Among the sessions in this year’s Computers Freedom and Privacy conference was a panel on the recently released National review of cyber-security. Ed Felten presented three related areas that he believes have to be improved in equal measure to improve overall cyber-security:
- Product development
- System administration
- User behavior
But, to me, there was something missing from the list – product design.
Too often I have seen products whose user interface, in fact its entire user experience, was constructed after the fact. First the special sauce gets codified, then the chrome is put on and product gets a face. It is easy to recognize products that have been built in this way as they tend to expose their internal data models to users, forcing users to adopt the metaphors of the engineers that built the product in the first place. These types of products make problems internal to the product problems for the end-user and this can lead to very bad things. See Three Mile Island as an example. Poor user experience design leads to so-called “user error,” but is it really user error if the end-user is confronted with meaningless alarms, confusing error messages, and misleading feedback?
At CFP, I talked to Bruce Schneier his research that went into Beyond Fear to get a better understanding of the psychology of fear and its relation to security. As you probably know, humans (and other animals too) are fantastically bad about evaluating risk. Optimism bias and other factors cause us to either over or under-estimate risks. Combine this with the fact that how choices are presented directly influences how choices are made and you realize the crucial need to build better user experiences for security (frankly, all) products. Continue reading "The role of design in protecting cyberspace: thoughts from CFP 2009"...
Here is a short piece on how a researcher, Chris Paget, bought a $250 RFID reader on eBay and used it to clone ePassports while driving 30 miles an hour near Fisherman’s Wharf in San Francisco. I fully recognize that this demonstration doesn’t represent a method for fabricating complete paper-in-hand cloned passports. Cloning is just the first step, but it is a big step. More importantly, it is a step that the State department has is somewhere between impossible and unlikely. The following is a passage from the privacy impact assessment (PIA) of TDIS – the Travel Document Issuance System:
The Department of State has taken extensive measures to prevent a third-party from reading or accessing the information on the chip without the passport holder’s knowledge. This includes safeguards against such nefarious acts as “skimming” data from the chip, “eavesdropping” on communications between the chip and reader, “tracking” passport holders, and “cloning” the passport chip in order to facilitate identity theft crimes. These safeguards are described in detail on the Department of State website.
Apparently those safeguards aren’t very strong.
I invite you to read the State Department’s FAQ on e-Passports. Notice the incredibly defensive tone in the opening of the answer to the question, “Will someone be able to read or access the information on the chip without my knowledge (also known as skimming or eavesdropping)?” Also notice the tacit acknowledgment that passport RFID chips can be cloned.
Mr. Paget intends on driving around DC this weekend to see what he can clone, and with a macbre sense of humor, I look forward to reading his results. Continue reading "I’ll keep my paper passport, thanks"...
If I wanted to print US Dollars at home, I’d need the printing equipment, the paper stock on which to do it, and the magical ink. To thwart me, the government controls access to the printing plates, blank paper stock, and ink. This, of course, hasn’t stopped people from trying to print money, but their produced fake money can be detected as fake because they do not have access to the real plates, stock, and ink. Because the government tightly controls access to the original materials and the flow raw materials into the printing process, our money can be trusted. (Financial crisis and the government’s predilection to just print heaps of dollars not withstanding.)
The government has not implemented the same model in the case of identification systems: passports and REAL ID driver’s licenses.
Consider this article from the Washington Times. The raw materials to make a new RFID passport, namely, the blank covers with RFID chips in them, originate in Thailand. They are then shipped here for printing and binding. The control over access to this supply-line seems to be very weak.
The new RFID passports are part of a chain of trust. Border Control allows me to re-enter the country if the passport is trustworthy and valid. Cloning passports has been demonstrated to be a trivial process. So one trustworthy passport can become an infinite number of trustworthy passports. The chain of trust extends from me and the INS at the airport, back to the passport issuance office, to the State Department, to Thailand, and back to Europe where the RFID chips are made. If any link along the chain cannot be trusted, then the entire chain of trust breaks. And this seems to be the case. Continue reading "Chains of trust, questionable origins"...
Jeffery Goldberg of The Atlantic tries to get arrested at a variety of US airports… and fails. He even traveled with Bruce Schneier and you’d think by know that Bruce’s picture would have been handed to every single TSA employee with a caption like, “Known security expert. Known to claim that Kip Hawley isn’t wearing any clothes. Assume everything he tells you is a lie. Assume he knows your private key.”
Now if someone can produce a mashup of people mocking security theater and John Hodgman’s SPAMasterpiece Theater over on boing boing TV, that would be awesome!
As you probably know, I live in Washington DC. I take photographs in DC as well. We’ve got a few quirky rules here about that. For example, if you are on National Park land, you cannot use any photographic equipment that touches the ground. As you can imagine using tripods becomes a bit tricky. But beyond that, I haven’t heard of many photographers getting harassed in the name of security, unlike Chicago and London. Then I read this piece in the Post today. Glad to see that Eleanor Holmes Norton getting involved. Her Open Society with Security Act bill is certainly intriguing.