Schneier on Security
A blog covering security and security technology.
« Change Blindness |
| Quantum Cryptography Cracked »
December 29, 2009
Me and the Christmas Underwear Bomber
I spent a lot of yesterday giving press interviews. Nothing I haven’t said before, but it’s now national news and everyone wants to hear it.
These are the most interesting bits. Rachel Maddow interviewed me last night on her show. Jeffrey Goldberg interviewed me for the Atlantic website. And CNN.com published a rewrite of an older article of mine on terrorism and security.
I've started to call the bizarre new TSA rules "magical thinking": if we somehow protect against the specific tactic of the previous terrorist, we make ourselves safe from the next terrorist.
EDITED TO ADD (12/29): I don’t know about this quote:
"I flew 265,000 miles last year," said Bruce Schneier, a cryptographer and security analyst. "You know what really pisses me off? Making me check my luggage. Not letting me use my laptop, so I can’t work. Taking away my Kindle, so I can’t read. I care about those things. I care about making me safer much, much less."
For the record, I do care about being safer. I just don’t think any of the airplane security measures proposed by the TSA accomplish that.
Posted on December 29, 2009 at 11:17 AM
• 138 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Don't forget clapping! Clapping is very important, too.
There are some profound failures of just plain old common sense here. Two of the people who organized this were released from Gitmo to the Saudi's in 2007. Why? Known innocent people are still IN Gitmo, but suspected (and now confirmed) terrorists were released? By the Bush administration? Why? (If anyone ELSE had done this it would be front-page umbrage news, but of course the complacent corporate media won't press that story.)
This is just plain nuts. Why were these men released? How can we avoid this happening again?
It pains me to see how horribly DHS and TSA have done in communicating to the public.
The fact of the matter was that there was enough robustness into the aviation security system that it forced the adversary to pick an overly complicated plot that failed. It was a successful example of risk mgmt. We don’t need to find every bomb at the checkpoint and we don’t need to make sure every terrorist is on the watchlist. We need to make sure that our layers of security are robust enough that they either deter terrorists from attacking or attempt overly complicated plots that fail. The latter happened here. Who knows how many times the former has happened.
"Two of the people who organized this were released from Gitmo to the Saudi's in 2007."
I could understand protecting against the last attack, it may not be logical, but I could understand it. My problem, is the TSA response has nothing to do with the methods the underwear bomber used. It is not only not logical, it is also stupid.
After the "shoe bomber" we had to remove our shoes at the security checkpoint. Now we have the "underwear bomber". Glad I have no plans to fly for a while...
@Albatross: "Known innocent people are still IN Gitmo, but suspected (and now confirmed) terrorists were released? "
They were "suspected" when released, "confirmed" after they were released.
Everyone there is suspected.
What is your source that "known innocent" people are there? If this is all Bush's fault, and they are "known innocent", why hasn't your boy Obama released them?
@Chellovek, you forgot the Rectum Bomber in Saudi Arabia earlier this year... I'm *really* glad I've got no plans to fly in the near future.
WOW!!! this article was great.....can't we get some of our lawmakers to understand the rationale as to what they think they are doing is not working....I guess not....everyone wants it fixed now no matter what the cost.....
What point in the flight that a terrorist would (try to) blow up a bomb actually does matter. At higher altitudes, the cabin will lose pressure and people could be sucked out of the plane. Over an ocean at high altitude, survivability of anyone inside is a write off - especially in the dead of winter.
At lower altitudes there's still danger, but the atmosphere is not a problem. Getting close to an airport, where there's already emergency personnel and equipment ready, also lessens the chance of casualties.
Therefore, this attack was clearly not designed to kill. It was designed to frighten.
It needs to be borne firmly in mind that a frightened populace is not only in the best interests of the terrorists, but also in the best interests of those who profit by supposedly "protecting" us from terrorists. Every successive failure needs to stop being treated as an excuse for this group of boondogglers to justify their existence.
The only REAL success was that an individual - not even a US citizen! - responded quickly to subdue the attacker. As always, tactical empowerment of the individual trumps any governmental, military or corporate level strategy. Now, think for a moment about how the new rules mandating that no one leaves their seats during a landing will affect future iterations of THAT. The guy is being called a hero but today he wouldn't be allowed to do what he did a few days ago, thanks to the new rules! It only goes to show that there's only one type of security most of DHS and TSA are interested in at all: JOB security.
Another thing that distresses me about this is that it intensifies and "substantiates" calls for the full body scanners. As a 50-something female, I'm not at all thrilled about full body scanners. I don't like going to the beach in a one piece swimsuit. And, as an IT security person, I do not believe for one second that the images are not retained/stored somewhere. That would violate all sorts of logging logic in which you would want to be able to review logs to see when or where you failed to detect a problem. I also don't buy the statement that viewers will be in another room. So what? How many IRS, hospital workers and others trusted with sensitive information have violated that? These people will too.
@Trichinosis USA: "At lower altitudes there's still danger, but the atmosphere is not a problem. Getting close to an airport, where there's already emergency personnel and equipment ready, also lessens the chance of casualties. Therefore, this attack was clearly not designed to kill. It was designed to frighten."
Getting close to the airport would put them over highly populated areas which may serve the dual purpose of killing more people and frightening more people.
@Trichinosis USA: "The only REAL success was that an individual - not even a US citizen! - responded quickly to subdue the attacker. "
I fail to see what difference his nationality made, unless anti-US sentiments drive the issue. He'd be just as dead as anyone else if the attack succeeded, and he's just as much of a hero as he would have been if he were American.
"...if we somehow protect against the specific tactic of the previous terrorist, we make ourselves safe from the next terrorist."
The new rules would have had no effect on the would-be terrorist. They would, however, have prohibited the guy who stopped him from acting.
@Albatross: "One source for "Many Gitmo detainees are innocent," a Republican chief of staff. http://www.cbsnews.com/stories/2009/03/19/terror/...
Which leads me to three points:
2. Why hasn't Obama released them?
3. This is part of why I have such disdain for terrorists. They hide among civilians guaranteeing civilians get hurt. Of course, this turns into good "anti - US" propoganda for them.
To add to points 1 and 2, as I think President Obama is now learning, is that there were many times the past several years that we tried to ship a detainee back to their home country and their country refused to accept them. Of course, I don't know that is makes it an excuse to keep them detained, but it certainly complicates it.
1. and 2. are actually the same answer.
My concern is that so few Gitmo detainees were released under the Bush Administration, that the fact that two of them are recidivist is statistically notable and politically troubling. Why would the Saudi's back the release of these men in particular? Why would the Bush Administration comply? (I mean, aside from the obvious reasons http://tinyurl.com/dxpqcl )
Over and over again since 9/11 the Saudi government has been implicated in terror attacks against the U.S., yet their complicity is soft-pedalled. And there is, once again, no press about this because it would embarrass Republicans, so it's very hard to change policies like these.
You can disdain terrorists as much as you like but the tactic is here to stay so we had best learn to handle it. Blinding ourselves to the realities behind terrorism - such as consistent support for terrorism by Saudi Arabia - because of domestic political partisanship does not advance national security.
As for why Obama behaves as he does, that's another issue and certainly valid. However if one does not wish to be mistaken for a person with racial issues, it's inadvisable to refer to any African American male as "your boy."
@Albatross: "And there is, once again, no press about this because it would embarrass Republicans, so it's very hard to change policies like these."
Well, I have to disagree here. The press never minded embarassing Bush specifically or Republicans in general, and the press was also in the tank for Obama in 2008. That isn't an endorsement of (R) or a criticism of (D), but the press was IMO obviously in Obama's corner.
Nate Silver over at 538 really nailed this:
Over the past decade, according to BTS, there have been 99,320,309 commercial airline departures that either originated or landed within the United States. Dividing by six, we get one terrorist incident per 16,553,385 departures.
He's got a whole bunch more fun numbers in regards to this in his full story:
And Bruce, you should go on Maddow more often. Talk shows need more sanity.
Seems like the mis-quote might originate from the Rachel Maddow interview (about 06:30 in). If so, pretty thoroughly bastardized and horribly interpreted. Doesn't sound like something Bruce would say nor imply.
@Albatross: "However if one does not wish to be mistaken for a person with racial issues, it's inadvisable to refer to any African American male as "your boy.""
To be honest, the thought didn't even enter my mind. His race is completely irrellevant to me.
I have a friend and I always referred to Clinton as "your boy Billy" to him when he'd excoriate someone else for something, but yet gleefully praise all things Clinton when had done the same thing. I've also said the same to a coworker about "your boy McCain", so it was neither partisan nor racial.
I appreciate you pointing that out though. It hadn't crossed my mind, and I'd hate to be discredited over an unfounded accusation of racism.
