As we think about the postmortem on security procedures following from the Boston Marathon attack and plan on new procedures, Bruce Schneier has some crucial security design advice: don't forget transparency and accountability. Without these two crucial elements, security can't work:
Long ago, we realized that simply trusting people and government agencies to always do the right thing doesn't work, so we need to check up on them. In a democracy, transparency and accountability are how we do that. It's how we ensure that we get both effective and cost-effective government. It's how we prevent those we trust from abusing that trust, and protect ourselves when they do. And it's especially important when security is concerned.
First, we need to ensure that the stuff we're paying money for actually works and has a measureable impact. Law-enforcement organizations regularly invest in technologies that don't make us any safer. The TSA, for example, could devote an entire museum to expensive but ineffective systems: puffer machines, body scanners, FAST behavioral screening, and so on. Local police departments have been wasting lots of post-9/11 money on unnecessary high-tech weaponry and equipment. The occasional high-profile success aside, police surveillance cameras have been shown to be a largely ineffective police tool.
Sometimes honest mistakes led organizations to invest in these technologies. Sometimes there's self-deception and mismanagement -- and far too often lobbyists are involved. Given the enormous amount of security money post-9/11, you inevitably end up with an enormous amount of waste. Transparency and accountability are how we keep all of this in check.
Second, we need to ensure that law enforcement does what we expect it to do and nothing more. Police powers are invariably abused. Mission creep is inevitable, and it results in laws designed to combat one particular type of crime being used for an ever-widening array of crimes. Transparency is the only way we have of knowing when this is going on.
Transparency and Accountability Don't Hurt Security—They're Crucial to It
Randal Munroe nails it again in an XKCD installment that expresses the likelihood that your houseguests will be able to connect to your wifi (I confess to having been the “firmware” guide — but also, having been reminded to do something about my own firmware when other difficult houseguests came to stay).
Facebook spokespeople and cryptographers say that Facebook’s decision to implement Open Whisper Systems’ end-to-end cryptographic messaging protocol in such a way as to allow Facebook to decrypt them later without the user’s knowledge reflects a “limitation” — a compromise that allows users to continue conversations as they move from device to device — and not […]
A new phishing attack hops from one Gmail account to the next by searching through compromised users’ previous emails for messages with attachments, then replies them from the compromised account, replacing the link to the attachment with a lookalike that sends you to a fake Google login page (they use some trickery to hide the […]
One of the best ways to progress a career in project management is through earning recognized certifications. These certifications carry significant clout and don’t require expensive tuition or student loans. This Ultimate Project Management Certification Bundle is a great example of an affordable way to get ahead. It includes training for 9 certifications including PMP, […]
There’s nothing quite like the rush of playing against a real human opponent. But from a developer standpoint, creating fun multiplayer experiences is incredibly complex. Fortunately, the Unity3D game engine has made all aspects of game creation, including multiplayer functionality, as accessible as ever.This Unity Course Bundle introduces all of the necessary elements of creating […]
The 2016 World Series game 7 will undoubtedly go down in history as one of the greatest baseball games of all time. With endless suspense, a nefariously-timed rain delay, and extra innings, it reminded over 40 million viewers why they love America’s pastime – and why all bets were truly off in 2016. Savor the […]