Main | « March 2004 | May 2004 » | Archives
I get unexpected visitors
A couple of years ago my Chief Financial Officer and I found ourselves quite unintentionally stranded at 9773 feet on top of the Schilthorn mountain in Switzerland after the last cable car had descended for the evening. The resulting five hour walk (him) and crawl (me) back to civilization contained many a humbling experience. A lifetime flat-city dweller, I simply had no appreciation of the otherworldliness of high places until I found myself stuck on a mostly vertical plane, holding on to a stunted tree, being suspiciously eyed by a bearded goat.
I was reminded of this tonight when I checked the traffic graph for my blog.
Glenn Reynolds of Instapundit.com linked to the second part of the post on my recent travels and observations about airline security, and in one sentence managed to drive over 1,100 visitors to this site in just a few hours. That’s a lot of influence. If the U.S. government is still unsure about the best organization to receive our June 30th transfer of authority in Iraq, perhaps we should consider Mr. Reynolds for the job. He’d certainly be efficient at reading through the daily ministry reports.
Many of the readers who came here from Instapundit left insightful comments. I thought I’d answer some of them here:
Nick points out that the hijacking risk is still real for cargo planes and that armed pilots would help for both types of flights. I tentatively, but not wholeheartedly, agree. Opposition to arming pilots seems to come in three flavors (1) placing a gun in the cockpit makes it more likely that that gun can be used by a terrorist, (2) pilots do not have adequate training/background checks to be trusted with a gun, and (3) pilots should focus on safely flying the airplane – especially in an emergency – not on fighting terrorists.
The first objection is fair – and hard to get around. Training and procedures will help, but ultimately it’s a tradeoff. I don’t honestly know if we’re better of with a controlled gun or no gun onboard. I’m leaning toward controlled gun. The solution to the second objection is easy: more training, better checks.
The third objection seems to stem from an action-movie view of a lone pilot in hand to hand combat with an assailant, with pauses in punching for just long enough to right the controls. This may actually be close to the truth on both flight 93 and EgyptAir 900, but neither of those flights had a secure cockpit door. I think the “shoot vs. fly” procedures for armed pilots would be pretty straightforward: If there’s no terrorist smashing through the cockpit door, fly the plane. If there is a terrorist smashing through the cockpit door, shoot the terrorist, then fly the plane. Also, the vast majority of flights will have at least one co-pilot and autopilot.
Roosevelt, TomK and Dave wrote about the threat of shoulder-fired surface-to-air missiles, otherwise known as MANPADS. I’ve written about MANPADS here and here. The gist: we should invest in technology to limit the risk from existing, unsophisticated, designs and mandate smart “kill-switches” for new, much more lethal designs produced by the U.S. and cooperative allies.
Researcher pointed out that “the metal detector with gain cranked way up would pick up the metal wires and metal detonator components necessary for a hidden bomb?” True, but I wouldn’t put any of that stuff through the metal detector. Even the shoe-bomber got around that, and he’s not the swiftest Taliban on the monkey bars, if you know what I mean. Also, as Stef comments, metal detector tolerances are pretty much random.
Finally, Toren says, “The overwhelming and useless airport security is here to stay, because of the very simple reason that government jobs never go away.”
I’ve finally met someone more cynical than myself. It’s an honor to make your acquaintance, sir.
April 28, 2004 | Permalink | Comments (6)
Holy attempting to swallow a co-equal branch of government, Batman!
Allan from DemSEC has written about a bill introduced by Congressman Ron Lewis in the U.S. House of Representatives which would allow Congress to ignore certain rulings of the Supreme Court.
The Congress may, if two thirds of each House agree, reverse a judgment of the United States Supreme Court--
(1) if that judgment is handed down after the date of the enactment of this Act; and
(2) to the extent that judgment concerns the constitutionality of an Act of Congress.
The bill is called the "Congressional Accountability for Judicial Activism Act of 2004" and, though lacking a teeth-gnashingly obnoxious name like some other recent legislative emanations, is still worthy of criticism. If this bill passes, I recommend the quick issuance of an Executive Order declaring that the President can dismiss both Congress and the Supreme Court, but only if he really, really wants to.
