Schneier on Security
A blog covering security and security technology.
« Security Skins |
| A Comment on the UK National ID Card Program »
July 1, 2005
Evaluating the Effectiveness of Security Countermeasures
Amidst all the emotional rhetoric about security, it's nice to see something well-reasoned. This New York Times op-ed by Nicholas Kristof looks at security as a trade-off, and makes a distinction between security countermeasures that reduce the threat and those that simply shift it.
The op ed starts with countermeasures against car theft.
Sold for $695, the LoJack is a radio transmitter that is hidden on a vehicle and then activated if the car is stolen. The transmitter then silently summons the police - and it is ruining the economics of auto theft....
The thief's challenge is that it's impossible to determine which vehicle has a LoJack (there's no decal). So stealing any car becomes significantly more risky, and one academic study found that the introduction of LoJack in Boston reduced car theft there by 50 percent.
Two Yale professors, Barry Nalebuff and Ian Ayres, note that this means that the LoJack benefits everyone, not only those who install the system. Professor Ayres and another scholar, Steven Levitt, found that every $1 invested in LoJack saves other car owners $10.
Professors Nalebuff and Ayres note that other antitheft devices, such as the Club, a polelike device that locks the steering wheel, help protect that car, but only at the expense of the next vehicle.
"The Club doesn't reduce crime," Mr. Nalebuff says. "It just shifts it to the next person."
This model could be applied to home burglar alarms:
Conventional home alarms are accompanied by warning signs and don't reduce crime but simply shift the risk to the next house. What if we encouraged hidden silent alarms to change the economics of burglary?
Granted, most people don't want hidden alarms that entice a burglar to stay until the police show up. But suppose communities adjusted the fees they charge for alarm systems - say, $2,000 a year for an audible alarm, but no charge for a hidden LoJack-style silent alarm.
Then many people would choose the silent alarms, more burglars would get caught, and many of the criminally inclined would choose a new line of work....
I wrote about this in Beyond Fear:
A burglar who sees evidence of an alarm system is more likely to go rob the house next door. As far as the local police station is concerned, this doesn't mitigate the risk at all. But for the homeowner, it mitigates the risk just fine.
The difference is the perspective of the defender.
Problems with perspectives show up in counterterrorism defenses all the time. Also from Beyond Fear:
It's important not to lose sight of the forest for the trees. Countermeasures often focus on preventing particular terrorist acts against specific targets, but the scope of the assets that need to be protected encompasses all potential targets, and they all must be considered together. A terrorist's real target is morale, and he really doesn't care about one physical target versus another. We want to prevent terrorist acts everywhere, so countermeasures that simply move the threat around are of limited value. If, for example, we spend a lot of money defending our shopping malls, and bombings subsequently occur in crowded sports stadiums or movie theaters, we haven't really received any value from our countermeasures.
I like seeing thinking like this in the media, and wish there were more of it.
Posted on July 1, 2005 at 12:19 PM
• 49 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Your link to the NY times is invalid (goes to example.com).
You know, the best car theft prevention device is probably a blinking led. Costs less than $1 and gives an impression there's an alarm system installed.
The LoJack is a bad example to pick, a more likley explanation, like that for CCTVs is that the persons stealing the cars have not yet evolved an effective counter measure. Be assured they will quite quickly, they always do to purely technical security systems.
The other problem is resources, silent alarms in houses are unlikly to work, in the UK it takes the police something like 45 minutes to respond to an active alarm in a town longer in the countryside, are they going to respond any faster to a silent alarm (very unlikley).
When banks initially introduced silent alarms they worked, however evolution happened if the robbers where quick they did not get caught, fairly soon only quick robbers where attacking banks.
Then cammeras where put in banks initially they worked, again evolution happened and they ceased to be a cost effective deterant (it's one of the reasons CCTV tapes of crimes in progress are of appaling quality).
If security is going to be effective for more than a short while, and therfore be a reasonable return on investment then it has to be very adaptable and respond as quickly to evolutionary change as the theives.
As far as I am aware the only sufficiently flexible security device so far is a well trained police/security officer, backed up by sufficent resources so that they can do the job people want them to do (and not as in the UK spend most of the time filling out Government instigated forms).
