Good as Gold Plastic

I ran across this story about Canadian counterfeiters, and I was interested because of the quote below,

“Because the polymer series’ notes are so secure … there’s almost an overconfidence among retailers and the public in terms of when you sort of see the strip, the polymer looking materials, everybody says ‘oh, this one’s going to be good because you know it’s impossible to counterfeit,'” he said.

“So people don’t actually check it.”

which is an interesting comment on the mindset of people. If you’ve read Surely You’re Joking, Mr. Feynman you might see there’s some similar commentary on people thinking things were safe just because (there’s a safe, or a fence) but when it came down to the details, people were pretty stupid about actually leveraging the features that would have made the systems secure. (Though Feynman explains it from a different perspective than that).

With this presumably false sense of security, there are actually some counterfeit bills in the system

Pound said since the polymer series was announced in 2011, police have confirmed 56 polymer counterfeit notes across Canada, out of about 500-million polymer notes in circulation.

But then it occurred to me that the article didn’t actually mention any context for these numbers, and context is important. Is the system failing — is ten bills out of a million a big number? With a little searching I ran across an even more interesting article on how Canada got to the point where they decided to use polymer (don’t call it plastic!) currency.

By [2004] Canada’s counterfeit rate had ballooned to 470 PPM. That year alone, 552,692 forged banknotes were passed, a record number. Canada’s PPM level was as much as 100 times the ratio of some G20 countries.

Which means that the 10 PPM 0.1 PPM for the polymer bills is a huge improvement and even lower than Canada’s rate in 1990, which was just 4 PPM. The article says that 50 PPM is considered the threshold for having a counterfeiting problem. So while the complacency might be a problem, the new system is working pretty well.

edit: Fixed the last paragraph. A little mathlexia.

CSI:Time Machine

Before fingerprinting

It was essentially a criminal justice Dewey Decimal System, the first step in taking police out of the dark ages. Before Bertillion standardized measurements, police just had a jumble of descriptions and photographs with no way to organize them so they’d almost never be able to cross reference existing records when people were arrested.

Fingerprinting isn’t the only technology difference in criminal investigation, of course. Much of forensic pathology dates from after this time.

Banished Balls

Forbidden spheres

Imagine the scenario: you’re a security officer working at Los Alamos. You know that spheres are weapon parts. You walk into a technical area, and you see spheres all around! Is that an ashtray, or it is a model of a plutonium pit? Anxiety mounts — does the ashtray go into a safe at the end of the day, or does it stay out on the desk? (Has someone been tapping their cigarettes out into the pit model?)

All of this anxiety can be gone — gone! — by simply banning all non-nuclear spheres! That way you can effectively treat all spheres as sensitive shapes.

I find this to be an interesting problem — simplifying the task so that someone without the technical skills can make a determination about security. It’s frustrating from the vantage point of the scientist, especially because secrecy tends to run counter to our desire to share our work (an important step in advancing an idea) and also because of the observation about secrecy being contagious, like a disease.

I encountered this when I was in the navy. We had some relatively low-level classified material, from a technical standpoint, and all of it was stamped in red ink and stored in red folders. Security — comprised mostly of students-in-waiting, led by a few permanent staff, only had to have a “see red” mentality, rather than any training on whether a sheet of paper was a set of classified specs or a shopping list. I doubt at Los Alamos that the low-level guards worried about whether spheres were research parts — they had just been told that all spheres were a violation.

Look at the reverse, though. We try and classify things ourselves, and that can have a bad end when it comes to security. Take the incidents a few years ago in Boston involving flashy and/or colored lights. The “bomb” finders caused panic, simply because they had a mental image that objects with flashy lights are what bombs look like.