FWIW, I didn't take a racial implication from "your boy" in that context, Albatross.
As far as Saudi Arabia is concerned, I think Farenheit 9/11 covered that issue quite well...
@Baylink: "FWIW, I didn't take a racial implication from "your boy" in that context"
Thank you. No implication was intended.
@Baylink: "As far as Saudi Arabia is concerned, I think Farenheit 9/11 covered that issue quite well..."
To be honest, anything said in Farenheit 9/11 is suspect to me. In fact, usually the opposite was true. Moore shamed himself.
That said, part of my fear with countries liek Saudi Arabia is they could bring us to our knees because we are so dependant on that region for resources. Same with China. It's a scary thought to be forced to butt kiss to bad people for our own well-being.
The newsies keep harping on the fact that the guy's father reported him to authorities months ago, so how did he not get onto the don't-fly list.
I wonder how many hundreds of thousands of people have been nominated for investigation by relatives, neighbors, colleagues, and enemies?
If we put the TSA in charge of hunting rabbits, they would spend a trillion dollars over ten years, and the only rabbits they would catch would be the ones they bought at a pet store. To hunt rabbits, you have to go where the rabbits are, not wait for them to come to you.
I think it is fantastic that there seems to be an actual debate happening this time around.
The typical calls for "Do something!!" are this time seemingly met with questions of "Hmmmmm?" now.
@Roy: "I wonder how many hundreds of thousands of people have been nominated for investigation by relatives, neighbors, colleagues, and enemies?"
There was a blog post on this very issue. A man was reported as a terrorist by his own father in law. He was unsurprisingly detained and questioned. Upon, believing he was no threat, they just sent him home. Yet, the US was criticized for taking the accusation seriously. http://www.schneier.com/blog/archives/2007/11/...
Flash forward to now, and the US is criticized because they didn't take a warning seriously enough. of course, had they, it may have been the other blog post all over again.
@Roy: "To hunt rabbits, you have to go where the rabbits are, not wait for them to come to you."
That seems the opposite of what is typically posted here about terrorism. Going after them is considered war-mongering. Yet, treating it is a criminal matter is waiting for them to come to you.
@Nick: "I think it is fantastic that there seems to be an actual debate happening this time around.
The typical calls for "Do something!!" are this time seemingly met with questions of "Hmmmmm?" now."
Debate is good. Of course, if there were 3,000 dead rather than one burned terrosist-wannabe, there may be more "do something" calls and fewer questions.
I wouldn't call it "magical thinking" as much as "bumbling, mindless arse-covering" on the part of a TSA bureaucracy that has an unenviable track record of ineptitude. The TSA's entire approach seems to be based on making a big show of putting bigger, fancier locks on the front door of the barn every time a horse runs out the back door. They presumably feel that every time there's an "incident" on a plane, they have to immediately react with some kind of measures that make air travel more difficult and, in effect, punish all travelers for the agency's failure of security.
It doesn't matter what the measures are, whether they're effective, whether they have any logical relation to the (past) threat, or even whether someone of average IQ can recognize that they're utterly illogical and pointless. What matters is that the TSA reacted immediately with measures visible enough to show that they're doing something. That presumably serves to validate the TSA's professed ability to provide effective protection for aviation, and also to reassure the public that it's safe to fly.
What I actually do find reassuring here is that so many people are openly criticizing the TSA and pointing out the very obvious stupidity of the reaction. In the past, people would have rallied around the flag, expressed gratitude for the TSA's rapid response, and begged to sacrifice more liberty and privacy so the TSA could better protect us. But I have yet to see any article that supports the TSA (although I have not looked at the TSA's blog to see their PR flunky's propaganda piece; I stopped reading that blog because it upset me too much). The outpouring of skeptical criticism is indeed reassuring, since it at least gives hope that the TSA's blank check will soon give way to the oversight, accountability, and transparency required of other government agencies that spend our taxpayer dollars.
I've started to call TSA "faux-security". It's a kind of security, in the same way that a fake Gucci bag will carry your cell phone as well as a real one. It's just a problem if you pay a premium price. If the TSA magical thinking was used to inexpensively mollify the uneducated public while the real money went to the right thing, I could be 100% behind it. Alas, that's not what we have.
I'm glad they're (finally) listening to you!
I just wish the TSA would pay some attention. Maybe what we all really need to think about is some way to merge (harmless) Security Theater with real security?
If Obama wasn't on vacation, maybe he could give a good "Indomitable" speech, they could use this event as a reason to review ALL TSA policies, and they could finally hire more air marshals and other men with guns, then walk back most of the stupid restrictions on water and whatnot? That's more what I'd like to see. I voted for the guy, but I'm disappointed with his response. I'd like to see him doing something more worthwhile with his speaking skills during a situation like this...
We have one of those full-body scanners at the airport I use (BWI). The person looking at the pictures is indeed in another room, talking to the TSA person at the machine via radio. This is not a good thing, because when the viewer has a question, they ask the machine minder, who asks you and listens to your answer, and says something into the radio. It takes 2-3 tries to figure out a problem. My wallet, which is in my back pant's pocket, seems to be hard for them to figure out. OK, one could say I have too much stuff in it, but I just can't see widespread deployment of a machine that can't tell a wallet from a bomb. That's not technology that's ready for prime time.
People with wallets are pretty common and apparently make an excellent denial-of-service attack against these machines.
The fact that it is the US federal government exercising oversight on airline (and homeland) security that scares me more than the prospect of jumping armed terrorists on my next flight.
"I'd like to see him doing something more worthwhile with his speaking skills during a situation like this..."
The people who write for his teleprompter haven't a clue, either.
Americans are at war, but it's more of a cultural and economic war, not a national war. 9/11 is blowback for our foreign policies.
Until we understand why foreigners cheered when the Twin Towers came down, and terrorists are broadly supported by other countries, we won't understand why the war is happening.
Focusing on security is a secondary concern, and actually misleading. The real matter is understanding what's going on in the first place.
@HJohn: The hyper-patriotism of the US in the wake of 9/11 which engendered this kneejerk thinking and fascist, insular mentality (I mean, come on now - "Homeland" security?) serves no useful purpose whatsoever. That the person who stopped the attacker was not a US citizen is EXACTLY the point.
@Hjohn: Pilots are trained to deal with emergency navigation during landing, to include aiming the plane toward highways or water which will minimize casualties. The recent aborted takeoff in NYC where the pilot had to land in the Hudson illustrated this. And a pilot who does not have to deal with the impact caused by loss of pressure in the cabin is less likely to lose control of the aircraft.
An incident happening during landing is even less dangerous than takeoff, because the plane is slowing down, not accelerating. All passengers and crew are bracing for impact, passengers are strapped down in their seats and there are numerous factors in place both within and outside the plane in case something goes wrong.
There really is no safe time for an explosion to occur aboard an aircraft, but if a person had to pick a time that there would be MINIMAL danger, "the final minutes of the flight" would be it.
One thing I haven't seen yet in the streams of comments on this topic ...
Why is the TSA doing anything? He didn't board in the US. No amount of scanning equipment, strip searching, or psychological flogging of passengers at a US airport is going to detect a terrorist who boarded abroad. Who says the TSA's system failed - he didn't go through it!
Or has the TSA suddenly gone international?
@ Trichinosis USA
"...empowerment of the individual trumps any governmental, military or corporate level strategy"
Oh, I'm sure we can privatize a "Boxer Bomber Basher" program. Corporations pay bonuses to those who prevent activation of their BCM plan; not just the hero's employer, every corporation with personnel on the flight. The airlines award platinum club status to passengers who prevent the destruction of one of their aircraft. Insurance companies grant bounties for preventing large claims pay outs. There could be promotional tie-ins with Nike, Gatorade, EA, and Accenture. Reality television anyone? Survivor dis!
Why is the TSA doing anything? He didn't board in the US. No amount of scanning equipment, strip searching, or psychological flogging of passengers at a US airport is going to detect a terrorist who boarded abroad. Who says the TSA's system failed - he didn't go through it!
Mr. "Pants-on-fire" passed the security check at the departure gate at Amsterdam airport, that was done according to US government (TSA) instructions. The metal detector does not test on explosives carried on the body, they will pass. (In Amsterdam just as well as in Washington, San Francisco or New York.) I recall that Bruce mentioned this security gap a few years ago against (then TSA-director) Kip. (Yes, I've passed the checks in Amsterdam several times and, from my observations, they are at least as stringent as those on US airports.)
@Trichonisis USA "the cabin will lose pressure and people could be sucked out of the plane"
Yes and no.
Yes the cabin will lose pressure. But it's not the pressure keeping people in their seats....the differential isn't enough to overcome hundreds of pounds of inertia.
