Quotulatiousness

April 7, 2014

US government data security failures

Filed under: Bureaucracy, Government, Technology — Tags: , , , , — Nicholas Russon @ 09:02

David Gewirtz says that the press has totally mis-reported the scale of government security breaches:

Summary: This is one of those articles that spoils your faith in mankind. Not only are government security incidents fully into holy-cow territory, the press is reporting numbers three magnitudes too low because someone misread a chart and everyone else copied that report.

You might think this was an April Fool’s gag, except it was published on April 2nd, not April 1st.

According to testimony given by Gregory C. Wilshusen [PDF], Director of Information Security Issues for the Government Accountability Office to United States Senate Committee on Homeland Security and Governmental Affairs that, and I quote, “most major federal agencies had weaknesses in major categories of information security controls.”

In other words, some government agency data security functions more like a sieve than a lockbox.

Some of the data the GAO presented was deeply disturbing. For example, the number of successful breaches doubled since 2009. Doubled. There’s also a story inside this story, which I’ll discuss later in the article. Almost all of the press reporting on this testimony got the magnitude of the breach wrong. Most reported that government security incidents numbered in the thousands, when, in fact, they numbered in the millions.

Emphasis mine. Here are the actual numbers:

Incidents involving personal identifying information grew from about 10.5 million in 2009 to over 25 million last year. By the way, some press reports on this misread the GAO’s charts. For example, the Washington Free Beacon wrote about this, claiming “25,566 incidents of lost taxpayer data, Social Security numbers, patient health information.” What they missed was the little notation on the chart that says “in thousands,” so when they reported 25,566 incidents, what that really reads as is 25,566 x 1000 incidents.

2014 GAO analysis of security breaches

This is an example of how the Internet echo chamber can get information very, very wrong. The Chicago Tribune, via Reuters reported the same incorrect statistic. So did InformationWeek. So did FierceHealthIT. Business Insider picked up the Reuters report and happily repeated the same statistic — which was three orders of magnitude incorrect.

This is why I always try to go to the original source material [PDF] and not just repeat the crap other writers are parroting. It’s more work, but it means the difference between reporting 25 thousand government breaches and 25 million government breaches. 25 thousand is disturbing. 25 million is horrifying.

February 15, 2014

What is your threat level?

Filed under: Government, Humour, USA — Tags: , — Nicholas Russon @ 11:09

PersonalThreatLevel

H/T to Cory Doctorow for the link.

December 24, 2013

Reason.tv – The TSA’s 12 Banned Items of Christmas

Filed under: Bureaucracy, Government, Humour, USA — Tags: , , — Nicholas Russon @ 09:33

Published on 23 Dec 2013

As travelers board planes this holiday, please be aware of 12 actual banned items from the Transportation Security Administration.

April 29, 2013

TSA makes sensible decision, but quickly backtracks after noisy protests

Filed under: Bureaucracy, Government, USA — Tags: , , , , — Nicholas Russon @ 09:10

In Reason, Steve Chapman explains why bureaucrats rarely go out of their way to ease restrictions:

Once in a while, a government agency adopts a policy that is logical, hardheaded, based on experience and unswayed by cheap sentiment. This may be surprising enough to make you reconsider your view of bureaucrats. But not to worry: It usually doesn’t last.

In March the federal Transportation Security Administration surprised the country by relaxing its ban on knives and other items. Starting April 25, it said, it would allow knives with blades shorter than 2.36 inches, as well as golf clubs, pool cues and hockey sticks.

That was before flight attendants and members of Congress vigorously denounced the idea as a dire threat to life and limb. It was also before two bombs went off at the Boston Marathon.

So it came as no great surprise when last week TSA announced it would retain the existing ban indefinitely so it could hear more from “the aviation community, passenger advocates, law enforcement experts and other stakeholders.”

A more plausible explanation is that TSA officials grasped the old Washington wisdom: Bureaucrats rarely get in trouble for being too careful. But if there were a single incident featuring a passenger and a blade, the agency would be tarred and feathered.

Politicians love seeing their names in the newspaper or being mentioned on TV. Bureaucrats understand that such attention can be a career-limiting move. Therefore, no rational bureaucrat will want to be associated with any policy change that might lead to media attention.

