Tag Archives: bruce-schneier

The CCTV Trade-Off

That CCTV doesn’t substantially help in reducing crime has been shown beyond reasonable doubt, proposes Bruce Schneier, so now the pressing question is whether or not the benefits security cameras do afford are worthwhile.

There are exceptions, of course, and proponents of cameras can always cherry-pick examples to bolster their argument. These success stories are what convince us; our brains are wired to respond more strongly to anecdotes than to data. But the data are clear: CCTV cameras have minimal value in the fight against crime. […]

The important question isn’t whether cameras solve past crime or deter future crime; it’s whether they’re a good use of resources. They’re expensive, both in money and in their Orwellian effects on privacy and civil liberties. Their inevitable misuse is another cost. […] Though we might be willing to accept these downsides for a real increase in security, cameras don’t provide that.

In August 2009 Schneier discussed a report that showed only one crime per thousand cameras per year is solved because of CCTV and quotes David Davis MP saying that “CCTV leads to massive expense and minimum effectiveness. It creates a huge intrusion on privacy, yet provides little or no improvement in security.”

A Home Office study also concluded that cameras had done “virtually nothing” to cut crime (although they were effective in preventing vehicle crimes in car parks), but do “help communities feel safer” (a case of classic security theatre).

Terrorism and Our Responses

Shortly after the Northwest Airlines Flight 253 incident, Bruce Schneier provided links to a number of articles that published interviews, quotes or essays from him. As expected, Schneier calmly reiterates his old advice that is as valid now as it was pre-9/11.

The one not to miss: Is aviation security mostly for show?

The best defenses against terrorism are largely invisible: investigation, intelligence, and emergency response. But even these are less effective at keeping us safe than our social and political policies, both at home and abroad. […]

Despite fearful rhetoric to the contrary, terrorism is not a transcendent threat. A terrorist attack cannot possibly destroy a country’s way of life; it’s only our reaction to that attack that can do that kind of damage. The more we undermine our own laws, […] the more we reduce the freedoms and liberties at the foundation of our societies, the more we’re doing the terrorists’ job for them. […]

We’d do much better by leveraging the inherent strengths of our modern democracies and the natural advantages we have over the terrorists: our adaptability and survivability, our international network of laws and law enforcement, and the freedoms and liberties that make our society so enviable.

In an interview with The Atlantic‘s Jeffrey Goldberg Schneier was asked if we are “moving toward the Israelification” of airport security. Unsure what Israelification referred to, a quick search led to an excellent article discussing how airport security works in Israel:

Israelis, unlike Canadians and Americans, don’t take s— from anybody. When the security agency in Israel (the ISA) started to tighten security and we had to wait in line for — not for hours — but 30 or 40 minutes, all hell broke loose here. We said, ‘We’re not going to do this. You’re going to find a way that will take care of security without touching the efficiency of the airport.

That, in a nutshell is “Israelification” – a system that protects life and limb without annoying you to death.

Interestingly, a large proportion of Israel’s airport security is rooted in behavioural profiling: the meta-data.

Privacy Salience and Social Networking Sites

Privacy could become a competitive feature of social networking sites, suggests Bruce Schneier in an article that looks at the interesting topic of privacy salience: the suggestion that privacy reassurances make people more, not less, concerned.

Privacy salience does a lot to explain social networking sites and their attitudes towards privacy. From a business perspective, social networking sites don’t want their members to exercise their privacy rights very much. They want members to be comfortable disclosing a lot of data about themselves.

[…] Users care about privacy, but don’t really think about it day to day. The social networking sites don’t want to remind users about privacy, even if they talk about it positively, because any reminder will result in users remembering their privacy fears and becoming more cautious about sharing personal data. But the sites also need to reassure those “privacy fundamentalists” for whom privacy is always salient, so they have very strong pro-privacy rhetoric for those who take the time to search them out. The two different marketing messages are for two different audiences.

The Zone of Essential Risk

‘The zone of essential risk’ is a term coined by Bob Blakely to describe the problem with rare, medium-sized transactions:

If you conduct infrequent transactions which are also small, you’ll never lose much money and it’s not worth it to try to protect yourself – you’ll sometimes get scammed, but you’ll have no trouble affording the losses.

If you conduct large transactions, regardless of frequency, each transaction is big enough that it makes sense to insure the transactions or pay an escrow agent. You’ll have occasional experiences of fraud, but you’ll be reimbursed by the insurer or the transactions will be reversed by the escrow agent and you don’t lose anything.

If you conduct small or medium-sized transactions frequently, you can amortize fraud losses using the gains from your other transactions. This is how casinos work; they sometimes lose a hand, but they make it up in the volume.

But if you conduct medium-sized transactions rarely, you’re in trouble. The transactions are big enough so that you care about losses, you don’t have enough transaction volume to amortize those losses, and the cost of insurance or escrow is high enough compared to the value of your transactions that it doesn’t make economic sense to protect yourself.

via Schneier

Talk to Strangers

In an article discussing collaborative spam filtering and the Tor project, Bruce Schneier offers some refreshing advice: telling children not to talk to strangers isn’t strictly the best advice:

When I was growing up, children were commonly taught: “don’t talk to strangers.” Strangers might be bad, we were told, so it’s prudent to steer clear of them.

And yet most people are honest, kind, and generous, especially when someone asks them for help. If a small child is in trouble, the smartest thing he can do is find a nice-looking stranger and talk to him.

These two pieces of advice may seem to contradict each other, but they don’t. The difference is that in the second instance, the child is choosing which stranger to talk to. Given that the overwhelming majority of people will help, the child is likely to get help if he chooses a random stranger. But if a stranger comes up to a child and talks to him or her, it’s not a random choice. It’s more likely, although still unlikely, that the stranger is up to no good.

I suppose it’s a form of the selection bias.

So do as @zambonini suggests, and head over to Omegle and talk to strangers!