netjeff.com

Nothing against Microsoft, but I loved the metaphor in this quote from the ZDNet article, "Microsoft confronts security fears", regarding changes in Microsoft's security plans:

[Gartner analyst John Pescatore] likened Microsoft's [past security] approach to running a bungee-jumping concession. "You probably ought to make the rubber band a little short," he said. "What Microsoft has always done in the past is give a really big rubber band and say, 'Oops, we heard a splat. Here's how you can shorten the rubber band.'"

From the 30 Sept 2001 issue of Crypto-Gram:

---

Security and privacy [and liberty] are not two sides of a teeter-totter. This association is simplistic and largely fallacious. It's easy and fast, but less effective, to increase security by taking away liberty. However, the best ways to increase security are not at the expense of privacy and liberty.

It's easy to refute the notion that all security comes at the expense of liberty. Arming pilots, reinforcing cockpit doors, and teaching flight attendants karate are all examples of security measures that have no effect on individual privacy or liberties. So are better authentication of airport maintenance workers, or dead-man switches that force planes to automatically land at the closest airport, or armed air marshals traveling on flights.

Liberty-depriving security measures are most often found when system designers failed to take security into account from the beginning. They're Band-aids, and evidence of bad security planning. When security is designed into a system, it can work without forcing people to give up their freedoms.

Here's an example: securing a room. Option one: convert the room into an impregnable vault. Option two: put locks on the door, bars on the windows, and alarm everything. Option three: don't bother securing the room; instead, post a guard in the room who records the ID of everyone entering and makes sure they should be allowed in.

Option one is the best, but is unrealistic. Impregnable vaults just don't exist, getting close is prohibitively expensive, and turning a room into a vault greatly lessens its usefulness as a room. Option two is the realistic best; combine the strengths of prevention, detection, and response to achieve resilient security. Option three is the worst. It's far more expensive than option two, and the most invasive and easiest to defeat of all three options. It's also a sure sign of bad planning; designers built the room, and only then realized that they needed security. Rather then spend the effort installing door locks and alarms, they took the easy way out and invaded people's privacy.

An article on the use of biometrics to identify terrorists in airports. The key point in the article:

Suppose this "magically-effective" face-recognition software is 99.99 percent accurate. That is, if someone is a terrorist, there is a 99.99 percent chance that the software would indicate "terrorist," and if someone was not a terrorist, there is a 99.99 percent chance that the software would indicate "non-terrorist." Assume that one in one billion flyers, on average, is a terrorist. Is the software any good?

No. The software will generate 9,999 false alarms for every one real terrorist. And every false alarm still means that all the security people go through all of their security procedures. Because the population of non-terrorists is so much larger than the number of terrorists, the test is useless. This result is counterintuitive and surprising, but it is correct. The false alarms in this kind of system render it mostly useless. It's "The Boy Who Cried Wolf" increased over 1000-fold.

Of course, that's assuming that you can get a system that is 99.99% accurate.

If you're wondering, here's the math behind Bruce's numbers:

Start with the statement that terrorist are 1 in 1,000,000,000 of the travelers passing through airports.

Lets look at the 1 terrorist out of those billion. At a 99.99% rate, you easily pick up the terrorist.

But then consider the other 999,999,999 travelers who aren't terrorists. If the system is 99.99% accurate, then the flip side is that 0.01% of the time it will incorrectly label one of these travelers as a terrorist when they are not in fact a terrorist.

So 999,999,999 times 0.01% equals 9,999 innocent travelers picked out of the crowd as terrorists. Of course after 10 or 15 minutes of confusion, the traveler will (probably) be able to prove their innocence. So that's 2,500 hours of time (312 eight hour shifts) to pick out the terrorist.

Like most civilized citizens of the world, my condolences go out to those more personally affected by the attacks in New York and Washington DC.

We now begin a tricky dance deciding the actions we will take to thwart terrorist plans before they come to fruition. Many have thoughtfully pointed out the mistakes we made during WWII when we crossed the line, particularly the internment of innocent US citizens whose grandparents happened to have come from Japan. We don't want to make similar mistakes in our treatment of US citizens who happen to be Muslims, or come from a Middle Eastern heritage.

One of the more subtle points is the things we might give up to combat terrorism, particularly personal privacy on the Internet. People will naturally look for easy answers to the problems posed by these recent terrorist attacks, and many will blame the Internet. This is a new technology and people tend to be scared of new technology. But complete surrender of our rights to surveillance technologies is not the solution to terrorism.

I particularly liked this post in an online forum:

Read More …