From: Bruce Schneier [SMTP:schneier@counterpane.com]
To: crypto-gram@chaparraltree.com
Cc:
Subject: CRYPTO-GRAM, May 15, 2004
Sent: 5/15/2004 1:46 AM
Importance: Normal
CRYPTO-GRAM
May 15, 2004
by Bruce Schneier
Founder and CTO
Counterpane Internet Security, Inc.
schneier@counterpane.com
A free monthly newsletter providing summaries, analyses, insights, and
commentaries on security: computer and otherwise.
Back issues are available at
crypto-gram-subscribe@chaparraltree.com.
Crypto-Gram also has an RSS feed at
** *** ***** ******* *********** *************
In this issue:
Warrants as a Security Countermeasure
Counterterrorism in Airports
Crypto-Gram Reprints
News
Counterpane News
Security Notes from All Over: Bypassing the USPS
The Doghouse: Markland Technologies
The Doghouse: IQ Networks
National Security Consumers
Comments from Readers
** *** ***** ******* *********** *************
Warrants as a Security Countermeasure
Years ago, surveillance meant trench-coated detectives following people
down streets.
Today's detectives are more likely to be sitting in front of a
computer, and the surveillance is electronic. It's cheaper, easier and
safer. But it's also much more prone to abuse. In the world of cheap
and easy surveillance, a warrant provides citizens with vital security
against a more powerful police.
Warrants are guaranteed by the Fourth Amendment and are required before
the police can search your home or eavesdrop on your telephone
calls. But what other forms of search and surveillance are covered by
warrants is still unclear.
An unusual and significant case recently heard in Nassau County's
courts dealt with one piece of the question: Is a warrant required
before the police can attach an electronic tracking device to someone's
car?
It has always been possible for the police to tail a suspect, and
wireless tracking is decades old. The only difference is that it's now
much easier and cheaper to use the technology.
Surveillance will continue to become cheaper and easier -- and less
intrusive. In the Nassau case, the police hid a tracking device on a
car used by a burglary suspect, Richard D. Lacey. After Lacey's
arrest, his lawyer sought to suppress evidence gathered by the tracking
device on the grounds that the police did not obtain a warrant
authorizing use of the device and that Lacey's privacy was violated.
It was believed to be the first such challenge in New York State and
one of only a handful in the nation. A judge ruled Thursday that the
police should have obtained a warrant. But he declined to suppress the
evidence -- saying the car belonged to Lacey's wife, not to him, and
Lacey therefore had no expectation of privacy.
More and more, we are living in a society where we are all tracked
automatically all of the time.
If the car used by Lacey had been outfitted with the OnStar system, he
could have been tracked through that. We can all be tracked by our
cell phones. E-ZPass tracks cars at tunnels and bridges. Security
cameras record us. Our purchases are tracked by banks and credit card
companies, our telephone calls by phone companies, our Internet surfing
habits by Web site operators.
The Department of Justice claims that it needs these, and other, search
powers to combat terrorism. A provision slipped into an appropriations
bill allows the FBI to obtain personal financial information from
banks, insurance companies, travel agencies, real estate agents,
stockbrokers, the U.S. Postal Service, jewelry stores, casinos and car
dealerships without a warrant.
Starting this year, the U.S. government is photographing and
fingerprinting foreign visitors coming into this country from all but
27 other countries. CAPPS II (Computer Assisted Passenger Prescreening
System) will probe the backgrounds of all passengers boarding
flights. Over New Year's, the FBI collected the names of 260,000
people staying at Las Vegas hotels. More and more, the "Big Brother is
watching you" style of surveillance is becoming a reality.
Unfortunately, the debate often gets mischaracterized as a question
about how much privacy we need to give up in order to be
secure. People ask: "Should we use this new surveillance technology to
catch terrorists and criminals, or should we favor privacy and ban its
use?"
This is the wrong question. We know that new technology gives law
enforcement new search techniques, and makes existing techniques
cheaper and easier. We know that we are all safer when the police can
use them. And the Fourth Amendment already allows even the most
intrusive searches: The police can search your home and person.
What we need are corresponding mechanisms to prevent abuse. This is
the proper question: "Should we allow law enforcement to use new
technology without any judicial oversight, or should we demand that
they be overseen and accountable?" And the Fourth Amendment already
provides for this in its requirement of a warrant.
The search warrant -- a technologically neutral legal requirement --
basically says that before the police open the mail, listen in on the
phone call or search the bit stream for key words, a "neutral and
detached magistrate" reviews the basis for the search and takes
responsibility for the outcome. The key is independent judicial
oversight; the warrant process is itself a security measure protecting
us from abuse and making us more secure.
Much of the rhetoric on the "security" side of the debate cloaks one of
its real aims: increasing law enforcement powers by decreasing its
oversight and accountability. It's a very dangerous road to take, and
one that will make us all less secure. The more surveillance
technologies that require a warrant before use, the safer we all are.
This essay originally appeared in Newsday:
** *** ***** ******* *********** *************
Counterterrorism in Airports
It's just a pilot program, but undercover security officers are roaming
Boston's Logan Airport, looking for suspicious people who may be
planning a terrorist act. It's got a fancy name, "behavior pattern
recognition," but basically it means "be on the lookout for suspicious
people."
I think this is the best thing to happen to airplane security since
they reinforced the cockpit doors.
I've long argued that traditional airport security is largely
useless. Air travelers -- the innocent ones -- are subjected to all
sorts of indignities in the name of security. Again and again we read
studies about how bad the checkpoints are at keeping weapons out of
airports. The system seems to do nothing more than irritate honest
people. (Remember, when airport security takes a pair of scissors away
from an innocent grandma, that's a security failure. It's a false
positive. It's not a success.)
Well-trained officers on the lookout for suspicious people is a great
substitute.
The devil is in the details, of course. All too often "he's acting
suspicious" really translates to "he's black." Well-trained is the key
to avoiding racism, which is both bad for society and bad for
security. But security is inherently about people, and smart observant
people are going to notice things that metal detectors and X-ray
machines will miss.
Of course, machines are better at ducking charges of prejudice. It may
be less secure to have a computer decide who to wand, or to have random
chance decide whose baggage to open, but it's easier to pretend that
prejudice is not an issue. "It's not the officer's fault; the computer
selected him" plays well as a defense. And in a world where security
theatre still matters more than security, this is an important
consideration.
For about a year now, I've been saying we can improve airport security
by doing away with the security checkpoints and replacing them with
well-trained officers looking out for suspicious activity. It'll
probably never happen, but at least this is a start.
http://www.cbsnews.com/stories/2004/04/16/terror/main612369.shtml
** *** ***** ******* *********** *************
No comments:
Post a Comment