As far as I can see all technical security systems are so expensive they now have to be dual use, the secondary use being that of raising revinue. It is one of the reasons you see these appaling "Trafic cop" programs on TV. In the UK CCTV looks like it is going to be used as an adjuct to "Congestion charging" in that it will be used to charge motorists 15USD a day to drive in central areas or major roads.
Hmmmm. But if we apply this to IT, there's (usually) no way for an external attacker to determine whether or not there are IDS / IPS / whatever deployed behind the perimeter. There's no way to determine response policies, monitoring solutions like SIM / SEM (our outsourced equivalents like Counterpane or Verisign), or to determine vulnerability management solutions.
So doesn't the IT secuirty industry already employ the "silent" alarm approach? If so, the argument should be that attacks should fall - but we're not seeing that.
I suppose for IT the assumption has therefore to be that almost everyone has some class of silent alarm, and therefore the attacker's mission is to find out how good they are.
The reason is that there is *no* "silent alarm" approach for IT.
The "silent alarm" depends on the accurate, timely response of security professionals (usually police), which is often impossible in computer attack scenarios. Criminals are not intimidated by any kind of computer alarm because they know their risk of being actually, physically caught is vanishingly small.
I've fixed the link; thanks.
At first glance, I like what you say, however, with these types of 'solutions', I think you end up with infinite regression of shifting the crime to stopping it.
If I am in need of the money, my alternative to stealing the car, burglarizing the house, etc., seems to be a shift to a different form of crime, ie., muggings, stickups and the like rather than 'going straight'.
I suppose some will seek countermeasures, such as speedier burglaries, and perhaps some will go straight and become bank presidents, but most will still seek to get paid the same old way, they'll take it.
From the point of view of the person who installs a visible alarm on his/her car, displacing the thief to steal someone else's car counts as a definite success. Remember - you don't need to be faster than the bear chasing you, you only need to be faster than one of the others who are running away.
We've seen this in the UK: installing CCTV cameras in city-centre high-crime areas merely displaces the crime out of the town-centres to the un-CCTVed environs.
Isn't there an obvious counter measure to LoJack? Just take the car you just stole, and park it somewhere else for a few hours. If the police come and pick it up, you lost that one and have to steal another, but at least you didn't get caught. This reduces the effect of LoJack to that of the Club.
That is a good idea, seems like that would have been thought of instead of deterring the car thieves by 50%. Although if done often enough the police might catch on and and stake-out the found stolen cars instead of immediately recovering them.
How does the LoJack actually determine that a car is being stolen? Does it check whether the engine is started without a key? If yes, then I'm not sure it's a good idea - I'm playing devil's advocate here, but wouldn't its widespread adoption then lead to car thieves mugging car owners to get the actual keys for the car instead? Car theft would still be a problem, but you'd also have people being mugged and possibly hurt, which seems like a bad tradeoff - if I had the choice, I'd rather have my car being stolen than me being mugged (and my car being stolen on top of that).
Of course, it might deter "amateur" criminals, but that ultimately carries the same risk as using antibiotics without knowing what you do - it merely creates an environment where those who're resistent (in this case, the "professional" car thieves) will flourish, so it might well lead to a net increase in crime in reality.
Just food for thought.
(Correct me if I'm wrong, someone.) When you find that your car is gone, and have checked to make sure it wasn't towed (towing companies have to notify the police), you activate the LoJack, and the police track the signal. It doesn't try to guess on its own.
A lot of this comment thread misses the point, it seems. I doubt that anyone is saying that LoJack will spell the end of automobile theft. If you regard not living up to that lofty standard as abject failure, then we live in a world full of losers.
The point is to start thinking in terms of making criminal activity less profitable for the effort than ligitimate activity. Most current risk-mitigation strategies out there work on the idea of "glad that wasn't me," and make a certain level of callousness into a virtue. Not caring how much crime there is out there, as long at it doesn't touch you, is a recipe for trouble. The point behind Kristoff's article is that the LoJack system, by raising the chances that car thieves will be caught, pushes them towards less risky (and perhaps even legal) pursuits without doing significant damage to innocents in the process. That being understood, we should start looking for ways to apply this same concept to other forms of criminal activity. Of course, no solution will be foolproof - there's always a better fool. And there will always be people whose sense of entitlement will lead them to try to take what others have worked for, by guile or by force. But we shouldn't allow the perfect to be the enemy of the good, nor hopelessness be the enemy of innovation.
