Bureaucrats only expect compliance under threat of punishment. Other people will figure out, even if only by trial and error, how to break any system at its weakest points. See Kevin Mitnick on 'social engineering', or--if you are the sort of authoritarian who won't listen to a felon but is impressed by prizes and tenure--any anecdote by Richard Feinman. I can also thoroughly recommend this post by edjog of the Distreputable Lazy Aliens website:

I don't usually go into much detail about offences I committed whilst in active addiction, for a number of reasons which are beyond the scope of this post but, with the UK Government's headlong rush toward ID Cards seemingly based in much part around the notion that such a scheme will reduce crime, it seems appropriate. I've been prosecuted for what I'm about to talk about anyway: paid my debt to society and no longer commit crime. You don't think a self-confessed law-breaker has anything relevant to say about this issue? Fine: bury your head in the sand; it's your taxes paying for the scheme.

Read the whole thing, as they say.

The author has kindly offered NO2ID syndication rights, so any magazines interested in new angles on the lamentable scheme for a non-webical audience should get in touch.

Rob Fisher blogs about Monday's USA Today front page a story about a new X-Ray machine for use in airports that can see through clothing. The machine apparently generates images that, “paint a revealing picture of a person’s nude body".

He points out that the article does not even touch on the need for such machines.

Are not current metal detectors adequate for preventing people from getting on an aeroplane with firearms?

If an airline says it wants me to walk through this machine as a condition of getting on one of their planes, that is one thing: it’s a private company deciding that this is a necessary measure to protect its customers or keep down its insurance costs. It’s their aircraft, they can quite rightly refuse to allow on anyone they feel like for whatever reason.

But if the government mandates the use of these machines, then that’s the government forcing airlines and airports into doing something they and their passengers likely don’t want to do. It’s governments yet again abusing their power to achieve nothing of value to anyone except politicians who want to look like they’re doing something useful.

Dr Eamonn Butler writes on the Adam Smith Institute Blog:

Soon after 9/11, Britain introduced draconian anti-terrorist legislation that included the power to imprison suspected terrorists without trial. It required an abrogation of human rights laws, and was a denial of habeas corpus: but the argument was that in some cases, producing evidence in a trial might expose secret sources or prejudice the lives and safety of the security services and their informers.

Not surprisingly, the High Court objected. So last week, Britain's Home Secretary, Charles Clarke, replied that instead of detaining suspects in prison, he would keep them under house arrest, bar them using the internet and mobile phones, and so on.

Home Office ministers said we shouldn't worry about this, because nice Mr Clarke would keep all such detentions under constant review. And because it only applies to international terrorists. But then other ministers said it might apply to animal rights campaigners too, since they were pretty dangerous characters. Err...where is this going to end?

Sure, a liberal order must protect itself from those who would destroy liberalism itself. And maybe, at times, you have to act illiberally to do that. But you should still act according to the rule of law. If there is evidence, it should be produced in court. If the evidence is too sensitive to be made public, then it should be heard in private before qualified judges. At the moment we are jailing people, and soon we will be imprisoning them in their homes, on the say-so of a politician. That is scary.

The War on Terror, like any war, provides the opportunity for certain technologies to be developed at an accelerated pace. The problem is that we seem to depend on the rather glib assertion that without freedom there is no prosperity. This is fine so long as government is concerned with prosperity. But how long do people have to wait in societies where an élite puts the power to rule ahead of prosperity? As George Orwell put it in Hommage to Catalonia: "We don't grasp it's [totalitarianism's] full implications, because in our mystical way we feel that a régime founded on slavery must collapse. But it is worth comparing the duration of the slave empires of antiquity with that of any modern state. Civilisations founded on slavery have lasted for such periods as four thousand years."

With this thought in mind, from Tech Central Station:

Chemical detectors may provide, by the way, the greatest advance in counter-insurgent capabilities. Biochips will make it possible for self-directed UAVS to seek out explosives, including those used in small arms, and chemical and biological agents. They will also enable the identification and tracking of thousands or even millions of individuals in a monitored area based on their "smell."

