Mobility

Don't try to control what you don't understand

A new bill in consideration by the US House of Representatives illustrates three reasons people who don't understand security should not dictate security policy.

Representative Peter King of New York wants your cellphone camera to make obnoxious noises. He wants this, he says, to protect us from ourselves — to make sure that vulnerable women will be alerted by a "tone" when some miscreant takes an "upskirt" photo of her. It's all about our security, after all.

He is pursuing this goal with H.R.414, a new House bill luridly titled The Camera Phone Predator Alert Act. The summary as of 9 January 2009, when it was introduced, reads:

Requires any mobile phone containing a digital camera to sound a tone whenever a photograph is taken with the camera's phone. Prohibits such a phone from being equipped with a means of disabling or silencing the tone. Treats the requirement as a consumer product safety standard and requires enforcement by the Consumer Product Safety Commission (CPSC).

Questionable phrasing aside, perhaps his zeal in attempting to ensure our security against casual acts of perversion is to be commended — but I doubt it. The reasons this law are a bad idea are legion. I'll share a few of them that occurred to me within minutes of hearing about this law, to illustrate the three biggest reasons people who don't understand security should never be allowed to dictate security policy according to their own whims.

First: It Won't Help

Security policy dreamed up by people who don't know what they're doing is typically deficient. Worse yet, it is often entirely ineffective. The CPPA Act is a good example of that kind of ineffectiveness. The only consolation is that, being a Congressman, Rep. King probably didn't really care about effectiveness as much as he did about being seen to "do something", thus justifying his reƫlection to his target constituency.

10 reasons it won't work:

  1. A miscreant could cover the speaker with his or her finger, or even with tape. Most cellphones aren't all that loud.
  2. A miscreant could get a cellphone that runs open source software — such as T-Mobile's G1, which uses Google's Linux-based Android OS — and hack the software.
  3. A miscreant could void the cellphone's warranty, by opening up the case and disconnecting the speaker.
  4. A miscreant could use a non-cellphone camera.
  5. A miscreant could get a cellphone from an unregulated jurisdiction (read: another country).
  6. A miscreant won't care if the camera goes "click" while taking a picture of a woman in the shower — or even near a busy street — because she probably won't hear it.
  7. A miscreant might just change the audio file for the camera sound to one that doesn't make any noise. Most cellphones allow custom and configurable sounds.
  8. This tactic has already been shown to be worse than useless in Japan, where cellphone cameras are the last thing anyone would use for "upskirt" photos. The state of the art has moved on. It might be argued that, by forcing "upskirt" photos further underground, the miscreants in question have become more enterprising and more difficult to catch in Japan.
  9. This is quite impractical for video. Problem not solved.
  10. At best, this might promote a false sense of security — which would reduce the level of actual security. Security theater is not the answer to security threats.

Second: It Will Hurt

There are a lot of good reasons one might want to take photos silently. Some of them even relate to making people safer. Passing this law would cause difficult to define economic damage to various industries (most particularly those directly related to cellphones), and more obvious problems for user convenience. It may even reduce our security. Security policy developed entirely by people who don't know what they are doing is often not only ineffective, but counterproductive.

5 reasons it will make things worse:

  1. Sometimes, candid photos aren't unwanted, and hurt nobody.
  2. A good citizen might just be sick of the annoying noises when taking pictures of friends.
  3. A good citizen might not want to be annoying while taking pictures of a presentation in a work meeting, or otherwise take visual notes in a formal setting where camera "tones" might be frowned upon while taking pictures isn't.
  4. A good citizen might want to take pictures of a violent criminal while remaining hidden so the criminal can be tracked down and caught later.
  5. A good citizen might want to take pictures of police officers or other officials abusing their authority without getting wrongfully arrested and having his or her cellphone taken away.

Third: It Will Waste Resources

Focusing energy on policy developed by people who aren't competent to develop good policy has effects beyond mere unintended consequences after it is enacted. It also wastes resources in planning, implementation, maintenance, and enforcement stages of policy enactment. Time, energy, money, and other resources that could be better spent elsewhere are instead diverted to pointless security policy that doesn't solve any problems at all.

My favorite reason this is a stupid law is the most obvious:

  1. Congress has better things to do right now than playing with this piece of legal hackery. Is it any wonder we're in the midst of an economic crash, when this is the kind of behavior we get out of our elected officials during a crisis?

The Silver Lining

On the plus side, this bill has no co-sponsor, and it has landed in the lap of what may be the busiest House committee. They are likely to throw it out after only the most cursory consideration as not being worth their time and energy, especially since it is a bill introduced by a Republican in a Democrat-controlled Congress.

One good thing to come from this is the fact that we get to use it as an illustrative example of why people who don't understand security should not be allowed to dictate security policy.

About

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

Editor's Picks