April 20, 2013

Boston’s security theatre performance

Filed under: Law, Liberty, Media, USA — Tags: , , , — Nicholas Russon @ 11:20

At Popehat, Clark explains why the security theatre response to the Marathon bombers was a lot of show, but not proportional to the actual threat posed by the two fugitives:

First, just in case it’s not utterly obvious, I’m glad that the two murderous cowards who attacked civilians in Boston recently are off the streets. One dead and one in custody is a great outcome.

That said, a large percent of the reaction in Boston has been security theater. “Four victims brutally killed” goes by other names in other cities.

In Detroit, for example, they call it “Tuesday”.

…and Detroit does not shut down every time there are a few murders.

“But Clark,” I hear you say, “this is different. This was a terrorist attack.”

Washington DC, during ongoing sniper terrorist attacks in 2002 that killed twice as many people, was not shut down.

Kileen Texas, after the Fort Hood terrorist attack in 2009 that killed three times as many people, was not shut down.

London, after the bombing terrorist attack in 2005 that killed more than ten times as many people, was not shut down.

Counting the cost of the city-wide lockdown:

First, the unprecedented shutdown of a major American city may have increased safety some small bit, but it was not without a cost: keeping somewhere between 2 and 5 million people from work, shopping, and school destroyed a nearly unimaginable amount of value. If we call it just three million people, and we peg the cost at a mere $15 per person per hour, the destroyed value runs to a significant fraction of a billion dollars.

[. . .]

Third, keeping citizens off the street meant that 99% of the eyes and brains that might solve a crime were being wasted. Eric S Raymond famously said that “given enough eyeballs, all bugs are shallow“. It was thousands of citizen photographs that helped break this case, and it was a citizen who found the second bomber. Yes, that’s right — it wasn’t until the stupid lock-down was ended that a citizen found the second murderer:

    boston.com

    The boat’s owners, a couple, spent Friday hunkered down under the stay-at-home order. When it was lifted early in the evening, they ventured outside for some fresh air and the man noticed the tarp on his boat blowing in the wind, according to their his son, Robert Duffy.

    The cords securing it had been cut and there was blood near the straps.

We had thousands of police going door-to-door, searching houses…and yet not one of them saw the evidence that a citizen did just minutes after the lock-down ended.

Come for the takedown of security theatre on a city-wide level, stay for the ultimate cops-and-donuts story.

March 5, 2013

Coming soon: the Police-Industrial Complex

Filed under: Law, Liberty, Media, USA — Tags: , , , , , — Nicholas Russon @ 00:01

Radley Balko interviewed by Vice:

How did 9/11 alter the domestic relationship between the military and police?

It really just accelerated a process that had already been in motion for 20 years. The main effect of 9/11 on domestic policing is the DHS grant program, which writes huge checks to local police departments across the country to purchase machine guns, helicopters, tanks, and armored personnel carriers. The Pentagon had already been giving away the same weapons and equipment for about a decade, but the DHS grants make that program look tiny.

But probably of more concern is the ancillary effect of those grants. DHS grants are lucrative enough that many defense contractors are now turning their attention to police agencies — and some companies have sprung up solely to sell military-grade weaponry to police agencies who get those grants. That means we’re now building a new industry whose sole function is to militarize domestic police departments. Which means it won’t be long before we see pro-militarization lobbying and pressure groups with lots of (taxpayer) money to spend to fight reform. That’s a corner it will be difficult to un-turn. We’re probably there already. Say hello to the police-industrial complex.

Is police reform a battle that will have to be won legally? From the outside looking in, much of this seems to violate The Posse Comitatus Act of 1878. Are there other ways to change these policies? Can you envision a blueprint?

It won’t be won legally. The Supreme Court has been gutting the Fourth Amendment in the name of the drug war since the early 1980s, and I don’t think there’s any reason to think the current Court will change any of that. The Posse Comitatus Act is often misunderstood. Technically, it only prohibits federal marshals (and, arguably, local sheriffs and police chiefs) from enlisting active-duty soldiers for domestic law enforcement. The president or Congress could still pass a law or executive order tomorrow ordering U.S. troops to, say, begin enforcing the drug laws, and it wouldn’t violate the Constitution or the Posse Comitatus Act. The only barrier would be selling the idea to the public.

December 26, 2012

QotD: Those who have given up liberty for “security”

Filed under: Government, Liberty, Quotations, USA — Tags: , , , , , — Nicholas Russon @ 11:13

Furthermore, do we really want to live in a world of police checkpoints, surveillance cameras, metal detectors, X-ray scanners, and warrantless physical searches? We see this culture in our airports: witness the shabby spectacle of once proud, happy Americans shuffling through long lines while uniformed TSA agents bark orders. This is the world of government provided “security,” a world far too many Americans now seem to accept or even endorse. School shootings, no matter how horrific, do not justify creating an Orwellian surveillance state in America.

