WW: Bruce Schneier on why security can't work

Sun Mar 17 15:04:12 UTC 2013

The US law enforcement is getting closer and closer at being able to
be DDoS-ed very effectively because of all of their advisories about
"see something, say something" and all other scare tactics crap they
come up with.
I mean it's bad some guy shot up a lot of people in a theater or in a
school, but now it's sufficient to call 911 and say you saw a guy with
what looks like an assault riffle in a theater or school campus and
the just grab a bucket of popcorn and see everyone panic and SWAT
teams with guns blazing canvasing the objective.
Do it in a coordinated fashion on a daily basis and bam: DDoS at it's
finest. No one would take a chance to treat the calls as pranks
because if they get it wrong only once, they will be in a very big
s***storm.
Not to talk about economic losses because once a day a mall gets
evacuated for a few hours. The cost of pulling it off: none. 911 calls
are free :))

Today, tomorrow, someone else will shoot up a mall. What are you going
to do ? Install TSA scanners at mall entrances ? No problem, you can
shoot people in a subway station ? What, TSA at every subway station
entrance in the country ? At every bus station ? Blackwater security
with metal detectors every conference held in a hotel ?
Or just play it cool and live normally with the chance that the next
disgruntled person with a gun will not choose the same place you
happen to be at at any particular time.

The "disgruntled person with a gun" can be replaced with your favorite
type of bad guy (bio-terrorist, suicide bomber etc).

It's not a secret that people do stupid things when they're scared and
all of the world's governments know this and never loose the chance to
pass more restrictive laws whenever a tragedy happens and people would
support anything that they believe would stop another incident.

What people need is more common sense and not be get scared and
panicked by whatever scare the media throws at at them. They would
twist  stories to get ratings in unimaginable ways.

Statistically speaking, everyone of us has a chance everyday to die in
an accident (get hit by a car, bus, metro, train whatever). This does
not mean that everyone should stay home and do nothing. Even at home
you can cat yourself very bad with a knife making dinner :))

Minimize the big threats using intelligence services effectively, and
smaller ones if you can in a non-intrusive way. Perfect security will
never be something that can be attained. Even from North Korea people
escape from time to time, and they are surveilled like crazy.

On Fri, Mar 15, 2013 at 3:53 PM, Owen DeLong <owen at delong.com> wrote:
>> And there you have it :)
>>
>> Security obviously works  thus far,   in the sense, that so far,
>> government has been preserved -- there is not total chaos, in at least
>> most of the world,  and people do not doubt if their life or property
>> will still exist the next day.
>>
>
> I'm not sure I would even put "government has been preserved" on the list of considerations for the success or failure of security.
>
> I would put "law and order", "governance and/or the process of governance" on the list, but especially in a post-911 world, the US Government has departed from those ideals to varying degrees.
>
> Do not get me wrong, I am not advocating radical revolution or saying that we should tear down the existing institutions. Merely that we should be careful in our default use of terminology and focus on what we really want to preserve. Ideally, we can restore the US government to its proper (and limited) function. (That does not mean eliminating government services and making it small enough to fit in our bedrooms, either.)
>
> I'm not supporting any of the current Washington agendas and parties. I'm fed up with all of them at this point and unless they start working on solving problems instead of posturing all the time, I won't be supporting ANY incumbents.
>
>> Abusing new technology faster doesn't trump the extreme smallness of
>> the numbers of truly bad actors,  who have irrational thinking,  would
>> like to end civilization,  and the intersection between those and
>> those who have a viable method that would work + the right
>> resources/skill  available,  and a reasonable chance of success....
>> astronomically small
>
> The bottom line is that any system of laws and/or governance depends entirely on voluntary compliance by the majority of the actors.
>
>> If in a few decades,  there is a  0.1%    chance per decade of a
>> script kiddie ending civilization,   I think we've got few reasonable
>> alternatives but to accept that risk and hope for the best :)
>
> On the other hand, I will hold up the U.S.A.P.A.T.R.I.O.T. act and the T.S.A. as proof that we are rather adept at exploring and sometimes acting on the unreasonable alternatives.
>
> Owen
>
>
>