Schneier's Keynote At Linux.conf.au 138
Stony Stevenson writes "Computer security expert Bruce Schneier took a swipe at a number of sacred cows of security including RFID tags, national ID cards, and public CCTV security cameras in his keynote address to Linux.conf.au (currently being held in Melbourne, Australia). These technologies were all examples of security products tailored to provide the perception of security rather than tackling actual security risks, Schneier said. The discussion of public security — which has always been clouded by emotional decision making — has been railroaded by groups with vested interests such as security vendors and political groups, he claimed. 'For most of my career I would insult "security theater" and "snake oil" for being dumb. In fact, they're not dumb. As security designers we need to address both the feeling and the reality of security. We can't ignore one. It's not enough to make someone secure, that person needs to also realize they've been made secure. If no-one realizes it, no-one's going to buy it,' Schneier said."
In other words . . . (Score:3, Insightful)
Re:In other words . . . (Score:5, Insightful)
If you want real security to be provided, you have to learn to sell it at least as well as the snake-oil. You have to make it sufficiently visible, but non-impeding, that people feel safe.
It's about understanding the human/political side of the equation that can make the difference between a successful deployment and a perceived failure.
Re:In other words . . . (Score:5, Insightful)
Re:Success... (Score:3, Insightful)
It's all about your frame of reference.
I think of these things as kind of like an electric heater. Most people would argue that an electric heater is one of the most inefficient devices known to mankind. However, when viewed with the proper perspective, it's anything but. Put it this way: an electric heater is basically designed to waste power by transducing electrical energy into heat and spewing it into the immediate environment. A heater does this with virtually no losses. Therefore, an electric heater is almost 100% efficient, as long as there's nothing coming out of it that doesn't qualify as waste.
Which pretty much describes the Bush Administration.
Re:In other words . . . (Score:4, Insightful)
1. the sole of a shoe can contain any significant amount of explosive
2. that walking on such a shoe would not cause the explosive to go off
3. that airport scanner technology can tell the difference between explosives and leather
None of which are the case. The only thing you could maybe fit in the sole of a very hard soled shoe would be a knife.. which hopefully people realize doesn't give a would-be hijacker any more of an advantage than being unarmed - if 50 scared passengers rush you, it doesn't matter that you have a knife. And that's what should have been the lesson of 9/11: if you allow yourself to be victimized you will die.. but if you step up and stop hijackers there is no way to hijack a plane.
All in all, I wish the government would just let the market decide. There should be a "no security" terminal where people can catch a plane much as you catch a bus.. buy your ticket, get on the next available flight. If you want to be harrassed, go to the security theater terminal.
The Reality and Perception of Security (Score:4, Insightful)
Ah...NOW I get it! (Score:3, Insightful)
I guess this would explain why just about everybody in Canada thinks crime is on the increase, even though the numbers conclusively prove otherwise.
You can't sell security hardware and convince nervous old women to throw away their rights if they know there's a long list of things more important than so-called "security". And a lot of those "nervous old women", by the way, are male, in their 30's, and convinced that everything will be fine if we just forget all that due process nonsense and start trusting the cops to throw the right people in jail.
Electronic Voting Security Theater-DES. (Score:1, Insightful)
DES in stream mode.
Someone has to do it (Score:3, Insightful)
And the problem with this is what? Given how badly people misunderstand computer security we don't have enough people doing this kind of job.
Re:We nerds and geeks need to wake up to theater (Score:3, Insightful)