A Tax on the Honest
HOW useful are ID checks in large office buildings? Is it safe to use a credit card online? Can face-scanning systems make airports safer? Not very, yes, and no, says Bruce Schneier in “Beyond Fear”, the latest of several books on security to have appeared since September 11th 2001.
Mr. Schneier, however, comes at these questions from an unusual and informative perspective. He is one of the world’s leading experts on computer security, and arguably the most articulate. For years, he has explained the ins and outs of his field by drawing analogies with real-world security. In his new book, he turns this approach on its head, using his analytical skills, honed in the field of computer security, to evaluate the other security measures that are now so common.
Mr. Schneier boils down his knowledge into a five-step process for determining whether the benefits of a particular security measure outweigh the drawbacks. He then applies this process to a range of examples, starting with the mundane—whether you should wear a money-belt while on holiday, or install a burglar alarm in your home—and eventually culminating with an analysis of the security measures introduced in the name of fighting terrorism. Security, he observes, is a tax on the honest. With America’s security budget estimated at $34 billion this year, he notes, “we’re being asked to pay a lot for security, and not just in dollars. I’d like to see us get our money’s worth.”
Many of the measures introduced and proposed in the past two years fail Mr. Schneier’s tests. Checking IDs in large office buildings means little, because fake IDs can easily be obtained by under-aged drinkers, let alone by evil-doers. Moreover, the need to check IDs may prevent security guards from noticing other activities, and the whole process may lead to a false sense of security, thus making things worse, not better. National ID cards would cost a lot and provide only minimal benefit. Face-recognition systems in airports are hopeless for spotting suspects, for even if they are 99.9% accurate and clear pictures of suspects are readily available, the scarcity of suspects relative to honest travelers means such systems would be swamped by false alarms. And the Department of Homeland Security’s color-coded threat alerts, in their current form at least, are a waste of time.
But Mr. Schneier’s book is no anti-authoritarian tract. He is simply calling for sensible security. (He approves of reinforcement of aircraft doors, for example, though not of routinely arming pilots.) Nor, despite its subject matter, is this a gloomy book. It is often surprisingly entertaining, with its many examples of security systems, both good and bad, drawn from the natural world, military history and other fields.
Many examples and the themes they illustrate will be familiar to readers of Mr. Schneier’s previous computer-security books, who may find this work somewhat repetitive, but they are not its intended audience. Mr. Schneier’s aim is to demystify security for a general readership and provide the tools to evaluate and challenge badly designed and pointless security measures. With security an increasingly obtrusive part of everyday life, “Beyond Fear” deserves to be widely read.