Schneier on Security

"If the TSO throws your liquids in the trash, they don't find you a threat."

If they didn't find (you) a threat, then WHY THROW THE FREAKIN' LIQUIDS IN THE TRASH?!?!?

Jeez Louise...

~EdT.

I've always wanted to know why knives, box-cutters and all sorts are considered dangerous, but you can happily go buy a massive bottle of spirits from duty-free, smash the glass and then have a very effective weapon? Were you able to ask this question? I'd love to know the answer.

Good interview. I don't think he's answered your questions about the liquids thing very well, and his response to the other point seems to be to dispute the studies. In summary, he's still dodging the hard questions.

JohnnyM: To be honest, you can buy so much stuff in duty free, I've been convinced for a while that you could make a number of deadly weapons and explosives from the things you could buy plus stuff you could easily carry inside. I'd love to see some research along these lines. There are no checks before getting on the plane.

Same s**t accross Europe.
My best one was being asked for liquids, then my handlugge was x-rayed then I was asked again and finally they took my handluggage apart completely.
Nice.
And no... I didn't have any liquids with me.
Took place at Charles de Gaulle, Paris, Terminal 2.

I'm looking forward to knowing when I can keep my shoes on. (-:

(near the end) "They isolate one particular thing: for example, a particular explosive, made and placed in a way that exploits a particular weakness in technology; our procedures; or the way TSOs do things in practice. Then they will test that particular thing over and over until they identify what corrective action is needed."

--> In other ways: They focus on tactics.

Bruce, I think I love you. Thanks a million for doing this.

@kyb:
How about when they leave the janitor supply closet unlocked? Between that and the Duty Free, I'm sure you can jury-rig some nasty. Maybe not C4 style kabooms, but enough to render the flight unsafe.

And I'd be curious to know what steps the TSA is taking to defend against a DOS attack on the airline infrastructure- with a large enough number of false positives, they could bring air travel to a halt. It would take many more people than they usually involve, but most of those people would be exposed to very little risk.

I took a half a pound of english tea on board. It had a nice black powdery consistency. They did not worry about that, as it was not a liquid.

So, to sum up -

After we've determined you're not a threat, we'll still take your liquids from you, just cause that's what our rules say. And then dump them in the nearest trash can.

Don't believe the reports of our ineffectiveness... they're lies! Lies, I say!

And finally, I'll continue to obfuscate on the hard questions, because I'm a bureaucrat and my very existence depends on it.

How very, very sad.

Great series! Thanks; looking forward to the next one. So, Hawley says in the AvWeek editorial that "TSA prefers to keep its resources flexible and nimble and not dig in behind new measures targeted for an endless set of newly perceived vulnerabilities." and then goes on to talk about how flexibility and unpredictability are the names of the game.

I'm having trouble lining that up with checking shoes (which began after Richard Reed), the 3 oz. liquid regime (which began after the London liquid-bombing scare), etc. How is this not reacting to the latest "newly perceived vulnerability"? He also didn't respond to your point that many people disagree about the feasibility of assembling a liquid explosive in flight.

My suspicion is that each new added "hoop" will stay indefinitely in a screening process that will grow ever longer and more burdensome. And it still looks to me like the primary motivator for each one is the "appearance of doing something to counter what the public heard in the news lately", and not the real security value of what's being tested.

"I don't think he's answered your questions about the liquids thing very well..."

I know. I don't, either. I wish he did. But there comes a point where you simply have to stop badering him and move on.

KH is lying.

I think it's commendable that Mr. Hawley would agree to the interview. We have to put credit where it's due. Now, what would be better is if Hawley became a frequent guest... not necessarily here... but on more public forums. Perhaps sometimes Mr. Schneier could also be a guest, so that the interviewer is not overwhelmed with security minutiae.

I appreciate the clear manner in which Mr. Schneier asked questions that didn't overwhelm the audience scientifically.

If there's a threat, there's a threat, but we sure are putting an awful lot of resources into screening millions of passengers that aren't threats. It screams out that there must be a better way somewhere... especially when passengers may no longer be the biggest threat to an aircraft.

It wouldn't do any good to do the interview again, this time with him deposed. The threat of prosecution for perjury is useless if George is just going to pardon him.

"he asked me how the TSA could overcome its negative image"

While I appreciate the interview, there's a much better way to overcome a negative image: stop doing such a crappy job.

The reason he can't get into specifics is the reason no one believes anything the KH or the TSA says.

When we have scientists and chemists telling us that making a bomb won't work, and giving us the reasons, and the TSA just saying "they're wrong, duh", without going into any detail at all, they come off sounding like they do not know anything about it.

Transparency: show us the explosive liquid, man.

You know, I flew back from Las Vegas just yesterday and while being barked at by the drill-sergeant wannabe TSA agent I noticed the huge crowd of people in the zig-zagging rope lines.

I got to wondering about the impact of an explosive vest in that crowd, not to mention the impact of such an action.

Who needs to get on a plane?

KH: I often read blog posts about how someone could just take all their three-ounce bottles -- or take bottles from others on the plane -- and combine them into a larger container to make a bomb. I can't get into the specifics, but our explosives research shows this is not a viable option.

Then why limit the number of three ounce bottles I can bring?

The TSA does not deserve the slightest bit of respect, much less the benefit of the doubt, as long as it keeps providing scare stories at times that are politically convenient for the GOP.

Recall that the liquid terror plot came up at just the right time in the 2006 election cycle. It's been documented that the admin pressured the British into making headlines by arresting suspects even though that compromised the chances of convictions. The liquid ban came out of this fiasco.

Meanwhile, he latest whine about 'dry runs' was leaked right after the Democratic YouTube debate/QA session. The 'clay in gelpacks' leak was KNOWN TO BE FALSE when it hit the front pages. All this adds up to a deliberate attempt by someone with access to sensitive information to fabricate a terror threat to get the Dems debate out of the public eye. This is not security, it's Karl Rove's style of fear mongering politics.

Every bit of evidence says the TSA is just as politicized and demand-responsive to GOP goals as every other part of this administration. It's prime motivation is politics, not security, and as such it's absolutely not to be trusted.

"If the TSO throws your liquids in the trash, they don't find you a threat."

If they didn't find (you) a threat, then WHY THROW THE FREAKIN' LIQUIDS IN THE TRASH?!?!?

---------------------------------------
That falls under following the rules, and a notice to the terrorist that breaking this rule, that no excemptions will be made. What if the terrorists knew that if someone was not considered a threat, they could get whatever the amount of fluid in? They would spend their time trying to figure a way to do that.

Thanks for doing this interview, Bruce! I look forward to reading the rest of it. Unfortunately, the only good answer he gave was his very first sentence, which I presume he delivered with a note of sarcasm. Dodging the liquids question and calling the tests "wrong or misleading" does absolutely nothing to improve the TSA's image as a bunch of idiots trying to justify receiving a paycheck.

Agreeing to do this interview, and to do it with Bruce is a step in the right direction. Allowing the hard questions to be asked (even if he doesn't answer them) is somewhat better than pretending that the questions don't exist. Thanks, Bruce, for bringing this to us, and I look forward to the remaining parts.

JohnnyM: Bottles aren't very good melee weapons. If you try that without nice, thick gloves, you'll cut yourself up at least as much as anyone else.

Buying a bunch of bottles and throwing them, on the other hand, may be a lot more fun.

