Schneier on Security
A blog covering security and security technology.
« Hacking Consumer Devices |
| Friday Squid Blogging: New Research in How Squids Change Color »
August 23, 2013
How Security Becomes Banal
Interesting paper: "The Banality of Security: The Curious Case of Surveillance Cameras," by Benjamin Goold, Ian Loader, and Angélica Thumala (full paper is behind a paywall).
Abstract: Why do certain security goods become banal (while others do not)? Under what conditions does banality occur and with what effects? In this paper, we answer these questions by examining the story of closed circuit television cameras (CCTV) in Britain. We consider the lessons to be learned from CCTV’s rapid -- but puzzling -- transformation from novelty to ubiquity, and what the banal properties of CCTV tell us about the social meanings of surveillance and security. We begin by revisiting and reinterpreting the historical process through which camera surveillance has diffused across the British landscape, focusing on the key developments that encoded CCTV in certain dominant meanings (around its effectiveness, for example) and pulled the cultural rug out from under alternative or oppositional discourses. Drawing upon interviews with those who produce and consume CCTV, we tease out and discuss the family of meanings that can lead one justifiably to describe CCTV as a banal good. We then examine some frontiers of this process and consider whether novel forms of camera surveillance (such as domestic CCTV systems) may press up against the limits of banality in ways that risk unsettling security practices whose social value and utility have come to be taken for granted. In conclusion, we reflect on some wider implications of banal security and its limits.
Posted on August 23, 2013 at 1:23 PM
• 13 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Since when is "banal" a technical term? Is there a well-defined Perceived Banality Index administered by ANSI? Is it perhaps internationalized by the well known Blasé subcommittee of the ITU? Inquiring minds want to know....
What I find most interesting about the CCTV invasion of the UK is the sheer number of cameras which have been deployed, and continue to do so despite multiple studies showing they are very ineffective at preventing crime. Cameras often do make prosecution easier, but that's about it. I've seen it in my own office -- people still did very dumb things, even in front of a very obvious camera.
One other interesting recent study of video cams is one of a city in California which equipped many (if not all?) of their officers with cameras which recorded all of their interactions with the public. Cops stopped using excessive force and complaints by citizens about misbehaving cops dropped dramatically.
I don't find the spread of CCTV to be surprising. First, who's going to risk reducing the cameras? All crime in the area is likely to be accompanied by commentary about the removal of CCTV cameras.
IIUC CCTV cameras tend to shift crime rather than reducing it (so I think there's evidence that they have an effect, just not quite the one we'd like), but for a local politician (who's presumably responsible for introducing them) that's fine: they can shift some crime to someone else's patch.
And that's without considering bribery (probably not involved, or at least insignificant), sponsorship and lobbying. Seems likely that vendors encourage setting up cameras in various ways, and it seems plausible (though I don't know) that local government can get funding from anti-terrorism budgets (so outside their normal budgets).
And (beyond cost) there's no particular disincentive. The public is OK with them; as with most things involving numbers and stuff, journalists seem uninterested though occasionally they'll excerpt press releases from universities about research on effectiveness and so on.
So overall, I don't see anything that's likely to change the situation.
What are the units?
Blasé Pascals, of course.
I watched a video from a camera in England that overlooked an ATM. The camera was mounted high to hinder vandalism. A robber took a woman's cash and could not be identified on video because he wore a baseball cap which was enough to obscure his face. Many of England's cameras suffer from bad placement. Most people in England got used to the nearly worthless cameras just as they got used to their nearly worthless police.
@ Bruce Stephens,
IIUC CCTV cameras tend to shift crime rather than reducing it (so I think there's evidence that they have an effect, just not quite the one we'd like)
It's a little bit more than just shifting crime.
What happened in the early days of CCTV was criminals carried on as before and many got quickly rounded up by the police hence much political back slapping, favourable news reports and studies etc etc.
