Two points in this caught my attention.
Cannataci also argued forcefully that mass surveillance was not the way to
handle the threat from terrorism and pointed to a report by the Dutch
intelligence services that argues that point. "To get real terrorists, you have
to go for good old-fashioned infiltration," he argued, wishing that the security
services would spend less money on computers and more on real people who go out
and get real, actionable intelligence on what people are up to. "It's time to be
realistic and actually examine what evidence shows."
Where have I heard that before?
If you think technology can solve your security problems, then you don't
understand the problems and you don't understand the technology
-- Bruce Schneier
Essentially what he's saying is summed up by another Schneier quote:
People often represent the weakest link in the security chain and are
chronically responsible for the failure of security systems
-- Bruce Schneier, Secrets and Lies
That works two ways. The first is that yes, organizations are susceptible to infiltration because the people that make up organizations are fallible, corruptible, error prone. As I've said before many times, "it's people, not
turtles, all the way down".
There are two problems, from the US and the Western POV about this. We might take the example of airport and aircraft security. The Israelis have a system that is based around human screener, interviews, profiling. Given the threat profile against the Israeli state is is very, very effective. The US says they can't do it this way, it doesn't scale, it requires too much training and its "obviously", their studies say, ignoring the evidence of the Israelis, fallible and error prone.
The anthropologist in me looks to the emic/etic approach of analysis and realises that this is not the real excuse.
On the one hand the US has always leant heavily on technology. At one level, the US Civil War was about automation in farming. The huge wheat fields of the North America are only viable because of technology and automation.
No, the US sees automation as the solution to 'scalability'.
But the other aspects is economics and that leads to trust.
The US airports would not want to pay for the number of, the training of, the human level screener needed to work airport security the way the Israelis do.
They've chose technology operated by low-wage, poorly trained, unreliable staff.
And they don't trust that level of staff.
For the Israeli screeners, its a matter of national security; they know that if they make a mistake lives are at risk and, as they saying goes, there will be "a big smoking hole in the ground and lots of people dead".
For the low paid workers at the airports aggravating the passengers at US air terminals "its just a job".
For this the Homeland Security crows about their 'few-if-any' successes, based on their own tests, and ignore the mediamen who demonstrate how permeable and ineffective the US systems is and how easy it is to 'smuggle' weapons through.
As Schneier says, Security Theatre at its best.
The other quote that caught my attention was the criticism of Vint Cerf.
While Cerf and Google may claim that privacy is no longer possible today, its
rather like claiming that the Internet has no security.
The real answer is that yes it is possible, if you are willing to put the effort into making it so.
And that effort costs.
Actually anything costs. The idea of the original small-i internet as a nuclear-war proof communication media for DARPA was a cost. It had no commercial value.
These days Cerf is belittling other projects that have no immediate commercial value.
One of my favourite articles on economics is actually a short SF story by Robert
Heinlein titled "Columbus Was a Dope". It's a narrative, two guys in a bar discussing Columbus's motivation and backing.
Setting out to find a trade route to China, coming back with Gold which eventually bankrupted Spain's economy, had, in the longer run, nothing to do with the wealth of North America in the longer run, even from a natural resources POV.
It turns out that Heinlein's characters are discussing another 'futile, misdirected, waste of money' project, the building of a generation STL starship.
At the end of the story it runs out that the bar is actually in a heavily populated city ... on the moon.
Silly, eh? We all know, it's been shown many times, that there's no point in setting up colonies on the moon. Or Mars for that matter. Read the academic papers, read the economic analysis. maybe, just maybe, harvesting near earth asteroids as they come by using, yes, here it comes again, automation.
Sending people to Mars, cities there with !OMG! people like something out Bradbury It the same kind of puerile fantasy that people who watched Star Trek try to some up with FTL drives, teleportation, and !OMG! 'Communicators', 'tricorders', 'Food Replicator', 'Universal Translator', 'Tablet Computers' and
writing pads, and communicating with computers by voice.
Pure fantasy, complete waste of time. See what I said above about economics.
Sorry, I've drifted off topic ...
Posted by antonaylward
I am currently available to offer InfoSec & GRC audit and consulting services through my company - System Integrity