cyberenviro | eportfolio

gregory donovan's eportfolio (a syndication of

Archive for September, 2009

“Land: see Snatch.”

Attorney General Hedley Lamarr, a character from Mel Brooks’ Blazing Saddles, discovers a way to  re-route railroad tracks through the town of Rock Ridge:

Hedley Lamarr: Wait a minute… there might be legal precedent. Of course! Land-snatching!
[grabs a law book]
Hedley Lamarr: Land, land… “Land: see Snatch.”
[flips back several pages]
Hedley Lamarr: Ah, Haley vs. United States. Haley: 7, United States: nothing. You see, it can be done!

More Blazing Saddles quotes here.

The Eco-governmentality of Surveillance

The NY Times reports on China’s new surveillance policy requiring citizens to log into news sites with their “real identities” before posting comments. After pointing out that the comments posted to these news sites were already heavily censored and traceable via a commenter’s IP address, the article notes the fallibility of this new layer of surveillance:

The new step is not foolproof, the editors acknowledged. It was possible for a reporter to register successfully on several major sites under falsified names and ID and cellphone numbers.

So, this new layer of surveillance doesn’t really give the state much new information, and it’s at least as fallible as existing forms of digital surveillance. While this surveillance practice, and others, will evolve and become more sophisticated – allowing access to more kinds of (formerly) personal information – people will also evolve and become more sophisticated in their efforts to ensure a comfortable level of privacy. Questioning the efficacy of such a policy, in order to rationalize or irrationalize its application, seems limited. It’s a powerful line of inquiry, particularly for short term tactical gain such as getting Verizon Wireless to stop censoring texts from NARAL, or convincing China to scale back its implementation of the Green Dam Youth Escort. In both cases, however, their was no omission of wrong doing and their was no agreement that they won’t do it again. The only admission was that, within a specific context, a specific surveillance practice was considered to be an ineffective means of ensuring security. In short, questions of efficacy challenge whether a specific surveillance practice does what it claims to do, not how a specific surveillance practice restructures our environment and shapes our daily behaviors (for better or worse).

A better question would ask how this “new layer of surveillance” restructures everyday life – how does this layer shape the built environment and our behaviors within it?  What are the costs, benefits, pleasures, and perils associated with this new layer of surveillance?

Whether or not signing into a web site with a “true identity” will compromise public discourse by making individuals more susceptible to retribution, it certainly does introduce a new practice that a person must perform before participting in a public discussion. That sort of embodied practice, even when subverted, shapes our experiences and influences our behavior. Acknowledging upfront that surveillance always works allows us to get to the more important questions of how it works.

I hear (and read) many people reference the fallibility of the latest and greatest corporate/government surveillance practice — by which they mean “surveillance practice X” doesn’t actually do what “group X” claims it’s supposed to do. This often feeds the illusion that because “it doesn’t do what it’s supposed to do” it’s somehow benign and ineffectual — that it doesn’t work. Yet every time a new surveillance policy is implemented it works, in a multitude of ways, on our environment and it encourages a broad range of behavior. Attention to how surveillance works in (and on) everyday life gets us away from short-term questions of efficacy and closer to important long-term issues of social (in)justice, equality, and well being.

Seven Takes on Security

From the Compact Oxford English Dictionary:

noun (pl. securities)

(1) the state of being or feeling secure. (2) the safety of a state or organization against criminal activity such as terrorism or espionage. (3) a thing deposited or pledged as a guarantee of the fulfilment of an undertaking or the repayment of a loan, to be forfeited in case of default. (4) a certificate attesting credit, the ownership of stocks or bonds, etc.

From the DOD Dictionary of Military and Associated Terms:


(1.) Measures taken by a military unit, activity, or installation to protect itself against all acts designed to, or which may, impair its effectiveness. (2.) A condition that results from the establishment and maintenance of protective measures that ensure a state of inviolability from hostile acts or influences. (3.) With respect to classified matter, the condition that prevents unauthorized persons from having access to official information that is safeguarded in the interests of national security.

From the Internet Security Glossary, p. 149:


(1.) Measures taken to protect a system. (2.) The condition of a system that results from the establishment and maintenance of measures to protect the system. (3.) The condition of system resources being free from unauthorized access and from unauthorized or accidental change, destruction, or loss.

From Setha Low’s Behind the Gates: Life Security and the Pursuit of Happiness in Fortress America, pp 77-78:

So what exactly do residents mean when they say “I feel secure in my community”? At an emotional level, it means feeling protected and that everything is right with the world; unconsciously it is associated with a sense of childhood trust and protection by parents. Socially it means “I feel comfortable with my friends and neighbors.” “I feel secure in my community” also means feeling physically safe, not just psychologically or socially comfortable. These meanings — and many others — are evoked whenever they talk about security. This simultaneity and ambiguity of meaning gives the concept the power to evoke a complex and ever-shifting set of feelings, feelings that become encoded in a variety of symbolic forms, including the built environment.

From Microsoft TechNet’s Active Directory Application Mode (ADAM) Glossary:

security context

The security attributes or rules that are currently in effect. For example, the rules that govern what a user can do to a protected object are determined by security information in the user’s access token and in the object’s security descriptor. Together, the access token and the security descriptor form a security context for the user’s actions on the object.

From the Open Source Security Testing Methodology Manual (OSSTMM) 3, p. 16:


A form of protection where a separation is created between the assets and the threat. This includes but is not limited to the elimination of either the asset or the threat. In order to be secure, either the asset is physically removed from the threat or the threat is physically removed from the asset.

From Bruce Schneier’s Beyond Fear: Thinking Sensibly about Security in an Uncertain World, pp. 11-12:

Security is about preventing adverse consequences from the intentional and unwarranted actions of others. What this definition basically means is that we want people to behave in a certain way — to pay for items at a store before walking out with them, to honor contracts they sign, to not shoot or bomb each other — and security is a way of ensuring that they do so.