As we think about the postmortem on security procedures following from the Boston Marathon attack and plan on new procedures, Bruce Schneier has some crucial security design advice: don't forget transparency and accountability. Without these two crucial elements, security can't work:
Long ago, we realized that simply trusting people and government agencies to always do the right thing doesn't work, so we need to check up on them. In a democracy, transparency and accountability are how we do that. It's how we ensure that we get both effective and cost-effective government. It's how we prevent those we trust from abusing that trust, and protect ourselves when they do. And it's especially important when security is concerned.
First, we need to ensure that the stuff we're paying money for actually works and has a measureable impact. Law-enforcement organizations regularly invest in technologies that don't make us any safer. The TSA, for example, could devote an entire museum to expensive but ineffective systems: puffer machines, body scanners, FAST behavioral screening, and so on. Local police departments have been wasting lots of post-9/11 money on unnecessary high-tech weaponry and equipment. The occasional high-profile success aside, police surveillance cameras have been shown to be a largely ineffective police tool.
Sometimes honest mistakes led organizations to invest in these technologies. Sometimes there's self-deception and mismanagement -- and far too often lobbyists are involved. Given the enormous amount of security money post-9/11, you inevitably end up with an enormous amount of waste. Transparency and accountability are how we keep all of this in check.
Second, we need to ensure that law enforcement does what we expect it to do and nothing more. Police powers are invariably abused. Mission creep is inevitable, and it results in laws designed to combat one particular type of crime being used for an ever-widening array of crimes. Transparency is the only way we have of knowing when this is going on.
Transparency and Accountability Don't Hurt Security—They're Crucial to It
M. David Weisman, a magistrate judge in Illinois’s Eastern Division, denied a federal warrant application that would have allowed law enforcement officers to force suspects to unlock their mobile devices with a fingerprint, ruling that the suspects’ Fourth Amendment (undue search and seizure) and Fifth Amendment (self-incrimination) rights protected them from being forced to unlock […]
For $170, Motherboard’s Joseph Cox bought SpyPhone Android Rec Pro, an Android app that you have to sideload on your target’s phone (the software’s manufacturer sells passcode-defeating apps that help you do this); once it’s loaded, you activate it with an SMS and then you can covertly operate the phone’s mic, steal its photos, and […]
Some employees with the U.S. Department of Homeland Security who work in the Washington, D.C. area and in Philadelphia, PA were unable to access the DHS computer network on Tuesday, reports Reuters, citing “three sources familiar with the matter.”
DJI is the world’s leading designer and producer of easy-to-fly drones and aerial photography systems. If you’re a drone enthusiast, you want a DJI. If you know absolutely nothing about drones and think they’re weird, if you win a DJI you’re going to become a drone enthusiast.Enter this giveaway (for free, yes) and you’ll get a […]
Although there will never be a consensus about the best way to make coffee, any coffee connoisseur will agree that controlling the grind of your beans and balancing water temperature are the keys to a tasty cup. Since your plastic coffee pot doesn’t really allow for that kind of customization, going back to the French […]
Not all hackers are malicious information thieves—white-hat ethical hackers work with technology companies to ensure the security of their computer systems and user data. With all of today’s high-profile data breaches, ethical hackers are in considerable demand. To learn these critical skills and break into the high-paying cyber security field, try taking the courses in this […]