Schneier on Security
A blog covering security and security technology.
« Child-Repellent Sounds |
| CME in Practice »
December 6, 2005
(That's the 911 emergency service, not the September 11th date.)
This is a really interesting article from Wired on emergency information services. I like the talk about the inherent strength of agile communications systems and its usefulness in disseminating emergency information. Also the bottom-up approach to information.
Posted on December 6, 2005 at 12:05 PM
• 9 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
this is a great article. i like that it also stresses points you've made before--that you (more or less) can't go wrong in realizing that emergencies happen and investing in the resources and equipment needed to respond to them, whether they are from natural disastors or a terrorist attack.
I can't but help feel that this sort of thing runs the risk of initially leading to a form of paranoia or institutionalised fear, and then - as time progresses - to a state of lassitude and chronic alert-weariness where "yet another alert" gets ignored because the last week's alerts weren't relevant.
What differentiates a _real_ emergency from the 50 or 100 or 50,000 other 'emergencies' notified to the system today? What's the quality-control on the mechanism(s) used for creating and tagging the alerts? How do you filter the signal from the noise? What precautions are in place to secure the alert injection-points against malicious use?
An open, flexible signalling system is the only way to go.
If a storm is coming and I live on high ground and you live on low ground, we have different decisions to make based on the same aggregate information. This approach would let the individual respond intelligently to an unexpected disaster, and even to a not-yet-defined disaster. (If power goes out in chainwise sequence, following the watercourse below a dam, I'm guessing the dam burst, even though I have no information on the state of the dam.)
It is the lack of flexibility in authoritarian top-down one-solution-fits-all programs that dooms them, and us.
CAP's privacy stance worries me. They dispense with all privacy as their solution to defend against disinformation. Anyone with information to contribute has to accept the risk of retribution, or remain silent. Leave it to me to weigh the risks before deciding to call, and I am liable to 'mill' a long time, and never make the call.
As an example of the risk of identification, locally, we have a program for reporting neighbors' cars registered out of state (where it's cheaper). There is a website for ratting on them, but with forced server logging, there is no anonymity. There is no phone number (for a call from a payphone) or even a mailing address (for an untraceable postcard). The government wants all information traceable. Choosing to forgo my anonymous help is their decision, and they seem happy with it.
Side issue: One 911 issue that needs addressing: operators are often trained to do anything they can to keep the caller on the line, while hiding this intent from the caller. This hidden agenda not only confounds information transfer but can endanger the caller. The public needs to know about this practice and the centers need to quit deceiving people.
"operators are often trained to do anything they can to keep the caller on the line"
I have occasionally called 911, and in every instance I can recall, I was kept on the line only long enough to get enough information to dispatch the appropriate emergency crews. Perhaps this is a regional problem?
Thank you for noticing this story - in which Mr. Schneier's very important critique of security theater is an obvious, if implicit, thread.
Another topic that got short shrift in the story, as Roy Owens correctly notes above, is privacy. The privacy issue needs a lot of careful discussion and analysis. I felt I could only "tag" this by writing that such a system "blatantly violates" privacy. Another issue that didn't get addressed, was ownership of the data. Can this data be FOIA'D by journalists or other citizens? Also, control of the security layers is likely to create continued disputes. I hope the story at least exposes the value of a distributed warning system, a value that I think is high enough to invite a lot of discussion of its risks.
I wouldn't be happy with my address being given to the local school as soon as I pick up the phone to 911 (112 in Europe). On the other hand, I trust the 911 operator to know when to expose it - if I'm calling because of domestic violence, I might not want the world to know, but if my house is on fire it's not very private information anyway. The main thing for me would be that I'd want a way of knowing what decision was made and where my data went.
It's very interesting, thanks for article!
That's the difference: Reading 911 my first thought was at the 911 of Porsche (http://en.wikipedia.org/wiki/Porsche_911)
You might also be interested in a recent article about how 911 services are being abused in my home province of Ontario, Canada. People are having no problem remembering the number, and there's no charge for calling it, which is causing a problem with some people who are, in my opinion, mentally challenged.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.