Latest Essays
Page 66
Unchecked Police And Military Power Is A Security Threat
As the U.S. Supreme Court decides three legal challenges to the Bush administration’s legal maneuverings against terrorism, it is important to keep in mind how critical these cases are to our nation’s security. Security is multifaceted; there are many threats from many different directions. It includes the security of people against terrorism, and also the security of people against tyrannical government.
The three challenges are all similar, but vary slightly. In one case, the families of 12 Kuwaiti and two Australian men imprisoned in Guantanamo Bay argue that their detention is an illegal one under U.S. law. In the other two cases, lawyers argue whether U.S. citizens—one captured in the United States and the other in Afghanistan—can be detained indefinitely without charge, trial or access to an attorney…
CLEARly Muddying the Fight Against Terror
Danny Sigui lived in Rhode Island. After witnessing a murder, he called 911 and became a key witness in the trial. In the process, he unwittingly alerted officials of his immigration status. He was arrested, jailed and eventually deported.
In a misguided effort to combat terrorism, some members of Congress want to use the National Crime Information Center (NCIC) database to enforce federal civil immigration laws. The idea is that state and local police officers who check the NCIC database in routine situations, will be able to assist the federal government in enforcing our nation’s immigration laws…
The Witty Worm: A New Chapter in Malware
If press coverage is any guide, then the Witty worm wasn’t all that successful. Blaster, SQL Slammer, Nimda, even Sasser made bigger headlines. Witty infected only about 12,000 machines, almost none of them home users. It didn’t seem like a big deal.
But Witty was a big deal (see story). It represented some scary malware firsts and is likely a harbinger of worms to come. IT professionals need to understand Witty and what it did.
Witty was the first worm to target a particular set of security products—in this case Internet Security System’s BlackICE and RealSecure. It infected and destroyed only computers that had particular versions of this software running…
Microsoft's Actions Speak Louder Than Words
The security of your computer and network depends on two things: what you do to secure your computer and network, and what everyone else does to secure their computers and networks. It’s not enough for you to maintain a secure network. If other people don’t maintain their security, we’re all more vulnerable to attack. When many unsecure computers are connected to the Internet, worms spread faster and more extensively, distributed denial-of-service attacks are easier to launch, and spammers have more platforms from which to send e-mail. The more unsecure the average computer on the Internet is, the more unsecure your computer is…
Curb Electronic Surveillance Abuses
As technological monitoring grows more prevalent, court supervision is crucial
Years ago, surveillance meant trench-coated detectives following people down streets.
Today’s detectives are more likely to be sitting in front of a computer, and the surveillance is electronic. It’s cheaper, easier and safer. But it’s also much more prone to abuse. In the world of cheap and easy surveillance, a warrant provides citizens with vital security against a more powerful police.
Warrants are guaranteed by the Fourth Amendment and are required before the police can search your home or eavesdrop on your telephone calls. But what other forms of search and surveillance are covered by warrants is still unclear…
We Are All Security Customers
National security is a hot political topic right now, as both presidential candidates are asking us to decide which one of them is better fit to secure the country.
Many large and expensive government programs—the CAPPS II airline profiling system, the US-VISIT program that fingerprints foreigners entering our country, and the various data-mining programs in research and development—take as a given the need for more security.
At the end of 2005, when many provisions of the controversial Patriot Act expire, we will again be asked to sacrifice certain liberties for security, as many legislators seek to make those provisions permanent…
Terrorist Threats and Political Gains
Posturing, pontifications, and partisan politics aside, the one clear generalization that emerges from the 9/11 hearings is that information—timely, accurate, and free-flowing—is critical in our nation’s fight against terrorism. Our intelligence and law-enforcement agencies need this information to better defend our nation, and our citizens need this information to better debate massive financial expenditures for anti-terrorist measures, changes in law that aid law enforcement and diminish civil liberties, and the upcoming Presidential election…
Hacking the Business Climate for Network Security
Computer security is at a crossroads. It’s failing, regularly, and with increasingly serious results. CEOs are starting to notice. When they finally get fed up, they’ll demand improvements. (Either that or they’ll abandon the Internet, but I don’t believe that is a likely possibility.) And they’ll get the improvements they demand; corporate America can be an enormously powerful motivator once it gets going.
For this reason, I believe computer security will improve eventually. I don’t think the improvements will come in the short term, and I think that they will be met with considerable resistance. This is because the engine of improvement will be fueled by corporate boardrooms and not computer-science laboratories, and as such won’t have anything to do with technology. Real security improvement will only come through liability: holding software manufacturers accountable for the security and, more generally, the quality of their products. This is an enormous change, and one the computer industry is not going to accept without a fight…
A National ID Card Wouldn't Make Us Safer
This essay also appeared, in a slightly different form, in The Mercury News.
As a security technologist, I regularly encounter people who say the United States should adopt a national ID card. How could such a program not make us more secure, they ask?
The suggestion, when it’s made by a thoughtful civic-minded person like Nicholas Kristof (Star-Tribune, March 18), often takes on a tone that is regretful and ambivalent: Yes, indeed, the card would be a minor invasion of our privacy, and undoubtedly it would add to the growing list of interruptions and delays we encounter every day; but we live in dangerous times, we live in a new world … …
America's Flimsy Fortress
Every day, some 82,000 foreign visitors set foot in the US with a visa, and since early this year, most of them have been fingerprinted and photographed in the name of security. But despite the money spent, the inconveniences suffered, and the international ill will caused, these new measures, like most instituted in the wake of September 11, are mostly ineffectual.
Terrorist attacks are very rare. So rare, in fact, that the odds of being the victim of one in an industrialized country are almost nonexistent. And most attacks affect only a few people. The events of September 11 were a statistical anomaly. Even counting the toll they took, 2,978 people in the US died from terrorism in 2001. That same year, 157,400 Americans died of lung cancer, 42,116 in road accidents, and 3,454 from malnutrition…
Sidebar photo of Bruce Schneier by Joe MacInnis.