{"id":48,"date":"2008-01-13T13:04:57","date_gmt":"2008-01-13T21:04:57","guid":{"rendered":"http:\/\/cubist.cs.washington.edu\/Security\/2008\/01\/13\/security-review-the-usps-mailbox\/"},"modified":"2008-01-13T13:04:57","modified_gmt":"2008-01-13T21:04:57","slug":"security-review-the-usps-mailbox","status":"publish","type":"post","link":"https:\/\/secblog.cs.washington.edu\/Security\/2008\/01\/13\/security-review-the-usps-mailbox\/","title":{"rendered":"Security Review &#8211; The USPS Mailbox"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p><font face=\"Calibri\">The blue USPS mailbox, a ubiquitous object on American streets today, is one of the most recognizable security devices currently in use. Despite its many shapes and sizes, its purpose boils down simply to one of protection of privacy, integrity, and access control. Customers who drop off letters or packages in a mailbox expect their mail to be protected from the prying eyes of strangers, safe from theft, and handled only by authorized USPS personnel. Indeed, the promise of security has helped the USPS to remain competitive over the years.<!--more--><\/font><\/p>\n<p><strong>Assets\/security goals<\/strong><\/p>\n<p><font face=\"Calibri\">From the perspective of all parties involved, the primary assets to be considered are the mailbox\u2019s contents and the mailbox itself. Arguably the most critical security goals are the confidentiality and integrity of the mail. Without such goals, customers would have little assurance that their private correspondence would remain private, or indeed that their mail would arrive at all. Repeated violations would likely destroy the post office\u2019s business quickly as customers lost confidence in their ability to maintain the integrity of the mail traffic. Additionally, the mailbox itself is a valuable asset that should be durable and resistant to damage. <\/font><\/p>\n<p><font face=\"Calibri\"><strong>Potential Adversaries\/Threats<\/strong><\/font><\/p>\n<p><font face=\"Calibri\">The threats to the mailbox are numerous, due in large part to one of its most endearing qualities: its ease of access and public location. With potentially thousands of people accessing the box every day, the variety of potential threats is numerous. They might include access to the mail by circumventing the rotating door at the top of the box, breaching the mailbox by damaging or destroying it, or theft of the entire mailbox itself.\u00a0 Such acts could conceivably be carried out by any member of the public, but would more likely be someone who had used the mailbox and wished to retrieve their parcel, someone interested in the data contained within the mailbox (for the purpose of identity theft or other nefarious purposes), or those interested merely in vandalism.<\/font><\/p>\n<p><font face=\"Calibri\"><strong>Potential Weaknesses<\/strong><\/font><\/p>\n<p><font face=\"Calibri\">One significant weakness of the mailbox is the vulnerability of the box to physical damage. A determined person with the correct tools could likely breach a box given enough time. Secondly, the contents of a mailbox are perhaps most vulnerable when they are being transferred from the mailbox to a vehicle or another container. At that time, all of the defenses of the mailbox are rendered ineffective when a mailperson opens the box to retrieve the mail. \u00a0<\/font><\/p>\n<p><font face=\"Calibri\"><strong>Potential Defenses<\/strong><\/font><\/p>\n<p><font face=\"Calibri\">Given that mailboxes are currently made out of relatively sturdy materials, it seems likely that improvements in security would be best targeted at denying adversaries the opportunity and time necessary to breach them. This could be accomplished by embedding the mailbox in the wall of a building or pillar, and placing them only in well lit and frequently travelled areas. By doing so, the surface area of the box vulnerable to attack would be minimized, and the likelihood of an attacker having enough time to breach the box without being seen and reported is reduced. Additionally, boxes in high-risk areas could be emptied by more than one USPS employee, reducing the likelihood that someone would attempt to steal the mail as it is removed from the mailbox.<\/font><\/p>\n<p><font face=\"Calibri\"><strong>Risks<\/strong><\/font><\/p>\n<p><font face=\"Calibri\">There is some overlap in the threats faced by the mailbox and its primary weaknesses, and consequently there seems to be a relatively high risk of one or more of the threats described above materializing. Due to the difficulty of breaking into the box, it seems more likely that the highest risk lies in those threats easiest to perpetrate, such as vandalism, while stealing the mailbox itself seems like a relatively low risk given the size and weight of many boxes. The risk would seem to be allocated more heavily toward the mailbox itself then, and not the mail inside.<\/font><\/p>\n<p><font face=\"Calibri\"><strong>Conclusion<\/strong><\/font><\/p>\n<p><font face=\"Calibri\">There\u2019s actually some data recorded by the USPS on mailbox crimes. It turns out that the actual rate of mailbox crimes is in fact very small. The post office investigated 4,545 cases of volume mail thefts in 2006, of which mailbox thefts are only one part. Given that the post office delivers around 200 billion parcels to more than 147 million locations, such a number is statistically quite small.\u00a0 Consequently, it would seem that the security measures currently in place to protect the confidentiality and integrity of the mailboxes is sufficient and appropriately scaled to the threat posed.\u00a0 <\/font><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview The blue USPS mailbox, a ubiquitous object on American streets today, is one of the most recognizable security devices currently in use. Despite its many shapes and sizes, its purpose boils down simply to one of protection of privacy, &hellip; <a href=\"https:\/\/secblog.cs.washington.edu\/Security\/2008\/01\/13\/security-review-the-usps-mailbox\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":20,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13,5],"tags":[],"class_list":["post-48","post","type-post","status-publish","format-standard","hentry","category-physicalsecurity","category-security-reviews"],"_links":{"self":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/48","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/comments?post=48"}],"version-history":[{"count":0,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/48\/revisions"}],"wp:attachment":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/media?parent=48"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/categories?post=48"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/tags?post=48"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}