Actually from what I understand, after Lojack became common, thieves responded by removing the car battery, and leaving the car alone for a few days until the possible Lojack's internal battery died, then recovered the car. Police responded by staking out the car until the thief came back for it. The manpower required for the stakeout was effective because it was big rings that could go to the trouble of letting a car sit for several days.
I've heard rumor of some thieves going so far as to put the car in a sort of Faraday cage, but I don't know how true that is.
What's to stop criminals from catching on, and finding the radio transmitter to remove it?
It'd never be worth it to introduce a security measure that would convert an attack that would normally include material to include people.
Take cars for example, ít's only a car (of which your insurance would cover anyway).
Another thing to be careful about is security measures that involve body parts. I'd think twice before deploying a security measure for something valuable the bad guys could get around by ripping off some body part of mine (such as a fingerprinting device the bad guys could access by ripping off my finger).
When it comes to security measures never ever introduce anything that put people at risk!
I agree that this is an excellent approach to discussing security, but I do not agree that we can simply say detective controls like Lojack are also preventive.
Lojack is certainly only effective as the response, as others have pointed out above. In addition it is very suitable for sting operations, but some people do not really want their car back after it has been red-lined and driven through hedge-rows. And if the car owner does not realize a car is missing the system might not be activated. Have you ever used a parking garage while you are away on an extended trip? Or consider this: it takes about 1hr for a car thief to nab and strip a car clean. So LoJack is best for *recovery* from amateurs and petty joy riders. Is that who the study was based upon -- who committed the majority of car theft?
Another interesting point I think I've posted here before is that LoJack are sometimes setup with a "secret" for the ignition called an interlock, which uses a switch or lever (e.g. rear defrost button). While this might seem like a good idea for prevention, most theives know it's just like any kind of secret that can't be changed or modified...people either tell everyone or disable it for convenience.
And finally, LoJack is installed after-market and often improperly with damage to the vehicle or with sensors in the wrong place. The LoJack is really only as effective as the guy with the hammer and drill...so who verifies the install?
I think the actual lesson is that adequate detective controls coupled with rapid response and fair oversight makes for good security because it has a popular deterrent effect.
Take out the fair oversight and you have the dilemma with surveillance cameras. Take out the rapid response and you have the dilemma with IT (discussed above).
Take out the detective controls and, well, you end up with the dilemma of preventive measures such as a pre-emptive strike...
@Flange - Good point. It's a classic case of 'Supply and Demand' - there is a certain 'demand' for ill-gotten money (one could argue it's unlimited, but fortunately there are a limited number of people that actually engage in such behavior). Changes to the supply may eliminate some negligable amount of demand, but will shift the criminals to another source of supply.
Shifting the demand also depends on the criminal's willingness to push crime to a higher level - an example is carjacking. Carjackers now think (rightly or wrongly) that they have less chance of getting caught if they kill their victim to prevent him or her from calling the police (while this does provide some deterrence, it increases the interest in their capture and prosecution by several orders of magnitude -hopefully criminals will learn that this is a losing strategy).
The burglary situation is completely different than 'LoJack' due to (as mentioned earlier) the appalling amount of time it takes for police to respond to an alarm - it can be over 2 hours in my community, which is upper-middle class and considered well-policed (fire and ambulance response is very good, though). This is unlikely to change due to my city's and state's (also appalling) financial mismanagement. With LoJack, the police are silently tracking the stolen property. With a silent burglar alarm, the police are silently tracking the location the property was stolen from - two very, very different situations. I don't think I can fit a LoJack device in my fiancee's jewelry, at least with current technology and the amount of money I have left after buying said jewelry.
Also keep in mind (at least us USians) that it is not the local police force's responsibility to prevent crime. They don't even have to enforce restraining orders (recent Supreme Court decision). Their ability to prevent crime is conducted on a 'best effort' basis. For premisis security, you would be better off using private measures if you can afford them, are comfortable with them, etc. Some alternatives are alarms (silent or otherwise) with private response (armed or otherwise) with a guaranteed response time. Various personal protection measures can also be applied if one is willing and able to confront a criminal (trying to avoid the 'g' word, Bruce) - this is certainly not for everyone. If you have enough loot to make it worth while, your insurance company may pressure you or even compel you to take additional measures.