Check out this mythbusters test http://www.youtube.com/watch?v=Fi1_1l7M8FA
It ain't goldfinger
As a 50 year old woman, I don't think you should be concerned that anyone would find your body scanner pictures the least bit interesting.
Personally, I'm much more annoyed by the need to take my shoes and belt off, and to dispose of unapproved liquids (including fine wine) than a logged picture on some computer showing a pale white outline of my private parts.
This is very much cultural -- in some cultures, seeing female's hair or bare shoulders is deeply shameful, in others, genitals and bodily functions are not considered a taboo (even if sex itself is).
We do need to grow up.
@Hjohn "why hasn't your boy Obama released them? "
He has some. THe others? For the same Reason the Bush administration couldn't. For some reason other nations don't want the others back and there are others that if returned will be jailed and tortured.
Hmmmm every politician should be made to take a course in Uncle Remus their freshman year.
@Bruce "Me and the Christmas Underwear Bomber"
Is this the kinda thing you ever forsaw yourself writing 'bout yourself?
"Or has the TSA suddenly gone international?"
The USA bullies foreign nations into complying with their inept policies. Foreign airlines that don't comply cannot bring passengers into the US.
Not that it is necessarily a bad thing for an airline to refuse to fly into the US, but there are actually people with business engagements in the US who cannot choose not to fly.
Maybe the "terrorists" released from Gitmo became that during their incarceration and torture or afterwards? Maybe....
But of course we don't want to hear that our policies and actions are creating terrorists faster than we can catch them.
@mcb: I am sure that if the hero was conveniently American and, even better, a member of the military or law enforcement communities, the hype would be as inescapable as the fiction created around Pat Tillman's death and Jessica Lynch's rescue. However, there are two problems with giving him even the credit he is due. The first is that encouraging ordinary citizens to defend themselves is the LAST thing these agencies want - it puts them out of a job, after all! The second is that he's not a representative of the American military/industrial complex uberclass whom we have been conditioned to think are the only heroes in the universe.
The President might do something nice for the guy because, well, he's cool like that. But the right wing hero hype machine will pass on the Dutchie because he's a little too much on the left hand side. ;-7
@Phil: Maybe the "terrorists" released from Gitmo became that during their incarceration and torture...
I called Gitmo "the Guantanamo Bay Academy" (comparable to http://en.wikipedia.org/wiki/Robbeneiland ). Random imprisonment does open someone's mind to ideas unfavourable to ones capturer. Being in the company of "established" anti-Americans almost ensures education.
"But of course we don't want to hear that our policies and actions are creating terrorists faster than we can catch them."
I love to rub it in... Will repeat the favour at another appropriate time.
@barb I agree with you 100% about the invasiveness of the full-body imaging. What concerns me now is that probably the option to refuse the scan and get a "pat down" instead will be over because a pat down is less thorough in the area the bomber used. Just weeks ago I exercised that option at DCA which has the machines. The TSA guy was quite ok about not doing the scan, though it was kind of odd to have him shout "refusal!" a couple of times in order to alert a female TSA agent to come do the frisk. I really hope the "opt out" possibility is preserved even if it means a much more intrusive pat down.
I also agree the TSA is lying when it says the images are not stored.
@crocodile Your admonition to "grow up" might be better applied to your opening remark to barb.
Do you really care about being safer? Sitting on a plane is probably the safest thing you do all week.
Are you familiar with the theory of threat rigidity, and if so, do you think there is some element of that at play in the manner by which the Gov't responds to these situations?
The quote that struck me was,
“The biggest problem is how many U.S. citizens expect a risk-free country,”
For anyone who values personal freedom, I can conceive no greater nightmare than to be the citizen of a risk-free country.
(Forgot to add:)
Fortunately there can be no such thing.
@BF Skinner: re "For some reason other nations don't want the others back"...
It's not just other nations. Imagine the outcry in Congress and from the talk shows and pundits if any of the innocent ones were to be released in the USA. Too much time has passed in an atmosphere of fear, so the lack of speedy trials, unbiased courts, habeas corpus, and due process has created not just a a no-win situation, but a no-resolution situation -- for the prisoners, whether guilty or innocent, and for the current administration.
@Albatross Why would you assume that an innocent person held in legal limbo for years, subject to the conditions in Gitmo would remain "innocent" after release? Did released prisoners from the Gulag come home humming the Soviet national anthem?
It isn't much of a leap for such an individual to come to the conclusion that their former captors are representatives of an evil state that should be stopped.
I really, really hope that some of these new rules being proposed are an attempt by the TSA to get the public to say "ENOUGH!" so they can back off without fear of being blamed when something goes wrong. If it isn't that, then we're all toast.
IMO, the dynamic here is counterproductive, as, unfortunately, is the outcome of many recent political discussions, State-side.
First, after (even) a failed terrorist attack, political folk who feel disenfranchised wag a finger uttering remarks about "weak security".
(Incidently, I find it hilarious that al-Queda find themselves so desperate for material they *have* to take "credit" for a failed attack.)
Second, a thereby balkanized administration -- put there not only by their political opposition but by IMO the wooses of an American public -- begins to claim things as goals which are very difficult, to wit:
"'It now appears that weeks ago this information was passed to a component of our intelligence community but was not effectively distributed so as to get the suspect’s name on a no-fly list,' Mr. Obama said of the father’s warning. 'There appears to be other deficiencies as well. Even without this one report, there were bits of information available within the intelligence community that could have and should have been pieced together.'"
Yeah, sure. It could have. But does anyone have *any* idea how many false alarms and *intrusions* such a system would generate? Yes, as Mr Schneier has repeatedly pointed out, such a system could be put in place, but the collective annoyance and disruption would cripple the air transport system -- or any other system to which it was applied.
The facts are, people need to learn about risk, and think about it in a quantitative way. Any system detecting terrorists with the confidence sought will necessarily "find" many innocent candidates it will initially think are risks, for no other reason that the number of innocent candidates vastly outnumber the number of terrorists.
To fix this demands that the effectiveness of classification and collection be made much higher, and, at least publically, Americans seem not willing to give up the privacy safeguards they want in order to support this.
Thus, we are at an impasse.
But it would be helpful if at least people spoke about reality, rather than engaging in religious political posturing, or making promises that cannot be realistically kept without people giving up other things they say they don't want to give up.
I say, with Mr Schneier, put risk of casualty from terrorist attack in perspective, and fear your automobile, not some nutcase from Yemen or Nigeria.
It's already going round the blogs, but I think the original is on plunderbund: http://www.plunderbund.com/2009/12/29/...
"In fact, there is a growing tinge of mockery of this terrorist for toasting his testicles. This dude who can’t light a fuse is gonna raise the terror threat level to orange? Please. It strikes me as practically British – laughing at the Nazis all the way to the rubble pile in the East End. We’re laughing at Al Qaeda, for the first time, in unison, as a country. Think about that."
As usual, Mr. Schneier is absolutely dead-nuts-on with his analysis. Thank you for being a public voice of reason when so many that rush to the cameras have no training or thoughtful ideas.
My only objection has been that he seems to give Democratic administrations a free pass while railing against the Bush Administration. Let's be fair, NEITHER side is approaching these problems from a common sense perspective, and President Obama deserves the same criticism that was rightfully directed against his predecessor. Hope and change? No and nope.
Flying: Landing and take-off are where you do NOT want a problem. You're too close to the ground, and too close to stall speed. There's no room to recover.
TSA: Hmm. I've heard something about banning bathroom visits the first and/or last hour of a flight. That coupled with the rotavirus that's currently going around should make things "interesting"! Or when traveling with kids that "have to go right now". Watch out for the wet seat when you board folks! To say nothing of changing a messy baby after a poop overflow!
Images: Would it be too much to ask that images of the TSA leaders behind this nonsense be published in Hustler Magazine?
Released from Gitmo!!
Should we really be suprised that a couple of guys (innocent before this or not) committed an criminal act against the country that ignored their human rights, imprisoned and very likely tortured them and their countrymen.
As ye sow, so shall ye reap,...
I'm a woman and I would not object to a full body scan. How would it hurt me? As far as I can see, the result is just a disembodied outline.
Has anybody noticed that if the would-be bomber had succeeded, the plane would exploded over southern Ontario? That's in Canada, folks.
And the airport most affected by all these rules was Pearson, near Toronto, where absolute chaos reigned. Canadians go to the U.S. by the hundreds of thousands and, as far as I know, none of them have been terrorists.
Anyone ever consider that it's possible sitting in Gitmo galvanized their Al Qaeda sympathies? I mean, if I were imprisoned without a trial for several years based on limited evidence, I'd want to blow up the country that imprisoned me too.
