Amit Yoran resigns

Amit Yoran, a former software executive from Symantec Corp., informed the White House about his plans to quit as director of the National Cyber Security Division and made his resignation effective at the end of Thursday, effectively giving a single’s day notice of his intentions to leave.

Yoran said Friday he ”felt the timing was right to pursue other opportunities.” It was unclear immediately who might succeed him even temporarily. Yoran’s deputy is Donald ”Andy” Purdy, a former senior adviser to the White House on cybersecurity issues.

(From The Boston Globe.)

Why Is Air Travel So Cheap?

The cost of last minute ticket doesn’t seem to be enough for airlines to break even.

How much of this is due to a lingering fear of flying? How much of it is the extra cost to travelers, in inconvenience and hassle, of being bit players on the security stage?

As long as a carrier is flying a route, it makes sense to fill as many seats as possible, even for $5, because the airline has high fixed costs, and low marginal costs. (Assuming that they don’t bring up new gate personnel or flight crew for a busy flight. If they do, then the bottom price for a ticket is higher.) Now, they don’t want to sell $5 tickets because if they do, then no one will pay $200 for the ticket. It’s framing effects. But costs are clearly too low, long term, for airlines to survive.

But I’m curious. Does our color-coded alert system, people pawing through bags, and all the rest of it has a measurable economic impact?


I’ve realized recently that I have no real idea of what’s happening in Iraq. On the one hand, we have bubbly optimists like Chrenkoff. On the other, people like Wall St Journal reporter Farnaz Fassihi, whose email is getting wide circulation.

The Iraqi bloggers I read (generally) sound more optimistic than despairing, which is good. It’s clear to me that the US needs to stay the course, as bad as that may well become, because pulling out would be an unmitigated disaster. Al Qaeda got a huge boost from the (US backed) Islamist victory over the Soviet Union in Afghanistan. Withdrawing from Iraq would give them another huge boost, even if they’ve lost in Afghanistan to the US.

(From Editor and Publisher on Fassihi, via BoingBoing.)

[Update: several people have asked, how can you believe that “it’s anything but *cked up over there?” My answer is reading the Iraqi blogs, it just doesn’t seem that what they’re witnessing is either the doom and gloom of the left wing press, or the sunshine of the right-wing press. Its really hard for me to judge what’s really going on at any sort of macro level.]

Nevada Gaming Commission vs. Diebold

It’s always good to see our best resources being applied to the most important things in society, like voting. The “independant” validation, paid for by the software creators, is closed to the public. But when the Nevada Gaming Commission gets into the act, it seems they know a scam when they see one. (Disclaimer: I voted in that Defcon study, but have no evidence my vote was counted.)

For more information, see the Black Box Voting book page, Avi Rubin’s site, or Rebecca Mercuri’s site. Dr. Mercuri was the first one I know of to start beating this drum, and we owe her a vote of thanks.

[Update: The story isn’t actually new. I’d heard Nevada was requiring audit trails, but hadn’t heard it was the NGC that was responsible until Randal Schwartz pointed it out to me. (I’d link to the message, but it hasn’t been through moderation yet.)]

Travel, Speaking Plans in October

I’m speaking at the Atlanta Chapter of the High Tech Crime Investigative association, October 11th, on a “Privacy Industry View of Reducing Cybercrime.” This is an extended version of Zero-Knowledge’s talk we gave to law enforcement.

I’m speaking at the Inaugural Security Leadership conference, in Arlington, Texas on the 19th, on “Beyond Penetrate, Patch and Pray,” which is a new talk that I haven’t put online yet.

I’ll be attending (but not speaking at) Phreaknic in Nashville, on the 22nd and 23rd.

"A Roadmap for Forgers"

Ed Felten has a great post over at Freedom To Tinker about Rather-Gate:

In the recent hooha about CBS and the forged National Guard memos, one important issue has somehow been overlooked — the impact of the memo discussion on future forgery. There can be no doubt that all the talk about proportional typefaces, superscripts, and kerning will prove instructive to would-be amateur forgers, who will know not to repeat the mistakes of the CBS memos’ forger. Who knows, some amateur forgers may even figure out that if you want a document to look like it came from a 1970s Selectric typewriter, you should type it on a 1970s Selectric typewriter. The discussion, in other words, provides a kind of roadmap for would-be forgers.

On top of educating forgers, the debate, at least for those who followed it, has provided an education in document authentication. So not only are the forgers smarter, but so is the general public. That’s a very good thing.

Many security problems are built into products because the designers don’t know about a problem, or become convinced that no one else will discover it. A better educated public helps to address both these issues: Designers are more likely to know about problems, and once they know them, management is less likely to dismiss them as improbable or obscure.

Cultural Imperialism At Its Best

Abdul Hadi al-Khawaja is being detained for 45 days over charges of inciting hatred against the [Bahrain] regime. His Bahrain Centre for Human Rights (BCHR) ignored warnings it had contravened association laws, a government statement said. The centre had protested at the arrest, saying Mr Khawaja was just “practising his basic rights, namely free speech”.

There are times I love cultural imperialism, and this is one of them. The idea that some rights are inalienable has spread around the world, and made the world a better place.

(Via BBC)

"Tomorrow is Zero Hour"

More than 120,000 hours of potentially valuable terrorism-related recordings have not yet been translated by linguists at the Federal Bureau of Investigation, and computer problems may have led the bureau to systematically erase some Qaeda recordings, according to a declassified summary of a Justice Department investigation that was released on Monday.

The problems, unsurprisingly, are managerial:

The F.B.I. “has not prioritized its workload nationwide to ensure a zero backlog in the F.B.I.’s highest priority cases – counterterrorism cases and, in particular, Al Qaeda cases,” the report found.

The 9/11 Commission report found flaws with the “lead office” system that the FBI has, where the office where a case originates gets all the credit. I wonder if that plays in here?

Audio recordings that relate to Qaeda investigations are supposed to be reviewed within 12 hours of interception under F.B.I. policy. But the report found that deadline was missed in 36 percent of nearly 900 cases that the inspector general reviewed. In 50 Qaeda cases, it took at least a month for the F.B.I. to translate material.

Heads ought to be rolling at this point.

Quotes are from a New York Times story, see also what the BBC had to say. The title, incidentally, is from a September 10th intercept.

Overall, it doesn’t make much difference that the Army kicked out nine linguists for being gay. That’s less than 1% of the workforce at the FBI. But it does indicate that our national priorities remain somewhat skewed.

Maybe if we stopped insisting that security and liberty are always opposed, and started talking about how liberty and security can complement each other, we’d be doing better?