Tag: Security

Are You Substituting Worst-Case Thinking for Reason?

Bruce Schneier has a typically good essay on the use of “worst-cases” as a substitute for real analysis. I noticed conspicuous use of “worst-case” in early reporting on the oil spill in the Gulf. It conveniently gins up attention for media outlets keen on getting audience.

There’s a certain blindness that comes from worst-case thinking. An extension of the precautionary principle, it involves imagining the worst possible outcome and then acting as if it were a certainty. It substitutes imagination for thinking, speculation for risk analysis and fear for reason. It fosters powerlessness and vulnerability and magnifies social paralysis. And it makes us more vulnerable to the effects of terrorism.

Worst-case thinking—the failure to manage risk through analysis of costs and benefits—is what makes airline security such an expensive nightmare, for example. Schneier concludes:

When someone is proposing a change, the onus should be on them to justify it over the status quo. But worst case thinking is a way of looking at the world that exaggerates the rare and unusual and gives the rare much more credence than it deserves. It isn’t really a principle; it’s a cheap trick to justify what you already believe. It lets lazy or biased people make what seem to be cogent arguments without understanding the whole issue.

It’s not too long for you to read the whole thing.

Restrictive Immigration Policies Confound Security

CEI’s Alex Nowrasteh has a commentary on Townhall.com illustrating how restrictive immigration policies confound security. Twenty-three Somalis with suspected ties to an Islamist group were mistakenly released from a Mexican prison last January, and their whereabouts now are unknown. He continues:

Forcing immigrants underground creates an enormous black market where terrorist activities and serious crimes can continue undetected. If legal immigration were much easier, the American government would know who was entering the country and do a better job in screening out criminals and suspected terrorists.

I’m leery of touting terror threats for any reason beyond alerting the public to information they can use for national and self-protection. A small group of possible terrorists in Mexico is far from doing any significant harm and not particularly worrisome.

But this story illustrates how the border security that matters gets harder—and how much tax money gets wasted—when our policies make legal immigration difficult or impossible. The government is preoccupies with workers made minor criminals by their extraordinary efforts to improve their and their families’ circumstances.

How to Prevent a Fort Hood Shooting

I wrote some posts a few months ago (1, 2, 3) about the difficulty of discovering and preventing essentially random events like the Fort Hood shooting. I was pleased by the compliment security guru Bruce Schneier paid them in his recent post, “Small Planes and Lone Terrorist Nutcases.” (Such happy subject matter we get to write about!)

Now comes Radley Balko with a great column illustrating what you get when authorities try to “get ahead” of this problem. “Pre-Crime Policing” tells the story of a gun buyer who had been tagged with the adjective “disgruntled.” A SWAT team appeared on his property, police tricked him into surrendering for a mental evaluation, they illegally entered his home, and they seized his guns.

Says the victim of these invasions, “South Oregon is big gun country. If something like this can happen here, where just about everyone owns a gun, it can happen anywhere.”

Especially if we ask law enforcement to prevent random violence.

Symbols, Security, and Collectivism

The state of Nevada is one of few that is tripping over itself to comply with the REAL ID Act, the U.S. national ID law.

It’s worth taking a look at the sample license displayed in this news report, especially the gold star used on the license to indicate that it is federally approved.

The reasons for “improving” drivers’ licenses this way are complex. The nominal reason for REAL ID was to secure the country against terrorism. The presence of a gold star signals that this the card bears a correct identity and that watch-list checking has ensured the person is not a threat.

Don’t be too thrilled, though. The weakness of watch-listing was demonstrated again by the Christmas-day attempt on a Northwest airlines flight. The underpants bomber wasn’t listed, so checking his name against a watch-list didn’t do anything.

The real reason for REAL ID, though, was anti-immigrant fervor. If the driver licensing system distinguished between citizens and non-citizens, the theory goes, possession of a driver’s license can be used to regulate access not just to driving, but to working, financial services, health care, and anything else the government wants. Illegal presence in the country could be made unpleasant enough that illegal immigrants would leave.

Alas, human behavior isn’t that simple. If ‘driven’ to it—(I had to…)—people will get behind the wheel without licenses—and without the training that comes with licensing. Then they’ll crash. When the governor of New York briefly de-linked driver licensing and immigration status in 2007, he cited public safety and the likelihood that insurance rates would fall, to the benefit of New Yorkers. (When the state of New Mexico de-linked driver licensing and immigration status, uninsured vehicle rates in the state dropped from 33 percent to 17 percent.) But the governor suffered withering criticism from anti-immigrant groups and quickly reversed course.

Like linking immigration status and driving, linking immigration status and work through an ID system imposes costs on the law-abiding citizen. Complications and counterattacks raise costs on workers and employers while reducing the already small benefits of such programs. I articulated those in my paper on employment eligibility verification.

REAL ID transfers well-being and wealth from individuals to the state.

But let’s return to this gold star…

The article says that the Nevada ID is becoming one of the hardest in the country to forge. But it’s hard to be sure. The gold star may undermine the anti-forgery goal.

Forgery is the making or altering of a document with the intent to defraud or deceive. The question is not whether the whole document can be made—I’m sure the new Nevada license is bristling with security doodads—it’s whether a document can be made to deceive.

Watch for the people who check licenses to fall into the habit of checking the gold star and taking that as evidence that the document is “good.” By a small but relevant margin, ID checkers will forget to compare the picture on the license to the face of the person presenting it. (Gold star? Go.) Putting a gold star on the license may make forgery easier. It’s not about the technical feasibility of creating the card; it’s how to fool people.

But this gold star. It will be taken as a shorthand for “citizen.” There are examples from the past in which governments used symbols to assign status to populations. It’s easy to go overboard with such comparisons, but the Nevada license, with this gold star, takes a dramatic step toward carving the population into groups—groups that can be divided. Maybe soon two stars will be for military veterans, or people licensed to own firearms. Three stars could be for elected officials.

With this gold star system, a Nevada license-holder is a little less of a free, independent person with rights and privileges based on individual merit. A Nevadan becomes an undifferentiated status-holding subject. We’re a long way from the day when the “gold star” people are assigned to better rail cars, but the idea is that it should never happen. We should reject entirely the tools that could allow the government to do that.

I Told You So?

The story that images of a film star produced by whole-body imaging were copied and circulated among airport personnel in London are a little too good to be true for critics of the technology. It may yet be proven a joke or hoax, and airport officials are denying that it happened, saying that it “simply could not be true.”

But if Bollywood star Shah Rukh Khan was exposed by the technology, it validates more quickly than I expected the concern that controls on body scanning images would ultimately fail.

Here’s how I wrote about the fate of domestic U.S. proscriptions on copying images from whole-body imaging machines in an earlier post:

Rules, of course, were made to be broken, and it’s only a matter of time — federal law or not — before TSA agents without proper supervision find a way to capture images contrary to policy. (Agent in secure area guides Hollywood starlet to strip search machine, sends SMS message to image reviewer, who takes camera-phone snap. TMZ devotes a week to the story, and the ensuing investigation reveals that this has been happening at airports throughout the country to hundreds of women travelers.)

I have my doubts that this incident actually happened as reported, but it is not impossible, and over time misuse of the technology is likely. That’s a cost of whole-body imaging that should be balanced against its security benefits.

Surveillance, Security, and the Google Breach

Yesterday’s bombshell announcement that Google is prepared to pull out of China rather than continuing to cooperate with government Web censorship was precipitated by a series of attacks on Google servers seeking information about the accounts of Chinese dissidents.  One thing that leaped out at me from the announcement was the claim that the breach “was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.” That piqued my interest because it’s precisely the kind of information that law enforcement is able to obtain via court order, and I was hard-pressed to think of other reasons they’d have segregated access to user account and header information.  And as Macworld reports, that’s precisely where the attackers got in:

That’s because they apparently were able to access a system used to help Google comply with search warrants by providing data on Google users, said a source familiar with the situation, who spoke on condition of anonymity because he was not authorized to speak with the press.

This is hardly the first time telecom surveillance architecture designed for law enforcement use has been exploited by hackers. In 2005, it was discovered that Greece’s largest cellular network had been compromised by an outside adversary. Software intended to facilitate legal wiretaps had been switched on and hijacked by an unknown attacker, who used it to spy on the conversations of over 100 Greek VIPs, including the prime minister.

As an eminent group of security experts argued in 2008, the trend toward building surveillance capability into telecommunications architecture amounts to a breach-by-design, and a serious security risk. As the volume of requests from law enforcement at all levels grows, the compliance burdens on telcoms grow also—making it increasingly tempting to create automated portals to permit access to user information with minimal human intervention.

The problem of volume is front and center in a leaked recording released last month, in which Sprint’s head of legal compliance revealed that their automated system had processed 8 million requests for GPS location data in the span of a year, noting that it would have been impossible to manually serve that level of law enforcement traffic.  Less remarked on, though, was Taylor’s speculation that someone who downloaded a phony warrant form and submitted it to a random telecom would have a good chance of getting a response—and one assumes he’d know if anyone would.

The irony here is that, while we’re accustomed to talking about the tension between privacy and security—to the point where it sometimes seems like people think greater invasion of privacy ipso facto yields greater security—one of the most serious and least discussed problems with built-in surveillance is the security risk it creates.

Wednesday Links

  • Federal judge dismisses charges against Blackwater guards over the killing of 17 in Baghdad. David Isenberg: “The fact that the Blackwater contractors are not getting a trial will only serve to further increase suspicion of and hostility towards security contractors. It is going to be even more difficult for them to gain the trust of local populations or government officials in the countries they work in.”
  • New report shows state and local government workers have higher average compensation levels than private workers.
  • Podcast: “Televising and Subsidizing the Big Game” featuring Neal McCluskey. “Everybody should watch the National College Football Championship because whether you’re interested or not, you are paying for it,” he says.