18 February 2008
Add another privacy threat to the list of things you can do nothing about:
A technical glitch gave the F.B.I. access to the e-mail messages from an entire computer network — perhaps hundreds of accounts or more — instead of simply the lone e-mail address that was approved by a secret intelligence court as part of a national security investigation, according to an internal report of the 2006 episode.
[…]
The episode is an unusual example of what has become a regular if little-noticed occurrence, as American officials have expanded their technological tools: government officials, or the private companies they rely on for surveillance operations, sometimes foul up their instructions about what they can and cannot collect.
7 February 2008
Going through old Bruce Schneier essays, I came across one that downplays the danger of cyberterrorism:
The worry is that a terrorist would cause a problem more serious than a natural disaster, but this kind of thing is surprisingly hard to do. Worms and viruses have caused all sorts of network disruptions, but it happened by accident. In January 2003, the SQL Slammer worm disrupted 13,000 ATMs on the Bank of America’s network. But before it happened, you couldn’t have found a security expert who understood that those systems were dependent on that vulnerability. We simply don’t understand the interactions well enough to predict which kinds of attacks could cause catastrophic results, and terrorist organizations don’t have that sort of knowledge either — even if they tried to hire experts.
But Schneier says that worrying about cyberterrorism can have useful side-effects:
Luckily, the same countermeasures aimed at cyberterrorists will also prevent hackers and criminals. If organizations secure their computer networks for the wrong reasons, it will still be the right thing to do.
