Marcus Ranum wrote “Information security’s response to bitter failure, in any area of endeavour, is to try the same thing that didn’t work — only harder.”
It seems that this often applies to the entire security field, not just IT. Here’s a timely example.
There have been calls, in the wake of April’s bombing at the Boston Marathon, for increased surveillance of Americans — already, arguably, the most-surveilled and most spied-on citizens on the planet, to such an extent that ex-Stasi staff are likely envious. In particular, there have been calls for mass (camera) surveillance from police department officials in Boston and New York City.
These recommendations clearly raise serious issues about privacy and the Constitution and the values we hold as a society. Others have written about those issues more eloquently than I can. But let me break from their approach and point out something on a much more pragmatic level:
It didn’t work.
Let me ask you to consider for a moment the Boston Marathon and all the video/still cameras that were focused on it, the ones whose images were in front of the nation nonstop for days. Anyone who’s run in or been to a major distance running event knows that there are cameras everywhere. There are race operation cameras at the start and finish. There are TV news cameras, all over the course — some fixed, some mobile. There are family/friends of runners and other spectators, concentrated at the start and finish, but scattered everywhere along the course, and nearly all of them have cameras. There are official and unofficial race photographers in multiple locations who try to grab still shots of every runner and then offer them for sale afterwards. There are even some runners wearing cameras from time to time. And then of course there are all the now-ubiquitous cameras on stores, banks, parking garages, traffic signs, and on all kinds of other structures along the way.
We don’t know why the those responsible for the attack in Boston did it; but what we do know is that the attack required a modicum of planning and intelligence: they weren’t entirely stupid. I submit that there is no possible way that they did not know that the finish area of a major marathon is one of the most heavily-photographed areas of the planet on the day of the event. Yet they not only selected it as their target, they made no attempt at all to evade the massive number of lenses focused on it.
Thousands of cameras equated to zero deterrent value.
Yes, those cameras certainly helped identify and locate the suspects: but that is cold consolation to those who lost life and limb, because they didn’t actually prevent the attack. The upcoming prosecution of Dzhokhar Tsarnaev, while it might yield some answers to troubling questions, is not going to help local runner Carol Downing’s daughters (Nicole Gross suffered two broken legs; Erika Brannock lost part of one of hers) recover and rehab and go on with their lives.
A thousand more, ten thousand more, a hundred thousand more cameras would not help: cameras have no deterrent value to people who are prepared to die and/or don’t care if they’re identified.
There also remains the distinct, disturbing possibility that the attackers chose the locationbecause they knew it was so thoroughly covered with cameras. An attack like this is clearly directed at those present, but if its real purpose is, as Bruce Schneier observes, to attack the minds of hundreds of millions elsewhere, then it can only reach its targets if the event is heavily documented and widely disseminated.
To put that point another way: it’s entirely possible that adding cameras to a particular location will decrease public safety — because it may make that location more attractive to those who want to make certain their attacks are captured on video and of course, dutifully replayed in slow-motion thousands of times by 24×7 news networks with many hours of airtime to fill.
The Latest on: Spying on the public
Starbucks was never about the coffee. It’s taking over public space—and controlling it
on April 19, 2018 at 10:17 am
In Austin Powers: The Spy Who Shagged Me, Dr. Evil’s team briefly abandons ... It’s a private company that markets itself as a public space, marketing its coffee shops as venues where people can meet, relax, and work for hours on end. […]
10 things you need to know before the opening bell (SPY, SPX, QQQ, DIA, TSLA, AMZN)
on April 19, 2018 at 3:33 am
Uber is zeroing in on a CFO. The ride-hailing company has reportedly set its sights on VMWare CFO Zane Rowe to spearhead its initial public offering in 2019, Reuters says. Merkel is reportedly in favor of a European Monetary Fund. German Chancellor Angela ... […]
The British TV Regulator Just Announced Seven Investigations Into Russia Today Over Its Spy Poisoning Coverage
on April 18, 2018 at 4:34 am
The British TV regulator Ofcom has announced seven new investigations into the Russia Today network due to impartiality concerns, citing the Russian state broadcaster's coverage of the recent spy poisoning ... MPs and other UK public figures who have ... […]
G7 Ministers Call For Russia's 'Full Disclosure' On Spy Poisoning In Britain
on April 17, 2018 at 6:38 pm
The OPCW did not name the substance in its public summary but said it was of "high purity." "We share, and agree with, the U.K.'s assessment that it is highly likely that the Russian Federation was responsible for the attack and that there is no plausible ... […]
Spying, targeting and arresting: The secret police war on Black activists
on April 17, 2018 at 12:07 pm
It was part of illegal domestic spying, infiltration, disinformation and destruction ... “Black and Brown activists and the public in general should not be left to speculate as to why DHS prepared a document called the ‘Race Paper,’ circulated ... […]
via Google News and Bing News