Last night I was reading though the CiviCRM documentation, which is actually incredibly well written for tech docs. I came across the following, which stopped me in my tracks.
Data storage jurisdiction
As mentioned before, CiviCRM can be run from the server or from the cloud. When working with issues around human rights, or if an organisation is gathering sensitive information about a country’s government or its officials, it is quite important to know where your data is stored. This is especially important when data is stored “in the cloud”, when it’s not obvious where the data is physically stored. Not getting into details, it might be good to have detailed information about where the servers are physically located, and which country’s jurisdiction is used in case of governmental requests for information.
Other security concerns
It should be remembered that many successful attempts of unauthorised access don’t have too much to do with IT systems security. It’s often social engineering, physical access to server and client machines or using violence against people who have authorised access to data that are responsible for break-ins. Therefore, making sure that data is secure requires also extensive, on-going training of system users and making sure that they are familiar with all the necessary precautions.
Right. This software is getting used by organizations in countries where governments are actively trying to get this data to stomp out political unrest. While I’d still have to worry about security for my deployments, I don’t have to worry about the worst of this. But for many people, in many parts of the world, this is a real and present danger.
That’s important not to forget.
A lot of people are upset about the TSA scanners, and I’m with them. It’s ridiculous how burdensome flying is becoming for no appreciable safety increase. The most dangerous part of flying is driving to the airport. We surely aren’t spending $8b to make that safer.
Unfortunately, a big part of the rallying cry is around “be afraid of the x-rays”. I was surprised how many of my tech friends got wrapped up in this one, even though the available data suggests otherwise. The FDA has a pretty thorough write up about the process and testing for the scanners. I do get that people, in general, aren’t interested in facts, but I was hoping that in a more educated and technical audience that wouldn’t be as true. Running around saying “be afraid of x-rays” is the same kind of scare mongering as the TSA is using to put all these ridiculous enhanced security measures in place.
Fighting fear with fear just generate hysteria and stampedes, and drowns out all the rational conversation, the one that shows just how ineffective and invasive these scanners are.
I think Seth Godin gets to the heart of things around the TSA and the new scanners:
Smart marketers know how to pivot. I think it’s time to do that. Start marketing the idea that flying is safe, like driving, but it’s not perfect, like driving. If someone is crazy enough to hurt themselves or spend their life in jail, we’re not going to stop them, and even if we did, they’d just cause havoc somewhere else. So instead of spending billions of dollars a year in time and money pretending, let’s just get back to work.
The current model doesn’t scale.
I’m anti TSA back scatter scanner, but it’s not because of the radiation, which is actually quite small. Coming in at a measure of 0.005 mrem, it’s about 1/2 of what you get by eating a banana. If you live in a brick house you are getting at least 20x that radiation level every day.
I’m anti back scatter scanner because I think it’s a 4th amendment violation, and that it’s an incredibly expensive waste of money. That money could be better spent on kitchen safety, as kitchen appliances kill more people a year than terrorists do.
Last night I finally figured out why Amazon wouldn’t let me view inside books, it was because I still had HTTPS everywhere enabled for amazon. It’s a neat idea to force your web session secure for sites that support it, but don’t make it easy. Good in theory… in practice not so much.
It makes me wonder what part of the internet is used by the folks writing this addon, because it doesn’t seem to be the same part that I’m using.
Via Bruce Schneier:
Air marshals are being arrested faster than air marshals are making arrests.
Actually, there have been many more arrests of Federal air marshals than that story reported, quite a few for felony offenses. In fact, more air marshals have been arrested than the number of people arrested by air marshals.We now have approximately 4,000 in the Federal Air Marshals Service, yet they have made an average of just 4.2 arrests a year since 2001. This comes out to an average of about one arrest a year per 1,000 employees.
Now, let me make that clear. Their thousands of employees are not making one arrest per year each. They are averaging slightly over four arrests each year by the entire agency. In other words, we are spending approximately $200 million per arrest. Let me repeat that: we are spending approximately $200 million per arrest.
This theme can be found all over the web, especially among security folks. Anyone that can do basic math can work out for themselves their chance of death from terrorists vs. their morning commute, for instance. And yet, the underwear pants on fire guy, who caused no casualties, got weeks of media coverage. Tom Engelhardt provides a good current summary:
Under the circumstances, you would never know that Americans living in the United States were in vanishingly little danger from terrorism, but in significant danger driving to the mall; or that alcohol, tobacco, E. coli bacteria,
fire, domestic abuse, murder, and the weather present the sort of
potentially fatal problems that might be worth worrying about, or even
changing your behavior over, or perhaps investing some money in.
Terrorism, not so much.