LETTERS TO THE EDITOR

LETTERS TO THE EDITOR




Editorial Cartoon

False security is worse than none

Robert Gellman's column, 'Be skeptical when analyzing security technology' [GCN, Nov. 19, 2001, Page 27], is right on target. I hope it gets the attention it deserves, particularly among those responsible for what you correctly characterize as 'mindless applications of technology and fake security.'

You mention the idea of a national identfication card''Your papers, please!''and ask if it is not possible that someone who has a valid ID could still be a threat. I can tell you that there is no correlation whatsoever between owning a fake ID or a real ID and the success of terrorist activity.

Think about what is being verified by multiple ID checks during the check-in and boarding process at airports. The name on a person's ticket matches the name on the ID card the person presents, and the photo on the ID card at least vaguely resembles the traveler. So exactly what threat or vulnerability has been reduced or eliminated?

As to whether I intend to carry out some sort of threat, it matters not one whit whether I want to travel under my own name or call myself Michael J. Mouse.

So, multiple ID checks are fake security and have the detrimental effects of making the people doing them think they are enhancing security and keeping them from devising policies and procedures that will really enhance security. Their premise seems to be: 'To the extent that I have made air travel time-consuming and inconvenient, and to the extent that I treat each person in the airport as a suspected, or even convicted felon, I have increased security.' One is presumed innocent until proven guilty in a court of law, and this should be true when one is in an airport as well.

The people proposing high-technology fixes, such as facial recognition software and smart ID cards, ignore the fact that a database of bad guys has to be created for the system to work.

You are absolutely on target again when you point this out. As far as smart cards or any other form of personal ID card are concerned, if you can figure out a way to produce a verifiable, counterfeit-proof card, you stand to make a good deal of money. As soon as a new form of ID card is created, there will be people eagerly seeking ways to counterfeit it.

Any policy, procedure or technical solution intended to increase security must reduce the level of risk. Since risk is produced by the pairing of a threat with a vulnerability which that threat can exploit, it follows that any proposed measure to increase security must reduce or eliminate a threat, a vulnerability or both. If it does not do any of these, it is not a security measure at all.

W.B. HEFFERNAN JR.

McLean, Va.

Data drilling isn't mining

Re: 'Easy mapping' [GCN, Nov. 5, 2001, Page 27] My compliments on a very informative and well-written article. But I must point out one error. The opening of the article says it will be about data mining. But the description of the Geological Survey's National Water Quality Assessment's Web site shows an application of drilling down, not data mining.

Data mining usually involves searching for patterns in large volumes of so-called atomic data, then drilling down into the data for specifics. A number of automated tools have been developed in the last five years to streamline this process.

Drill-down refers to the process of going from summaries to more specifics in the data. For instance, from information that has been summarized for the total organization, you can go deeper to that of a particular location, or within a location, to a particular department.

Drilling can also take you to other dimensions of the data such as products, employee skills, time frames and production processes.

In the case of the NAWQA application, the map is the general summarized display. Selection of a location lets the user drill down to specifics of the location and associated data from the warehouse.

My sensitivity to the distinctions between the terms comes from a number of incidents in the last several years where headquarters or local management had inappropriate expectations of results, development times, required resources or costs of data warehouse development projects. Usually, they were asking for something other than what they wanted.

STEVE COHN

Site data warehouse lead

Naval Air Depot

Jacksonville, Fla.

Notice to our readers

GCN welcomes letters to the editor. Letters should be typed double-spaced and must include name, address, telephone number and signature of the author. Send your letter by:

Mail: Letters to the Editor, Government Computer News, 8601 Georgia Ave., Suite 300, Silver Spring, Md. 20910

Fax: 301-650-2111 E-mail: editor@postnewsweektech.com

Don't Miss

Admit it. You can't help yourself from making New Year's resolutions. The year is only a week old, so you can't have abandoned your resolutions already. Be brave'tell us what they are.

To get the ball rolling, we'll share one of ours: We resolve to use no flight puns in headlines for stories about the FAA. To share your thoughts and read those of your colleagues, go to www.gcn.com and click on the Readers Speak button at the bottom of the main news column.

We'll also print the most intriguing responses in an upcoming issue of GCN in the Logging Off section.

Readers whose comments appear in the publication will receive a GCN commuter mug and a coffee gift certificate.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above