Schneier on Security: Tagged police

Entries Tagged "police"

Page 26 of 28

UK Police and Encryption

Police last night told Tony Blair that they need sweeping new powers to counter the terrorist threat, including the right to detain a suspect for up to three months without charge instead of the current 14 days….

They also want to make it a criminal offence for suspects to refuse to cooperate in giving the police full access to computer files by refusing to disclose their encryption keys.

On Channel 4 News today, Sir Ian Blair was asked why the police wanted to extend the time they could hold someone without charges from 14 days to 3 months. Part of his answer was that they sometimes needed to access encrypted computer files and 14 days was not enough time for them to break the encryption.

There’s something fishy going on here.

It’s certainly possible that password-guessing programs are more successful with three months to guess. But the Regulation of Investigatory Powers (RIP) Act, which went into effect in 2000, already allows the police to jail people who don’t surrender encryption keys:

If intercepted communications are encrypted (encoded and made secret), the act will force the individual to surrender the keys (pin numbers which allow users to decipher encoded data), on pain of jail sentences of up to two years.

Posted on July 27, 2005 at 3:00 PM • View Comments

Shoot-to-Kill

We’ve recently learned that London’s Metropolitan Police has a shoot-to-kill policy when dealing with suspected suicide terrorists. The theory is that only a direct headshot will kill the terrorist immediately, and thus destroy the ability to execute a bombing attack.

Roy Ramm, former Met Police specialist operations commander, said the rules for confronting potential suicide bombers had recently changed to “shoot to kill”….

Mr Ramm said the danger of shooting a suspected suicide bomber in the body was that it could detonate a bomb they were carrying on them.

“The fact is that when you’re dealing with suicide bombers they only way you can stop them effectively—and protect yourself—is to try for a head-shot,” he said.

This policy is based on the extremely short-sighted assumption that a terrorist needs to push buttons to make a bomb explode. In fact, ever since World War I, the most common type of bomb carried by a person has been the hand grenade. It is entirely conceivable, especially when a shoot-to-kill policy is known to be in effect, that suicide bombers will use the same kind of dead-man’s trigger on their bombs: a detonate that is activated when a button is released, rather than when it is pushed.

This is a difficult one. Whatever policy you choose, the terrorists will adapt to make that policy the wrong one.

The police are now sorry they accidentally killed an innocent they suspected of being a suicide bomber, but I can certainly understand the mistake. In the end, the best solution is to train police officers and then leave the decision to them. But honestly, policies that are more likely to result in living incarcerated suspects—and recover well from false alarms—that can be interrogated are better than policies that are more likely to result in corpses.

EDITED TO ADD these comments by Nicholas Weaver:

“One other thing: The suspect was on the ground, and immobilized. Thus the decision was made to shoot the suspect, repeatedly (7 times) in the head, based on the perception that he could have been a suicide attacker (who dispite being a suicide attacker, wasn’t holding a dead-man’s switch. Or heck, wire up the bomb to a $50 heart-rate monitor).

“If this is policy, it is STUPID: There is an easy way for the attackers to counter it, and when you have a subway execution of an innocent man, the damage (in the hearts and minds of british muslims) is immense.

“One thing to remember:

“These were NON uniformed officers, and the suspect was brasilian (and probably didn’t speak very good english).

“Why did he run? What would YOU do if three individuals accosted you, speaking a language which you were unfamiliar with, drawing weapons? You would RUN LIKE HELL!

“I find the blaming the victim (‘but he was running!’) reprehensible.”

ANOTHER EDIT: The consensus seems to be that he spoke English well enough. I don’t think we can blame the officers without a whole lot more details about what happened, and possibly not even then. Clearly they were under a lot of stress, and made a split-second decision.

But I think we can reasonably criticize the shoot-to-kill policy that the officers were following. That policy is a threat to our security, and our society.

Posted on July 25, 2005 at 1:59 PM • View Comments

Searching Bags in Subways

The New York City police will begin randomly searching people’s bags on subways, buses, commuter trains, and ferries.

“The police can and should be aggressively investigating anyone they suspect is trying to bring explosives into the subway,” said Christopher Dunn, associate legal director at the New York Civil Liberties Union. “However, random police searches of people without any suspicion of wrongdoing are contrary to our most basic constitutional values. This is a very troubling announcement.”

If the choice is between random searching and profiling, then random searching is a more effective security countermeasure. But Dunn is correct above when he says that there are some enormous trade-offs in liberty. And I don’t think we’re getting very much security in return.

Especially considering this:

[Police Commissioner Raymond] Kelly stressed that officers posted at subway entrances would not engage in racial profiling, and that passengers are free to “turn around and leave.”

“Okay guys; here are your explosives. If one of you gets singled out for a search, just turn around and leave. And then go back in via another entrance, or take a taxi to the next subway stop.”

And I don’t think they’ll be truly random, either. I think the police doing the searching will profile, because that’s what happens.

It’s another “movie plot threat.” It’s another “public relations security system.” It’s a waste of money, it substantially reduces our liberties, and it won’t make us any safer.

Final note: I often get comments along the lines of “Stop criticizing stuff; tell us what we should do.” My answer is always the same. Counterterrorism is most effective when it doesn’t make arbitrary assumptions about the terrorists’ plans. Stop searching bags on the subways, and spend the money on 1) intelligence and investigation—stopping the terrorists regardless of what their plans are, and 2) emergency response—lessening the impact of a terrorist attack, regardless of what the plans are. Countermeasures that defend against particular targets, or assume particular tactics, or cause the terrorists to make insignificant modifications in their plans, or that surveil the entire population looking for the few terrorists, are largely not worth it.

EDITED TO ADD: A Citizen’s Guide to Refusing New York Subway Searches.

Posted on July 22, 2005 at 6:27 AM • View Comments

London Bombing and the Usefulness of Terrorist Watch Lists

According to the London Times:

Security sources confirmed that none of the bombers was on any MI5 file, although one had links to a person investigated by police.

Posted on July 15, 2005 at 10:33 AM • View Comments

Stealing WiFi Access

Interesting:

Police have arrested a man for using someone else’s wireless Internet network in one of the first criminal cases involving this fairly common practice.

Near as I can tell, there was no other criminal activity involved. The man who used someone else’s wireless wasn’t doing anything wrong it it; he was just using the Internet.

Posted on July 13, 2005 at 12:39 PM • View Comments

Security Risks of Street Photography

Interesting article on the particular art form of street photography. One ominous paragraph:

More onerous are post-9/11 restrictions that have placed limits on photographing in public settings. Tucker has received e-mails from professionals detained by authorities for photographing bridges and elevated trains. “There are places where photographing people on the street may become illegal,” observes Westerbeck.

Sad.

Posted on July 13, 2005 at 8:38 AM • View Comments

Your ISP May Be Spying on You

From News.com:

The U.S. Department of Justice is quietly shopping around the explosive idea of requiring Internet service providers to retain records of their customers’ online activities.

Data retention rules could permit police to obtain records of e-mail chatter, Web browsing or chat-room activity months after Internet providers ordinarily would have deleted the logs—that is, if logs were ever kept in the first place. No U.S. law currently mandates that such logs be kept.

I think the big idea here is that the Internet makes a massive surveillance society so easy. And data storage will only get cheaper.

Posted on June 28, 2005 at 8:16 AM • View Comments

DNA Identification

Here’s an interesting application of DNA identification. Instead of searching for your DNA at the crime scene, they search for the crime-scene DNA on you.

The system, called Sentry, works by fitting a box containing a powder spray above a doorway which, once primed, goes into alert mode if the door is opened.

It then sprays the powder when there is movement in the doorway again.

The aim is to catch a burglar in the act as stolen items are being removed.

The intruder is covered in the bright red powder, which glows under ultraviolet (UV) light and can only be removed with heavy scrubbing.

However, the harmless synthetic DNA contained in the powder sinks into the skin and takes several days, depending on the person’s metabolism, to work its way out.

Posted on June 22, 2005 at 8:39 AM • View Comments

Speeding Ticket Avoidance

This is a very popular security-related field, and one that every driver is at least somewhat interested in.

This site is run by an ex-policeman, and feels authoritative. He places a lot of emphasis on education; installing a fancy radar detector isn’t doing to do much for you unless you know how to use it correctly.

Here’s a product that seems to counter the threat of aerial license-plate scanners.

This spray claims to make your license plate invisible to cameras. I have no idea if it works.

One final note: the ex-cop is offering a $5,000 reward for the first person who can point him to a passive laser jammer that works.

Posted on June 21, 2005 at 9:15 AM • View Comments

State-Sponsored Identity Theft

In an Ohio sting operation at a strip bar, a 22-year-old student intern with the United States Marshals Service was given a fake identity so she could work undercover at the club. But instead of giving her a fabricated identity, the police gave her the identity of another woman living in another Ohio city. And they didn’t tell the other woman.

Oddly enough, this is legal. According to Ohio’s identity theft law, the police are allowed to do it. More specifically, the crime cannot be prosecuted if:

The person or entity using the personal identifying information is a law enforcement agency, authorized fraud personnel, or a representative of or attorney for a law enforcement agency or authorized fraud personnel and is using the personal identifying information in a bona fide investigation, an information security evaluation, a pretext calling evaluation, or a similar matter.

I have to admit that I’m stunned. I naively assumed that the police would have a list of Social Security numbers that would never be given to real people, numbers that could be used for purposes such as this. Or at least that they would use identities of people from other parts of the country after asking for permission. (I’m sure people would volunteer to help out the police.) It never occurred to me that they would steal the identity of random citizens. What could they be thinking?

Posted on April 18, 2005 at 3:02 PM • View Comments

←Previous 1 … 24 25 26 27 28 Next→

Sidebar photo of Bruce Schneier by Joe MacInnis.