H/T to Economicrot. Many many more at the link.
December 20, 2017
June 29, 2017
QotD: The medical equivalent of security theatre
The most common reason for admission to a psychiatric hospital is “person is a danger to themselves or others”. The average length of stay in a psychiatric hospital is about one week.
Some clever person might ask: “Hey, don’t most psychiatric medicines require more than a week to take effect?” Good question! The answer is “yes”. Antidepressants classically take four weeks. Lithium and antipsychotics are more complicated, but the textbooks will still tell you a couple of weeks in both cases. And yet people are constantly being brought to psychiatric hospitals for dangerousness, treated with medications for one week, and then sent off. What gives?
As far as I can tell, a lot of it is the medical equivalent of security theater.
Scott Alexander, “Reflections From The Halfway Point”, Slate Star Codex, 2015-06-29.
Comments Off on QotD: The medical equivalent of security theatre
November 2, 2016
Online security theatre: “We sell biometric authentication systems to people who need a good password manager”
Joey DeVilla linked to this discussion of the Mirai botnet and the distressing failures of online security … not for the brilliance and sophistication of the attack (it was neither), but the failure to address simple common-sense security issues:
I’ve written about 1988’s Morris worm, and I wanted to dig into the source of the Mirai botnet (helpfully published by the author) to see how far we’ve come along in the past 28 years.
Can you guess how Mirai spreads?
Was there new zeroday in the devices? Hey, maybe there was an old, unpatched vulnerability hanging — who has time to apply software updates to their toaster? Maybe it was HeartBleed 👻?
Nope.
Mirai does one, and only one thing in order to break into new devices: it cycles through a bunch of default username/password combinations over telnet, like “admin/admin” and “root/realtek”. For a laugh, “mother/fucker” is in there too.
Default credentials. Over telnet. That’s how you get hundreds of thousands of devices. The Morris worm from 1988 tried a dictionary password attack too, but only after its buffer overflow and sendmail backdoor exploits failed.
Oh, and Morris’ password dictionary was larger, too.
Comments Off on Online security theatre: “We sell biometric authentication systems to people who need a good password manager”
August 26, 2016
QotD: France’s “burkini” ban
France, like the rest of the liberal West, gets this exactly and lethally wrong. First we forbid individuals their natural right to set the rules within their own property, to exclude and admit who they choose, to demand the burkini or to ban it. Then we set the law on people for the crime of wearing too much cloth on the public beach. A photograph is reproduced worldwide showing three armed male policemen standing over a Muslim woman and making her remove the clothes she considers necessary for modesty. Whatever your opinion of Islam and its clothing taboos, does anyone in the world believe that this makes the next jihadist attack less likely? To call it “security theatre” would be a compliment. The popular entertainment it calls to mind is that of the mob stripping and parading une femme tondue.
Natalie Solent, “Security strip”, Samizdata, 2016-08-24.
April 1, 2016
QotD: The real purpose of the TSA
The big pretend that costuming and repurposing mall food court workers as “security” will be anything approaching that has fooled the lazy American public that takes its civil liberties for granted.
They miss most of the items in DHL tests of their detection abilities, and really, it is clear that this is not security but a jobs program for unskilled earners, a cash program for former government employees like Michael Chertoff and the companies they are associated with, and obedience training for the American public — to be docile in the face of their rights being yanked from them.
Amy Alkon, “The Tragedy In Belgium Shows Up The Utter Fallacy That The TSA Will Keep You Safe”, Advice Goddess Blog, 2016-03-22.
Comments Off on QotD: The real purpose of the TSA
December 12, 2015
The US government’s no-fly list
Kevin Williamson on the travesty that is the no-fly list:
There are many popular demons in American public life: Barack Obama and his monarchical pretensions, Valerie Jarrett and her two-bit Svengali act, or, if your tastes run in the other direction, the Koch brothers, the NRA, the scheming behind-the-scenes influences of Big Whatever. But take a moment to doff your hat to the long, energetic, and wide-ranging careers of three of our most enduring bad guys: laziness, corruption, and stupidity, which deserve special recognition for their role in the recent debates over gun control, terrorism, and crime.