Is there a limit on how many bottles you can buy in duty free?

gsmooth89: Or it could let the terrorists know that if they don't get the plane, they'll at least get the security line when the ingredients for their peroxide bomb are mixed in the same container.

On a more disgusting note, I wonder how closely they check colostomy bags. Do those have a 3oz limit too?

I understand ammonia can be used as an ingredient in some explosives. Some clever terrorist may forge a doctor's note claiming Crohn's disease and the smell of ammonia would keep the screeners from investigating too closely.

Can we file this under "somewhat-plausible movie threats"?

He says they "engaged with other countries", but apparently they then picked limits that are 10ml less than others.

I presume it's because of a round number of fl.Oz, but really... when it's 100ml leaving Europe (refillable bottles of this size are already starting to appear in shops) and 90ml leaving the USA, well, that's not very engaged at all.

Which makes you wonder about how co-ordinated anything else is.

Great stuff. I'm curious about the idea of how to do screenings that do not rely on them being able to reliably detect threat liquids or objects.

Re: DOS attacks mentioned by: t3knomanser

A DOS would be trivially easy to implement given a half dozen people willing to be slightly arrested.

Get 6 people to barge through a security gate forcing the clearing of the terminal buildings to rescreen. Do this at rush hour in Atlanta, Chicago, LA, Boston, St. Louis, and Dallas. It will probably be days before flights are back on schedule.

@JohnnyM:

I've wondered the same thing, a pop can ripped in half is a pretty good blade too. Even better than duty free since you can get them to hand you a pop can on the plane.

Overall, I'm moderately impressed.

First, I'm very impressed that KH agreed to do this at all. It's a series of interviews with a well-spoken known adversary with a following. KH knows he's going to be hit, and then hit again in the next interview. This takes guts.

Second, I'm moderately impressed with his reasoning for the current liquid limits. I don't agree with the reasoning (many saline bottles have screw-tops, for example) but it's not totally, blindly dumb.

Third, I am not impressed at all with the rest of his answers. I do not feel more enlightened, more educated, or more satisfied than I was before I read this.

Finally, I would like to see answers to why we still have to take off our shoes, and why search methodologies and why practices vary so widely from airport to airport. And don't let him get away with "Laguardia is at greater risk than Cincinnati." Flights from Cincinnati to Laguardia are just as risky as flights in the other direction, and any flight can be diverted.

"Imagine for a moment that TSA people are somewhat bright, and motivated to protect the public...How might you engineer backwards from that premise..."

perhaps the backwards engineering would result in two elements, a highly visible window dressing to ensure the public knows something is being done and a much less visible effort that aims to be highly effective but discreet?

How many of us in private sector security jobs would want to publish all the details of our security strategies, including details of the threats we anticipate and our countermeasures?

Do we really want TSA to do that?

guvn'r wrote: "How many of us in private sector security jobs would want to publish all the details of our security strategies, including details of the threats we anticipate and our countermeasures?"

Security through obscurity?

What have you got to hide if everything is secure up to a good enough standard? Of course you don't release your encryption keys. But making the encryption algorithms and protocols public isn't going to hurt a secure system. In fact, it'll probably make it more secure as you can no longer hide behind a veil of false security and obscurity. You'll also be open to criticism from 3rd parties, which will ultimately improve your security system.

@guvn'r: Yes! We want them to publish! It's called transparency, and if they are doing their job, that won't make them any less effective. Do you read this site? I mean you posted here, but...

@t3knomanser, re: unlocked janitor closet: There's all sorts of fun chemistry you can do with those. Depending on how well it's locked, pick the lock (would likely only work if it's something you can do quickly--eg, if you can card the lock).

Wait, what am I thinking. You can just get the keys. Get someone hired on as the janitor. A couple other people do a run during the janitor's shift...

You know, at first I thought this was some cleverly written satire. Then I realized that this was actually the *real* Kip Hawley answering questions. So little of what Mr Hawley says makes any real sense that I'm not even going to try. Suffice it to say that you could take this interview, republish it as a Monty Python sketch, and hardly anyone would think twice about it.

Kip said, "So what would the justification be for prohibiting lip gloss, nasal spray, etc? There was none, other than for our own convenience and the sake of a simple explanation."

I'm just speechless. I mean, this is so blatantly stupid, I don't even know what to say.

Kip also said, "...we learned through testing that that no matter what someone brought on, if it was in a small enough container, it wasn't a serious threat."

So....an ounce of something like Sarin nerve gas wouldn't be a "serious threat"? Or two ounces of Nitroglycerine or Astrolite? Again, this is so utterly ridiculous that I just don't even know where to begin. But thanks for taking away my toothpaste. (sigh).

If somebody ever figures out how to make an IED out of a boarding pass, I think this guy's head would implode. Good job, Bruce.

It is my contention that the present model for airplane security cannot succeed. The attack surface is much too large and the possibilities for improvised hand weapons and explosives are vast. Most people understand the improvised hand weapons issue well enough. On the explosives front consider that any powder that burns, including coffee creamer, flour, powdered sugar, and probably English tea can make a dust explosion ( http://en.wikipedia.org/wiki/Dust_explosion ). Dust explosions are very effective in enclosed spaces.

We really need to completely start from scratch and explore other security models: http://www.joehuffman.org/Freedom/WeaponsPlanes.htm

Boarding passes are made of paper. Paper can easily be made into dust that can be used for a dust explosion. I'd want more than one boarding pass to do serious damage but I'm certain a small newspaper or a paperback book would be sufficent.

I give Mr. Hawley significant credit for at least providing the appearance of common sense as the head of a very nonsensical organization. He did, after all, rescind the ban on scissors and tweezers, and more recently on lighters. In doing so, he admitted that confiscating large numbers of these items unduly burdened passengers without a commensurate security benefit. It's impossible to say whether this represents common sense, or is merely a simple admission that large numbers of people recognized the stupidity of the ban and refused to comply with it. But it is progress nonetheless (although lighters really are dangerous items, since their intended use is to ignite things known to kill people).

Unfortunately, Mr. Hawley's common sense is severely constrained by the nature of his job. He's a career bureaucrat, and also a Bush appointee. The former limits what he can do; the latter most likely limits his ability to do it. He all but admitted that the TSA's watch lists had too many names, and announced a "quality review" that he said would remove about half the names from the list. That's progress to be sure, but a watch list with only 150,000 names instead of 300,000 still drowns any possible benefit in an ocean of false alarms and unnecessary hassles. And worse, it still maintains a Kafkaesque system that arbitrarily classifies possibly hundreds of thousands of individuals as too dangerous to fly, but not dangerous enough to arrest or detain even under an administration that has granted itself unchecked power to indefinitely detain anyone it wants.

However much common sense Mr. Hawley brings to the TSA, the best he can do is to make a few sensible, incremental improvements to a system that is completely broken from its very foundation. His apparent transparency is welcome, although I'm not sure what to make of it. I suspect he has enough sense to realize that many if not most air travelers recognize the absurdity and stupidity visible to anyone whose eyes are open. But as a career bureaucrat, he may see his proper role as pasting a veneer of sensibility on it-- anyone can see that the Emperor is naked, but he is gingerly applying a fig leaf to the embarrassingly diminutive Royal Genitalia.

Thank you, Bruce, for providing these interviews. Whatever Mr. Hawley's actual agenda, it's certainly a great improvement over administration officials who respond to any questions with "I can't tell you anything because it's all highly classified, but you must trust us when we tell you everything we're doing is necessary and we have carefully balanced security with protection of civil liberties."

