The new issue of Bruce "Applied Cryptography" Schneier's excellent Crypto-Gram newsletter came out last night. It's very good this month — there's a very sharp analysis on why counterattack is a bad idea:
And the State has more motivation to be fair. The RIAA sent a
cease-and-desist letter to an ISP asking them to remove certain
files that were the copyrighted works of George Harrison. One of
the files: "Portrait of mrs. harrison Williams 1943.jpg." The
RIAA simply Googled for the string "harrison" and went after
everyone who turned up. Vigilantism is wrong because the
vigilante could be wrong. The goal of a State legal system is
justice; the goal of the RIAA was expediency.
And the Department of Homeland Security's broken assumptions:
Centralizing security responsibilities has the
downside of making our security more brittle, by instituting a
commonality of approach and a uniformity of thinking. Unless the
new department distributes security responsibility even as it
centralizes coordination, it won't improve our nation's security.
Security has two universal truisms relevant to this discussion.
One, security decisions need to be made as close to the problem
as possible. This has many implications: protecting potential
terrorist targets should be done by people who understand the
targets; bombing decisions should be made by the generals on the
ground in the war zone, not by Washington; and investigations
should be approved by the FBI office that's closest to the
investigation. This mode of operation has more opportunitie s
for abuse, so competent oversight is vital. But it is also more
robust, and is the best way to make security work.Two, security analysis needs to happen as far away from the
sources as possible. Intelligence involves finding relevant
information amongst enormous reams of irrelevant data, and then
organizing all those disparate pieces of information into
coherent predictions about what will happen next. It requires
smart people who can see connections, and who have access to
information from many disparate government agencies. It can't be
the sole purview of anyone, not the FBI, CIA, NSA, or the new
Department of Homeland Security. The whole picture is larger
than any single agency, and each only has access to a small slice
of it.
And much more.
