Category Archives: Security

Security

Passengers Choose Scan Over Pat-Down

Leave a comment

Larry has released a new study called “Commercial Air Passengers Struggle to Balance Desire for Privacy and Security”

…an overwhelming 79 percent of air travelers believe protection of their privacy rights is important. When asked to balance privacy and security when traveling with commercial airlines, however, 61 percent said security is most important, while only 18 percent said personal privacy is most important. And given a choice between a full-body scan or pat-down, 59 percent said they would prefer the scan, 18 would opt for a pat-down, while 23 percent said they were unsure.

I suspect the overwhelming 79 percent equate security with reducing the risk of a plane crash. Is a false choice being asked?

If you ask me to choose privacy and dying in a plane crash or “security”, I would choose the latter. This is similar to the CBS survey that said around 80% do not mind the scanners for security. They do not ask if they would go through scanners that provide no benefit but a lot of risk.

Kudos to the 20% who still choose privacy first. Even if I answer that I put my life above privacy, I still will not go through one of the controversial scanners.

Why? They do not improve security, and yet they add unnecessary risks. I accept going through the old metal detector but not the xray.

Here’s a better question for the survey:

If you had $330 million to spend on security, would you spend it on something known to reduce risk or would you spend it on a few hundred x-ray machines that give no known benefit and have a high risk of health issues, privacy breaches and reputation damage?

Spend the money more wisely. Even airplane maintenance or air traffic control would be a better use of those funds. Just $30 million for further study of x-ray machines would be more than enough to encourage further development, and then you would get the best of all worlds.

Security

Draft the Rats into TSA

Leave a comment

A story in the Mercury News says 1,000 rats have been “rescued” from a home in Los Angeles by the Humane Society. They were just transported to a shelter in San Jose:

San Jose was selected as the vermin Ellis Island because Andy’s had an empty 5,000-square-foot room. “It’s very hard to find a landlord who will let you move in with a thousand rats,” noted Paul, entering a maternity ward where litters of baby rats already were swelling the population. […] The hoarder whose home had been ground zero for the rat swarm was not identified but was said to be receiving “ongoing mental health support.” His daughter brought home one pregnant rat, and when it had babies, the litter was not separated by gender.

The story points out that, since this happened in Los Angeles, neighbors notified a TV reality show first instead of human or animal care services. That says something about America, but I am not sure what. Perhaps it is people are not being very sympathetic, let alone empathetic, to their fellow citizens. On that note…

I hate to be the one to bring this up but 1,000 orphan rats sounds like a good case for APOPO Detection rats technology.

The training of mine detection rats is one of APOPO’s daily core activities. The procedure consists of several consecutive training phases, starting from early socialization at the age of four weeks, to final internal accreditation on real mines on APOPO’s test and training fields. At each training stage the rats have to pass a “blind” test before continuing to the next level. In such tests, trainers do not know where mines or training samples are located.

The APOPO rats are used in African countries for TNT mine detection. America could help that effort by drafting these rats into service. Perhaps they could be trained for domestic work as well. Imagine how pleased passengers at airports will be to find the controversial imaging scanners replaced with a family of cute and friendly service rats.

“We always say the world is divided up into rat lovers and people who haven’t met a rat yet,” said Paul, who had already met hundreds, and even patted down a few.

Combine a rat sniff-security test with a reality show (Fear factor: TSA edition) and everyone wins. A foursquare badge for being rat-sniffed completes this post-post-post-modern security picture.

History, Security

Blasts, Helmets and Brain Injury

Leave a comment

The Institute for Soldier Nanotechnologies at MIT together with the Defense and Veterans Brain Injury Center has released a study of blasts, helmets and brain injury. They set out to test a theory that military traumatic brain injury is made worse by the current helmet design.

Compared to the unhelmeted head, the head with helmet experienced slight mitigation of intracranial stresses. This suggests that the existing [Advanced Combat Helmet] ACH does not significantly contribute to mitigating blast effects, but does not worsen them either. By contrast, the helmet and face shield combination impeded direct transmission of stress waves to the face, resulting in a delay in the transmission of stresses to the intracranial cavity and lower intracranial stresses. This suggests a possible strategy for mitigating blast waves often associated with military concussion.