The Democratic party’s dramatic slide into naked authoritarianism — voting in the Senate to repeal the First Amendment, trying to lock up governors for vetoing legislation, and seeking to jail political opponents for holding unpopular views on global warming, etc. — has been both worrisome and dramatic. The Democrats even have a new position on the ancient civil-rights issue of due process, and that position is: “F— you.” The Bill of Rights guarantees Americans (like it or not) the right to keep and bear arms; it also reiterates the legal doctrine of some centuries standing that government may not deprive citizens of their rights without due process. In the case of gun rights, that generally means one of two things: the legal process by which one is convicted of a felony or the legal process by which one is declared mentally incompetent, usually as a prelude to involuntary commitment into a mental facility. The no-fly list and the terrorism watch list contain no such due process. Some bureaucrat somewhere in the executive branch puts a name onto a list, and that’s that. The ACLU has rightly called this “Kafkaesque.”
Here’s where our old friends laziness and stupidity play a really prominent role: The no-fly list is not composed of identities, but merely names. Lots of people share the same name. So, for instance, the late Senator Ted Kennedy ended up on the no-fly list, because somebody had used his name (or a similar name) as an alias. Among people called “Kevin Williamson,” we find myself, the famous Scream screenwriter, a notable Scottish politician and political activist (he is also the author of Drugs and the Party Line), a Canadian entertainment journalist, a fine woodworker who sells his wares on Twitter, and a famous underwear model for whom I am unlikely to be mistaken. If a trip to the DMV or the IRS one day eventually sends me over the edge into full-on barking mad durka-durka-Mohammed-jihad territory, those other Kevin Williamsons are going to suffer simply because we share a name.
And, of course, every third actual dirtbag terrorist has the same name as a million other ordinary schmoes, because Arabic names tend to be a little repetitive. (Is there a Mohammed al-Mohammed in the house? Seriously, go to LinkedIn and see how many graphic designers and accountants walking this good green Earth share that name.)
Comments Off on The US government’s no-fly list
October 3, 2015
The TSA and the transgendered traveller
Scott Shackford on the special hell the TSA reserves for transgendered air travellers:
When Shadi Petosky began tweeting about her terrible treatment at the hands of Transportation Security Administration (TSA) workers at Orlando International Airport on Sept. 21, she detailed an experience of being ordered around, patted down, dehumanized, and threatened. She was describing a situation familiar to anybody who gets caught up in the agency’s airport security theater.
Petosky is also transgender, and that played heavily into her experience. But being transgender and tripping up alerts at airports and getting taken aside or treated poorly is also not a new problem with TSA screening, though it was the first time Petosky, a writer and producer, had an encounter this bad. While she was tweeting her experience, other transgender people on Twitter responded about having similar problems.
What’s new is that Petosky’s encounter ended up getting significant news coverage, from The New York Times, to the Los Angeles Times, to Vox.com, along with television networks. The coverage highlighted a problem that has persisted for a while: TSA agents are not well-trained to deal with transgender travelers, leaving these flyers uncertain of what to expect when going through airports. Furthermore, the screening technology used for scanning bodies passing through the airport has no real mechanism for recognizing the biology of transgender travelers, prompting confusion to trigger completely unfounded security fears.
Many travelers may not even realize it, but as they’re forced in to spread eagle for body scanners in security lines at the airport, a TSA agent is pressing a button telling the machine whether the person inside is a male or female. They don’t ask—they just look and decide. In Petosky’s case, the TSA employee saw a woman and pressed the appropriate button. And then the employee declared there was an “anomaly,” which Petosky bluntly explains to Reason, is her penis.
Comments Off on The TSA and the transgendered traveller
July 11, 2015
Reason.tv – The TSA’s 12 Signs You Might Be a Terrorist
Published on 9 Jul 2015
Traveling this summer? Avoid these officially terrorist-y behaviors—or you might get detained.
Comments Off on Reason.tv – The TSA’s 12 Signs You Might Be a Terrorist
January 10, 2015
Sub-orbital airliners? Not if you know much about economics and physics
Charles Stross in full “beat up the optimists” mode over a common SF notion about sub-orbital travel for the masses:
Let’s start with a simple normative assumption; that sub-orbital spaceplanes are going to obey the laws of physics. One consequence of this is that the amount of energy it takes to get from A to B via hypersonic airliner is going to exceed the energy input it takes to cover the same distance using a subsonic jet, by quite a margin. Yes, we can save some fuel by travelling above the atmosphere and cutting air resistance, but it’s not a free lunch: you expend energy getting up to altitude and speed, and the fuel burn for going faster rises nonlinearly with speed. Concorde, flying trans-Atlantic at Mach 2.0, burned about the same amount of fuel as a Boeing 747 of similar vintage flying trans-Atlantic at Mach 0.85 … while carrying less than a quarter as many passengers.