Just once I'd like for us to try being kind to the ones we aren't sure of. It's really hard to want to blow yourself up to kill people who give you food, water, and a smile. There's a reason we gave the Germans Hershey's Kisses post-WWII, and the elderly there still remember exactly what Kisses look like.
Next in this thread: The Valentine's Day Suppository Bomber !
I'm not looking forward to pseudorandom searches for RFBs.
What I don't understand, fellow security mavens, is how a fellow with an Arabic name:
1. Buys a one-way ticket
2. With cash
3. And without luggage
And that doesn't set alarm bells ringing to trigger a close search of the individual and whatever he's carrying???
Would such a thing have ever happened with a boarding at Ben Gurion Airport in Israel? Think so?
> ... the fact that two of them are recidivist is statistically notable ...
The fact that you *assume* their post-release behavior is "recidivist" rather than merely a reaction to being in Gitmo and their treatment there is also notable. But not statistically so.
Think about it.
Gitmo - it was obvious to anybody with two brain cells to rub together that Gitmo would cause political problems for years.
Body scanners - expensive toys that will only ever appear in major airports. I also expect that the images of "celebrities" will rapidly find their way onto YouTube and the rest of the media.
Detecting bombers - The US requires that the name, address etc of all passengers on flights to or over the US be provided before the flight takes off. The guy was already on the UK No Entry list, his father had already warned the US embassy in Nigeria. He used bought a one-way ticket for cash and had no luggage. Alarm bells should have been ringing.
I was not surprised at the attempt; I do wonder if this was a lucky first attempt - suicide bombers don't get much practise. I would expect a history of probes of the security on the route.
"but the press was IMO obviously in Obama's corner."
As a vaguly disinterested observer at the time (we where to busy trying to wipe Blair out of our memories in the UK) I don't think the press had realy that much of a choice...
The Democrats amongst others have been subject to ill founded character assasination attempts over the years usually seen by those out side of the USA as being Republican originated (if true or not does not matter it's what people see).
Again from the outside observers perspective the Presedential candidates fielded this time around by the Republicans appeared to be the equivalent of early Russian Animal astranouts.
That is blasted off into the unknown wilderness with no plans in place for recovery, thus sent out to a known ignominous and unplesant demise, whilst later being touted as "heros of the people".
It used to be considered the "right thing" to do by the press not to publish pictures of accident fatalities and those unfortunates deamed too injured to survive, just the pictures of those who where likley to survive or had been "heros of the moment".
The general news that made it to Europe came from a very deffinate impression that the majority of Americans regarded the Republican candidates as "Headless Chickens running around and Flapping before the inevitable end".
The truth I suspect was as normal somewhat different. But again the European view is it's "Bush's war that he's dragged the rest of the Europe into due to his "lick spittle pupet Blair". Who just after becoming an envoy for the Middle East declaired his conversion to Catholasisum (Catholics appear to be the one thing that Jews and Musllims agree on they both don't like them).
I guess the press in various places just decided to get a bit of their old fashioned values back...
Oh and what has Blair done as a Middle East Envoy... Can anybody say...
The Europeans just sunk his boat by making it absolutly clear he is person non-grata in Europe especial as it's political figure head.
Oh and just by coincidence he has just recently been getting a kicking over his abuse of the public purse for his and his wife's own private jollies and business activities (what he has actualy been doing instead of Envoy activities).
I guess the worms have turned under the heal and bitten the toe a bit.
My son and his wife came home for Christmas and went home (NYC) on a commercial flight on Dec 26th from Boston. He received one of those new style kitchen knives that are colored as a gift and packed it in his carry-on luggage. It was not until he got home and unpacked did he realize what he had done and that it had not been detected by airport security. The knife is quite large.
@ Richard Schwartz "It's not just other nations. Imagine the outcry "
Yeah I did leave that out of my response; mostly 'cause I believed Hjohn is not a yank. Blog comments don't lend themselves to nuanced, thoughtful discussions do they?
We are xenophobic and it's not just the innocent is it? Congress refused to allocate any money to the administration to bring the guilty into the US either. Apparently, goes the reasoning, if we bring them into the US we'll just let them out of jail free to walk around the streets. Our prisons won't be able to hold these guys, even though we've easily incarcerated other terrorists, and a guy who ate other people's brains.
Why they must be demons to have such power.
My personal belief is that there is a decided faction of US who want the detainees deliberately kept beyond any lawful constraint (which was Cheney's intent).
After 9/11 and during the wars and even two weeks ago many have said to me..."Why bring them back at all? Me if I captured them on the field and they were tied up, no trial-- I'd shoot them." While this is blind anger talking - we do lash out when mad.
Someone above said we need to grow up. Yes indeed.
I'll never be able to wear my Christmas underwear again. *sigh*
On a serious note. At what point do the people just say enough? I refuse to buy a new car for example. I know it doesn't really make any difference. I wish I could give the gov the finger on taxes, etc. These guys would be in jail if they were you or I. Graft, corruption, etc. I do not fly unless there is absolutely no other choice. I have taken two flights in 5 years for business. I will gladly drive. If I have to go to california that's going to be tough. So far midwest and east coast.
funny. We will get on plane naked, spread cheeks. If you think overweight women with muffin tops or spandex was offensive, wait until you see what is coming. middleaged naked women? Men will also be unable to lie or say "but it's cold!!". get out the rulers that would end this madness real fast.
Yes I do not look like an actor either. above is meant in humor. I may want to loose that pesky 25 lbs. :)
@robert: I have always been proud of the Marshall plan and how it helped rebuild Europe (both sides) after WWII. And how the Berlin Airlift changed an occupied enemy country into a strong ally almost overnight (not to mention the technical challenge - really cool). Contrast that to the post WWI thinking "pick one of the losers, blame them for everything and make sure their economy can never recover" - perfect way to guarantee we pick up a decade or so later exactly where we left off.
@Clive: I travel occasionally in Europe, primarily Germany and it seems like whenever I saw Bush in the media there he was wearing a cowboy hat; the implication being he always does, and by extension is a cowboy. I do not believe I have ever seen him wearing one in the media here, with the possible exception of once when he was on vacation at his ranch. The impression you get is what the media wants you to get. Same thing with Gerald Ford (US Pres 1974-1976, the only POTUS never elected to either the presidency OR the vice presidency having been an appointment to replace a departing VP and then taken the office when Nixon resigned) - to see him in the media perpetually falling and crashing into stuff you wonder how he lived through the day.
Within the US, on a number line from -1.0 (Extreme Liberal) to +1.0 (Extreme Conservative) the average US media is probably -0.27 and intentionally spins their "news" reporting to support that political viewpoint. The only major outlet that is "conservative" is Fox News which is probably +0.13 on my above scale. And since they are the only outlet on the conservative side of the scale, they have a lock on that portion of the population leaving the other 4 (CBS, NBC, ABC, CNN) to split the liberals among themselves. Accordingly Fox has the highest market share, because they have a captive audience. The recently "elected" Senator Al Franken attempted to create yet another liberal channel several years ago only to fail miserably, because why would someone spend money on advertising with a liberal startup when there were already 4 existing ones that had guaranteed market share.
Mr Schneier is quoted in the NY Times as saying, "“If we use full-body scanning, they’re going to do something else.”
Well, duh! That is always the case. By extension, we should dismantle ALL security apparatus and passively accept the occasional 9/11 disaster, since NO security system can be perfect. (But, as an aside, it can be very close to perfection. El Al has never been hijacked . . .)
Yes, law enforcement and criminal behavior are in a constant state of escalation and competitive innovation. That is not a sensible reason to discontinue the former and let the latter previal
If they implement full body scanning or search every inch of us, strap us to our seats and not let us do a damn thing guess what?
Here is a lil story that could happen:
imagine hundreds of terrorists all over the country instantaneously blowing up aircraft! They dont even need to board the plane, they can just have luggage shipped! Seriously, I've taken everything from apples to desktop pc's on a plane, they will find a way. But look, were so distracted with airplanes... something else is going to happen... Think about it. The whole point in this recent underwear bomber is to prove the point that no matter how hard we try we arent going to stop attacks from happening.
If there is will there is a way. I know allot of us here could think of plenty of ways to evade airport security or all forms of security measures, I know kids who play video games who could stage such a horrible attack. Uh oh there is another idea that came to mind? Imagine terrorists using our own children as a target or means to terrorize us? Honestly the ideas are endless, were distracted and thats what they want, as were distracted with airplanes and security they're going to be everywhere security isnt. Security and control is an illusion.
"Anyone ever consider that it's possible sitting in Gitmo galvanized their Al Qaeda sympathies?"
"Just once I'd like for us to try being kind to the ones we aren't sure of."
It isn't even about being "kind".
It's about being "professional". The prisoners should not be allowed to communicate with each other. Particularly if they may have information that you want. Then they shouldn't even be able to see each other.
