Security and Privacy

It’s probably impossible to get too much of Bruce Schneier, although I honestly wouldn’t mind if he stopped Friday Squid Blogging.

His latest article on the false dichotomy between security and privacy is an excellent counterpoint to a recent Lawrence Wright profile in the New Yorker on Director of National Intelligence Mike McConnell. The Lawrence Wright article was surprisingly uncritical, considering the New Yorker’s usual zealous approach. Check out, for example, his description of the “Clipper” chip:

In the nineties, new encryption software that could protect telephone conversations, faxes, and e-mails from unwarranted monitoring was coming on the market, but the programs could also block entirely legal efforts to eavesdrop on criminals or potential terrorists. Under McConnell’s direction, the N.S.A. developed a sophisticated device, the Clipper Chip, with a superior ability to encrypt any electronic transmission; it also allowed law-enforcement officials, given the proper authority, to decipher and eavesdrop on the encrypted communications of others. Privacy advocates criticized the device, though, and the Clipper was abandoned by 1996. “They convinced the folks on the Hill that they couldn’t trust the government to do what it said it was going to do,” Richard Wilhelm, who was in charge of information warfare under McConnell, says.

(emphasis added). Compare, for example, EPIC’s Clipper Chip information page.

Schneier, by contrast, sees right through the core:

We’ve been told we have to trade off security and privacy so often — in debates on security versus privacy, writing contests, polls, reasoned essays and political rhetoric — that most of us don’t even question the fundamental dichotomy.

But it’s a false one.

Security and privacy are not opposite ends of a seesaw; you don’t have to accept less of one to get more of the other. Think of a door lock, a burglar alarm and a tall fence. Think of guns, anti-counterfeiting measures on currency and that dumb liquid ban at airports. Security affects privacy only when it’s based on identity, and there are limitations to that sort of approach.

Since 9/11, approximately three things have potentially improved airline security: reinforcing the cockpit doors, passengers realizing they have to fight back and — possibly — sky marshals. Everything else — all the security measures that affect privacy — is just security theater and a waste of effort.

By the same token, many of the anti-privacy “security” measures we’re seeing — national ID cards, warrantless eavesdropping, massive data mining and so on — do little to improve, and in some cases harm, security. And government claims of their success are either wrong, or against fake threats.

The debate isn’t security versus privacy. It’s liberty versus control.

Read the whole essay. And send it to your mother, as well.

[Tags]Schneier, Privacy, Security[/Tags]

Terrorist Hashing?

The Hash House Harriers is “an international group of social, non-competitive running and drinking clubs.” I participated many years ago in college (e.g.), although the Princeton Group is probably more tame than most. Via Bruce Schneier, this crazy new items:

Two people who sprinkled flour in a parking lot to mark a trail for their offbeat running club inadvertently caused a bioterrorism scare and now face a felony charge.

Although I don’t hash anymore, I frequently see the characteristic flour marks while jogging in the woods. I can’t see how the perpetrators here could possibly meet the mens rea requirement for a felony bioterrorism charge.


Via Tikirobot, reCAPTCHA. Brilliant:

Over 60 million CAPTCHAs are solved every day by people around the world. reCAPTCHA channels this human effort into helping to digitize books from the Internet Archive. When you solve a reCAPTCHA, you help preserve literature by deciphering a word that was not readable by computers.

Why didn’t I think of that?

Airport Snooping

I’ve always wondered why ill-intentioned hackers don’t set up fake free WiFi hotspots in public places like airports to collect passwords and other personal information. As it turns out, they do:

Authentium did an in-depth survey of the ad hoc networks found at O’Hare, visiting on three different occasions. It found more than 20 ad hoc networks each time, with 80% of them advertising free Wi-Fi access. The company also found that many of the networks were displaying fake or misleading MAC addresses, a clear sign that they were bent on mischief.

The Computerworld article focuses on the dangers of associating with ad-hoc (peer-to-peer) wireless networks and provides a number of tips for Windows users to avoid unintentionally connecting to an ad-hoc network.

It seems to me just a matter of time, though, before malicious agents set up “real” (infrastructure-mode) access points in public places to collect such data. In fact, based on the airport study above, I would be shocked if it weren’t already happening. Numerous trivial variations could be very difficult to detect for the average user: for example, someone could set up a WiFi access point advertising itself as a T-Mobile HotSpot, and copy the T-Mobile web interface. If they wanted to be especially crafty, they could sit outside a Starbucks (or other known T-Mobile HotSpot) and simply use a different channel than the existing hot spot. Even a sophisticated user might have trouble telling the difference.

The lesson is that you need to expect that all network traffic is insecure if not encrypted and signed at both ends. Although even in that case there are possible man-in-the-middle attacks, at least we have a cryptographic certificate/certificate authority infrastructure to mitigate the risk. (That sort of attack is also a bit more difficult to pull off, thus perhaps deterring the simplest “script-kiddie” type attackers.)

Hiring Hackers

Via the man who should be national security advisor, this fascinating email exchange between a “hacker” and a congressional staffer. The staffer wanted his college GPA “fixed” to improve his grad school outlook. The hacker apparently just wanted to mess with the guy:

If attention comes down, remember that we’re both equally liable in the actions. I’d rather not go to prison, you? I’ll use some snazzy IDS evasion techniques, spoof my IP, use my neighbor’s wireless, send decoy packets from a BitTorrent network, use some old PBX tricks to make them think it is an internal job and more. Think of all the stuff you see in the movies, but better.

Bad Passwords

Interesting article by everyone’s hero Bruce Schneier on real-world passwords. Schneier analyzed the spoils of a phishing attack on MySpace that resulted in the collection of 34,000 usernames and passwords:

We used to quip that “password” is the most common password. Now it’s “password1.” Who said users haven’t learned anything about security?

Climate Dread

Via mariuss’ weblog (discovered accidentally, provides an unusually high signal-to-noise ratio for a random blog), this Canadian article entitled Coping with Climate Dread. Read it. Then read Elizabeth Kolbert’s article, “The Darkening Sea: Carbon Emissions and the Ocean” in last week’s New Yorker Magazine. (Sadly, the content does not appear to be online — if the New Yorker put only one article online, it should have been that one. As a consolation, there’s a short excerpt here, and a related article is available from last year.)

It’s become a lot harder to think about this problem since I had a kid.

Princeton v. Diebold


Via Dylan Thurston: Witness Stand. Important reminder regarding grammar.

Pit Bulls and Profiling

Malcolm Gladwell· (probably best known as the pop-sociologist author of The Tipping Point·) has an excellent piece in this week’s New Yorker· on what pit bulls can teach us about profiling·. The argument boils down to one about common tendencies in misinterpreting data and drawing the wrong (or “unstable”) generalizations from apparently recurrent phenomena.

Everyone’s favorite security guru Bruce Schneier· has made similar arguments in the past·, but Gladwell’s style in this case is more compelling. I particularly liked this passage about The Godfather:

In July of last year, following the transit bombings in London, the New York City Police Department announced that it would send officers into the subways to conduct random searches of passengers’ bags. On the face of it, doing random searches in the hunt for terrorists — as opposed to being guided by generalizations — seems like a silly idea. As a columnist in New York wrote at the time, “Not just ‘most’ but nearly every jihadi who has attacked a Western European or American target is a young Arab or Pakistani man. In other words, you can predict with a fair degree of certainty what an Al Qaeda terrorist looks like. Just as we have always known what Mafiosi look like — even as we understand that only an infinitesimal fraction of Italian-Americans are members of the mob.”

But wait: do we really know what mafiosi look like? In “The Godfather,” where most of us get our knowledge of the Mafia, the male members of the Corleone family were played by Marlon Brando, who was of Irish and French ancestry, James Caan, who is Jewish, and two Italian-Americans, Al Pacino and John Cazale. To go by “The Godfather,” mafiosi look like white men of European descent, which, as generalizations go, isn’t terribly helpful. Figuring out what an Islamic terrorist looks like isn’t any easier. Muslims are not like the Amish: they don’t come dressed in identifiable costumes. And they don’t look like basketball players; they don’t come in predictable shapes and sizes. Islam is a religion that spans the globe.