Entries Tagged "trust"

Page 12 of 16

Audit

As the first digital president, Barack Obama is learning the hard way how difficult it can be to maintain privacy in the information age. Earlier this year, his passport file was snooped by contract workers in the State Department. In October, someone at Immigration and Customs Enforcement leaked information about his aunt’s immigration status. And in November, Verizon employees peeked at his cell phone records.

What these three incidents illustrate is not that computerized databases are vulnerable to hacking—we already knew that, and anyway the perpetrators all had legitimate access to the systems they used—but how important audit is as a security measure.

When we think about security, we commonly think about preventive measures: locks to keep burglars out of our homes, bank safes to keep thieves from our money, and airport screeners to keep guns and bombs off airplanes. We might also think of detection and response measures: alarms that go off when burglars pick our locks or dynamite open bank safes, sky marshals on airplanes who respond when a hijacker manages to sneak a gun through airport security. But audit, figuring out who did what after the fact, is often far more important than any of those other three.

Most security against crime comes from audit. Of course we use locks and alarms, but we don’t wear bulletproof vests. The police provide for our safety by investigating crimes after the fact and prosecuting the guilty: that’s audit.

Audit helps ensure that people don’t abuse positions of trust. The cash register, for example, is basically an audit system. Cashiers have to handle the store’s money. To ensure they don’t skim from the till, the cash register keeps an audit trail of every transaction. The store owner can look at the register totals at the end of the day and make sure the amount of money in the register is the amount that should be there.

The same idea secures us from police abuse, too. The police have enormous power, including the ability to intrude into very intimate aspects of our life in order to solve crimes and keep the peace. This is generally a good thing, but to ensure that the police don’t abuse this power, we put in place systems of audit like the warrant process.

The whole NSA warrantless eavesdropping scandal was about this. Some misleadingly painted it as allowing the government to eavesdrop on foreign terrorists, but the government always had that authority. What the government wanted was to not have to submit a warrant, even after the fact, to a secret FISA court. What they wanted was to not be subject to audit.

That would be an incredibly bad idea. Law enforcement systems that don’t have good audit features designed in, or are exempt from this sort of audit-based oversight, are much more prone to abuse by those in power—because they can abuse the system without the risk of getting caught. Audit is essential as the NSA increases its domestic spying. And large police databases, like the FBI Next Generation Identification System, need to have strong audit features built in.

For computerized database systems like that—systems entrusted with other people’s information—audit is a very important security mechanism. Hospitals need to keep databases of very personal health information, and doctors and nurses need to be able to access that information quickly and easily. A good audit record of who accessed what when is the best way to ensure that those trusted with our medical information don’t abuse that trust. It’s the same with IRS records, credit reports, police databases, telephone records – anything personal that someone might want to peek at during the course of his job.

Which brings us back to President Obama. In each of those three examples, someone in a position of trust inappropriately accessed personal information. The difference between how they played out is due to differences in audit. The State Department’s audit worked best; they had alarm systems in place that alerted superiors when Obama’s passport files were accessed and who accessed them. Verizon’s audit mechanisms worked less well; they discovered the inappropriate account access and have narrowed the culprits down to a few people. Audit at Immigration and Customs Enforcement was far less effective; they still don’t know who accessed the information.

Large databases filled with personal information, whether managed by governments or corporations, are an essential aspect of the information age. And they each need to be accessed, for legitimate purposes, by thousands or tens of thousands of people. The only way to ensure those people don’t abuse the power they’re entrusted with is through audit. Without it, we will simply never know who’s peeking at what.

This essay first appeared on the Wall Street Journal website.

Posted on December 10, 2008 at 2:21 PMView Comments

The Neuroscience of Cons

Fascinating:

The key to a con is not that you trust the conman, but that he shows he trusts you. Conmen ply their trade by appearing fragile or needing help, by seeming vulnerable. Because of THOMAS [The Human Oxytocin Mediated Attachment System], the human brain makes us feel good when we help others—this is the basis for attachment to family and friends and cooperation with strangers. “I need your help” is a potent stimulus for action.

This is interesting. They say that all cons rely on the mark’s greed to work. But this short essay implies that greed is only a secondary factor.

Posted on November 18, 2008 at 6:32 AMView Comments

Nasal Spray Increases Trust for Strangers

Okay; this’ll be fun. What’s the most creative abuse for this that you can think of ?

Previous studies have shown that participants in “trust games” took greater risks with their money after inhaling the hormone via a nasal spray.

In this latest experiment, published in the journal Neuron, the researchers asked volunteer subjects to take part in a similar game.

They were each asked to contribute money to a human trustee, with the understanding that the trustee would invest the money and decide whether to return the profits, or betray the subject’s trust by keeping the profit.

The subjects also received doses of oxytocin or a placebo via a nasal spray.

After investing, the participants were given feedback on the trustees. When their trust was abused, the placebo group became less willing to invest. But the players who had been given oxytocin continued to trust their money with a broker.

“We can see that oxytocin has a very powerful effect,” said Dr Baumgartner.

“The subjects who received oxytocin demonstrated no change in their trust behaviour, even though they were informed that their trust was not honoured in roughly 50% of cases.”

In a second game, where the human trustees were replaced by a computer which gave random returns, the hormone made no difference to the players’ investment behaviour.

“It appears that oxytocin affects social responses specifically related to trust,” Dr Baumgartner said.

Posted on May 26, 2008 at 1:30 PMView Comments

The Doghouse: Passwordsafe.com

This isn’t my Password Safe. This is PasswordSafe.com. Password Safe is an open-source application that lives on your computer and encrypts your passwords. PasswordSafe.com lets you store your passwords on their server. They promise not to look at them.

Can I trust PasswordSafe?

As we mentioned, pretty much every function is automated, no-one here ever sees your information as it’s all taken care of by the programs and encrypted into the database. Again we’ll remind you, we do not recommend you store sensitive information at PasswordSafe. In house, we’ve used this service for many sites, banner programs, affiliate programs, free email services and much more.

Posted on May 5, 2008 at 6:37 AMView Comments

Overestimating Threats Against Children

This is a great essay by a mom who let her 9-year-old son ride the New York City subway alone:

No, I did not give him a cell phone. Didn’t want to lose it. And no, I didn’t trail him, like a mommy private eye. I trusted him to figure out that he should take the Lexington Avenue subway down, and the 34th Street crosstown bus home. If he couldn’t do that, I trusted him to ask a stranger. And then I even trusted that stranger not to think, “Gee, I was about to catch my train home, but now I think I’ll abduct this adorable child instead.”

Long story short: My son got home, ecstatic with independence.

Long story longer, and analyzed, to boot: Half the people I’ve told this episode to now want to turn me in for child abuse. As if keeping kids under lock and key and helmet and cell phone and nanny and surveillance is the right way to rear kids. It’s not. It’s debilitating—for us and for them.

It’s amazing how our fears blind us. The mother and son appeared on The Today Show, where they both continued to explain why it wasn’t an unreasonable thing to do:

And that was Skenazy’s point in her column: The era is long past when Times Square was a fetid sump and taking a walk in Central Park after dark was tantamount to committing suicide. Recent federal statistics show New York to be one of the safest cities in the nation—right up there with Provo, Utah, in fact.

“Times are back to 1963,” Skenzay said. “It’s safe. It’s a great time to be a kid in the city.”

The problem is that people read about children who are abducted and murdered and fear takes over, she said. And she doesn’t think fear should rule our lives.

Of course, The Today Show interviewer didn’t get it:

Dr. Ruth Peters, a parenting expert and TODAY Show contributor, agreed that children should be allowed independent experiences, but felt there are better—and safer—ways to have them than the one Skenazy chose.

“I’m not so much concerned that he’s going to be abducted, but there’s a lot of people who would rough him up,” she said. “There’s some bullies and things like that. He could have gotten the same experience in a safer manner.”

“It’s safe to go on the subway,” Skenazy replied. “It’s safe to be a kid. It’s safe to ride your bike on the streets. We’re like brainwashed because of all the stories we hear that it isn’t safe. But those are the exceptions. That’s why they make it to the news. This is like, ‘Boy boils egg.’ He did something that any 9-year-old could do.”