However those criminals that did not get caught or had not received custodial sentance moved to were CCTV was not, which is the effect you are thinking of.
But... then the areas the criminals had moved to started getting CCTV, so some of the smarter criminals evolved their activities and went back to their original haunts.
CCTV became ever more present and thus "the knowledge" became known to all persistant street crime criminals.
The "evolving" ment criminals learning about the limitations of CCTV and how to use it to their advantage, hence knowing fast escape "out of sight" routes, knowing which way to face, outsized clothes, base ball caps, hoodies and swaping cloths with others in their gang to make identification difficult if not impossible when the police arived.
Whilst from the abstract Bruce has given you might equate "banal" with "ineffective" it would be missing the point.
CCTV is a static deterant with easily learnable failings, criminals are far from static and can learn quickly from their own and other criminals mistakes. Thus criminals have the advantage over many CCTV systems.
For CCTV to be effective then it needs to overcome it's failings. First of all CCTV needs to be constantly changing so criminals cannot learn blind points and escape routes. Secondly response times need to be very short such that criminals dont have the oportunity to disapear or change appearance. Both of these are known to work from high crime areas such as Oxford St in central London. However both involve significant increased spending in both technology and manpower so are unlikely to happen in most places. So the criminals unless they are stupid or insensible due to alcohol or drugs are going to win by being ever changing faster than the CCTV...
CCTV is but one tool in the toolbox with a very specific purpose and as many people know most tools have limitations. A hammer can put in nails and wedges, but it can not screw in screws, drill holes, cut wood or plane it smooth, this requires other tools. And to do most carpentary jobs you need several complementry tools to do all but the simplest of jobs.
Thus anyone thinking CCTV is the be all and end all of solutions says more for the limitations of the thinker than it does for the technology, but that's not unsurprising with politicians and those that feed of them.
@ Bill Pratt,
Kings and Dictators were known to behead people for word play as awfal as that :-)
And yes I'm jelous I did not think of it first :-(
I think that hiding an article like this behind a paywall (@ $25/day to look at it) says a lot about the intended audience as well as the unintended audience.
It's not that I mind paying for good writing (I have a shelf full of books on security), but I can't afford many $25 days and I really don't know how to judge articles well enough by the abstracts to prioritize them.
I was going to say that the units of banality are Alexanders (after Keith Alexander). Just as the Farad is too large a unit of capacitance for everyday use, and the Lenat is too large a unit of bogosity, the microAlexander is more commonly used in the field.
Can you stop posting links to papers behind paywalls? The only way to stop the practice is if doing so ensures that one's work gets shunned.
Why did CCTV get so popular ?
Quite an easy answer: very visual, relatively low cost, easy to implement, little expert knowledge required to operate, and in the case of the UK poorly controlled by law. If the first four conditions were met for encryption the same way they are for CCTV, everybody would be using it.
Mind you: the legal context varies from country to country. Over here, we have very strict privacy laws. The right to privacy is enshrined in Article 22 of our constitution, and elaborated upon in the December 1992 act on the protection of privacy with regards to the processing of personal data ( "Wet tot bescherming van de persoonlijke levensfeer ten opzichte van de verwerking van persoonsgegevens - December 8th, 1992"), and which was amended to comply with the European Data Protection Directive 95/46/EG. In addition CCTV is governed by the Surveilance Camera Installation and Usage Act of March 21st 2007 ("Wet tot regeling van de plaatsing en het gebruik van bewakingscamera's") as well as specific labour regulation about the use of CCTV on the shopfloor dating back to 1998.
In essence, neither authorities or corporations can just go about installing CCTV anywhere without first meeting very strict criteria and conditions. For private persons, the law is even more restrictive. Any data processing of the images obtained by CCTV is subject to the December 1992 act.
A quote from the 13 March 2013 "Information Technology and Cyber Operations" demonstrates what Bruce has been saying about the new feudalism:
"Companies that choose to use that service, they will have additional classified threat information."
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.