Schneier's Keynote At Linux.conf.au 138
Stony Stevenson writes "Computer security expert Bruce Schneier took a swipe at a number of sacred cows of security including RFID tags, national ID cards, and public CCTV security cameras in his keynote address to Linux.conf.au (currently being held in Melbourne, Australia). These technologies were all examples of security products tailored to provide the perception of security rather than tackling actual security risks, Schneier said. The discussion of public security — which has always been clouded by emotional decision making — has been railroaded by groups with vested interests such as security vendors and political groups, he claimed. 'For most of my career I would insult "security theater" and "snake oil" for being dumb. In fact, they're not dumb. As security designers we need to address both the feeling and the reality of security. We can't ignore one. It's not enough to make someone secure, that person needs to also realize they've been made secure. If no-one realizes it, no-one's going to buy it,' Schneier said."
CCTV - Worth its weight in gold (Score:5, Interesting)
Electronic Voting Security Theater (Score:5, Interesting)
To be secure it would have to be open. In the case of voting platforms that means every line of code, every encryption algorithm, and all the hardware has to be open, published, and known. Nobody has yet figured out how to make enough money from such a system to outspend Diebold's lobbyists and earn considered from election officials.
We nerds and geeks need to wake up to theater (Score:5, Interesting)
Take Linux for instance. I have had varying levels of success getting non-geeks to use it, but what is missing is the warm and fuzzies that make it psychologically comfortable to not be using Windows or a Macintosh.
There are two sides to change of any kind. (1) The actual details of change. (2) The psychological affirmation that it is worth the effort. No matter how valid the argument presented by the first, if it does not provide the second, it will fail.
If we wish to push Linux, we have to create theater around it.
Re:CCTV - Worth its weight in gold (Score:5, Interesting)
Just the rumor that we were putting a camera system in our school practically eliminated graffiti
vandalism in a vulnerable area. The vandalism then took other forms, which were actually more of a problem.
Re:In other words . . . (Score:3, Interesting)
Re:Electronic Voting Security Theater (Score:3, Interesting)
It's Still Dumb! (Score:3, Interesting)
I will take the reality over a false perception, any day.
Re:We nerds and geeks need to wake up to theater (Score:3, Interesting)
A colleague of mine has something called "Comodo" on some kind of paranoid mode on his computer, and whenever I use his computer (we share it because in addition to being his office computer, it's also used for some common task), it's annoying. I think I usually see something around 1 popup a minute, like "pidgin.exe is writing to XXX", allow or deny? "blah.com attempted to connect to xxx.xx.xxx.xxx", allow or deny?
Unless I am the only one really annoyed by those needless warnings that condition the user into clicking "allow" for everything, I'm not sure if that's such a good thing.
Anyways. If you are looking for a simple catch phrase that might impress others, I think uptime of most GNU/Linux servers might be a good thing (this is "security" in a different sense---security from developer idiocy)---my notebook didn't need any reboots for a month or longer (numerous hibernations, though), until some proprietary application wanted me to reboot (for no apparent reason) and I naively followed, until I realized that neither the application nor its author had a freaking clue about how things are in GNU/Linux (or, indeed, simple Unix) world.
Re:Ah...NOW I get it! (Score:2, Interesting)
I guess this would explain why just about everybody in Canada thinks crime is on the increase, even though the numbers conclusively prove otherwise.
You can't sell security hardware and convince nervous old women to throw away their rights if they know there's a long list of things more important than so-called "security".
I often think about the political impact of the population ageing in Europe (where I live). There is a lot of political analysis about everything but never around the fact that, well, the population is getting on average older, and that older people tend to have a more conservative take on life, and IMO are easier to be made afraid of "different new stuff" (like having more non-Caucasians and/or Muslims living in their society).
The other day I read about strong xenophobic language being used by politicians in Treviso, Italy. It went about how African immigrants were a great danger for the old people. The article was keen to mention that none of the perceived wave of violence was backed by official statistics. (Note that that is just something I read in the news, so I might be missing lots about it).
In Belgium, and the Netherlands there is often very strong xenophobic language being used by (relatively) successful mainstream politicians.
As I see it, dangerous foreigners/muslims/immigrants youngsters are really in the forefront of the justifications for the increase in surveillance in Europe nowadays (along with the "think about the children" argument).
I'm often under the impression that a strong factor in the success of this line of argumentation is the fact that these populations are getting older, affecting not only their own opinion but also the whole cultural tone of their societies.
I don't argue that that is only the cause, but I think its role its mostly underestimated.
Re:CCTV - Worth its weight in gold (Score:4, Interesting)
Burglars choose easy targets. CCTV and alarms make the target more difficult so most move on. Experienced thieves require more then just a sign to keep them away but still, they are for the most part looking for the easy target.
Terrorism is not a crime of opportunity. You can make the target appear as difficult as you want, all that does is make them plan a little more. The stupid restrictions at the airport do nothing to deter terrorists.