Tag Archives: security

The CCTV Trade-Off

That CCTV doesn’t substantially help in reducing crime has been shown beyond reasonable doubt, proposes Bruce Schneier, so now the pressing question is whether or not the benefits security cameras do afford are worthwhile.

There are exceptions, of course, and proponents of cameras can always cherry-pick examples to bolster their argument. These success stories are what convince us; our brains are wired to respond more strongly to anecdotes than to data. But the data are clear: CCTV cameras have minimal value in the fight against crime. […]

The important question isn’t whether cameras solve past crime or deter future crime; it’s whether they’re a good use of resources. They’re expensive, both in money and in their Orwellian effects on privacy and civil liberties. Their inevitable misuse is another cost. […] Though we might be willing to accept these downsides for a real increase in security, cameras don’t provide that.

In August 2009 Schneier discussed a report that showed only one crime per thousand cameras per year is solved because of CCTV and quotes David Davis MP saying that “CCTV leads to massive expense and minimum effectiveness. It creates a huge intrusion on privacy, yet provides little or no improvement in security.”

A Home Office study also concluded that cameras had done “virtually nothing” to cut crime (although they were effective in preventing vehicle crimes in car parks), but do “help communities feel safer” (a case of classic security theatre).

Terrorism and Our Responses

Shortly after the Northwest Airlines Flight 253 incident, Bruce Schneier provided links to a number of articles that published interviews, quotes or essays from him. As expected, Schneier calmly reiterates his old advice that is as valid now as it was pre-9/11.

The one not to miss: Is aviation security mostly for show?

The best defenses against terrorism are largely invisible: investigation, intelligence, and emergency response. But even these are less effective at keeping us safe than our social and political policies, both at home and abroad. […]

Despite fearful rhetoric to the contrary, terrorism is not a transcendent threat. A terrorist attack cannot possibly destroy a country’s way of life; it’s only our reaction to that attack that can do that kind of damage. The more we undermine our own laws, […] the more we reduce the freedoms and liberties at the foundation of our societies, the more we’re doing the terrorists’ job for them. […]

We’d do much better by leveraging the inherent strengths of our modern democracies and the natural advantages we have over the terrorists: our adaptability and survivability, our international network of laws and law enforcement, and the freedoms and liberties that make our society so enviable.

In an interview with The Atlantic‘s Jeffrey Goldberg Schneier was asked if we are “moving toward the Israelification” of airport security. Unsure what Israelification referred to, a quick search led to an excellent article discussing how airport security works in Israel:

Israelis, unlike Canadians and Americans, don’t take s— from anybody. When the security agency in Israel (the ISA) started to tighten security and we had to wait in line for — not for hours — but 30 or 40 minutes, all hell broke loose here. We said, ‘We’re not going to do this. You’re going to find a way that will take care of security without touching the efficiency of the airport.

That, in a nutshell is “Israelification” – a system that protects life and limb without annoying you to death.

Interestingly, a large proportion of Israel’s airport security is rooted in behavioural profiling: the meta-data.

Seven Psychological Principles Con Artists Exploit

Inherent human vulnerabilities need to be taken into account when designing security systems/processes, suggests a study that looks at a dozen confidence tricks from the UK TV show The Real Hustle to determine recurring behavioural patterns con artists use to exploit victims.

The study was a collaboration between Frank Stajano of the University of Cambridge Computer Laboratory and Paul Wilson, writer and producer of the aforementioned TV show (Wilson was an IT consultant for twelve years before moving into entertainment).

The seven principles of human behaviour that con artists exploit, according to the article:

  • The distraction principle: While you are distracted by what retains your interest, hustlers can do anything to you and you won’t notice.
  • The social compliance principle: Society trains people not to question authority. Hustlers exploit this “suspension of suspiciousness” to make you do what they want.
  • The herd principle: Even suspicious marks will let their guard down when everyone next to them appears to share the same risks. Safety in numbers? Not if they’re all conspiring against you.
  • The dishonesty principle: Anything illegal you do will be used against you by the fraudster, making it harder for you to seek help once you realize you’ve been had.
  • The deception principle: Thing and people are not what they seem. Hustlers know how to manipulate you to make you believe that they are.
  • The need and greed principle: Your needs and desires make you vulnerable. Once hustlers know what you really want, they can easily manipulate you.
  • The Time principle: When you are under time pressure to make an important choice, you use a different decision strategy. Hustlers steer you towards a strategy involving less reasoning.

via Schneier on Security

Resources on the Psychology of Security and Risk

Professor of Security Engineering at the Computer Laboratory, University of Cambridge, Ross Anderson, has compiled a comprehensive resource page on the psychology of risk and security. The resources themselves are divided into seven section, to wit:

  • Introductory Papers
  • Deception
  • Security and Usability
  • Social Attitudes to Risk
  • Behavioural Economics of Security
  • Miscellaneous Papers
  • Other (Conferences, Websites/Blogs, Books)

From the introduction:

A fascinating dialogue is developing between psychologists and security engineers. At the macro scale, societal overreactions to terrorism are founded on the misperception of risk and uncertainty, which has deep psychological roots. At the micro scale, more and more crimes involve deception. […] Security is both a feeling and a reality, and they’re different. The gap gets ever wider, and ever more important.

At a deeper level, the psychology of security touches on fundamental scientific and philosophical problems. The ‘Machiavellian Brain’ hypothesis states that we evolved high intelligence not to make better tools, but to use other monkeys better as tools: primates who were better at deception, or at detecting deception in others, left more descendants. Conflict is also deeply tied up with social psychology and anthropology, while evolutionary explanations for the human religious impulse involve both trust and conflict.

via Schneier

Privacy Salience and Social Networking Sites

Privacy could become a competitive feature of social networking sites, suggests Bruce Schneier in an article that looks at the interesting topic of privacy salience: the suggestion that privacy reassurances make people more, not less, concerned.

Privacy salience does a lot to explain social networking sites and their attitudes towards privacy. From a business perspective, social networking sites don’t want their members to exercise their privacy rights very much. They want members to be comfortable disclosing a lot of data about themselves.

[…] Users care about privacy, but don’t really think about it day to day. The social networking sites don’t want to remind users about privacy, even if they talk about it positively, because any reminder will result in users remembering their privacy fears and becoming more cautious about sharing personal data. But the sites also need to reassure those “privacy fundamentalists” for whom privacy is always salient, so they have very strong pro-privacy rhetoric for those who take the time to search them out. The two different marketing messages are for two different audiences.