Actually Congress already has the power to overturn unpopular Supreme Court decisions – it’s called a Constitutional amendment – although I hear there’s more paperwork involved and someone has to phone the states. Anyway, a Constitutional amendment is the only way this act could stick, since the Supreme Court would presumably strike it down the very first time the bill was invoked. Of course, such a slap-down would itself satisfy both of CAJAA’s triggering conditions. The resulting attempt at recursive self-defense would be fun to watch but unlikely to succeed. It’d be like using a magic lamp to wish for more wishes. Everybody knows you can’t do that; the precedent goes all the way back to “Aladdin v. Genie.”
Besides the ability to amend the constitution, Congress has already been dealt another valuable card in the Checks & Balances game: If Congress is really concerned about “activist judges” getting on the court, all it has to do is not approve any. Make those nominees squirm! It takes a lot less than two-thirds majority in both houses to scuttle a judicial appointment. Makes for good C-SPAN as well.
Congress could also try not passing blatantly unconstitutional laws in the first place.
As an added bonus, the preceding three methods work just as well against the lower federal and state courts – something completely unaddressed in Congressman Lewis’ effort.
I’m not making any judgments on the broader “activist judges” issue because, (1) I can kind of see both sides of the argument, and (2) it’s irrelevant to the merits of this bill. All I’m saying is that looking for an end-run (is that a valid sports analogy? I’m never sure.) around the past 200 years of the foundations of American democratic governance is a curious way to show your respect for tradition. Mr. Lewis may have legitimate concerns about the modern role of the judicial branch. Certainly the press release explaining the bill taps into a serious and ongoing debate. Still, Congress already has ways to balance the influence of the courts. Congress should use them.
[Dahlia Lithwick criticizes the bill, as does Eugene Volokh. Stephen Bainbridge offers a defense.]
April 24, 2004 | Permalink | Comments (1)
SpoofStick for IE is out
SpoofStick for Microsoft Internet Explorer is now available. SpoofStick is a simple, free browser plug-in that help keep users safe from spoofed websites and “phishing” scams by prominently displaying the actual domain name of whatever site you’re on.
SpoofStick has been available for the Mozilla Firefox browser for the past few weeks and has made a splash in the community. This version should work on IE 6 running on Microsoft Windows XP and 2000. The Firefox version will run on Windows, OS X and Linux.
These are beta versions, and we’d love to get your feedback. Please post your comments here, or send email to “spoofstick AT corestreet DOT com”.
See my introduction of SpoofStick: part 1 and part 2.
Download SpoofStick v. 0.06 BETA for Internet Explorer or Mozilla Firefox here.
April 23, 2004 | Permalink | Comments (0)
Why do we need electronic voting?
For a while, after the 2000 election mess, I remember being convinced that we needed electronic voting machines. Then I remember being dismayed by the apparent lack of quality and security found in many new and existing designs. Now that it’s almost time for the next big election, I can’t seem to remember why I thought we needed electronic voting in the first place.
The problems in Florida were mostly caused by poor ballot design and questionable adherence to procedure. Do electronic voting machines fix either of those problems? Can’t we just have less awkward paper ballots and better training for voting officials?
Total public transparency is absolutely crucial to election security, so any electronic machine that relies on obfuscation and secrecy for “security” should be automatically disqualified. If I can’t know the exact path of every single electron or scrap of paper through the voting process, how am I supposed to have any confidence in the results? Sure, there are plenty of ways to design a computerized voting system that doesn’t keep any secrets (although you wouldn’t know it by looking at the current crop) and real cryptographers have come up with some monstrously cool concepts for e-voting receipts and authentication, but is it really worth it? If the machine is going to wind up printing out a paper trail anyway, why not start with the paper in the first place. A good “old-fashioned” optical scan system with penciled in bubbles seems to be good enough in just about every category that’s important for voting. Hire someone with a design and layout sense to put the ballots together and invest a third of your new-machine budget on training the staff, and you’ve probably got a pretty good system for 2004.
I’m a big fan of unnecessary technology in every other aspect of life, so this realization comes as something of a shock to me; but I really can’t remember why I ever thought the country should invest in computerized voting gizmos. Somebody please remind me before my geek self-image suffers irreparable harm.
[Thanks to Freedom to Tinker for keeping this fresh in my mind.]
