Entries Tagged "borders"

Page 5 of 9

How Well "See Something, Say Something" Actually Works

I’ve written about the “War on the Unexpected,” and how normal people can’t figure out what’s an actual threat and what isn’t:

All they know is that something makes them uneasy, usually based on fear, media hype, or just something being different.

[…]

If you ask amateurs to act as front-line security personnel, you shouldn’t be surprised when you get amateur security.

Yesterday The New York Times wrote about New York City’s campaign:

Now, an overview of police data relating to calls to the hot line over the past two years reveals the answer and provides a unique snapshot of post-9/11 New York, part paranoia and part well-founded caution. Indeed, no terrorists were arrested, but a wide spectrum of other activity was reported.

[…]

In all, the hot line received 8,999 calls in 2006, including calls that were transferred from 911 and the 311 help line, Mr. Browne said. They included a significant number of calls about suspicious packages, many in the transit system. Most involved backpacks, briefcases or other items accidentally left behind by their owners. None of them, Mr. Browne said, were bombs.

There were, however, 816 calls to the hot line in 2006 that were deemed serious enough to require investigation by the department’s intelligence division or its joint terrorism task force with the F.B.I. Mr. Browne said that 109 of those calls had a connection to the transit system and included reports of suspicious people in tunnels and yards, and of people taking pictures of the tracks.

The hot line received many more calls in 2007, possibly because of the authority’s advertising campaign, Mr. Browne said. Through early December, the counterterrorism hot line received 13,473 calls, with 644 of those meriting investigation. Of that group, 45 calls were transit related.

Then there were the 11 calls about people counting.

Mr. Browne said several callers reported seeing men clicking hand-held counting devices while riding on subway trains or waiting on platforms.

The callers said that the men appeared to be Muslims and that they seemed to be counting the number of people boarding subway trains or the number of trains passing through a station. They feared the men might be collecting data to maximize the casualties in a terror attack.

But when the police looked into the claims, they determined that the men were counting prayers with the devices, essentially a modern version of rosary beads.

None of those calls led to arrests, but several others did. At least three calls resulted in arrests for trying to sell false identification, including driver’s licenses and Social Security cards. One informer told the police about a Staten Island man who was later found to have a cache of firearms. A Queens man was charged with having an illegal gun and with unlawful dealing in fireworks.

A Brooklyn man was charged with making anti-Semitic threats against his landlord and threatening to use sarin gas on him. At least two men arrested on tips from the hot line were turned over to immigration officials for deportation, Mr. Browne said.

And as long as we’re on the topic, read about the couple branded as terrorists in the UK for taking photographs in a mall. And this about a rail fan being branded a terrorist for trying to film a train. (Note that the member of the train’s crew was trying to incite the other passengers to do something about the filmer.) And about this Icelandic woman’s experience with U.S. customs because she overstayed a visa in 1995.

And lastly, this funny piece of (I trust) fiction.

Remember that every one of these incidents requires police resources to investigate, resources that almost certainly could be better spent keeping us actually safe.

Refuse to be terrorized!

Posted on January 8, 2008 at 7:53 AMView Comments

How to Secure Your Computer, Disks, and Portable Drives

Computer security is hard. Software, computer and network security are all ongoing battles between attacker and defender. And in many cases the attacker has an inherent advantage: He only has to find one network flaw, while the defender has to find and fix every flaw.

Cryptography is an exception. As long as you don’t write your own algorithm, secure encryption is easy. And the defender has an inherent mathematical advantage: Longer keys increase the amount of work the defender has to do linearly, while geometrically increasing the amount of work the attacker has to do.

Unfortunately, cryptography can’t solve most computer-security problems. The one problem cryptography can solve is the security of data when it’s not in use. Encrypting files, archives — even entire disks — is easy.

All of this makes it even more amazing that Her Majesty’s Revenue & Customs in the United Kingdom lost two disks with personal data on 25 million British citizens, including dates of birth, addresses, bank-account information and national insurance numbers. On the one hand, this is no bigger a deal than any of the thousands of other exposures of personal data we’ve read about in recent years — the U.S. Veteran’s Administration loss of personal data of 26 million American veterans is an obvious similar event. But this has turned into Britain’s privacy Chernobyl.

