star is certain to get hurt.”
I suggest the Secret Service, for the most part, works off of what Schneier calls, “a movie-plot threat,” which is, “an overly specific attack scenario.” In the case of the United States’ President, that specific scenario is the lone gunman, one of the type who has killed at least four presidents (Lincoln, Garfield, McKinley, and Kennedy).
I suggest that’s not the only threat out there. Call it the Timothy McVeigh scenario. I have no idea if anyone in the Murrah Federal Building had a bodyguard that day; all I know is, it didn’t do them much good, if so.
Schneier defines “security theater” as, “(S)ecurity measures that make people feel more secure without doing anything to actually improve their security.”
Does cutting the president off from contact with the American people improve his security? Or does it merely make him (and the broader citizenry) feel more secure?
How one answers those questions probably predicts how much of a threat one considers the Salahis to have been.
Innumeracy in action
“1 in 7 Detainees Freed Returns to Terrorism, Pentagon Says,” reads the headline.
So the alternate headline (studiously avoided): “6 out of 7 Detainees Freed Either Don’t Return to Terrorism, Or Were Never Terrorists From Start, Pentagon Says.”
Also buried well into the article:
“Terrorism experts said that a 14 percent recidivism rate was far lower than the rate for prisoners in the United States, which, they said, can run as high as 68 percent three years after release. The experts also said that while Americans might have a lower level of tolerance for recidivism among Guantánamo detainees, there was no evidence that any of those released had engaged in elaborate operations like the Sept. 11, 2001, attacks.”
So to recap:
* Joe Criminal from the US, let out of jail: more than 2 out of 3 times, goes back to crime.
* Alleged “worst of the worst” Guantánamo detainee: goes back to crime only 1 out of 7 times. Or almost 5 times less often.
{blink}
This must be some new-found definition of “worst” I wasn’t previously aware of.
Now what?
Conficker has come and gone and… No one can figure out what it did, if anything.
The Guardian posts an “all clear” piece, but as I just commented: “(W)e don’t know whether or not Conficker has done anything. We only know that if it has, we haven’t been able to notice what it is.”
I don’t think this is necessarily a case where “no noticeable effect” should equal “relief that nothing happened.” If anything, no noticeable effect should be scaring the bejeezus out of people since it could well be adding plausibility to my hypothesis that properly executed exploits have no noticeable effect.
Analogy
While writing a comment on Metafilter about computer security, I had a sudden realization:
Computer exploits are just like Galbraith’s “bezzle” — they have a time parameter, and (mildly rewriting), “…there exists an inventory of undiscovered broken security in — or more precisely not in — the country’s information systems…”
What’s also interesting is that Galbraith writes as if embezzlement always is discovered, sooner or later. As does Schneier, when it comes to security breaches. I don’t think either of them are that naive, but are instead writing to some degree with an optimistic eye — the bad guys will be caught, eventually.
Open sesame
The shifting sands of cultural assumptions and security. (Let alone, how long it takes for someone to a) notice and b) do something.) jaylake tweets:
“what’s weird about the ‘Mother’s maiden name’ as a default security word is that many of us have divorced mothers who use their maiden name”
It’s genius — once you say it out loud, it’s obvious.
Letter to the NYT
John Markoff (“Do We Need a New Internet?” 2/14/2009) saves the flaw in his argument for his last sentence: the goal of, “a completely trustable system.”
This goal is without precedent. It does not exist in software, nor in the material world — which is why we have police, attorneys, diplomats, and soldiers.
His suggestion for attaining this goal is what software expert Joel Spolsky has called, “the single worst strategic mistake that any software company can make”: Rewriting the code from scratch. Only it wouldn’t be for one company, it would be for all of the Internet.
Rewriting the code is a mistake because it turns out the most arcane parts of it are responses to situations in the real world. Throwing out the code means throwing out that learning and experience.
“Reinventing the internet” wouldn’t create something safe. It would only create something unsafe in different ways.
I can see clearly now
James Fallows writes about how Google Maps has restored clarity to images of the Naval Observatory grounds — Dick Cheney’s old house, now inhabited by the current Vice President, Joe Biden.
Here’s what I wrote to Jim:
*^*^*
Jim:
I can’t find it just now, but one of the things I noticed back in the day was not only was the White House somewhat fuzzed out — which I could see the reasons for, even if I didn’t agree with them — but the courtyards of the adjacent Old Executive Office and Treasury buildings were as well.
That just drove me nuts. Because it would not have occurred to me to look for something suspicious there. But by fuzzing them out, whoever sent out that order tipped their hands that there was something worth paying attention to there.
It was one of many times I would shout at my monitor the words of Casey Stengel about his hapless Mets : “Doesn’t anyone here know how to play this game?!”
Perhaps the biggest mystery about the Bush-Cheney years was how they could sell themselves as “experts” or “vigilant” about national security and intelligence issues, while flubbing the details so routinely.
Update: I am happy to report that Google has unfuzzed the whole White House area. Which means those anonymous looking courtyards are now just as anonymous looking as they *should* be.
– Hal
*^*^*
This is as clear an indication as any that security theater is out, and genuine security is in.
Reagan’s questions
When Reagan debated Carter, his first question was picked up a lot.
But I think looking at all of Reagan’s questions shows just how disastrous the Bush administration has been for this country.
I agree with Reagan that it’s time for, “another choice.”
*^*^*
“It might be well if you ask yourself are you better off than you were four years ago? Is it easier for you to go and buy things in the stores than it was four years ago? Is there more or less unemployment in the country than there was four years ago? Is America as respected throughout the world as it was? Do you feel that our security is as safe? That we’re as strong as we were four years ago? And if you answer all of those questions yes, why then I think your choice is very obvious as to who you’ll vote for. If you don’t agree, if you don’t think that this course that we’ve been on for the last four years is what you would like to see us follow for the next four, then I could suggest another choice that you have.”
