Schneier on Security

"And if they can't even get something as simple as the furniture right, how confident should we be in the less visible but more critical parts of the system that we don't see every time we fly?"

I don't necessarily agree with this. I would hope that airports put a lot less thought into the xray machine staging tables (or number of chairs needed for people to put their shoes back on) than they do for their security, like the xray machines themselves.

To me, it's like saying, "Gee, that paint's an ugly color, their security must suck."

@mpd,

One of the goals of airport security should be the ability to process the greatest number minimal impact to the traveler. (obviously not their primary goal, but a goal non-the-less)

Any basic 'process flow' analysis would identify many of the items that Bruce has mentioned. Remedy of these issues would make the process smoother, reduce impact on the TSA and traveler and make it less inconvenient for the traveler.

Making the process more orderly will aid the TSA in spotting 'out of the ordinary', and will likely increase security.

(To give an example; during work flow analysis of a machine shop (lathes etc), we found that by simply turning a single lathe by 90 degress so the operator could see the door, we increased the workshop productivity by 20%, as the operator was now able to see urgent jobs being left on the inwards goods table. My point is that something as simple as the height of a table, or layout of chairs can have a dramatic effect on throughput, just has Bruce has identified. - Six Sigma anyone??)

@mpd,

You make a good point about a logical flaw, but the essence of the argument is still true. Let's remember that this is the TSA we are talking about.

We all hope that they are spending more time on the inner workings rather than the "paint color", but I think we all know too well that in the end they are much more focused on their grand production of Security Theater. Time and time again we are reminded of their inability to do things that actually increase security and their obsession with inane things that don't help or worse, hurt security.

In a pure logical analysis perspective you are correct about drawing false conclusions, but the TSA operates in a realm far from logic.

A lot of the screening areas still look like the order to do extended screening came ten days ago and they had to scrounge around the airport for tables and barriers.

But this is part of a pattern. Design for functionality or (dare I say) esthetics in public spaces is frowned upon in the States. Federal offices do seem to be designed though: to be uncomfortable and make the visitor into a supplicant.

Getting the furniture right is not simple. "Little" logistical details are *hard*. The tables are mass-produced and sold commerically. In other words, easily available and inexpensive. To get them made to order would waste time and a lot of your tax dollars.

AFAIK, the x-ray machines are also not special order. To get them adjusted would waste time and your tax dollars. Buying from only one provider - ensuring uniform height - would create a monopoly where none need exist. Again, we'd be paying more for the machines than necessary. There's enough pointless waste in procurement systems already.

I'd rather that money go to more machines and lines, or informative signage, or better screening of airport personnel, or...

Now, if I ran an x-ray machine company, I'd look into creating an integrated package that would address efficiency issues.

That said, there should be seating areas for flyers to put their shoes back on. Getting mass-produced tables and x-ray machines to line up is challenging. Setting up folding chairs is not.

I went through Heathrow last week, and there were a noticeably large number of adverts up in the security screening area. (All for a certain large consultancy)

This touches on something that has been on my mind for a while.

Obviously security has been in airports for many years and will be with us for a long time to come-- so why the hell do we have hodgepodge deployments of folding tables, cafeteria chairs and curtains? Architecture can improve flow, provide entertainment while in line, provide comfortable waiting facilities (or are they intentionally trying to maintain an edgy 'ad hoc' atmosphere to keep people emotionally off balance).

Architects have years of experience with lobbies and waiting areas -- why not let them make security areas a more pleasant part of the flying process?

Couple of things:

1. The EFF was denied the right to a hearing with the US Supreme Court, which challenged secret programs and tactics in the DHS. If the TSA published the cost/benefit analysis to the whole procurement, we could see whether stock tables were cost effective or not. Either way it goes - we need transparency.

2. I don't know about the furniture, but in Israel they don't have these security chumps barking orders and cowing people. They are very calm and patient. Why? It's easier to notice the people who are nervous because they are attempting something vs. people who are nervous because they are afraid of being barked at. Similar benefits might come from improving the physical topology.

It is probably true that good design can take out some of the pains at an airport checkpoint.

What frustrates me more than table heights is the inability of passengers to comply with instructions. When I arrive at the X-Ray, I have already put away all of my metal objects in my carry-on bag, taken out my laptop, loosened my shoelaces, and taken out my boarding pass. After all, that's what was shown to me in the instructional video on the overhead monitors and screamed at me every 30 seconds while in line. And yet, when others get to the head of the line, they still have to fumble around for minutes when the (surprisingly) polite agent reminds them what to do (sir, have you taken the change out of your pocket?).

@ FP: I know what you mean, but I feel it's more fair to be frustrated with the TSA for devising these "security" hoops, rather than fellow travelers for not jumping through the hoops fast enough.

Do we really need someone to blow themselves up in the queue to go through the xray machine for people to realise that the extra security is actually making security worse?

I've been in queues to go through those machines that had more people in them than a plane would.

Good flow in these cases isn't just a matter of convenience, it's a matter of not creating terrorism and health and safety risks worse than you're trying to stop.

In some ways it's not surprising that it's all wrong, since it has been bolted on top of a system that was really designed to do all that screeners are expected to do now, but then again, contrast it with actually building an airplane, where every part can be built in separate countries, and will fit together perfectly.

Aircraft are the modern cathedrals, but airports are more like the modern insane asylum.

I abandon hope every time I enter.

@gfujimori:
"2. I don't know about the furniture, but in Israel they don't have these security chumps barking orders and cowing people."

To me the blatantly abusive attitude of many (not all) airport security workers *is* the open announcement that user-centered design (or a sense of public service) is the farthest thing from TSA's cultural mindset.

I read somewhere that they are trying to change that perception by putting up banners in airports with friendly slogans.

The only hope is that people who don't have to fly find less annoying means to travel. If the number of people flying drops significantly the airlines will get rid of the TSA by any means they can.

>Getting the furniture right is not
>simple. "Little" logistical details are
>*hard*.

Yes, it's so incredibly hard.

You either have to take a Saw-z-all to the table legs...or make enxtensions with a piece of pipe and a bolt through the legs to make it secure.

Yes, I know that would never happen because some 3rd rate managers and attornies wouldn't want the "risk" of not having the changes done without a PE stamp.

It's not hard. It's just plugged up by bureaucracy.

@kyb:

I'm glad someone else feels this way. I recently tried to attend incoming Washington, DC Mayor Adrian Fenty's inaugural ball. There were not lines, there were masses of humanity trying to push their way up to security. It was nothing but people, shoulder to shoulder, filling huge rooms. Security was so deep into the lines that after 2 hours of standing in this mass of humanity, we still could not even see the metal detectors.

At that point (after 2 hours) we simply left... but when you have that many people standing around waiting that long to get TO security, you have a bigger risk than you do on the other side, where the room is larger and people more dispersed.

Oh, and they didn't even bother to open the bags we put in the baggage check. Which was well before security, and we easily could have just left something with them and walked away.

Mass-production furniture companies are often in a position to bid on large-scale semi-custom requirements. If there are 4 heights of X-ray machine, an adjustable table leg would seem to fit well. Heck, it might even be one of those innovative things that makes it into the mass market, instead of just being sold to every freakin' airport in the entire US, each of whom would doubtless buy many dozens.

I think the comment about TSA intentionally keeping the atmosphere "on edge" is dead on. Misplaced psychology IMNSHO, but intentional nonetheless. It's as if they've all watched too much good-cop/bad-cop interrogation on TV.

Bruce,

Based on "Choosing Secure Passwords," do you think it would be any use for PS to...

1) ...suggest that new safe combinations use *internal* digits and punctuation (rather than a root with prefixes/suffixes) and avoid Titlecase passwords?

2) ...include lengthier advice on choosing a safe combination (e.g., a link titled "Choosing secure passwords") that says not to use substitutions, biographical info, etc.?

3) ...use a more processor-intensive ramp-up for new safes, so that testing a password takes about a tenth of a second on modern hardware rather than a thousandth?

(I know PS is community-developed now, but your opinion probably carries a lot of weight with the developers.)

kvenlander has it exactly right. The human interface features are designed specifically to be inconvenient and degrading. It's all about asserting the feudal sovereignty of the Heimatsicherheitsdienst over the rest of us.

Or perhaps I'm just jaundiced by my last-but-one trip through airport security. Like the obedient serf that I am, I carefully placed all the metallic articles that are normally about my person - watch, rings, phone, coins, wallet, keys - in a little plastic bag that I had in my backpack for the purpose, and stowed them in the pack, which I placed on the conveyor. I removed jacket, shoes, hat, and sweater and placed them on the conveyor as well. I removed the computer from the backpack, placed it in a separate bin, placed that on the conveyor. I walked slowly through the metal detector, which went BEEEP!. Officer ordered me to remove my belt and eyeglasses, place them in a bin, and go through the detector again. (Now I am effectively blind - I am legally blind without correction.) BEEEP. Officer wands me, finds nothing, and orders me to another line for the "puffer", still without my glasses or belt or personal items, which are still in the X-ray. After 15 minutes in line, I get "puffed", return to the original checkpoint, and find that my pack is "suspicious" because of the length of time that it's been "abandoned" there. Officer decides to do a manual search, and unceremoniously unzips the backpack and dumps its contents (some of the articles are fragile) on a table. Officer yells at me when I attempt to prevent a couple of
[what I think are - I'm still without my glasses] pill bottles from rolling onto the floor ("STOP! You can't touch that!") After a few minutes of finding no contraband, the officer barks at me, "Well, you can't stand here! Pick up your things and move along!" I ask for assistance in finding my glasses, and the officer simply says, "MOVE!" (Fortunately, the old lady who is now behind me spots them and points them out to me.) I get my spectacles on, and try to pick up small articles and cram them back into the backpack. The officer rests his hand on the holster of his gun and barks "Get OUT of here! NOW!"). I grab outer clothing, backpack, shoes and computer, sweep what small articles I can onto my jacket and bundle them up, and leave, sans belt, having abandoned various bits and pieces, including one of my prescription medicines at the table.

From behind me I hear a fellow passenger loudly saying to his companion, "people like HIM shouldn't be allowed to fly!"

I suppose that in this era of terrorism, it's no longer reasonable to have any idea why someone in uniform is threatening you with deadly force. At that point, I believed that I was abandoning my property to save my life. Since the security screener was accuser, judge, jury and executioner all rolled into one, I had no idea what I'd done wrong.

But in our post-9/11 world, that's the price we have to bear for our safety. I'm sure that the screener was just doing his job, and that there was some obscure failure in my understanding or preparedness that triggered the problem. The screeners are only there to protect us and they know better than we do. And we can't be allowed to know how they make their judgments, because that will just play into the hands of the terrorists. Anyone who says otherwise is a traitor who deserves summary execution. And don't raise any liberal nonsense about a "fair trial" - that right belongs only to citizens and anyone who's a traitor has renounced his citizenship. God bless the USA!

TSA security is silly.

We flew from Seattle to Honolulu peanut butter and jelly without the TSA saying anything, though they took our yogurt.

We flew from Honololu to Hilo and the peanut butter and jelly were confiscated. An antique, non-working lighter was not allowed (we had to mail it since our bags were already checked, like everyone else who is in the TSA line), but they missed or didn't care about the working, plastic lighter.

It is clear that the TSA has a poor track record.

Confiscating non-weapons is a security failure, just like jailing innocent people is.

Stopping a non-working lighter, but allowing a working one through in the same carry on is a security failure if you believe lighters are weapons, which they are not.

Oh well, at least it's only billions being wasted, security not being implemented, increased garbage and waste, and massive hassle for paying customers.

>> " It's easier to notice the people who
>> are nervous because they are attempting
>> something vs. people who are nervous
>> because they are afraid of being barked at"

Spot on. Couldn't have said it better myself.

I also think a bit of bully mentality is sneaking in 'so the people are kept afraid and scared so they will be less likely to do something against the institution'..

Unfortunately this approach of 'ruling through oppression and fear' will always backfire at some point.

I forgot to add that the lighter was interesting because it was made of metal. The TSA folks even tried to light it, but it didn't even spark, yet they said we couldn't take it. I wonder why they even spent the 2 minutes playing the lighter if it didn't matter if it sparked or not.

And one has to wonder how that was spotted as a menace, but two laptops, a video camera, a regular camera, an iPod and numerous cables, power supplies and rechargers were all cleared without any issue. Am I really to believe that their screening could detect anything odd about all those electronics and wires?

When I train novice security officers, I remind them that everyone has the right to not be searched by the TSA.

Of course, they don't have to fly, either.

I am continually amazed that Americans put up with the fascist way in which "security screening" is conducted. Where are all the complaints? Letters to Congresspeople? Video cameras taping TSA abuses? Investigations?

The other question is very simple. How many actual tangos -- i.e. people who were later foci of investigations or charged with conspiring to commit criminal acts aboard aircraft -- are actually stopped at TSA checkpoints each year?

TSA is not just security theater. It's a horror flick.

@Anonymous and scared

You're right, it has nothing to do with security. Neither do the police. The prime directive of everyone with a badge and a gun is to establish immediate dominance, and use the threat of violence to cow people. Cops and security guards get the same training.

I had my eyes opened years ago when I saw how polite, considerate, and cooperative police officers were at a skeet shooting range where dozens of people were heavily armed. From that I know the police don't have to be thugs to do their jobs, and every cop who is a thug is a thug first, the uniform and badge just a masquerade.

http://en.wikipedia.org/wiki/Panopticon

Police state apparatus is NOT concerned with furniture.

Geez, and I was just going to say this is standard fare for American manufacturing these days. You can try to blame this tiny spot of inconvenience on some whim of the government or bureaucracy, but (aside from the fact that it's all contracted out to private companies anyway) an absence of sensible or efficient engineering seems typical to me for American airports in general. Only makes sense that the screening process is as screwed up as the rest of the processes...

http://www.nytimes.com/2005/08/27/national/27denver.html?ex=1282795200&en=55c1a4d8ddb7988a&ei=5088&partner=rssnyt&emc=rss

On a recent trip though BWI, a couple of the security screening lines had small ramps between the tables and X-Ray machines. As it was a slow morning, and none of the security people looked too uptight, I asked someone about them. It seems like a good idea to me, I told the uniformed TSA guy. He said "thank you"....He had made them himself to help make things move smoother.

He will no doubt be reprimanded for showing intiative and caring about how things work.

@Anonymous and scared (and pretty much everyone else), if there's one thing I've learned from the security gestapo, its that _whatever_ you do, don't trip the metal detector twice. I did it by virtue of the foil in a sheet of benadryl I was carrying, and it cost me 20 minutes of being barked at and generally treated like a second class citizen while I was pawed, wanded, etc. The funny thing was, even after the guard and I had established that it was the benadryl that set it off, I was still treated rudely.

I felt like saying to the guy, look asshole, I know for a fact that this airport has caught 0 terrorists (because I read the news), and that means that from inception you've done nothing but essentially hassle and rob law abiding citizens. And... there is an overwhelming probability, that I too am a tax paying law abiding citizen. Maybe you should conduct your business with that in mind?

But that would obviously be a tangle with someone who was more than capable of making my life miserable so I didn't.

The only last thing I'll say, particularly to the first anonymous, is that I was under the impression that TSA did not carry guns. In fact, I distinctly remember thinking to myself after the incident I just related that "thank god they don't issue these morons guns." Was I mistaken?

Sorry for being a bit off topic but I think this is worth a mention:

http://observer.guardian.co.uk/world/story/0,,1984496,00.html

If full fingerprint scanning is implemented then the queues at British airports will be pretty bad to say nothing of having you fingerprints stored by the US government, credit card transactions and emails scrutinised.

There's lots of things I would like to see by visiting the USA but if this is the future then I will not bother.

@Anonymous and scared

I thought the UK security proposal (my URL above) was bad but the American security sounds as if it is run by Nazis.

@Aaron

"there were masses of humanity trying to push their way up to security. It was nothing but people, shoulder to shoulder, filling huge rooms. Security was so deep into the lines that after 2 hours of standing in this mass of humanity, we still could not even see the metal detectors."

Sounds like a 'good' target for a suicide bomber.

@Sean

The *second* time I went through the detector, I didn't even have my eyeglasses or belt buckle. The only metal I had on my person was my dental work - and that consists of two fillings and a crown. How could I have avoided the mistake of tripping the metal detector twice?

With respect to your impression that TSA workers did not carry guns, I did not recognize the uniform of the man that ordered me to move. I certainly didn't ask to see his badge. When an armed man in uniform who works for your government screams orders at you, you don't assert your rights.

After all, all these officers are protecting us. We can't have liberals letting all those terrorists destroy our way of life. Without there brave men, we would have no freedoms! God bless the USA!

@mpd:
[ To me, it's like saying, "Gee, that paint's an ugly color, their security must suck." ]

Tom Peters once told us a story told by the fellow who started People's Express:

"The hell of it is that coffee stains on the tray table is treated as proof that we're not doing our engine maintenance"

So if the visible parts of the "system" don't fit together, how much faith can you have that the INVISIBLE parts are getting attention?

Like having your car lubed-- if the doors still squeak, did they get the job done right?

I'm a bit off topic here, but it is security and architecture:

What work has there been on passive security through architecture? I'm thinking of barriers designed so that a bomb blast is deflected in a less dangerous direction, reducing its effectiveness. There are probably many more possibilities I haven't considered - perhaps the use of ablative materials to absorb energy.

It´s a very interesting theme and a simple answer of many questions

TSA Security screening is a farce . If I were a terrorist I would bomb the security waiting line or the line at the ticket counter. If I wanted to take out a plane, I would bring explosives in in my pocket and plant them on someone else, someone getting on a different plane than me. I could pull up an OK city style car or bus bomb right to the passenger pick up or drop off. I could do all of this barefoot, easily bypassing the shoe scanners. The question is, why all the extra security theatre? Why the extra surveillance and no fly lists which are so obviously ineffective at achieving "security"? Are the Feds getting ready to try and implement a full scale police state, restricting the right to travel freely within or in and out of the country? Are the Feds trying to maintain an environment of fear? What is the real purpose? Incompetence doesn't quite cover it.

I work in this industry (airport design), and the complaints voiced herein are true, but the reasoning I’m seeing here is at least partially off track.

The part that some of the other commenters have got right here is that the design of the ergonomics is *hard*. It’s a very soft science and you have to make the design work for THE widest possible population (i.e. the general public). The parts that no one has mentioned that are at least as important are: a) There is no or very little federal funding, but plenty of federal requirements, for these areas. The guideline document referred to by Blaze (which I’m very familiar with) does have a copious amount of detail, yet it’s still not enough to cover all eventualities. Airlines and airports are trying to drive design/installation/operating costs down, and sometimes this conflicts with the regs. The result is that only the letter of the regs is followed, not necessarily the intent. It’s important to remember that the airport have to put a security screening check point in, but they don’t have to operate it and the compensation they get from the gov’t is minimal, so who can blame them (the airports) for compacting the SSCP’s into the smallest possible space? b) Airport designs have multiple clients (airlines, TSA, local law enforcement, airport operations, airport maintenance, concessionaires, etc.) All these folks have a stake in how these things are designed and, depending on how vocal they are, can get modifications to the design, regardless of whether they have the requisite knowledge/expertise to understand the impacts. The designs are essentially “by committee� and you can see the result of that. c) Gov’t contracting requirements for certain items (say the steel tables) result in massive buys of equipment, which you and they are essentially stuck with. Unfortunately, the equipment isn’t flexible enough, and getting the gov’t to purchase (either slightly or radically) different equipment is a multi year process, it turns out. This is gov’t bureaucracy at it’s worst, with the extra special hurdle that ANY change/modification/workaround also has to be evaluated as part of the security “system�. d) The security design and implementation branch of the TSA is woefully understaffed. Getting TSA to commit to a decision, or even send a decision maker to a meeting to here the arguments first hand, is very difficult. e) And finally, airports are one of the most complicated infrastructure systems imaginable, even without all the security. There is the huge building, with multiple internal mechanical, electrical, and communications support systems (like a skyscraper) PLUS specialty systems/conditions like baggage handling, loading bridges an secure/non-secure division of the space PLUS the operational support aspect to landing and servicing airplanes PLUS the security screening issues PLUS your primary user is the general public who don’t give a hoot about all this, they just want to get a latte, read a book and get to Grandma’s.

"I read somewhere that they are trying to change that perception by putting up banners in airports with friendly slogans."

Arbiet mach frei? We've always been at war with Oceania? Resistance is futile?

I was thinking about this earlier this week while waiting to check in. The floor was marble, the walls were glass, the fronts of the check-in desks were smooth plastic/wood, the ceiling was solid with a few light fittings hanging down and there were a few hundred people shuffling suitcases around and taping things up. No prizes for guessing how intelligible the sound from the tannoy was.

Is it REALLY so difficult to use at least SOME sound absorbent material on the ceiling at a minimum? If you can't understand a damn word they say over the PA in normal 'calm' conditions, what hope is there in the midst of an emergency? This is beyond incompetence.

We were flying on an early morning flight over the holidays with our 4 year old. As we moved through the line approaching the first TSA screener, the screener yelled at my wife 4 times that all passengers must hold their own boarding pass. Luckily my wife didn't think the screener was talking to her, she was holding my daughters hand and both of their boarding passes. I reached the screener first and told her softly but firmly my daughter was 4 years old. The screener took our boarding passes and ID's and asked our daughter to speak her name, making a show of verifying it matched the name on the boarding pass. Is this security? It *is* conditioning...

The article leads me to suspect that the top officials at the TSA who script and direct the airport security theatre fly on private government jets, have a special secret pass that lets them bypass the security queues, or otherwise have granted themselves complete exemption from all the hassles they inflict on lesser folk. That's the only likely explanation of how they could be so blind to the absurdity that is obvious to anyone who endures air travel.

That's the typical arrogant hypocrisy of bureaucrats. I first encountered this in college, when a major campus expansion tore up many parking lots and created a parking crisis. The Vice Chancellors in charge of the project and parking eventually deigned to appear at a town-hall meeting with affected staff and students. There they lectured us about how the problem is our own fault, since we had failed to heed their recommendations to carpool, rode the bus, bicycle, or walk to campus instead of driving during the construction project.

One student had the audacity to ask the Vice Chancellor how often he carpooled, rode the bus, bicycled, or walked. He scowled in extreme annoyance and snapped, "Never! I can't afford to waste my time with that! I have too many important meetings and decisions to make!" I don't think he had any clue about the significance of his retort-- or about why the response was a disrespectful chorus of boos and hisses. I have seen this arrogance many times since then from "public servants."

Some people here say it's hard to find mass-produced tables and mass-produced x-ray machines with matching height.
But there exists an alternate solution using some high tech mass-produced material called "planks" : buy a bunch of these the right size, put them on the floor under your machine or table and, tada, they're the same height. Low money and time cost, everybody happy.

Phil, you must not be aware of the 1,789 pieces of paper, filled out in triplicate, that would be necessary to initiate the initial, tenative, pre-analysis study to assess the possible impact of the subsequent commision that would determine if wood was, in fact, an acceptable material to use. The next series would need to figure out the proper word to employ for further word: is "plank" a deep insult in some rare language? Then further studies would be needed to ascertain the height of these planks. This would be a tricky matter indeed, since as you must be aware, thermal expansion and general aging properties of the table, the x-ray machine and the plank material need to be very carefully and expensively characterized. Finally, after a hundred million dollars and a quarter of a century later, a contract can be considered and maybe offered for public tender. However, a further legal, social and economic analysis needs to be made prior to this just to make sure everyone has time to submit bribes and ...