Perhaps encryption isn’t so easy after all, and some people could use a little primer. This is how I protect my laptop.

There are several whole-disk encryption products on the market. I use PGP Disk’s Whole Disk Encryption tool for two reasons. It’s easy, and I trust both the company and the developers to write it securely. (Disclosure: I’m also on PGP Corp.’s Technical Advisory Board.)

Setup only takes a few minutes. After that, the program runs in the background. Everything works like before, and the performance degradation is negligible. Just make sure you choose a secure password — PGP’s encouragement of passphrases makes this much easier — and you’re secure against leaving your laptop in the airport or having it stolen out of your hotel room.

The reason you encrypt your entire disk, and not just key files, is so you don’t have to worry about swap files, temp files, hibernation files, erased files, browser cookies or whatever. You don’t need to enforce a complex policy about which files are important enough to be encrypted. And you have an easy answer to your boss or to the press if the computer is stolen: no problem; the laptop is encrypted.

PGP Disk can also encrypt external disks, which means you can also secure that USB memory device you’ve been using to transfer data from computer to computer. When I travel, I use a portable USB drive for backup. Those devices are getting physically smaller — but larger in capacity — every year, and by encrypting I don’t have to worry about losing them.

I recommend one more complication. Whole-disk encryption means that anyone at your computer has access to everything: someone at your unattended computer, a Trojan that infected your computer and so on. To deal with these and similar threats I recommend a two-tier encryption strategy. Encrypt anything you don’t need access to regularly — archived documents, old e-mail, whatever — separately, with a different password. I like to use PGP Disk’s encrypted zip files, because it also makes secure backup easier (and lets you secure those files before you burn them on a DVD and mail them across the country), but you can also use the program’s virtual-encrypted-disk feature to create a separately encrypted volume. Both options are easy to set up and use.

There are still two scenarios you aren’t secure against, though. You’re not secure against someone snatching your laptop out of your hands as you’re typing away at the local coffee shop. And you’re not secure against the authorities telling you to decrypt your data for them.

The latter threat is becoming more real. I have long been worried that someday, at a border crossing, a customs official will open my laptop and ask me to type in my password. Of course I could refuse, but the consequences might be severe — and permanent. And some countries — the United Kingdom, Singapore, Malaysia — have passed laws giving police the authority to demand that you divulge your passwords and encryption keys.

To defend against both of these threats, minimize the amount of data on your laptop. Do you really need 10 years of old e-mails? Does everyone in the company really need to carry around the entire customer database? One of the most incredible things about the Revenue & Customs story is that a low-level government employee mailed a copy of the entire national child database to the National Audit Office in London. Did he have to? Doubtful. The best defense against data loss is to not have the data in the first place.

Failing that, you can try to convince the authorities that you don’t have the encryption key. This works better if it’s a zipped archive than the whole disk. You can argue that you’re transporting the files for your boss, or that you forgot the key long ago. Make sure the time stamp on the files matches your claim, though.

There are other encryption programs out there. If you’re a Windows Vista user, you might consider BitLocker. This program, embedded in the operating system, also encrypts the computer’s entire drive. But it only works on the C: drive, so it won’t help with external disks or USB tokens. And it can’t be used to make encrypted zip files. But it’s easy to use, and it’s free.

This essay previously appeared on Wired.com.

EDITED TO ADD (12/14): Lots of people have pointed out that the free and open-source program TrueCrypt is a good alternative to PGP Disk. I haven’t used or reviewed the program at all.

Posted on December 4, 2007 at 6:40 AMView Comments

More "War on the Unexpected"

The “War on the Unexpected” is being fought everywhere.

In Australia:

Bouncers kicked a Melbourne man out of a Cairns pub after paranoid patrons complained that he was reading a book called The Unknown Terrorist.

At the U.S. border with Canada:

A Canadian firetruck responding with lights and sirens to a weekend fire in Rouses Point, New York, was stopped at the U.S. border for about eight minutes, U.S. border officials said Tuesday.

[…]

The Canadian firefighters “were asked for IDs,” Trombley said. “I believe they even ran the license plate on the truck to make sure it was legal.”

In the UK:

A man who had gone into a diabetic coma on a bus in Leeds was shot twice with a Taser gun by police who feared he may have been a security threat.

