Schneier on Security
A blog covering security and security technology.
« Code Signing |
| Bad Game-Show Random-Number Generator »
September 4, 2005
From Karl Lembke:
In the latest Harry Potter book, we see Hogwarts implementing security precautions in order to safeguard its students and faculty.
One step that was taken was that all the students were searched – wanded, in fact – to detect any harmful magic. In addition, all mail coming in or out was checked for harmful magic.
In spite of these precautions, two students are nearly killed by cursed items.
One of the items was a poisoned bottle of mead, which made it onto school grounds and into a professor's office.
It turned out that packages sent from various addresses in the nearby town were not checked. The addresses were trusted, and anything received from them was considered safe. When a key person was compromised (in this case, by a mind-control spell), the trusted address was no longer trustworthy, and a gaping hole in security was created.
Of course, since everyone knew everything was checked on its way into the school, no one felt the need to take any special precautions.
The moral of the story is, inadequate security can be worse than no security at all.
And while we're on the subject, can you really render a powerful wizard helpless simply by taking away his wand? And is taking away a powerful wizard's wand simply as easy as doing something to him at the same time he is doing something else?
One, this means that you're dead if you're outnumbered. All it would take it two synchronized wizards, both of much lower power level, to defeat a powerful wizard. And two, it means that you're dead if you're taking by surprise or distracted.
This seems like an enormous hole in magical defenses, one that wizards would have worked feverishly to close up generations ago.
EDITED TO ADD: Here's a page on trust in the series.
Posted on September 4, 2005 at 3:27 PM
• 48 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Light relief always welcomed <applause>
As a cryptologist I would have thought you'd know to ROT13 plot spoilers!
Or was it doubble-ROT13-ed?
maybe not dead if outnumbered, Hagrid for example withstood attacks from several wizards at once. Also if you're called Harry Potter you can pretty much count on something saving your arse at the last minute if things get really hairy! Granted they dont make wizards like they used to though, we need wizarding national service!
I always boggle when the characters leave their wands behind or don't bother to carry them. In that universe, you might as well forget to have thumbs! First thing I would do is rig up some kind of springloaded arm holster for mine.
Indeed. It was foolish to whitelist the address in question. The wand thing, however is a hippogriff of a different color.
In the case at hand, the wizard from whom the wand was taken had been severely debilitated by the ingestion of a mind-altering poison. Under normal circumstances, as examples throughout the book series show, it would be extremely difficult to disarm a powerful wizard.
In general, in the wizarding community as in the muggle realm, those who are stronger can exert their will over the weak. However, each community also has behavioral norms which are enforced via informal sanction, as well as through police power. Hence, in both realms life needn't be nasty, brutish, and short.
Can we put this away and talk about Star Trek now? :^)
A very interesting story, and it certainly goes to show that you should trust noone. :) Assuming that certain things are safe without checking is asking for trouble.
As for the wands... well, it's J.K. Rowling, so what can you expect? She's not exactly a great writer (although admittedly a hugely successful one)...
Several of the more powerful wizards can cast spells/hexes without their wands, Snape can do this for instance.
Both Harry and Tom (Riddle) have been described as performing magic without a wand.
I anticipate that the final book will involve this.
Is this supposed to be funny?
"Is this supposed to be funny?"
Only if you have a sense of humor.
In the J.K. Rowling books, wizards are regularly fooled by the tricks of other wizards, and so place their trust in unreliable things - people, artefacts, evidence. One wonders how the Ministry of Magic is able to perform any useful function at all, if it is systematically unable to detect these tricks. For further examples, see my website http://www.veryard.com/trust/potter.htm.
It's worth noting that the other item is received by a student visiting the nearby town of Hogsmeade, which is outside the school's security perimeter. (It's noticed by school staff, but not before it seriously harms the student who found it.) This is not unlike the situation in an airport outside the security checkpoints.