Personally, I think everyone is best off making their security (physical, data, emotional, and otherwise) their own responsibility, and relying on the government as little as possible. The more you pass the buck to others, the less secure you'll be. One might argue that this can't apply to banks and credit bureaus and what not, but with the correct legal framework, it can. One way to simplify this for the individual would be if the govenment estabilished reasonably high default levels of liability when security-related data compromises occur. Make the companies liable for a minimum of $1000 if you are not defrauded, $2500 if your existing debit / credit accounts are used improperly as a result of the breach, and $50,000 if actual identity theft occurs. If the actual damages are higher, one could take the offensive company to court. If they are not, they should be able to fill out a one-page claim form and get paid. This actually helps everyone involved - the individual victims can be fairly and quickly compensated, and the companies have a baseline for the value of their data which allows them to assign the appropriate priorities to security.
Some might think these penalites are steep, but they should be. Companies that mishandle sensitive data shouldn't just be able to go "Gee, we're sorry, our bad" and get on with their lives (and maybe provide some congressional blowhards or attorneys general with higher gubanatorial ambitions with promises that it will never happen again). It should cause them extreme pain. It should cause their shareholders to burn the board members and executives in effigy outside the headquarters. It should get the CEO (and possible CIO and COO) fired.
Here's the text of the study on LoJack:
I have several problems with this article. Although it's obviously meant to be provacative, statements like this seem over the top:
"People who would never think of putting a sign in their car window saying, 'My neighbor leaves her keys in the ignition' feel fine putting on a steering-wheel bar that has basically the same effect."
And here's another one:
"We need to change social customs. Folks who make life easier for thieves are imposing costs on the rest of us. The damage is just like that from secondhand smoke."
This takes the argument that we have a social responsibility to prevent harm to a startling extreme. I'm not certain I would be so quick to pull the culpable negligence card on car owners unless car manufacturers have produced sufficient options to prevent theft. Most car theives know which cars have a master key, or quickly (under 10sec) succumb to a slimjim and screwdriver. So if you happen to own one of those cars, should you be fined or the company that made them and never made it possible to secure them for a reasonable cost?
"Personally, I think everyone is best off making their security (physical, data, emotional, and otherwise) their own responsibility, and relying on the government as little as possible."
Fine, but do you get a better return on investment by working within a larger context/community to use a variety of silent detective measures with shared enforcement, or by using obvious and obnoxious preventive controls just like your neighbor with that annoying car-alarm that never stops?
This substitution theory is pretty well known. John Lott wrote about it in terms of concealed carry pistol permits in “More Guns, Less Crime��?. Such that states that allow people to carry a concealed fire arm experience drops in crime. It only takes one woman to pull a gun on a mugger or rapist to make them more cautious of preying on another woman.
As I mentioned this theory is usually based on substitution, such that in many cases it just causes one type of crime to drop while another will increase. The example Lott gave was a few years ago in the middle east it was mostly Palestinians opening gun fire on Israeli civilians, it was only after Israelis began carrying guns and fighting back that suicide bombers became common. It makes me wonder what car thieves will switch to, since most will not likely abandon their life of crime.
Interesting comment, but Israelis have always carried guns and always fought back. In fact, many people often refer to the significance of a 1984 incident in Jerusalem when three terrorists with machine-guns were disabled by numerous civilians who returned fire with handguns.
Israeli policy has been that armed guardians should be near every place there are potential victims, and most civilians have served in the military. Schools do not send children on field trips unless the children are accompanied by at least one teacher or parent carrying a gun. Many neighborhoods are actually patrolled by "civil guards", which are essentially teenage volunteers carrying government-issued guns.