They designed and ran computer simulations, which concluded the opposite; a helmet does not make the blast effect worse but could be improved to reduce damage. The simulation found that the brain is exposed to blasts through the front of the skull due to the soft skin and holes (e.g. nose and eye sockets) — areas that offer the least protection. A face shield is therefore proposed.

The study is interesting because of evolving threats. Helmets have been studied for impact on a hard surface or for penetration by a sharp object. The rise in brain injuries led to a question about the suitability of existing helmets for the latest attack conditions.

Blast-induced traumatic brain injury is the most prevalent military injury in Iraq and Afghanistan, yet little is known about the mechanical effects of blasts on the human head, and still less is known about how personal protective equipment affects the brain’s response to blasts.

This study brought to mind Florence Nightingale’s “coxcomb” graph (now called a polar-area diagram). She illustrated her Notes on Matters Affecting the Health, Efficiency and Hospital Administration of the British Army in 1858 with this graphic showing cause of death in the Crimean War. Wounds (small red slices) caused only a small fraction of the overall body count. Diseases (big blue slices) were the biggest threat to life. The black slices denote an “other” category:

Her chart has been criticized for accuracy as well as style. A bar chart would be more contemporary but, in terms of this blast study on helmets and casualties, I have seen neither.

Security

Visa pilots mobile-payment with US Bank

1 Comment

Visa has finally released their mobile-payment pilot with US Bank.

After the chip is inserted, smart phone users download an application housed on a secure server controlled by U.S. Bank. The application authenticates the user and his password. The application also links the phone to a payment vehicle. U.S. Bank employees’ phones will be linked to the U.S. Bank’s AccelaPay, a Visa-branded prepaid payroll card. “Bank employees have been depositing money into their card accounts,” Venturo said. Montise plc and FIS, formerly known as Fidelity National Information Services, two mobile payment-service providers, developed an application that enables smart phone users to make purchases and check account balances as part of the pilot.

You may remember the promotional video from last May that showed how to “Streamline Your Ballgame Experience”. It starts with a sports fan that lost his wallet and says life would be soooooo much easier if he could make payments with his phone and “much less stressful” to not have to “figure out how much money to bring”:

Why is it so hard to calculate how much money to bring?

I guess it is easier to spend your money if you do not calculate your budget ahead of time. This is, after all, a promotional video for living on credit.

Anyway, security feels misrepresented by these press releases and videos. Here is a good example:

The marketing makes a case for less risk because you do not have to carry cash but instead carry something that can easily be replaced — a chip that makes payments.

The problem with this analysis is that, instead of a limited amount of cash, you are carrying an expensive and easily stolen or broken smart phone.

When an iPhone gets ripped out of your hand or dropped on the ground, dumped in your beer, etc. there will not be any more payments made unless you carry a spare iPhone. Cash is a lot more resilient. You also are more likely to be robbed waving around your $400 iPhone with payment chip just to make $10 beer and hot dog purchases.

Losing either one could be equivalent, except for the fact that proximity cloning of a payment chip would mean you could “lose” it without even realizing that it has been stolen. This is similar to identity “theft” when you still have your identity but it also is being shared around the world by criminals for fraud.

Speaking of proximity attacks, the press release gives a funny example why they think a phone is a more convenient option for payments:

If successful, Gajda thinks the smart phone could replace the wallet because of the phone’s location in consumers’ clothing.

“The smart phone is much closer to your hand than a wallet,” he said, explaining that men keep their smart phones in their front pants pocket and their wallets in their back pants pocket.

Maybe they should have called it the man-payment?

What if I put my wallet in my front pocket and my phone in my satchel?

I want my payment chip in a holster on my side so I can out-draw others. Whip up charges faster than anyone else who might be trying to make a payment. Bling, bling, bling…

So I see inexpensive and convenient in the marketing campaign but not a lot of…security. Looks like it might be getting swept under the rug.