Hacker News new | comments | show | ask | jobs | submit login
Schneier removed from TSA oversight meeting at TSA request (schneier.com)
630 points by zdw 1558 days ago | past | web | 96 comments



There used to be an old, old joke on slashdot. Whatever the topic, somebody would say "I, for one welcome our new X overlords"

I, for one, welcome our new security overlords.

For some reason, it doesn't sound as funny anymore.

There was a story recently about how all sorts of various agencies now want their own drones to watch the citizenry as we go about our normal lives. I'll never forget an interview the reporter had with a Congressman. His basic stance was something along the lines of "Boys will be boys. This is just all sorts of other agencies wanting to get in on the UAV bandwagon."

My point is this: I don't think our elected representatives take any of this very seriously at all, no matter what they might say during an election or on TV. I don't think it bothers them for one second that the TSA gets to pick it's own witnesses for each day, or that gradually we're turning into a security state. I just don't think it really registers on their radar.


I found the comment that points out that having both parties in the same hearing who are under oath and currently engaged in a lawsuit, might find themselves making statements or responding without the benefit of having their counsel present. Then one might turn around and subpoena that testimony into the lawsuit and add it in as evidence, fairly compelling.

That being said, it is how the game is played. If one of your representatives are on the committee I would recommend writing them a note, or calling their office, to express how you think they should oversee the activities of the TSA.

One of the issues which needs more coverage is that Security Theatre is not 'harmless mostly, possibly helpful' it is in fact 'harmful mostly, possibly helpful'. This sort of theater cuts into business productivity, makes folks on the planes grumpier, causes millions of dollars in losses when folks miss planes, and erodes the citizens trust in their legitimate law enforcement agencies. It is not harmless, it is harmful and that message needs to get to Congress.


Actually, I'm pretty sure there's no compelling legal reason for the TSA to do this. If what the TSA says is admissible in a later trial (which it likely would be[1]), it will be admissible whether or not Schneier is present at this hearing. The legal angle would explain why Schneier wouldn't want to testify, but he's apparently game.

Coming from the TSA, it amounts to "we are afraid to face questions from someone who will know enough to ask hard questions." Which I agree is unsurprising, but it's not exactly a compelling defense of their position.

[1] Under, for example, Rule 801(d)(1)(A): http://www.law.cornell.edu/rules/fre/rule_801


> Actually, I'm pretty sure there's no compelling legal reason for the TSA to do this. If what the TSA says is admissible in a later trial (which it likely would be[1]), it will be admissible whether or not Schneier is present at this hearing.

The thing is that what they say changes depending on whether there are hard questions asked or not.


If they're both in the same Congressional hearing, Bruce can ask them pointed questions which they would be compelled to answer. This means he could theoretically ask them questions that pertain to the lawsuit that they would then have to respond to, without the benefit of counsel, as they say.

I still think it blows ass, and it's a cheap maneuver to keep the mongoose out of the snake pit.


What power do you think Bruce has to compel them to answer questions?

It's up to Congress whether the TSA is forced to answer a question, and Bruce Schneier is not a member of Congress, he was just going to testify before them. He has no special power over the TSA.


He has the special power where he can formulate and present a question that is intriguing enough so that Congress might break out of their daydreams about what it was like being a kid in the 20s and how these people just sit here and bitch when they really got it so easy long enough to think, 'hey, this scraggly looking feller has a good question. Maybe we should make the TSA answer this one since it sounds intelligent and we can't understand it, rather than trying to come up with questiosn of our own.'


if that is true than no TSA rep involved in the lawsuit can also appear before congress..I mean common use some logic please!

The TSA excuse for exclusion is sham in of itself


The problem is having parties on both sides of the lawsuit present, and the hearing is about the TSA, so they can't very well be removed.

If you're going to accuse people of failure to use logic, using a little yourself wouldn't hurt.


Hmm,

If the topic of the lawsuit is going to be discussed, then the invited TSA agent's testimony at the hearing could be relevant to the lawsuit regardless of whether Schneier is there. If the topic of the lawsuit is not going to be discussed, then everything is OK. Remember congress people will do the questioning, not Schneier or Schneier's council. Perhaps Schneier's mere presence could inject some lawsuit-related questions (using a zero-day legal flaw the congress-testimony process, perhaps?) but this possibility seems remote.