Although from our perspective it might seem that suicide bombing is in some way a guerrila tactic to defeat heavily armed opposition, suicide bombers appear to have evolved simply through a growth of fanatacism (with leaders who recruit volunteers to impart maximum destruction through an "aura" of holy servitude). Note the Human Rights Watch report (see page 15) "Erased in a Moment":
When considering the situation in terms of security measures and deterrence, don't forget that "suicide" is the operative word here and the bomber is often led to believe that they are actually better off dead. It is not clear to me that security has the right approach or tools to deter these people from fanatacism.
Methinks Mr. Lambert has been waging a longstanding war against John Lott (see http://timlambert.org/lott/ ).
Lott's academic credentials are impeccable, while Mr. Lambert's are not stated on the pages I viewed. Furthermore, due to the political ramifications of his efforts, Lott has been challenged repeatedly for years -- and has answered his critics in depth -- as described here ( http://triggerfinger.org/features/... ).
Lastly, one need only consider the following facts regarding concealed-carry:
- More and more states are successfully adopting CCW laws (over the past several decades nearly every state has relaxed right-to-carry laws) with attendant reductions in violent crimes
- The UK has suffered from a veritable explosion in firearms crimes since the handgun ban that followed the Dunblane massacre (see http://news.bbc.co.uk/1/hi/uk/1440764.stm )
- Likewise, Australia has seen catastrophic increases in violent crimes since restricting law-abiding citizens' rights to firearms ( http://www.newsmax.com/articles/?a=2000/6/26/... )
It doesn't take a rocket scientist (or a statistician) to see the effects of sensible CCW laws in the US. And, more importantly, the disastrous effects of draconian anti-self-defense laws in the UK and Australia.
roll your own lojack! you will need a cell phone with a gps locator built in (i don't know if these units exist yet) or attached to one. disable the ring function on the cell phone and modify it so that it automatically answers calls and transmits its location to the phone you're calling it on post-theft. after it tells you where your stolen car is, round up some friends and go over there with shotguns...
There is a valid point here that people are trying to address. The point that a few targets taking visible security measures shifts harm to the targets that do not. The problem is that although the author of this newspaper article grasped that point, which is a point Bruce wanted to promote, that author comes to non-sensical conclusions about the way to deal with the problem.
Take the car theft example. The answer is not that those who chose to take measures to protect their car should take stealthy measures that benefit all car owners to some degree. The answer is that all car owners who are worried about it should take measures to protect their car. If everyone has the Club, there is not shifting based on people using the Club.
The answer is not that those who chose to pay for home alarms should get stealthy alarms to benefit all homeowners, it is that all homeowners who are really worried about it should get alarms, stealthy or not.
The answer is not that shopping malls should only employ undercover guards if the stadium has no guards. The answer is that the stadium and the shopping mall both need guards, undercover or not.
"The answer is that all car owners who are worried about it should take measures to protect their car. If everyone has the Club, there is not shifting based on people using the Club."
Instead, there is an additional expense for all car owners to buy the Club and for all car thieves to buy bolt cutters for steering wheels. The only people who benefit are the manufacturers of bolt cutters and the Club.
Aren't "impeccable academic credentials" an oxymoron?
And support for firearms from a site called "triggerfinger"?
"Directorblue"? As in, police blue? You are a master of irony...
While one should not lose sight of the forest for the trees, it can hardly be prudent to see all forests as being the same. Terrorists use the same methods, but different groups have different agendas and, hence different strategies. When it comes to Islamic Jihad and Hamas, yes, it's true that any place could be a target, provided that there are Israelis present. For al-Qaeda, I just don't to see it being the case. If its strategy were the indiscriminent killing of Americans, then we would be witnessing scores of attacks on Starbucks and Walmarts already. Such attacks do not happen not because of anything we're doing, but because they would be counterproductive.
Al-Qaeda is not a group of mindless killers. Its leaders understand that small scale attacks against soft targets would only stiffen the American people's resolve to fight. On the other hand, a military fiasco in Iraq would greatly weaken America's position in the world-- hence, al-Qaeda's current activeness there.
"'The answer is that all car owners who are worried about it should take measures to protect their car. If everyone has the Club, there is not shifting based on people using the Club.'
Instead, there is an additional expense for all car owners to buy the Club and for all car thieves to buy bolt cutters for steering wheels. The only people who benefit are the manufacturers of bolt cutters and the Club."