At Guantanamo, the prisoners are held in groups. This allows them to collaborate on cover stories and share contact information and to convert other prisoners.
Even if they themselves do not fight against us, they encourage others with their stories of their treatment and the messages given to them by other prisoners.
I think this kind of attack is made rare less by inspecting shoes than by the fact that it's not easy to find a doofus who's willing to try to blow himself up and take down a plane with only two or three ounces of PETN.
The crotch bomber studied engineering and used the Internet. Even a cursory search on Google would have identified a number of cases in which airliners survived explosive hull breaches at cruising altitude. For example, on TWA Flight 840, on 2 April 1986, an estimated pound of plastique exploded under a seat on the Boeing 727, killing four, injuring five, and initiating a rapid decompression of the cabin. The jet landed safely. Knowing that, why would any suicide bomber who was determined to bring down the plane settle for so little explosive on so large an airplane?
Count me among those who wonder whether this incident was intended not to bring down the airliner but to scare the bejesus out of the public and provoke the TSA into requiring more mindless "security" measures. If that was the real objective, it was attained.
I doubt many here are fans of WorldNetDaily. But their CEO made a statement about the Department of Homeland Security today that I agree with, and many on the other side of the aisle would probably agree with too (although for different reasons):
"And it's time to rethink the whole notion of a giant, unaccountable and incompetent bureaucracy known as the Department of Homeland Security that is accomplishing nothing of any value – certainly not $50 billion worth."
@Robert:"Anyone ever consider that it's possible sitting in Gitmo galvanized their Al Qaeda sympathies?"
Have you considered that 9/11 planning preceded the Bush administration, and 9/11, Daniel Pearl, Nick Berg, the U.S.S Cole, embasy bombings, etc., all preceded the war on terror, Abu Graib, Gitmo, the Iraq war, and the Hussein execution?
Our country is not perfect, no doubt, but when one considers the timelines, no one with a straight face could possibly say that we caused this terrorism. One could argue it is made worse, but that too is a stretch considering the worst terrorist attack ever preceded everything we supposedly did to cause it.
Another example of Obama having the chance to step up to the plate and be a different kind of leader/thinker...and another strike out.
If the TSA forces people to go through body scanners then people need to not fly and bring the industry down. They can't operate without income. New companies will emerge and less restrictive measures will come back. The TSA pervs want to see all the hot naked females in their scanners. It has nothing to do with safety. Explosive concerns? More bomb-dogs. Weapons? Metal detectors. People acting suspicious? Watch for them and their body cues with special trained personnel. Let old women and children alone. Our water is not your enemy. This is all about money, power, and control.
A time must come for boycotts to bring sensible thought to security.
@Delta_Zulu: "Let old women and children alone. "
What about old men?
Seriously, as ridiculous as it sounds, old women (and men) and children need screened to. Provide an exception for them, and they'll be exploited or tricked by someone else. Osama breezes through security after he convinced a kid that he's santa claus and gave them a nice new toy or stashed something on a 90 year old. He reacquires the goods after takeoff.
Now, that is not a defense of stupid security tactics, but you can't exclude someone from screening.
I agree with a boycott.
If security theater is supposed to make you feel safe so you will fly, the they REALLY want you to fly. That keeps the money flowing. Look how hard they are trying to keep you flying...it's for a reason. $$$$$$$$
Let's just stop for a while.
Bruce is referenced blind in Slate today:
>Another privacy advocate tells the Times: "If there are a hundred tactics and I protect against two of them, I'm not making you safer. If we use full-body scanning, they're going to do something else."
William Saletan is now apparently a security expert.
Boycott: A lot of us, an awful lot of us, are already actively boycotting air travel! We're fed up with the invasive/ineffective security and being nickel & dimed to death by our horrid air service.
Unfortunately, the powers-that-be seem to be misinterpreting this. (Perhaps intentionally to cover their own ass in board meetings.) They seem to think we are not flying due to terrorist phobias. It's classic positive feedback. The more they try to help, the worse things get and the more folks abandon air travel.
Even more regrettably, folks are replacing air travel with driving. We lose something like 42,000+ lives a year on our roads. Your safer with the terrorists on a plane...
February 26, 1993
Why no one else caught that, I'm not going to speculate.
Well, I guess it's time to just not fly any more. The innocent, law abiding citizens of this country are being treated like criminals while the potential criminals are skating right through. When enough people get fed up with all the hassle, the airline industry will lose business and hopefully put pressure on TSA, etc., to start some common sense actions to protect the traveling public and still treat them like citizens. As for me, I'm done flying--from now on, I drive everywhere or take the train.
If the goal of the bombing was to create terror then they succeeded without even having to complete the bombing. Everyone is talking about it, running around screaming about bad security, trying to figure out how to remove even more of our privacy and liberty.
Reminds me of a quote from the excellent movie "The Siege":
"What if what they really want is for us to herd our children into stadiums like we're doing? And put soldiers on the street and have Americans looking over their shoulders? Bend the law, shred the Constitution just a little bit?"
It's unfortunate that the only thing any of us can do about the TSA is to refuse to fly. Congress is too terrified to hold the TSA accountable or impose any oversight, so writing our Congresscritters does no good. And the TSA certainly doesn't care what we think of them. So I wonder how many people decided that the TSA's latest public display of boneheaded incompetence was the last straw, and would henceforth avoid flying?
If it were possible to do a cost-benefit analysis, how many injuries and deaths have already resulted from TSA hassles leading people to drive rather than fly, compared with the number of injuries and deaths the TSA hassles have prevented? (Note to TSA: Interception of drugs, cash, and fake military jackets does NOT count as a prevented injury or death.)
Of course, cost-benefit analysis is impossible when it comes to Homeland Security. The necessary information is classified for "National Security reasons." So we'll just have to trust the TSA when they tell us that everything they do is necessary and effective.
Replace "magical thinking" with "infantile thinking" if you want to stop the big babies from having their way.
I enjoy theater though hopefully not so much as to get myself arrested next time I'm asked for my shoes at a security check and insisting on also providing my underwear.
But the CNN interview/essay is brilliant (thanks for it)... also depressing 'cause we now seem to live in a world where granting authority and autonomy to individuals and relying on their responsibility, diligence, creativity, awareness (all those celebrated human virtues) is widely understood to be unacceptable risk (by all sorts of management of all sorts of systems).
What really bothers me is that complying to security measures (effective or idiotic) in airports is a sine qua non condition to board a plane.
Given you can't really quantify the effectiveness of any of the measures (how many shoe bombers have we caught since we were asked to have our shoes scaned ?), it leads to the "flavor of the day" approach with no counter weight to bring a bit of sanity in the process.
Another point of interest to this story is the "real" usefulness of the "no fly list" and of scanning our bottles of liquid.
Hopefully, someone in charge will realize this but I fear the answer will be "let's make a bigger list" and "remove all liquids prior to boarding".
@Canuck: "Given you can't really quantify the effectiveness of any of the measures (how many shoe bombers have we caught since we were asked to have our shoes scaned ?)
For the record, I'm against the shoe scanning policy.
That said, however, you can't judge the effectiveness of a policy by how many people you catch with it. It doesn't measure how many people don't try because of the policy.
A good example of this are metal detectors... you can go years without smuggling a gun, but you remove the detectors and it wouldn't be a day before someone tried to get one through.
I repeat, taking shoes off is a waste, but that can't be measured by how many people don't do a specific tactic that they know is screened against.
"Given you can't really quantify the effectiveness of any of the measures (how many shoe bombers have we caught since we were asked to have our shoes scaned ?), it leads to the "flavor of the day" approach with no counter weight to bring a bit of sanity in the process."
I agree. That's exactly what Bruce means by "security theatre" (which so many people don't understand).
The reaction is overly refined to a specific attack. If you search shoes, the explosive will be sewn into underpants.
A shame so many people cannot understand that basic concept.
I think you're making my point: given we cannot state the effectiveness of a measure, who is to decide if the measure is really needed to begin with or should be kept ?
Who will offset the paranoïa leading to these measures that don't bring us any additional security and is mainly a reaction to fear ?
Given havoc is the ultimate goal of a terrorist attack, I suggest that our irrational response is acheiving what the undewear bomber failed to reach.
Less travelers, an industry on the verge of nose diving again, etc will not lead to better security.
@Canuck: 'I think you're making my point: given we cannot state the effectiveness of a measure, who is to decide if the measure is really needed to begin with or should be kept ? '
I think we're more in agreement than you may think. I think the shoe thing is theatre as well, I'm not defending it. I'm saying it's tough to measure detterent value. We never catch anyone with a gun, but that doesn't mean metal detectors are not effective.
