Skip to main content



Find us on

facebook youtube flickr twitter itunes u logo

Upcoming Events

 ISTS logo

Securing the e-Campus 2017 - Exact time and dates TBD

Recent Talks

Dan Wallach

STAR-Vote: A Secure, Transparent, Auditable and Reliable Voting System

Professor Dan Wallach
Rice University
Thursday April 27, 2017
Carson L01, 5:00 PM

Ben Miller Dragos

Pandora's Power Grid - What Can State Attacks Do and What Would be the Impact?

Ben Miller
Chief Threat Officer, Dragos, Inc.
Tuesday May 2, 2017
Kemeny 007, 4:30 PM
Brendan Nyhan




Factual Echo Chambers? Fact-checking and Fake News in Election 2016.

Professor Brendan Nyhan
Dartmouth College
Thursday May 4, 2017
Rocky 001, 5:00 PM

Dickie George


Espionage and Intelligence

Professor Dickie George
Johns Hopkins University
Thursday May 11, 2017
Rocky 001, 5:00 PM

Dan Wallach

A Nation Under Attack: Advanced Cyber-Attacks in Ukraine

Ukrainian Cybersecurity Researchers
Thursday April 6, 2017
Oopik Auditorium 5:30 PM

RIOTS logo 

Professor Sean Smith, Director of the ISTS and Bill Nisen, Associate Director, spoke at the

School House residential cluster on the Internet of Risky Things  - February 21, 2017, 5:30 PM

Craig Smith




You Don't Own Your Car
Craig Smith
Tuesday May 10, 2016 
Carson L02 @4:15

David Safford


Hardware Based Security for GE's Industrial Control Systems
David Safford
GE Global Research
Tuesday May 17, 2016
Carson L02 @4:15



"It's Fine," They Said. "Just Ship It," They Said.
Dan Tentler
The Phobos Group
Tuesday April 12, 2016 
Carson L02 @4:15

Harold Thimbleby




The Best Way to Improve Healthcare is to Improve Computers
Harold Thimbleby
Swansea University
April 23, 2015

Craig Shue




Managing User-Level Compromises in Enterprise Network
Craig Shue
Worcester Polytechnic Institute
March 31, 2015



Oct news 2015


ISTS Information Pamphlet



Institute for Security, Technology, and Society
Dartmouth College
6211 Sudikoff Laboratory
Hanover, NH 03755 USA
HomeEvents >

Security Pragmatics

Dr. Marc Donner, Director of Engineering, Google
Thursday, October 23, 2008


Marc Donner

During the 1970s and 1980s the New York City transit system was afflicted by an epidemic of rail car defacement.  Young vandals painted the insides and outsides of the cars. The city tried all sorts of tricks, including draconian restrictions on the sale of spray paint, severe punishment for the offenders they caught, and redesigning the interiors of the cars so that paint wouldn't stick. Nothing worked and it looked like the city was doomed to destruction. That is, until someone studied the behavior of the vandals and discovered that virtually all of the damage was being done in the rail yards where the trains were stored when not in service.  A little fencing, and a little patrolling and the problem was history.

Numerous commentators through history have noted that brute strength, as in a fortress with thick high walls, is never a reliable guarantor of security.  In this talk I will take you through some experiences from years of operational practice in industry, experiences of mine and of various others, that illustrate some of the pragmatic challenges in security.  I will attempt to demonstrate to you that dramatic improvements can be achieved with simple expedients and why many of the powerful techniques that we study are destined to be ineffective.


Dr. Marc Donner is currently an engineering director with Google in New York City where his team develops software for advertising. In his previous position as executive director at Morgan Stanley he led a number of projects that included early Web efforts, elimination of all printed reports from the clearance and settlement system, and event-based forecast modeling for individuals and enterprises. Prior to this position Dr. Donner was a Research Staff Member at IBM Research where his efforts focused on real-time systems, robotics, and large-scale distributed system management.

Dr. Donner received his PhD in Computer Science from Carnegie Mellon University and his BS in Engineering from Caltech. He serves as associate Editor-in-Chief of the IEEE Computer Society magazine, "Security and Privacy" and he is the organizer of the New York CTO Club.


Last Updated: 4/21/10