There are actually some very interesting bits of security in the Potter series. One of my favorites is the Fidelius Charm, a spell that can restrict the flow of information by ensuring that only one person can communicate a particular fact to others. (It's used in the series to protect the addresses of sensitive locations, but there's nothing to suggest it couldn't be put to other uses.) This reminds me somewhat of a DRM system, although it's certainly far more effective than anything programmers have written thus far. In the series, the Charm does its job perfectly--but the security it provides fails when the person trusted to keep the secret turns out to be less than trustworthy.
Well if they'd protected their whitelist the baddy would have had to brute force the mail system by mind controlling heaps of senders. Then again, why the mind control? Cant a baddy spoof the 'from' address?
More imporantly, should Rowling be sued for teaching poor security systems to the children!? Think of the children!!! :)
Logic and consistency are not Ms Rowling's strong point.
For example: In book 5, we find out that, if you have two portraits of the same person, but in different locations, you can interogate one portrait about events observed by the other portrait. Then the good guys make their top-secret hideout in a house containing a portrait of an evil ancestress of the bad guys, who could be expected to also have portraits.
(Never mind the fact that nobody has seen fit to use this property to create a high-speed communication network - it is much faster and more reliable than owls.)
I haven't read number 6 yet - the first 3 were good, but 4 and 5 were disappointing.
The earlier in life that security thinking is instilled, the better for us all. To grasp how such things are supposed to work, how they actually work, and how they fail, will prepare kids for the real world ahead of them.
I believe the wand issue was addressed at one point---it is possible for power wizards to work magic with wands (as well as, as we saw in the latest book, without vocalization).
"can you really render a powerful wizard helpless simply by taking away his wand? "
Every time I see a plot-device like this ('SW III, revenge of the sith' is full of it^Wthem) I mentally scream "LANYARD!" at the characters as loudly as I can.
They never listen.
As for HW security:
- no segregation of internal resources, so once the bad-guys had a foothold they were free to roam inside (interestingly the bag-guys set up a block to good effect)
- known-evildoer allowed internal access on the assumption he was contained in a security sandpit.
- obscure tunneling protocol used to bypass perimiter defences. eggshell security.
- No egress filtering, the perimiter defences did nothing to prevent the badguys from escaping
- insufficient communication among the defenders, warnings were ignored.
- 2-tiered perimiter defence incorporating a 'trusted' channel
For a childrens novel this sure is a lousy security textbook :-)
Professor Dumbledore definitely doesn't seem to have the best ability to make wise security decisions. While minimizing any plot-spoiling references to the most recent book (and the glaring question of why you can't dump a goblet full of liquid onto the ground rather than drinking it), a security-minded reader has to wonder why a responsible headmaster would let children armed with no defensive spells attempt to deal with a lethal basilisk.
Well, what I'd be more interested in seeing is the kind of security the goblins implemented in Gringotts, the wizard bank. Hopefully they'd be a lot more clueful when it comes to such things (although they did have a security breach just shortly after Hagrid withdrew the Philosopher's Stone from them)...
The entire magic-wielding Rollins univerese is fraught with a "no-penalty" problem. In fact, one can argue that the childish behaviour of all higher-up magicians is a true-to-life consequence.
The problem is, simply, no effort. No one will clean up their roon if you can just as simply wave your hand and have the room clean itself up. Magic works magic, and it has no cost.
When something has no cost, it is not uncommon for it to be overused. A muggle learns about a world where every operation has a consequence, and learns responsibility. A magician learns about a world where almost any wrong can be fixed with a wave of the hand - where would he learn responsibility from?
As such, it should not be so surprising that the heads of the ministry of magic care mostly about how they will look, that searching for a way to create proper security is non-existant, and that most of the primary figures in the story are, shall we say, ridiculable.
Now one only has to try and figure out what makes real-life politicians this way. Maybe magic does really exist?
you don't need to take away his wand to disable a powerful wizard. just damage his crystal balls, ideally with your foot.
Its difficult to produce a consistent fictional world, which is why lying well is so difficult. The simpler you make your untruth, the easier it is to defend...
