A "secure" system can be the most dangerous of all
Two decades ago, my life changed forever: hearing Bruce Schneier explain that “security” doesn’t exist in the abstract. You can only be secure from some threat. A fire alarm won’t protect you from burglaries. A condom won’t protect you from mass shootings. It seems obvious, but how often do we hear about “security” without any mention of who is being made secure, and from which threat?
Take the US welfare system. It is very “secure” in that it is hedged in by a thicket of red-tape, audits, inspections and onerous procedures. To get food stamps, housing vouchers, or cash aid, you must navigate a Soviet-grade bureaucratic system of Kafkaesque proportions. Indeed, one of the great ironies of the post-Cold War world is that the USA has become a “Utopia Of Rules” (as David Graeber put it), subjecting everyday people to the state-run bureacracies that the USAUSAUSA set endlessly ridiculed the USSR for:
(The right says it wants to “shrink the US government until fits in a bathtub — and then drown it” — but not the whole government. They want unlimited government bloat for that part of the state that is dedicated to tormenting benefits claimants, especially if its functions are managed by a Beltway Bandit profiteer who bills Uncle Sucker up the wazoo for rubber-stamping “DENIED” on every claim.)
The US benefits system has a sophisticated, expensive, fully staffed anti-fraud system — but it’s a highly selective form of anti-fraud. The system is oriented solely to prevent fraud against itself, with no thought to protecting benefits recipients themselves from fraud.
And those recipients — by definition the poorest and most vulnerable among us — are easy pickings for continuous, ghastly, eye-watering acts of fraud. These benefits are distributed via prepaid debit cards — EBT Cards — that lack the basic security measures that every other kind of card has had for years. These are simple magstripe cards, lacking basic chip-and-pin defenses, to say nothing of contactless countermeasures.
That means that fraudsters can — and do — install skimmers in the point-of-sale terminals used by benefits recipients to withdraw their cash benefits, pay for food using SNAP (AKA Food Stamps), and receive other benefits.
It’s impossible to overstate how widespread these skimmers are, and how much money criminals make by stealing from poor people. Writing for Businessweek, Jessica Fu describes the mad scramble benefits recipients go through every month, standing by ATMs at midnight on the night of the first of every month in hopes of withdrawing the cash they use to pay for their rent and utility bills before it is stolen by a crook who captured their card number with a skimmer:
One of Fu’s sources, Lexisnexis Risk Solutions’s Haywood Talcove, describes these EBT cards as having the security of a “glorified hotel room key.” He recounts how US police departments saw a massive explosion in EBT skimming: from 300 complaints in January 2022 to 18,000 in January 2023.
The skimmer rings are extremely well organized. The people who install the skimmers — working in pairs, with one person to distract the cashier while the other quickly installs the skimmer — don’t know who they work for. Neither do the people who use cards cloned from skimmer data to cash out benefits recipients’ accounts. When they are arrested, they refuse to turn on their immediate recruiters, fearing reprisals against their families.
These low-level crooks stroll up to ATMs and feed a succession of cloned cards into them, emptying account after account. Or they swipe cards at grocery checkouts, buying cases of Red Bull and other easily sold grocery products with some victim’s entire SNAP balance.
Some police agencies are pursuing these criminal gangs and trying figure out who’s running them, but the authorities who issue SNAP cards are doing little to nothing to stop the pipeline at their end. Simply upgrading SNAP terminals to chip-and-pin would exponentially raise the cost and complexity that thieves incur.
Indeed, that’s why every other kind of payment card uses these systems. How is it that these systems were upgraded, while SNAP cards remain in mired in 20th century “glorified hotel room key” territory? Well, as our friends on the right never cease to remind us: “incentives matter.”
When your credit card gets cloned, it’s your banks and credit card company that pays for the losses, not you. So the banks demanded (and funded) the upgrade to new anti-fraud measures. By contrast, most states have no system for refunding stolen benefits to skimmers’ victims.
In other words, all of the anti-fraud in the benefits system is devoted to catching benefits cheating — a phenomenon that is so rare as to be almost nonexistent (1.54%), notwithstanding right wingers’ fevered, Reagan-era folktales about “welfare queens”:
Meanwhile, the most widespread and costly form of fraud in the benefits system — fraud perpetrated against benefits recipients — is blithely ignored.
Really, it’s worse than that. In deciding to protect the welfare system rather than welfare recipients, we’ve made it vastly harder for benefits claimants who’ve been victimized by fraudsters to remain fed and sheltered. After all, if we made it simple and straightforward for benefits recipients to re-claim money that was stolen from them, we’d make it that much easier to defraud the system.
“Security” is always and forever a matter of securing some specific thing, against some specific risk. In other words, security reflects values — it reveals whose risk matters, and whose doesn’t. For the American benefits system, risks to the system matter. Risks to people don’t.
It’s not just the welfare system that prioritizes its own risks against the people it exists to serve. Think of the systems used to fight drug abuse in clinical settings.
Medical facilities that use or dispense powerful pain-killers have exquisitely tuned, sophisticated, frequently audited security systems to prevent patients from tricking their doctors or pharmacists into administering extra drugs (especially opioids). “Extra” in this case means “more drugs than are strictly necessary to manage pain.”
The rationale for this is only incidentally medical. Someone who gets a little too much painkiller during a medical procedure or an acute pain episode is not at any particular risk of enduring harm — the risks are minor and easily managed (say, by keeping a patient in bed a little longer while they recover from sedation).
The real agenda here is preventing addiction and abuse by addicted people. There’s a genuine problem with opioid abuse, and that problem does have its origins in overprescription. But — crucially — that overprescription wasn’t the result of wimpy patients insisting on endless painkillers until they enslaved themselves to their pills.
Rather, the opioid epidemic has its origins in the billionaire Sackler crime family, whose Purdue Pharma used scientific fraud, cash incentives, and other deceptive practices to trick, coerce, or bribe doctors into systematically overprescribing their Oxycontin cash cow, even as they laundered their reputation with showy charitable donations:
The Sacklers got to keep their billions — and people undergoing painful medical procedures or living with chronic pain are left holding the bag, subject to tight pain-med controls that forces them to prove — through increasingly stringent systems — that they truly deserve their medicine.
In other words, the beneficiary of the opioid control system is the system itself — not the patients who need opioids.
There’s an extremely disturbing — even nightmarish — example of this in the news: the Yale Fertility Clinic, where hundreds of women endured unimaginably painful egg harvesting procedures with no anaesthesia at all.
These women had complained for years about the pain they suffered, and many had ended up needing emergency care after the fact because of traumatic injuries caused by undergoing the procedure without pain control. But the doctors and nurses at the Yale clinic ignored their screams of pain and their post-operative complaints.
It turned out that an opioid-addicted nurse had been swapping the fentanyl in the drug cabinet for saline, and taking the fentanyl home for her own use.
This made national headlines at the time, and it is the subject of “The Retrievals,” a new New York Times documentary series podcast:
If the pain medication management system was designed to manage pain, then these thefts would have been discovered early on. If the system was designed so that anyone who experienced pain was treated until the pain was under control, the deception would have been uncovered almost immediately.
As Stafford Beer said, “the purpose of any system is what it does.” The pain medication management system was designed to manage pain medication, not pain itself.
The system was designed to be secure from opioid-seeking addicted patients. It was not designed to make patients secure from pain. Its values — our values, as a society — were revealed through its workings.
If you’d like an essay-formatted version of this thread to read or share, here’s a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
[Image ID: A down-the-barrel view of a massive, battleship-gray artillery piece protruding from the brick battlement of a fortress. From the black depths of the barrel shines a red neon 'EBT' sign.]
A Hacker’s Mind is security expert Bruce Schneier’s latest book, released today. For long-time readers of Schneier, the subject matter will be familiar, but this iteration of Schneier’s core security literacy curriculum has an important new gloss: power.
https://wwnorton.com/books/9780393866667
If you’d like an essay-formatted version of this post to read or share, here’s a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
Schneier started out as a cryptographer, author of 1994’s Applied Cryptography, one of the standard texts on the subject. He created and co-created several important ciphers, and started two successful security startups that were sold onto larger firms. Many readers outside of cryptography circles became familiar with Schneier through his contribution to Neal Stephenson’s Cryptonomicon, and he is well-known in science fiction circles (he even received a Hugo nomination for editing the restaurant guide for MiniCon 34 in 1999).
But Schneier’s biggest claim in fame is as a science communicator, specifically in the domain of security. In the wake of the 9/11 bombings and the creation of a suite of hasty, ill-considered “security” measures, Schneier coined the term “security theater” to describe a certain kind of wasteful, harmful, pointless exercise, like forcing travelers to take off their shoes to board an airplane.
Schneier led the charge for a kind of sensible, reasonable thinking about security, using a mix of tactics to shift the discourse on the subject: debating TSA boss Kip Hawley, traveling with reporters through airport checkpoints while narrating countermeasures to defeat every single post-9/11 measure, and holding annual “movie-plot threat” competitions:
Most importantly, though, Schneier wrote long-form books that set out the case for sound security reasoning, railing against security theater and calling for policies that would actually make our physical and digital world more secure — abolishing DRM, clearing legal barriers to vulnerability research and disclosure, and debunking security snake-oil, from “unbreakable proprietary ciphers” to “behavioral detection training” for TSA officers.
