Schneier on Security
A blog covering security and security technology.
« File Deletion |
| Refuse to be Terrorized »
September 11, 2009
Eighth Anniversary of 9/11
On September 30, 2001, I published a special issue of Crypto-Gram discussing the terrorist attacks. I wrote about the novelty of the attacks, airplane security, diagnosing intelligence failures, the potential of regulating cryptography -- because it could be used by the terrorists -- and protecting privacy and liberty. Much of what I wrote is still relevant today:
Appalled by the recent hijackings, many Americans have declared themselves willing to give up civil liberties in the name of security. They've declared it so loudly that this trade-off seems to be a fait accompli. Article after article talks about the balance between privacy and security, discussing whether various increases of security are worth the privacy and civil-liberty losses. Rarely do I see a discussion about whether this linkage is a valid one.
Security and privacy are not two sides of a teeter-totter. This association is simplistic and largely fallacious. It's easy and fast, but less effective, to increase security by taking away liberty. However, the best ways to increase security are not at the expense of privacy and liberty.
It's easy to refute the notion that all security comes at the expense of liberty. Arming pilots, reinforcing cockpit doors, and teaching flight attendants karate are all examples of security measures that have no effect on individual privacy or liberties. So are better authentication of airport maintenance workers, or dead-man switches that force planes to automatically land at the closest airport, or armed air marshals traveling on flights.
Liberty-depriving security measures are most often found when system designers failed to take security into account from the beginning. They're Band-aids, and evidence of bad security planning. When security is designed into a system, it can work without forcing people to give up their freedoms.
There are copycat criminals and terrorists, who do what they've seen done before. To a large extent, this is what the hastily implemented security measures have tried to prevent. And there are the clever attackers, who invent new ways to attack people. This is what we saw on September 11. It's expensive, but we can build security to protect against yesterday's attacks. But we can't guarantee protection against tomorrow's attacks: the hacker attack that hasn't been invented, or the terrorist attack yet to be conceived.
Demands for even more surveillance miss the point. The problem is not obtaining data, it's deciding which data is worth analyzing and then interpreting it. Everyone already leaves a wide audit trail as we go through life, and law enforcement can already access those records with search warrants. The FBI quickly pieced together the terrorists' identities and the last few months of their lives, once they knew where to look. If they had thrown up their hands and said that they couldn't figure out who did it or how, they might have a case for needing more surveillance data. But they didn't, and they don't.
More data can even be counterproductive. The NSA and the CIA have been criticized for relying too much on signals intelligence, and not enough on human intelligence. The East German police collected data on four million East Germans, roughly a quarter of their population. Yet they did not foresee the peaceful overthrow of the Communist government because they invested heavily in data collection instead of data interpretation. We need more intelligence agents squatting on the ground in the Middle East arguing the Koran, not sitting in Washington arguing about wiretapping laws.
People are willing to give up liberties for vague promises of security because they think they have no choice. What they're not being told is that they can have both. It would require people to say no to the FBI's power grab. It would require us to discard the easy answers in favor of thoughtful answers. It would require structuring incentives to improve overall security rather than simply decreasing its costs. Designing security into systems from the beginning, instead of tacking it on at the end, would give us the security we need, while preserving the civil liberties we hold dear.
Some broad surveillance, in limited circumstances, might be warranted as a temporary measure. But we need to be careful that it remain temporary, and that we do not design surveillance into our electronic infrastructure. Thomas Jefferson once said: "Eternal vigilance is the price of liberty." Historically, liberties have always been a casualty of war, but a temporary casualty. This war -- a war without a clear enemy or end condition -- has the potential to turn into a permanent state of society. We need to design our security accordingly.
Posted on September 11, 2009 at 6:26 AM
• 31 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
>>This war -- a war without a clear enemy or end condition
This is the problem with nearly every war that has been declared in this country in the last 40 years
@Dave: The wars against Iraq of 1991 and 2003 did have clear enemies and clear end conditions. In the first case, we were fighting Iraq to get the Iraqis out of Kuwait. In the second, we were fighting the Iraqis to overthrow Saddam Hussein.
The problem with the 2003 was is that we were in a considerably worse position afterward than before, unlike 1991. It was a great feat of US arms, and led to a real mess.
Even the 2003 war and aftermath were better than the typical War on [Abstract Noun] we've gotten. While the aftermath has spent lives and money, squandered international opinion, and led to neglect of the more important situation in Afghanistan, it didn't lead to destruction of civil rights in the US, and we have at least improved some things in Iraq.