Rockets aren’t a magic technology. Neither are hybrid hypersonic air-breathing gadgets like Reaction Engines‘ Sabre engine. It’s going to be a wee bit expensive. But let’s suppose we can get the price down far enough that a seat in a Mach 5 to Mach 10 hypersonic or sub-orbital passenger aircraft is cost-competitive with a high-end first class seat on a subsonic jet. Surely the super-rich will all switch to hypersonic services in a shot, just as they used Concorde to commute between New York and London back before Airbus killed it off by cancelling support after the 30-year operational milestone?
Well, no.
Firstly, this is the post-9/11 age. Obviously security is a consideration for all civil aviation, right? Well, no: business jets are largely exempt, thanks to lobbying by their operators, backed up by their billionaire owners. But those of us who travel by civil airliners open to the general ticket-buying public are all suspects. If something goes wrong with a scheduled service, fighters are scrambled to intercept it, lest some fruitcake tries to fly it into a skyscraper.
So not only are we not going to get our promised flying cars, we’re not going to get fast, cheap, intercontinental travel options. But what about those hyper-rich folks who spend money like water?
First class air travel by civil aviation is a dying niche today. If you are wealthy enough to afford the £15,000-30,000 ticket cost of a first-class-plus intercontinental seat (or, rather, bedroom with en-suite toilet and shower if we’re talking about the very top end), you can also afford to pay for a seat on a business jet instead. A number of companies operate profitably on the basis that they lease seats on bizjets by the hour: you may end up sharing a jet with someone else who’s paying to fly the same route, but the operating principle is that when you call for it a jet will turn up and take you where you want to go, whenever you want. There’s no security theatre, no fuss, and it takes off when you want it to, not when the daily schedule says it has to. It will probably have internet connectivity via satellite—by the time hypersonic competition turns up, this is not a losing bet—and for extra money, the sky is the limit on comfort.
I don’t get to fly first class, but I’ve watched this happen over the past two decades. Business class is holding its own, and premium economy is growing on intercontinental flights (a cut-down version of Business with more leg-room than regular economy), but the number of first class seats you’ll find on an Air France or British Airways 747 is dwindling. The VIPs are leaving the carriers, driven away by the security annoyances and drawn by the convenience of much smaller jets that come when they call.
For rich people, time is the only thing money can’t buy. A HST flying between fixed hubs along pre-timed flight paths under conditions of high security is not convenient. A bizjet that flies at their beck and call is actually speedier across most intercontinental routes, unless the hypersonic route is serviced by multiple daily flights—which isn’t going to happen unless the operating costs are comparable to a subsonic craft.
Comments Off on Sub-orbital airliners? Not if you know much about economics and physics
December 22, 2014
Repost – Happy Holiday Travels!
H/T to Economicrot. Many many more at the link.
Comments Off on Repost – Happy Holiday Travels!
October 31, 2014
US government’s no-fly list at an all-time high
In The Atlantic, Conor Friedersdorf talks about the travesty that is the US government’s no-fly list:
An image accompanying the scoop starkly illustrated an out-of-control watchlist. (The Intercept)
Months ago, The Intercept reported that “nearly half of the people on the U.S. government’s database of terrorist suspects are not connected to any known terrorist group.” Citing classified documents, Jeremy Scahill and Ryan Devereaux went on to report that “Obama has boosted the number of people on the no fly list more than ten-fold, to an all-time high of 47,000 — surpassing the number of people barred from flying under George W. Bush.” Several experts were quoted questioning the effectiveness of a watch list so expansive, echoing concerns expressed by the Associated Press the previous month as well as the ACLU.
The Intercept article offered a long overdue look at one of the most troubling parts of the War on Terrorism. Being labeled a suspected terrorist can roil or destroy a person’s life — yet Team Obama kept adding people to the list using opaque standards that were never subject to democratic debate. Americans were denied due process. Innocent people were also put on a no-fly list with no clear way to get off.
