Denise is reading Ben Jones’ blog & laughing uproariously every minute or so. Then she finds a post that really kills her.
Denise (laughing): Listen to this one: “People make fun of the fact that I wear a Speedo when I swim.”
Scott: Like you are now.
Denise (outraged): I’m not wearing a speedo!
From Matt Asay’s “Words to live by“:
This was one of the few things I learned at Stanford Law School: you never want to have to enforce a contract, because the clear interpretation of a contract becomes much less clear the minute both sides stop agreeing on that interpretation.
Good advice re: contracts Read More »
From Bruce Schneier’s “Should Terrorism be Reported in the News?” in Crypto-Gram (15 May 2005):
One of the things I routinely tell people is that if it’s in the news, don’t worry about it. By definition, “news” means that it hardly ever happens. If a risk is in the news, then it’s probably not worth worrying about. When something is no longer reported — automobile deaths, domestic violence — when it’s so common that it’s not news, then you should start worrying.
How to know if you should worry Read More »
From Bruce Schneier’s “REAL ID” in Crypto-Gram (15 May 2005):
REAL ID also prohibits states from issuing driver’s licenses to illegal aliens. This makes no sense, and will only result in these illegal aliens driving without licenses — which isn’t going to help anyone’s security. (This is an interesting insecurity, and is a direct result of trying to take a document that is a specific permission to drive an automobile, and turning it into a general identification device.)
Shoehorning drivers licenses Read More »
From Bruce Schneier’s “Sensitive Security Information (SSI)” in Crypto-Gram (15 March 2005):
For decades, the U.S. government has had systems in place for dealing with military secrets. Information is classified as either Confidential, Secret, Top Secret, or one of many “compartments” of information above Top Secret. Procedures for dealing with classified information were rigid: classified topics could not be discussed on unencrypted phone lines, classified information could not be processed on insecure computers, classified documents had to be stored in locked safes, and so on. The procedures were extreme because the assumed adversary was highly motivated, well-funded, and technically adept: the Soviet Union. …
In 1993, the U.S. government created a new classification of information — Sensitive Security Information. The information under this category, as defined by a D.C. court, was limited to information related to the safety of air passengers. This was greatly expanded in 2002, when Congress deleted two words, “air” and “passengers,” and changed “safety” to “security.” Currently, there’s a lot of information covered under this umbrella. …
The rules for SSI information are much more relaxed than the rules for traditional classified information. Before someone can have access to classified information, he must get a government clearance. Before someone can have access to SSI, he simply must sign an NDA. If someone discloses classified information, he faces criminal penalties. If someone discloses SSI, he faces civil penalties.
SSI can be sent unencrypted in e-mail; a simple password-protected attachment is enough. A person can take SSI home with him, read it on an airplane, and talk about it in public places. People entrusted with SSI information shouldn’t disclose it to those unauthorized to know it, but it’s really up to the individual to make sure that doesn’t happen. It’s really more like confidential corporate information than government military secrets. …
The U.S. government really had no choice but to establish this classification level, given the kind of information they needed to work with. For example, the terrorist “watch” list is SSI. If the list falls into the wrong hands, it would be bad for national security. But think about the number of people who need access to the list. Every airline needs a copy, so they can determine if any of their passengers are on the list. That’s not just domestic airlines, but foreign airlines as well — including foreign airlines that may not agree with American foreign policy. Police departments, both within this country and abroad, need access to the list.
Confidential, Secret, Top Secret … and SSI Read More »