In Maine:

A powdered substance that led to a baggage claim being shut down for nearly six hours at the Portland International Jetport was a mixture of flour and sugar, airport officials said Thursday.

Fear is winning. Refuse to be terrorized, people.

Posted on November 21, 2007 at 6:39 AMView Comments

Canadian Privacy Commissioner Comments on the No-Fly List

Refreshingly sensible:

Stoddart told inquiry Commissioner John Major she is concerned that people could be placed on the list in error and face dire consequences if their identities are then disclosed to the RCMP or passed on to police agencies in other countries.

And she questioned why, if people are so dangerous that they can’t get on a plane, they are deemed safe to travel by other means in Canada.

[…]

Between June 28, when the program came into effect, and the end of September, no passengers were turned away because of the list, the inquiry heard. Stoddart said that information only increases her suspicion about the value of the program.

“I think it only deepens the mystery of the rationale, the usefulness of this,” Stoddart said. “The program is totally opaque.”

Major suggested that perhaps less extreme measures could be taken. For example, individuals on the list might be able to undergo extra screening so they could be allowed to travel.

[…]

“We are looking to avoid what happened in 9/11. Presumably it’s to keep dangerous people capable of blowing planes up — or capturing them — off the plane. It seems difficult that you can do that by a name (on a list) alone.”

Other members of Stoddart’s staff added there are concerns someone could be stranded in Canada after arriving without incident, only to be prevented from boarding their return flight.

Posted on November 13, 2007 at 12:25 PMView Comments

Assurance

Over the past several months, the state of California conducted the most comprehensive security review yet of electronic voting machines. People I consider to be security experts analyzed machines from three different manufacturers, performing both a red-team attack analysis and a detailed source code review. Serious flaws were discovered in all machines and, as a result, the machines were all decertified for use in California elections.

The reports are worth reading, as is much of the blog commentary on the topic. The reviewers were given an unrealistic timetable and had trouble getting needed documentation. The fact that major security vulnerabilities were found in all machines is a testament to how poorly they were designed, not to the thoroughness of the analysis. Yet California Secretary of State Debra Bowen has conditionally recertified the machines for use, as long as the makers fix the discovered vulnerabilities and adhere to a lengthy list of security requirements designed to limit future security breaches and failures.

While this is a good effort, it has security completely backward. It begins with a presumption of security: If there are no known vulnerabilities, the system must be secure. If there is a vulnerability, then once it’s fixed, the system is again secure. How anyone comes to this presumption is a mystery to me. Is there any version of any operating system anywhere where the last security bug was found and fixed? Is there a major piece of software anywhere that has been, and continues to be, vulnerability-free?

Yet again and again we react with surprise when a system has a vulnerability. Last weekend at the hacker convention DefCon, I saw new attacks against supervisory control and data acquisition (SCADA) systems — those are embedded control systems found in infrastructure systems like fuel pipelines and power transmission facilities — electronic badge-entry systems, MySpace, and the high-security locks used in places like the White House. I will guarantee you that the manufacturers of these systems all claimed they were secure, and that their customers believed them.

Earlier this month, the government disclosed that the computer system of the US-Visit border control system is full of security holes. Weaknesses existed in all control areas and computing device types reviewed, the report said. How exactly is this different from any large government database? I’m not surprised that the system is so insecure; I’m surprised that anyone is surprised.

We’ve been assured again and again that RFID passports are secure. When researcher Lukas Grunwald successfully cloned one last year at DefCon, we were told there was little risk. This year, Grunwald revealed that he could use a cloned passport chip to sabotage passport readers. Government officials are again downplaying the significance of this result, although Grunwald speculates that this or another similar vulnerability could be used to take over passport readers and force them to accept fraudulent passports. Anyone care to guess who’s more likely to be right?

It’s all backward. Insecurity is the norm. If any system — whether a voting machine, operating system, database, badge-entry system, RFID passport system, etc. — is ever built completely vulnerability-free, it’ll be the first time in the history of mankind. It’s not a good bet.