> I often read blog posts about how someone could just take all their three-ounce
> bottles -- or take bottles from others on the plane -- and combine them into a
> larger container to make a bomb. I can't get into the specifics, but our explosives
> research shows this is not a viable option.

I don't understand why you can't get into the specifics here, Kip. If your research shows this is not a viable option, then you should be able to publish the results; what is the negative consequence? On the other hand, if your research shows that it's a *very difficult* but still viable option, I can see why you'd be reluctant to publish it, since you'd be detailing to all the bad guys how to set us up the bomb.

However, the airline-traveling public has a right to know if this is, in fact, possible, so that they can decide to stop flying if they want to mitigate that risk. This is the primary reason the TSA has no credibility - they insist on security through obfuscation. "Trust us, we know what we're doing, but we can't explain it to you, for reasons we can't divulge".

"Imagine for a moment that TSA people are somewhat bright, and motivated to protect the public with the least intrusion into their lives, not to mention travel themselves. How might you engineer backwards from that premise to get to three ounces and a baggie?"

That sounds like a very entertaining exercise in giving someone the maximum benefit of the doubt based on almost no information and lots of blind faith in American government. I'm sure it would be lots of fun to imagine that for a moment.

Unfortunately I have no time to imagine it, as I am too busy trying to imagine the internal dynamics of a bureaucracy that has increased ~10-fold in size over ~3 years and has a vested interest in, shall we say, maintaining a high level of public consciousness of the possibility of terrorist attacks.

Bruce, kudos again for getting this interview.

This sentence sums it up for me:
"I have the sinking feeling that you're defending us against a terrorist smart enough to develop his own liquid explosive, yet too stupid to read the rules on TSA's own website."

Assuming that the terrorists are dumb is, in itself, dumb.

Assuming that an organization has a greater impetus to protect you than you yourself do, in itself, generates it's own lack of protection.

These things are not accidents, they represent a mental framework that is, well, "mental".

The TSA is a very expensive and rather annoying sham.

How does ebaying items the TSA has stolen under the guise of "security" make me safer? How can rings of thieves work the baggage handling at various airports right under the TSA's nose without getting caught? How does the TSA propose stopping a suicide bomber from going kablooey in the middle of the security line that has a backup of over 3 planeloads of people because of their incompetence? How can chemical and explosives experts debunk this liquid theory yet still the TSA persists with its hair gel nonsense? How does having a minimum wage agent X-Ray shoes make it any less likely that the shoelaces are plastic explosives? How long until we start seeing nekkid pictures on the internet (and radiation lawsuits from frequent flyers) from the new full-scan x-ray machines?

Questions, questions, questions.

Bruce:
"I can carry on ... a single larger bottle with a non-prescription medicine label, like contact lens fluid. It all has to fit inside a one-quart plastic bag, except for that large bottle of contact lens fluid."

Wow, are you implying we now can have a 4oz bottle of contact lens fluid in carry-on? (Nearly all contact lens fluid containers are 4oz or more, except starter kits which often don't last a trip.) I wasn't able to find anything to corroborate this on the TSA site or anywhere else.

@George
"I give Mr. Hawley significant credit for at least providing the appearance of common sense as the head of a very nonsensical organization. He did, after all, rescind the ban on scissors and tweezers, and more recently on lighters."

Apparently, the reason they rescinded the ban on lighters was that it was costing the government MILLIONS OF DOLLARS to correctly dispose of them.

If you want to end the ban of liquids, you simply have to bring enough instances of liquids in that have to be disposed of as "hazardous" waste.

This isn't about safety or security.

This is about making arbitrary "CYA" rules that pass the expense on to the traveler.

As with the disposable lighter example, one the cost is shifted to the government, the restrictions are suddenly lifted.

Oh, and great interview, Bruce. He didn't answer any of your questions, but you were impressive.

Congrats on getting the interview, of course.

It would have been even better if Kip Hawley had said anything that...meant ANYTHING at all. As it stands, it's a sophomoric spin attempt and entirely transparent to anyone with half a brain.

Though it is nice to have positive proof that Kip Hawley is an unqualified, overpaid, government shill.

"Imagine for a moment that TSA people are somewhat bright..."

Somewhere between, let's say, a radish and a sea slug?

"...and motivated to protect the public with the least intrusion into their lives..."

Pray tell, just what's the basis for *that* assumption? Don't tell me it is a mandate from management, either: I have seen plenty of instances where such mandates are completely ignored, if not actually contradicted, by the line animal (defined as "the one whose *ss is on the line if something goes wrong").

"...not to mention travel themselves."

You mean to tell me that these TSO's aren't pre-screened sufficiently before they are hired?!?

"How might you engineer backwards from that premise to get to three ounces and a baggie?"

Simple: it is an easy, "one-size-fits-all" rule which doesn't take a whole heckuva lot of thinking to implement. Wrap it up in the "in the interests of flying safety" mantra, and paint anybody who objects as being disloyal (or, even worse, in league with "terrorists"), and you convert airline passengers into compliant sheep very easily.

~EdT.

"And if you confiscate my liquids, you're going to toss them into a large pile right next to the screening station -- which you would never do if anyone thought they were actually dangerous."

I think this is slightly disingenuous since the common scenario is that these liquids first need to be properly combined, and if the statements chemists are too believed this is a difficult task that probably couldn't be accomplished just by chucking them in a bin (of course allowing passengers to then sneak the liquids out of the bin is a security hole).

Besides if you're smuggling things in to be a bomb inside the airport itself there are probably a lot more tempting targets than the bin at the checkpoint.

Bruce -- When talking about liquids, you say that absolute consistency is important, because terrorists can just keep trying until they succeed. However, when talking about knives, etc. you say that 90% effectiveness is good enough, because terrorists just need to be made uncertain about whether they can succeed.

This seems a little inconsistent. Can you explain? [I generally agree completely with your take on security, just want to get this cleared up]

@Brandioch: Are you suggesting that we should all bring our used motor oil to the airport and have it taken away from us so that we don't have to pay for the recycling fees...? :)

"KH: I think your premise is wrong. There are consequences to coming to an airport with a bomb and having some of the materials taken away at the checkpoint. Putting aside our layers of security for the moment, there are things you can do to get a TSO's attention at the checkpoint. If a TSO finds you or the contents of your bag suspicious, you might get interviewed and/or have your bags more closely examined. If the TSO throws your liquids in the trash, they don't find you a threat."

That has to be one of the stupidest comments I've ever heard... if there was no threat, why were the liquids taken away to begin with???

Mr. Schneier,

Thank you for convincing Mr. Hawley to allow you to publish his responses to these questions. Your work in security is outstanding, and I find that your works have allowed me to see the similarities between IT security and physical security, as well as to see the ways in which they must converge to some extent.

I look forward to the remaining parts of this interview, and I want to thank you again for the effort that you have placed into this. I will make sure that I inform my students that they should read this and follow the entire series.

>"...So what would the justification >be...There was none...own >convenience...sake of a simple >explanation."

>I'm just speechless. I mean, this is so >blatantly stupid, I don't even know what >to say"

Hate to break it to you, but that isn't stupid. Imaging training hordes of McDonalds workers to "secure" your boxes. Would you throw them a full guide, nuanced in every detail of the art of security...or would you give them a 10-step and err on the side of draconian? You'd do the latter if a) you wanted it done right and b) You wanted all of the users of those boxes some realistic access timeline.