There is no measure that is not part of an arms race, so how is this relevant? If the idea is for everyone's car to be harder to steal, then everyone needs to take measures to make their car harder to steal. Arguing that fewer people should secure their vehicles and spend extra money to do it in a way that also protects everyone else is not going to go anywhere.
A study was cited that said that in some area use of the Lojack had reduced car theft by 50%. Wouldn't you get the same effect if 50% of cars had the Club, assuming the cars were equally attractive otherwise (which is not true, but for our purposes here)? OH, but it wouldn't be FAIR because it would only be the 50% who took the precation of using the club who were protected. Nonsense.
You might argue that a smaller adoption of the Lojack, because of the uncertainty, would be needed to reach the 50% reduction. Say 10% of car owners bought the Lojack and that resulted in a 50% reduction in overall car thefts. Well, the Club I can buy for $50 and the Lojack is $695. You want me to spend over 10 times the money so that I also protect some of my neighbors? Forget that, they can buy their own Club and/or alarm. And yes, the theives will adopt their countermeasure, and the wheel never stops turning.
"Wouldn't you get the same effect if 50% of cars had the Club"
No, that's the whole point here. The club is a visible security countermeasure. With the club, car theft doesn't drop at all, it just moves to the 50% that were unprotected. Lojack is unique because **it protects even those who do not have it** by increasing the risk to the thieves, thus reducing the overall crime rate.
"A study was cited that said that in some area use of the Lojack had reduced car theft by 50%. Wouldn't you get the same effect if 50% of cars had the Club, assuming the cars were equally attractive otherwise (which is not true, but for our purposes here)?"
Of course there wouldn't be a 50% decrease in car thefts if 50% of people used the Club. The only way that would be true is if thieves operate by leaving the house with one specific car in mind to steal, and go home if they see a Club on that car.
With very high rates of Club adoption, you might see a small reduction in car theft, due to the fact that walking around with bolt cutters attracts the attention of the police. Other than that, the Club is a pure shifting measure, which also has a very low cost to thieves to overcome.
That's not equally true of some other security measures mentioned in this thread. House alarms at least get some criminals caught. And they defend against threats like the drunken ex-boyfriend trying to break into your house, who is not interested in your neighbor's house.
"Well, the Club I can buy for $50 and the Lojack is $695. You want me to spend over 10 times the money so that I also protect some of my neighbors? Forget that, they can buy their own Club and/or alarm."
Oh, I agree. If the cost difference were small, I might go for the countermeasure with more inclusive benefits, but if it's an order of magnitude more expensive, then no. I think that's why the op ed talks about silent alarms being funded by someone *other* than the individual. Could my city reduce crime rates by taking a little of the money spent on other security measures, and instead subsidizing Lojack and silent house alarms? I don't know, but I think it's worth looking at.
"Well, the Club I can buy for $50 and the Lojack is $695. "
It seems to me that one of the other points here is one that Bruce hits on quite frequently -- the individual people making security decisions make decisions that reflect what is best for them, not what is best for everyone. Obviously, you're going to buy the club: it's cheaper, and it prevents **your** car from being stolen, which is all you the individual car owners are concerned with. As far as the police are concerned, however, the club is worthless overall (unless everyone has one), because there is still the same amount of car theft. The solution would be to change the tradeoff so that the things that were good for you also benefit everyone else... for example, if insurance companies decided to subsidize the purchase of the Lojack system (either directly or through lower insurance rates) because overall it saves them money, then maybe it would be worth it to you.
While I'm not really familiar with either the lojack or the club, the lojack is much more user-friendly. In general, I do NOTHING every day of my life since my car is rarely stolen (I've never had my car stolen yet).
But the club is something I have to do EVERY TIME I leave my car. What a pain! If I forget on the day my car is prowled, I'll lose even though I may have secured my car many times before.
A passive system like the lojack sounds much nicer than the club, and I'm sure the actual cost is much lower should such systems become more widely deployed.
How easy/hard is it to block the lojack signal? Can it penetrate lots of concrete or other radio interference? Maybe we'll just see a rise in devices that emit jammers for the short time it takes to pick a car clean and deactivate any installed lojack.
That "more guns less crime" idea must be the stupidest thing I've ever heard. The more guns there's out there the more likely someone's gonna get shot (making everyone less secure).