I thought the overlord joke was from the Simpson's, but it turns out that they got the idea from 70's high camp: http://knowyourmeme.com/memes/i-for-one-welcome-our-new-x-ov...

More on topic: I believe that one of the main reasons why they don't take it seriously is because they are literally above the law here. They don't have to go through the same process that ordinary travelers do. I can't find an authoritative source, so either all of Congress or only those senior members traveling with a security detail are exempt, but either way, those in charge don't understand the full impact it has on ordinary people's lives.


Not true. Here's one famous case: Senator Kennedy was on the no-fly-list for a while, so security theater applies to congress members as well as you. (http://www.washingtonpost.com/wp-dyn/articles/A17073-2004Aug...)


so security theater applies to congress members as well as you.

Not so much ...

"Homeland Security Secretary Tom Ridge finally called to apologize about the mix-up, and the delays stopped in early April, Smith said."

If you, or I, got on the no-fly list I doubt the head cheese would call up and offer an apology.


Rep. Jasn Chaffetz famously got into a big fight with TSA when he was asked to go through the millimeter wave scanner, having just previously embarked on a fight to get rid of them.


They presumably weren't always above the law and, one would hope, remember the pains of the TSA.


It's only because currently the politicians belong to a "protected" class that do not have worry over such policies, they are above them. But as history shows, eventually most of these protected class will find themselves in the same boat as the rest of us and suddenly they will care. But by then it will be too late.


http://knowyourmeme.com/memes/i-for-one-welcome-our-new-x-ov...


we're turning into a security state

This kind of thinking is dangerously misguided. You're not "turning into" a security state, you are a security state. "Freedom of speech zones" and all the other newspeak bullshit, the OWS crackdown, SOPA, ACTA, etc., to name but a few, are not stepping stones on the path to tyranny. They are tyranny. You guys have already arrived. You're there. And your society will not be able to do anything about it until it realizes this.

So quit talking as though it's something that's going to happen if you're not really careful, and start talking as though it has already happened and something needs to be done about it.


I've had a few drinks, so this may come back to bite me in the ass one day, rather than show my usual constraint, but:

Hell yeah. They have had the right to read the subject lines of emails for decades they have been listening in on conversations since the Patriot Act. It's at the point where I, as a Canadian, have vowed not to take a flight into the states due to privacy (both in terms of fingerprints as well as those stupid scanners) until the law changes.

This is starting to impact peaceful, intelligent people. It isn't showing the economic ramifications yet, but it will 10 to 20 years from now. The smart people from Canada (and, presumably, the rest of the world) don't want to come anymore. The US can suffer this in the short term, but in the long term, especially with long term obligations like SS and Medicare/Medicaid, it cannot.


You are too late. The smart people already do not come to the United States. The smart people are cancelling their US passports. Capital is not entering the USA. This type of work puts bread on the table for me. I'm in Dubai right now meeting people who need to encapsulate and neutralize the US-caused problems in their lives. Last week I was in Indonesia.

The world a big world. Someone can live a good life and become a billionaire without touching the USA. The US risks declaring itself irrelevant through its treatment of isitors and investors. And through the entirely execrable FATCA.

I remember growing up as a boy in Africa how the pound sterling went from reserve currency status to "who cares" by a series of lackluster Prime Ministers in Britain. The same is happening in the US.


Hadn't heard about FATCA, so I googled it up, it sounds bad:

http://en.wikipedia.org/wiki/Foreign_Account_Tax_Compliance_...

"As a result of FATCA, European banks such as Deutsche Bank, Commerzbank, HSBC, and Credit Suisse have been closing brokerage accounts for all US customers since early 2011 citing "onerous" US regulations, which FATCA will make more complex when it goes into effect in 2013"

Reported by Der Spiegel (which I expect to be a reputable source).


I think we need a new hierarchy of needs, and privacy is going to be on the bottom for most people.


Sent Jason Chaffetz (my representative) the following email:

Disgusted With The TSA

I was looking forward to seeing the TSA respond to Bruce Schneier's criticisms in the Oversight Committee meeting today. He is one of the world's experts on security. The news that he was dismissed from the committee makes me think the TSA is much less interested in actual security than in their own appearance, which fits the definition of security theatre very well. Please hold the TSA accountable for their gross misuse of power. Please make them answer to actual security experts on their policies. Thank you very much.


Phone calls and real mail are supposedly more effective.


I found it quite illuminating to peruse the list of the shills^H^H^H^H^H^Hwitnesses who are going to be allowed to testify:

Christopher L. McLaughlin, Transportation Security Administration, Assistant Administrator for Security Operations

Stephen Sadler, Transportation Security Administration, Assistant Administrator for Intelligence and Analysis

Rear Admiral Paul F. Zukunft, U.S. Coast Guard, Assistant Commandant for Marine Safety, Security & Stewardship

Stephen M. Lord, U.S. Government Accountability Office, Director, Homeland Security


Quick clarification: Stephen Lord doesn't work for DHS, he works for GAO, which is an agency established by Congress to maintain, as the title says, "government accountability". His jurisdiction is over DHS. This isn't to say he's a good guy, since GAO is mostly bean counters, but there it is.


When the GAO issues a report saying that your department is ineffective, people listen. They may be bean counters, but they are fairly well respected bean counters. The reports that I have read really help identify problems in government entities.


(meta comment - downvote so it doesn't appear in the discussion)

Kill the name calling. We all agree on the ethical standing of these peeps. No need to state it, let's keep HN authoritative and professional. Great list of the witnesses though - really eye opening as to who they allow in.


The committee membership is here:

http://oversight.house.gov/committee-members/

That's over 20 different states represented there, so odds are good you can contact one of the members and be listened to. Let 'em know this is bullshit, and that if we're going to spend money on security, it shouldn't be on theater.


Thanks for the link. I just emailed my representative on the committee.


Send a physical letter -- it has far more impact, especially if handwritten.


Why is Schneier presumed to be the most effective critic of the TSA? The body scanner program in particular has been roundly criticized by civil libertarians (both conservative and liberal), has generated credible concerns from professional scientists as to health risks, and has been repeatedly demonstrated by physical security experts to be ineffective.

Schneier is an effective writer, particular when his audience comes with built-in respect for his accomplishments, but his broad disdain for virtually all of airport security† probably reduces his effectiveness in making a case to the wider public. He's easy to caricature, and traffics professionally in an image of "security muckraking" that suggests he'd oppose the TSA no matter what it does.

A disdain I share, mind you.


Schneier is effective because he tells a different side of the story from most. The civil libertarian angle is already pretty well covered. People take it as a security versus liberty tradeoff and the population has, in general, resoundingly chosen to favor security. I don't think there are any new arguments to be made there. The civil libertarians will say that this stuff is bad, the TSA will say that it's necessary to keep us safe, and nothing will really happen.

Schneier is different because he's an expert in security and he lays out just why the TSA's approach is bad security. Not because it infringes on liberties, but because it's just not effective, and the money could be used more effectively. This approach is, I believe, the only way to convince an unreasonably frightened American public to back change.


Schneier has less expertise in airport security than other professional security and law enforcement people who also disagree strongly with the TSA's approach to airport security.

My point isn't that "it's bad security" is a losing argument; my point is that Schneier isn't the only qualified person making that argument.


If a half-dozen more qualified individuals step up to make the same arguments, perhaps the inclusion of Schneier would prove redundant. I don't see those people lining up to make those arguments, and I see plenty lining up to defend the current state or try to make it worse.

It also helps to hear from someone who starts from the perspective of "only do things that work and are worth the cost", rather than someone who starts from the perspective of "do anything that could possibly make a difference, it couldn't hurt (given that we don't place any value on anything other than security)".


When you get down to it, there are broad and poignant parallels between airport and computer security, and similar problems with each. Both fields have tried and true, yet difficult-to-implement best practices (well-trained screeners a la Israel, and operational security such as "don't open that shady email"). Both industries suffer from a proliferation of charlatans, and both industries have customers who are more concerned with the appearance of doing something useful, than going through the pain of implementing actually useful best practices.

Schneier's as well-qualified as any to speak to the stupidity that pervades both industries.


That may be true, but Schneier is also a good figure head for a vocal minority. Schneier may be able to throw around his weight better, or may be more skilled at debating the broader issues.


"Schneier is different because he's an expert in security and he lays out just why the TSA's approach is bad security."

