SecurityInfoWatch.com Blogs

Ever been standing in a security line at ATL, LAX, ORD, facing a TSA screener sporting a nasty look, a blank stare, a cheerful face (probably not this last one), and wondered, What on Earth are they thinking about?

I stumbled upon a Web site this morning that may give a little insight into this question. TSA-Screeners.com claims to serve the TSA screener community with screening-related news, advocacy, editorials, a comic strip, parodies and forums. Its opening banner reads “This is a private website not affiliated with the U.S. government … so speak freely.” 

The site was created by a military and law enforcement veteran whose wife worked as a TSA screener before leaving the organization with four official complaints in her wake. So is it unbiased coverage of this federal organization’s news and operations? Um … no. But it represents a side of the coin not often publicized, and it’s certainly an interesting read.

Right now, the U.S. House is debating HR1, “Implementing the 9/11 Commission Recommendations Act of 2007.” Some news outlets (Fox) have noted that HR1 will require private companies to prepare for terrorism. From a quick reading of Title XI of the bill, “Private Sector Preparedness,” I would say “require” may be a strong word. In its current form, the bill seems to be after only voluntary preparedness standards. But however this bill turns out, it’s something you’re going to want to keep an eye on. You can read the text of the bill in its original form at http://thomas.loc.gov. Search for HR1.

Marleah

Today on the newswire I saw a story announcing that FEMA is adopting a new symbol for emergency management “to call on America not to become complacent about preparedness.” (I’m sure many Americans would like to turn around and tell FEMA exactly the same thing.) The symbol is meant to replace the old “civil defense” triangle-in-a-circle icon that appeared on fallout supplies in the 50s and 60s.

Anybody else think there are some skewed priorities here?

The announcement suffers some unfortunate timing, without a doubt. It comes the same day news outlets picked up on a federal judge’s ruling that FEMA unconstitutionally stopped payment to Katrina victims in February without stated cause.

I’m not saying a new icon is useless. The press release states that “not since these cold war relics (the civil defense symbols) has there been any universal visual associated with the field that is so critical to life, safety and security.” They’re right. Everyone knew the civil defense symbol. Everybody knew what it meant. But it was also bolstered by a massive PR campaign of ads, radio announcements and now notorious grade-school filmstrips.

People were afraid of the unpredictable then, and they trusted the government to show them what to do when the unpredictable happened. People are afraid of the unpredictable now. Period.

The slogan that appears under the new icon is “Public Safety, Public Trust.”

Note to FEMA: Make sure you have the goods before you start advertising them. 

Marleah

NB: Thanks to Fark.com for making my headline writing easy.

It’s that time of year, folks. Wal-Mart’s garden department has evaporated to make room for plastic wreaths and tacky inflatable elves, Target and Gap commercials have become (amazingly) more annoying than usual, and even though I haven’t bought my Thanksgiving Tofurkey yet, my mailbox is filled with red-and-green flyers. Yes, we’re entering into that cornerstone of capitalism, that green-eyed, debt-soaked time we call The Holiday Season (insert soap-opera-style dramatic swell here).

Besides the T.M.X. Elmo and the PlayStation 3, one of the most hyped product releases of this year’s spend-o-rama is Microsoft’s Zune MP3 player, which was released Tuesday with more of a splat than a bang. Critics have attacked the Zune’s looks, size, controls, and download services in comparison with its target competitor, the Apple iPod. I have no opinion on this one way or the other. One thing that did catch my eye, though, was a report on Mary Foley’s ZDNet blog (http://blogs.zdnet.com/microsoft/?p=104) claiming that the Zune has been shown to be incompatible with Microsoft’s new Windows Vista. (This report was confirmed by Microsoft this morning, according to VNUNet.com.)

Since Vista is going to be released to the general public as a stand-alone or standard preinstalled OS in January, the lack of compatibility is puzzling. You’d think it would have been a no-brainer for Microsoft. Perhaps both projects just got so big, the compatibility issue escaped them.

Now switch gears and think about your own security systems planning. When you’re looking at a major upgrade or installation, or even a minor one, it can be easy to focus only on the project at hand and its immediate requirements. But take a moment to consider other plans in the works and other systems already in use. Gather all the stakeholders in your organization and talk with them to make sure you’re not making an omission that someone might, after-the-fact, consider a no-brainer. 

-Marleah

On Tuesday, Slashdot.org linked to a report issued by the DHS Data Privacy and Integrity Advisory Committee that strongly recommended against the use of RFID in government-mandated cards and documents. You can view the report here: http://www.dhs.gov/xlibrary/assets/privacy/privacy_advcom_rpt_rfid_draft.pdf.  