Ari, Anonymous, directorblue, and everyone: let's not fight the gun control wars here, please. Thanks.
(I suppose this post could be considered a Club shifting the permanent floating flamewar about gun control over to the next blog.)
As a voice in the Australian wilderness, I'd like to point out that there has been no increase in gun crime in Australia. I have no idea where everyone got this idea from. A prime example of repeated mantra becoming fact.
WRT the main points of the article, I remember quizzing our alarm installer at a previous address about the benefits of 'upgrading' our alarm system. Conclusion was that our home was already protected to the maximum extent possible by application of the warning stickers to the outside windows. We chose not to upgrade. (Way to sell!)
'Bait' cars are widely used here to trap car thieves. Seems to be doing well. Certainly an improvement from the late 1980s when the it was the police who were stealing cars (search for Operation Trident Queensland.)
Another example of externalized benefit is that of immunization and herd immunity.
Nobody raised the possibility that car thieves might have shifted to internet crime - higher profits with so much lower risks.
I live in Miami, and the theves here curcumvent Lojack *constantly*. They know where *exactly* it is located (it's based upon car make and model), and how to disable it in minutes. Those are the professionals. The amatuers, drug-addicts, and those looking for quick cash are usually the only ones caught.
That study *has* to be wrong, or is very old.
In case you're wondering, the Miami region sells more high-end vehicles than everywhere except LA and New York.
Visible security measures don't just shift crimes, they also change behavior. Other commenters have referred to the rise of carjacking or of propery crimes other than B&E -- this wouldn't have happened if there weren't a cost associated with casing the car or the house to see whether it was protected.
A good security apparatus ought to be able to make use of those kinds of behavioral shifts to discriminate between white and black hats.
1) When I lived in a New Orleans suburb, all the neighbors had alarm systems and my wife nagged me to install one. Since we would have been the only house without a warning sign, I figured it at least made sense to put up the warning sign, but I balked at the monthly fee to the security company and installed a very token system. I think I got at least 90% of the benefit (including insurance discount) with about 10% of the cost and effort.
2) Re collective security effort paying off. If insurance companies randomly subsidized LoJack on 10% of cars and negotiated a volume discount to lower the price, it would cost everyone about the same as a club (or maybe less), but would increase the cost of car theft and lower the theft rate.
Sure professional car thieves would circumvent it, but it would increase their costs and risks at least for a while, which is about all you can expect of any technologicallly-based security measure.
"which is about all you can expect of any technologicallly-based security measure."
Which is why I like shoeleather-based security measures. Much smarter, much more adaptable. More resistant to mission creep.
Not as buzzword-compliant as CCTV or RFID though.
Another columnist who appears to "get it" writes the magic words: "Which might mean that all this talk about airport security is more about creating an illusion of safety rather than actual safety."
(I hope this doesn't require a registration)
False alarms are a problem. In Los Angeles the LAPD was responding to so many home and business false alarms that they got a law passed requiring the third false alarm triggers a fine to the owner, and the fine increases for each subsequent FA over the ensuing 12 months.
In the 80s and 90s car alarms were a big fad that one could hear them going off nearly all the time in any big city. But very soon people began to ignore them. And of course pro thieves learned quickly how to disable them anyway.
False alarms in cars are still a problem, even with expensive cars that have "phone HQ" silent alarms. An auto journalist for the BBC recently published an article describing his trials and tribulations with the alarm system of a new car he had just purchased. (Very high end sports car, Ford GT, 100K GBP) After several days of the alarm failing in a few different modes, including one in which the car reported itself as stolen and Ford HQ called Clarkson to confirm it. He was driving the car at the time, but had to authenticate with a spoken password - which he couldn't remember. (Can provide URL later if people are interested.)
ISTM that LoJack probably does not have a false alarm, though it can fail or be defeated. If a failure, the thief wouldn't know (the owner and LoJack Inc would). If a false alarm, the company can contact the owner and determine the false alarm. But neither of those reduces the effective deterrent effect of LoJack.
You're all way off. Increase the level of punishment for crime; even include physical punishment and humiliation. Singapore probably doesn't have the problems discussed here.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.