The New York Times (reg.req.) has finally picked up a year-old article by security expert Bruce Schneier, taking the TSA to task for concentrating more on theater than actual security:
FOR theater on a grand scale, you can’t do better than the audience-participation dramas performed at airports, under the direction of the Transportation Security Administration.
As passengers, we tender our boarding passes and IDs when asked. We stand in lines. We empty pockets. We take off shoes. We do whatever is asked of us in these mass rites of purification. We play our assigned parts, comforted in the belief that only those whose motives are good and true will be permitted to pass through.
Of course, we never see the actual heart of the security system: the government’s computerized no-fly list, to which our names are compared when we check in for departure. The T.S.A. is much more talented, however, in the theater arts than in the design of secure systems. This becomes all too clear when we see that the agency’s security procedures are unable to withstand the playful testing of a bored computer-science student.
Four billion dollars to airport security that doesn't work. Could we expect anything more from this Administration (762 days, 2 hours left)?
Bruce Schneier writes today about a pernicious loss of privacy and our complacency about that:
Fewer conversations are ephemeral, and we’re losing control over the data. We trust our ISPs, employers and cellphone companies with our privacy, but again and again they’ve proven they can’t be trusted. Identity thieves routinely gain access to these repositories of our information. Paris Hilton and other celebrities have been the victims of hackers breaking into their cellphone providers’ networks. Google reads our Gmail and inserts context-dependent ads.
CNet raises an interesting problem: what happens if you die without telling anyone your passwords? It could be a real problem for your heirs:
"He did not keep a hard copy address book. I think everything was online," said [San Francisco poet William] Talcott's daughter, Julie Talcott-Fuller. "There were people he knew that I haven't been able to contact. It's been very hard."
"Yahoo (his e-mail provider) said it wouldn't give out the information due to privacy laws, but my dad is dead so I don't understand that," she said.
One solution is to use a secure password storage facility, like Bruce Schneier's Password Safe, and then put the master password in trusted escrow like a safe-deposit box or your attorney's office. Of course, you'll have to keep up with this, because you'll change your master password at least every three months, right?