This is the same thing. If you want a more professional, detailed look at your baggage, be willing to pay for it

Since the idea of a major attack against the US using -the exact same vector- as before is sort of silly, Id rather spend my security monopoly money elsewhere.

My worst nightmare is that a drunk female passenger will try to smoke in the toilet and set her nylons on fire. Then we'll all have to travel naked to prevent using clothes as an improved incendiary device.

Apparently the graffiti some impudent punk scrawled on his quart-sized liquid bag back a few months back was accurate: Kip Hawley is an idiot.

Another way of thinking about this is that the TSA doesn't get any mileage from protecting us against really brilliant terrorists. (Most of the plots that have come to light, including the ones that worked, weren't exactly rocket science.) If someone manufactures an entire set of suitcases out of frangible magnesium composite or fills the intestines of a dozen passengers with gelled binary-explosive compounds, or implants mind-control chips in pilots' brains, relatively few people are going to blame the TSA for being unable to stop them.

So what they have to guard against -- from a bureaucratic point of view -- are the kinds of attacks where people would say afterwards, "You ^%^%# idiots! That would have been easy to stop if you'd just looked for it."

Anyone with half a brain knows that a true terrorist would just bomb a busy terminal and save themselves a lot of hassle.

Lucky for us there are NO TRUE terrorists, just false flags.

- Wouldn't multiple people with small amounts of liquid overcome the researched threat(ie, Alice, Bob and Charlie combine all of their liquid post screening)?

- If the amount of liquid that can be held in several 3 oz bottles is safe, why not allow "used" bigger containers? (All of my toiletries seem to be in 3.5oz bottles -- none of them are full -- the unused 3x.5 extra container space screws me.

#1 I hope he explains the policy behind TSA's response to the "Kip Hawley is an asshole" free speech campaign.

#2 If he has science that backs up the idea that one cannot take a large empty bottle into the ladies room and pour the contents of a 3 oz bottle of liquid into it, we need to see it. He doesn't have to name the dangerous chemicals if he doesn't want to, just show it doesn't work for water. Likewise, if pouring in one 3oz bottle works, why can't you leave it on the floor for an accomplice to find and repeat the process. Is TSA monitoring every ladies room in every airport with hidden cameras? Folks could get in trouble for that.

"I think it's commendable that Mr. Hawley would agree to the interview. We have to put credit where it's due. Now, what would be better is if Hawley became a frequent guest... not necessarily here... but on more public forums."

I agree with C Gomez completely on this point. We could do with more public exposure from the decision-makers responsible for these TSA policies. The only interaction most people have is with the guy in the uniform taking their stuff and tossing it in the trash, which doesn't exactly inspire a lot of confidence in the operation as a whole.

I'm glad that Secretary Hawley is making this attempt to introduce even a little more transparency to his frankly mysterious and often baffling organisation -- two adjectives that should never be applied to an organisation with a job that's so important and which also spends very large amounts of taxpayer money.

No serious discussion of TSA security can be complete without linking to this TSA training video called: Liquid.....or a gel.

http://www.youtube.com/watch?v=ykzqFz_nHZE

These folks are trained professionals and when they ask you to empty the contents of your sippy cup, colostomy bag, or whatever remember that they do it in the name of national defense!

@user7821, @Jeff, there are operational details that shouldn't be public.

I want to know that my bank uses a peer-reviewed encryption algorithm; I don't want to see the host platform o/s, patch level, IP address and firewall architecture for the key repository posted publicly on the Internet. Nor do I want the depositors or the shareholders to chose the algorithm or host o/s by democratic vote.

Likewise, when I was the elected official to which our small-town police chief reported, I didn't want the schedule of when his cruisers were on patrol and when they were at home but on call to be public knowledge, because it would undermine their effectiveness. duh.

(aside @Jeff, "Do you read this site?" pretty lame ad hominem rejoinder, the fact that I don't agree with your viewpoint may reflect your ignorance not mine. Did you read my post? I work in this field, you apparently don't.)

"Complete effectiveness is not the goal; the checkpoints just have to be effective enough so that the terrorists are worried their plan will be uncovered."

But this is the problem with suicidal fanatics-- if you aren't afraid of your plan being uncovered and your being thrown in jail/killed/etc, you *do* need 100% effectiveness, since people won't be deterred from trying even if they're 95% likely to fail. (Assuming relatively low overhead for the attack, which most of these single-person-on-an-airplane attacks seem to be.)

Steve

Aaron Luchko - The "they need to be combined carefully in order to work" restriction is only when you need to get the liquids onto the plane first, through some amount of security screening, and then make a big enough explosion to seriously damage the plane. If you just want to cause trouble when the liquids are mixed, the restrictions on what they could be are much milder. It's not too hard to come up with two (smelly and suspicious) liquids that when mixed will reliably produce enough poisonous gas to harm a crowd of people.

Ed T said:
"If the TSO throws your liquids in the trash, they don't find you a threat." If they didn't find (you) a threat, then WHY THROW THE FREAKIN' LIQUIDS IN THE TRASH?!?!?

One reason that occurs to me is that planes have been blown up by bombs transported by innocent bystanders. So yes, I can understand why they might want to restrict the liquids and not care about the passenger.

I can also believe that TSA has tested various dangerous liquids and concluded that practical difficulties stand in the way of combining the contents of multiple small bottles. I suspect that either transporting those bottles is self-limiting (nitrogycerine, for example, may detonate prematurely) or the process of combining everything works better at home than in an aircraft lavatory (for example, making nitro require lots of ice to keep things from over-heating, or a side-effect of other combinations is the production of noxious fumes).

I actually think Kip Hawley is doing an amazing job. We must remember, of course, that his job is not to protect the American populace, but to be a bureaucrat. With this in mind, I think he is doing great. Look at the way he sidesteps any question that will make him or TSA look like a ridiculous waste of taxpayer money. Bravo!

“Imagine for a moment that TSA people are somewhat bright, and motivated to protect the
public with the least intrusion into their lives, not to mention travel themselves. How
might you engineer backwards from that premise to get to three ounces and a
baggie?� -Kip Hawley

The Maestro does it again! With one quick statement he not only reinforces the idea that the American traveler benefits enormously from the benevolent oversight of the Uncle Sam sponsored TSA, but then forces THEM to answer the question that was asked! How Sublime! Don't forget his lighter side either, using a subtle riposte of humor to defray the attack of the interviewer.

“Screening ideas are indeed thought up by the Office for Annoying Air Travelers and vetted through the Directorate for Confusion and Complexity, and then we review them to insure that there are sufficient unintended irritating consequences so that the blogosphere is constantly fueled.� - Kip Hawley

Oh Kip, You're such a card! Joking in such a self effacing manner, as to make yourself seem like a human being instead of a politician.
The fact is, all the critics of Kip, and the TSA have not really looked at how hard their jobs are.

First, they need to make sure there is a sufficient amount of fear mongering in the popular media outlets. This is probably not a big problem, as that seems to be what sells now days, so I imagine the Ted Turners, and Rupert Murdoch s of this world are happy to encourage this sort of reporting.

Second, they must make sure they have an immediate solution to whatever the latest perceived threat is. Shoe Bombs? No problem! We have the answer! Incredibly improbable binary liquid explosive? We've got it covered! A crazy guy with his rectum stuffed full of C-4? Umm.... Shhhh lets not talk about that one.

Think of all the trouble a Broadway director has putting on a simple show. Then imagine if he was trying to convince people it wasn't a play........

