It's Crypto-Gram day again. It's a good issue this month, IMO worth reading in full, but my favorite highlights follow.
Item number one: airport security officers planted a bomb in an air passenger's luggage as a system security test, then failed to find it:
Dateline: Canada—A routine test of airport security turned into a Marx Brothers routine after security officers mistakenly sent a passenger home with a suitcase full of TNT. The TNT was supposed to be planted in the bags of a Montreal security agent. Instead, it somehow ended up stuffed into the luggage of an unsuspecting overseas passenger who arrived at Pierre Elliot Trudeau International Airport last Friday. The unnamed passenger went to a friend's house where he found the explosives concealed in a jam jar and placed inside his suitcase. The man immediately called Quebec provincial police. The TNT, which officials say had no detonator attached, was meant as part of a weekly test for bomb-sniffing dogs at the airport. Ironically, the dogs failed to detect the explosives. The passenger and his baggage were able to pass though airport security unchecked. “Our investigation is going to reveal exactly what happened,” airport security spokesman Pierre Goupil told TV network TVA.
Item number two: Schneier points to a Wired News article about Coca-Cola and the NSA:
Coca-Cola has a new contest. Hidden inside 100 cans of Coke there's a SIM card, GPS transmitter, and a microphone. The winners activate the Coke can by pressing a button, which will call a central monitoring facility. Then Coke tracks the winners down using the GPS transmitter and surprises them with their prize.
NSA engineers drink Coke. Lots and lots of Coke. The possibility that an active microphone in a Coke can could be in one of the NSA's highly secure facilities is worth considering. A reasonable threat analysis might look like this: "You know, the chances that one of these 100 cans out of hundreds of millions of cans ends up in our building is extremely small -- somewhere around 1 in 100,000 -- so it's not worth worrying about."
But the NSA's Information Staff Security Office) decreed differently: "It is important that ALL cans of Coca-Cola within our spaces be inspected. This includes cans already in our buildings and those being delivered on a daily basis. If you discover one of these cans, DO NOT activate it. Instead, you should alert your ISSO immediately and report the incident."
Schneier has more... (scroll down to "Security Notes from All Over")
Lastly, on a serious note, Schneier discusses security implications of torture, in light of a couple of recent Salon articles on Abu Ghraib and the French experience with torture in Algiers. Schneier writes:
Torture has been in the news since 9/11, most recently regarding the U.S. military's practices at the Abu Ghraib prison in Iraq. Politics isn't my area of expertise, and I don't want to debate the politics of the scandal. I don't even want to debate the moral issues: Is it moral to torture a bomber to find a hidden ticking bomb, is it moral to torture an innocent to get someone to defuse a ticking bomb, is it moral to torture N-1 people to save N lives? What interests me more are the security implications of torture: How well does it work as a security countermeasure, and what are the trade-offs? This is an excellent pair of essays about how ineffective torture really is. Given that torture doesn't actually produce useful intelligence, why in the world are we spending so much good will on the world stage to do it?
Which puts me in mind of some truly nausea-inducing claims that Sy Hersh has been talking about recently. We must, we must win America back from the criminals running this country, for the sake of our consciences and for the sake of the world.