But, to quote Emerson, who, apart from saying "I hate quotes", also said "A foolish consistency is the hobgoblin of small minds", to demand perfect consistency of J.K. Rowling's stories would be a tad unreasonable of us.
Furthermore, while I'm stealing other people's intellectual property in the form of quotations, Arthur C. Clarke wrote "Any sufficiently advanced technology is indistinguishable from magic" - so rather than picking holes in the fantasy, it can actually be quite fun to try and come up with plausible reasons why things and people act the way they do in the fantasy, even when they seem silly, unreasonable and illogical. Coming up with plausible reasons for wierd behaviour is one way in which scientific progress is made e.g. how could light act as a wave (be diffracted) and also as a particle (the photo-electric effect)?
"I believe the wand issue was addressed at one point---it is possible for power wizards to work magic with wands (as well as, as we saw in the latest book, without vocalization)."
Then why was Dumbledore defenseless? (The answer could very well be "he chose to be, to further his goals," but if that's the case, why won't Voldemort immediately realize that Dumbledore was just pretending to be defenseless?)
"As a cryptologist I would have thought you'd know to ROT13 plot spoilers!"
By now, anyone who cares about spoliers would have read the thing.
For everyone else: better than #5, not as good as the earlier ones.
There is a better Brit fantasy author - Terry Pratchett - with a new book out - Thud! - which takes a knock at weak passwords. There is a passage wherein the vampire gives herself away by using her name written backwards as a bank-transfer password. Just as well she wasn't called Bob ;-)
""I believe the wand issue was addressed at one point---it is possible for power wizards to work magic with wands (as well as, as we saw in the latest book, without vocalization)."
Then why was Dumbledore defenseless? (The answer could very well be "he chose to be, to further his goals," but if that's the case, why won't Voldemort immediately realize that Dumbledore was just pretending to be defenseless?)"
Remember, he was severely weakened by the... er... previous events of the night.
Perhaps a wizard's wand is like a catalyst for magic; that is, while magic is possible without a wand, it's much more difficult and requires far more stamina and willpower and whatnot. In magical terms, the wand is a focus item - something that enhances the wizard's abilities when magic is applied to it.
Now, if we assume this to be true, we can infer from Dumbledore's weakened state that he simply didn't have the strength to perform a wandless cast.
"can you really render a powerful wizard helpless simply by taking away his wand"
If so, the logic should read: "you can render a wizard helpless simply by taking away his powerful wand".
That seems to be analogue to today's concept of power relative to the mastery of weaponry -- you must pull the trigger, so to speak, in order to do harm. Counter-measures for these weapons obviously include disarmament and/or distraction.
I find this very interesting since the historic concept of wizardry is probably the exact opposite of the above. Wizards were generally portrayed as truth-seekers and living repositories of knowledge (wisdom), who sought mastery of nature's elements. Even forms of very talented alchemy were done in advance and excercised without need for particular devices -- the very opposite of powers dependant on weaponry.
On the other hand, even Superman was vulnerable to kryptonite, so perhaps fantasy writers just need a simple vehicle for weakness...and Rowling needed a convenient way to take Dumbledore out of the picture, until the next book.
"Dumbledore's weakened state that he simply didn't have the strength to perform a wandless cast."
More likely that Snape's attack on Dumbledore was a charade by Snape and Dumbledore to protect Draco from Lord Voldemort. Dumbledore knew all along that Draco was meant to kill him and Dumbledore just appears to be dead for the time being...at least according to some kids I know.
Dumbledore as a character is one of the constant disappointments of the series (I am not referring to volume 6 which I haven't yet read). He is almost omnipotent (as he clearly shows at the end of volume 5) but as a rule, whenever he is needed, he isn't there. Of course, the plot cannot solve this contradiction. If Dumbledore hadn't miraculously failed at several points, there would have been no story. So the author must force him to act overtly stupid, which is not nice.
"By now, anyone who cares about spoliers would have read the thing."
Perhaps in Professor Lupin's case, we should add another authentication factor, namely "Something you can do." I would assume that once Lupin turned into a werewolf, because of the paws he'd have trouble providing his login creds via keyboard...
