tuesdaynight » Security

But its such a lovely panopticon, I’d hate to have to return it

Ian Glazer — Tue, 25 Aug 2009 16:19:45 +0000

Anyone else not surprised by recently findings from this internal report form the London policy force? The net of it is closed circuit television (CCTV) camera do little to solve crimes. It seems that the success rate is 1,000 cameras per solved crime. Just a few million more cameras and we’ve got the crime thing licked, eh?

Questions that I’d like to see answered are:

How many crimes were not committed because of the presence of a CCTV camera?
How many crimes were committed in a different location because of the presence of a CCTV camera?

The first question is impossible to answer. The second can be answered and a UC Berkeley study of the city San Francisco’s CCTV camera efficacy has been released. You can ready about the results here and here. The San Francisco study shows the cameras move crime from areas near cameras to areas away from cameras – no big surprise there.

As I have mentioned previously on Tuesdaynight, trading the feeling of safety (without an actual increase in safety) for an invasive, always-on, 3rd-party-accessible video monitoring presence is a choice that leads to a far more paranoid society, less willing to engage in social behavior and less like the kinds of societies in which we want to participate.

The role of design in protecting cyberspace: thoughts from CFP 2009

Ian Glazer — Mon, 08 Jun 2009 16:56:24 +0000

Among the sessions in this year’s Computers Freedom and Privacy conference was a panel on the recently released National review of cyber-security. Ed Felten presented three related areas that he believes have to be improved in equal measure to improve overall cyber-security:

Product development
System administration
User behavior

But, to me, there was something missing from the list – product design.

Too often I have seen products whose user interface, in fact its entire user experience, was constructed after the fact. First the special sauce gets codified, then the chrome is put on and product gets a face. It is easy to recognize products that have been built in this way as they tend to expose their internal data models to users, forcing users to adopt the metaphors of the engineers that built the product in the first place. These types of products make problems internal to the product problems for the end-user and this can lead to very bad things. See Three Mile Island as an example. Poor user experience design leads to so-called “user error,” but is it really user error if the end-user is confronted with meaningless alarms, confusing error messages, and misleading feedback?

At CFP, I talked to Bruce Schneier his research that went into Beyond Fear to get a better understanding of the psychology of fear and its relation to security. As you probably know, humans (and other animals too) are fantastically bad about evaluating risk. Optimism bias and other factors cause us to either over or under-estimate risks. Combine this with the fact that how choices are presented directly influences how choices are made and you realize the crucial need to build better user experiences for security (frankly, all) products.

“Is everything okay with the mother ship and should we blow up Russia?” This is the question presented Buckaroo Bonzai and I think I’ve seen a form of it as a dialogue box in Windows. Would it be considered user error if an end-user pressed the “Yes” button and nuked Moscow? Bad design is at the least confusing and at the worst dangerous.

I did talk to Ed afterwards and he acknowledged the role of design in product development. As he said, if we only attempt to improve one of the three areas product devolvement or system administration or user behavior we won’t improve cyber-security; we have to improve all three. User experience design as a part of an improved product development processes can directly lead to better more informed user behavior. Okay you product managers and designers make your voices heard – better safer products through better design!

(Cross-posted from Burton Group’s Identity Blog.)

A view from the cockpit: More on security theater

Ian Glazer — Mon, 31 Dec 2007 15:13:31 +0000

This is a great summation of the points against our current, expensive, ineffective “security” at airports, written by a commercial airline pilot.

Your network ate my fine-grained auth engine: Cisco to acquire Securent

Ian Glazer — Thu, 01 Nov 2007 17:47:45 +0000

Cisco has announced it has agreed to acquire Securent. First, of congrats to my friends there. Well done.

Second, I have to wonder about this one. It makes a form of sense to integrate Securent into SONA. That makes sense… at some point. I wonder how baked the addressable market is for fine-grained authorization capabilities managed from the network through the application stack. Abstracting routing tables to business processes and objects is definitely an interesting one, but when does it really transition from an interesting academic exercise into a Cisco-sized market?

Third, Andras Cser over at Forrester writes:

Given the fact that enterprises are increasingly looking for integrated IAM stacks, the entry of Cisco into the entitlement management market will require a clear strategy of becoming a provider of IAM solutions either through organic growth or by acquisition.

If Cisco is really getting into the IAM market, they picked a bit of an unusual beachhead. Entitlement management and fine-grained auth are emerging submarkets within IAM; they are important, but are significantly smaller markets than web access management, enterprise single sign-on, user provisioning, etc. If Cisco is that serious about tackling this market, it seems to me they would have started with a more mainstream, mature area.

Convenience over Security: The role of industry

Ian Glazer — Tue, 06 Feb 2007 14:22:31 +0000

New York is the location of yet another identity information on public website fun. It is sad, but I am kind of used to reading about these. What is slightly more shocking was the reason given why the data was out there in the first place:

The documents were posted on the New York site as a convenience to lenders looking to learn more about the financial status of potential borrowers.