Do we really believe government can provide total security? Do we want to involuntarily commit every disaffected, disturbed, or alienated person who fantasizes about violence? Or can we accept that liberty is more important than the illusion of state-provided security? Government cannot create a world without risks, nor would we really wish to live in such a fictional place. Only a totalitarian society would even claim absolute safety as a worthy ideal, because it would require total state control over its citizens’ lives. We shouldn’t settle for substituting one type of violence for another. Government role is to protect liberty, not to pursue unobtainable safety.

Our freedoms as Americans preceded gun control laws, the TSA, or the Department of Homeland Security. Freedom is defined by the ability of citizens to live without government interference, not by safety. It is easy to clamor for government security when terrible things happen; but liberty is given true meaning when we support it without exception, and we will be safer for it.

Ron Paul, “Seeking Total Security Leads to a Totalitarian Society”, Eurasia Review, 2012-12-26

May 14, 2012

On the TSA’s most recent security theatre follies

Filed under: Bureaucracy, Liberty, USA — Tags: , , , — Nicholas Russon @ 09:48

Bruce Schneier:

I too am incensed — but not surprised — when the TSA manhandles four-year old girls, children with cerebral palsy, pretty women, the elderly, and wheelchair users for humiliation, abuse, and sometimes theft. Any bureaucracy that processes 630 million people per year will generate stories like this. When people propose profiling, they are really asking for a security system that can apply judgment. Unfortunately, that’s really hard. Rules are easier to explain and train. Zero tolerance is easier to justify and defend. Judgment requires better-educated, more expert, and much-higher-paid screeners. And the personal career risks to a TSA agent of being wrong when exercising judgment far outweigh any benefits from being sensible.

The proper reaction to screening horror stories isn’t to subject only “those people” to it; it’s to subject no one to it. (Can anyone even explain what hypothetical terrorist plot could successfully evade normal security, but would be discovered during secondary screening?) Invasive TSA screening is nothing more than security theater. It doesn’t make us safer, and it’s not worth the cost. Even more strongly, security isn’t our society’s only value. Do we really want the full power of government to act out our stereotypes and prejudices? Have we Americans ever done something like this and not been ashamed later? This is what we have a Constitution for: to help us live up to our values and not down to our fears.

May 5, 2012

HMS Ocean heads up the Thames for Olympic security exercise

Filed under: Britain, Military — Tags: , , , , — Nicholas Russon @ 12:15

An interesting set of photos in the Telegraph showing the Royal Navy’s largest ship, helicopter carrier HMS Ocean being brought up the Thames for a security exercise in advance of the London Olympics:


A tight squeeze as the tugs work HMS Ocean through the Thames Barrier


HMS Ocean passes in front of the O2 Arena on her way up the Thames

April 25, 2012

Why fly?

Filed under: Government, Liberty, USA — Tags: , , , — Nicholas Russon @ 00:06

Amy Alkon on yet another blatant attempt by the TSA to lord it over passengers, especially the young, weak, and vulnerable:

Chris Morran on Consumerist excerpts a Facebook post from a Montana mom, Michelle Brademeyer, who was flying home from Kansas with her two young children and their grandmother. Grandma apparently triggered some alarm at the checkpoint, and was forced to have a seat and wait to be groped by an agent. That’s when the 4-year-old ran over to give Granny a hug. Sweet — until the TSA went all police state on them. The mother writes:

[. . .]

First, a TSO began yelling at my child, and demanded she too must sit down and await a full body pat-down. I was prevented from coming any closer, explaining the situation to her, or consoling her in any way. My daughter, who was dressed in tight leggings, a short sleeve shirt and mary jane shoes, had no pockets, no jacket and nothing in her hands. The TSO refused to let my daughter pass through the scanners once more, to see if she too would set off the alarm. It was implied, several times, that my Mother, in their brief two-second embrace, had passed a handgun to my daughter.

My child, who was obviously terrified, had no idea what was going on, and the TSOs involved still made no attempt to explain it to her. When they spoke to her, it was devoid of any sort of compassion, kindness or respect. They told her she had to come to them, alone, and spread her arms and legs. She screamed, “No! I don’t want to!” then did what any frightened young child might, she ran the opposite direction.