As the ACLU put it, “The uncontroversial contention that Osama bin Laden and a handful of other known terrorists should not be allowed on an aircraft is being used to create a monster that goes far beyond what ordinary Americans think of when they think about a ‘terrorist watch list.’ If the government is going to rely on these kinds of lists, they need checks and balances to ensure that innocent people are protected.” The status quo made the War on Terror resemble a Franz Kafka novel.
Comments Off on US government’s no-fly list at an all-time high
July 13, 2014
Security theatre still running at peak farcicality – no end in sight
In the Daily Mail, Peter Hitchins sums up all the individual losses to personal liberty, actual security, and civil discourse bound up in the never-ending security theatre performances at airports and other travel centres:
We have become a nation of suspects. The last wisps of British liberty are being stripped away and, as usual, this is happening with the keen support of millions.
[…]
Then there are the comical new ordeals travellers must face if they are foolish enough to want to go anywhere by plane.
At least they would be comical if we were allowed to laugh at them, but even to joke about ‘security’ in the hearing of some grim-jawed official is to risk detention and a flight ban.
There’s an odd thing about this. We are constantly told that our vast, sour-faced and costly ‘security’ services, and various ‘British FBIs’ and ‘British KGBs’ are fully on top of the terror threat, and ceaselessly halting plots.
How is it then that they claim not to know if harmless aunties from Cleethorpes or Worthing are planning to manufacture an airborne bomb with the ingredients of a make-up bag?
Just in case such a person is a jihadi sleeper agent, she, and thousands of other innocents, must be treated as criminal suspects.
Like newly registered convicts, they must stand in humble queues, meek before arbitrary power.
They must remove clothing, allow strangers to peer at their nakedness in scanning machines, permit inspections of their private possessions and answer stupid questions with a straight face.
They must be compelled to accept this treatment without protest or complaint.
In fact, when we enter an airport these days, we enter a prototype totalitarian state, a glimpse of how it will eventually be everywhere if we do not find a way of resisting this horrible change.
Comments Off on Security theatre still running at peak farcicality – no end in sight
April 7, 2014
US government data security failures
David Gewirtz says that the press has totally mis-reported the scale of government security breaches:
Summary: This is one of those articles that spoils your faith in mankind. Not only are government security incidents fully into holy-cow territory, the press is reporting numbers three magnitudes too low because someone misread a chart and everyone else copied that report.
You might think this was an April Fool’s gag, except it was published on April 2nd, not April 1st.
According to testimony given by Gregory C. Wilshusen [PDF], Director of Information Security Issues for the Government Accountability Office to United States Senate Committee on Homeland Security and Governmental Affairs that, and I quote, “most major federal agencies had weaknesses in major categories of information security controls.”
In other words, some government agency data security functions more like a sieve than a lockbox.
Some of the data the GAO presented was deeply disturbing. For example, the number of successful breaches doubled since 2009. Doubled. There’s also a story inside this story, which I’ll discuss later in the article. Almost all of the press reporting on this testimony got the magnitude of the breach wrong. Most reported that government security incidents numbered in the thousands, when, in fact, they numbered in the millions.
Emphasis mine. Here are the actual numbers:
Incidents involving personal identifying information grew from about 10.5 million in 2009 to over 25 million last year. By the way, some press reports on this misread the GAO’s charts. For example, the Washington Free Beacon wrote about this, claiming “25,566 incidents of lost taxpayer data, Social Security numbers, patient health information.” What they missed was the little notation on the chart that says “in thousands,” so when they reported 25,566 incidents, what that really reads as is 25,566 x 1000 incidents.
This is an example of how the Internet echo chamber can get information very, very wrong. The Chicago Tribune, via Reuters reported the same incorrect statistic. So did InformationWeek. So did FierceHealthIT. Business Insider picked up the Reuters report and happily repeated the same statistic — which was three orders of magnitude incorrect.
This is why I always try to go to the original source material [PDF] and not just repeat the crap other writers are parroting. It’s more work, but it means the difference between reporting 25 thousand government breaches and 25 million government breaches. 25 thousand is disturbing. 25 million is horrifying.
Comments Off on US government data security failures
February 15, 2014
What is your threat level?
H/T to Cory Doctorow for the link.
Comments Off on What is your threat level?
December 24, 2013
Reason.tv – The TSA’s 12 Banned Items of Christmas
Published on 23 Dec 2013
As travelers board planes this holiday, please be aware of 12 actual banned items from the Transportation Security Administration.
Comments Off on Reason.tv – The TSA’s 12 Banned Items of Christmas
