Government Security and Terrorism
Modernizing Authentication — What It Takes to Transform Secure Access
But people at casinos are nice, and they're not strip-searching me. There's a culture of security, but it's a hospitality business.
Schneier: That's expensive. You can decide you want to pay it, you could have all the employees at a retail store be friendly, and hire an equal number of guards to look around. You get hospitality, and you get security, but you probably don't get profits. You might be able to train people to create that kind of culture, but that's expensive, too.
We made it through the election without a disaster, but concerns over electronic voting machines persist. Why can't government get such a basic security issue right?
Schneier: The security of voting machines points to two big issues. The first one is that security is actually very hard. People think technology magically makes security worries a thing of the past, but that's not true. These voting machine companies are no better than any other software or hardware computer company. And because the systems were proprietary--because the companies had a vested interest in keeping the flaws secret--the public didn't know about them.
That's why we need to have backup systems that work. When you have an insecure system, or a system that could be insecure, the way you make it secure is often by having secure backup procedures or secure procedures around the system. That's why people who understand computer security call for voter verifiable paper trails. Then, no matter what the machine is or what it does, whether it works or not, whether it's hackable or not, it's got a paper backup to fall back on if something happens.
The other issue with voting is that we only do it every other year. An ATM system gets used thousands of times a day, every day, so problems are found and fixed. With voting, we forget about it, so it's much harder to build up any institutional knowledge of how to do it. People came to the voting booths, and the machines were different this year. They've never been taught how to use them, and there isn't the familiarity they get with a VCR.
ATMs and gas pumps seem pretty secure. Are there institutional reasons why the government seems to get this stuff so wrong so often?
Schneier: There are a couple of reasons why things like automatic teller machines and gas pumps are more secure. The first one is, there's money involved. If someone hacks an ATM, the bank loses money, so the bank has a financial interest in making those ATMs secure.
If someone hacks a voting machine, nobody loses money. In fact, half the country is happy with the result. So it's much harder to get the economic incentives aligned.
The other issue about voting machines is that ballots are secret. A lot of the security in computerized financial systems is based on audits, on being able to unravel a transaction. If you go to an ATM and you push a bunch of buttons and you get out 10 times the cash you were supposed to, that's a mistake, but that mistake will be caught in audit. It's likely that the bank will figure out you got the money by accident, and it will be taken out of your account. Because ballots are secret, a lot of the auditing tools that we in the community have developed for financial systems don't apply.
What about airport security and its role in preventing terrorism? Does the government get that right? Since you recently took two bottles of liquid through a checkpoint, I'm guessing the answer is "no."
Schneier: The mistake is the focus. Counterterrorism in the United States is very much a political issue. It's important for politicians to defend against what the bad guys did last week, because they're going to look really bad if the terrorists do it again. So politicians are forced to spend more money defending against particular tactics than in defending against the broad threat.
The TSA [Transportation Security Administration] is the artifact of that. The terrorists used airlines in 2001 in a particular way, and we need to make sure they never do that particular thing again. So what we get is an institution focused on defending against tactics rather than against the threat. And, like any institution, once it's formed, the TSA has to continue to justify its existence. So you get an ever-increasing amount of airline security at the expense of general security.
Remember, every dollar spent taking away liquids is a dollar not being spent on Arabic translators. And taking away liquids only works if you're lucky enough to guess the plot correctly. Arabic translators work regardless of what the plot is.
There are two things [that have been effective]: reinforcing the cockpit doors and convincing passengers they have to fight back. Everything else has been a red herring. People have argued with me that sky marshals also have been effective, but it's not the sky marshals who are effective, it's the idea of sky marshals that is effective. If you convince the public that you have sky marshals, you don't actually need them.
Government seems to consistently mismanage IT projects. Why does this happen?
Schneier: Government is just big, and I think big is bad at this. If it's a massive company like an airline or an automobile manufacturer, they have the same problems with overrun systems. The difference is that they're more likely to pull the plug quicker, because they have a financial bottom line to worry about every year, every quarter. In contrast, government is more likely to have an entrenched bureaucracy.