Forgot your password?
typodupeerror
Security

Schneier's Keynote At Linux.conf.au 138

Posted by kdawson
from the necessary-security-theater dept.
Stony Stevenson writes "Computer security expert Bruce Schneier took a swipe at a number of sacred cows of security including RFID tags, national ID cards, and public CCTV security cameras in his keynote address to Linux.conf.au (currently being held in Melbourne, Australia). These technologies were all examples of security products tailored to provide the perception of security rather than tackling actual security risks, Schneier said. The discussion of public security — which has always been clouded by emotional decision making — has been railroaded by groups with vested interests such as security vendors and political groups, he claimed. 'For most of my career I would insult "security theater" and "snake oil" for being dumb. In fact, they're not dumb. As security designers we need to address both the feeling and the reality of security. We can't ignore one. It's not enough to make someone secure, that person needs to also realize they've been made secure. If no-one realizes it, no-one's going to buy it,' Schneier said."
This discussion has been archived. No new comments can be posted.

Schneier's Keynote At Linux.conf.au

Comments Filter:
  • by base3 (539820) on Tuesday January 29, 2008 @11:00PM (#22230442)
    . . . Bruce has figured out the real money's in security theater, not in security, and he wants a piece of that action.
    • by Anonymous Coward
    • by ppanon (16583) on Tuesday January 29, 2008 @11:53PM (#22230812) Homepage Journal
      No. What Bruce has realized is that, in the boardroom and the lunchroom (where almost nobody knows any better), security theatre often will kick the ass of real security practices because it's marketed by professional sales teams. It also often can be delivered for less (because it can be priced for what the market will bear).

      If you want real security to be provided, you have to learn to sell it at least as well as the snake-oil. You have to make it sufficiently visible, but non-impeding, that people feel safe.

      It's about understanding the human/political side of the equation that can make the difference between a successful deployment and a perceived failure.
      • by QuantumG (50515) <qg@biodome.org> on Wednesday January 30, 2008 @12:05AM (#22230848) Homepage Journal
        It's an interesting theory but are you aware of anyone who thinks the bullshit we go through at the airport is for anything other than appearances? It's not just geeks and smart asses who know this, it is everyone.
        • I know one person who really does think that. He's a fairly smart person, for the most part, but this one has always baffled me. Oh, true, he thinks that some of the measures are bullshit, but he fails to see that they're pretty much all bullshit... so he's in the same camp as the true morons, just a matter of degrees.
          • by QuantumG (50515) <qg@biodome.org> on Wednesday January 30, 2008 @12:36AM (#22231014) Homepage Journal
            Uh huh.. I, unfortunately, spend a lot of time in airports.. I've never once seen someone taking off their shoes with a smile on their face.. there's only one thing you think when they tell you to take your shoes off: "oh my god this is bullshit." If your friend actually thinks there is a sensible reason to scan the shoes of flyers then I suggest you get him some psychological help.
            • I agree, it's stupid, but unfortunately, I can't force other people to see reason. If I could, we wouldn't have such bullshit things going on in this country in the first place. ;)
            • by DdJ (10790)

              I've never once seen someone taking off their shoes with a smile on their face.

              I do.

              Mind you, I think it's bullshit. But the people at the airport are not the ones who caused the problem. The people around me have nothing to do with the decision making that went into it. The people it's appropriate to get mad at are nowhere around. A hostile reaction to the security theater while being subjected to it is itself an emotional, illogical response to the situation.

              So, why get worked up about it while there?

        • by jgs (245596)
          I really wish I agreed, but I travel a fair amount and I can think of many occasions when I overheard or actually spoke with someone who expressed the general sentiment that "yeah, it's a pain, but it's for our own good, I'm just glad they're protecting us."