Schneier inspired much of my own interest in cryptography, and he went on to design my wedding rings, which are cipher wheels:
And then he judged a public cipher-design contest, which Chris Smith won with “The Fidget Protocol”:
http://craphound.com/FidgetProtocol.zip
Schneier’s books — starting with 2000’s Secrets and Lies — follow a familiar, winning formula. Each one advances a long-form argument for better security reasoning, leavened with a series of utterly delightful examples of successful and hacks and counterhacks, in which clever people engage in duels of wits over the best way to protect some precious resource — or bypass that protection. There is an endless supply of these, and they are addictive, impossible to read without laughing and sharing them on. There’s something innately satisfying about reading about hacks and counterhacks — as authors have understood since Poe wrote “The Purloined Letter” in 1844.
A Hacker’s Mind picks up on this familiar formula, with a fresh set of winning security anaecdotes, both new and historical, and restates Schneier’s hypothesis about how we should think about security — but, as noted, Hacker’s Mind brings a new twist to the subject: power.
In this book, Schneier broadens his frame to consider all of society’s rules — its norms, laws and regulations — as a security system, and then considers all the efforts to change those rules through a security lens, framing everything from street protests to tax-cheating as “hacks.”
This is a great analytical tool, one that evolved out of Schneier’s work on security policy at the Harvard Kennedy School. By thinking of (say) tax law as a security system, we can analyze its vulnerabilities just as we would analyze the risks to, say, your Gmail account. The tax system can be hacked by lobbying for tax-code loopholes, or by discovering and exploiting accidental loopholes. It can be hacked by suborning IRS inspectors, or by suborning Congress to cut the budget for IRS inspectors. It can be hacked by winning court cases defending exotic interpretations of the tax code, or by lobbying Congress to retroactively legalize those interpretations before a judge can toss them out.
This analysis has a problem, though: the hacker in popular imagination is a trickster figure, an analog for Coyote or Anansi, outsmarting the powerful with wits and stealth and bravado. The delight we take in these stories comes from the way that hacking can upend power differentials, hoisting elites on their own petard. An Anansi story in which a billionaire hires a trickster god to evade consequences for maiming workers in his factory is a hell of a lot less satisfying than the traditional canon.
Schneier resolves this conundrum by parsing hacking through another dimension: power. A hack by the powerful against society — tax evasion, regulatory arbitrage, fraud, political corruption — is a hack, sure, but it’s a different kind of hack from the hacks we’ve delighted in since “The Purloined Letter.”
This leaves us with two categories: hacks by the powerful to increase their power; and hacks by everyone else to take power away from the powerful. These two categories have become modern motifs in other domains — think of comedians’ talk of “punching up vs punching down” or the critique of the idea of “anti-white racism.”
But while this tool is familiar, it takes on a new utility when used to understand the security dimensions of policy, law and norms. Schneier uses it to propose several concrete proposals for making our policy “more secure” — that is, less vulnerable to corruption that further entrenches the powerful.
That said, the book does more to explain the source of problems than to lay out a program for addressing them — a common problem with analytical books. That’s okay, of course — we can’t begin to improve our society until we agree on what’s wrong with it — but there is definitely more work to be done in converting these systemic analyses into systemic policies.
Next week (Feb 8-17), I'll be in Australia, touring my book Chokepoint Capitalism with my co-author, Rebecca Giblin. We'll be in Brisbane on Feb 8, and then we're doing a remote event for NZ on Feb 9. Next are Melbourne, Sydney and Canberra. I hope to see you!
https://chokepointcapitalism.com/
[Image ID: The WW Norton cover for Bruce Schneier's 'A Hacker's Mind.']
Bruce Schneier - an American cryptographer, computer security professional, privacy specialist and writer. See context at: https://www.schneier.com/blog/archives/2020/02/policy_vs_techn.html
Usando o microfone e os alto-falantes de um smartphone para escutar as senhas
Usando o microfone e os alto-falantes de um smartphone para escutar as senhas
Para quem gosta de segurança, hoje um postzinho interessante que acabou ficando aqui na fila algum tempinho. De acordo com um artigo publicado pelo Schneier ( um resumo, tal qual o que eu vou fazer aqui ) um grupo de pesquisadores conseguiu sucesso em um tipo de ataque bem interessante.
Ele é um tipo de ataque acústico onde é possível recuperar as senhas de uma pessoa, transformando o smartphone…