April 22, 2004 | Permalink | Comments (4)
Me know grammar one day
I was giving a talk on security assessment at the New York State Cyber Security Conference today and used my regular “don’t talk like an expert” slide that I first wrote about on February 25th in “Security in four simple words”. The point of the slide is that security vendors do a disservice to the community when they use obfuscated and exclusionist industry lingo to describe commonsense concepts. I propose four simple words that should be used instead: Identity, Privileges, Credentials and Validation. I explain how the first three words are nouns and represent static concepts, while the fourth is a verb and represents an action that you have to do at every transaction. I’ve used this slide for several public and private presentations now and it usually solicits a good discussion.
Today, an audience member came up to me (mercifully after the talk was over and the other post-presentations questioners had departed) and said, “Validation is a noun.”
Dammit! Why wasn’t I informed?!
If you’d like to book me for your event (I’m great at dentist conventions but too foul-mouthed for Bar Mitzvahs), drop me an email.
April 21, 2004 | Permalink | Comments (2)
Too-Frequent Flyer Part 2 – Counting Threats
[See part one of this series on air travel and security.]
Let me propose a heuristic: it may be a good time to reevaluate the effectiveness of a national security institution when it becomes the subject of a Playmobil play set.
”Airport Security Check-in” has reached that point.
Don’t get me wrong, getting playmobiled isn’t an automatic demerit; there are plenty of realistic, practical things in play land. Still, it's worth some hard thinking just to make certain that on the scale of practical reality, our airline security processes are closer to “Rescue Equipment Trailer” than to “Bunny with Wheelbarrow”.
I think we might be somewhere in the middle.
Please pardon the sudden shift from absurdist humor to serious and unpleasant realities in this post. I think it mirrors the experience of modern air travel.
Before discussing the effectiveness or practicality of new security measures, it’s useful to understand what threats they’re designed to prevent. There are basically four broad categories of attacks which can be directed against the air travel system:
1. Hijacking – to use the airplane as a weapon or for hostages or safe passage
2. Bombing – to blow up the plane with a stowed device or suicide attack
3. Infiltration – to transport dangerous individuals into or out of the country
4. Smuggling – to transport or disseminate hazardous materials such as chemical or biological agents using the air travel infrastructure
Each of these threats has important national security repercussions. However, the vast majority of the new publicly visible security measures implemented at U.S. airports are focused on preventing only the first one. This is an understandable political and psychological reaction, since preventing a 9/11 style hijacking is at the top of everyone’s immediate demands. Unfortunately, anti-hijacking measures are some of the most costly and burdensome to implement. They may also be the least necessary – maybe even counterproductive.
Only two changes were necessary to virtually guarantee that a hijacking intended to crash a passenger plane into a building could never happen again. One of them - unbreachable cockpit doors – was relatively cheap and implemented within months of the attacks. The other one was excruciatingly expensive, but the price was paid in full before the day ended and implementation was immediate and ubiquitous: everyone became painfully aware of the possible cost of losing control of an airplane.
Someone attempting an exact replay of the 9/11 attacks today would likely be beaten to within an inch of death - and I wouldn’t take that inch for granted - by passengers with nothing to lose. Even if the terrorists managed get to the cockpit, physical locks and airline policy would make it impossible to take control of the plane. They could kill everyone on board and blow up the airplane, but that makes this kind of attack identical in effect to the “bombing” type. The “hijacking” category, at least for commercial passenger flights, has been largely negated. “Never again” is not just a solemn vow here. It is a statement of fact.
Why, then, do I still have to surrender my nail clippers, take off my belt and wait three quarters of an hour to go through a metal detector honed to such a level of sensitivity that the steak taco I had for lunch sets it wailing? What harm could I inflict with a one inch piece of flimsy metal on a hundred instant air marshals, a bank-vault quality door and pilots specifically trained to never give up control of the airplane? Why is our still-recovering economy being subjected to this level of delay and inefficiency? More importantly, why are our dramatically finite security dollars being spent here as opposed to on other, largely unsolved, problems - like the other three types of threats outlined above? Are these measures effective security, or are they primarily meant to comfort us? There's nothing wrong with comfort, as long as it's not the fuzzy, anthropomorphic-rabbit type.