This news comes on the heels of some other recent developments in RFID, including the October 19 announcement that researchers at the University College London planned to develop a system of tagging all airline passengers with RFID tags to allow their movements to be tracked. (Geoff Kohl raised some very legitimate questions about this project in last week’s Security Week that Was column - http://www.securityinfowatch.com/article/article.jsp?id=9718&siteSection=306.) 

To many of us, programs like this prospective airline tagging system sound pretty far-fetched. But the DHS committee’s report on RFID gives the impression that they have wholeheartedly bought into the feasibility of such programs, because some of their arguments against the technology sounded like they were based on a sci-fi series rather than real, available applications. This leaves me with three possible conclusions: 1) There is significant successful government R&D on RFID people tracking of which we’re unaware. 2) The committee is so concerned about the potential impact of RFID on personal privacy that they’re covering all the bases of possible future applications in order to stop the government’s use of the technology before it has a chance to progress. 3) These guys didn’t do enough research.

 Read it yourself. What do you think?

-Marleah

This week I read an op-ed in the New York Times in which writer Jeff Stein described the responses he received when he asked U.S. counterterrorism officials and members of Congress whether they know the difference between a Sunni and a Shiite. (http://www.nytimes.com/2006/10/17/opinion/17stein.html) To his purported surprise, a number of his subjects had no idea. Stein argued that if the decision makers in our War on Terror are underinformed, their decisions may put the country in more danger.

I’m not trying to turn this blog into a political forum; this article put me in mind of an important issue in corporate security. As much as our national security concerns have been changing over the last few years, this should serve as a reminder to all corporate security executives to carefully examine the threats to their organizations and facilities on a regular basis. Just as escalating Sunni-Shiite conflicts in Iraq may be reshaping the face of the enemy in the War on Terror, the changes this conflict and other events have recently wrought on our country may be reshaping the threats to your organization. Don’t overlook them.

Thanks for popping in to read the first post on my blog. I’m the behind-the-scenes gal on Security Technology & Design. Many of you know Steve Lasky, our editor, from his monthly editorial, The Front Page. I’m hoping to use this space as my own little Front Page, a place to discuss thoughts about security and the industry that don’t always fit in the pages of the magazine. For my inaugural post, a brief observation about retail security in practice.

Not far from my house, there’s a box store—one of those giants of retail industry that sells peanuts by the gallon and toilet paper by the cartful. Recently, this store implemented self checkout stations where its “10 or less” aisles used to be. I was ecstatic. I do a lot of shopping at this place, often stopping in for just a couple of things, and I’d always seen the self checkout as a way to turbo charge an otherwise boring and irritating trip through the cashier’s line.

At first, it was like a honeymoon. I’d pop into the store on a whim, pick up an item or two, whiz through the line and be on my way. But it wasn’t long before things began to change. I got to the store one Friday evening and the lines for self checkout extended out into the main aisle. I wondered if Friday was the universal night for technophobes to slowly and deliberately face their fears, but then I looked around and noticed that only two of the normal cashier lines were open, and their lines were also winding out into the aisles.

It took nearly 20 minutes to get through the self checkout. When I finally turned to leave, with my three items in their bag, I noticed that there was only one employee stationed in the entire self checkout bank. Eight registers, one employee.

The store only had to pay three cashiers for the evening. But they lost some customers who decided they would rather go someplace else than wait in these lines. And they certainly compromised their security.

The single employee supervising the self checkout lines was overwhelmed—running this way and that to check an ID for an alcohol purchase here, help a confused customer over there, log in to override a purchase here, call a manager for assistance over there. This employee had no time to watch for customers who may be leaving items in their carts without scanning them. Even if she hadn’t been overwhelmed, she couldn’t have easily kept track of the motions of all the people at eight registers. What’s more, the employees who man the door of the store to check receipts against cart contents were nowhere to be seen.

There are great technologies out there for every industry that can help a business save plenty of money. It’s smart business to use self checkout to decrease manpower costs. But in every industry, common sense has to play a part in technology implementations. We’ve said it again and again: Technology will not do its job unless it’s followed up with solid process and training. This is true specifically in security as well. The shiny new surveillance system isn’t worth a dime if no one’s paying attention to the monitors, or if you can’t locate an incident in your recorded archives. The smart card reader alone doesn’t stand a chance against a door prop.