Ah yes… for the convenience of industry the government will put citizens at risk. I thought that government was formed to protect citizens, not to facilitate industry making a buck off them. Oh wait, I forgot, this whole HD television thing is an exercise in that. Ok, ok, ok, if government is going to help industry make a buck off of us, at least do it more securely.

Stuff like this makes me wish I could be a Blank.

Diversity as a form of Defense in Depth

Ian Glazer — Thu, 25 Jan 2007 15:08:51 +0000

I was thinking about David Maynor’s post on Cisco’s latest security updates. His feelings are quite clear on the danger of a homogenous network:

Again let me state for the record how I feel about this: do not buy a single vendor solution for something as important as the very basis for how your network operates. I know you may get volume discounts or sales reps might take you to nice lunches but eventually something like this will happen.

A homogenous network is a weak network. Yes, all products from every vendor have bugs and vulnerabilities. In a homogenous network, all of those bugs and vulnerabilities are arranged like a row of billiard balls. One good smack on one end will travel clear to the end of the row. In a heterogenous network, the bugs and vulnerabilities don’t line up so neatly. In fact, the heterogenous network looks more like a set off balls randomly dispersed on the table. A bump on one side is far less likely to make it all the way across – that is a form of defense in depth.

Who wants to be a security actor

Ian Glazer — Thu, 18 Jan 2007 21:51:33 +0000

If we have security theater, then we must have security actors. Wouldn’t you love to be one? Now you can.

Thoughts on Jim Harper’s talk

Ian Glazer — Thu, 18 Jan 2007 19:49:15 +0000

While Washington, DC may not have a lot of companies working on identity technologies, it certainly has a lot of bright people working on identity policies. This afternoon I got to hear one them, Jim Harper, speak about his research into identity and identification and his subsequent book, Identity Crisis: How Identification Is Overused and Misunderstood. If you haven’t read it yet, do so. It is an approachable survey of identity management and identification issues facing the U.S., set in the context of the REAL ID Act. (The short blurb I gave my mother-in-law about the book was enough to get it into her reading stack.) This wasn’t the first time I had the opportunity to hear Jim; Phil roped him into giving a keynote at Digital ID World last year.

There were two items I took away from his talk. First, Jim has an excellent analogy on how we protect physical assets versus how we “protect” electronic financial data. How many keys do you have in your pocket or purse? I’d wager it’s probably more than three. I’m also confident that you have a bunch more keys at home in the drawer somewhere. Each key matches up to an important physical asset: an apartment, a bike, a car, a safe, etc. In fact, you may even use multiple different keys to secure the same physical asset. Although convenient, I don’t think anyone would use the same key for every asset they own; just the idea of it seems somehow unsettling. Jim makes the point, if people don’t use a single key for securing their physical assets, how come we have (or are coming dangerously close to) using a single key, social security number, for “securing” all of our financial data?

Second, the point that credentialing, or authorizing, is just as important as identifying. At a point-of-sale terminal, merchants are primarily interested in can you pay, not who you are. Knowing that you are allowed to travel, but hiding who is doing the traveling. This smacks of both Dick’s Identity 2.0 talk and Bob’s talk on the Identity Oracle from last year’s Catalyst.

The question was raised what are the real opportunities that people have to opt-out of large scale identification. In reality, it is hard to opt-out of being identified and continue to fully function in society. There is a glimmer of hope in stronger identification systems allowing citizens more choice as what is needed to identify them. This sits somewhere between Kim’s Law of Minimal Disclosure and the Identity Governance Framework.

All in all, it was great to hear Jim speak and heartening to find parallels between identity policy and identity technology. I am concerned that too many bright identity minds are wrapped up in “enterprise” projects and have lost a bit of the wider societal view of the implications and impact of their work

More fun with airport (in)security

Ian Glazer — Wed, 20 Dec 2006 22:51:43 +0000

How much are we spending on airport security? How much have we already spent? Somewhere a bad guy is laughing so hard at this he’s actually peeing his pants.

NYT on Airport Security

Ian Glazer — Tue, 19 Dec 2006 21:01:15 +0000

The New York Times examines the TSA and airport security. Priceless.

tuesdaynight » Security

But its such a lovely panopticon, I’d hate to have to return it

Related Posts:

The role of design in protecting cyberspace: thoughts from CFP 2009

Related Posts:

A view from the cockpit: More on security theater

Related Posts:

Your network ate my fine-grained auth engine: Cisco to acquire Securent

Related Posts:

Convenience over Security: The role of industry

Related Posts:

Diversity as a form of Defense in Depth

Related Posts:

Who wants to be a security actor

Related Posts:

Thoughts on Jim Harper’s talk

Related Posts:

More fun with airport (in)security

Related Posts:

NYT on Airport Security

Related Posts: