[jimktrains2]

> prevent terrorists gaining information on the security measures

I've gotten into arguments about this before, but I still fully believe that any long-term security measure requiring secrecy is bound to fail and/or be ineffective.

It's another step of security theatre; they need to look like they're doing something otherwise if something happens they're afraid of looking like idiots (despite their measures being completely and utterly useless).

[corin_]

> any long-term security measure requiring secrecy is bound to fail and/or be ineffective

Well especially when the secrets are revealed to anyone stood on the street looking / taking photos...

[simoncarter]

> I've gotten into arguments about this before, but I still fully believe that any long-term security measure requiring secrecy is bound to fail and/or be ineffective.

Agree with the sentiment, especially when applied to computers, though i'm not sure how it applies to non-IT based security, because I just don't know enough about the subject.

> It's another step of security theatre; they need to look like they're doing something otherwise if something happens they're afraid of looking like idiots (despite their measures being completely and utterly useless).

Agreed. On a slight tangent, base jumpers are more than able to gain illegal access to tall buildings in the city, with all their secretive security measures. There are a couple of documentaries out there on this, one I'm confident was shot post 9/11.

My greatest concern when reading about or watching these incidents is the poor treatment of those non-violent citizens taking the photos. Ok, you have to do your job and check their photos, but why not crack a joke, apologise for the inconvenience, and check the photos quickly as possible.

[mnw21cam]

> Ok, you have to do your job and check their photos

Why do they have to check their photos? That's private property.

In the UK and US at least, you do not need to show your photos to a person that tries to detain you, and you do not need to delete any photos. If you are arrested and charged with a crime, then they can inspect the photos as evidence, but not before. They still are not permitted to delete any.

Also, in the UK if someone who is not a police office tries to detain you (and this includes security guards and PCSOs), then they must be relying on the law of citizen's arrest, which means that they must have seen you in the act of committing an offense that could be tried at a crown court - in other words, something worthy of half a year or more in prison. If they have not, then they are liable to prosecution for false imprisonment and may have to compensate you.

Not a lawyer, by the way.

[simoncarter]

> In the UK and US at least, you do not need to show your photos to a person that tries to detain you, and you do not need to delete any photos. If you are arrested and charged with a crime, then they can inspect the photos as evidence, but not before. They still are not permitted to delete any.

My understanding is different for the UK. If you refuse to show a police officer the photos, they have the right to take you to a station, where they will examine the photos. Like you, i'm not a lawyer.

>Also, in the UK if someone who is not a police office tries to detain you (and this includes security guards and PCSOs), then they must be relying on the law of citizen's arrest, which means that they must have seen you in the act of committing an offense that could be tried at a crown court - in other words, something worthy of half a year or more in prison.

What you say is true about the citizens arrest, but as was mentioned in the article, my understanding was that they are able to call the police because you've been acting suspiciously, and that they have that 'right' to call the police if you are seen taking photos. They can't hold you, but then most people stay, because leaving is seen as an admission of guilt/being a terrorist. Would be nice if this was tested in a court of law, or to hear from someone who knows if it has. Even then i'm not convinced a Judge won't just say "Well, in this post 9/11 time, people should be expected to be stopped if they take photos of high value targets."

EDIT: Taking photos of a building == Acting suspiciously. Not what I believe, just what I understand is argued, often, when security guards call the police because you've been seen taking photos of their building.

[semanticist]

In the UK, the police have the power to stop and search, including viewing images, only someone 'reasonably suspect to be a terrorist'. http://content.met.police.uk/Site/photographyadvice

It doesn't say so there, but other advice I've seen the Met. issue explicitly states that taking pictures of a building in and of itself isn't sufficient for a police officer to 'reasonably suspect' a person to be a terrorist, and taking pictures of the police definitely isn't.

The Met. keep publishing advice telling their army of goons to leave photographers alone, while at the same time winding up said army to catch terrorists. It's a farce.

[vidarh]

Note that this advice was revised after the UK once again was slapped down thoroughly by the European Court of Human Rights, who in January 2010 ruled that the much wider stop-and-search powers granted under section 44 of the Terrorist Act 2000 were illegal.

Notice the weasel words on the page you linked, which states "The power to stop and search someone under Section 44 of the Terrorism Act 2000 no longer exists" - not mentioning that it was not merely repealed, but found to be an illegal violation of human rights.

[danielweber]

Most security setups are't crypto. Stopping people from gaining intelligence about your operations is part of stopping attempts in the first place.

OTOH, if taking a picture of the outside of your building gives away secrets, you should probably rethink your threat model.

[onion2k]

I still fully believe that any long-term security measure requiring secrecy is bound to fail and/or be ineffective.

A security system needs to be effective against attack. That's simple and obvious. But beyond that I think there's a very big difference between 'requiring secrecy' for the effectiveness of a system and wanting to keep something as secret as reasonably possible. Hypothetically, it could be that people attacking a system would harm civilians while capturing attackers in their planning stage (eg while they're investigating the system) would prevent danger to the public. If that was the case then keeping the system secret might well be worthwhile.

You shouldn't immediately assume that an attempt to keep something secret is 'security through obscurity'. It might be obscurity with no regard to increasing security.