Podcast: Crypto-Gram 15 December 2008:
Podfrom the Dec 15, 2008 Crypto-Gram Newsletter
by Bruce Schneier
* Lessons from Mumbai
Without discounting the awfulness of the events, I have some initial observations:
- low-tech is very effective.
- the attacks had a surprisingly low body count.
- terrorism is rare.
- specific countermeasures don't help against these attacks.
lesson: not to focus too much on the specifics of the attacks
* Communications During Terrorist Attacks are *Not* Bad
It helps people, calms people, and actually reduces the thing the terrorists are trying to achieve: terror.
* Audit
Most security against crime comes from audit. Of course we use locks and alarms, but we don't wear bulletproof vests. The police provide for our safety by investigating crimes after the fact and prosecuting the guilty: that's audit.
Audit helps ensure that people don't abuse positions of trust.
The whole NSA warrantless eavesdropping scandal was about this. Some misleadingly painted it as allowing the government to eavesdrop on foreign terrorists, but the government always had that authority. What they wanted was to not be subject to audit.
* The Future of Ephemeral Conversation
Ephemeral conversation is dying.
Cardinal Richelieu famously said, "If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged." When all our ephemeral conversations can be saved for later examination, different rules have to apply.
* "Here Comes Everybody" Review
In 1937, Ronald Coase answered one of the most perplexing questions in economics: if markets are so great, why do organizations exist? Why don't people just buy and sell their own services in a market instead? Coase, who won the 1991 Nobel Prize in Economics, answered the question by noting a market's transaction costs: buyers and sellers need to find one another, then reach agreement, and so on. The Coase theorem implies that if these transaction costs are low enough, direct markets of individuals make a whole lot of sense. But if they are too high, it makes more sense to get the job done by an organization that hires people.
length: 25:45m
PS: this is my cheat sheet of Bruce Schneier's Podcast:
http://www.schneier.com/crypto-gram-0812.html
by Bruce Schneier
* Lessons from Mumbai
Without discounting the awfulness of the events, I have some initial observations:
- low-tech is very effective.
- the attacks had a surprisingly low body count.
- terrorism is rare.
- specific countermeasures don't help against these attacks.
lesson: not to focus too much on the specifics of the attacks
* Communications During Terrorist Attacks are *Not* Bad
It helps people, calms people, and actually reduces the thing the terrorists are trying to achieve: terror.
* Audit
Most security against crime comes from audit. Of course we use locks and alarms, but we don't wear bulletproof vests. The police provide for our safety by investigating crimes after the fact and prosecuting the guilty: that's audit.
Audit helps ensure that people don't abuse positions of trust.
The whole NSA warrantless eavesdropping scandal was about this. Some misleadingly painted it as allowing the government to eavesdrop on foreign terrorists, but the government always had that authority. What they wanted was to not be subject to audit.
* The Future of Ephemeral Conversation
Ephemeral conversation is dying.
Cardinal Richelieu famously said, "If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged." When all our ephemeral conversations can be saved for later examination, different rules have to apply.
* "Here Comes Everybody" Review
In 1937, Ronald Coase answered one of the most perplexing questions in economics: if markets are so great, why do organizations exist? Why don't people just buy and sell their own services in a market instead? Coase, who won the 1991 Nobel Prize in Economics, answered the question by noting a market's transaction costs: buyers and sellers need to find one another, then reach agreement, and so on. The Coase theorem implies that if these transaction costs are low enough, direct markets of individuals make a whole lot of sense. But if they are too high, it makes more sense to get the job done by an organization that hires people.
length: 25:45m
PS: this is my cheat sheet of Bruce Schneier's Podcast:
http://www.schneier.com/crypto-gram-0812.html
posted by omarg at
8:40 AM
0 Comments:
Post a Comment
<< Home