My question is how did it happen that Schneier was invited in the first place to testify? Did he propose it to them and got picked (and now withdrawn)? Did congressional staffers choose him?

"Schneier is different because he's an expert in security and he lays out just why the TSA's approach is bad security."

Expert compared to?

He's been quoted and he is well known. But I've been quoted and I'm well known in what I'm good at. But there are others who know what I know. But they aren't as good at promotion as I am.


> Why is Schneier presumed to be the most effective critic of the TSA?

I don't think he is presumed to be the most effective critic of the TSA. I think the problem is that he would have been the only critic of the TSA to speak before the committee.

(http://oversight.house.gov/hearing/tsa-oversight-part-iii-ef...)

Mind you, the chair's comment seems scathing.

> The work of our two Committees has documented a recurring pattern of mismanagement and waste at the Transportation Security Administration. Add to this an unending string of video clips, photographs and news reports about inappropriate, clumsy and even illogical searches and screenings by TSA agents. Americans are right to demand answers from TSA about the return on investment of their tax dollars.


TSA, TSA, Coast Guard, DHS.

If you showed me a witness list that read:

TSA, TSA, Coast Guard, Schneier, DHS

... I would suggest that the purpose of that hearing was to set up Bruce Schneier.


Quick quibble: the last guy is GAO, not DHS, as I explained here: http://news.ycombinator.com/item?id=3758730


Who would be a good witness to talk about security theatre? Do you have any people in mind?

I agree that it would be a shame if the evidence was presented "sloppily" allowing TSA room for wiggle.


Because Schneier in particular has shown numerous weaknesses in airport security systems. And what you've described as "disdain" amounts to treating airport security like any other kind of security system, evaluating it critically, and correctly realizing that it has almost zero value, a huge cost (in both money and time), and a huge impact on civil liberties.

In other words, he has very effective criticisms, which makes him unsuitable for hearings designed to publically demonstrate a lack of effective criticisms.


This comment basically presumes that I disagree with Schneier and that the way to rebut my point is to re-argue what Schneier has argued. But I agree with Schneier, as do I think most people --- particularly security-minded people --- who pay attention to the TSA. My point is that Schneier has a lot of credibility with nerds and a lot of credibility with Jeffrey Goldberg but perhaps not as much credibility elsewhere as, say, an FBI agent who also disdains the TSA.


Not trying to rebut your point, just answer the question you posed. I don't think anyone has assumed that Schneier represents the most effective critic, just someone with reasoned and thoroughly correct arguments, and background in a relevant field. I agree that Schneier's voice may not carry the most weight, but that just suggests the need for more voices.


>Why is Schneier presumed to be the most effective critic of the TSA?

It has less to do with whether he's the most effective critic of the TSA and more to do with whether he's the most effective critic of the TSA who is [was] going to be present at the hearing. All the qualified scientists and concerned LEOs in the world aren't going to do us any good if Congress doesn't listen to them. The hearing is already heavy on shills and light on saints, we need all of the voices we can get.

It would be cool if you (or anyone) could list a few people who might be really convincing, and we might be able to get them to contact Congress -- it's too late for this hearing, tho'.

With that said, this narrative about the TSA getting Schneier removed from the hearing is helpful to the cause, since it exposes the TSA's nasty manipulative tactics, so I'll be sharing this link around, and I hope you'll join me.


> Schneier is an effective writer

He also has technical credentials a mile long.

In truth, this is an outrage.


None of those technical credentials involve airport security.


Not that this matters to the general public, but it seems to me that general security knowledge should be applicable to airport security. In other words, there's nothing that makes airports special.

It seems rather like refusing to listen to a janitor talk about cleaning airport floors because he's not an "airport janitor."


Strong disagree. Experts at airport security might for instance:

* Have intimate knowledge of the kinds of day-to-day security events that actually occur in airports

* May be intimately acquainted with security incidents and interdictions that haven't been reported on in the media

* Might have detailed knowledge of the processes by which various types of employees gain access to airport facilities

* Might have detailed knowledge of the monitoring and surveillance systems employed within the airport

* Might have detailed knowledge of specific vulnerabilities to airplanes or fueling systems or other airport facilities

I bring this up because there are people who know this stuff who have been vocally opposed to the TSA. For instance, FBI Counterterrorism Agent Steven Moore. Or: an even better figurehead than Schneier: former counterterrorism "czar" Richard Clarke.