Yes indeed. Kip Hawley is doing one terrific job.

You can get moderate amounts of thermite, a powder, on an airplane. You can get multiple passengers to combine the load.

You can get similar amounts of potassium permanganate, a purple-black crystal or powder, on a plane. You can buy it at a pharmacy: it has medical uses.

You can get 9 oz per person of glycerine on a plane. You can buy it in a drug store or even a well-stocked supermarket.

Combined, you can easily ignite the thermite, and it will be impossible to extinquish.

You can find all this dangerous information on Wikipedia (start with the article on thermite).

eam wrote: gsmooth89: Or it could let the terrorists know that if they don't get the plane, they'll at least get the security line when the ingredients for their peroxide bomb are mixed in the same container

We arent talking about bombing airports? The terrorists dont seem to be concerned with that. That would be easy to do since there is no checks at the door.

For a moment, try to appreciate the position Mr. Hawley is in.

He does not do his job well if he only increases the real security of the country. He must also address perceived security needs. When a terrorist plot to take down planes using liquid explosives hits the mass media, the TSA does not stand a chance trying to inform the public that responding to this specific, infeasible tactic is counterproductive.

Furthermore, even if they could successfully drive home such a point, Mr. Hawley would be setting himself and his organization up for ruin. The mass media would pounce on any future terrorist plot that bore even a remote, pathologically slanted link to liquids and use it to crucify the TSA.

Michael B writes: "He must also address perceived security needs."

Where on Earth did you get that idea? You could not be more wrong.

"Pete" remarks: "Wow, are you implying we now can have a 4oz bottle of contact lens fluid in carry-on? . . . wasn't able to find anything to corroborate this on the TSA site or anywhere else."

Poor eyesight is a medical condition. Look under the information on carrying on medical necessities. Saline solution is specifically mentioned in the list of items where larger amounts are permitted if declared to the screeners.

So, will we ever get an answer to the questions..

Are the confiscated bottles of liquid treated as hazardous waste and how much does disposal cost per year?

Do they do analysis on the bottle contents? Has any nasty material ever been detected in the thousands of confiscated bottles?

Is there any hard evidence of terrorists attempting to probe the security provided by the TSA? Surely any evidence would be front page news, yet we hear nothing.

Has ordinary non-lethal smuggling been eliminated? The security measures that the TSA implement should have almost eliminated the ordinary smuggler of money, animals and other goods. Again, dramatic reductions in smuggling would surely be headline news (and the relative statistics would allow us to estimate the effectiveness of the TSA.)

"You can get moderate amounts of thermite, a powder, on an airplane."

Yesm but thermite isn't going to bring down a 'plane.

OTOH I'm sure you could use the same technique to get a dozen people to carry a couple of ounces of C4 each onto a 'plane. Just mould it into their asscracks or something.

Spreading the explosive among several people means there's more chance that a decent amount of it will get on board.

Seriously.... did anybody feel the slightest bit more informed or safer after reading this article?

In answer to the questions about whether the TSA is doing security theatre or if it is taking reasonable precautions, something struck me a while ago.

Taking off your shoes was a specific response to a specific threat. Banning liquids was a specific response to a specific threat.

While TSA have been accused of security theatre (and it is definitely doing that) it might be that part of the reason for these two measures is not security but to keep the public reassured that something is being done.

If the TSA had screening devices that could detect every chemical threat and a new threat came along, the scanner might pick it up, but unless they are seen to be doing something to combat that threat then the public might feel like nothing is being done.

Given some of the news stories I've seen about people that other passengers felt were a threat based purely on racial profiling, I would rather that the passengers were reassured than that they became jumpy. After all if I'm relaxing on a long flight and take my shoes off I don't want to be jumped by a nervous passenger who thinks that that makes me a threat.

Z.

I can't wait for a woman to smuggle on explosives inside her bra. Then women will be forced to remove their bras before they can board a plane.

And then underwear bombs are next...

Then we all get to fly nekkid.

It's amazing how much this looks like satire. I was going to leave a comment commending Bruce for clever writing, and chastising him for making it look so convincing that people may actually believe it, but... the horror... it looks like it's actually quite a real interview after all.

I find KH's responses to be continued evasions from hard questions. It's unfortunate that we get clever explanations of their thinking that border on propaganda, and question our premises in almost all cases.

The TSA reminds me of the Stealers Wheel's tune: "Stuck in the Middle With You" - "Clowns to the left of me, jokers to the right. Here I am, stuck in the middle with you"

The interview was a little confusing... Why were Kip Hawley's comments the ones that were NOT prefaced by "BS"?

The bottom line is ask any ex con and he will tell you the answer to getting something you want on board. My dad is a retired TWA captain, and my two brothers are Delta pilots and I'm a retired cop. All have said its a joke (the tsa). Oh yes I was one of the cops who worked with the TSA that did the arresting. We found several flaws in detections of the equipment and how it was used. I won't disclose those. But the TSA REALLY needs more upgrades.

Sherm

Never mind the binary explosives, how about a simple fuel-air bomb? After all, they're allowing lighters again. Just empty several into a 55-gallon trash bag along with a little acetylene (made from solid calcium carbide and water) and add a spark. Yield is about equivalent to a kilogram of really good HE; in the lav you can blow out enough skin to make the bird unflyable.

Not spectacular enough? Thermite is great stuff, made only of inorganic materials that TSA *can't* intercept. Mould it into something like commemorative plaques or some such, add a little magnesium wire and a laptop battery is more than enough to set it all burning hot enough to ignite the aluminum skin of the aircraft.

With a 600 kph force-fed air supply, that sucker should burn bright enough to be seen from orbit in daylight.

Ask any engineer. We've got a million of 'em.

I am an East Indian in his mid-twenties, and being brown, I am often subjected to some rather blatantly racial profiling.

When I have traveled with several friends (all of whom were white), I have always been magically pulled aside by the absolutely non-racist TSA.

Now, if you are going to pull me aside every time I fly because I am brown, then give me an incentive. Give me coupons. Or give me money. Or give me better seating. Or whatever.

But if you are treating me separately because of my skin color, then you are reminding me of how a certain European Police State used to treat people of Jewish descent.

Does Mr. Kipley have an answer to this? Or are he and his gang of thugs going to pull aside every brown man because they are afraid of our skin?

I hope you have not already finished all the interviews. The commenters on this site are coming up with some excellent questions. Can you clarify whether it will be possible to feed these questions back to KH, or are the interviews already done?

Thanks, Bruce. I shall continue to pray that the "security theater" (great phrase, btw) is actually a distraction to keep the public attention from the other, real, security measures being taken. Never thought I'd be praying to be deceived.

I have to say, Anonymous really hit the nail on the head here. And that is, the TSA does not exist to protect us from anything. It exists to facilitate a fear-mongering campaign with which the current administration can further its political goals. That's all, nothing more...and this is just some pitiful attempt at damage control...

Good interview, albeit brief. Unfortunately government security people like to focus on sexy, high-tech threats. For example, the mythology of cyber-terrorism or the obsession with engineered bio-weapons. Instead we're dealing with low-tech actors who are good at exploiting cheap, common, available resources. IEDs aren't manufactured by the Al-Qaeda equivalent of General Dynamics under a multi-year contract, costing 1.25 million a bomb. They're composed of what's available and cell phones or garage door openers. Likewise, expect the next attack to use whatever they can legitimately get on planes and what can be purchased between the security checkpoint and the aircraft cabin. The only way would could ever be safe, as my father jokes, is to fly naked with all our luggage towed behind in a glider.

I can't wait to see what the TSA does if someone tries to use an implanted cardiac pacemaker or a prosthetic limb to commit mayhem on an airplane.

I can't wait to see what the TSA does if someone tries to use an implanted cardiac pacemaker or a prosthetic limb to commit mayhem on an airplane.

@Tim
@Brandioch: Are you suggesting that we should all bring our used motor oil to the airport and have it taken away from us so that we don't have to pay for the recycling fees...? :)

R....O....T....F.....L.....O.....L!!!

I'm eagerly awaiting his response to your questions on the no-fly list. I'm impressed both by your interview questions and his willingness to respond.

Not a single, satisfactory answer. Yet, he manages to insert his absurd views on a very well publicized site in the Internet. The good thing is that he managed to show himself as security illiterate as we all knew him to be.

The TSA is not about security, but about ritual (security theatre).

This interview on transparancy was notable for its opacity. What Mr. Hawley doesn't understand is that for most travelers "TSA" means the people at the security checkpoint. It doesn't mean himself, his scientists, his security analyists, his eplosives experts. It means the only TSA employees the public comes in contact with - the screeners.

While I have encountered TSA screeners who were polite and professional, the vast majority still confiscate my solid deoderant, singifying that TSA rules designed to be understandable to the traveling public are not understandable to the screeners. So having me imagine that they are "reasonably bright" is a bit of a stretch.

Nice work, Bruce -- thanks for sitting down with Mr. Hawley.

Unfortunately, the interview did little to sway my opinion of TSA...

Remember back to when we were children -- when creaks in the floor at night set our hearts racing. What if -- instead of assuring us of our safety -- our parents had told us that it was probably Captain Death walking around the house looking for a soul to take?

...I am still convinced that the fear of terrorism is a greater threat to our nation than the terrorists themselves.

"Yesm but thermite isn't going to bring down a 'plane.
"

See those green cylinders? Put it one of those.

Every airline passenger who wants it, gets issued a large knife upon boarding.

Now .... who is going to mess with that plane..?

Problem solved...

If the TSA prevents liquids as it's seen as a threat, how about a shoelace that could be used to strangle someone, or a belt? Pepper could be used to temporarily blind someone, a rolled magazine could become a weapon too. Even a spoon could be used to remove an eye from its socket. Gasp. The TSA should ban all these dangerous items too. In fact, the TSA should require all passengers to fly naked and anesthesised to make sure that nothing happens during the flight.
Thank you TSA for ruining everybody's life, wasting time and huge resources in a way no terrorists could even dream of.

Keep up the good work and keep dodging all the questions, Kip!

I would like to emphasize what has been stated repeatedly, just above this post.

Who cares about planes anymore? You still have LOTS of other freedoms, ready to be exploited. I mean, come on, they've already exploited that weakness. And although air travel may or may not be safe now, I am sure a smart "terrorist"/"group" would choose an unexpected method to deliver their message. (like 9/11)

You are actually letting the "terrorists" take away your freedoms, little by little. I mean, I could kill WAY more people in an airport than a plane; and there are SOOO many possibilities to exploit! Just wait till technology get's better and they start using your stun/heat weaponry against you.

THE ONLY EXTRA EFFORT ON PART OF THE U.S.A. SHOULD BE INTERNATIONAL RELATIONS REFORM, AS WELL AS INCREASED GLOBAL AWARENESS. You need to get people to stop hating you, not the other way around; as suggested by current policy.

The TSA, and the DHS for that matter, have a valid reason for secrecy: ridicule stings. Being laughed at openly hurts deeply.

As for bringing flammables on the plane to destroy it, why bother? A little research into aircraft cabin fire reveals that practically everything inside -- save the window glass, metal, and passengers -- is flammable. (Including clothing.) Thus all that is needed to make things interesting is an oxidizer.

And thanks to 'overshoot' -- I remember carbide cannons from childhood, but had forgotten.

Zwack wrote: "While TSA have been accused of security theatre (and it is definitely doing that) it might be that part of the reason for these two measures is not security but to keep the public reassured that something is being done."

So, in other words, you advocate removal of freedoms from US citizens for the sake of pretending your government department is doing something useful?

Brilliantly moral.

@guvn'r
"I want to know that my bank uses a peer-reviewed encryption algorithm; I don't want to see the host platform o/s, patch level, IP address and firewall architecture for the key repository posted publicly on the Internet."

Why not? Are you afraid that it isn't secure enough?

If someone is going to attack it, they will probably be able to collect all that information anyway.

By hiding it, you just make it more difficult for people to point out flaws AND for your own people to hide their ignorance / bad decisions.

"Likewise, when I was the elected official to which our small-town police chief reported, I didn't want the schedule of when his cruisers were on patrol and when they were at home but on call to be public knowledge, because it would undermine their effectiveness. duh."

No. Not really. If there is a schedule, you've already failed. All the criminal has to do is watch for them at the off-duty location.

"(aside @Jeff, "Do you read this site?" pretty lame ad hominem rejoinder, the fact that I don't agree with your viewpoint may reflect your ignorance not mine. Did you read my post? I work in this field, you apparently don't.)"

You need to read Bruce's other articles on how people who sell "security services" and such make basic mistakes.

With respect to the theater, false flags and politically motivated leaks of 'terror plots'...

It has been almost 6 years. The bad man isn't trying. The DC snipers showed that you only need a little motivation and a little know how to massively disrupt the economic base of the society.

You can walk into an airport rolling a footlocker sized box filled with whatever you'd like to put in it.

But that's not happening... so... with something so easy, not happening... well 'they' are not trying.

From jofny: "If you want a more professional, detailed look at your baggage, be willing to pay for it."

Yeah, no doubt. For that matter, how about paying the actual cost of moving you from place to place: the security and air control infrastructure and all of that should be paid for by flyers.

Those of us who prefer to be moved about by canal boat should not have to subsidize air travel.

The thing that irritates me the most is that they won't let you take liquids through security but you can buy all the liquid you want past security and bring it on board. I simply REFUSE to believe that all the liquids and all the employees who work beyond security are subjected to the same scrutiny as the passengers.
The whole thing is a farce.

Good first step in getting KH to take an interview. Alas, I doubt his answers have yet to inspire much confidence within the security community.

It is not clear if the entire interview has already been conducted or not. If not,
please ask the same questions of him as you would as of any CSO in his role:

How do you prioritize resources?
How do react to changing threats?
How do you convince the public that a workforce of minimum wage workers will behave the way you intend?
What do you have good control over?
In what ways is your power constrained?
Are you invested in any companies that make travel size shaving cream?
What technologies does the TSA believe are promising ways to help mitigate risks?
What are some examples of educational and process issues that technology will never solve for the TSA?

In any rate a series of open ended questions to which he may or may not present viable answers. If he merely spews a bunch of drivel, then at least we know his capabilities. Thanks Bruce.

Good job Bruce. At least you are getting someone in the government engaged and thinking about the best security practices.

And thanks to Kip for opening himself up to criticism. Just for that, I think he's one of the good guys. Let's give him a break, OK?

Security in airports is deeply flawed but maybe by working together we can improve.

"I hope you have not already finished all the interviews. The commenters on this site are coming up with some excellent questions. Can you clarify whether it will be possible to feed these questions back to KH, or are the interviews already done?"

Interview is already done. As I said in the intro, the interview was conducted over May and June.

I had hoped to publish it in a magazine, but have given up trying. I divided it up into five parts, and will be publishing one a day all week.

Suppose the TSA really were intelligent people. What might they say about:

> nerve gas

While you wouldn't have to worry about being noticed trying to force open the cockpit door after everyone was dead, if other security measures have worked you still wouldn't get the door open and would still be unable to control the plane and use it as a weapon. Sure you killed some people on an airplane, but with nerve gas you could've done the same in $PUBLIC_PLACE and been more effective (in terms of lives lost). Your nerve gas might also be detected by screening equipment for what it is (by say, a high-energy particle reflection signature) before you ever get on the plane.

> Nitroglycerine

You can make some smoke and kill some people, but there's not enough boom there to compromise the plane's structural integrity.

> Dust explosion

Has anyone who suggested it considered the air circulation rates and filters used on an airplane and whether it would be possible to accumulate enough dust in the air to cause an explosion in that environment? (Well, to cause a big enough explosion to bring down the plane?) Some restaurant napkin calculations suggest to me it's not possible. In addition, as soon as dust starts floating through the air, some people are going to get proactive about finding the cause.

> lots of 3oz bottles to make a bomb

What I've heard is this mixing process must generally be done over a long period of time in a chilled, stable, and generally carefully controlled environment. That doesn't describe an airplane restroom. If you can mix your 3oz bottles into 30oz of explosive gel but it takes 24 hours to be fully mixed and effective, the restrictions in place actually make sense.

> body parts full of C4, thermite or other "dangerous powders" (even if you could get enough) and so on

The TSA tests for the presence of C4 (and other explosives, I'm sure). If they find a C4 signature on a passenger, that person won't be getting on a plane until they're absolutely sure it's safe, probably including a full body-cavity search.

--

What's important to realize, I think, is that the terrorists' goals don't depend on actually being able to blow up a plane -- only on being able to make a credible threat. If Dr. Evil on a plane holds up a red button and says "I can blow up the plane" (maybe from a bomb in his checked luggage), do pilots/passengers/airline staff trust our security enough to stake their lives on it and tell Dr. Evil to his face that he's lying? I think no matter how much security we implement, that answer will always be no. And so bothering passengers with regulations won't ever fix the security issues surrounding using planes as weapons. We need to find another way. Being able to override cockpit control of the plane from the ground is one idea that would limit casualties to the people on board, for instance. What other (better?) kinds of controls could we implement that address the real problem without inconveniencing passengers?

"Wow, are you implying we now can have a 4oz bottle of contact lens fluid in carry-on?"

I regularly carry a 12oz bottle. No one has ever given it a second glance, once they see that it's contact lens fluid.

Of course, they have no idea what's actually inside the bottle -- just what the label says.

"Bruce -- When talking about liquids, you say that absolute consistency is important, because terrorists can just keep trying until they succeed. However, when talking about knives, etc. you say that 90% effectiveness is good enough, because terrorists just need to be made uncertain about whether they can succeed.

"This seems a little inconsistent. Can you explain? [I generally agree completely with your take on security, just want to get this cleared up]"

Basically, it depends on the consequences of trying. If you try to carry on a large container of liquid, they take it away from you with a smile and set you on your way. Because there are no consequences to trying, you can try again and again until the TSA misses it.

But guns and knives -- serious knives -- are different. If you try to carry on a gun, it won't be confiscated with a smile. It will be confiscated with an FBI agent who will grill you within half an inch of your life. So you really can't try again and again until you succeed in slipping it past the TSA.

"Good interview, albeit brief."

It's just part 1 of 5. The actual interview is, basically, five times as long.

I'll post a single URL to the whole thing at the end of the week.

"How do you prioritize resources?
"How do react to changing threats?
"How do you convince the public that a workforce of minimum wage workers will behave the way you intend?
"What do you have good control over?
"In what ways is your power constrained?
"Are you invested in any companies that make travel size shaving cream?
"What technologies does the TSA believe are promising ways to help mitigate risks?
"What are some examples of educational and process issues that technology will never solve for the TSA?"

These are all good questions, and largely ones I do not ask in the interview.

Perhaps we can do a follow up.

Mr. Schneier,

Thank you for convincing Mr. Hawley to allow you to publish his responses to these questions. It just shows that not only the majority of the screeners I came to contact with are complete dumba***s but the head of the agency is one as well.

Lots of the liquor you buy at duty free is so nicely flammable especially now with the lighters allowed on board, I wonder when it will happen for the first time that somebody will torch the plane. Also camel backs membranes and other objects represent nice enough containers to mix any liquid you really want. Most of the KH's anwers can be quite easily disputed by anecdotal evidence we all have. As Mr. Schneier says, unless you are 100% successful it doesn't make much difference. The options are just endless, unless we all travel naked with our bodily cavities searched before boarding there will always be risk.

As Mr. Schneier, often says, most of this is just a security theatre intended to make us feel safer and justify existence of this bureaucracy. I do not expect to be any safer now when I fly than I was 6 years ago. When I travel alone, I still take big enough insurance without terrorism clause to cover my family. I take it as an expected risk that highly determined people will overcome the obstacles present to them and achieve their goal or just plainly switch their goals to the area which is affected by lack of resources wasted on the theatre itself.

For your amusement I offer story from my very recent travel. I travelled with a little baby on a long flight and had with me two large bottles of water to use to make formula, since the baby doesn't like the ready to eat one. One big bottle was in a carry on, another one was in stroller we checked in at the gate and therefore we were taking it through the security. The screeners saw the first bottle and told us we cannot bring it on, not because it was too big, but because it contained WATER. They even suggested to add the formula powder to it right then and there and then we could bring it in. They said if it is formula or juice it is fine to bring on board. It definitely doesn't seem logical why water wouldn't be allowed while formula or juice would. Also, I am not sure if they would really check if what I am adding is baby formula especially if I am doing it in front of them from original formula can. Needless to say, I just told them I am going to throw the bottle out and buy one after the security. I did throw it out and then just walked throw security with the second big bottle in my bag. Nobody even noticed.

First, my personal experience recently was with a TSA agent telling me I couldn't take my new stick of deodorant (that I had just purchased 'cause I knew my can of aerosol deodorant wouldn't go), not because the stick was too big, but because I (who had not flown in ages) had not brought it in a baggie. It was agreed between us that it would fit in a baggie, and that the only purpose of the baggie was to make sure I wasn't carrying too much (since she had already thrown out my 5oz tube of toothpaste, the deodorant was it)--but the fact that it wasn't in a baggie in itself was enough to get it disallowed. So it's not enough that the rules are stupid; they're also applied stupidly.

Second, and I hate the thought of anyone in the TSA contemplating this seriously, what about every laptop computer carried on board? You know, the ones with the LCD screens with large pieces of glass embedded in them that could easily be broken and used as weapons?

Third, security at 99% of the airports in the country could have perfect security, and it wouldn't make a difference. Why? It's a weakest link system. When a passenger passes the checkpoint, they're in the system. That means a passenger goes through security in Boston, and when they land in Houston to change planes, they are already within the security perimeter at (ugh) Bush International. But the key here is that that passenger doesn't have to start in Boston. He could just as well have started in East Podunk, Idaho--or Left Wingnut, Texas, or wherever the security screening is the most lax. It's like the joke about what you call the guy who finishes last in medical school ("doctor")--somewhere in the country is the worst set of security screeners working at the least secure airport. It doesn't matter what the security is like anywhere else (within reason, of course).

