[lit-ideas] Reading Schneier

• From: Teemu Pyyluoma <teme17@xxxxxxxxx>
• To: lit-ideas@xxxxxxxxxxxxx
• Date: Tue, 21 Feb 2006 23:49:35 -0800 (PST)

Been a while since I read his stuff, so I once again
checkup on Bruce Schneier. He has been busy, and the
string of articles in Minneapolis Star Tribune for
example is as usual brilliant.

The first on is on Katrina from 9/11/05 and titled
"Toward a Truly Safer Nation":
".. Large-scale terrorist attacks and natural
disasters differ in cause, but they're very similar in
aftermath. And one can easily imagine a Katrina-like
aftermath to a terrorist attack, especially one
involving nuclear, biological or chemical weapons...

"Funding security based on movie plots looks good on
television, and gets people reelected. But there are
millions of possible scenarios, and we're going to
guess wrong. The billions spent defending airlines are
wasted if the terrorists bomb crowded shopping malls
instead.

"Our nation needs to spend its homeland security
dollars on two things: intelligence-gathering and
emergency response. These two things will help us
regardless of what the terrorists are plotting, and
the second helps both against terrorist attacks and
national disasters.

"...Similarly, money spent on intelligence-gathering
makes us safer, regardless of what the next disaster
is. Against terrorism, that includes the NSA and the
CIA. Against natural disasters, that includes the
National Weather Service and the National Earthquake
Information Center.

"Katrina deftly illustrated homeland security's
biggest challenge: guessing correctly. The solution is
to fund security that doesn't rely on guessing." 
http://www.schneier.com/essay-088.html

None of this is of course new to people who do
security for living, that they are not listened to is
the problem.

Another one from 11/21/05 on "The Erosion of Freedom"
cuts through the rhetoric deftly:

"Christmas 2003, Las Vegas. Intelligence hinted at a
terrorist attack on New Year's Eve. In the absence of
any real evidence, the FBI tried to compile a
real-time database of everyone who was visiting the
city. It collected customer data from airlines,
hotels, casinos, rental car companies, even storage
locker rental companies. All this information went
into a massive database -- probably close to a million
people overall -- that the FBI's computers analyzed,
looking for links to known terrorists. Of course, no
terrorist attack occurred and no plot was discovered:
The intelligence was wrong.

(...)

"September 2005, Rotterdam. The police had already
identified some of the 250 suspects in a soccer riot
from the previous April, but most were unidentified
but captured on video. In an effort to help, they sent
text messages to 17,000 phones known to be in the
vicinity of the riots, asking that anyone with
information contact the police. The result was more
evidence, and more arrests.

"The differences between the Rotterdam and Las Vegas
incidents are instructive. The Rotterdam police needed
specific data for a specific purpose. Its members
worked with federal justice officials to ensure that
they complied with the country's strict privacy laws.
They obtained the phone numbers without any names
attached, and deleted them immediately after sending
the single text message. And their actions were
public, widely reported in the press.

"On the other hand, the FBI has no judicial oversight.
With only a vague hinting that a Las Vegas attack
might occur, the bureau vacuumed up an enormous amount
of information. First its members tried asking for the
data; then they turned to national security letters
and, in some cases, subpoenas. There was no
requirement to delete the data, and there is every
reason to believe that the FBI still has it all. And
the bureau worked in secret; the only reason we know
this happened is that the operation leaked.

"These differences illustrate four principles that
should guide our use of personal information by the
police. The first is oversight: In order to obtain
personal information, the police should be required to
show probable cause, and convince a judge to issue a
warrant for the specific information needed. Second,
minimization: The police should only get the specific
information they need, and not any more. Nor should
they be allowed to collect large blocks of information
in order to go on "fishing expeditions," looking for
suspicious behavior. The third is transparency: The
public should know, if not immediately then
eventually, what information the police are getting
and how it is being used. And fourth, destruction. Any
data the police obtains should be destroyed
immediately after its court-authorized purpose is
achieved. The police should not be able to hold on to
it, just in case it might become useful at some future
date.

"This isn't about our ability to combat terrorism;
it's about police power. Traditional law already gives
police enormous power to peer into the personal lives
of people, to use new crime-fighting technologies, and
to correlate that information. But unfettered police
power quickly resembles a police state, and checks on
that power make us all safer."
http://www.schneier.com/essay-091.html


Cheers,
Teemu
Helsinki, Finland

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
------------------------------------------------------------------
To change your Lit-Ideas settings (subscribe/unsub, vacation on/off,
digest on/off), visit www.andreas.com/faq-lit-ideas.html

• References:
  • [lit-ideas] Bush and Domestic Land Issues
    • From: Eternitytime1

Other related posts:

• » [lit-ideas] Reading Schneier

1. Home
2. lit-ideas
3. Archive
4. 02-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---