Latest Essays
Page 65
An Easy Path for Terrorists
If you fly out of Logan Airport and don’t want to take off your shoes for the security screeners and get your bags opened up, pay attention. The US government is testing its “Trusted Traveler” program, and Logan is the fourth test airport. Currently, only American Airlines frequent fliers are eligible, but if all goes well the program will be opened up to more people and more airports.
Participants provide their name, address, phone number, and birth date, a set of fingerprints, and a retinal scan. That information is matched against law enforcement and intelligence databases. If the applicant is not on any terrorist watch list and is otherwise an upstanding citizen, he gets a card that allows him access to a special security lane. The lane doesn’t bypass the metal detector or X-ray machine for carry-on bags, but it bypasses more intensive secondary screening unless there’s an alarm of some kind…
Cryptanalysis of MD5 and SHA: Time for a New Standard
At the Crypto 2004 conference in Santa Barbara, Calif., this week, researchers announced several weaknesses in common hash functions. These results, while mathematically significant, aren’t cause for alarm. But even so, it’s probably time for the cryptography community to get together and create a new hash standard.
One-way hash functions are a cryptographic construct used in many applications. They are used with public-key algorithms for both encryption and digital signatures. They are used in integrity checking. They are used in authentication. They have all sorts of applications in a great many different protocols. Much more than encryption algorithms, one-way hash functions are the workhorses of modern cryptography…
BOB on Board
Last Tuesday’s bomb scare contains valuable security lessons, both good and bad, about how to achieve security in these dangerous times.
Ninety minutes after taking off from Sydney Airport, a flight attendant on a United Airlines flight bound for Los Angeles found an airsickness bag—presumably unused—in a lavatory with the letters “BOB” written on it.
The flight attendant decided that the letters stood for “Bomb On Board” and immediately alerted the captain, who decided the risk was serious enough to turn the plane around and land back in Sydney…
Security, Houston-Style
Want to help fight terrorism? Want to be able to stop and detain suspicious characters? Or do you just want to ride your horse on ten miles of trails normally closed to the public? Then you might want to join the George Bush Intercontinental (IAH) Airport Rangers program. That’s right. Just fill out a form and undergo a background check, and you too can become a front-line fighter as Houston’s airport tries to keep the US of A safe and secure. No experience necessary. You don’t even have to be a US citizen.
No; it’s not a joke. The Airport Rangers program is intended to promote both security and community participation, according to the official description. It’s a volunteer mounted patrol that rides horses along the pristine wooded trails that form the perimeter of the 11,000-acre airport…
US-VISIT Is No Bargain
In the wake of the U.S. Department of Homeland Security’s awarding of its largest contract, for a system to fingerprint and to keep tabs on foreign visitors in the United States, it makes sense to evaluate our country’s response to terrorism. Are we getting good value for all the money that we’re spending?
US-VISIT is a government program to help identify the 23 million foreigners who visit the United States every year. It includes capturing fingerprints and taking photographs of all the visitors and building a database to store all this data. Citizens of 27 countries, mostly in Europe, who don’t need a visa to enter the United States are exempt. And visitors from those countries are expected to have passports with biometric data encoded on them in a few years…
Security and Compliance
View or Download in PDF Format
It’s been said that all business-to-business sales are motivated by either fear or greed. Traditionally, security products and services have been a fear sell: fear of burglars, murders, kidnappers, and—more recently—hackers. Despite repeated attempts by the computer security industry to position itself as a greed sell—”better Internet security will make your company more profitable because you can better manage your risks”—fear remains the primary motivator for the purchase of network security products and services…
Insider Risks in Elections
Many discussions of voting systems and their relative integrity have been primarily technical, focusing on the difficulty of attacks and defenses. This is only half of the equation: it’s not enough to know how much it might cost to rig an election by attacking voting systems; we also need to know how much it would be worth to do so. Our illustrative example uses the most recent available U.S. data, but is otherwise is not intended to be specific to any particular political party.
In order to gain a clear majority of the House in 2002, Democrats would have needed to win 13 seats that went to Republicans. According to Associated Press voting data, Democrats could have added 13 seats by swinging 49,469 votes. This corresponds to changing just over 1% of the 4,310,198 votes in these races and under 1/1000 of the 70 million votes cast in contested House races. The Senate was even closer: switching 20,703 votes in Missouri and New Hampshire would have provided Democrats with the necessary two seats…
Voting Security and Technology
View or Download in PDF Format
Voting seems like the perfect application for technology, but actually applying it is harder than it first appears. To ensure that voters can vote honestly, they need anonymity, which requires a secret ballot. Through the centuries, different civilizations have done their best with the available technologies. Stones and pottery shards dropped in Greek vases led to paper ballots dropped in sealed boxes. Mechanical voting booths and punch cards replaced paper ballots for faster counting. Now, new computerized voting machines promise even more efficiency, and remote Internet voting promises even more convenience…
Unchecked Police And Military Power Is A Security Threat
As the U.S. Supreme Court decides three legal challenges to the Bush administration’s legal maneuverings against terrorism, it is important to keep in mind how critical these cases are to our nation’s security. Security is multifaceted; there are many threats from many different directions. It includes the security of people against terrorism, and also the security of people against tyrannical government.
The three challenges are all similar, but vary slightly. In one case, the families of 12 Kuwaiti and two Australian men imprisoned in Guantanamo Bay argue that their detention is an illegal one under U.S. law. In the other two cases, lawyers argue whether U.S. citizens—one captured in the United States and the other in Afghanistan—can be detained indefinitely without charge, trial or access to an attorney…
Sidebar photo of Bruce Schneier by Joe MacInnis.