This TSA process is silly:
They limit the quantity of a single liquid container to 3 oz which you easily can get 5 of in a quart bag = 15oz. You can easily print out multiple boarding passes and go thru security several times to get as much liquid on board as you want.

They scan your luggage for knives, and confiscate them if you accidentially put one in your luggage. but, if you go into OC airport thru security and order a steak, you'll hand you a nice steel steak knife.

It all about the illusion of security, to make you FEEL safe.

Positive Reinforcement to you, Mr. Schneier. I am very much looking forward to the other installments!

I've been a chief of police in a county of 280,000 people for more than 7 years. I've also been in law enforcement for 28 years. As a police officer I firmly believe the TSA is the formation of idiots, run by idiots and employees idiots. Isreal is the leader in airport security. they rely heavily on highly trained personnel to profile (yes that dirty word) to detect threats. TSA on the other hand hires the uneducated and pays them accordingly. As a police officer I can run a person's criminal history, credit history, civil history, voting records, employment history, who your neighbors are,and even parking ticket information from my desk in minutes. Since nearly everyone buys their tickets in advance all flyers can be run for the information above. People without histories or gaps in histories could certainly investigated further. It really bothers me when I see an ederly white female in her 80's being "screened" by the crack TSA security. Yet Muslims often pass through without secondary screening. TSA is a joke. This country needs to wake up and start using all the information so kindly provided by the many marketing groups that collect info on everything we do and focus on real security threats.

eam: re bottles as melee weapons. Sort of. 750ml spirit bottles aren't so good. Bordeaux style wine bottles can be, as can beer bottles. It takes some practice, but I have about 75 percent success at the wrist flick required to make them a viable weapon.

Aaron Luchko: Actually the problem of liquids at the screening station is different from the problem of explosives on the plane. There are a number of combinants which could clear the area/kill some people, which couldn't be combined with the same level of effect in the plane's lavatory. Some would require larger amounts of material than one person can reasonable carry.

>What other (better?) kinds of controls could we implement that address the real problem without inconveniencing passengers?

In the situation when there is a "perceived" risk anybody can trigger release of quickly acting sedating gas in the main cabin. Pilots and stewardesses immediately, passengers after overcoming reasonable checks . By "entering into contract" to fly all passenger would enter into agreement acknowledging the risks. The risk to passengers with medical conditions in the condition of misuse of malfunction would be covered by airlines/manufacturer/government backed/purchased insurance policy. Any misuse by passengers would be handled by long sentencing and loss of property. Unless somebody cares about exploding the airplane without any notice (more damage can be caused much more easily), this would be a reasonable precaution and most people I assume would happily live with the risk that the worse thing that can happen to them will be that they will get a good night sleep all the way to their destination.

Go check out this Web page:

A Pilot on Airline Security
http://hotair.com/archives/2007/07/16/a-pilot-on-airline-security/

Guess what? While they're throwing your baby formula in the trash, the AIRCRAFT ARE TOTALLY UNSECURED ON THE TARMAC!

@Brandioch Conner, re why not post the bank's server details.

I'm comfortable enough they're secure enough that I don't need outsiders "help" in securing us, all they do is muddy the IDS logs. I and my colleagues are paid to secure our network, our jobs are on the line if we screw it up, so we're more motivated than any outsider who isn't seeking to rip us off would be.

Also, the only authorized use of our systems is for their intended purpose, so anyone attempting access to review our security posture is violating the law. I don't want to disclose anything that might help them break the law.

btw, our security posture is peer reviewed, by regulators and outside vendors contracted to do the job, so it's not like we don't get second guessed!

"We also do extensive and very sophisticated Red Team testing, and one of their jobs is to observe checkpoints and go back and figure out -- based on inside knowledge of what we do -- ways to beat the system. They isolate one particular thing: for example, a particular explosive, made and placed in a way that exploits a particular weakness in technology; our procedures; or the way TSOs do things in practice. Then they will test that particular thing over and over until they identify what corrective action is needed."

So the Red Teams do pretty much the same thing that a smart terrorist would: watch the security checkpoint until a weakness was found, then exploit it.

The only difference is that if the Red Team gets a "payload" through, there's no threat of danger to anyone's lives. But if a terrorist does the same...

Why is there all this fuss about aviation security, and hardly any about, for example, train travel? There are *no* security checks at all before boarding a train (fortunately, I might add). Over here in Germany I regularly travel on trains going 300 km/h (about 200 mph) - with a couple of hundred passengers on board. It's impressive when the trains pass each other at relative speeds of 400 mph. Imagine the effects of detonating a 30kg suitcase of explosives just at that precise moment! "BOOM goes the dynamite" ...

> Re Ze German
I think the difference is that the train cannot be flown into a high priority target. It will sounds hard, but collateral damage by loosing few couple hundred people must be taken as a reasonable risk in this era. It is not difficult to kill couple of hundred people with mush less obstacles these days. What is the risk I believe is misusing common objects (e.g. airplanes, trucks) as weapons that cause cause major devastation or disruptions, e.g. deaths of many thousands people, major disruptions in economy, etc. Thats why it would be reasonable planning to place parking garages away of office buildings (in the added benefit of helping loose some weight with walking), loading docks away from high risk production facilities, etc.

Quercus: "This seems a little inconsistent. Can you explain?"

The reason <100% effectiveness is ok on knives and guns and not on liquid explosives is because if you're carrying a knife or gun as a weapon, and you're caught there will be consequences - so it's a dangerous thing to do, but if you're carrying liquid explosives disguised as some innocent liquid, it'll be taken off you, but you won't suffer any consequences - they'll just throw them in the bin and let you through. That's why you can't just keep trying with guns and knives, but you can with liquids.

Also, I want to second the point that others have made - a big part of the danger of airplanes (and almost the only part if security is done well) is the number of people in an enclosed space. If security measures mean that there is a plane sized or more number of unchecked people together, then they're just creating a whole new target, and making the risk worse, not better. I'd like to see KH show that he's considered that.

I too am quite surprised that the bad guys haven't taken out a crowd at a security line. You can literally walk up with a roll-on bag full of whatever you like, and take out hundreds of people. Talk about unintended consequences.

Personally I think the real point of the security checkpoints isn't so much the XRay, etc, as much as that it provides the TSOs (at least, the ones not busy doing the mostly pointless stuff, of which there always seems to be one or two) with a chokepoint at which they can observe each passenger.

But the real thing that's making airline travel safer is, ironically, 9/11. Because now when the terrorists try to take over the plane, they're going to have to kill every man, woman and child over the age of 10 in order to do it, because everyone now knows that if they don't stop them, they're dead anyway.

So the major threat is stuff like bombs, not guns and knives.

Gee, the comments about the colostomy bag, followed by "explosives in a bra" make me wonder how many ounces of fluid are stored within breast implants? Seems like a truly dedicated female (or cross-dressing?) terrorist would opt to have their binary liquid explosive as breast implants, squeeze to mix, then detonate. I imagine that if a binary explosive (like Die Hard 3's) really exists, someone like Pam Anderson could bring down a 747...

Movie script threat?

Gee, the comments about the colostomy bag, followed by "explosives in a bra" make me wonder how many ounces of fluid are stored within breast implants? Seems like a truly dedicated female (or cross-dressing?) terrorist would opt to have their binary liquid explosive as breast implants, squeeze to mix, then detonate. I imagine that if a binary explosive (like Die Hard 3's) really exists, someone like Pa