| |
| "I don't think the report is true, but these crises work for those who want to make fights between people." Kulam Dastagir, 28, a bird seller in Afghanistan
|
|
Why Information Security is Hard |
|
|
|---|
| Topic: Computer Security |
10:32 am EDT, Mar 26, 2007 |
This Ross Anderson paper from 2001 is worth (re-)reading. I'd be interested in any pointers to further reading along these lines. I particularly liked this quote, from the French economist Jules Dupuit in 1849: It is not because of the few thousand francs which would have to be spent to put a roof over the third-class carriage or to upholster the third-class seats that some company or other has open carriages with wooden benches ... What the company is trying to do is prevent the passengers who can pay the second-class fare from traveling third class; it hits the poor, not because it wants to hurt them, but to frighten the rich ... And it is again for the same reason that the companies, having proved almost cruel to the third-class passengers and mean to the second-class ones, become lavish in dealing with first-class customers. Having refused the poor what is necessary, they give the rich what is superfluous.
Here's the abstract of the paper: According to one common view, information security comes down to technical measures. Given better access control policy models, formal proofs of cryptographic protocols, approved firewalls, better ways of detecting intrusions and malicious code, and better tools for system evaluation and assurance, the problems can be solved. In this note, I put forward a contrary view: information insecurity is at least as much due to perverse incentives. Many of the problems can be explained more clearly and convincingly using the language of microeconomics: network externalities, asymmetric information, moral hazard, adverse selection, liability dumping and the tragedy of the commons.
Anderson has been working this theme over the past several years; his latest paper is The Economics of Information Security - A Survey and Open Questions. Why Information Security is Hard |
|
|
|---|
| Topic: Arts |
1:22 pm EDT, Mar 18, 2007 |
A good idea that doesn't happen is no idea at all.
-- Louis Kahn
This quote is relayed by Richard Saul Wurman in My Architect [2]. I enjoyed the film and would recommend it to those with an interest, but some architects seemed to want less personal journey and more architectural analysis. Wurman also mentions this quote in the April 2001 issue of design matters: Louis Kahn said to me shortly before he died that an idea that does not happen is no idea at all. Late in his life, Mies van der Rohe told a student interviewing him about his work that the secret to his success was to "do good work."
Other mentions of this quote: 1, 2, 3, 4. More photos at Google. I also liked this exchange, from the film: Nathaniel Kahn: I think you've built way more ... you've had way more success ... rate, in terms of your buildings that you -- I.M. Pei: [sighs] Oh, building doesn't mean success. Building ... three or four masterpieces [is] more important than fifty or sixty buildings. ... Quality, not quantity.
No Idea At All |
|
FM 3-24: Counterinsurgency |
|
|
|---|
| Topic: Society |
9:15 am EST, Dec 19, 2006 |
The Army has just updated its counterinsurgency manual; it includes an appendix on "Social Network Analysis and Other Analytical Tools". FM 3-24: Counterinsurgency |
|
Theater of the Absurd at the TSA |
|
|
|---|
| Topic: Politics and Law |
9:25 pm EST, Dec 17, 2006 |
The Sunday NYT features a story on the Christopher Soghoian case [2, 3, 4, 5, 6, 7]. For theater on a grand scale, you can’t do better than the audience-participation dramas performed at airports, under the direction of the Transportation Security Administration. Of course, we never see the actual heart of the security system: the government’s computerized no-fly list, to which our names are compared when we check in for departure. The T.S.A. is much more talented, however, in the theater arts than in the design of secure systems. This becomes all too clear when we see that the agency’s security procedures are unable to withstand the playful testing of a bored computer-science student.
I guess Matt Blaze hasn't had much occasion to be impressed with his charges since he left industry for academia: "If a grad student can figure it out," he said, "we can assume agents of Al Qaeda can do the same."
Blaze does offer a nod to the FBI, who gave the green light to his paper, Signaling Vulnerabilities in Wiretapping Systems. Theater of the Absurd at the TSA |
|
|
|---|
| Topic: Politics and Law |
2:21 pm EST, Dec 13, 2006 |
"Protect the children." Over the years that mantra has been applied to countless real and perceived threats. America has scrambled to protect its children from a wide variety of dangers including school shooters, cyberbullying, violent video games, snipers, Satanic Ritual Abuse, pornography, the Internet, and drugs. Hundreds of millions of taxpayer dollars have been spent protecting children from one threat or other, often with little concern for how expensive or effective the remedies are—or how serious the threat actually is in the first place. So it is with America’s latest panic: sexual predators. Eventually this predator panic will subside and some new threat will take its place. Expensive, ineffective, and unworkable laws will be left in its wake when the panic passes. And no one is protecting America from that.
Have you seen Little Children? Predator Panic |
|
|
|---|
| Topic: Business |
10:46 pm EST, Dec 10, 2006 |
It began as a covert guerrilla action that spread virally and eventually became a revolution.
What is it? At most companies, going AWOL during daylight hours would be grounds for a pink slip. Not at Best Buy. The nation's leading electronics retailer has embarked on a radical -- if risky -- experiment to transform a culture once known for killer hours and herd-riding bosses. The endeavor, called ROWE, for "results-only work environment," seeks to demolish decades-old business dogma that equates physical presence with productivity. The goal at Best Buy is to judge performance on output instead of hours.
They are going to do this not only at corporate, but also at the retail outlets. Sweet! Smashing The Clock |
|
|
|---|
| Topic: Technology |
12:00 pm EST, Dec 3, 2006 |
When he was hired by the DIA, he told me recently, his mind boggled at the futuristic, secret spy technology he would get to play with ... If the everyday Internet was so awesome, just imagine how much better the spy tools would be. But when he got to his cubicle, his high-tech dreams collapsed. "The reality," he later wrote ruefully, "was a colossal letdown."
In this essay for the NYT Sunday magazine, Clive Thompson refers to the white paper by Calvin Andrus, The Wiki and the Blog: Toward a Complex Adaptive Intelligence Community, which was recommended here back in July. (Also at CSI. Slides here.) Following the threads from this article ... Next up: the ouster of neocon Zalmay Khalilzad, the manipulative pro-consul in Baghdad, and his replacement by Ryan Crocker, a long-time Arabist who recently served as U.S. ambassador to Syria.
Thomas Fingar [2] "manages the production of the President's Daily Brief." He's an SES and an old China hand. He spoke in August, giving a talk entitled Intelink and Beyond: Dare to Share."I think in the future you'll press a button and this will be the NIE," said Michael Wertheimer, assistant deputy director of national intelligence for analysis.
In 2004 Wertheimer wrote in the Washington Post: To succeed we must demand far less near-term intelligence product from the Signals Intelligence community, give it control of its resources and allow it to plan for a disruptive future, a future that is presaged by videos that show an Afghan warlord exhorting his terrorist followers not to use satellite phones for fear of American capture.
He spoke recently at InfoTech 2006; his presentation, Technology Transformation for Analysis: Year One Report, isn't really online, but others at the conference are here. According to Michael Wertheimer, who held the most senior technical position at th... [ Read More (0.7k in body) ] Open-Source Spying
|
|
