This article can also be found in the Premium Editorial Download "Information Security magazine: Nine tips to guarding your intellectual property."
Download it now to read this article plus other related content.
Point A lot of my security practitioner buddies are always keeping their ears to the ground for the distant tread of jackboots and their eyes peeled for other signs of the incipient arrival of Big Brother. Now, these are smart, well-educated people--no questions there--but you need to keep things realistic before you break out the tinfoil hat.
Take, for example, RFID. A lot of people (including you, Bruce) are wringing their hands about the potential that bad guys will be able to RFID-snoop our passports and learn our private information. Or maybe that Big Brother will be able to track our whereabouts once we're RFID-tagged. Since you're always talking about weighing risks, let's be realistic for a moment: What's the likelihood your private information is going to get leaked to an RFID sniffer, as opposed to being left on one of the plethora of laptops that federal agency employees appear to lose every week? What's the likelihood Big Brother is going to track you using RFID, versus the likelihood that every hotel is turning over its guest data to some federal agency? By the way, I'm not saying they are--I rather doubt it, because if the feds were collecting that data, someone would have lost it on a laptop by now.
Another Big Brother scare I just can't understand is e-voting. Am I concerned someone is going to steal an election by jiggering the e-voting machines? Of course not! They'll steal the election the traditional way--manipulating
Why worry about Big Brother abusing a national ID system when you can worry about the hundreds of millions of dollars the Department of Homeland Security has spent failing to implement a biometric day-worker pass system for our border with Mexico? Why worry about a Big Brother with huge databases about everyone when you can worry about the decade-long billion-dollar failure of the FBI to get Virtual Case File working? To build a totalitarian state, you need lots of low-tech--effectively and ruthlessly applied. Security practitioners who are worried about Big Brother whenever they see new government technology ought to take off their tinfoil hats and instead worry about mission creep, cost overruns and expensive failures.
Can you imagine what the Department of Big Brother would be like? If it had started in 1984 like it was supposed to, it'd probably have just switched most of the agency email off AOL to its own outsourced private service--after incurring massive cost overruns and having its mail server compromised by a 9-year-old hacker. If the president ordered the Department of Big Brother to jigger the e-voting machines in Florida to rig the 2008 election, it'd never work. By the time it had gotten the first couple implementations specified, implemented and tested, it would be 2016, and by then, the e-voting machines wouldn't be running Vista any more and it'd need to start over. Obviously, I'm kidding around here, but anyone who thinks Big Brother is a problem is overestimating the competence of our government. Me? I'll only worry about Big Brother if the fed starts hiring the guys who built Amazon, Google, eBay and Yahoo!
This was first published in May 2007