Red Herring has an article about Supernova panel moderated by Doc Searls that discusses Fighting networked wars.

John Robb, author: Warfare is changing to an attack on critical points in infrastructures to create damage far beyond the cost of an attack. Al Qaeda sees the West as a system that it must attack on a distributed basis to make the most of its limited resources.

How do you fight these folks? Looking at the size of these networks, what is characteristic of al Qaeda and affiliated organizations looks like a crime network combined with traditional terror. They have mastered terrorist best practices and that has allowed him to unplug the organization from nation-states, which subverts the nation-state system itself. Al Queda is in a new zone. They have no restrictions on behavior.

A distributed problem has to have a distributed response.

Exactly, and that is one of the central arguments of White Rose, if you address a distributed threat such as terrorism by tightening and establishing centrally imposed and managed security, you will produce a sense of false security and 'crowd out' the only distributed security - the individual and in the society.

Bruce Schneier has a view essay in Wired about how all the money spent on security to turn the country into a fortress may make us feel better, but it doesn't make us any safer. As most readers of this blog will know, Bruce Schneier is CTO of Counterpane Internet Security and author of Beyond Fear: Thinking Sensibly About Security in an Uncertain World.

Many of the security measures we encounter on a daily basis aim pinpoint the bad guys by treating everyone as a suspect. The Department of Homeland Security counts on technology to come to our rescue: databases to track suspected terrorists, facial recognition to spot them in airports, artificial intelligence to anticipate plots before they unfold. But that creates a problem similar to the one you see when airport security screeners waste their time frisking false alarms. Terrorists are so rare that any individual lead is almost certainly a false one. So billions of dollars are wasted with no assurance that any terrorist will be caught. When an airport screener confiscates a pocketknife from an innocent person, security has failed.

...

Security always involves compromises. As a society we can have as much protection as we want, as long as we're willing to sacrifice the money, time, convenience, and liberties to get it. Unfortunately, most of the government's measures are bad trade-offs: They require significant sacrifices without providing much additional safety in return. And there's far too much "security theater" - ways of making people feel safer without actually improving anything.

A lone (or so it often seems) voice of sanity and common sense - just what I needed to get me through today...

The General Accounting Office warned today that the Transportation Security Administration's high-tech system to screen airline passengers for terrorist connections faces significant testing and deployment delays, which could affect the program's ultimate success.
According to a report by the GAO, the TSA has not only fallen behind in testing the new Computer-Assisted Passenger PreScreening System (CAPPS II), but also has yet to fully identify all of the functions it would like the system to perform. In addition, the TSA has not yet completed work on at least seven key technical challenges that could stand in the way of the system's final deployment.

These issues, if not resolved, pose major risks to the successful deployment and implementation of CAPPS II.

There are other significant issues facing U.S. airport security, according to a former top Israeli airport security official and the director of security at Virgin Atlantic Airlines. According to these officials, who spoke Tuesday during an online Terror and Technology conference sponsored by IDPartners LLC, the U.S. runs a major risk by focusing too much on information technology and other high-tech solutions to uncover terrorist plots against airports and airlines.

Rafi Ron, president of New Age Security Solutions and the former head of security at Ben Gurion Airport in Tel Aviv explains that the terrorist threat against airlines is a relatively new experience in the U.S.

There is a tendency to solve problems through the use of technological means. Focusing on technology sometimes makes you lose your overall perspective. That can lead to unbalanced planning, unbalanced investment and misuse of funds.

Rather than rely on IT systems for the bulk of security monitoring, Ron said airport authorities should use personnel training programs in behavior pattern recognition, which has been highly successful in Israel.

Behavior analysis can fill the gap of a purely technological approach. Technology is not yet good enough to provide us with a 100% solution.

College student Lara Hayhurst was not prepared to let officials treat her little pet like Osama 'fin' Laden... Forgive the pun but the story is quite funny, well, mainly because she got away with it.

The BBC reports that planned new powers for dealing with a major terrorist attack and other big emergencies are unveiled today. Ministers have already published drafts of the new laws, which were criticised by an influential committee of MPs and peers for putting human rights at risk.

