[attrition] Security Theater: Security expert draws DHS ire in Boston

security curmudgeon jericho at attrition.org
Mon Jul 26 04:56:44 EDT 2004



---------- Forwarded message ----------
From: Richard Forno <rforno at infowarrior.org>


SECURITY THEATER: A term first coined by security technologist Bruce
Schneier in his 2003 book "Beyond Fear" to describe what generally passes
for "security" these days -- namely presenting the appearance (and
reassuring illusion) of security (or improved security) despite however
ineffective in reality such postures really are to those who know what
real security is all about.  Also a favored approach to security by the
United States government, even after September 11.

Below is an interesting thread about James Atkinson, a well-known TSCM
specialist in Boston (www.tscm.com) -- who, after publicizing the goofy
nature of physical security in/around the Fleet Center in advance of this
week's Democratic National Convention, reports what he believes is
harassment by the Department of Homeland Security and others, including
the sudden and unannounced shutdown of his TSCM mailing list by Yahoo last
week.

Apparently James was (unofficially) informed that "Yahoo was contacted by
a "Federal Law Enforcement Agency" and asked to disable the TSCM list as
it posed a national security threat. Also, his contact stated that on
Friday afternoon Yahoo was served with a formal request by the US
government for copies of all list members, and copies of the thousands of
messages and postings that were made to the list, plus a history of
everything he had ever subscribed to or posted."

If the events listed below are true (and knowing James' competence, I have
no reason to think otherwise) and while DHS may view him as a
"troublemaker" I think it's a refreshing (and much-needed) situation to
have an otherwise objective and competent security expert take a look at
the state of "improved security post-911" and report publicly their
findings without the usual watering-down, politicization, or
classification of such matters by those responsible who seek to avoid
embarrassment or accountability for their actions -- or lack thereof.

We need more such disclosures, not less. Otherwise, we're forced to accept
the government's word on things being "better, safer, or more secure" than
they really are -- a reality not overlooked by those who might seek to
attack us, even absent such publicized disclosures like this one.
Pretending vulnerabilities don't exist doesn't make anyone any safer and
actions that perpetuate such a mindset are a concrete demonstration of
security theater in action.

For your reference, the situation involving Atkinson can be found at the
following links:

21 July - DHS Contacts Cryptome to Complain
http://cryptome.org/nicc-cryptome.htm

23 July - Eyeballing the DNC Protest Pen (AKA "Free Speech Zone")
http://cryptome.org/dncpen-eyeball.htm

25 July - What's Wrong with Security at the DNC in Boston
http://cryptome.org/dnc-insec.htm

25 July - Yahoo Shuts down TSCM Mailing List
http://cryptome.org/dncsec-yahoo.htm

25 July - DNC Radio Frequencies Discovered
http://cryptome.org/dnc-radio.htm

25 July - Additional Comments about DNC Security Operations
http://cryptome.org/dnc-apeshit.htm

A lesson our government has yet to learn -- even after the renewed
interest in security theory post-911 -- is that security through obscurity
does not work.  Neither does saying "trust us, but don't ask any
questions."

Sadly, the more things change, the more they stay the same.

-rick
infowarrior.org



More information about the attrition mailing list