My point really is that if we want to prove that removing shoes is ineffective -- and it is ineffective -- saying someone has never been caught with it does not do the trick (due to the same deterent value we see with metal detectors). The reason it is theatre is because it is a rare threat and distracts from better measures. (If it were more common like guns, taking off shoes would make sense.)
But yes, I agree it is theatre.
Happy New Year.
Perhaps there is a little hope from this event. Mr. Abdulmutallab will not be attended by 72 virgins anywhere in the near future; he can expect to have a dreadful time in a high-security prison for half a century or more. And even after that the virgins won't be there for him.
Maybe this will act as a deterrent to those who want to follow his lead.
@Bruce: "I've started to call the bizarre new TSA rules "magical thinking": if we somehow protect against the specific tactic of the previous terrorist, we make ourselves safe from the next terrorist."
So I'm no fan of the TSA, but let me play devil's advocate for a moment.
Imagine N operatives being training in and supplied for a particular attack, and then sent out to perform N attacks at roughly the same time (think about 9/11 with N=4). Since the operatives are very hard to re-train or re-supply once they have got out into the field, it is very hard to change the attack once the operatives go out.
Seems like 9/11 was an example of this with four identical attacks done in tandem on four different planes, and TSA is convinced a repeat of this general strategy of identical attacks is a real threat.
Not sure I buy it, but it's the best rationalization (besides pure theater) I can think of for TSA's actions.
the more I read about this technology, the more I think it would've been a very good deterrent for this bomber (and the liquid bombers from London etc.) than the millimeter-wave see-through-clothes-and-rip-morale stuff.
(especially the claim for detecting it inside shoes...)
/me wants to try an 1st class "terrorist attack" one day....
@ Canuck, Brandioch Conner, Hjohn,
"... given we cannot state the effectiveness of a measure"
We can (but not in the way you are thinking),
We know from past experiance in both natural and manmade treats, highly specific countermeasures only work against a very narrow class of threat.
Thus we can say without fear that inspecting shoes is only effective against shoe based attacks.
We can also say (with less certainty) for the same reasons that broad measures cover against considerably greater classes of threat (but not all classes of threat).
Thus we can say that scanning for certain chemicals will rule out a large number (but not all) types of explosive hidden in most (but not all) parts of human apparal.
I'm ignoring false positives as these can be dealt with in other ways.
This Broad -v- Specific is what we have with "fire escape drills" they work not just for fires but other types of threat such as bombs and biolocgical and nuke weapons including a number of other threats we have not yet seen or imagined.
"... who is to decide if the measure is really needed to begin with or should be kept?"
The simple answer is the person who can best analyse the cost.
With natural threats you can make rational calculations on where to spend your dollar.
Unfortunatly with human adverseries you cannot make rational calculations simply because they are very rare events that are dynamicaly adaptive against you.
We see from defense spending the only thing you know for certain is when you have not spent enough in the right places (you get attacked).
So my vote would be on broad measures not narrow specific measures.
As for the false positives, they might be anoying for the individual, but, actually they are the one bit of security theartr most people would respect.
We don't like traffic cops pulling us over to inspect for "road safety" but we like to see the inspections happening to others because it makes us feel that road safety is being addressed as a problem.
The cops also quickly develop an impersonal and matter of fact style and get the job done as quickly as possible for those that help them. Those that hinder slow the process for both them and the cops so in the end it is self defeating.
It's not and ideal process but importantly seeing people getting pulled over for further more detailed inspection adds one heck of a lot of uncertainty into any terrorist plan.
You could argue (but I'm not going to) that false positives help take the search process from purely determanistic to semi-random and thus adds some of the advantages of random testing.
> "(Incidently, I find it hilarious that al-Queda find themselves so desperate for material they *have* to take "credit" for a failed attack.)"
It didn't totally fail. It has managed to have a negative impact on every American that flies (both domestically and overseas.) It has enabled the government to take a little more control over the daily activities of its citizenry in the name of security.
Good to watch your Rachel Maddow interview. I emailed Rachel soon after her show began, suggesting she interview you. It has taken a loooong time. Maybe you'll be a regular subject matter expert. I'd suggest the Predator Drone video topic. ;-)
Here we go....
Security theater. The unspeakable. Female potential threat. Tampon found with compartmentalized powder that may be explosive. Person claims to be diabetic and has injector device. Asked flight attendant permission to use facilities.
The rest is history.
Female passengers please form a line on the left.
It was a bit startling, but quite a kick, to see on Rachel Madow (I'm a faithful watcher & big fan) someone I've had dinner with and hung out with. That's never happened before! It was good to see you. Hope you & yours have had good holidays.
I flew back to London from Japan yesterday, having spent the Christmas period on holiday with my family. Looking to the next gate at Narita and seeing the slow line of people being re-screened prior to boarding for Washington was the shape of things to come, I guess.
The problem here is one of risk economics and public perception. A 9/11, air and ground casualties, once a year would make air travel as dangerous as the roads. For us Brits, a 7/7 every _week_ would have a similar impact for rail travel.
If you wanted to spend a massive amount of money on preventing transportation-related deaths, there's a whole stack of road safety measures that would save many more lives, both of people in cars and bystanders, than reducing the low risks of aviation terrorism yet further. Yes, the worst cases for aviation are bad (9/11, again, or some hypothetical whacking of a loaded 747-400 into the London Olympics on 100m final day) but the steady drum-beat of daily deaths always catches up in the long run.
Even once you've decided that because of symbolism and public concerns you're going to spend more money to prevent aviation deaths than road deaths, and dealt with the problem of the cost transfer forcing people out of (safe) aircraft into (dangerous) cars (we saw this in the UK after high-profile rail accidents), you need to face reality. And that reality is going to involve profiling to an extent that many democracies are going to have a problem with.
In a way, the instant case is easy: the bomber isn't a citizen of any country involved in the attack. But consider 7/7: all these people were not just British citizens but (if I recall correctly) British-born to parents who were likewise British citizens. Profiling on skin colour, name or religion is a real problem and can lead to serious abuses.
It's a massive problem.
There is a common thread here.
If everyone on an airplane wants to arrive safely at their destination, that will occur.
So no matter what nefarious items may be present, no terrorist attack will happen.
Keep the terrorist off the aircraft, no terrorist event will occur.
And NOBODY has commented?
We now know for terrorists...briefs!
There's a characteristic for all the pro profilers out here.
Just finished the Maddow's interview
Bruce you were sitting with your back to a window! tsk tsk
She's a hardcore blog reader! What sig does she post under??
"Keep the terrorist off the aircraft, no terrorist event will occur."
I simply don't understand this reasoning. There are a gazillion potential terrorist targets that are not airplanes. Will terrorists say: "Wow, it's hard to get on an airplane; I'll go get a real job instead"? Does anyone think that they'll be safer by forcing the terrorists to change targets?
"the more I read about this technology [Puffer Machines], the more I think it would've been a very good deterrent for this bomber... ... than the millimeter-wave... "
The problem is that the puffer machines are actualy a technology very much on the road to no where (not that millimeter wave is getting there much faster).
There are the obvious early technology reasons why (size, power consumption, slowness, impracticality of the overall design) that might with time be improved, as such that is not the problem.
There is the less obvious major achilles heal that cannot be resolved which is the fundemental idea behind it's working is grossely mis-matched to what the proponents hope to achive.
The technology behind the Puffer is a follow on from the Chemical Agent Monitoring (CAM) systems developed for Nuke/Biological/chemical (NBC) warefare. And if used for that purpose the technology is a very good idea. Further it will with time improve once the likes of "quantum resonance spectography" (the way biological noses work) is made practical.
However the reason it is an good fit for NBC is also the reason it is a bad fit for screening people. That is the technology is looking for something to be present (one or more chemicals) Not the physical location or volume or physical mass of the chemicals.
The problem is many if not all the chemical sensors just say something is present not the quantity or where.
The levels these devices can detect are so small that they are now well down in the "noise floor" of naturaly occuring or background level of man made chemicals by a very large degree.
So potentialy the false positive rate is very high when looking for "broad chemical markers" such as nitrates.
Thus it goes for "specific chemicals" to try to change the "signal to noise ratio" and this is the wrong way to go.
That is the problem is made worse by trying to get around the 'broad' problem by being overly 'specific' (the real essence of Security Thearter).
Which unfortunatly gives rise to the same two problems we see with very much all Security thearter,
1, It is overly specific and can only be used for a very limited subset of the potential threats (ie chemicals available).
2, Because it only indicates prescence not location or volume/mass it is overly subject to DoS attacks.
The first issue is one all "specific" -v- "broad" techniques fail on (which is a problem I would have thought all security system designers should be fully cognicent with by now).
All you have to do is use a threat (explosive) that is not one of the (16 or so it detects) on the threat list.