"One, this means that you're dead if you're outnumbered. All it would take it two synchronized wizards, both of much lower power level, to defeat a powerful wizard."
We saw in book five that Dumbledore took out 5 people (the Minister, Umbridge, Percy and two Aurors) with a single jinx - outnumbering a great wizard is not enough.
"And two, it means that you're dead if you're taking by surprise or distracted."
That's true - unless you take some precautions (powerful shield charms, etc.). But I think this happens in the muggle world as well - I seem to remember a greco-roman style wrestling europian championship final, where the two opponents shook hand at the start of the match, then one of them pulled the other's hand, brought him to the floor and scored a point which meant that in the end he won the final...
Blindly trusting something that has come from a so called trusted person is obviously a big security hole that can be exploited. And in this case it was exploited.
However I think you forgot 1 very crucial thing about the powerful-wizard-and-their-wands stuff. Dumbledore was in very bad shape when he was attacked and this will have allowed even a wizard with much less power to overpower him. In trying to retrieve Slytherin's locket from the cave he had drunk a lot of something poisonous and this would have dimished his power manyfold.
Although Rowling writes for children, is read by adults, and is very successful at churning out commercially successful low-denominator fiction, it is important to realize that the simplistic story betrays how people tend to think about security. Experts in the field may and do cringe at the "security" in the story, and they should. However, Rowling isn't writing fiction while attempting to accurately portray the psychology, technology (include "magic" within the bounds of technology), and other aspects of her characters as if they existed in the (or "a") real world. These wizards aren't brilliant minds in Rowlings stories... they have normal minds. They may, arguably, even be a bit stupid. They are the kinds of people who use IT networks and other technology in the real world, and they are very easy to exploit: they open the email promising pictures of Anna Kournikova; they leave their passwords on post-its because they trust their coworkers; they leave their SecureID keyfobs, passports, and VISA statements lying around the house; they leave their car running while plugging money into the parking ticket machine.
"The moral of the story is, inadequate security can be worse than no security at all."
There's an interesting story in today's BBC regarding this theory and the new ID card proposal:
"Dr Finch's research leads her to doubt that any scheme for national ID cards will work, even if it is backed up by biometric data such as eye scans - because the criminals will simply adapt their strategies to try to get around the hurdle.
'The more people rely on the production of a particular piece of identification to verify identity, the less vigilance people will exercise themselves - that's the problem. If there are ID cards we will trust them to be unassailable.'"
It is the sense of false hope/trust that seems to be the culprit, but it may as well be called "inadequate security".
About this being a way of teaching kids about security ...
As a former middle school teacher (teaching students and teachers about computers), I'm thinking two things at this point:
1) That, in fact, the children *are* poring over the book and dissecting its security weaknesses -- this is incredibly typical behavior. I suspect that, on the day the book came out, there were blogs and threads all over the young adult world that were discussing and debating these very points. The terminology likely wasn't as technical, but the concepts were likely as advanced.
2) Since security is a big issue that even non-blogging, non-Potter-reading children (and teachers) need to know, I'm hoping that someone turns some of these discussions into curricular material. It'd certainly be more likely to engage the students and teachers than some of the drivel that's produced ...
"Dumbledore as a character is one of the constant disappointments of the series (I am not referring to volume 6 which I haven't yet read). He is almost omnipotent (as he clearly shows at the end of volume 5) but as a rule, whenever he is needed, he isn't there. Of course, the plot cannot solve this contradiction. If Dumbledore hadn't miraculously failed at several points, there would have been no story. So the author must force him to act overtly stupid, which is not nice."
I do agree that Dumbledore has to "not be there" for reasons of plot and drama.
I don't find his character a "disappointment" though - I've never expected him to cause drama to be avoided, partly for this very reason :-)
Also I think Dumbledore's lack of omniscience is more often required rather than a lack of omnipotence, never mind stupidity.