          Which is all anecdotal of course. I'd be interested in seeing a controlled survey of air travelers and their opinions of airport security. Who's the outlier? Me, the curmudgeon? Or the "take my shoes, take my jockstrap, just please keep me safe" trav
      • by base3 (539820)
        That's exactly what I said, although in more flowery language--security theater is easier to sell than security, and thus, there's more money in it. So add some theater to to the non-snake-oil security, and . . . PROFIT!!!
    • I'm no expert on the subject, but my experience so far has been this, and I am a big fan of Schneier.

      If you explain to a group of people why something is 'security theater' and then present an alternative, they flock to it. It does not matter that the alternative may also be 'security theater', as long as its shortcomings are of a different variety.
  • by Serious Poo (597509) on Tuesday January 29, 2008 @11:03PM (#22230460)
    "tailored to provide the perception of security rather than tackling actual security risks." Isn't this also the mission statement for the TSA?
    • by fizzbin (110016) *
      If Bruce were giving his speech in the US rather than Australia, the TSA (Theater Security Agency) would get prominent mention.

      So much of what they do, from checking IDs (ever seen an ID that says "Terrorist"?) to carry-on bag screening (violating privacy while missing guns and weapons) is pure theater. It provides the appearance of security, but not the reality.
    • by bersl2 (689221)
      "Unfortunately, we're stuck with us as a species."
  • by Anonymous Coward
    I'm sorry but what does RFID have to do with the "perception of security"? Barcodes don't make me feel safe, why should RFID? As for the latter (cameras). When was the last time you saw security video on the evening news, not to mention all those cellphone video shots. And the middle? Yeah my drivers license makes me feel soo safe.
    • I'm sorry but what does RFID have to do with the "perception of security"?

      RFIDs have bugger all to do with security, but plenty of people are trying to push the perception that they can. Read this alarmist article [upi.com]. Check out its opening sentence:

      An associate of Osama bin Laden crawls into a container -- along with some new luxury cars -- in a shipyard in Hamburg, Germany. The goal -- shipping himself to the United States and evading the Department of Homeland Security,

      Lucky all terrorists are RFID-tagged!

      • by AJWM (19027)
        That's okay, if the cargo container 6+ MeV x-ray inspection doesn't cook him, it should at least catch him.

        Might not do those RFID tags much good, either.
  • by mungmaster2000 (1180731) on Tuesday January 29, 2008 @11:15PM (#22230552)
    CCTV almost never captures what you set out to catch. In many organizations, it's a knee-jerk reaction to some kind of incident. ie) Something got pinched, someone received an ass-kicking, etc. Even if you do catch it, you'll never be able to identify/recognize/charge/convict the person based on the video image alone. 4CIF at 30 fps is pretty much as good as it gets right now in most feasible installations. All you'll be able to say is, "Subject is hatless...REPEAT...HATLESS!" (And that's even if he's in the frame). The PTZ will just pan around aimlessly on a tour program, or be pointed at the wrong thing. However, wide-spread deployment of CCTV systems is still not futile; you just usually end up catching something that were never really looking for in the first place. People and vehicular traffic movements, facility useage, or realtime video of an incident in progress that just happens to be going-on in front of the lens. You can establish time frames of entry or exit, or use it to clue-you-in to the right path to finding the real evidence you're looking for. From a security systems perspective, more CCTV is better, but not to mitigate direct and specific threats. Only general ones. Or sometimes you just luck-out and with a good booby shot in the atrium of an office building.
    • CCTV - HDTV (Score:1, Informative)

      by Anonymous Coward
      "Even if you do catch it, you'll never be able to identify/recognize/charge/convict the person based on the video image alone. 4CIF at 30 fps is pretty much as good as it gets right now in most feasible installations."

      I wouldn't say that. [securityiss.com](note the date)
    • Re: (Score:3, Funny)

      Check out this article. [bbc.co.uk]

      These guys would NEVER have been convicted without CCTV.