Once you stop thinking about security backward, you immediately understand why the current software security paradigm of patching doesn’t make us any more secure. If vulnerabilities are so common, finding a few doesn’t materially reduce the quantity remaining. A system with 100 patched vulnerabilities isn’t more secure than a system with 10, nor is it less secure. A patched buffer overflow doesn’t mean that there’s one less way attackers can get into your system; it means that your design process was so lousy that it permitted buffer overflows, and there are probably thousands more lurking in your code.

Diebold Election Systems has patched a certain vulnerability in its voting-machine software twice, and each patch contained another vulnerability. Don’t tell me it’s my job to find another vulnerability in the third patch; it’s Diebold’s job to convince me it has finally learned how to patch vulnerabilities properly.

Several years ago, former National Security Agency technical director Brian Snow began talking about the concept of “assurance” in security. Snow, who spent 35 years at the NSA building systems at security levels far higher than anything the commercial world deals with, told audiences that the agency couldn’t use modern commercial systems with their backward security thinking. Assurance was his antidote:

Assurances are confidence-building activities demonstrating that:

  1. The system’s security policy is internally consistent and reflects the requirements of the organization,
  2. There are sufficient security functions to support the security policy,
  3. The system functions to meet a desired set of properties and only those properties,
  4. The functions are implemented correctly, and
  5. The assurances hold up through the manufacturing, delivery and life cycle of the system.

Basically, demonstrate that your system is secure, because I’m just not going to believe you otherwise.

Assurance is less about developing new security techniques than about using the ones we have. It’s all the things described in books like Building Secure Software, Software Security and Writing Secure Code. It’s some of what Microsoft is trying to do with its Security Development Lifecycle (SDL). It’s the Department of Homeland Security’s Build Security In program. It’s what every aircraft manufacturer goes through before it puts a piece of software in a critical role on an aircraft. It’s what the NSA demands before it purchases a piece of security equipment. As an industry, we know how to provide security assurance in software and systems; we just tend not to bother.

And most of the time, we don’t care. Commercial software, as insecure as it is, is good enough for most purposes. And while backward security is more expensive over the life cycle of the software, it’s cheaper where it counts: at the beginning. Most software companies are short-term smart to ignore the cost of never-ending patching, even though it’s long-term dumb.

Assurance is expensive, in terms of money and time for both the process and the documentation. But the NSA needs assurance for critical military systems; Boeing needs it for its avionics. And the government needs it more and more: for voting machines, for databases entrusted with our personal information, for electronic passports, for communications systems, for the computers and systems controlling our critical infrastructure. Assurance requirements should be common in IT contracts, not rare. It’s time we stopped thinking backward and pretending that computers are secure until proven otherwise.

This essay originally appeared on Wired.com.

Posted on August 9, 2007 at 8:19 AMView Comments

Vulnerabilities in the DHS Networks

Wired.com has the story:

Congress asked Homeland Security’s chief information officer, Scott Charbo, who has a Masters in plant science, to account for more than 800 self-reported vulnerabilities over the last two years and for recently uncovered systemic security problems in US-VISIT, the massive computer network intended to screen and collect the fingerprints and photos of visitors to the United States.

Charbo’s main tactic before the House Homeland Security subcommittee Wednesday was to downplay the seriousness of the threats and to characterize the security investigation of US-VISIT as simultaneously old news and news so new he hasn’t had time to meet with the investigators.

“Key systems operated by Customs and Border Patrol were riddled by control weaknesses,” the Government Accountability Office’s director of Information Security issues Gregory Wilshusen told the committee. Poor security practices and a lack of an authoritative internal map of how various systems interconnect increases the risk that contractors, employees or would-be hackers can or have penetrated and disrupted key DHS computer systems, Wilshusen and Keith Rhodes Director, the GAO’s director of the Center for Technology and Engineering told the committee.

Posted on June 22, 2007 at 10:37 AMView Comments

RFID in People Access Security Services (PASS) Cards

Last November, the Data Privacy and Integrity Advisory Committee of the Department of Homeland Security recommended against putting RFID chips in identity cards. DHS ignored them, and went ahead with the project anyway. Now, the Smart Card Alliance is criticizing the DHS’s RFID program for cross-border identification, basically saying that it is making the very mistakes the Data Privacy and Integrity Advisory Committee warned about.

