http://www.cbc.ca/news/viewpoint/vp_binks/20051111.html Georgie Binks CBC News Viewpoint November 11, 2005 Usually I spend my days as a freelance writer tied to my computer. My kids and neighbours know who I am; the mailman feels confident about leaving letters in my mailbox. The dog keeps any unwanted intruders out - it's quite simple. But last summer, I faced three different security situations away from my home which left me frustrated, humiliated and, oddly enough, no longer feeling secure. During a visit to Vancouver, I discovered I had forgotten my bank card in Toronto. After undergoing a cross-examination by my bank that included giving my mother's maiden name, recent transactions and money totals in each account, I had a new card. But to get it fully functional, I was forced to call the bank four more times and undergo another personal-identity interrogation, driven to patience only by the knowledge that a thief had easily lightened my bank account of $200 US south of the border in June. My second encounter was at Ozzfest, a heavy-metal concert I attended with my son in the United States. After undergoing a full-body search and being disarmed of plastic water bottles and blankets, but thankfully not my migraine pills, I wandered into a parking lot where many bands were playing. The lot was full of stones and rocks - which I could have thrown at anybody if I'd wanted. Security people just shrugged embarrassed when I confronted them about it. My final security stunner started out with your basic airport experience. I flashed all my photo ID to anyone who was interested (and many who were not), because my fear of flying has been replaced by a fear of not flying. Five days later, I watched as people waiting for travelling relatives strolled into the baggage area and wandered up stairs. I marveled at how they outwitted security - it was simple, when people walked out, others walked in. Such common security woes keep North Americans from their money, off planes and out of concerts, but do little to keep us safe from thieves or terrorist threats. The Fifth Estate showed the glaring reality of that this week, with its expose on the lack of effective security in airports. Marcus Shields, a computer security expert, says society is subjected to "movie plot security," a term coined by security guru Bruce Schneier. "An awful lot of the security measures you see in everyday life are not being done by institutions because they are terribly effective, but because they need to be seen to be doing something," says Shields, enterprise product manager with Soltrus, which is owned by VeriSign, a computer security company. "What you see in larger bureaucracies is increasingly intrusive measures, which at the least subject people to delays, and at the worst serious personal humiliation." The problem is much of this security starts to feel like a huge invisible straitjacket, meant to keep us safe from one another, but actually making modern life more impossible. The balance, says Shields, who was prevented last summer from photographing his daughter at a splash pool by security guards worried he would send pictures of her and other children over the internet, is: "How much inconvenience is it reasonable for the average person to put up with to gain a certain level of security back, and are those measures effective?" He adds, "In the computer industry, we have a push from governments and bureaucracies these days to collect personal information, but at the same time our mandate is to keep personal data private." The other problem is that many systems such as internet banking, there to make life easier, become more complicated if security is beefed up. Shields says, "The more complex and intrusive a security system gets, the less secure it becomes. That's because users either won't be able to figure it out and give up, or else they will find some way of end-running the system." He says if people have to remember a bunch of passwords, they end up putting them on sticky notes on their computers, which defeats the purpose of security. My worry is that while adults of higher intelligence can usually fight their way through bureaucracies, etcetera, what about those not as mentally apt, or young people? How are they ever going to learn to navigate their way through the ever-burgeoning security systems these days? Shields believes there are two answers. One is that people will rebel against this first wave of "movie plot security." Secondly, he thinks that security will have to become more sophisticated. Right now, he says, much security is relatively cheap and can be run by unskilled operators. Shields says, "I'm hoping we see the Israeli approach. The airline, El Al, constantly targeted by terrorists, doesn't ask you stupid questions. They have highly trained officers in plain clothes. It's expensive, but it's also the most effective form of security, much more so than this 'let's frisk everyone at the door' kind of thing." I'm now taking part in my own personal battle against "movie plot" security. When a bank clerk phoned me the other day and asked for my security information before he would continue to speak to me, I told him he could hang up if he didn't believe it was me. When I won that round, I asked if the conversation was being recorded and he answered, "Yes." Good, I answered, because I told him I was also recording the conversation for a story I was writing. It was nice to hear the nervousness in his voice for once - kind of like the way I feel when I am cross-examined incessantly for "security" reasons. I wonder if he felt any safer, or did he feel like the criminal Big Brother thinks we all are? _________________________________________ Earn your Master's degree in Information Security ONLINE www.msia.norwich.edu/csi Study IA management practices and the latest infosec issues. Norwich University is an NSA Center of Excellence.
This archive was generated by hypermail 2.1.3 : Mon Nov 14 2005 - 22:44:44 PST