One thing that is interesting to me though is how similar this is to Gandalf in the Tolkien stories. Dumbledore is obviously a literary descendent of Gandalf just as Gandalf is to Merlin, but even the plot-requirements have been carried over. The Hobbit is the most blatent in the wizard-must-not-be-there area, more so than the Harry Potter stories, although I suppose it can be justified in that the Hobbit is about an "adventure", not a crisis. But the Balrog in Lord of the Rings is only there to take Gandalf out for the same reason.
And Merlin has to get seduced my Nimue (in some versions as least) for similar reasons.
This hasn't got anything to do with security has it? Ho hum, I'll do better in my next post, I promise!
That's a nice point you make, Roberto. The Gandalf parallel is striking. However, the plot does make some effort to explain his absence (the Balrog and later the imprisonment). Also, the plot provides a plausible (albeit paradoxical) reason why Gandalf can't help the ring bearer directly - he is too powerful, so a Hobbit had to be selected. In the Harry Potter case, I think the plot is weak in cases when there is really no excuse for Dumbledore's mistakes - he should have known about the Basilisk, etc. But I admit, this is not about security...
There are a number of fantasy books where passwords are brute-forced, sometimes with side-channel attacks. Dunsany's The Charwoman's Shadow does this, for example.
in literature, taking the time to figure out the password is frequently foolish. can anybody tell me why the guy in "the da vinci code" just didn't put the cylinder in the freezer end-up, wait for the vinegar at the bottom to freeze, trapping the vial with the map in it, then take the top of the cylinder off with a saw? that's called thinking outside the cylinder.
There is a mis-interpretation in the post. In actual fact, the places are not whitelisted as trusted. The problem actually stems from the fact that a trusted party (student, teacher) was asked to bring in the packages as it was already mentionned concerning the Airport security.
The problem may actually extended from the individuals not knowning or not following a set of rules which had been given them! This brings to mind the problem of training people/users in how to best manage their own security and identify suspicious activities!!
Just to follow up on what a couple of people have already mentioned: in what way are the two attacks anything to do with whitelisting addresses?
Even in the few weeks since I read the book I'm sorry to say I've forgotten a few details, but certainly the necklace would have been stopped at the perimeter. As Brent and Thomas have said, this is more like the issues faced with an airport security system.
Can anyone explain what Karl Lembke meant in the original article?
There is a possibility, though not easy, for wizards with a lesser power level to become more powerfull. For this I quote an expert on the topic:
"It's an old magical principle -- it's even filtered down into RPG systems -- that magic, while taking a lot of effort, can be 'stored' -- in a staff, for example. No doubt a wizard spends a little time each day charging up his staff, although you go blind if you do it too much, of course."
-- (Terry Pratchett, alt.fan.pratchett)
What Bruce's blog is for security, is alt.fan.pratchett (or http://www.ie.lspace.org/books/pqf/... for topics on wizards and witches
"By now, anyone who cares about spoliers would have read the thing."
Probably true. And if they haven't and still read something titled "Hogwarts security" then they shouldn't really complain too much.
I just miss old-fashioned manners on the 'net.
As this is a security blog:
Good manners require consideration for others.
Consideration requires awareness of ones actions.
Awareness leads to better security.
Must Read! Required additional reading. . . http://www.kstreetfriend.blogspot.com
I write the following because Tom Birdsong, Assistant Managing Editor, Pittsburgh Post-Gazette, on Wednesday, November 9, 2005, said, “No one is going to write about your family’s plight.��? Thereafter, Mrs. Estelle B. Richman’s staff (Commonwealth of Pennsylvania‘s Secretary of Welfare) became very rude and indifferent to our emergency situation. In fact, Ms. Richman’s chief of staff, Linda Hicks no longer accepted our calls. Christian Bowser actually laughed about our situation. Inez Titus, became even more stubborn with her unlawful position. The Executive Director for Western Pennsylvania Department of Welfare, Tim Cornell (Mrs. Titus’ supervisor) has yet to return any of our calls.
