Bruce Schneier's book Beyond Fear should be on everyone's reading list for 2005 if you have not already been enlightened by it.

Most common analyses of security in the United States structure themselves around two key questions:1. Will the security measures being contemplated "keep us safe?" 2. Will the security measures being contemplated "keep us safe?"

Ironically enough, the answer to either of those questions (and yes, I know they are actually the same question) doesn't even have to be yes. Take the USA PATRIOT Act, for instance. Are we measureably safer because the FBI can examine our library records without our knowledge? Has such a measure been proven to reduce the terrorist threat? Have terrorists been caught and punished because their library records were examined?

Of course not. The FBI always had the power to examine library records. It just needed a subpoena to do so. Now, however, they can saunter on down the library any old time they want and examine the records of whomever they choose. In addition, those pesky librarians must keep their mouths shut (by law) about FBI activities. The net effect of losing the privacy of our library records is that the cost of terrorism went up nearly imperceptibly. Now, instead of checking out books at the library and keeping them for four weeks, terrorists will be forced to buy new and used books and keep them indefinitely. I'm sure Osama is shaking in his sandals.

Bruce Schneier has been known for years in computer security and cryptography circles. Now, he has given us a remarkably well written and accessible tome about security in general.

In Beyond Fear, Schneier provides remarkably lucid analysis of security problems and solutions. He breaks down what security really means to various people and how it can be (hopefully) obtained in a clear and structured manner.

For instance, he analyzes the various countermeasures taken by homeowners to prevent burglary. Some measures (door locks and window bars, for instance) are cheap, widely available, and effective. Others (alarm systems, surveillance cameras, and armed guards) are expensive and offer very little to the average homeowner. Some measures (putting a minefield in your yard) are effective but illegal. At some point, nearly everyone makes decisions about the security of their home. I know people who do not lock their home during the day while they are at work because they live in a town where burglaries are very uncommon. For those individuals, the hassle of a locked door is worse for them than the fear someone will break into their home. By comparison, I prefer to lock my doors when I leave home though I am in no way considering putting bars on my windows.

In addition to general security, Schneier carefully dissects commercial aviation security:

The current airline security process isn't perfect. Because the government has removed the responsibility of security from the airlines, the airlines have a different agenda. Their goal is not to do the best security job possible, but rather to do the cheapest job that follows the letter of whatever government regulations they are required to follow.

security against terrorism: Here's the bottom line when you realistically and unemotionally assess the risk to your personal security of a terrorist attack: If you don't live in a major coastal metropolitan city or next to a nuclear power plant or chemical factory, you're more likely to die of a bee sting than a terrorist attack. Even if you do live in a big city or next door to a power plant, the odds of being a terrorist victim are still vanishingly small. Any precautions you take should be directed toward and in proportion to those risks.

...

Ironically, in the two years since 9/11, we've got the security level mostly right but the costs wildly wrong. The security we're getting against terrorism is largely ineffective, although it's probably commensurate with the minimal level of risk that actually exists. But it comes at an enormous expense, both monetarily and in loss of privacy.

...

In general the costs of counterterrorism are simply too great for the security we're getting in return, and the risks don't warrant the extreme trade-offs we've been asked to make security against cyberterrorism:

But imagine for a minute the leadership of Al Qaeda sitting in a cave somewhere, plotting the next move in their jihad against the U.

  1. one of the leaders jumps up and exclaims: "I have an idea! We'll disable their e-mail...."

and even security as practiced by members of the animal kingdom:

A rabbit's primary defense is running away. It's a fine defense, a useful countermeasure that almost everyone has used at one time or another. But it only works, of course, if you can outrun your attackers--by being faster, by being able to run longer, or by being clever about losing your pursuers....

Most herbivores tend to win on distance, which is why carnivores spend so much effort trying to sneak up close to their prey.

Clearly, the book is wide ranging. And, while Schneier condemns policies and procedures created by the current Administration, he really has no partisan axes to grind in this book. He couldn't care less about who implemented useless security; he just cares that the security was both useless and expensive. The book's agenda is not to bash one person, party, or government agency; the book's agenda is to make people think about security in a deeper and more meaningful way.

For instance, since reading the book, I've come to realize that my local video rental store has a fundamental security problem. They want to both identify customers (to make sure that we're who we say we are) and authorize customers (to make sure that we're allowed to rent movies). Towards that end, they require some form of picture ID when an account is created (identification). Once the account is created, a card is given to the customer as a form of authorization.

Once that card is handed out, customers can use it check out movies without proving their identity again. So, if I lost my card and it was recovered by someone else, they could rent (steal) movies in my name and the video store would be none the wiser. In other words, using this procedure they can authorize people but not identify them.

However, if a customer attempts to rent a movie without their card, the clerks request a photo id from the customer. The photo on the ID is checked against the person standing across from the clerk while the name on the ID is then checked against the computer record to authorize the customer. This method is significantly more secure. The authorization token is the computer record which cannot be carted around and lost by customers. In addition, identification is nearly almost always positive since the picture on an ID can be checked against the customer standing there. Of course, one could provide a fake ID, but who is going to fake an ID in my name just to steal a few videos from Video Station?

The local video store obviously did some security calculations in another part of their business, however. There used to be just two checkout locations on one side of a square front counter. Customers paid for videos and then were handed the videos on the other side of an anti-shoplifting device.

In recent months, the anti-shoplifting device has gone away and customers can now pay for their videos on two sides of the square counter. This doubled the number of possible checkout lanes from two to four. Clearly, the store determined that it was more important to their bottom line to limit the amount of time customers spent in line than it was to guard against some relatively small amount of shoplifting.

Everyone should read this book. With security policies and procedures becoming more commonplace all the time, the United States has a vested interest in having an informed citizenry that can intelligently think about and debate security policies, procedures, risks, and trade-offs. Beyond Fear is a truly interesting and accessible starting point towards that end.