They fear that unless the Civil Contingencies Bill contains suitable constraints its powers could be abused by a future government. Civil rights campaigners want the new powers to be more strictly defined.

Summary of key power in draft bill:

1. Ministers will be able to bypass Parliament to make emergency regulations
   
2. Police will be able to ban public gatherings, impose curfews, seize property
   
3. The Human Rights Act could be suspended

A parliamentary committee set up to look at the plans said they had "potentially dangerous flaws". The Committee chairman Lewis Moonie said his main concern was over human liberty and rights because the terms used in the bill were "too vague".

The basis under which the government could take these powers to itself - the way in which government defines an emergency - I think is the first concern. If they listen to us, as I'm pretty sure they will, they should have changed the terms on which this is done and made it much more explicit how they take these powers in the first place.

Dr Moonie, a former defence minister warns:

We should not put such power into the hands of anybody without suitable constraints.

Truer words are rarely spoken by politicians.

Full text of the civil contingencies bill here (pdf). Via the Guardian.

Here is Liberty's response to the government's civil contingencies bill.

Whenever the authorities try and vote themselves greater powers, there is a need to be cautious and sceptical. By reinstating the courts' powers to consider human right abuses under these laws, the government has made an important concession.

And Statewatch has a detailed commentary on the issue:

The concessions made by the government in no way change the fundamental objections to this Bill. The powers available to the government and state agencies would be truly draconian. Cities could be sealed off, travel bans introduced, all phones cut off, and websites shut down. Demonstrations could be banned and the news media be made subject to censorship. New offences against the state could be "created" by government decree. This is Britain's Patriot Act, at a stroke democracy could be replaced by totalitarianism.

Cards on the table. The bosses of this blog are out of town, and although they may be able to stick stuff up here from time to time, they may be distracted. I'm one of the people they hope will keep things buzzing in their absence. So I googled a few obvious things like "surveillance" and "privacy" and got little that was new, and then I tried "Freedom versus Security", and got to this piece at Mr Blog, from way back in August.

Mr Blog has this to say on the matter:

Defining the debate as "freedom versus security" circumvents the question of whether the various proposals, in fact, improve security. Where is the evidence for this assumption that any of these measures can help ensure security?

He then attacks various supposed US security measures on cost effectiveness grounds. This critique is good as far as it goes. Indeed we do not want to hand on to our grandchildren a society bankrupted by a million futile security measures which weren't. That's true.

But I think Mr Blog is making a fundamental error of omission here. The really big consequence of framing things as "freedom versus security" is to smuggle past you the notion that "freedom" can never ever be any good for "security". Yet plainly it can.

If the populus is numbed into a state of brainless inertia by laws that take away their freedom, and which simultaneously promise to create security, then a major source of security, in the form of individuals protecting themselves and each other, may be switched off, and by the very measures which were supposedly going to make us all more secure. The "cost" of "security" measures isn't only that they cost us a ton of money, or even that they cost us freedom. What if, by costing us freedom, they also reduce security? That's the biggest problem with framing this argument as "freedom versus security".

As I have probably said here before, this debate reminds me of the Economic Calculation debate of a hundred years ago, and Mr Blog is just like one of those anti-economic-planning grumblers of days gone by who complained that planning would be more of a muddle and less of a spur to prosperity than pro-planners fancied, and that it would eat up our freedoms to insufficiently good effect. But that was to miss the vital point about prosperity, which was that in order to get it, you had to have freedom. No freedom, no prosperity.

What if security is the same? No freedom, no security. I think it is, and I think that's true. And I want some latter day Von Mises to write a huge book which proves it.

Mr Blog's error is all the more distressing because he frames the question so clearly.

The BBC reports that US Attorney General John Ashcroft has launched a strident defence of the controversial Patriot Act, saying it was the government's responsibility to defend Americans in any way it could.

Mr Ashcroft highlighted support for the Patriot Act given earlier by members of Congress and the website lists quotations from members of both parties supporting the legislation, almost wholly dating back to October 2001 when it was introduced.

