Schneier on Security

Las Vegas

Bruce Schneier ordered a Coke, no ice, at the Rio casino on a Saturday afternoon. I ordered Diet Coke, also no ice, and handed the bartender an American Express card. He said he needed to see proof of identity. Credit cards are often stolen around here, and eight casino workers had recently been fired for not demanding ID, he quietly explained. The bartender wanted to keep his job.

Mr. Schneier, 49, is a student of interactions like this, offline and on. He is a cryptographer, blogger and iconoclast in the world of computer security, and his latest subject of inquiry is trust: how it is cultivated, destroyed and tweaked in the digital age…

Excerpt

Over the years, Mr. Schneier has been a tough critic of the security agency, though he credits Mr. Hawley for “doing the best job he could with the bad hand he was dealt.” By that, he says he means that the agency operates under mandates from Congress and elsewhere that resulted in a vast, expensive bureaucracy.

The agency, he argues, is required to spend less effort than it should on sophisticated intelligence-gathering and more than it should on deeply flawed procedures, like depending on travel documents that can be easily counterfeited, or fishing in passengers’ bags for contraband screwdrivers and prohibited items like jars of spaghetti sauce that exceed three ounces…

To paraphrase a classic line from Lily Tomlin, I worry that the person who thought up the rules for carrying liquids and gels on airplanes last year is busy thinking up something new this year.

The thought arises partly because of a scene just after Christmas at an airport security checkpoint, where a half-dozen festive snow globes—like the ones with Frosty the Snowman in a liquid-filled glass globe that simulates snowfall when you shake it—were lined up on a counter.

Wasn’t that nice! The Transportation Security Administration had decorated the checkpoint! But as it turned out, Frosty and his co-conspirators had actually been busted—confiscated from passengers’ carry-on bags pursuant to the following notification by the security administration:…

FOR theater on a grand scale, you can’t do better than the audience-participation dramas performed at airports, under the direction of the Transportation Security Administration.

As passengers, we tender our boarding passes and IDs when asked. We stand in lines. We empty pockets. We take off shoes. We do whatever is asked of us in these mass rites of purification. We play our assigned parts, comforted in the belief that only those whose motives are good and true will be permitted to pass through.

Of course, we never see the actual heart of the security system: the government’s computerized no-fly list, to which our names are compared when we check in for departure. The T.S.A. is much more talented, however, in the theater arts than in the design of secure systems. This becomes all too clear when we see that the agency’s security procedures are unable to withstand the playful testing of a bored computer-science student…

Excerpt

A team of well-known computer security experts will announce on Thursday that they have cracked a key part of the electronic code meant to protect the privacy of calls made with the new, digital generation of cellular telephones.

…

These technologists, who planned to release their findings in a news
release on Thursday, argue that the best way to insure that the strongest
security codes are developed is to conduct the work in a public forum. And
so they are sharply critical of the current industry standard setting
process, which has made a trade secret of the underlying mathematical…