Pick a Peck of Pockets

A Pickpocket’s Tale

He is probably best known for an encounter with Jimmy Carter’s Secret Service detail in 2001. While Carter was at dinner, Robbins struck up a conversation with several of his Secret Service men. Within a few minutes, he had emptied the agents’ pockets of pretty much everything but their guns. Robbins brandished a copy of Carter’s itinerary, and when an agent snatched it back he said, “You don’t have the authorization to see that!” When the agent felt for his badge, Robbins produced it and handed it back. Then he turned to the head of the detail and handed him his watch, his badge, and the keys to the Carter motorcade.

Secret Agent Bird

Mystery Pigeon’s War Secret

The remains of a World War Two carrier pigeon which was lost in action 70 years ago while delivering a top secret message over enemy lines has been found in a chimney in Bletchingley, Surrey.

The skeleton of the bird has a small red cylinder attached to its foot which contains a mysterious cigarette paper sized coded message. The message is deemed so sensitive, that Codebreakers at GCHQ in Cheltenham are now frantically trying to decipher it.

Historians believe the bird was almost certainly dispatched from Nazi-occupied France on June 6 1944, during the D-Day Invasions. Because of Churchill’s radio blackout, homing pigeons were taken on the D-Day invasion and released by Allied Forces to inform military Generals back on English shores how the operation was going.

Unlike other carrier pigeon messages, however, Mr Martin’s is written entirely in code.

Coming Soon? To a CSI Near You

Pacemaker hacker says worm could possibly ‘commit mass murder’

There’s a conundrum of security vs access for medical devices that use WiFi access — you don’t want doctors being shut out because they don’t have the password, but no safeguards means that anyone can hack in and disrupt the hardware.

Besides reverse engineering a pacemaker to deliver a deadly shock from 30 – 50 feet away, he demonstrated how he could rewrite the devices’ onboard firmware. Jack also said it possible to upload malicious firmware to servers that would be capable of infecting pacemakers and ICDs. “We are potentially looking at a worm with the ability to commit mass murder,” Jack said. “It’s kind of scary.”

Can’t wait to see this as a TV plot, though.

An Interview with Stella Bridger

Ken Doyle, Safecracker

Q: How often do people get locked in vaults?
A: More often than you’d think and bank PR departments would like.

Usually the victims are children or seniors. Grandpa is busy examining the contents of his safe deposit box at closing time when a bank employee only performs part of the vault-closing procedure. Some vaults are L-shaped or there may be alcoves or obstructions inside, so it can happen if the closer doesn’t “walk the vault” as well as call out to possible occupants.

Q: Do you ever look inside?
A: I NEVER look. It’s none of my business. Involving yourself in people’s private affairs can lead to being subpoenaed in a lawsuit or criminal trial. Besides, I’d prefer not knowing about a client’s drug stash, personal porn, or belly button lint collection.

When I’m done I gather my tools and walk to the truck to write my invoice. Sometimes I’m out of the room before they open it. I don’t want to be nearby if there is a booby trap.

And people do put booby traps in safes.

Is Secrecy Worth It?

A tale of openness and secrecy: The Philadelphia Story

The former Manhattan Project scientists who founded what would eventually become the Federation of American Scientists were adamantly opposed to keeping nuclear technology a closed field. From early on they argued that there was, as they put it, “no secret to be kept.” Attempting to control the spread of nuclear weapons by controlling scientific information would be fruitless: Soviet scientists were just as capable as US scientists when it came to discovering the truths of the physical world. The best that secrecy could hope to do would be to slightly impede the work of another nuclear power. Whatever time was bought by such impediment, they argued, would come at a steep price in US scientific productivity, because science required open lines of communication to flourish.

At the University of Pennsylvania were nine scientists sympathetic to that message. All had been involved with wartime work, but in the area of radar, not the bomb. Because they had not been part of the Manhattan Project in any way, they were under no legal obligation to maintain secrecy; they were simply informed private citizens. In the fall of 1945, they tried to figure out the technical details behind the bomb.

This basic problem hasn’t gone away. The conflict between the desire for secrecy and progress’s need for communication is still there.