Here's a transcript of Schneier's interview with a TSA official: http://www.schneier.com/interview-hawley.html

It's extremely telling. Schneier does know about the issues, and the TSA official, IMHO, totally fails to substantially counter any of his arguments. Of course, you should read it yourself to form your own opinions.

Sure, someone who works at an airport might know about details we or Schneier don't know about. Well, then, great. They should tell us. They haven't.

I'm not arguing against the inclusion of other experts, whether in addition to or as a replacement for Schneier. Other experts are great. But they aren't being included either. The question here seems to be "include opposition" vs. not. It's not "include Schneier" vs. someone else instead.


I don't disagree with you that Schneier may not be the most ideal representative of the opposition to the TSA. I'm simply saying that, to a well-informed congress, in an ideal world, Schneier's word should still count for something.

Edit: I'll also add that detailed knowledge of airport security systems isn't strictly necessary to argue against the TSA if general knowledge of common security principles is enough to prove the inadequacies of their methods.


Airports are not that special relative to bus terminals, train terminals or perhaps any public venue where the "bits" are actual people. So someone who had experience in providing security at a large public venue would have skills applicable to airport security.

But computer security (knowledge of cryptography, hacking etc with the exception of perhaps "social engineering" ) really is a different animal.

A secret service agent who knows nothing about the bulk of what Bruce knows about most likely would be better qualified to evaluate threats based on their specific training and experience.


I would argue that a top-tier computer security expert would be better qualified to comment on physical security issues than a top-tier physical security expert would be on computer security issues. This is because computer experts are required to think in terms of abstractions and similarities, thus a computer security expert would be better equipped to apply abstract lessons learned while defending a computer system to physical security.

Schneier in particular, however, seems to have studied physical security well enough to comment on it without having to use an abstract map from computer knowledge to the real world.


Would you volunteer?


From his bio, I would reduce his mile long credentials to the following:

- wrote a best seller "applied cryptography"

- wrote "secrets and lies" (not a best seller)

- wrote "beyond fear"

- wrote "schneier on security"

- publishes a monthly newsletter

- chief security officer of bt.com

The rest of the bio:

http://www.schneier.com/about.html

...essentially amounts to what publications and others think of him as a result of what he has done (above) I'm guessing. What I would call "assumption of legitimacy".

"Described by The Economist"

"Described by Wired"

"Called by Fortune"

"Regularly quoted in the Media"

"Testified on security before Congress"

"Written op eds for major publications"

"crypto gram has 150,000 readers ..."

Now I don't know enough about security and haven't read any of his writings to independently know whether Schneier is an expert or not. And I'm also guessing that many of the media and others that give him credibility also don't know.

After I was quoted in major media everyone else came out of the woodwork and wanted info from me on what I know about. That of course doesn't mean I am not qualified. But it's really not that hard to get the ball rolling on being an expert once the ball is rolling.


While unsuitable for a bio, it is also worth noting that his algorithm is one of the five finalists for the ongoing NIST SHA3 competition. This is further than Dan Bernstein's algorithm went.

He is also the author of blowfish, which is the basis of bcrypt, which you may have heard people preaching about on HN.


It's unfair to compare Skein (designed by a 8 people team, most of which more active in the field than Bruce), to CubeHash, solely designed by Dan.


I wasn't actually trying to suggest that Schneier is better than Dan, just trying to convey that he isn't just some blogger/author that blows hot air. He has technical accomplishments at least roughly on par with those in his field.


Note that BLAKE, another SHA-3 finalist, is based on DJB's ChaCha permutation.


> From his bio, I would reduce his mile long credentials to the following:

Why did you ignore his time at Bell Labs? Or in the DoD?


Not seeing that here?

http://www.schneier.com/about.html

Although now I see it on this page:

http://www.schneier.com/news-096.html

"My first job after college was with the Department of Defense. Years later, I was laid off from AT&T Bell Labs"

The DOD job was out of college. "laid off" from Bell Labs doesn't offer a time line.

But most importantly it doesn't appear on his own "about" page so for whatever reason while he is highlighting other things he is not drawing attention to that.


He is a expert witness. One of the more renown security experts. He's not "making a case to the wider public". He is testifying before a congressional committee (or would have been).