The thing is that as any research chemist will tell you there are so many options available that testing for each one is an overly time consuming one, thus the numerical advantage is always going to be with the terrorist with 'specific' testing. (There are also other significant problems with "spectroscopy" which I'm not going to go into right now.)
The second issue is one that all time constrained que systems suffer from.
As an example all I have to do to get around the system is exploit the known problems of "queing theory" and "human nature".
First I need a "legitimate supply" of chemicals the machine is known to respond to (the most obvious current contender is TNG medical spray used by those with heart conditions).
If I then find a suitable vantage point I simply spray the chemical into the air over the potential test subjects...
The result the machine makes many many positive findings, the number of persons that need further screening goes up dramaticaly the time constrained que becomes overloaded and human nature comes into effect (remember security thearter only works while the comercial revenue stream is not negativly effected).
In the short term (depending on what information the machine outputs and how subtal the attack you use is) either a fault will be suspected or the system will be seen as "to flakey to trust" and the machine ends up ignored partialy or fully.
This by the way is a "false false positive" attack. That is the machine is correctly detecting the chemical which is a "true positive" but the attacker does it in a way that makes it look like a system failure resulting in "false positive" deduction by the operators.
As an attacker you wait patiently for the point the system becomes so untrusted you can walk through with your payload...
This attack technique of making people think they have entered a "cry wolf" senario is almost as old as the hills sheep graze on and is used by the more astute criminals to get a security system they cannot bypass turned off.
In fact it is so old and so well known it is used not just as a plot line in thrillers but comedies as well (see Pink Panther / how to steal a million and other comedy Heist movies).
But importantly it still works (because of humans being... well human ;) and is a way to "game the system" in your favour as a criminal.
As I mentioned earlier there are other problems with spectroscopy that allow such a system to be gamed even more effectively but I'll let you put yourself in the "Hinky frame of mind" and do your own research on that one.
Just remember one very very important fact in life,
'Where humans and money are involved a criminal has an opening'
That is ALL and I do mean all security systems with human involvment are gameable to an attackers advantage. No "ifs buts or maybes" on this I realy do mean ALL, every time we hear about the "latest big heist" you can make an almost certain bet it worked due to "human failings".
It is why "security through obscurity" is still desirable in tanagable "physical world" systems (but fails miserably in the intangable non physical worlds of information etc).
There are only two solutions to the "human" problem that are known to work,
1, "remove the humans" from the control system.
2, "remove the humans" from the system being controled.
Hmm they are not likley to happen ;)
The other more uncertain (risky) solutions involve,
3, "remove the 'specific' system" and take the risk.
4, "remove the 'specific' system" from the overal system because you have removed the need for it.
And with 'specific' as oposed to 'broad' systems the latter route (4) is the only cost effective one that is generaly acceptable although the former (3) might actually be the best for a whole load of reasons.
The solution to the Puffer problem is actually "don't bother" it's an evolutionary dead end for this application.
The real solution is to combine 'broad' not 'specific' sensors from different areas and examine the overlap efficiently. That is use broad chemical marker (nitrate etc) technology and accept it is going to produce a very high "false false positive" as not just an attack but as a normal course of event. Then combine it with another 'broad' but unrelated technology such as volmetric/cavity detection or surface detection system (millimetric and other back scatter technology).
If each technology has a 2.5% trigger rate due 99.99% of the time to "background noise", stand alone it would be unaceptable. However if. two such orthagonal systems are combined then it would only trigger on the overlap of the two triggering and this might be a thousand times less (.0025%) which would be more acceptable. Three or more orthagonal but 'broad' systems is the way to go to deal with the problem NOT developing 'specific' systems.
Oh and an important thing to remember as criminals go "terrorists" are generay not very inventive...
They tend to follow a well beaten tack used by others previously to obtain more immedite influance (ie money not political).
Likewise the more inventive criminal gets their ideas from fiction writers (a point brought out in flight of the condor).
What makes 9/11 stand out is they jumped over the beating of the path stage, and went from fiction (Clancey et al) to fact...
Thus to a limited extent the future direction of "common or garden" terrorists is actualy predictable.
Which might be a reason that people are starting to talk about "Cyber terrorism" as opposed to "Cyber crime".
Conventional warfare however since the begining of the last century (WWI etc) has been the "testing ground" for "the appliance of science" that is new and often inovetive ideas to break old or developing stalemates (trench warefare etc).
Hopefully I will be dead before "terrorists" do another 9/11 by using the comercial exploitation of space to start strapping rocket packs and guidence systems on asteroids...
"I flew 265,000 miles last year,"
I'm surprised your underwear is not made of lead ;)
More seriously I suspect you have been "squireled" that is two or more slightly ungaurded comments you have made have been put together for the Journo's benifit/agenda.
One of the down sides of fame especialy when the powers that be see it as being at their expense is that their "tools" will take anything and everything you say and try to turn it against you.
It is just one more reason I activly avoid "fame" even though it may well harm my possible achivments in life, it is a price to high, not (just) for me but my loved ones who don't deserve the treatment we see handed out on a daily basis by those with an unstated agenda hiding behind "fair comment".
For all those asking,
"But hat can I do"
Actually quite a lot.
Because of all the "nobby no nuts" jokes about the "pants performance" of this particular attack the tide has turned. The most dangerous political weapon ever has started to come into play.
It is the one thing that cannot be controled by authoritarian entities it is why we even have jokes about political jokes...
As a tactic, refuse to be full body scaned.
When the authoratarian person gives you the "what have you got to hide" threat response just smile politly and in an approprite voice say "Nothing, I much prefere the personal touch, don't you?"
Make it sound "camp" or slightly "vampish". I assure you it will cause them a significant problem, especially if others around start to look amused or laugh.
All they can do is get more authoratarian and that just makes them look stupid.
The more people who do it the worse the situation is for the front line staff, their behaviour will become more erattic as they actually start to "feel dirty" about themselves policy will not hold over the way they see themselves.
Legitimat authority is only obtained by respect, illegitimate authority by fear. Neither repect of fear survive laughter for long.
Provided you do not do a joke about a bomb or other kind of weapon (and thus alowing them to do a "Boston"). The "authority" can not win they can only draw by laughing with you and it has to be naturaly otherwise it's even more of a laugh for the bystanders, and the story is sure to spread.
By "digging out" the foundations of the organisation (the front line staff) the ediffice of authority tries first to buttress up it's walls and then when they are undermined to rebuild them but with out foundations they are scrabbling in the sand, and the waves of laughter will wash them away.
I have been reading the dialogue on this and many other blogs relating to airport security and the new full body scanners and I could not resist adding my thought on the subject. I believe the scanner is an unwarranted invasion of my privacy, but I believe we need to help our government find ways to solve the issues in a meaning full way that is not detrimental to our freedom. As a business executive who must travel by air, I regularly have in excess of 100+ flights per year and that would not be possible without air travel, I think we are approaching the issues incorrectly.
We continue to focus on the traveling public as one group, let us start with segmenting the traveling public. I know this will start the crazies about profiling, but please listen to the rest of my argument, before arriving at your conclusions.
I am open to go through a very in depth background check, much like a security clearance required by our government for the military and other key personal protecting our country, if the government will issue me a badge (or use my passport so that we do not have to have another document) that allows me to skip the TSA process. This background check should require annual and or random updates. I in fact will pay an annual fee like my airline club membership for the extra services. I know many other executives and frequent fliers who will sign up today. This will shorten the lines for all other travelers and give the TSA more time to focus on the unknown flier.
All military personal and law enforcement personal should be automatically issued this clearance at no cost to them. This will shorten the lines for all other travelers and give the TSA more time to focus on the unknown flier.
All airlines employees should also have to undergo this process as part of the normal course of operations and it should be paid for by their company. If they cannot pass, they should not have their jobs. This will shorten the lines for all other travelers and give the TSA more time to focus on the unknown flier.
We should then segment the remaining pool by profiling, those with air travel history like frequent flyer programs, valid US Passports, other valid forms of patterns that would eliminate the risks should then be allowed to use an expedited process like an elite line and a dedicated scan lane. This will shorten the lines for all other travelers and give the TSA more time to focus on the unknown flier.
We should then further segment the remaining pool by profiling, those with high-risk profiles, a through process with a dedicated scan lane and if needed fully body scanner. High-risk profile might include but not be limited to tickets purchased with cash, one-way tickets, people having traveled in and out of high-risk countries, people who exhibit nervous behaviors, on the government watch lists and other behaviors that exhibit more review. This will shorten the lines for all other travelers and give the TSA more time to focus on higher risk candidates.
The more we do to allow the TSA to focus on the real risks the better job they will do and the safer we will be without trading out all of our freedoms
"There are a gazillion potential terrorist targets that are not airplanes."
