Lithium

Last time I flew domestically in New Zealand, I had to make sure that my spare lithium battery pack was in carry-on rather than checked. It's safer that way because a fire from a shorted battery can be contained in the cabin but can't be so easily contained in the hold. 

Made sense.

America's looking to broaden its ban on laptops in the cabin. Rather than just affecting flights from the mid-east, where there might be somebody planning on making a laptop-bomb that could be activated from the cabin, it may extend to all flights.

Pretty good trick from the bad guys' perspective, if batteries in the hold are risky. Restricted to places with a relatively high risk of laptop bombs, maybe the ban passes cost-benefit. Applied everywhere, the tiny risk of any laptop spontaneously catching on fire adds up across all laptops and likely dominates bomb risk.

Here's Joe Nocera at Bloomberg

When a laptop in the passenger cabin spews smoke or bursts into flame — it’s happened some 19 times over the last five years, according to Christine Negroni, Forbes’s aviation blogger — it is quickly noticed and extinguished. But a fire in the cargo hold won’t be noticed, and experts say that the heat from such a fire quickly grows too high to be extinguished by the fire containment equipment in the hold.

That’s why the United States Postal Service stopped shipping products with lithium batteries overseas. It is why Federal Express classifies lithium-ion batteries as "dangerous goods" and imposed strict rules about how they must be packaged. It is why the Air Line Pilots Association has called for "comprehensive regulation governing cargo shipments of lithium batteries."

When I made some inquiries about why the F.A.A. wasn’t raising holy hell about Kelly’s laptop ban, giving its warnings about the dangers of the batteries, I was told that transporting lithium batteries in bulk creates a different scenario than shipping laptops and iPads in checked luggage. But the agency is also going to be conducting tests to gauge the potential danger a laptop ban might pose. Those tests are now in the planning stages. Given the pace at which the government moves — as well as the need to get this right — the work is unlikely to be done soon.

But consider: On a flight with, say, 200 passengers, there could be as many as 400 lithium-ion batteries in the cargo hold. Yes, they’re not packed together. But if one burst into flames in a suitcase, it is not hard to envision the flame spreading, and one battery after another exploding. And what if another manufacturer comes out with a faulty product, as Samsung did, after the ban is in place? It would dramatically raise the odds of a disaster.

When I asked [security expert Bruce] Schneier whether he thought as I do that the odds of a crash caused by a battery fire in the cargo hold was higher than a terrorist attack using a laptop bomb, he replied that there was "simply no way to make the numerical comparison." But, he added, "My intuition matches yours."

Simplest solution is just to continue avoiding travelling to the United States until it is less of an insane asylum. But please let's not import this bit of American nonsense here. Not much we can do about it if the US requires it on all flights to the US, but we can avoid imposing it on ourselves.

Solutions that only occur to economists?

Every now and then I see tweets like this one.

We call this physical "security" cc @SwiftOnSecurity pic.twitter.com/F0ixIZPgHF
— DownloadMoreRam.com (@DownloadMoreRam) October 1, 2014

It's inevitable that keypads will wear, dramatically reducing the number of options over which an intruder need search in a brute-force attack.

So why not design for it at the outset? Make and sell pads that have four or five of the keys pre-worn. If other keys wear down over time, it would be much harder to tell which are newly worn, and which were always like that. And an intruder could never really be sure whether the pad had pre-worn keys unless he'd been watching the door since it was installed.

Seems pretty obvious as solution. So why don't we have it?

1. Systematic underestimation of keypad tendency to do this?
   • But then wouldn't some clever firm take the market by pointing things out to consumers?
2. The solution not having occurred to anyone else?
   • This seems exceedingly unlikely; it is too obvious
3. Most purchasers caring less about security than about having been seen to have done something about security?
   • Maybe, but that can't hold in general
4. Buying this kind of keypad binds security-conscious places to rotating their codes every few months lest the code become common knowledge, with some firms then failing to follow up?
   • Seems unlikely: the ones that care about security to start with don't need the binding.

Here at the New Zealand Initiative, we rotate our door code every few months through the different digits.

GCSB Redux

I really wish that the Law Society's submission on the GCSB bill had been available prior to the submissions deadline. I suspect that I'm not the only one who failed to submit on the Bill because the precise changes from the status quo ex ante, and whether the changes were from the de facto or the de jure status quo, were, to a non-lawyer, sufficiently impenetrable to require several days' effort to decipher.

The Law Society instead makes it all nicely explicit for us. We are transforming a foreign intelligence agency into a domestic intelligence agency with minimal effective supervision. That's what it had looked like, but I sure wasn't qualified to say so. And so I didn't submit.

The Law Society notes that the Telecommunications Interception Capability and Security Bill violates basic rights to natural justice at common law because too low a threshold is established for the Courts to be able to prevent defendants from hearing evidence against them.

Their statement on the GCSB Bill is blunter than I'd expected. A few excerpts:

The Bill is intrusive. It would empower the GCSB to spy on New Zealand citizens and residents, and to provide intelligence to other government agencies in respect of those persons. It is inconsistent with the rights to freedom of expression and freedom from unreasonable search or seizure under NZBORA and with privacy interests recognised by New Zealand law.
...

Given the intrusive nature of the reforms and the fact that they prima facie conflict with established rights, they should be demonstrably justifiable, and be accompanied by appropriate safeguards. The Law Society has sought to undertake a proportionality analysis of the legislation to ascertain whether the intrusion on rights protected by NZBORA as a result of these measures is justified, and whether there are sufficient checks and balances on the powers the Bill proposes.

It is difficult to identify the pressing and substantial concerns that the Bill purports to remedy or address. It is not possible to identify any tangible or meaningful concerns from the Explanatory Note to the Bill and the accompanying ministerial press release, beyond an allusion to helping the GCSB “get on with the job of helping New Zealand public and private sector entities deal with the growing threat of cyber-attack”

David Farrar suggests that, if the GCSB legislation fails, we'll just have the Police enhancing their wiretapping capabilities when it has a warrant to engage in such things. But the Law Society notes:

Furthermore, it would appear that if the GCSB is called upon to assist another specified agency (such as the Police) by performing activities instead of that other agency, the activities performed by the GCSB in that capacity will receive the imprimatur and secrecy and immunity protections of the GCSB Act, when the same activities engaged in by the specified other agency itself would not do so in terms of the other agency’s empowering legislation. In that way, enlistment of GCSB “co-operation” may confer on the activities undertaken a protected legal status which they would not otherwise receive. Indeed, the very fact of GCSB involvement may mean that the activity in question is never disclosed to those affected. This outcome is unacceptable and inconsistent with the rule of law.

I far prefer the Police doing this kind of job under warrant. I like warrants. Again, here's the Law Society:

Indeed, the section 16 power to intercept without warrant or authorisation can no longer be
justified, given the greatly expanded scope of this warrantless power (having regard to the expansive definition of “information infrastructure” and the expanded scope of operations beyond “foreign intelligence”, canvassed above so that domestic as well as foreign intelligence is to be targeted by the GCSB). This power must now be considered as overly invasive of NZBORA rights, and/or as a disproportionate conferral of power, given the available alternatives (including the range of powers of interception already possessed by the New Zealand Security Intelligence Service and others).

Had this analysis been publicly available earlier on, and it likely would have been but for the Government's incomprehensible desire to push this through under urgency and thereby prevent public debate, I would have submitted in opposition to the Bill. I wouldn't have done it with my economist hat on, because I can't quantify any of this. It would be my Mont Pelerin Civil Rights Libertarian hat instead, though informed by the economist side.

I would have taken the Law Society's analysis as baseline, then noted that New Zealand's main apparent economic comparative advantage is in having a robust policy environment that weighs heavily the civil rights of its citizens and residents. That we're a bastion of sanity where policy doesn't over-react to perceived security threats. That we're the place that very sensibly adopted the only realistically effective airport security precaution subsequent to an attempted hijacking by a deranged woman: harden the cockpit doors against entry. We haven't gone for American airport security theatre. We haven't started having roadside checkpoints where people are commanded to present their papers and prove that they're not in the country illegally. And that this comparative advantage matters all the more as America and the UK get worse: the Outside of the Asylum is more attractive when the Inside of the Asylum gets that much nuttier.

Imagine an alternative world where, as America started seeing just what the NSA has been doing to them, we were instead implementing the kind of digital rights amendment suggested by Fab Rojas for the States:

The right of the people to be secure in their transactions made through electronic media and other forms of communication,  and in the data generated by such transactions, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. The people will retain the right to review such warrants and challenge them in the courts.

The US and OECD have been cracking down on so-called tax-havens; would that New Zealand could be excoriated by the Surveillance States as a rights-haven: a little dark blot on their surveillance maps where you have to get a real warrant from a real judge to be able to wiretap people, and to prove that there's a damned good reason for it. And be a place of refuge for those few who care enough about those kinds of freedoms to vote with their feet.

I wonder what the tech scene here could look like, in a decade's time, if some of the folks in Silicon Valley who do care about these things saw New Zealand as safe haven.

Peter Cresswell points to what we need to do to start protecting ourselves, if we're to be inside the asylum.

A small bit of sanity

Imagine that at some random American university, a student sent an over-the-top ridiculous letter to the student magazine culminating in a threat to shoot up the library. Would you expect:

1. Nobody to much notice
2. The police to have a chat with the letter writer
3. The University to expel the letter writer
4. The campus to go into lock-down with heightened security. Quadrocopters with cameras watching everybody. 

Here's what happened at Canterbury. 

A police plea for the name of the writer of a letter threatening to unload an automatic assault rifle in Canterbury University's library has been turned down by the institution's students association.

The letter, written anonymously and published in the students association's magazine Canta on March 20, lists a series of gripes the author has about university life, including people who ride bikes on the footpath and students who wear camouflage.

It then reads: "The above things are slowly transforming me from a Gandhi-like character to the kind of guy who is going to walk into James Hight [the library] one day with a fully loaded automatic assault rifle and unload my anger into you."

The letter has also featured on the magazine's website since March 20, but only came to the university's attention when a student's mother complained about it on Friday.

It's not exactly easy to get an automatic assault rifle in New Zealand. Semi-automatic hunting rifles, sure. That plus the basis of complaint being students riding bikes on footpaths... seems pretty unlikely that there's any serious threat.

University Vice-Chancellor Rod Carr said he only became aware of it yesterday and referred the matter to police. "This is a person who needs help," he said. Police university liaison officer Senior Constable Ken Carter said it did not appear any criminal offence had been committed and there was no indication of an immediate or direct threat. But he said such comments were a concern and he could understand how people were anxious about the letter, especially since incidents like the Boston bombings.

The Vice-Chancelleor would have to refer it to the police; it's the police's job to sort out if there's any there there.

Despite police asking for the individual's name, Carter said, the University of Canterbury Students Association (UCSA) had declined to release it on privacy grounds. Since no offence had been committed, police were unable to seek a warrant to force the release of the name.

"We are looking at other options for getting in touch with this person," Carter said. "We would like to speak with them, and hopefully satisfy ourselves that there is no need for concern. If they would like to come forward and contact us, we would welcome the opportunity to discuss the letter and the concerns it raises."

I love that freedom of the press extends to student magazines. And that the Police can't compel production of the writer's name absent there having been an offence.

[UCSA president Erin] Jackson did not respond to questions about why UCSA would not release the name to police. But she did say the last paragraph contained content that "could be interpreted to look like a non-specific threat", but the "tone of the letter was largely hyperbolic".

She said given the tenor of the letter, and UCSA's previous dealings with and knowledge of the author, it was assessed there was no serious threat.

"We are a student magazine that presents the views of all students. Sometimes these views are unpalatable or even offensive to the majority."

...

Carr said Canta was an independent campus publication and was not censored by the university.

He did not intend to increase security across the campus.

All of this seems sane to me. If you prefer living in a place where the default response would instead be a campus lock-down with SWAT teams all over the darned place, feel free to not emigrate to New Zealand.

Update: The UCSA asked the student to tell the police he's no threat; the student told the police; the UCSA reminded everybody that it was just a silly student letter written 5 weeks ago and that the fooferah is from ONE students' mother who complained to the media. And that's about it.

EQC data - Updated

So EQC accidentally released a spreadsheet matching claim numbers to physical addresses for most people in Christchurch with an earthquake claim. The breach didn't have names. [Substantial update at end]

I appreciate privacy concerns, but I'm far more worried about whether any privacy breach can yield instrumental harms.* And here, I'm having a hard time seeing it.

Imagine that you had the spreadsheet listing the claim number and home address for each house in Christchurch, but nothing else. How could you profit from that knowledge?

• Send fake invoices to EQC for payment. Claim to have done work on particular addresses and cite the EQC claim number. 
• But: you're probably going to have to give EQC a bank account for transfers. If the homeowner catches wind of it, the fraudster would likely be found out fairly quickly. So your best bet would be to drive around looking for houses where construction work was already underway and to invoice for those addresses, hoping that the receipt would be paid in the confusion and that you could just switch to a different fake company every week. I doubt this would work out, but there's random draw chance that EQC might pay out on any individual invoice. Enough of these and you might get a bit out of it.
• You could try calling into EQC to redirect payments that should have been going to the homeowner, but this is really unlikely to work. 
• You'd need to know enough about the claim to be able to make a plausible case;
• Name of the main claimant and enough identifying details to pass the first hurdle;
• Whether the house is Fletcher's or opt-out - if it's Fletcher's, I think EQC pays them directly. If it's opt-out, you'd need to know enough about the repairs to tell them something about the outstanding invoices you want sent to your new bank account.
• I bet you could get a lot of this out of Facebook pages for anybody listing a real address in Facebook.
• You'd need to be able to get through to EQC on the phone (hard), or send them letters with your new account information. In the latter case, they might notice a pile of letters all asking that payment be sent to some particular account. If you're phoning, you can always hang up if things aren't working out, so they only get the account number for the small set that work.

Bottom line: it's hard enough for legitimate claimants to get anything done through EQC; I doubt fraudsters could get much out of this kind of data breach. But maybe I underestimate their patience for sitting on hold, or their creativity.

* People shout a lot about privacy, then happily hand over massive amounts of private information in exchange for lollypops. If you're complaining about EQC privacy violations on your Facebook page, and you're doing it because of privacy per-se rather than because of fraud exploits, you're exactly the kind of person I'm talking about.

Update 1: Chatting with Paul Walker on the way out the door yesterday, I realized that the best mark is the homeowner rather than EQC. He suggested calling the homeowner to pry out more details that you could use with EQC. I then reckoned it made more sense to call the homeowners pretending to be EQC and saying the only thing left before final claim resolution was for them to wire over the deductible on their insurance claim so that EQC could pay the whole thing to Fletcher's at one go.

Update 2: There was way more information in the data breach than first reported:

Staples said he was not the only person to see the email which listed the household's claim number, asbestos rating, EQC tolerance approval, which aspects of the claim were on hold, land information, whether the address was awaiting assessments, engineer's report, the EQC supervisor, the contractor's name and quote, and EQC's value of damage estimate.

In the wrong hands, this could be rather damaging.

But wouldn't it be nice if homeowners could get their own files:

Staples also said he looked up the information for one of his clients on the list for whom his company had done repair work, costing $55,000.

EQC had said $55,000 was too much and had cash settled for $30,000 with the homeowner. But the spreadsheet showed EQC has allocated $59,000 for repairs.

Inducing failure

Is cybersecurity a market failure? Every individual counts the cost to him of a virus attack but ignores the cost to others if his system becomes a zombie spam machine; consequently, people underinvest in computer security.

Eli Dourado does a great job in taking on this kind of argument in his Mercatus working paper - on the syllabus in my Economics of Current Policy Issues course. 

First, the externality is, in most cases, inframarginal: most individuals have sufficient personal interest in ensuring security that the external benefit accrues inframarginally rather than at the margin. In other words, while it's true that people benefit others when they install proper security software, they're doing enough to benefit themselves at the same time that they're likely getting things right.

Second, there are plenty of other parties that have an encompassing interest in ensuring that the Internet works well. Google has a harder time selling ads if a lot of clicked links install malware and the like; consequently, Google works hard to make sure that, if you're using their Chrome browser, you get lots of warnings if you try to visit a dodgy site.

We'd think that Microsoft would have a similarly encompassing interest. Why isn't a decent security system built into Windows? I recently built a computer and put Windows 7 on it. After a bit of searching around, I found that Microsoft produces a very decent, and free, Internet security package. So I downloaded it, for free, and installed it. And I wondered why it wasn't built into the OS. Surely it would be in Microsoft's interest that people using their machines be protected against virus attacks, and it's precisely the kinds of people who don't know they need to go searching for an antivirus package who'd be the kinds of people who'd impose costs on others by letting their machines turn into a zombie.

Then I remembered... Microsoft gets slapped around by the Department of Justice and the European antitrust guys whenever they try to make Windows better by adding features. Bundling antivirus into Windows, where it should be, could be deemed a measure that the Europeans would figure would hurt competitors; hurting competitors seems to matter more than helping consumers in European law. And Eli pointed me to this article from 2008 offering antitrust as reason why antivirus hadn't been built into Windows.

Fortunately, it looks like Microsoft's found a workaround for Windows 8. Antivirus will be built in, but will be automatically switched off if any other vendor's product is installed; it only turns back on if the user fails to renew the subscription to the alternative product. Note that Windows 8 is already under antitrust investigation in Europe, but for browser default issues rather than antivirus (so far).

Exam security

Canterbury takes its invigilated exams pretty seriously.

Students in our big 100-level exams have to leave all of their materials at the front of the room save a pencil, pen, ruler or non-programmable calculator (as needed for the exam). Hats have to be left at the front of the room. We arrange students through the room in a checkerboard; we know where each student is seated so we can check scripts later on if we suspect somebody's copied from a neighbour. Two invigilators stalk the room throughout. We leave a blank row after every second row of students so the invigilators can get up to any student who's asking a question, or who is peeking a bit too often up a shirt sleeve.

What are the key features of this set-up?

• Students can't tell where they'll be seated before entering the room. They'll likely be seated near somebody with an alphabetically close last name, but they can't tell where in the room they'll be.
• Students can't easily smuggle answers in; the only materials they're supposed to have in front of them are the ones they have to have, though we'll usually allow a water or drink bottle.
• Students don't have access to the blank exam booklets, which vary colour from year to year and, occasionally, by whatever the lecturer happens to have had in his older stock. It's not always easy to predict what the colour of the exam booklet cover will be, so it's harder to smuggle in one that has notes inside.
• Invigilators can approach any student from an oblique angle; as they can be behind a student, it's hard for a student to tell when he's being watched.

Turns out that those measures would thwart most of the exam hacks that students taking this government cybersecurity course tried when they were instructed to try to cheat on the exam. The quiz asked them to write the first hundred digits of pi. Some of the hacks were very nice, but students didn't have to try all that hard given the reasonably lax exam setting.

 

Here's the working paper: Embracing the Kobayashi Maru. What did the students try?

• Variants of encoding the answer onto materials they were allowed to bring into the exam with them: textbooks; the back of name tags that always sit on desks; notebooks; course schedules; post-it notes; food; coffee cup sleeves; random materials that might be in a pencil case; hidden in a watch bezel; bringing in a pre-completed answer sheet hidden among other papers.
• Variants of hacking the exam room: writing on ceiling tiles; writing the answer on sheets of paper in the pile that the invigilators were likely to distribute on request for blank papers; hiding the answer within the computers on the desks;
• Hacking the grader's or invigilator's laziness: Memorize the first ten digits, then provide random numbers.

Most of these won't work given our processes. To what sorts of attacks could we still be vulnerable? Security through obscurity is a pretty poor solution and I'm sure our students are more creative than I am anyway. So here are a few potential options:

• Notes written on or around drink bottles or coffee cup sleeves;
• Notes hidden on one's person and accessed in the privacy of a toilet stall, especially if you've drawn the lucky straw and both invigilators are of not-your-gender;
• Small notes written on erasers or taped inside the sleeve of a programmable calculator;
• Small notes hidden inside pencil cases if the invigilator isn't strict enough on the "pencils and pens only" rule;
• A note hidden under a pony-tail or in dreadlocks.

Options are near limitless for variants on open book or open notes exams; fair systems would let students either bring in anything (completely open book) or restrict students to bringing in only one or two sheets of paper of specified size. Otherwise you're just encouraging students to encode notes on the cover or in the text of the book.

Perhaps I should include a "Please cheat on this question" question in the midterms next semester. Academic misconduct and a visit to the proctor for cheating on other questions, but only a zero on that question if caught cheating on it with bonus points for demonstrating the hack afterwards; then we'd have a better list of things for which to watch out for subsequent cohorts. But as I'm not even sure it's a good idea, it's pretty unlikely that I'd be able to convince the various "Powers That Veto" that it's all that hot.

No exam system will ever be hack-free. It's important to set a strong anti-cheating norm, demonstrating that students could reasonably expect to be caught if they try so they don't expect to be disadvantaged if they don't cheat. Our processes probably do more to encourage honesty by showing that we care about honesty and setting the right expectations than by thwarting the most determined of exam hackers.

Customs NZ

Anyone interesting coming to New Zealand ought use whole disk encryption prior to travel, using a randomly chosen key left with someone out of country, then phoning home to get the key on arrival.

Customs here may be following overseas trends in using customs powers as an end-run around warrant requirements.

Bruce Schneier helpfully explains how to protect yourself.

Travel safe...

Hypothesis Three it is

Like I said, Hypothesis Three:

There's nothing the TSA can really do, but idiots demand they do something and the only something that passengers can observe is how much they're being inconvenienced?

Reports Scott Beaulier today:

I travel a lot, and that's been true since well before 09/11. In that time, I've never seen or experienced anything close to the invasion Anemone and I experienced trying to get home yesterday at Heathrow and then again in Atlanta. 3.5 hours of additional screening were added onto our trip (i.e., normal harassment would have got us out of Heathrow two hours sooner and through Atlanta 1.5 hours sooner).

Far more disgusting than the TSA invasion and complete waste of time was the nonsense we heard from people around us all afternoon, such as, "Well, whatever it takes to keep anything bad from happening," and "It's really not that big a deal." Best of all, at the end of our trip, people in front of us were eager to jump into the "whole body imaging technology" machine when we arrived in Atlanta!

Who would have thought kissing your civil liberties good-bye could be so much fun, would be something people would literally run for, and would occur for many without even a momentary pause to consider the inconvenience and immorality of it all???

Ira turns two in February; his sister is on the way end-April. Fortunately, security lines basically don't exist in New Zealand and Australia, unless you're flying to the US. The biggest hassle is that customs in Melbourne always pulls me up for secondary inspection and interrogation, but that only adds 20 minutes. Unfortunately, Sue wants to go back Stateside for a visit sometime this year. I'm dreading having Ira in one of those lines. Absolutely dreading. It will be awful. If Ira were older, it could be an object lesson in the merits of voters and government. But there won't even be that upside.

Calculated risks

Nate Silver over at FiveThirtyEight runs the kind of back-of-the-envelope calculation on the risks of being in a hijacked aircraft that you might expect as part of a McKinsey interview.

There were a total of 674 passengers, not counting crew or the terrorists themselves, on the flights on which these incidents occurred. By contrast, there have been 7,015,630,000 passenger enplanements over the past decade. Therefore, the odds of being on given departure which is the subject of a terrorist incident have been 1 in 10,408,947 over the past decade. By contrast, the odds of being struck by lightning in a given year are about 1 in 500,000. This means that you could board 20 flights per year and still be less likely to be the subject of an attempted terrorist attack than to be struck by lightning.

What's the most you'd pay for insurance against a 1 in 10.4 million event? Since the value of a statistical life, backed out of these kinds of calculations, is $7 million, our best guess is that folks would be unwilling to spend more than a dollar to insure against this risk. I get the feeling that the TSA's budget is considerably more than that.

Ok, class: Assume that if you reduce TSA spending by an order of magnitude the risk of a terrorist incident also rises by an order of magnitude. By how many orders of magnitude ought the TSA budget be reduced to get spending to a level commensurate with the estimated risks?

Terrorists' objectives

Can we reject the null hypothesis that Osama's crew have agents inside the TSA and that their whole objective is to give these agents reasons to make travelers' lives hell?

Radley Balko:

Seems to me that what this, Flight 93, and the Richard Reid incident have shown us is that the best line of defense against airplane-based terrorism is us. Alert, aware, informed passengers.

TSA, on the other hand, equates hassle with safety. For all the crap they put us through, this guy still got some sort of explosive material on the plane from Amsterdam. He was stopped by law-abiding passengers. So TSA responds to all of this by . . . announcing plans to hassle law-abiding U.S. passengers even more.

Andrew Leigh:

Huh? Are attempts to bring down planes more serious in the last hour of flight than the first? And has anyone who writes these rules ever travelled with a baby or a child?

This of course follows the US TSA’s decision to waste thousands of passenger hours in requiring shoes to be removed for baggage screening, despite the fact that there is nothing you can hide in your shoes that you could not also hide in your underwear.

And, of course, Bruce Schneier, who, in a sane world, would have immediately been appointed head of the TSA DHS on Obama's inauguration:

And what sort of magical thinking is behind the rumored TSA rule about keeping passengers seated during the last hour of flight? Do we really think the terrorist won't think of blowing up their improvised explosive devices during the first hour of flight?
For years I've been saying this:

Only two things have made flying safer [since 9/11]: the reinforcement of cockpit doors, and the fact that passengers know now to resist hijackers.

This week, the second one worked over Detroit. Security succeeded.

So, is it then:

1. The TSA are in it with the terrorists to create maximum inconvenience for travelers and augment the TSA budget
2. The TSA are complete idiots
3. There's nothing the TSA can really do, but idiots demand they do something and the only something that passengers can observe is how much they're being inconvenienced?

I lean towards the last one, with a slim chance of the first one.

Blogging continues to be very light over Christmas. On the plus side, the (unheated) pool is now cleaned and ready for the two months of service we can expect from it, given the weather here. Ira's been greatly enjoying runs into the ocean as well - he especially likes it when waves almost splash his face. We really need to learn to carry swim gear whenever we leave the house with him; odds are he'll lead us to the beach, and if Ira gets to the beach, chances are he'll want to get into the water. Last time, my shirt served as his towel....

Beyond Security Theatre

Schneier on "Beyond Security Theater"

Refuse to Be Terrorized

By not overreacting, by not responding to movie-plot threats, and by not becoming defensive, we demonstrate the resilience of our society, in our laws, our culture, our freedoms. There is a difference between indomitability and arrogant "bring 'em on" rhetoric. There's a difference between accepting the inherent risk that comes with a free and open society, and hyping the threats.

We should treat terrorists like common criminals and give them all the benefits of true and open justice -- not merely because it demonstrates our indomitability, but because it makes us all safer. Once a society starts circumventing its own laws, the risks to its future stability are much greater than terrorism.

Supporting real security even though it's invisible, and demonstrating indomitability even though fear is more politically expedient, requires real courage. Demagoguery is easy. What we need is leaders willing both to do what's right and to speak the truth.
...
Today, we can project indomitability by rolling back all the fear-based post-9/11 security measures. Our leaders have lost credibility; getting it back requires a decrease in hyperbole. Ditch the invasive mass surveillance systems and new police state-like powers. Return airport security to pre-9/11 levels. Remove swagger from our foreign policies. Show the world that our legal system is up to the challenge of terrorism. Stop telling people to report all suspicious activity; it does little but make us suspicious of each other, increasing both fear and helplessness.

And computer viruses suddenly become more terrifying

An inspection for his defense revealed the laptop was severely infected. It was programmed to visit as many as 40 child porn sites per minute – an inhuman feat. While Fiola and his wife were out to dinner one night, someone logged on to the computer and porn flowed in for an hour and a half.

Prosecutors performed another test and confirmed the defense findings. The charge was dropped – 11 months after it was filed.

The Fiolas say they have health problems from the stress of the case. They say they've talked to dozens of lawyers but can't get one to sue the state, because of a cap on the amount they can recover.

"It ruined my life, my wife's life and my family's life," he says.

The Massachusetts attorney general's office, which charged Fiola, declined interview requests.

From Huffington, HT: Radley Balko.

Bruce Schneier notes that antivirus programs have been getting less effective over time.

Social hacks and fire drills

Bruce Schneier often points out that the biggest gap in any company's security is the employees themselves, who'll often give away the farm to phishers who email seeking company passwords.

We have fire drills here at Canterbury once per semester to make sure that folks know what to do when the buzzers ring. Very annoying, and it's pretty unclear to me that they do much to improve preparedness (what's so hard about walking down the stairs anyway?)

But it makes me wonder whether company IT departments, including our University's, oughtn't run phishing drills. The IT department could send a phishing message (from an external server, obviously) to all staff, making sure it gets through the spam filters straight to the inbox. Standard drill phish requesting user details. Watch then to see which staff respond. Then, go and fix those staff. Do it a few times a year. It imposes zero additional cost on sensible users, who'll just delete it with the 5 other spam messages that make it through the filters each morning. But it'll help to identify the geniuses who'd give the phishers a way into our intranet.

Best I'm aware, we're not doing this. Is anybody? Why not? About twice a year we get emails from IT warning about a phishing scam that's making the rounds, so they must think, and are probably right, that some folks are ripe for pwning. Best to identify them quickly and get 'em sorted, no?