But since then dozens of cities and counties across the country have approved resolutions criticising the Patriot Act and various lawsuits have been brought to declare it unconstitutional.

Even the Republican-led House of Representatives has become involved in recent weeks, striking down "sneak-and-peek" rules which allowed government agents to search private property without telling the owner.

Other controversial areas - such as agents being allowed to scrutinise people's library records without showing what crime they believe could be being committed - still stand despite challenges.

White-Rose-relevant comments from Jim of Jim's Journal about Homeland Security:

Now I happen to have a lot against Bush ... besides the fact that I did not vote for him in 2000 and the only good thing I could think of to say about him then was that at least he wasn't Al Gore.

I don't think highly of his handling of national security – within the United States – that is, this ridiculous bureaucratic monstrosity called Homeland Security, headed by that total jerk Ridge. (What's that matter with Ridge? Well, here's just one thing, but it shows how wrong he is ... He wants to use Homeland Security to track down child porn peddlers and Internet perverts. My goodness, how could there be anything wrong with that? Well, what does that have to do with national security? We have a multiplicity of police forces to handle ordinary crimes. Homeland Security was supposed to be about protecting us from terrorists, you know, 9/11 ... So if the terrorist problem is so under control that he has to go looking for other jobs to keep his minions busy, well let's just save a few billion dollars and dissolve his agency instead.)

Indeed, but that of course is not how these things work. Once an "agency" is set up, it mmediately goes looking for other stuff to do as well, and hence in the fullness of time, potentially, instead.

Principles, once conceded in one policy area immediately go wandering, often in the form of the very agency that embodies the original concession.

There was an Interesting article by former CIA Director James Woolsey in the Guardian over the weekend, about "World War 4". The White Rose relevant paragraphs, so to speak, are these ones, I think:

Liberty and security

If that is who is at war with us and why, what do we need to do about it, both inside our own countries and in the Middle East? Inside the US, during the Cold War and the decade of the 1990s after it, we became very used to the proposition that liberty and security do not conflict, that we do not need to worry about that. Liberty we had plenty of, or as much as almost any reasonable, modern society could, and security was something that the navy, the Central Intelligence Agency and so on dealt with overseas. September 11 rather changed that.

The US at least has to understand that for a number of years we will have to face conflicts between liberty and security that did not occur before. We really did have people who were legally in the United States training in aircraft simulators to work out how to kill thousands of Americans. There really were terrorist cells in places like Lackawanna, Pennsylvania.

So we are going to do things that are effective against terrorism, and which may involve steps like special scrutiny of Wahhabi-backed charities, for example, that would not have happened prior to September 11. We also have to realise who we are. We are not a race or a culture or a language. We are creatures of fourth US President James Madison's Constitution and his Bill of Rights. We can never forget that.

These two conflicting concerns - security and liberty - are going to be with us for a long time. They will conflict in ways they did not appear to before September 11. We have to choose wisely and remember both. We cannot forget the need to be effective, not just politically correct, in the way we deal with the real threats to us. We also cannot forget the Bill of Rights.

This is the X is important BUT argument. The "but" turns everything before it upside down. So look out X, which in this case means look out liberty.

I'm not saying that this man is totally wrong. I'm just saying: he's saying it.

Bruce Schneier is an expert on technical aspects of electronic security. His book Applied Cryptography is considered the "bible" for people implementing cryptography based security, privacy, and authentication systems.

Having written this book in 1995, the subtext of which was that technical solutions could solve many or all of our privacy and security issues, Schneier slowly became more and more conscious of the fact that the weaknesses in security or privacy systems were the result of human rather than technology failure. It wasn't so much the systems themselves as the way the systems were used and relied upon that determined the quality of security and privacy. In particular, blind faith in technology was extremely dangerous, both in terms of making people overconfident that systems would always work correctly, and in terms of adding additional layers of unnecessary inflexibility and bureacracy. Schneier then wrote another book Secrets and Lies: Digital Security in a Networked World discussing essentially how security systems should be established so as to be actually secure. Probably the most important point was that human systems have to be flexible and intelligent. Simply requiring ID of everybody is not especially useful without human beings constantly asking the question of why ID is being asked for. Plus this type of system is predictable, and holes in it are easily found. And it needlessly invades people's privacy.