That is when a TSO told me they would shut down the entire airport, cancel all flights, if my daughter was not restrained. It was then they declared my daughter a “high-security-threat”.

[. . .]

The TSO loomed over my daughter, with an angry grimace on her face, and ordered her to stop crying. When my scared child could not do so, two TSOs called for backup saying “The suspect is not cooperating.” The suspect, of course, being a frightened child. They treated my daughter no better than if she had been a terrorist…

A third TSO arrived to the scene, and showed no more respect than the first two had given. All three were barking orders at my daughter, telling her to stand still and cease crying. When she did not stop crying on command, they demanded we leave the airport. They claimed they could not safely check my daughter for dangerous items if she was in tears. I will admit, I lost my temper.

Finally, a manager intervened. He determined that my child could, in fact, be cleared through security while crying. I was permitted to hold her while the TSO checked her body. When they found nothing hidden on my daughter, they were forced to let us go, but not until after they had examined my ID and boarding passes for a lengthy amount of time. When we arrived at our gate, I noticed that the TSOs had followed us through the airport. I was told something was wrong with my boarding pass and I would have to show it to them again. Upon seeing the TSO, my daughter was thrown into hysterics. Eventually, we were able to board our flight.

Terrorize ‘em young and they stay terrorized, pliable, and afraid to confront authority. It won’t be long before the TSA is Tasing ‘em before they can run away (if they don’t already have that power).

February 22, 2012

“Mr. Toews encapsulated both the intellectual bankruptcy of the post-9/11 security/freedom equation and the capricious, self-indulgent doltishness that sometimes infects the Conservative government’s policymaking”

Filed under: Cancon, Government, Liberty, Media, Technology — Tags: , , , , , — Nicholas Russon @ 11:19

Chris Selley in the National Post on the disappointing moment at the start of the fight against C-30, the Canadian government’s internet bill that would eviscerate what little privacy protection still exists:

The most disappointing moment in the otherwise heartening backlash against the Protecting Children from Online Predators Act came right at the beginning, immediately after Public Safety Minister Vic Toews issued his immortal Question Period ultimatum. Mr. Toews was defending a law that would, among other things, allow government agents to march into your Internet service provider, without a warrant, and “examine any document, information or thing.” In this regard, he said Liberal MP Francis Scarpaleggia, and by extension all Canadians, “can either stand with us or with the child pornographers.”

He deserved — Canadian democracy deserved — nothing less than a humiliating, well-crafted, immediate putdown. He didn’t even get a “for shame.”

[. . .]

In a dozen words, Mr. Toews encapsulated both the intellectual bankruptcy of the post-9/11 security/freedom equation and the capricious, self-indulgent doltishness that sometimes infects the Conservative government’s policymaking. Any high school student should be able to identify and debunk the fallacy Mr. Toews was employing; to defend the intrinsic value of freedom and privacy; to articulate the dangers of handing governments excessive and unnecessary powers.

[. . .]

So, I think Mr. Toews’ comment sealed the deal. In the light of day, the War on Terror-era “you’re with us or you’re with the terrorists” argument is cringe-inducing; sub in criminals for terrorists and it’s laughable. More importantly, though, I suspect Mr. Toews finally confirmed a certain suspicion among many Canadians: When the government tells you it needs to limit your privacy or freedom, what it probably means is that it wants to limit your privacy and freedom and thinks you won’t put up a fight. It’s delightful to see this government proved wrong.

February 4, 2012

When Canada’s Department of Transport became transphobic

Filed under: Bureaucracy, Cancon, Government, Liberty — Tags: , , , — Nicholas Russon @ 11:48

Tabatha Southey has an interesting article in the Globe & Mail. I was unaware that the Canadian Forces now support transitioning transgendered soldiers (and have done for more than a decade), but that another branch of the government headed in quite the opposite direction last year:

While I think we should take the transgender community’s word for it — that transitioning works to transform often excruciatingly unhappy gender-dysphoric people into contented people — there are lots of studies that back them up as well.

It’s hardly something that anyone would do for kicks. Transitioning isn’t for sissies, which is why it’s heart-warming that our military made a practical and humane decision to accommodate transgender soldiers. And it’s also why it’s unfortunate that since July, 2011, a Department of Transport rule has been on the books that could prevent those same transitioning soldiers from flying home for Christmas.

The existence of this rule was brought to light this week by blogger Jennifer McCreath. It states that if “a passenger does not appear to be of the gender indicated on the identification he or she presents,” that person is not allowed to fly.

I’m prepared to believe those who say transgender and inter-sex people aren’t the demographic the rule aims to catch, but that leaves me wondering who it is the authorities are trying to nab.

January 31, 2012

Homeland Security Theatre: The case of the “Destroy America” Brit twits

Filed under: Bureaucracy, Law, Media, USA — Tags: , , , , — Nicholas Russon @ 12:09

Jim Harper sifts through the evidence in the “Destroy America” Twitter case:

The Department of Homeland Security has been vague as yet about what actually happened. It may have been some kind of “social media analysis” like this that turned up “suspicious” Tweets leading to the exclusion, though the betting is running toward a suspicious-activity tipline. (What “turned up” the Tweets doesn’t affect my analysis here.) The boastful young Britons Tweeted about going to “destroy America” on the trip — destroy alcoholic beverages in America was almost certainly the import of that line — and dig up the grave of Marilyn Monroe.

Profoundly stilted literalism took this to be threatening language. And a failure of even brief investigation prevented DHS officials from discovering the absurdity of that literalism. It would be impossible to “dig up” Marilyn Monroe’s body, which is in a crypt at Westwood Memorial Park in Los Angeles.

[. . .]

Other facts could combine with Twitter commentary to create a suspicious circumstance on extremely rare occasions, but for proper suspicion to arise, the Tweet or Tweets and all other facts must be consistent with criminal planning and inconsistent with lawful behavior. No information so far available suggests that the DHS did anything other than take Tweets literally in the face of plausible explanations by their authors that they were using hyperbole and irony. This is simple investigative incompetence.

If indeed it is a “social media analysis” program that produced this incident, the U.S. government is paying money to cause U.S. government officials to waste their time on making the United States an unattractive place to visit. That’s a cost-trifecta in the face of essentially zero prospect for any security benefit.

January 3, 2012

Security Theatre: “So much inconvenience for so little benefit at such a staggering cost”

Filed under: Bureaucracy, Government, Liberty — Tags: , , , , — Nicholas Russon @ 12:51

Charles C. Mann visits the airport with security guru Bruce Schneier:

Since 9/11, the U.S. has spent more than $1.1 trillion on homeland security.

To a large number of security analysts, this expenditure makes no sense. The vast cost is not worth the infinitesimal benefit. Not only has the actual threat from terror been exaggerated, they say, but the great bulk of the post-9/11 measures to contain it are little more than what Schneier mocks as “security theater”: actions that accomplish nothing but are designed to make the government look like it is on the job. In fact, the continuing expenditure on security may actually have made the United States less safe.

[. . .]

From an airplane-hijacking point of view, Schneier said, al-Qaeda had used up its luck. Passengers on the first three 9/11 flights didn’t resist their captors, because in the past the typical consequence of a plane seizure had been “a week in Havana.” When the people on the fourth hijacked plane learned by cell phone that the previous flights had been turned into airborne bombs, they attacked their attackers. The hijackers were forced to crash Flight 93 into a field. “No big plane will ever be taken that way again, because the passengers will fight back,” Schneier said. Events have borne him out. The instigators of the two most serious post-9/11 incidents involving airplanes — the “shoe bomber” in 2001 and the “underwear bomber” in 2009, both of whom managed to get onto an airplane with explosives — were subdued by angry passengers.

[. . .]

Terrorists will try to hit the United States again, Schneier says. One has to assume this. Terrorists can so easily switch from target to target and weapon to weapon that focusing on preventing any one type of attack is foolish. Even if the T.S.A. were somehow to make airports impregnable, this would simply divert terrorists to other, less heavily defended targets — shopping malls, movie theaters, churches, stadiums, museums. The terrorist’s goal isn’t to attack an airplane specifically; it’s to sow terror generally. “You spend billions of dollars on the airports and force the terrorists to spend an extra $30 on gas to drive to a hotel or casino and attack it,” Schneier says. “Congratulations!”

December 24, 2011

Repost: Happy holiday travels!

Filed under: Bureaucracy, Humour — Tags: , , , — Nicholas Russon @ 10:28

H/T to Economicrot.

Older Posts »
« « Repost: ‘Tis the season to hate the senders of boastful holiday letters| QotD: The Prince Regent’s Christmas story » »

Powered by WordPress

%d bloggers like this: