Schneier on Security
A blog covering security and security technology.
« Cybersecurity at the Doctor's Office |
| Friday Squid Blogging: Squid Scalp Massager »
May 18, 2012
Kip Hawley Reviews Liars and Outliers
In his blog:
I think the most important security issues going forward center around identity and trust. Before knowing I would soon encounter Bruce again in the media, I bought and read his new book Liars & Outliers and it is a must-read book for people looking forward into our security future and thinking about where this all leads. For my colleagues inside the government working the various identity management, security clearance, and risk-based- security issues, L&O should be required reading.
L&O is fresh thinking about live fire issues of today as well as moral issues that are ahead. Whatever your policy bent, this book will help you. Trust me on this, you don’t have to buy everything Bruce says about TSA to read this book, take it to work, put it down on the table and say, “this is brilliant stuff.”
I'm hosting Kip Hawley on FireDogLake's Book Salon on Sunday at 5:00 - 7:00 PM EDT. Join me and we'll ask him some tough questions about his new book.
Posted on May 18, 2012 at 6:06 AM
• 17 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Your moral victory is complete.
Honestly makes me wonder if he realized "wait, the whole world is against me and I'm not going to get anywhere this way" and decided to 180 switch.
TBH I hadn't heard his name before the debate between you two. You spanked him. Now I hear his name regularly, and he is growing in me now.
Personal strategy to become an "expert" by following in your footsteps?
What I wonder most about considering his "180 degree turn" is... Did he really think the security theater wasn't theater, or did he know it was theater and what were his reasons to continue it?
I'm kind of assuming he knew. So did he continue theater to let the TSA grow to be a big agency, to get money, to make people feel secure?
Kip's set you a challenge by buying your book, you are going to have to reciprocate...
Not that I think Kip's book is going to be unworthy of a read, he is afterall a fairly intelligent person with an insiders perspective which hopefully will give at the very least a counter point perspective to consider.
Kip says, "I might wish to retort that just because you don’t understand something, doesn’t mean it is stupid."
But if he (and others) offers explanations for it, and those explanations are transparently stupid, then yes, it is stupid.
He later goes on to argue in favor of CYA over-reaching. Good grief.
@Clive, what a great idea. I'd love to read Bruce's review of Kip's book. I haven't bought it yet, but it's on my "watch list".
Not being American nor having travelled there this century, I don't have any direct experience of TSA. But it is reassuring that its head is the kind of person who is not prejudiced by some disagreements into thinking his antagonist is worthless. It's certainly some kudos for you, Bruce, to have such a glowing review from someone who certainly can't be accused of being a fawning fanboy. :-)
And yes, Kip is probably right to say that we don't have all the facts - there are certainly institutional and reputational pressures(*) on his organisation that we're either unaware of, or think ought not to be present. If the society (Americans, and those who travel there) want to change what TSA does and how it does it, the way to do so is to identify and manipulate those pressures. Perhaps via elected representatives, perhaps not.
(*) I'm using the terminology I learned from Liars and Outliers - just having this simple and intuitive classification of these influences makes understanding the issues so much clearer, so thank you!
By not having a negative knee-jerk reaction to Bruce, someone he has gone head-to-head with in the past multiple times, Kip Hawley proves he's not some mindless government functionary.
Whether you agree with his opinions or not, you have to agree that in his blog Kip showed integrity and intellectual honesty, two character traits that you would want in any security professional.
"I'd love to read Bruce's review of Kip's book."
I've read it. Aside from the FireDogLake Book Salon on Sunday, he and I are going to do another interview where we'll talk about a lot of things in the book.
kip is playing politics. I see this kind of thing at the workplace all the time-bootlicking. Recall the iraqi information minister? Thats Kip H for you.
@Rookie: Whether you agree with his opinions or not, you have to agree that in his blog Kip showed integrity and intellectual honesty, two character traits that you would want in any security professional.
One post does not compensate for ongoing efforts to spread FUD and justify expensive, mostly useless policies and techniques.
You have a point, but actions speak louder than words. Especially typed or written words.
Regarding his "180 shift" maybe he got tired of looking himself up on go-ogle, the search results actually have changed since I last checked, and yours truly (B.S.) pops up now :)
Well, just wonder if he read your last blog entry. Seems a little like rule 12 to me:
The twelfth rule: The price of a successful attack is a constructive alternative. You cannot risk being trapped by the enemy in his sudden agreement with your demand and saying "You're right--we don't know what to do about this issue. Now you tell us."
I feel compelled to quote "Il Principe" from Machiavelli again: "Keep your friends close and your enemies closer". But since I don't know Mr. Hawley personally, perhaps my skepticism is better expressed by refering to Laocoon's "Timeo Danaos et dona ferentes". (Virgil, Aeneid II, 49)
1. machiavelli dude: "Keep your friends close and your enemies closer." great strategy, if you want to spend your life as a neurotic/paranoid freak magnet. has it not occurred to you that you want to keep your enemies AWAY from you? this is one of those favorite chestnuts of the pseudo-intellectual. here's another one: "live each day as if it were your last." great idea! i'll just skip work tomorrow, steal a car, and spend all my money on prostitutes! hopefully i'll die by tuesday, or else next week's really gonna be a bummer.
2. kip hawley: "I think the most important security issues going forward center around identity and trust." going forward? please, sir, kindly regale us with your witty musings on security issues going BACKWARD, because that's what the man on the street is clamoring for! why hasn't this retarded expression been relegated to the dustbin, along with other familiar dumbass words & phrases like "having said that..." and "meme" [a douchey way of referring to a joke] and "fixie" [a description of some spindly geek's new bicycle, which only has one gear]?!?
what the hell is wrong with everybody?
"has it not occurred to you that you want to keep your enemies AWAY from you?"
So you're more of a von Clausewitz man then ?
what the hell is wrong with everybody?
Pseudo-intellectual gits such as myself overly relying on the fact that people can put quotes in their correct context instead of just taking them at face value.
> what the hell is wrong with everybody?
Education, I guess. Or whatever passes for it nowadays - people just repeat what they were told, without bothering to think for themselves.
The problem with TSA is not that is a "security theater" or ineffective or whatever. There are few things in this life worse than *effective* government bureaucracy.
The problem with TSA is that it is thoroughly immoral and illegal (at least if one considers US to still be a constitutional republic, and not some sort of fascist state).
And, anyway, Kip Hawley is thoroughly delusional - blathering about "trust". Why would anybody with IQ bigger than that of a cabbage would trust a person who's got a gun and thinks it's his right to deny you the right to travel around - a prison guard, in effect? Identity management? That'd be extra-judicial (and, again, thoroughly illegal) blacklists and totalitarian "your papers, please"? Security clearance - aka, "we own your sorry ass if you dare to tell the world about what we do"? "Risk-based" - meaning the cushy jobs are ours, and all the risks are yours - to your wallet, to your life, and to your freedom?
I'm willing to bet that our host won't say anything of this sort to Mr. Hawley, though. It's all about value-free security, you see. The fact that "security" isn't value-free and cannot be separated from morality (and, in fact, a lot of effective "security" is not done by decent people precisely because it's immoral). But who am I to explain to the famous expert in security that reading spouse's e-mails to detect cheating isn't done not because it's ineffective or too expensive or because it inconveniences her - but because it is not honorable?
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.