{"id":60,"date":"2006-06-16T15:44:39","date_gmt":"2006-06-16T19:44:39","guid":{"rendered":"http:\/\/www.szmidt.org\/blog2\/?p=60"},"modified":"2009-03-20T07:45:16","modified_gmt":"2009-03-20T11:45:16","slug":"a-deeper-insight-into-security-crypto-gram","status":"publish","type":"post","link":"https:\/\/www.szmidt.org\/blog2\/2006\/06\/16\/a-deeper-insight-into-security-crypto-gram\/","title":{"rendered":"A deeper insight into security – CRYPTO-GRAM"},"content":{"rendered":"

Here’s a reprint of Crypto-Gram by Bruce Schneier. His newsletter is one of the most read on the subject. It is a strongly recommended reading for all who care about themselves and others.<\/p>\n

Schneier also gives a good insight into how to motivate security in any area. (See Aligning Interest with Capability, below.) <\/p>\n

Here in it’s entirety is:<\/p>\n

CRYPTO-GRAM<\/p>\n

June 15, 2006<\/p>\n

by Bruce Schneier
\n Founder and CTO
\n Counterpane Internet Security, Inc.
\n schneier@counterpane.com
\n http:\/\/www.schneier.com
\n http:\/\/www.counterpane.com<\/p>\n

A free monthly newsletter providing summaries, analyses, insights, and
\ncommentaries on security: computer and otherwise.<\/p>\n

For back issues, or to subscribe, visit
\n.<\/p>\n

You can read this issue on the web at
\n. These same essays
\nappear in the “Schneier on Security” blog:
\n. An RSS feed is available.<\/p>\n

** *** ***** ******* *********** *************<\/p>\n

In this issue:
\n The Value of Privacy
\n Movie-Plot Threat Contest Winner
\n Crypto-Gram Reprints
\n Diebold Doesn’t Understand the Security Threat
\n News
\n Hacking Computers Over USB
\n The Doghouse: KRYPTO 2.0
\n Counterpane News
\n Aligning Interest with Capability
\n Comments from Readers<\/p>\n

** *** ***** ******* *********** *************<\/p>\n

The Value of Privacy<\/p>\n

Last month, revelation of yet another NSA surveillance effort against
\nthe American people rekindled the privacy debate. Those in favor of
\nthese programs have trotted out the same rhetorical question we hear
\nevery time privacy advocates oppose ID checks, video cameras, massive
\ndatabases, data mining, and other wholesale surveillance measures: “If
\nyou aren’t doing anything wrong, what do you have to hide?”<\/p>\n

Some clever answers: “If I’m not doing anything wrong, then you have no
\ncause to watch me.” “Because the government gets to define what’s
\nwrong, and they keep changing the definition.” “Because you might do
\nsomething wrong with my information.” My problem with quips like these
\n— as right as they are — is that they accept the premise that privacy
\nis about hiding a wrong. It’s not. Privacy is an inherent human right,
\nand a requirement for maintaining the human condition with dignity and
\nrespect.<\/p>\n

Two proverbs say it best: “Quis custodiet ipsos custodes?” (“Who
\nwatches the watchers?”) and “Absolute power corrupts absolutely.”<\/p>\n

Cardinal Richelieu understood the value of surveillance when he
\nfamously said, “If one would give me six lines written by the hand of
\nthe most honest man, I would find something in them to have him
\nhanged.” Watch someone long enough, and you’ll find something to arrest
\n— or just blackmail — him with. Privacy is important because without
\nit, surveillance information will be abused: to peep, to sell to
\nmarketers, and to spy on political enemies — whoever they happen to be
\nat the time.<\/p>\n

Privacy protects us from abuses by those in power, even if we’re doing
\nnothing wrong at the time of surveillance.<\/p>\n

We do nothing wrong when we make love or go to the bathroom. We are not
\ndeliberately hiding anything when we seek out private places for
\nreflection or conversation. We keep private journals, sing in the
\nprivacy of the shower, and write letters to secret lovers and then burn
\nthem. Privacy is a basic human need.<\/p>\n

A future in which privacy would face constant assault was so alien to
\nthe framers of the Constitution that it never occurred to them to call
\nout privacy as an explicit right. Privacy was inherent to the nobility
\nof their being and their cause. Of course being watched in your own
\nhome was unreasonable. Watching at all was an act so unseemly as to be
\ninconceivable among gentlemen in their day. You watched convicted
\ncriminals, not free citizens. You ruled your own home. It’s intrinsic
\nto the concept of liberty.<\/p>\n

For if we are observed in all matters, we are constantly under threat
\nof correction, judgment, criticism, even plagiarism of our own
\nuniqueness. We become children, fettered under watchful eyes,
\nconstantly fearful that — either now or in the uncertain future —
\npatterns we leave behind will be brought back to implicate us, by
\nwhatever authority has now become focused upon our once-private and
\ninnocent acts. We lose our individuality, because everything we do is
\nobservable and recordable.<\/p>\n

How many of us have paused during conversations in the past
\nfour-and-a-half years, suddenly aware that we might be eavesdropped on?
\nProbably it was a phone conversation, although maybe it was an e-mail
\nor instant message exchange or a conversation in a public place. Maybe
\nthe topic was terrorism, or politics, or Islam. We stop suddenly,
\nmomentarily afraid that our words might be taken out of context, then
\nwe laugh at our paranoia and go on. But our demeanor has changed, and
\nour words are subtly altered.<\/p>\n

This is the loss of freedom we face when our privacy is taken from us.
\nThis was life in the former East Germany, or life in Saddam Hussein’s
\nIraq. And it’s our future as we allow an ever-intrusive eye into our
\npersonal, private lives.<\/p>\n

Too many wrongly characterize the debate as “security versus privacy.”
\nThe real choice is liberty versus control. Tyranny, whether it arises
\nunder threat of foreign physical attack or under constant domestic
\nauthoritative scrutiny, is still tyranny. Liberty requires security
\nwithout intrusion, security plus privacy. Widespread police
\nsurveillance is the very definition of a police state. And that’s why
\nwe should champion privacy even when we have nothing to hide.<\/p>\n

A version of this essay originally appeared on Wired.com.
\nhttp:\/\/www.wired.com\/news\/columns\/0,70886-0.html<\/p>\n

Daniel Solove comments:
\nhttp:\/\/www.concurringopinions.com\/archives\/2006\/05\/is_there_a_good.html
\nor http:\/\/tinyurl.com\/nmj3u<\/p>\n

** *** ***** ******* *********** *************<\/p>\n

Movie-Plot Threat Contest Winner<\/p>\n

I can tell you one thing, you guys are really imaginative. The
\nresponse to my Movie-Plot Threat Contest was more than I could imagine:
\n892 comments. I printed them all out — 195 pages, double sided — and
\nspiral bound them, so I could read them more easily. The cover read:
\n“The Big Book of Terrorist Plots.” I tried not to wave it around too
\nmuch in airports.<\/p>\n

I almost didn’t want to pick a winner, because the real point is the
\nenormous list of them all. And because it’s hard to choose. But after
\ncareful deliberation, the winning entry is by Tom Grant. Although
\nplanes filled with explosives is already cliche, destroying the Grand
\nCoulee Dam is inspired. Here it is:<\/p>\n

“Mission: Terrorize Americans. Neutralize American economy, make
\nAmerica feel completely vulnerable, and all Americans unsafe.<\/p>\n

“Scene 1: A rented van drives from Spokane, WA, to a remote setting in
\nIdaho and loads up with shoulder-mounted rocket launchers and a couple
\nof people dressed in fatigues. <\/p>\n

“Scene 2: Terrorists dressed in ‘delivery man’ garb take over the UPS
\ncargo depot at the Spokane, WA, airport. A van full of explosives is
\nunloaded at the depot.<\/p>\n

“Scene 3: Terrorists dressed in ‘delivery man’ garb take over the UPS
\ncargo depot at the Kamloops, BC, airport. A van full of explosives is
\nunloaded at the depot.<\/p>\n

“Scene 4: A van with mercenaries drives through the Idaho forests en
\nroute to an unknown destination. Receives cell communiqu\u00c3\u00a9 that
\nlocations Alpha and Bravo are secured.<\/p>\n