Shortly after the 9/11 attacks, I wrote that the attacks had not particularly harmed the US, but that "Osama bin Laden has gotten our attention. Lucky him." I do wish more people had thought the way I did.
> The wars against Iraq of 1991 and 2003 did have clear enemies and clear end conditions.
Really? My understanding is that the end state for those was on the order of "defeat the bad guys." If anyone at an operational or tactical level wrote an OpOrd with that, they'd get it kicked back. Why strat-level orders get to be this vague I will never know.
It's arguable that if 9/11 hadn't happened NY and the USA would still be supporting the IRA and their bombing campaigns...
David Ray Griffin.
That's all I have to say.
@David: "Shortly after the 9/11 attacks, I wrote that the attacks had not particularly harmed the US, but that "Osama bin Laden has gotten our attention. Lucky him." I do wish more people had thought the way I did."
I can't imagine how he possibly could have not gotten our attention. I could just imagine the heaps of criticism if he didn't.
I think the point of the article is that privacy and security aren't mutually exclusive but neither do they have the tight linkages that are often attributed to them. There isn't a scale with privacy on one end and security on the other, where we can "crank the knob" and turn it towards one end or the other; sacrificing one for the other.
The amount of data being collected prior to the attack was already significant, and the example of the East German government shows us that a nation-state or other actor can consume vast amounts of data and violate civil liberties at every turn while they commit these acts and still completely fail. So what does that mean? Data, for data's sake, is relatively useless and needs correct interpretation on multiple levels in multiple applications. Instead of using applied interpretation, today we are reliant upon a "checkbox mindset", which has become part of the routine in our lives in order to provide a modicum of assurance and safety, without actually doing anything other than creating data-security issues, violations of privacy, and enforcing and justifying the existence of government in aspects of our lives to a level that was previously only written about in books like "1984".
With the proper amount of applied interpretation one can make a relatively correct assessment and determine where the gaps are in their data-sets and perform justified corrections. Without valid interpretation, we are left only with the idea of "more data = more security". Unfortunately, more data doesn't equal more security... it just means more cost.
Sometimes (arguably most of the time) that kind of cost can be counted in human impact.
@David: "Shortly after the 9/11 attacks, I wrote that the attacks had not particularly harmed the US, but that 'Osama bin Laden has gotten our attention. Lucky him.' I do wish more people had thought the way I did."
@HJohn: "I can't imagine how he possibly could have not gotten our attention. I could just imagine the heaps of criticism if he didn't."
Alas all of this "getting our attention" still hasn't fixed two of the broken systems that assisted his agents in bringing their tasks to completion in three cases and nearly so in the fourth: The USA Air Traffic Control System and the Aviation Radio Communication "Network." Both suffer terrible flaws that precipitate the conditions and enable the human mistakes which have led to horrible accidents in the past (Tenerife anyone?). A more modern ATC would have been able to notice (or for that matter have automatically notified someone) that several airliners had gone silent and had altered their flight paths without ATC approval.
Using SSB instead of AM has long been known to be the simplest (and cheapest) technical patch to improve the quality and reliability of Air-Air and Air-Ground communications. It was this unreliability that caused the failure of the air crews to properly communicate to be ignored as such failures are unbelievably common.
Both of these issues were discussed avidly in the days following the final successful WTC attack and yet both of these problems still go unremedied due to their lack of glamour and theatrical possibility.
@Pete Austin at September 11, 2009 10:50 AM
Another factor is whether you have leaders that respect liberties, privacy, and constitutional constraints on government power. Eight years ago we had leaders who did not respect any of that, and who eagerly exploited the gift Allah gave them as an opportunity to implement their ideological beliefs about executive power and the role of the United States in the world. Liberties, privacy, and constitutional constraints were impediments to that implementation, so they masterfully used the fear and terror of the attacks to eliminate as many of those impediments as possible, and to leave the country far less secure (and less free).
The sad part is that the lasting damage to our country from the 9/11 attacks wasn't inflicted by al-Qaeda, but by leaders who exploited the attacks to advance their ideology (and their donors). The lesson to be learned from 9/11 is to be just as vigilant about abuses and exploitation by our leaders as we are about the terrorist threat. But that doesn't seem to be a lesson many of us are interested in learning.
"This is the problem with nearly every war that has been declared in this country in the last 40 years"
This country has not declared war in the last 40 years.
"This country has not declared war in the last 40 years."
True there has been no formal decleration of war though that hasn't stopped various leaders in this country from publicly declaring war on various things.
@Another Dave: I'm not sure under what circumstances it's been legal to declare war since the UN charter was ratified (1948 or so?). Countries are supposed to give up the right to wage war unless the Security Council declares it, or they're attacked. I don't think this applies to assisting another country (the Vietnam War and 1991 invasion of Afghanistan were assisting what we recognized as legitimate national governments), but in none of those circumstances would an individual country declare war.
"This country has not declared war in the last 40 years."
War on Poverty (started by LBJ, 60's)
... and after decades of fighting, the problem has gotten worse
War on Cancer (started by Nixon, '71)
... perhaps the best in this list
War on Drugs (started by Nixon, 70's)
... this one actually involved the military -- see Operation Just Cause
War on Terror (coined by Bush, '01)
... Bush didn't exactly start this one, and '01 is just when we realized we were at war; Bush simply cobbled lots of unrelated efforts together for political reasons (one of which was to get Tony Blair's support, in exchange for our FBI putting the IRA on our top-ten list of terrorist groups)
"Using SSB instead of AM has long been known to be the simplest (and cheapest) technical patch to improve the quality and reliability of Air-Air and Air-Ground communications."
SSB or Single Side band (suppressed carrier) is a form of AM communication.
To generate (the old way) take a low level AM signal and supress the carrier and one sideband with a filter. You then use a linear amplifier to amplify it up to produce the output carrier.
In theory it is more efficient in terms of power in the intelegance part of the signal and occupies (slightly less than) half the bandwidth.
However the linear amplifier is usually very inefficient so the "DC in" power saving is marginal in low power systems.
The circuit complexity however is considerably higher than plain AM not just on the transmit side but the receive side as well. Receiving (the old way) requires the use of carrier re-insertion and then envelop detection. However the re-inserted carrier has to be within a few Hertz of the suppressed carrier frequency requiring high stability on the TX side and continuous manual tuning esspecialy at VHF and above (think Doppler effect).
In terms of reducing circuit complexity and improving reliability and efficiency FM or PM would be the chosen option. Also it does not (usually) require manual tuning to get reliable communications.
It is one of the reasons FM is used for PMR and VHF and above Marine communications (ship to ship and harbour).
It is only with the advent of fairly modern technology (since 1980's) that more complex bandwidth saving modulation systems have become a reasonable proposition in mobile equipment.
However the old AM system stays with us as a woefully out of date system simply due to to many vested interests.
That being said it's days are (surely) numbered in much the same way cellphones are replacing costal ship to shore. However the old dog just refuses to die...
"one of which was to get Tony Blair's support, in exchange for our FBI putting the IRA on our top-ten list of terrorist groups"
It was a little more complicated than that but this is probably not the place to talk it over as the Moderator will very likley decide it's "off topic" as it's "political ego" not security in nature.
I'll just note that the satirical name for Tony Blair changed from the "laughing japernaps" to "Bush's poddle" around the same time and Britain appeared to lose all credability with the rest of Europe.
I remember watching the TV footage of the events of 9/11 being broadcast on UK TV. The reaction here was a mixture of sorrow, outrage and confusion; how could this happen to the most powerful nation on Earth?
The events of that terrible day have been used to justify numerous actions of dubious value, many of which Bruce himself has commented on.
Despite the events of 9/11 I believe we should remember the following words attributed to Benjamin Franklin, 'They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety'
Interesting notes on radio design, if a bit oversimple (I'm an RF engineer). But I think the real point is that no radio works unless it's used...Any methodology or modulation type would work fine, given that there's plenty of electricity on a plane to do just about anything -- power is limited because of interference issues more than anything else. And it's hard to beat simple for reliability.
But you gotta pick up the phone to talk no matter what!
Perhaps some version of the little emergency alarm switch that triggers when a bank teller takes out the last pack of 20's would be a good idea here -- something that would transmit a message without the guy holding the weapon on you realizing what you'd just done. But even that would take a complex protocol to handle not shooting the plane down if it was accidentally triggered, hardware alone is never the answer to a complex social problem.
In the case of my first wife, who was at one point a bank teller, setting the thing off by accident sure made for an exciting day. But the cops who arrived pretty fast at least could discover it was an accident before anyone got hurt. In a plane/hostage situation, how to tell the pilot when contacted isn't just under duress and claiming to have hit the wrong button because he'll be killed if he says otherwise?
I find it funny (in a disgusting way) that the threat of immediate death motivates people when their death "soon" is certain anyway. Remember all those cowboy movies where people were tasked to dig their own graves? No way I'd do it and save my murderer the effort just to buy a few sweaty minutes for the cavalry to arrive -- it never does. Maybe that takes more guts than most have, but gee people, you don't have to be sheeple. Life doesn't work like the movies -- though most have forgotten that.
For that matter, don't pull a gun on someone who knows some martial arts, at close range, then talk about it, and expect to live through that one.
If I have nothing to lose, I become real dangerous, and so should everyone else. We'd be a lot safer if that were the case. It's our sheepiness that lets these guys pull this stuff off.
Ah... the Law Of Unintended Consequences.
The reason AM (A3A, I think) voice is still used for aviation communications is subtle, but important.
Unlike SSB or FM, because AM has a carrier, and because no two radios are ever *exactly* on the same frequency, when two people key up and talk at the same time, *you can tell*. A "double" generates a loud heterodyne squeal, so if a controller calls a plane, and 2 people answer him, he *knows* this, and can deal with it.
The "capture effect" of FM radio generally denies you this important piece of information.
This is one of those things that's often ignored by people "trying to replace the old system with a much better new one". Y'know: like replacing the PSTN (with one big centralized battery room to which you can apply generator backup) with a zillion little SLA batteries on FTTH terminals.
When you're going to make a change that big to a system that fundamental, you generally need about 12 or 15 people analyzing it not to miss stuff like that, and most such projects have one or two. IME.
"Unlike SSB or FM, because AM has a carrier, and because no two radios are ever *exactly* on the same frequency, when two people key up and talk at the same time, *you can tell*. A "double" generates a loud heterodyne squeal, so if a controller calls a plane, and 2 people answer him, he *knows* this, and can deal with it."
Hmm not quite correct SSB as I said earlier is an AM mode (and can be generated by combining an AM and PM signal so can be regarded as a composit of AM and FM).
Two SSB signals on channel will produce not just one but multiple hetrodynes due to the PM content. And thus importantly unlike AM both SSB signals will be unintelagable.
However due to envelope detection both AM signals add together and a "good ear" can hear both at the same time (sounds much like two people shouting in a corridor whilst another blows a whistle). This enables the controler to get the call sign of one and tell them to standby and then request the unknown caller to repeate their call sign.
Some AM receivers have an audio processor that detects the frequency of the main AM+AM hetrodyne in the audio band and drop a tuned notch on it to remove the whistle and thus improve the intelagability of both signals.
It is also possible using DSP techneiques and an IQ receiver to pull both AM signals out (dual synchrous detection) and put one in the comtrolers left ear and the other in the right ear. However I'm not aware of any comercial systems that do this.
@Baylink & @Clive Robinson
Are either of you radio operators? It sure looks like you aren't based on your comments. However, it is much more likely that you've never been gifted with the chace to hear four operators transmit SSB signals on top of each other--and quickly realize that while you may not be able to understand them all any better than you could if they were talking in your ear in a crowded room you can in fact hear all of them. No heterodyne squeal (and no DSP required either).
This is the phenomenon that "modes" such as PSK31 rely upon to multiplex many users successfully into an ~ 3KHz audio passband--and which leads SSB to be seen as many users as "more reliable."
It is also easy to compensate for doppler shift in the received signal--if the person on the other end sounds like Mickey Mouse then you need to yank on the "RIT" knob and move him back into the "middle" of your local passband. This can be annoying at first, but quickly becomes "automatic" behavior and can in fact be automated (yes somebody has already done this sort of thing).
Virtually all of the above is something that any pilot whom flies internationally already knows something about, as SSB is already often used for such communications (granted, at HF and not VHF--ACARS also uses SSB). The path length is not usually long enough for local air-air and air-ground communications for frequency "flutter" to be an issue, so you only have plain-old predictable doppler to worry about. As SSB communications is regularly used to/from space by HAMs (and probably also by NASA) at VHF/UHF without doppler being an unacceptable problem (+/- 7.5 KHz @ orbital speed of ~18,000 MPH at most) I can't see how aircraft moving at 400-700 kts would have a problem (+/- 330 Hz at the ground station). It just might sound like you're talking with Swamp Thing or Mikey Mouse until you swat the RIT--but it isn't unintelligible.
As for using FM/PM, you'd need at least 6dB more signal for reliable communications than AM, and 9+dB more than SSB (as it is more spectrally efficient than "raw" AM--not just in theory). So, while the hardware may be simpler at first look that isn't borne out by reality. For this to make sense you have to realize that SSB does not always disperse signal all over the passband--and is therefore typically more energy efficient. In addition, newer linear amplifiers aren't horribly inefficient anymore and are required for FM/PM anyway (unless you want to waste energy wiping out other users up and down the dial and having your plug pulled by the FCC).
So, cutting through all of the theory to "how does it really work" in the field removes all of the theatrics from the discussion.
As to the briefly mentioned trick of using both ears, it has long been known that if you introduce phase lag dependent on frequency to a pair of headphones (and some invert the polarity of one relative to the other) you can then perceive the different signals to be in different relative positions in space based on where they are in your passband when using SSB. I don't know of anybody using this sort of thing for AM as it would require information not in the demodulated audio, but with that information it would very well be possible.
It's true US is a Giant nation in innovation and use of technology. But an important Point that very few people understand is that the Human spirit is more powerful than any technology no matter how it is advanced or secure.
The western Mind in these modern times is becoming obsessed by the concept of "security". I really can't understand one dilemma : as far as the technology gets complex and advanced, the human relying on this technology start getting more and more coward !
The US army is spending now more money on the air-jets without pilot to track and assassinate the fighters in Afghanistan and elsewhere in the middle east. one decade ago they were climbing their air jets to bomb poor innocent people ; but today they prefer use their "technology" to send the air jets robots do the Killing for them.
I tell you there is no escape. You will spend more and more money on your technology , but remember that the Human spirit will always win over machines.
yes you have an interesting technology , but don't try to buy too much with it today. Your technology like your Glory is NOT permanent.
To paraphrase Mr. Schneier.
Has security theater made us any safer?
Another side of the security theater factor has been the domestic surveillance of people targeted without any judicial review. US citizens under surveillance through the misuse of the Patriot Act. DOJ funded observers are paid to watch citizens, citizens watching citizens without police/FBI supervision. How's that for a recipe for vigilante soup?
It is a disgrace that there is no way for US citizens to report Patriot Act abuses, that in itself is telling. Are we any safer having nuns, peace activists, and others in terror databases having the minutiae of their lives itemized by other citizens with quasi police powers? Citizens forming security perimeters around other citizens in church, on playgrounds, at sporting events because someone targeted a person as a terrorist? I am sorry to say that my beautiful country the USA is already a quasi police state, and it isn't the police running the show, its a contractor with the DOJ that is supposed to be "self policing". The unintended consequences of 9/11 are frightening for the future of liberty in our country.
Bruce, I respect your technical insght and loved your book Beyond Fear, but I believe you totally missed on the nature of the 9/11 attacks. Hydrocarbon fire does not come close to melting steel yet the WTC basements contained molten steel for many days, no steel framed building ever collapsed due to fire before 9/11, many witnesses heard huge explosions at the base of the buildings prior to the collapse onset, the building collapses were rapid onset and they came down at near free fall speed, thermite-laden iron particles were found all over the site, WTC7 was not even damaged by planes.
As an engineer my gut told me "no way" when I saw both towers collapse that day - and the official story that you seem to accept, still while saying this "seemed to be beyond the capabilities of a terrorist group", is so full of holes that it cries out for a truly independent investigation. I recommend you take a look at The Architects & Engineers for 9/11 Truth web site at http://www.ae911truth.org/
The evidence points to the 3 WTC buildings being a controlled demolition carried out with pre-planning and technical sophistication. The planes were just a "front-door" diversion and cover. The real attack was back-door. I'd love to see you turn your formidable analytical skills to an updated review of the 9/11 attacks, even though the logical conclusion I've reached after doing so puts a knot in my stomach.
Jay Marchetti: "no steel framed building ever collapsed due to fire before 9/11"
Possibly true but very few buildings have had huge commercial airplanes flewn into them (airplane fuel burns very hot).
There were no commercial planes on 9-11. After 8 years...not one single piece of debris from ANY of the 4 planes from ANY of the 4 locations on 9-11 has EVER been tested, inspected, analyzed, or verified in ANY way by ANYONE (FOIA requests FBI 2008).
There were no commercial planes on 9-11. The entire never ending global US war on terror which has cost trillions and kill millions...is based on a massive fraud and lie....which was brought to you by the same people who brought you the WMD's in Iraq.
There were no commercial plane crashes on 9-11. After 8 years...not one single piece of verifiable debris from any of the 4 planes from any of the 4 locations on 9-11 has ever been physically verified in any way by anyone. Witnesses, video, film, or photos have NEVER in aviation history physically verified a plane or plane crash....only wreckage does. Each plane had over 2 million time-stamped parts that could immediately ID it anywhere in the world. Not one single piece has ever been found.
There were no commercial plane crashes on 9-11. The never ending global US war on terror is a murderous fraud for the ability to borrow trillions and kill millions in a war without end.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..