Nonetheless, a man was shot to death in a cinema lobby shootout after watching gangsta rapper 50 cent’s movie “Get Rich or Die Tryin’,��? prompting the Loews Cineplex at the Waterfront in West Homestead (just east of Pittsburgh) to stop showing the film. I was there with my family (common-law wife and three minor children). That is, although determined eligible, my family has again been denied the Low Income Heating Assistance Program (“LIHEAP��?) federal entitlement for the fourth or fifth straight year. Without heat during the cold winter months a theater provides temporary shelter (allowing my family opportunity to give relatives “a break��? from our nightly sleep-overs).
What happened at the Waterfront? Shelton Flowers, 30, of Wilkinsburg, Pennsylvania, was shot three times and died later at a local hospital. Flowers had just watched the movie and got into a confrontation with three men in the bathroom. A fight ensued and spilled out into the concessions area, where Flowers was shot. Immediately, Loews Cineplex pulled the movie as a precaution. The R-rated movie is based on Curtis “50-cent��? Jackson’s own life which includes drug dealing, time in prison, and getting shot nine times. Paramount Pictures, a unit of Viacom, Inc., removed billboards for the movie near some inner-city schools after Los Angeles area community leaders complained last month.
Wilkinsburg, just east of Pittsburgh, is a town that was once synonymous with white supremacy. It is a town that had a mere 502 black residents in 1950 when its population hit 31,000, and only 224 more black residents 10 years later. But, over the next few decades, almost like a prophecy, the black population rose to 90 percent. That is, just a little more than 200 years ago Andrew Levi Levy, Sr. named the town “Africa.��?
The borough grew from Levy’s land and other plots (such as the curiously named “Pious Purchase,��? and others called Rippeyville, McNairsville and Sterrett Township). It was incorporated some 118 years ago and given the name Wilkinsburg after Judge William Wilkins, the Secretary of War under President John Tyler. Nonetheless, many of its current residents still believe Wilkinsburg is no different today than it was in the 1920's when hooded knights of the Ku Klux Klan cavorted. They say whites still control the town with black “puppet��? politicians.
While other cities the size of Pittsburgh has seen a steady growth in gun crime, our gun violence trajectory appears to have exploded. Community activists, politicians and crime experts all have brainstorm strategies for stemming violence. The residents here had hoped for a comprehensive plan of action that would have addressed part of the root causes that lead our neighbors to take up guns. But, the answer given is more of the same. The local politicians have taken a page from the George W. Bush handbook (Madison Avenue to sell our reputation).
We have our three rivers, a beautiful skyline, a romantic culture district, a few of the country’s best hospitals, excellent universities, and the like. But, there's never anything mentioned about our blighted downtown business district, the high unemployment rate of black males, increased gun violence, and the growth of conservative republican complacency.
It's no secret any more that economic conditions for blacks in Pittsburgh and its surrounding communities is precarious. Black residents rank low compared to the national average of income, employment, and education. We have chronic problems of gang and drug violence, family breakdowns, soaring incarceration rates for young black males, and abysmally failing public schools. Wilkinsburg residents are, in fact, the best example of the 13 percent of the United States’ (black) population still living chained in by a Bush presidency, with our eyes riveted on the wall of the white media (Madison Avenue) in front of us, where we see nothing but shadows made by powerless leaders hiding behind us.
We could debate endlessly the role of such squeamishness in concealing and exacerbating the problem with race relations in both Pittsburgh and Pennsylvania. We could also discuss the minor role played by gangsta rap music. But, what we should consider is how right-wing conservatives, such as Senator Rick Santorum, have convinced so many blacks that shadows from behind (self-indulgent grab for expensive cars, clothes and money of black republican conservatives living in our affluent North Hills neighborhoods) are reality.
Many of the black residents of Pittsburgh and the surrounding communities believe a lot of the Madison Avenue nonsense. They believe things that are just not true. And, the Republicans gets their strength from this.