Posted on May 30, 2007 at 6:50 AMView Comments

Department of Homeland Security Not Focused on Terrorism

I thought terrorism is why we have a DHS, but they’ve been preoccupied with other things:

Of the 814,073 people charged by DHS in immigration courts during the past three years, 12 faced charges of terrorism, TRAC said.

Those 12 cases represent 0.0015 percent of the total number of cases filed.

“The DHS claims it is focused on terrorism. Well that’s just not true,” said David Burnham, a TRAC spokesman. “Either there’s no terrorism, or they’re terrible at catching them. Either way it’s bad for all of us.”

The TRAC analysis also found that DHS filed a minuscule number of what are called “national security” charges against people in the immigration courts. The report stated that 114, or 0.014 percent of the total of roughly 800,000 individuals charged were charged with national security violations.

TRAC reported more than 85 percent of the charges involved more common immigration violations such as not having a valid immigrant visa, overstaying a student visa or entering the United States without an inspection.

TRAC is a great group, and I recommend wandering around their site if you’re interested in what the U.S. government is actually doing.

Posted on May 29, 2007 at 1:59 PMView Comments

GAO Report on International Passenger Prescreening

From the U.S. GAO: “Aviation Security: Efforts to Strengthen International Prescreening are Under Way, but Planning and Implementations Remain,” May 2007.

What GAO Found

Customs and Border Protection (CBP), the Department of Homeland Security (DHS) agency responsible for international passenger prescreening, has planned or is taking several actions designed to strengthen the aviation passenger prescreening process. One such effort involves CBP stationing U.S. personnel overseas to evaluate the authenticity of the travel documents of certain high-risk passengers prior to boarding U.S.-bound flights. Under this pilot program, called the Immigration Advisory Program (IAP), CBP officers personally interview some passengers deemed to be high-risk and evaluate the authenticity and completeness of these passengers’ travel documents. IAP officers also provide technical assistance and training to air carrier staff on the identification of improperly documented passengers destined for the United States. The IAP has been tested at several foreign airports and CBP is negotiating with other countries to expand it elsewhere and to make certain IAP sites permanent. Successful implementation of the IAP rests, in part, on CBP clearly defining the goals and objectives of the program through the development of a strategic plan.

A second aviation passenger prescreening effort designed to strengthen the passenger prescreening process is intended to align international passenger prescreening with a similar program (currently under development) for prescreening passengers on domestic flights. The Transportation Security Administration (TSA) — a separate agency within DHS — is developing a domestic passenger prescreening program called Secure Flight. If CBP’s international prescreening program and TSA’s Secure Flight program are not effectively aligned once Secure Flight becomes operational, this could result in separate implementation requirements for air carriers and increased costs for both air carriers and the government. CBP and TSA officials stated that they are taking steps to coordinate their prescreening efforts, but they have not yet made all key policy decisions.

In addition to these efforts to strengthen certain international aviation passenger prescreening procedures, one other issue requires consideration in the context of these efforts. This issue involves DHS providing the traveling public with assurances of privacy protection as required by federal privacy law. Federal privacy law requires agencies to inform the public about how the government uses their personal information. Although CBP officials have stated that they have taken and are continuing to take steps to comply with these requirements, the current prescreening process allows passenger information to be used in multiple prescreening procedures and transferred among various CBP prescreening systems in ways that are not fully explained in CBP’s privacy disclosures. If CBP does not issue all appropriate disclosures, the traveling public will not be fully aware of how their personal information is being used during the passenger prescreening process.

Posted on May 23, 2007 at 7:18 AMView Comments

U.S./Canadian Dispute over Border Crossing Procedures

Interesting:

The main sticking point was Homeland’s unwillingness to accept Canada’s legal problem with having U.S. authorities take fingerprints of people who approach the border but decide not to cross.

Canadian law doesn’t permit fingerprinting unless someone volunteers or has been charged with a crime.

Canada’s assurances that it would co-operate in investigating any suspicious person who approaches the border weren’t enough, said one Capitol Hill source.

“The Attorney General’s office really just wants to grab as much biometric information as it can,” said the source.

Posted on May 6, 2007 at 12:35 PMView Comments

1 3 4 5 6 7 9

Sidebar photo of Bruce Schneier by Joe MacInnis.