Entries Tagged "public transit"

Page 1 of 7

Lessons from Biological Security

Nice essay:

The biological world is also open source in the sense that threats are always present, largely unpredictable, and always changing. Because of this, defensive measures that are perfectly designed for a particular threat leave you vulnerable to other ones. Imagine if our immune system were designed to deal only with a single strain of flu. In fact, our immune system works because it looks for the full spectrum of invaders ­ low-level viral infections, bacterial parasites, or virulent strains of a pandemic disease. Too often, we create security measures ­ such as the Department of Homeland Security’s BioWatch program ­ that spend too many resources to deal specifically with a very narrow range of threats on the risk spectrum.

Advocates of full-spectrum approaches for biological and chemical weapons argue that weaponized agents are really a very small part of the risk and that we are better off developing strategies ­ like better public-health-response systems ­ that can deal with everything from natural mutations of viruses to lab accidents to acts of terrorism. Likewise, cyber crime is likely a small part of your digital-security risk spectrum.

A full-spectrum approach favors generalized health over specialized defenses, and redundancy over efficiency. Organisms in nature, despite being constrained by resources, have evolved multiply redundant layers of security. DNA has multiple ways to code for the same proteins so that viral parasites can’t easily hack it and disrupt its structure. Multiple data-backup systems are a simple method that most sensible organizations employ, but you can get more clever than that. For example, redundancy in nature sometimes takes the form of leaving certain parts unsecure to ensure that essential parts can survive attack. Lizards easily shed their tails to predators to allow the rest of the body (with the critical reproductive machinery) to escape. There may be sacrificial systems or information you can offer up as a decoy for a cyber-predator, in which case an attack becomes an advantage, allowing your organization to see the nature of the attacker and giving you time to add further security in the critical part of your information infrastructure.

I recommend his book, Learning from the Octopus: How Secrets from Nature Can Help Us Fight Terrorist Attacks, Natural Disasters, and Disease.

Posted on June 27, 2013 at 6:34 AMView Comments

The Japanese Response to Terrorism

Lessons from Japan’s response to Aum Shinrikyo:

Yet what’s as remarkable as Aum’s potential for mayhem is how little of it, on balance, they actually caused. Don’t misunderstand me: Aum’s crimes were horrific, not merely the terrible subway gassing but their long history of murder, intimidation, extortion, fraud, and exploitation. What they did was unforgivable, and the human cost, devastating. But at no point did Aum Shinrikyo represent an existential threat to Japan or its people. The death toll of Aum was several dozen; again, a terrible human cost, but not an existential threat. At no time was the territorial integrity of Japan threatened. At no time was the operational integrity of the Japanese government threatened. At no time was the day-to-day operation of the Japanese economy meaningfully threatened. The threat to the average Japanese citizen was effectively nil.

Just as important was what the Japanese government and people did not do. They didn’t panic. They didn’t make sweeping changes to their way of life. They didn’t implement a vast system of domestic surveillance. They didn’t suspend basic civil rights. They didn’t begin to capture, torture, and kill without due process. They didn’t, in other words, allow themselves to be terrorized. Instead, they addressed the threat. They investigated and arrested the cult’s leadership. They tried them in civilian courts and earned convictions through due process. They buried their dead. They mourned. And they moved on. In every sense, it was a rational, adult, mature response to a terrible terrorist act, one that remained largely in keeping with liberal democratic ideals.

Posted on June 21, 2013 at 6:25 AMView Comments

Security Fears of Wi-Fi in London Underground

The London Underground is getting Wi-Fi. Of course there are security fears:

But Will Geddes, founder of ICP Group which specialises in reducing terror or technology-related threats, said the plan was problematic.

He said: “There are lots of implications in terms of terrorism and security.

“This will enable people to use their laptop on the Tube as if it was a cell phone.”

Mr Geddes said there had been numerous examples of bomb attacks detonated remotely by mobile phone in Afghanistan and Iraq.

He warned a wi-fi system would enable a terror cell to communicate underground.

And he said “Trojan” or eavesdropping software could be used to penetrate users’ laptops and garner information such as bank details.

Mr Geddes added: “Eavesdropping software can be found and downloaded within minutes.”

This is just silly. We could have a similar conversation regarding any piece of our infrastructure. Yes, the bad guys could use it, just as they use telephones and automobiles and all-night restaurants. If we didn’t deploy technologies because of this fear, we’d still be living in the Middle Ages.

Posted on April 13, 2011 at 1:14 PMView Comments

This Suspicious Photography Stuff Is Confusing

See:

Last week, Metro Transit Police received a report from a rider about suspicious behavior at the L’Enfant Plaza station and on an Orange Line train to Vienna.

The rider told Metro he saw two men acting suspiciously and videotaping platforms, trains and riders.

