Oh dear

There is a Wikileaks fiasco going about. Der Spiegel has what looks like a plausible story. If you read the Wikileaks version after that, the latter looks rather incomplete and self-serving. The Grauniad also says “not us guv” which isn’t quite true: if they hadn’t been dumb enough to publish the password, all would have been well. But assuming DS has this right, fundamentally this is a Wikileaks foul up.

h/t Bruce (not Steve) Schneier.

[Update: no-one has dented the DS story as far as I can see. So I think that, as told, this remains fundamentally a WL foul up. However (whilst I think the Grauniad were correct to believe that the password they’d got was now irrelevant) they (a) should not have published it, just on general sanity grounds (b) they should not have published it because they could not be confident that they hadn’t ended up with a backup of the file themselves, somewhere]

Schneier confuses life with death

Steve [*] Schneier (security expert and tee-shirt provider to the cognoscenti) has a post in which he pokes at the massive costs of counter-terrorism, apparently out of all proportion to the threat. However, he has a bizarrely wrong calculation: I quote:

The death toll of all these is… sixteen deaths in the U.S. to terrorism in the past ten years. Given the credible estimate that we’ve spent $1 trillion on anti-terrorism security (this does not include our many foreign wars), that’s $62.5 billion per life saved. Is there any other risk that we are even remotely as crazy about?

I’m happy with the last sentence, but not the one before it: no Steve, that is $62.5 billion per person killed not per person saved. We’ve got no idea form the info you quote how many people were saved, so we can’t do the calculation you want to.

This obvious point is made in the comments, and SS even answers there, apparently failing to get the point. Certainly, he has updated the post several times, but still hasn’t corrected this rather basic blunder.

And just so I’m not being purely negative in this post, here is a nice picture from mt:

(I don’t agree with the exact shape, but the concept is correct)

[*] Ahem. See comments.

[Update: in the comments, MV manages to find a way to make BS’s numbers work. I think it is somewhat smoke-n-mirrors, but the logic seems fine:

We assume that spending more resources leads to fewer deaths, but not to none. And we adopt the simplest possible model of this, viz:

R = k / D

Therefore, the cost of preventing one more death is (approximately) 1.dR/d(-D), which is

k / D^2 = R / D

Neat, eh?]