“Scene 5: UPS cargo plane lands in Kamloops and is met at the depot by
\nterrorists who overtake the plane and its crew. Explosives are loaded
\naboard the aircraft. The same scene plays out in Spokane moments
\nlater, and that plane is loaded with explosives. Two pilots board
\neach of the cargo planes and ask for takeoff instructions as night
\nfalls across the West.<\/p>\n

“Scene 6: Two cargo jets go airborne from two separate locations. A
\nvan with four terrorists arrives at its destination, parked on an
\noverlook ridge just after nightfall. They use infrared glasses to scope
\nthe target. The camera pans down and away from the van, exposing the
\ntarget. Grand Coulee Dam. The cell phone rings and notification comes
\nto the leader that ‘Nighthawks alpha and bravo have launched.’<\/p>\n

“Scene 7: Two radar operators in separate locations note with alarm
\nthat UPS cargo jets they have been tracking have dropped off the radar
\nand may have crashed. Aboard each craft the pilots have turned off
\nnavigational radios and are flying on ‘manual’ at low altitude. One
\nheading South, one heading North.<\/p>\n

“Scene 8: Planes are closing in on the ‘target’ and the rocket
\nlauncher crew goes to work. With precision they strike lookout and
\ndefense positions on the dam, then target the office structures
\nbelow. As they finish, a cargo jet approaches from the North at high
\nvelocity, slamming into the back side of the dam just above the
\nwaterline and exploding, shuddering the earth. A large portion of the
\ncenter-top of the dam is missing. Within seconds a cargo plane coming
\nfrom the South slams into the front face of the dam, closer to the
\nbase, and explodes in a blinding flash, shuddering the earth. In
\nmoments, the dam begins to fail, and a final volley from four rocket
\nlaunchers on the hill above helps break open the face of the dam. The
\n40-mile-long Lake Roosevelt begins to pour down the Columbia River
\nValley, uncontrolled. No warning is given to the dams downriver, other
\nthan the generation at G.C. is now offline.<\/p>\n

“Scene 9: Through the night, the surging wall of water roars down the
\nColumbia waterway, overtopping dam after dam and gaining momentum (and
\nhuge amounts of water) along the way. The cities of Wenatchee and
\nKennewick are inundated and largely swept away. A van of renegades
\nretreats to Northern Idaho to hide.<\/p>\n

“Scene 10: As day breaks in the West, there is no power from Seattle
\nto Los Angeles. The Western power grid has failed. Commerce has ground
\nto a halt west of the Rocky Mountains. Water is sweeping down the
\nColumbia River gorge, threatening to overtop Bonneville dam and wipe
\nout the large metro area of Portland, OR.<\/p>\n

“Scene 11: Bin Laden releases a video on Al Jazeera that claims
\nvictory over the Americans.<\/p>\n

“Scene 12: Pandemonium, as water sweeps into a panicked Portland,
\nOregon, washing all away in its path, and surging water well up the
\nWillamette valley.<\/p>\n

“Scene 13: Washington situation room…little input is coming in from
\nthe West. Some military bases have emergency power and sat phones, and
\nare reporting that the devastation of the dam infrastructure is
\ncomplete. Seven major and five minor dams have been destroyed.
\nRe-powering the West coast will take months, as connections from the
\nEastern grid will have to be made through the New Mexico Mountains.<\/p>\n

“Scene 14: Worst U.S. market crash in history. America’s GNP drops
\nfrom the top of the charts to 20th worldwide. Exports and imports cease
\non the West coast. Martial law fails to control mass exodus from
\nSeattle, San Francisco, and L.A. as millions flee to the east. Gas
\nshortages and vigilante mentality take their toll on the panicked
\npopulace. The West is ‘wild’ once more. The East is overrun with
\nmillions seeking homes and employment.”<\/p>\n

Congratulations, Tom. I’m still trying to figure out what you win.<\/p>\n

Contest rules and all entries:<\/p>\n

Announcing: Movie-Plot Threat Contest<\/a><\/p><\/blockquote>\n