      Absolute PROOF that CCTV works.
      • by springbox (853816)
        That's like having an employee who regularly screws up but their employer decides to keep them because of that one time when they did something right. Is there any actual proof (more than one) that even more monitoring will actually do anything good?
        • How do we know that it's not doing its job all along? You might document zero security incidents for a particular camera over a particular time period. But you'll never be able to measure the incident avoidance or mitigation (or even count the number of times) the bad shit that it prevented. Totally Heisenberg. And I know; we can't hide behind the "what-ifs." But security (and I mean all forms of security) is all like that. You'll never realize a measurable cost-benefit, but there's an inate sense wit
          • by ps236 (965675)
            That's the case with all security.

            Our burglar alarm at home has never gone off and meant that a burglar has been caught - but we have no way of knowing how many burglars have looked at our house and decided to go somewhere else instead because of the burglar alarm. So, we keep it. On a simplistic level it could seem like a waste of money.

            CCTV may not catch many people committing crimes, but it may put off an awful lot of people.

            Airport security may not catch many people trying to carry on 'dangerous' items
            • by 0racle (667029) on Wednesday January 30, 2008 @12:28PM (#22235172)
              There is a slight difference between keeping a potential thief from doing anything and preventing a terrorist from doing something.

              Burglars choose easy targets. CCTV and alarms make the target more difficult so most move on. Experienced thieves require more then just a sign to keep them away but still, they are for the most part looking for the easy target.

              Terrorism is not a crime of opportunity. You can make the target appear as difficult as you want, all that does is make them plan a little more. The stupid restrictions at the airport do nothing to deter terrorists.
      • The security systems integrator or security principal in charge of that CCTV installation should share the blame for that incident - By installing a camera that personnel had access to do such peeping with. It's irresponsible. Not to mention a major faux pas in today's era of privacy legislation. (Especially in my neck of the woods - Canada). You never put a camera in a place like that. And if you have a legitimate business need for CCTV coverage anywhere near such an era, you spec-out a system that ha
    • by OzRoy (602691)
      Well the obvious answer to that is to just put in more CCTV. We need more! THINK OF THE CHILDREN!
    • by warrigal (780670) on Wednesday January 30, 2008 @12:16AM (#22230900)
      Sometimes cameras can have a deterrent effect. I don't mean those lame dummy cameras, either.

      Just the rumor that we were putting a camera system in our school practically eliminated graffiti

      vandalism in a vulnerable area. The vandalism then took other forms, which were actually more of a problem.
      • by boarsai (698361)
        On the flipside from my personal experience:

        The apartments where I used to live we had security patrols and security cameras. Even with these deterents four men brazenly walked into the "secure" undercover carpark, broke my steering lock, hotwired and rode my motorbike out and off into the night.

        Yes, my bike could probably have been a bit more secure if I'd taken extra precautions but I thought that surveilence would have been a bit of a deterant. Evidently these criminals were aware of the effectiveness of

    • by Vskye (9079)

      All you'll be able to say is, "Subject is hatless...REPEAT...HATLESS!" (And that's even if he's in the frame). The PTZ will just pan around aimlessly on a tour program, or be pointed at the wrong thing.
      In other words, you have crap ass cameras, or placement. I have NO idea on how this was rated +4 minus dumb ass mods.
  • by jakepmatthews (1142845) <jakepmatthews@gmai l . c om> on Tuesday January 29, 2008 @11:17PM (#22230564)
    I think that would of been a catchier title...
    • That's actually funny, mods. And it's not offtopic (God some people with mod points have no sense of humor.)
  • Around here, they're more like whipping boys. Now, if he'd started in on Linux security...

    • by Zeinfeld (263942)
      Around here, they're more like whipping boys. Now, if he'd started in on Linux security...

      Well yes, kinda difficult to think of any forum where this type of presentation would be considered 'risky material'. But that does not stop it being any less true or needing to be said.

      I do wish that Bruce would choose his targets a bit more carefully though. He has a tendency to come out with sweeping statements that sound good but don't mean quite what he intends them to mean.