“The men, according to the citizen report, were trying to be inconspicuous, holding the cameras at their sides,” Metro spokesman Steven Taubenkibel says.

The rider was able to photograph the men who were videotaping and sent the photo to Metro Transit Police.

I assume the rider took that photo inconspicuously, too, which means that he’s now suspicious.

How will this all end?

EDITED TO ADD (12/27): In the comments I was asked about reconciling good profiling with this sort of knee-jerk photography=suspicious nonsense. It’s complicated, and I wrote about it here in 2007. This, from 2004, is also relevant.

Posted on December 27, 2010 at 6:12 AMView Comments

Did the FBI Invent the D.C. Bomb Plot?

Last week the police arrested Farooque Ahmed for plotting a terrorist attack on the D.C. Metro system. However, it’s not clear how much of the plot was his idea and how much was the idea of some paid FBI informants:

The indictment offers some juicy tidbits — Ahmed allegedly proposed using rolling suitcases instead of backpacks to bomb the Metro — but it is notably thin in details about the role of the FBI. It is not clear, for example, whether Ahmed or the FBI (or some combination of the two) came up with the concept of bombing the Metro in the first place. And the indictment does not say when and why Ahmed first encountered the people he believed to be members of al-Qaida.

Of course the police are now using this fake bomb plot to justify random bag searching in the Metro. (It’s a dumb idea.)

This is the problem with thoughtcrime. Entrapment is much too easy.

EDITED TO ADD (11/4): Much the same thing was written in The Economist blog.

Posted on November 3, 2010 at 7:06 AMView Comments

The Ineffectiveness of Vague Security Warnings

From Slate:

We do nothing, first and foremost, because there is nothing we can do. Unless the State Department gets specific—­e.g., “don’t go to the Eiffel Tower tomorrow”—information at that level of generality is completely meaningless. Unless we are talking about weapons of mass destruction, the chances of being hit by a car while crossing the street are still greater than the chances of being on the one plane or one subway car that comes under attack. Besides, nobody living or working in a large European city (or even a small one) can indefinitely avoid coming within close proximity of “official and private” structures affiliated with U.S. interests—­a Hilton hotel, an Apple computer store­—not to mention subways, trains, airplanes, boats, and all other forms of public transportation.

Second, we do nothing because if the language is that vague, nobody is really sure why the warning has been issued in the first place. Obviously, if the U.S. government knew who the terrorists were and what they were going to attack, it would arrest them and stop them. If it can’t do any better than “tourist infrastructure” and public transportation, it doesn’t really know anything at all.

[…]

In truth, the only people who can profit from such a warning are the officials who have issued it in the first place. If something does happen, they are covered. They warned us, they told us in advance, they won’t be criticized or forced to resign. And if nothing happens, we’ll all forget about it anyway.

Except that we don’t forget about it. Over time, these enigmatic warnings do al-Qaida’s work for them, scaring people without cause. Without so much as lifting a finger, Osama Bin Laden disrupts our sense of security and well-being. At the same time, they put the U.S. government in the position of the boy who cried wolf. The more often general warnings are issued, the less likely we are to heed them. We are perhaps unsettled or unnerved, but we don’t know what to do. So we do nothing­—and wish that we’d been told nothing, as well.

I wrote much the same thing in 2004, about the DHS’s vague terrorist warnings and the color-coded threat advisory system.

EDITED TO ADD (10/13): Another article.

Posted on October 8, 2010 at 12:49 PMView Comments

Security Theater on the Boston T

Since a fatal crash a few years ago, Boston T (their subway) operators have been forbidden from using — or even having — cell phones while on the job. Passengers are encouraged to report violators. But sometimes T operators need to use their official radios on the job, and passengers can’t tell the difference. The solution: orange tape:

The solution? Goodbye, sober black; hello, bright orange, a hue so vivid that, MBTA officials hope, no one will mistake the radios for phones anymore. Workers at the agency’s car barns and garages are in the process of outfitting every handset in the fleet with strips of reflective tape emblazoned with T logos.

[…]

… a small but steady number of hot line tips have been found to be cases of drivers or operators communicating with dispatch by radio, according to video and operations-center call logs.

That is where the electric-orange tape should help, Davey said. Over the past two months, the tape has been applied to handheld radios on about 95 percent of the T’s 1,050 buses (each of which has one handset) and one-fourth of its nearly 210 double-ended Green Line trolleys, which have handsets at each end. The rest of the Green Line and the Orange, Blue, and Red line radios will follow.

Taisha O’Bryant, a Roxbury resident who serves as chairwoman of the T Riders Union, said she is more concerned with the frequency and reliability of bus service than the appearance of bus radios. But she said it is a good thing if a driver or operator can call dispatch in the event of a breakdown or service problem without worrying about appearing to talk on a cellphone, and she hailed the cellphone ban.

Of course, no T operator would ever think of putting bright orange tape on his cell phone. Because if he did that, the passengers would immediately know not to report him.

Posted on August 30, 2010 at 5:31 AMView Comments

"If You See Something, Say Something"

That slogan is owned by New York’s Metropolitan Transit Authority (the MTA).

Since obtaining the trademark in 2007, the authority has granted permission to use the phrase in public awareness campaigns to 54 organizations in the United States and overseas, like Amtrak, the Chicago Transit Authority, the emergency management office at Stony Brook University and three states in Australia.

Of course, you’re only supposed to say something if you see something you think is terrorism:

Some requests have been rejected, including one from a university that wanted to use it to address a series of dormitory burglaries.

“The intent of the slogan is to focus on terrorism activity, not crime, and we felt that use in other spheres would water down its effectiveness,” said Christopher Boylan, an M.T.A. spokesman.

Not that it’s very effective.

The campaign urges people to call a counter-terrorism hot line, 1-888-NYC-SAFE. Police officials said 16,191 calls were received last year, down from 27,127 in 2008.

That’s a lot of wasted manpower, dealing with all those calls.

Of course, the vendors in Times Square who saw the smoking Nissan Pathfinder two weeks ago didn’t call that number.

And, as I’ve written previously, “if you ask amateurs to act as front-line security personnel, you shouldn’t be surprised when you get amateur security.” People don’t need to be reminded to call the police; the slogan is nothing more than an invitation to report people who are different.

EDITED TO ADD (5/14): Nice article illustrating how ineffective the campaign is.

Posted on May 12, 2010 at 7:08 AMView Comments

Terrorist Attacks and Comparable Risks, Part 2

John Adams argues that our irrationality about comparative risks depends on the type of risk:

With “pure” voluntary risks, the risk itself, with its associated challenge and rush of adrenaline, is the reward. Most climbers on Mount Everest know that it is dangerous and willingly take the risk. With a voluntary, self-controlled, applied risk, such as driving, the reward is getting expeditiously from A to B. But the sense of control that drivers have over their fates appears to encourage a high level of tolerance of the risks involved.

Cycling from A to B (I write as a London cyclist) is done with a diminished sense of control over one’s fate. This sense is supported by statistics that show that per kilometre travelled a cyclist is 14 times more likely to die than someone in a car. This is a good example of the importance of distinguishing between relative and absolute risk. Although 14 times greater, the absolute risk of cycling is still small — 1 fatality in 25 million kilometres cycled; not even Lance Armstrong can begin to cover that distance in a lifetime of cycling. And numerous studies have demonstrated that the extra relative risk is more than offset by the health benefits of regular cycling; regular cyclists live longer.

While people may voluntarily board planes, buses and trains, the popular reaction to crashes in which passengers are passive victims, suggests that the public demand a higher standard of safety in circumstances in which people voluntarily hand over control of their safety to pilots, or to bus or train drivers.

Risks imposed by nature — such as those endured by those living on the San Andreas Fault or the slopes of Mount Etna — or impersonal economic forces — such as the vicissitudes of the global economy — are placed in the middle of the scale. Reactions vary widely. They are usually seen as motiveless and are responded to fatalistically – unless or until the threat appears imminent.

Imposed risks are less tolerated. Consider mobile phones. The risk associated with the handsets is either non-existent or very small. The risk associated with the base stations, measured by radiation dose, unless one is up the mast with an ear to the transmitter, is orders of magnitude less. Yet all round the world billions are queuing up to take the voluntary risk, and almost all the opposition is focussed on the base stations, which are seen by objectors as impositions. Because the radiation dose received from the handset increases with distance from the base station, to the extent that campaigns against the base stations are successful, they will increase the distance from the base station to the average handset, and thus the radiation dose. The base station risk, if it exist, might be labelled a benignly imposed risk; no one supposes that the phone company wishes to murder all those in the neighbourhood.

Less tolerated are risks whose imposers are perceived as motivated by profit or greed. In Europe, big biotech companies such as Monsanto are routinely denounced by environmentalist opponents for being more concerned with profits than the welfare of the environment or the consumers of its products.

Less tolerated still are malignly imposed risks — crimes ranging from mugging to rape and murder. In most countries in the world the number of deaths on the road far exceeds the numbers of murders, but far more people are sent to jail for murder than for causing death by dangerous driving. In the United States in 2002 16,000 people were murdered — a statistic that evoked far more popular concern than the 42,000 killed on the road — but far less than the 25 killed by terrorists.

This isn’t a new result, but it’s vital to understand how people react to different risks.

Posted on April 13, 2010 at 1:18 PMView Comments

1 2 3 7

Sidebar photo of Bruce Schneier by Joe MacInnis.