Originally ran in the Daily Texan [dailytexanonline.com] on 8/30/04.
Rethinking our false security
Cameras poor solution to defend high-profile areas
By Al Sweigart
Clues for finding the culprits behind the recent MLK vandalism are limited to grainy footage from the two cameras by the statue. The tapes are only able to confirm that two bipedal figures indeed defaced the statue at 3:21 a.m., but little else. It should not be surprising that the surveillance cameras protecting the statue were useless.
Our problem starts out simple: Deter vandals from defacing the MLK statue. The University slaps up a couple video cameras and declares the problem fixed. Unfortunately, someone can easily walk up to the camera from behind to spray paint over the lens, or wear a mask, or – in the case of the recent incident – do nothing at all, because the video quality cannot identify anyone anyway. Far too often a security problem is declared solved so that authorities no longer have to shoulder responsibility for it.
There are numerous areas on campus where false security exists. The big screen television in the isolated Taylor Hall basement is guarded by a sole camera which can easily be covered up. The computers in the UGL have the Windows CD-Autorun feature enabled which can let hackers run a keystroke logger and catch passwords from the login screen. And, as I write this, the proctor at the computer lab slowly writes out individual usernames and passwords on a yellow post-it to hand to computer science freshmen, in plain view of the people in line behind. If you lose that paper, there is no procedure to ever change your password.
President Faulkner wants renewed security efforts, including “image analysis” to identify when suspicious behavior is taking place. However, computer scientists and security experts know that such systems are notorious for mistakes and false positives. It is very difficult for a computer to identify objects and people from an image, and next to impossible for a programmer to define unambiguous rules of “suspicious behavior” for the software. And, in the end, simple tricks such as wearing a mask or blocking the camera will defeat these measures anyway.
Security expert and author Bruce Schneier has said, “Security is a process, not a product.” There is no expensive techno-gadget that you can install that will solve all your security problems – though there are many products for sale that make that claim.
A national ID card will not prevent terrorism. Giving handguns to pilots will not make flying safer. Computerized voting will not ensure more accurate elections. Confiscating nail clippers from children does not protect our schools.
Since Sept. 11, this country has become obsessed with security, passing reckless legislation, destroying our civil liberties and entering war under fabrications and misleading agendas. Getting “tough on crime” or “tough on terrorism” is a favorite line for politicians to tout during an election. But we don’t have a lack of law enforcement; we have a lack of effective law enforcement.
We can respond to the threats we face with anxiety, cop-out solutions and finger-pointing, or we can keep a cool head, do a common-sense assessment and implement practical security protocols that admit their limitations and reach.