Latest Essays
Page 39
Economist Debates: Airport Security
These essays are part of a debate with Kip Hawley, the former Administrator of the TSA. For the full debate, see The Economist‘s website.
Opening Remarks
Let us start with the obvious: in the entire decade or so of airport security since the attacks on America on September 11th 2001, the Transportation Security Administration (TSA) has not foiled a single terrorist plot or caught a single terrorist. Its own “Top 10 Good Catches of 2011” does not have a single terrorist on the list. The “good catches” are forbidden items carried by mostly forgetful, and entirely innocent, people—the sorts of guns and knives that would have been just as easily caught by pre-9/11 screening procedures. Not that the TSA is expert at that; it regularly …
How Changing Technology Affects Security
View or Download in PDF Format
This essay was republished in Wired on February 24, 2014.
Security is a tradeoff, a balancing act between attacker and defender. Unfortunately, that balance is never static. Changes in technology affect both sides. Society uses new technologies to decrease what I call the scope of defection—what attackers can get away with—and attackers use new technologies to increase it. What’s interesting is the difference between how the two groups incorporate new technologies.
Changes in security systems can be slow. Society has to implement any new security technology as a group, which implies agreement and coordination and—in some instances—a lengthy bureaucratic procurement process. Meanwhile, an attacker can just use the new technology. For example, at the end of the horse-and-buggy era, it was easier for a bank robber to use his new motorcar as a getaway vehicle than it was for a town’s police department to decide it needed a police car, get the budget to buy one, choose which one to buy, buy it, and then develop training and policies for it. And if only one police department did this, the bank robber could just move to another town. Defectors are more agile and adaptable, making them much better at being early adopters of new technology…
High-Tech Cheats in a World of Trust
I CAN put my cash card into an ATM anywhere in the world and take out a fistful of local currency, while the corresponding amount is debited from my bank account at home. I don’t even think twice: regardless of the country, I trust that the system will work.
The whole world runs on trust. We trust that people on the street won’t rob us, that the bank we deposited money in last month returns it this month, that the justice system punishes the guilty and exonerates the innocent. We trust the food we buy won’t poison us, and the people we let in to fix our boiler won’t murder us…
The Big Idea: Bruce Schneier
My big idea is a big question. Every cooperative system contains parasites. How do we ensure that society’s parasites don’t destroy society’s systems?
It’s all about trust, really. Not the intimate trust we have in our close friends and relatives, but the more impersonal trust we have in the various people and systems we interact with in society. I trust airline pilots, hotel clerks, ATMs, restaurant kitchens, and the company that built the computer I’m writing this short essay on. I trust that they have acted and will act in the ways I expect them to. This type of trust is more a matter of consistency or predictability than of intimacy…
Empathy and Security
View or Download in PDF Format
Several independent streams of research seem to have converged on the role of empathy in security. Understanding how empathy works and fails—and how it can be harnessed—could be important as we develop security systems that protect people over computer networks.
Mirror neurons are part of a recently discovered brain system that activates both when an individual does something and when that individual observes someone else doing the same thing. They’re what allow us to “mirror” the behaviors of others, and they seem to play a major role in language acquisition, theory of mind, and empathy…
Detecting Cheaters
Our brains are specially designed to deal with cheating in social exchanges. The evolutionary psychology explanation is that we evolved brain heuristics for the social problems that our prehistoric ancestors had to deal with. Once humans became good at cheating, they then had to become good at detecting cheating—otherwise, the social group would fall apart.
Perhaps the most vivid demonstration of this can be seen with variations on what’s known as the Wason selection task, named after the psychologist who first studied it. Back in the 1960s, it was a test of logical reasoning; today, it’s used more as a demonstration of evolutionary psychology. But before we get to the experiment, let’s get into the mathematical background…
Why Terror Alert Codes Never Made Sense
The Department of Homeland Security is getting rid of the color-coded threat level system. It was introduced after 9/11, and was supposed to tell you how likely a terrorist attack might be. Except that it never did.
Attacks happened more often when the level was yellow (“significant risk”) than when it was orange (“high risk”). And the one time it was red (“severe risk”), nothing happened. It’s never been blue or green, the two least dangerous levels.
The system has been at yellow for the past four years, and before then the changes seemed more timed to political events than actual terrorist threats. Not that any of this matters. We all ignored the levels because they didn’t tell us anything useful…
Schneier-Ranum Face-Off on Whitelisting and Blacklisting
This essay appeared as the second half of a point/counterpoint with Marcus Ranum.
The whitelist/blacklist debate is far older than computers, and it’s instructive to recall what works where. Physical security works generally on a whitelist model: if you have a key, you can open the door; if you know the combination, you can open the lock. We do it this way not because it’s easier—although it is generally much easier to make a list of people who should be allowed through your office door than a list of people who shouldn’t—but because it’s a security system that can be implemented automatically, without people…
It Will Soon Be Too Late to Stop the Cyberwars
The world is gearing up for cyberwar. The US Cyber Command became operational in November. Nato has enshrined cyber security among its new strategic priorities. The head of Britain’s armed forces said recently that boosting cyber capability is now a huge priority for the UK. And we know China is already engaged in broad cyber espionage attacks against the west. So how can we control a burgeoning cyber arms race?
We may already have seen early versions of cyberwars in Estonia and Georgia, possibly perpetrated by Russia. It’s hard to know for certain, not only because such attacks are often impossible to trace, but because we have no clear definitions of what a cyberwar actually is…
Why the TSA Can't Back Down
Organizers of National Opt Out Day, the Wednesday before Thanksgiving when air travelers were urged to opt out of the full-body scanners at security checkpoints and instead submit to full-body patdowns—were outfoxed by the TSA. The government pre-empted the protest by turning off the machines in most airports during the Thanksgiving weekend. Everyone went through the metal detectors, just as before.
Now that Thanksgiving is over, the machines are back on and the “enhanced” pat-downs have resumed. I suspect that more people would prefer to have naked images of themselves seen by TSA agents in another room, than have themselves intimately touched by a TSA agent right in front of them…
Sidebar photo of Bruce Schneier by Joe MacInnis.