Here’s an audio interview with Skenazy.

I am reminded of this great graphic depicting childhood independence diminishing over four generations.

Posted on April 10, 2008 at 1:00 PMView Comments

Craigslist Scam

This is a weird story: someone posts a hoax Craigslist ad saying that the owner of a home had to leave suddenly, and this his belongings were free for the taking. People believed the ad and starting coming by and taking his stuff.

But Robert Salisbury had no plans to leave. The independent contractor was at Emigrant Lake when he got a call from a woman who had stopped by his house to claim his horse.

On his way home he stopped a truck loaded down with his work ladders, lawn mower and weed eater.

“I informed them I was the owner, but they refused to give the stuff back,” Salisbury said. “They showed me the Craigslist printout and told me they had the right to do what they did.”

The driver sped away after rebuking Salisbury. On his way home he spotted other cars filled with his belongings.

Once home he was greeted by close to 30 people rummaging through his barn and front porch.

The trespassers, armed with printouts of the ad, tried to brush him off. “They honestly thought that because it appeared on the Internet it was true,” Salisbury said. “It boggles the mind.”

This doesn’t surprise me at all. People just don’t think of authenticating this sort of thing. And what if they did call a phone number listed on a hoax ad? How do they know the phone number is real? On the other hand, a phone number on the hoax ad would give the police something to find the hoaxer with.

At least this guy is getting some of his stuff back.

EDITED TO ADD (3/26): In comments, Karl pointed out a previous example of this hoax.

EDITED TO ADD (4/1): A couple have been charged with posting the ad; they allegedly used it to cover up their own thefts.

Posted on March 25, 2008 at 7:33 PM

Security Risks of Online Political Contributing

Security researcher Christopher Soghoian gave a presentation this month warning of the potential phishing risk caused by online political donation sites. The Threat Level blog reported:

The presidential campaigns’ tactic of relying on impulsive giving spurred by controversial news events and hyped-up deadlines, combined with a number of other factors such as inconsistent Web addresses and a muddle of payment mechanisms creates a conducive environment for fraud, says Soghoian.

“Basically, the problem here is that banks are doing their best to promote safe online behavior, but the political campaigns are taking advantage of the exact opposite,” he says. “They send out one million e-mails to people designed to encourage impulsive behavior.”

He characterizes the current state of security of the presidential campaigns’ online payment systems as a “mess.”

“It’s a disaster waiting to happen,” he says.

Fraudsters could easily send out e-mails and establish Web sites that mimic the official campaigns’ sites and similarly send out such e-mails that would encourage people to “donate” money without checking for the authenticity of the site.

He has a point, but it’s not new to online contributions. Fake charities and political organizations have long been problems. When you get a solicitation in the mail for “Concerned Citizens for a More Perfect Country”—insert whatever personal definition you have for “more perfect” and “country”—you don’t know if the money is going to your cause or into someone’s pocket. When you give money on the street to someone soliciting contributions for this cause or that one, you have no idea what will happen to the money at the end of the day.

In the end, contributing money requires trust. While the Internet certainly makes frauds like this easier—anyone can set up a webpage that accepts PayPal and send out a zillion e-mails—it’s nothing new.

Posted on October 16, 2007 at 12:20 PMView Comments

Insider Terrorist Attack

Pakistani Army officer as suicide bomber:

According to reliable sources in the local police, a Pashtun army officer belonging to the elite Special Services Group, whose younger sister was reportedly among the 300 girls killed during the Pakistan Army’s commando raid on the Lal Masjid in Islamabad between July 10 and 13, blew himself up during dinner at the SSG’s headquarters mess at Tarbela Ghazi, 100 km south of Islamabad, on the night of September 13, killing 19 other officers.

There probably isn’t any practicable way to prevent these sorts of attacks by trusted insiders.

Posted on September 19, 2007 at 1:24 PMView Comments

1 10 11 12 13 14 16

Sidebar photo of Bruce Schneier by Joe MacInnis.