In any event, Mr Schneier writes a monthly newsletter discussing these types of issues, which is at least partly aimed at publicising his consultancy business. This month's issue has some very interesting thoughts on just how we should deal with organisations - government and non government - that needlessly invade our privacy for asking for identification and recording excessive information about their customers. An extract

I had to travel to Japan last year, and found a company that rented local cell phones to travelers. The form required either a Social Security number or a passport number. When I asked the clerk why, he said the absence of either sent up red flags. I asked how he could tell a real-looking fake number from an actual number. He said that if I didn't care to provide the number as requested, I could rent my cell phone elsewhere, and hung up on me. I went through another company to rent, but it turned out that they contracted through this same company, and the man declined to deal with me, even at a remove. I eventually got the cell phone by going back to the first company and giving a different name (my wife's), a different credit card, and a made-up passport number. Honor satisfied all around, I guess.

It's stupid security season. If you've flown on an airplane, entered a government building, or done any one of dozens of other things, you've encountered security systems that are invasive, counterproductive, egregious, or just plain annoying. You've met people -- guards, officials, minimum-wage workers -- who blindly force you to follow the most inane security rules imaginable.

Is there anything you can do?

In the end, all security is a negotiation among affected players: governments, industries, companies, organizations, individuals, etc. The players get to decide what security they want, and what they're willing to trade off in order to get it. But it sometimes seems that we as individuals are not part of that negotiation. Security is more something that is done to us.

Our security largely depends on the actions of others and the environment we're in. For example, the tamper resistance of food packaging depends more on government packaging regulations than on our purchasing choices. The security of a letter mailed to a friend depends more on the ethics of the workers who handle it than on the brand of envelope we choose to use. How safe an airplane is from being blown up has little to do with our actions at the airport and while on the plane. (Shoe-bomber Richard Reid provided the rare exception to this.) The security of the money in our bank accounts, the crime rate in our neighborhoods, and the honesty and integrity of our police departments are out of our direct control. We simply don't have enough power in the negotiations to make a difference.
...
It would be different if the pharmacist were the owner of the pharmacy, or if the person behind the registration desk owned the hotel. Or even if the policeman were a neighborhood beat cop. In those cases, there's more parity. I can negotiate my security, and he can decide whether or not to modify the rules for me. But modern society is more often faceless corporations and mindless governments. It's implemented by people and machines that have enormous power, but only power to implement what they're told to implement. And they have no real interest in negotiating. They don't need to. They don't care.

But there's a paradox. We're not only individuals; we're also consumers, citizens, taxpayers, voters, and -- if things get bad enough -- protestors and sometimes even angry mobs. Only in the aggregate do we have power, and the more we organize, the more power we have.

Since the atrocity of Sept. 11 some have argued that it is necessary to restrict freedom in order to protect ourselves from terrorism while others have argued that to give up freedom for security is to destroy the thing we are fighting to defend.

This is false dilemma. Individual liberty is not a threat to our security. It is or ought to be an integral part of our security system. To illustrate this point look at the bill of rights, the first ten amendments to the Constitution. The first amendment which protects free speech, freedom of the press and freedom of religion adds to our security in two ways.

First, it largely protects us from internal religious conflict. Because the state is forbidden to interfere in private religious matters, religious groups are not in constant conflict to impose their beliefs on each other. Thus we have been mostly spared from having home grown religious terrorists.

Second, by protecting freedom of the press the first amendment increases the probability that our nation will have a winning strategy in the war on terrorism. In any country the number of people in the defense and foreign policy bureaucracy is limited. Moreover many intelligent people interested in defense and foreign policy will not join the government agencies because of the bureaucratic regimentation. In the absence of freedom of the press, only the thinking of members of these bureaucracies could shape our foreign policy. With freedom of the press the ideas of thinkers outside the bureaucracies are available for consideration by the decision makers. Thus the total brain power brought to bare on security questions is vastly increased and the probability of our adopting a winning security strategy is increased.