The bottom line: The root cause of the shooting at the Loews Cineplex is the apparent political cleansing of true democrats from local politics. Gerrymandering and electoral manipulation (just plan “punk ass��? democrats) have left the city with zones of endemic poverty, an absence of social services, crumbling infrastructure, and appalling schools. After the radicalized poverty of black America was laid bare in the aftermath of Hurricane Katrina almost everyone expected some change from white America. But quickly the Bush administration and the Republican party have lapsed back into policies to further divide America.
In the 1990's white America built prisons to house the disproportionately black inmates it had planned to toss into jail (in the years that followed) to reassure the affluent majority it complacency with race issues. One of every eight black males between 25 and 29 years old is behind bars on any given day according to the Sentencing Project, a nonprofit group that seeks to reduce incarceration rates. If this rate continues, one of three black males born today will be imprisoned at some point in their lifetimes.
A local daily “conservative right��? newspaper, “The Pittsburgh Tribune Review��? recently feature an article written by Walter Williams, a professor of economics at George Mason University. In the article “Ammunition for Poverty Pimps��? Mr. William suggested the Census Bureau’s 2004 current Population Survey found two segments of the black community. One segment suffers only 9.9 percent poverty rate and another suffers 39.5. He surmised that one would be a lunatic if they believed white people practice discrimination. He concluded, among other things, that the only distinction between the two segments was marriage. Adding, “If today’s black family structure were what it was in 1960, the overall black poverty rate would be in or near single digits."
I guess Mr. Williams failed to consider the proof that demonstrates blacks are denied opportunities in forms of employment, education and even human treatment. For example, on October 18, I borrowed a little more than $50 to buy a bus ticket to travel halfway across the state for an oral test given by the Pennsylvania Civil Service Commission. I was well dressed in a dark business suit and could have been easily mistaken as a black republican conservative. However, while on the elevator headed for the floor for the testing, a white woman asked me if I was allowed on the floor where the testing was being held. She suggested that because I was black, "I had no business on their elevator." She ordered me off the elevator on a lower floor and said that she would have to call up stairs to let the staff know I was on my way.
Soon thereafter she was advised that I was scheduled for an oral test on the floor I was trying to get to. But, she still refused to compromise. She announced that I wasn't permitted to travel through their office without an escort. Interestingly, it was additionally odd that the State required a monitor to sit in with me during my testing.
Nonetheless, getting back to the LIHEAP issue, the federal entitlement program provides waivers and reduced heating rates to low-income households. It is a federal program that assists those who cannot pay their bills. Eligible households can receive assistance through a direct payment to energy vendors that supply their fuel, or through a crisis component during weather-related emergencies. To be eligible for the program, household income cannot exceed 135 percent of the federal poverty income guidelines: $12,920 for a one-person household; $17,321 for two persons; $21,722 for three persons; $26,123 for four persons; $30,524 for five persons. For larger households, the guidelines increase by $4,401 for each additional person. Homeowners, renters (including those whose rent includes heat), roomers and subsidized housing tenants may be eligible.
I have a good understanding of the program because I was previously employed by Allegheny County as a planner and wrote grant applications for the agency that implements the program. However, in 1989, I was fired in retaliation for organizing a union. The political sub-division said I was terminated for being tardy four times in a four-month period. The Pennsylvania Human Relations Commission ("PHRC") identified a white female working in the same office as having been tardy 71 times during the same time period and not disciplined. But, the PHRC ruled it was bad management and not discrimination.
Ever since my termination the political-subdivision has found some way to retaliate against my household, i.e., always reaches for any available loophole to frustrate the process and deny my family the federal entitlement. In the past, I have complained to the State, federal government (FBI), courts and media to no avail.
Consider this, when the aftermath of Hurricane Ivan passed through Western Pennsylvania in September 2004, the LIHEAP offered free water heaters and furnaces. Income restrictions were waived allowing the affluent to participate. My family was denied relief because the deed to our house is recorded in our minor son’s name. But, LIHEAP allows renters and other non-homeowners to participate.
The current issue involves Duquense Light Company’s termination of our electric service immediately following the close of last year’s LIHEAP program (March 31, 2005). Although they already had $371 as a security deposit the utility company terminated service and demanded $866.01. And, despite the fact that we didn’t have any electrical service, the next month we received an unexplained bill for almost twice the amount actually due: $1,646.17. Because we are current living on “food stamps��? we were forced to go without electric until the start of the 2005-2006 LIHEAP program.
As a “food stamp��? participant we received our LIHEAP application early and returned it weeks before the November 7 start. In fact, as we do each year, we contacted Mr. Cornell’s office to advise him of our situation (requested that he process our application to allow the electrical service to be restored on November 7 without a 72-hour wait). Mr. Cornell didn’t respond.
Mrs. Titus, Mr. Cornell's assistant did call on November 7, just before the closing (3:00 p.m.) of her office. She advised our application would be denied - "Duquense Light now demanded $2,600.��? To memorialize the outrageous response I requested permission from Mrs. Titus to allow a "three-way" connection with the local media Channel 4). I called Channel 4 because I was given its “gold medal��? for outstanding community service in 1989. However, during the three-way conversation Ms. Titus refused to acknowledge her previous position (Duquense Light demand of $2,600). She would only say our family was being denied the federal entitlement. Immediately, I voiced a complaint to Mr. Cornell’s secretary. She suggested that I call Harrisburg (Department of Welfare’s main office). She provided me the number.
Precious Perry answered the Secretary of Welfare’s telephone. She transferred me to Ms. Richman’s chief of staff (Linda Hicks). Mrs. Hicks promised to have Christian Bowser call before five p.m.. But, it never happened. At 9:00 a.m. the next morning (November 8), I called Mr. Cornell’s office and left another message requesting a return call. I also called Mrs. Hicks again and questioned why Mrs. Bowser never called.
This time, Mrs. Hicks promised to have Ms. Bowser call before 11 a.m.. Mrs. Hicks asked us to “call back if Mrs. Bowser failed to call.��? It never happened.
I did call Ms. Hicks at 12:00 noon but she rushed me off the phone. She gave me Mrs. Bowser’s telephone number and requested that I call her directly. I called the number but got Mrs. Bowser’s voice mail. I left a message explaining the situation. Mrs. Bowser never called back.
On November 9, 2005, I called Mrs. Hicks again to advise Mrs. Bowser' failure to call. But, Mrs. Hicks quickly rushed me off the phone again. She said that she would no longer address the issue. She said “communicate with Ms. Bowser from that point.��?
Thereafter, I called Mrs. Bowser’s and spoke with her secretary. I left another message. Even more frustrated now, I called the Pittsburgh Post-Gazette. I spoke with Mr. Tom Birdsong. I advised him of our situation and asked if he would investigate the issue in a “confidential��? manner. He said that he would forward the information to Larry Walsh. I informed him that in the previous years I have communicated with Mr. Walsh but nothing was done. I even told Mr. Birdsong that I once connected a Post-Gazette columnist, Tony Norman, and allowed him to participated with a three-way telephone call (allowed him opportunity to monitor a call to prove how rude the LIHEAP program staff was acting). Mr. Birdsong said he would have Mr. Walsh call.
At approximately 4:00 p.m., I was finally able to get Mrs. Bowser on the telephone. She laughed at our situation!
After laughing, Mrs. Bowser would only reiterated Mrs. Titus position, “Duquense Light can demand funds that are not owed.��? She added, “Mrs. Titus’ position is final.��? She said she would have Mrs. Titus send us a rejection letter.
Immediately, I called Mr. Birdsong. But, he became rude. The conversation concluded with Mr. Birdsong saying “No one is going to write about your family’s plight.��?
50 cents, during an interview on ABC’s “The View,��? said he was saddened by the fatal shooting: “I feel for the victim’s family in this situation.��? He added, “But you know, these weren’t kids. This was a 30-year-old man (who) had a dispute with three other guys.��?
I’m older than 30. But, what is rage? How come I’m able to control my anger? Would I have controlled my anger if one of my family members was hit by a stray bullet during the shootout?
All of this just makes me think that it's about time a wizard thought of using a wand with a wrist-strap.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.