Two Fascinating Exhibits on Data Security

By James Fallows

1) From Google (via Network World) [and via The Atlantic this morning!] , a new video of security procedures at its data centers. This is fascinating for several reasons, most of which I will let you figure out on your own. A charming deadpan moment comes at about time 3:40, when the video describes how out-of-service disk drives are destroyed, to prevent unauthorized data leaks, "with a device known as 'the crusher.' " Shown below. Hmmm, I wonder how they came up with the name:

TheCrusher.png

The video also describes the layers upon layers of storage and backups, to provide "a level of redundancy to help safeguard its customers' data." Naturally it was impossible for me to hear that without thinking of the "your data cannot be recovered" predicament for some Gmail users whose accounts have been hacked. (Yes I recognize the difference. Here Google is talking about its for-pay Apps system, which it sells to commercial customers in competition with Microsoft etc, rather than its free Gmail service.)

In any case this is a whole different view of Google's operation, and reminds me of the "Welcome to the Strategic Air Command!" patriotic/instructional film strips I saw in my school days. Gives new connotations to "the cloud."




2) From the Mercatus Center at George Mason University, a study cautioning that the current wave of cybersecurity warnings amounts to "threat inflation" of a kind we have seen before. As the authors, Jerry Brito and Tate Watkins, put it:

>>Over the past two years there has been a steady drumbeat of alarmist rhetoric coming out of Washington about potential catastrophic cyber threats....

The rhetoric of "cyber doom" employed by proponents of increased federal intervention, however, lacks clear evidence of a serious threat that can be verified by the public. As a result, the United States may be witnessing a bout of threat inflation similar to that seen in the run-up to the Iraq War. Additionally, a cyber-industrial complex is emerging, much like the military-industrial complex of the Cold War. This complex may serve to not only supply cybersecurity solutions to the federal government, but to drum up demand for them as well.<<

The significance of the study, apart from its own full-length argument (and preview version), is that Mercatus is generally seen as an institution of the right rather than the left. Its own site says it is  "the world's premier university source for market-oriented ideas.... Mercatus works to advance knowledge about how markets work to improve our lives." Thus it represents a significant libertarian-right voice of concern about this latest expansion of the permanent national-security surveillance state. Among the tragedies of America's response to the 9/11 attacks is that, for partisan reasons, many libertarians/Constitutionalists on the right were slower to criticize expansion of the surveillance/security/detention state than they should have been. (Honorable exception: the Cato Institute.)

I am hardly saying that there is no cyber-risk -- on the national scale it can be significant, and my family has just dealt with a destructive attack. But the emphasis on proportionate response, and the need to guard other values, comes at the right time. We should debate these threats rather than continuing to cower. (Update: also see this story on companies crying wolf about cyberattacks, and the concept of "Advanced Persistent Threat.")

Speaking of cowering, check out two strong, angry recent "Ask the Pilot" posts from Patrick Smith at Salon. One is on the insanity of the "gels and liquids" rule; the other, which is on the continuing mindlessness of airport security, ends with these discouraging words.

>>For several reasons, from passenger awareness to armored cockpit doors, the in-flight takeover scheme has long been off the table as a viable M.O. for an attack. It was off the table before the first of the twin towers had crumbled to the ground. Why don't we see this? Although a certain anxious fixation would have been excusable in the immediate aftermath of the 2001 attacks, here it is a decade later and we're still pawing through people's bags in a hunt for what are effectively harmless items.

 [After a really stupid inspection] it hit me, in a moment of gloomy clarity: These rules are never going to change, are they?<<

I would like to think that is not true.

This article available online at:

http://www.theatlantic.com/technology/archive/2011/04/two-fascinating-exhibits-on-data-security/237891/