26 July 2004
July 25, 2004
SECURITY THEATER: A term first coined by security technologist Bruce Schneier in his 2003 book "Beyond Fear" to describe what generally passes for "security" these days -- namely presenting the appearance (and reassuring illusion) of security (or improved security) despite however ineffective in reality such postures really are to those who know what real security is all about. Also a favored approach to security by the United States government, even after September 11.
Below is an interesting thread about James Atkinson, a well-known TSCM specialist in Boston (www.tscm.com) -- who, after publicizing the goofy nature of physical security in/around the Fleet Center in advance of this week's Democratic National Convention, reports what he believes is harassment by the Department of Homeland Security and others, including the sudden and unannounced shutdown of his TSCM mailing list by Yahoo last week.
Apparently James was (unofficially) informed that "Yahoo was contacted by a "Federal Law Enforcement Agency" and asked to disable the TSCM list as it posed a national security threat. Also, his contact stated that on Friday afternoon Yahoo was served with a formal request by the US government for copies of all list members, and copies of the thousands of messages and postings that were made to the list, plus a history of everything he had ever subscribed to or posted."
If the events listed below are true (and knowing James' competence, I have no reason to think otherwise) and while DHS may view him as a "troublemaker" I think it's a refreshing (and much-needed) situation to have an otherwise objective and competent security expert take a look at the state of "improved security post-911" and report publicly their findings without the usual watering-down, politicization, or classification of such matters by those responsible who seek to avoid embarrassment or accountability for their actions -- or lack thereof.
We need more such disclosures, not less. Otherwise, we're forced to accept the government's word on things being "better, safer, or more secure" than they really are -- a reality not overlooked by those who might seek to attack us, even absent such publicized disclosures like this one. Pretending vulnerabilities don't exist doesn't make anyone any safer and actions that perpetuate such a mindset are a concrete demonstration of security theater in action.
For your reference, the situation involving Atkinson can be found at the following links:
18 July - What's Wrong with Security at the DNC in Boston
21 July - DHS Contacts Cryptome to Complain
23 July - Eyeballing the DNC Protest Pen (AKA "Free Speech Zone")
25 July - Yahoo Shuts down TSCM Mailing List
25 July - DNC Radio Frequencies Discovered
25 July - Additional Comments about DNC Security Operations
A lesson our government has yet to learn -- even after the renewed interest in security theory post-911 -- is that security through obscurity does not work. Neither does saying "trust us, but don't ask any questions."
Sadly, the more things change, the more they stay the same.