Also, can I have my nail clippers back?
Next Up: The Other Shoe
[Update: The Playmobil site is not very link friendly. If you get errors following the links in IE, just ignore them and the pages should open fine. Also, I just remembered where I saw the Playmobil link originally – thanks Boing Boing.
Update 2: I replaced the Playmobil links to direct links to the right product images. That seems to be the only way their website wants me do it. Who doesn't love JavaScript?
Update 3: Yikes, this post got a link from Instapundit, lots of great comments here, and my answers in a new post.]
April 19, 2004 | Permalink | Comments (18)
If you insist security
It happened again. An article on Active Security which I wrote for ZDNet last week got translated into Japanese and published on IT Media. Here is the Babelfish reverse-translation back into English. The results aren’t as funny as last time, but it does translate “Salman Rushdie” as “Monkey man.”
In at least one instance, the computer translation seems to cut right through my human attempt at suggestive obfuscation and says:
Example of the large-scale positive security program, Common Access Card by the American Defense Department (abbreviation CAC, is bad designation, but here will not touch) is.
The central point of the article comes through intact, if a little worse for wear:
Positive security, the villain is not is obstructed just simply. It means also the fact that direction it makes promote daily life of the good man.
I couldn’t have said it better myself.
[The original, uncut version of the article (with snide asides which didn’t survive the ZD editorial process) is here.]
April 13, 2004 | Permalink | Comments (0)
Google as muse
If I ever run out of ideas to write about (unlikely, time is the scarcer commodity), all I have to do is look at the search words people used to find my site. This is also a good way to measure how well my posts are satisfying the world’s random information needs. I think of it as an impromptu “reader’s request” mail bag, with an opportunity to fill gaps in my reporting.
Let’s see. Two people searched for, "visitors interested in strengthening america". Check, I wrote about that particular version of the VISA act here.
One person searched for, "golf boxers" funny. Yup, golf boxers are funny. That’s why I wrote about them in a strange little rant. Although I originally used another clothing item which my PR instincts made me tone down.
Another accidental reader wanted to know, why is medicine important? That’s a good question, um, Timmy. Medicine is important because it keeps many people healthy - healthy enough to become grandparents. Before Google, grandparents were the most efficient method of information storage and retrieval. So a hundred years ago (in the age of “client/server”) you couldn’t have gotten your question answered without medicine. Also medicine is important because it helps medical school graduates pay off their student loans.
Lastly, someone sat in front of a Google search box and typed in: explain why the internet is important to many businesses and discuss brie. I probably shouldn’t do this, since it looks like someone is trying to cheat on their school assignment (third year at BU, if memory serves), but here goes:
The Internet is important to many businesses because it gives them a way to advertise their product, which, in the case of artisan brie makers is a delicious mold-ripened whole-milk cheese with a whitish rind and a soft, yellow center. Also, the Internet can help businesses keep a watchful eye on their competitors. Like those artless philistines in Wisconsin.
I guess with this domain name, comes a certain responsibility. Want to know why other stuff is important? Just search for it, stumble on to Vastly Important Notes and wait a month or two for me to remember to check my referrer logs. Google is a muse as well as a beacon.
April 10, 2004 | Permalink | Comments (0)
More SpoofStick
A new version of the SpoofStick beta for FireFox has been released. SpoofStick is a free utility that helps fight spoofed websites and identity “phishing”. See the original post for more details.
This version (0.05) tweaks the size display settings to make the small size smaller, the large size larger and the medium size more medium. It’s also smarter about handling multiple-name URLs (like https://web.da-us.citibank.com/signin/citifi/scripts/login2/user_setup.jsp) and international domains (like http://www.ox.ac.uk/).
We’ve gotten some good feedback on SpoofStick in the past couple of days. To answer the most common question: yes, SpoofStick does work on a Mac with Firefox for OS X. Here’s proof:
Although, I thought you Mac users had too many post graduate degrees to be fooled by fake websites.
Thanks for all the feedback, and keep it coming.
Download SpoofStick v. 0.05 BETA for Mozilla Firefox here.