  • by r7 (409657) on Tuesday January 29, 2008 @11:28PM (#22230628)
    For many of the same reasons there is no semblance of a secure electronic voting platform on the horizon. The reason is not that such a platform would be difficult to design. The reason is that it would not be profitable.

    To be secure it would have to be open. In the case of voting platforms that means every line of code, every encryption algorithm, and all the hardware has to be open, published, and known. Nobody has yet figured out how to make enough money from such a system to outspend Diebold's lobbyists and earn considered from election officials.
    • Re: (Score:1, Offtopic)

      by Zymergy (803632) *
      Please mod parent up.

      While on topic: http://www.schneier.com/blog/archives/2004/11/the_problem_wit.html [schneier.com]
    • Re: (Score:3, Interesting)

      by cduffy (652)

      For many of the same reasons there is no semblance of a secure electronic voting platform on the horizon.
      Does its support for using paper disqualify punchscan [punchscan.org] from being "electronic"?
    • by NoMaster (142776)

      To be secure it would have to be open.
      Bullshit.

      It just has to be proved trustworthy. There's plenty of ways of doing that without having "every line of code, every encryption algorithm, and all the hardware ... open, published, and known".

      Despite the fanboy-prattle, Open Source is not actually a solution to the age-old problem of "Quis custodiet custodes ipsos".

      • by bhima (46039) *
        The requirement that an algorithm be open has a lot less to do with Open Source as in Linux or BSD and lot more to do with the algorithm development process. This is the origin of the Obscurity is not Security mantra.

        Show us a modern closed encryption algorithm which does not have significant vulnerabilities. Off the top of my head I am not aware of one. However, there are plenty of examples of closed algorithms which are abject failures. Like what's used on DVDs, HD-DVDs, or Phillips' RFID tags. There
      • "Open Source is not actually a solution to the age-old problem of "Quis custodiet custodes ipsos"."

        Yes, it actually is. The key (read Iuvenal) is not needing for a custodio in first place: no custodio, no need to watch over him. So, when the husband is at home, there's no problem; it is when he must travel that he needs a guardian over his wife but, hell, who watches over the guardian not to be himself his wife's lover? (no: having an eunuch for a guardian is not the solution, as Iuvenal states on this ve
    • The subtlety is that just because something is closed doesn't mean it's less secure. The principle is that its security should not depend on its closure or obscurity.

      A device with a secret algorithm, mechanism, or control is in fact more genuinely secure (tautologically) than a device without it, as long as the device's maker is willing to assume that the bad guys know about it, and doesn't rely on its secret nature. Relying on the secrecy for security means they will be more likely to slip up in other

      • "The subtlety is that just because something is closed doesn't mean it's less secure."

        The subtlety is that because it's closed you must take the word of others regarding its security.

        And that's exactly the 'quis custodiet custodes ipsos' problem.

        Are you going to take Diebold's word for it?
        Are you going to take some congressman word for it?

        As long as someone has a secret on you, you are open for *at least* the secret holder to use it against you.
  • by mlwmohawk (801821) on Tuesday January 29, 2008 @11:44PM (#22230754)
    As a nerd and geek and long time hacker, it is perfectly clear to me that I've been missing the "theater" aspect of the technology that I love.

    Take Linux for instance. I have had varying levels of success getting non-geeks to use it, but what is missing is the warm and fuzzies that make it psychologically comfortable to not be using Windows or a Macintosh.

    There are two sides to change of any kind. (1) The actual details of change. (2) The psychological affirmation that it is worth the effort. No matter how valid the argument presented by the first, if it does not provide the second, it will fail.

    If we wish to push Linux, we have to create theater around it.
    • by prxp (1023979)
      And you think that's the reason Scheneier does what he does, right?
    • by MightyYar (622222)

      Take Linux for instance. I have had varying levels of success getting non-geeks to use it, but what is missing is the warm and fuzzies that make it psychologically comfortable to not be using Windows or a Macintosh.
      The warm and fuzzies is better known as Microsoft Office with Outlook.
    • by novakyu (636495)

      Take Linux for instance.

      Don't you mean GNU/Linux? There is already a "theater" fo GNU/Linux: Freedom. We are not just fighting for technical superiority, we are fighting for the freedom of the people—just like a secure e-voting machine would, by the way of allowing fair and efficient election to be held.

      Why would you go looking for a "theater", when you have such a ready-made cause (one that's been around for over two decades, no less!) for you? All you have to do is join.

      • by zcat_NZ (267672)
        There isn't the "Black Ice stopped a portscan" "AVG detected a virus" "Adaware detected 3275 cookies which could have reporting your every move directly to the NSA" "Windows has detected a NEW MOUSE!! OMFG!! [Allow] [Deny]" kind of security theatre though...
        • Re: (Score:3, Interesting)

          by novakyu (636495)
          I guess it might be just me ... but some of those sound like those annoying popups these "security" applications have.

          A colleague of mine has something called "Comodo" on some kind of paranoid mode on his computer, and whenever I use his computer (we share it because in addition to being his office computer, it's also used for some common task), it's annoying. I think I usually see something around 1 popup a minute, like "pidgin.exe is writing to XXX", allow or deny? "blah.com attempted to connect to xxx.xx
          • by TubeSteak (669689)

            Anyways. If you are looking for a simple catch phrase that might impress others, I think uptime of most GNU/Linux servers might be a good thing (this is "security" in a different sense---security from developer idiocy)---my notebook didn't need any reboots for a month or longer

            If you can patch holes without re-booting and people actually do so, then sure, the uptime of GNU/Linux servers is a good thing.

            Otherwise, you just end up with a bunch of rooted Linux boxes spewing spam and hosting phishing sites. Wait a second... that's kinda like how things are right now.

            You can only do so much @ the OS level to avoid problems caused between the keyboard and the chair.

        • Re: (Score:3, Insightful)

          Linux has its own security theatre ... the idea that "root vs user" DAC is sufficient to stop malware/viruses etc, when in reality it does no such thing (consider the permissions needed to do the things most botnets do). If I had a penny for every time I see a Linux user tell some hapless n00b that Linux is more secure than Windows because you don't have to run as superuser, I'd be a very rich guy.
      • by mlwmohawk (801821)
        Why would you go looking for a "theater", when you have such a ready-made cause

        Yes, I used to have that attitude, but in the past few years, I have sort of changed my mind. When you think that half the people you meet are below average intelligence.

        Time and again, I've seen people too afraid or too unenthusiastic to use or stay with Linux. I've told them the arguments, they all say they agree, they all say they hate Windows, but they go back because they are comfortable with it. That's what "Cheerleaders" a
        • by geekoid (135745)
          "When you think that half the people you meet are below average intelligence."
          haha, well since you don't understand averages, clearly you are on the low side of things.

          Please stop opening your mouth.

          "We Linux users..."
          there is your problem, everything is Us and Them in all your posts. The world is gray, no black and white.

          Maybe you only use Linux because that's what you are comfortable with?
          • by mlwmohawk (801821)
            "When you think that half the people you meet are below average intelligence."
            haha, well since you don't understand averages, clearly you are on the low side of things.


            Perhaps you don't understand what an "average" is. It is a number created by the sum of entries divided by number of entries. There need not ever be an actual entry that equals the average. Of course we have to assume that the curve is fairly symmetrical.

            Aside from the obvious assumptions, it was supposed to be a representative comment not a
      • Re: (Score:1, Flamebait)

        by everphilski (877346)
        Don't you mean GNU/Linux? There is already a "theater" fo GNU/Linux: Freedom. We are not just fighting for technical superiority, we are fighting for the freedom of the people--just like a secure e-voting machine would, by the way of allowing fair and efficient election to be held.

        Because 99% of us don't give a crap about RMS's holy war. We just want to get our work done.

        (and re: your followup to this thread, my Vista notebook has greater than 3 months uptime ... 1 reboot in 6 months of owning it)
    • by zcat_NZ (267672)
      This is why I always install avscan and firestarter when setting up Linux for recently defenestrated users...
  • Bruce Schneier expects the Spanish Inquisition.
  • There's no point in designing a good security system that provides 'actual' security coz Schneier can hack it with one roundhouse kick to the keyboard.
  • by canterbury rod (1229414) * on Wednesday January 30, 2008 @01:40AM (#22231330) Homepage
    In Bruce Schneier's keynote address at Linux.conf.au, he essentially admonishes that "security theater" is not only a necessity, it's a critical component that needs to accompany real security solutions. In the article, he states

    the best security solution will fail if it doesn't cater to both the reality and perceptions to do with security.
    He's affirming that sales in the marketplace will be driven when security theater and real security products are matched. That's when end-users will also experience a real sense of security.
    • by TubeSteak (669689)

      He's affirming that sales in the marketplace will be driven when security theater and real security products are matched.

      No, he's saying that "the best security solution will fail if it doesn't" do more than just provide security.

      That's when end-users will also experience a real sense of security.

      Observable reality shows that end-users already experience a "real" sense of security and that security theater currently does a great job driving sales in the market place.

  • It's Still Dumb! (Score:3, Interesting)

    by Jane Q. Public (1010737) on Wednesday January 30, 2008 @02:28AM (#22231538)
    These "perception of security" things are still bad, because they create REAL threats to security, in the name of trying to make people feel more secure.

    I will take the reality over a false perception, any day.
  • Ah...NOW I get it! (Score:3, Insightful)

    by hyades1 (1149581) <hyades1@hotmail.com> on Wednesday January 30, 2008 @02:51AM (#22231630)

    I guess this would explain why just about everybody in Canada thinks crime is on the increase, even though the numbers conclusively prove otherwise.

    You can't sell security hardware and convince nervous old women to throw away their rights if they know there's a long list of things more important than so-called "security". And a lot of those "nervous old women", by the way, are male, in their 30's, and convinced that everything will be fine if we just forget all that due process nonsense and start trusting the cops to throw the right people in jail.

    • Re: (Score:2, Interesting)

      by BlackCreek (1004083)

      I guess this would explain why just about everybody in Canada thinks crime is on the increase, even though the numbers conclusively prove otherwise.

      You can't sell security hardware and convince nervous old women to throw away their rights if they know there's a long list of things more important than so-called "security".

      I often think about the political impact of the population ageing in Europe (where I live). There is a lot of political analysis about everything but never around the fact that, well, the population is getting on average older, and that older people tend to have a more conservative take on life, and IMO are easier to be made afraid of "different new stuff" (like having more non-Caucasians and/or Muslims living in their society).

      The other day I read about strong xenophobic language being used by politici

      • by hyades1 (1149581)

        "I'm often under the impression that a strong factor in the success of this line of argumentation is the fact that these populations are getting older, affecting not only their own opinion but also the whole cultural tone of their societies."

        I think you're right...but they're also getting a lot of encouragement from the police, right wing media and others who stand to do well in a climate of fear and paranoia.

        I wonder how many people appreciate that all those cameras aren't going to stop a committed te

  • The talk is available for download from http://mirror.linux.org.au/linux.conf.au/2008/Wed/mel8-305.ogg [linux.org.au]
  • RFID tags (in certain contexts), national ID cards, and public CCTV security cameras aren't there to provide security at all. The "security theater" they provide is just the spoonful of sugar to make the medicine go down. Their real purpose is control of the population. Implement them well enough, and everywhere anyone goes they are watched (CCTV) and tracked (national ID, RFID). And administratively controlled, as well -- "I'm sorry sir, the computer says your national ID is not valid for interstate tr

FORTRAN is for pipe stress freaks and crystallography weenies.

Working...