Why is Schneier presumed to be the most effective critic of the TSA?

Who is presuming that?


Can you point me to any of these caricatures? Are you sure we're all talking about the same Bruce Schneier?


Here are a bunch, some better than others: http://www.schneierfacts.com/


Haw.


Is there a list of other people the TSA is not allowing to testify? I would say the TSA has just given Schneier a pretty solid endorsement.


I probably shouldn't be disappointed, by now, that the TSA continue to live up to the reputation that they have around here. The agency is pretty much a pure creature of cognitive bias at this point - of sunk cost fallacies, of the desperate impulse to cover one's own ass, of irrational fears and irrational responses.

I flew over the weekend. I reached a bit of a breaking point about taking the TSA seriously when I heard one of the screeners refer to a contraband item (a bottle of water) in luggage as a "party foul." Everyone but the higher-ups knows that it's an absolute farce and a waste of money. It's a great example of why the tops of hierarchies should _not_ be insulated from the consequences of their decisions - rather, the opposite.


What is the point of an oversight hearing if you refuse to let your top critics testify?


Theater, of course.


When I heard Schneier had been invited I actually thought the government was going to take this seriously.

Obviously this is now going to be just another whitewash. sigh


I couldn't find a peep about the meeting in TSA's blog. I find it ludicrous that they can boot a top tier expert without enough time to replace him by anyone that could bring similar points to the discussion.


I think you're confused. Their blog is not an information-dissemination service, it is a marketing instrument.


You would've gotten the same message across without also insulting vgnet by omitting that first sentence.


He's not actually insulting him. The first sentence is ironic, because vgnet isn't actually confused, he just has reasonable expectations. It actually serves to further insult the TSA, and is a fairly common phrasing in these sort of comments (at least in physical conversation, perhaps it's less advisable through the medium of the web).


What? People get confused. I get confused. You get confused (as evidenced by this post). Everybody gets confused, just like everybody poops.


Nobody's actually confused. He did not literally mean to say anyone was confused. He's essentially saying "you were naive to think this blog was more than a marketing channel".


KwanEsq explained exactly what I intended with my introduction.


We need the ability to upvote and downvote specific sentences!


Every comment ought to be a file in a git repo, so that we can send pull requests.


I've previously considered some kind of social website built around the idea of annotating arbitrary sections of existing content instead of replying postwise. I can't help but suspect it'd deteriorate into a Derrida-esque anarchy of words, though.


Isn't that basically Wikipedia?


Well, in WP you can edit what other people have put up, too. I think the closest existent website to what I had in mind is http://everything2.com (WARNING: massive time sink).


I guess if anybody is to confirm that it's in fact a circus, it'll be the TSA themselves. It would be funny if it wasn't so sad.


From a comment on that page by "greg":

Based on their logic, the TSA should also withdraw from the hearings as they're involved in the lawsuits.


Canadian here -- a non-American perspective: your President has no cojones. If he had a pair, the TSA is one of the things he could have easily remedied, or better controlled.


Your assuming that security theater, a large target for public's anger, and a ready source of media distractions aren't all very valuable tools for The Office of the President.

1984 was a very good instruction manual.


It's not like there's a lack of deserving decoys out there. However, the TSA has the advantage of "reaching out and touching" people literally by the multi-millions. The current situation was put in place by George W. as well. They may be the best outrageous government agency the current administration could hope for to look good by comparison to.


Darrell Issa (one of the committee leaders) is fairly active on twitter. Let him know your concerns: https://twitter.com/#!/DarrellIssa


So I guess they answered the question in the title of the hearing before it even started: theater.


I also emailed my rep. (Carolyn Maloney, D-NY) who is on the TSA oversight board.


A lady asked Dr. Franklin, "Well Doctor, what have we got a republic or a monarchy?"

"A republic," replied the Doctor. "If you can keep it.”

Feels like we've lost it: the monarchists have won it back.

The pity is they're not even very good monarchists.


No, a lot of our extant problems would not be present under any reasonably sane (not necessarily benevolent) monarch, very likely including some of the more useless security apparatus. We'd just have different problems.


I was not implying that we'd be better off with a monarchy.

Only that the rascals in charge _want_ to be a monarchy, and they're not very good at it.


Duh.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: