Hal (![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
libertango) wrote2002-08-18 09:32 pm
libertango) wrote2002-08-18 09:32 pm
Entry tags:
Here's a must read...
...and not just because I know the guy. :)
The Atlantic Monthly has a great profile of Bruce Schneier this month... one that they've also, fortunately, put online.
Bruce is a serious crypto guy, the author of both the highly technical Applied Cryptography and the more layman-oriented Secrets and Lies.
Here's perhaps the number one concept to get from the Atlantic article:
"Schneier is hardly against technology—he's the sort of person who immediately cases public areas for outlets to recharge the batteries in his laptop, phone, and other electronic prostheses. "But if you think technology can solve your security problems," he says, "then you don't understand the problems and you don't understand the technology." Indeed, he regards the national push for a high-tech salve for security anxieties as a reprise of his own early and erroneous beliefs about the transforming power of strong crypto. The new technologies have enormous capacities, but their advocates have not realized that the most critical aspect of a security measure is not how well it works but how well it fails."
In fact, let's go back a few months, to April 15's issue of Cryptogram, Bruce's security newsletter:
"What follows is my foolproof, five-step, security analysis. Use it to judge any security measure.
This five-step process works for any security measure, past, present, or future:
1) What problem does it solve?
2) How well does it solve the problem?
3) What new problems does it add?
4) What are the economic and social costs?
5) Given the above, is it worth the costs?
When you start using it, you'd be surprised how ineffectual most security is these days. For example, only two of the airline security measures put in place since September 11 have any real value: reinforcing the cockpit door, and convincing passengers to fight back. Everything else falls somewhere between marginally improving security and a placebo."
The Atlantic Monthly has a great profile of Bruce Schneier this month... one that they've also, fortunately, put online.
Bruce is a serious crypto guy, the author of both the highly technical Applied Cryptography and the more layman-oriented Secrets and Lies.
Here's perhaps the number one concept to get from the Atlantic article:
"Schneier is hardly against technology—he's the sort of person who immediately cases public areas for outlets to recharge the batteries in his laptop, phone, and other electronic prostheses. "But if you think technology can solve your security problems," he says, "then you don't understand the problems and you don't understand the technology." Indeed, he regards the national push for a high-tech salve for security anxieties as a reprise of his own early and erroneous beliefs about the transforming power of strong crypto. The new technologies have enormous capacities, but their advocates have not realized that the most critical aspect of a security measure is not how well it works but how well it fails."
In fact, let's go back a few months, to April 15's issue of Cryptogram, Bruce's security newsletter:
"What follows is my foolproof, five-step, security analysis. Use it to judge any security measure.
This five-step process works for any security measure, past, present, or future:
1) What problem does it solve?
2) How well does it solve the problem?
3) What new problems does it add?
4) What are the economic and social costs?
5) Given the above, is it worth the costs?
When you start using it, you'd be surprised how ineffectual most security is these days. For example, only two of the airline security measures put in place since September 11 have any real value: reinforcing the cockpit door, and convincing passengers to fight back. Everything else falls somewhere between marginally improving security and a placebo."
Placebos
I have recently made a personal security discovery which you might find amusing:
Worrying about something happening does nothing to improve my security. I was amazed at how freeing this thought was. It amazed me I had to get this old to fully grasp that concept.
Similarly, many security measures are more psychological or opiate than they are effective.
Maybe this makes sense with airlines, whose job it is to herd large numbers of people calmly from place to place.
Our martial arts instructor gave a talk last fall about how to fight back in an airline situation. It was actualy pretty informative and empowering to discuss it, the limitations of movement in confined space, how to deal with an opponent with a weapon, etc.
I enjoy reading your posts, thanks.
(smile)