April 8, 2004 | Permalink | Comments (3)
Getting the definition right
[Yesterday, ZDNet published a short commentary I wrote called “Getting the definition right”. I’m very grateful to ZDNet for giving me a forum with a few orders of magnitude more readers than this fine blog. In order to make the article suitable for the mainstream, the ZD editors stripped out most of the jokes from the original piece and altered the ending a bit. They were probably right to do so – security is no laughing subject. Still, for the “benefit” of my original reader(s), I’ve decided to post the “controversial”, err, “uncut”, um, “eXtreme” version here.]
Getting the Definition Right (the director's cut)
“Security”, like other vaguely defined segments stalked by industry analysts, is subjected to cyclical patterns of fashion and scorn. Are we in a security-fueled investment bubble, or are organizations still sitting on their IT wallets? Much of the answer depends on your assumptions and definitions.
In his now (in)famous January 2000 essay, “Terror Versus Security”, Salman Rushdie offers a working definition:
Security is, after all, the art of making sure certain things don’t happen: a thankless task, because when they don’t happen, there will always be someone to say the security was excessive and unnecessary.
This and others pieces are republished in Rushdie’s newish book, Step Across This Line: Collected Nonfiction 1992-2002. Mr. Rushdie is something of an unwitting expert on security matters, at least at the receiving end. Compelling snapshots throughout the book recall a decade of fighting (and dodging) the Iranian fatwa placed on his head after publication of The Satanic Verses. While his insights are keen, this definition is part of the problem.
If you think of security in purely negative and restrictive terms – preventing attacks, denying access – it’s hard to be optimistic about the industry. After all, restrictive security places a burden on the many legitimate transactions in an attempt to prevent the few unauthorized ones. This is practically a Sisyphean undertaking (heh, “Sysyphean Undertakings for Dummies” – I’m gonna write that book). Too much restrictive security and the economy grinds to a halt while people proclaim that “the terrorists have already won”. Too little and you’re accused of being negligent. Rushdie’s punch line is that any security you decide on is by definition the wrong amount. What fun.
However, there’s a different way to look at the industry. Instead of thinking about security as just negative and restrictive, think of it as active and enabling. Active security is not just about stopping the bad guys; it’s about making the normal lives of the good guys better. Instead of just intercepting a few illegal transactions, active security aims to make the vast majority of legal transaction faster and more efficient. There are new security technologies that allow people to do more and to do it quicker. Think of ATM machines, trusted traveler documents and digitally signed mortgage forms. All of these applications make life easier for legal users and, by extension, make it easy to catch the illegal ones. Also, since active security deployments focus on speeding legitimate transactions, they can have a net positive effect on the economy. The more active security you have, the more it pays for itself. This is the exact opposite of the negative feedback cycle of restrictive security economics.
A great example of a large active security program is the Common Access Card (CAC – bad name, different topic) of the U.S. Department of Defense. The CAC is a smart card issued to every member of the DoD and is intended to be used for many applications including logical and physical access, secure email, document signing and payments. These are applications that people want and that were largely unavailable before the CAC program. Of course the system is built on cryptographically strong technology, so even though people will use their cards for convenience, they’ll be getting security.
I wrote a chapter on “Active Security” in Inside the Minds: Security Matters. If you like this blog, but not the pesky attempts at humor, the chapter may be more your speed. From what I’ve seen in the past two years, spending on active security technology is growing in both government and commercial sectors.
Towards the end of his essay, Salman Rushdie adds a cautionary note:
In the past, security didn’t save President Reagan, or the pope. Luck did that. So we need to understand that even maximum security guarantees nobody’s safety.
Certainly this conclusion is correct. Security isn’t about guaranteeing absolute safety. It’s about letting people undertake both important and pedestrian actions with a reasonable expectation of a speedy, safe and correct outcome. Still, I can’t quite agree with the first two sentences. If you watch the video of either assassination attempt, you’ll see that, even though security couldn’t prevent the initial shots, each attacker was frustrated in his attempt to finish the job by a massive bodyguard pile-on, while the injured principal was quickly and efficiently whisked away from danger and towards medical care. So maybe it’s more accurate to say that President Reagan and the pope were saved by security and luck. And by “luck” I mean eight hours of surgery.
It’s easy to make a case for security if you get the definition right.
April 6, 2004 | Permalink | Comments (2)