Reference: A volleyball game in Pakistan. Current reports are up to 95 dead from the attack. The attacker used a car bomb.
@ James T :- I am open to go through a very in depth background check, much like a security clearance required by our government for the military and other key personal protecting our country, if the government will issue me a badge (or use my passport so that we do not have to have another document) that allows me to skip the TSA process.
So what do I care why should you be excused the pain without proof?
It might have skipped your attention but most suicide bombers have "open backgrounds" likewise there was an Army Major recently who if you remember decided to shoot up the base, I'm fairly certain he was cleared way more that what you are proposing.
FOR THE SAFETY OF ALL SECURITY MUST BE APPLIED TO ALL REGARDLESS OF RANK OR POSITION SOCIAL OR POLITICAL.
Is there anyone who doesn't think that this recent "terrorist" fiasco wasn't some kind of planned failure, just so TSA and Homeland Secrecy can advance their hidden agenda? Like the agenda is really hidden. It is a control thing. How do we control the populace and force their willing compliance? The whole thing can be fixed by using a successful model for flight security (perhaps the one that Israel uses). It is intimidation, control, and data collection. Millions of people fly all the time and they are the ones being intimidated, controlled, and giving up their privacy, yet based on the recent events, they have gained no security and little safety. Since none of the old measures worked in this case, what make anybody think any of the new measures will work either? And this flight business is just one example.
@kashmarek: Is there anyone who doesn't think that this recent "terrorist" fiasco wasn't some kind of planned failure, just so TSA and Homeland Secrecy can advance their hidden agenda?
Well, if it really was a conspiracy to terrorize the public into surrendering more freedom and privacy to the TSA, they've certainly done their usual utterly inept job. If anything, the extreme stupidity of the TSA's reaction to the incident (particularly the requirement for passengers to "sit at attention" for the last hour of a flight) seems to have had the opposite effect of encouraging people to speak out about the failures of that justly-reviled agency. Every article, report, and blog post I've seen about it contains criticism of the TSA and of government incompetence in general.
Maybe I'm overly optimistic, but I think this may represent a tipping point, where the public is beginning to see through the TSA's fraudulent charade of security theater and no longer accepts the previous administration's repeated assertions that speaking out against it is "unpatriotic." The incident revealed that, contrary to Secretary Napalitano's claim, the system isn't working. And the TSA's inane and uncoordinated actions in response to the "incident" have parted the curtain of secrecy to reveal that behind the projection of the arrogant wizard that bullies us at checkpoints is a bunch of pathetic little idiots.
I'm curious about how realistic the threat actually was. Even if Captain Underpants had set off his exploding codpiece (obviously tricky) and successfully blown a hole in the aircraft (also tricky), Would it have actually killed anyone except Jihadi Jockstrap?
Aloha Airlines lost around 10 meters of fuselage at 24,000 feet and landed safely, minus the tragic death of a flight attendant without a seat belt -
Yes, it would have been pretty scary for everyone, but airliners are actually pretty tough, and it seems the actual amount of explosive was relatively small.
Anyone actually know whether this was a serious risk?
Certainly an earlier poster who claimed depressurisation at height was automatically lethal is incorrect - we're trained to use oxygen and descend quickly, even passengers get those pull down oxygen masks, and wile it's not much fun, hypoxia won't kill you if you get air again quickly...
"I'm curious about how realistic the threat actually was."
To answer that you have to first define what you mean as a threat.
If the "threat" envisaged by the bombers "controlers" was to shake people up then I think most would agree the "threat" was "realisticaly" accomplished.
If the "threat" was to create an earth destroying nuclear war then it was not even on the screen and not even at the bottom of the grass in a field five over from the radar ;)
Which brings us onto,
"Yes, it would have been pretty scary for everyone, but airliners are actually pretty tough, and it seems the actual amount of explosive was relatively small."
Yes it was about three ounces of highish energy explosive.
But it is not the available energy that is actually that important it is how you apply it.
For instance if You go to the middle of a field and put a lump of stone with a flat or slightly convex surface and put six four ounces of C4 and an apropriate method of making it release it's energy in an "explosive" manner, then the chances are you are not going to come to any harm standing a few tens of feet away. That is because the energy gets quickly disapated across the surface of an expanding bubble.
If however you drill a hole in the rock and put the C4 in it then you would be at a very much more significant risk even hundreds of feet away as the energy gets converted to kinetic energy in fragments of the rock and they could easily travel several hundred feet with sufficient residual energy to hurt if not kill you.
Thus as described "Capt Underpants" was more likley to convert himself to lightly fried "force meat" than cause significant structural damage (mind you if you have ever suffered for days after eating badly made/cooked meat loaf then your opinion of the relative harm might be different ;)
Which brings us onto your question,
"Anyone actually know whether this was a serious risk?"
Sadly the answer has to be yes, but at a very low probability.
Even with all the redundent systems if you know what you are doing you can bring any aircraft down with a flick of a finger or two.
And no I'm not talking about just switches in the cockpit that a pilot or flight engineer could change.
A practical example for those at home to think about.
Most domestic equipment these days has numerous saftey systems built in.
Due to cost many of these are based around CMOS micro chips.
Most CMOS systems are very very low energy, certainly considerably less energy than is carried around on the end of your average human finger.
Thus if you know where to put your finger you can inject energy into or suck energy out of the CMOS circuitry. In either case there is a probability that it will cause a fault in the microcontroler controling the safety systems causing a fault.
Depending on the system and the fault you have injected into the system it may fail safe or fail dangerous.
The definition of what is "fail safe" and what is "fail dangerouse" is very nebulous.
Take a fire prevention system for instance it might be designed such that under fault it will activate the fire systems. This is because the designers assumption is that the "safest" thing to do is assume the fault is caused by a fire...
Now what if this system has been instaled by another engineer into a fire system in a computer room which has locked doors.
Do you realy want the halon system to be activated so that you get asphixiated in the room?
Probably not but the fact that the system fails safe is what is actually causing you to be put at risk of death should the basic microcontroller go to fault (by say somebody putting their finger across the pins that signify a fire is in progress etc).
It needs to be said that every system beyoned a certain degree of very minor complexity has these problems built in. They cannot be designed out, only have their probability of occuring reduced.
So the more knowledge an attacker has the less energy is required to bring about a failure.
In the right places a finger or two will make a 747 become a brick in the air...
Less knowledge or greater speed of action requires more energy. Three ounces of low energy black powder will certainly have the same effect as the fingers on a 747.
Through to the little or no knowledge requiring a lot of energy. Thus say a minimum of a couple of pounds of C4 put up randomly against a bulk head has a reasonable probability of doing significant structural damage that in turn may be significant enough to bring a 747 down in either a controled or uncontroled manner.
So as I said "define the threat", then seek out sufficient knowledge to make 3 ounces of home made explosives have a better than 50% chance of bringing the threat to fruition.
I'm assuming that the threat you are envisaging is "bringing the aircraft down in an uncontroled manner" in which case a lot of knowledge and skill is required with 3 ounces. However that does not stop the "getting lucky" problem coming into play.
Sorry if the explanantion is a bit long winded and wooly without giving a Yes or No answer but hopefully you and others can see why the question cannot be answered with certainty.
@ James T
Any time you set up a tiered system of privileges, you invite attackers to game that system and obtain undeserved privilege.
@ Clive re halon
Halon is used in fire suppression systems precisely because it extinguishes flame without asphyxiating people.
@ Brandioch Conner,
"Reference: A volleyball game in Pakistan. Current reports are up to 95 dead from the attack. The attacker used a car bomb."
Sadly I would expect to see more of these types of attack in the future.
Whilst there are countries where terrorist activity can be detered to a fairly large extent due to somewhat fortuitous circumstances. The same cannot be said for other countries.
Whilst I would expect that the odd shoe/rectum/pants bomber to appear occasionaly. I'm fairly certain that they will be getting less and less frequent. That is due to these types of attack (appearing to) require a suicide to bring them to fruition. I suspect the majority of potential/actual "terrorists" intend to survive to attack as many other targets as they can.
Thus you have the "insurgents" in Iraq and Afganistan attacking "our troops" with IED's etc. And you also have those terrorists attacking other countries not in a similar fortuitous state, with tactics/attacks worked out by the likes of the PIRA etc more than fourty years ago (and well over a hundred with regards to some Irish insurgents).
That is those terorists/insurgents who wish to do real damage are either attacking "low hanging fruit" targets in countries where they can easily blend in and find willing support with little or minimal interferance from the authorities. Or are activly engaged in demonstrating why you should not go and fight on their chosen battle field where they have the "home advantage".
Where they are killing "our troops" that we did not manage to stop our "political masters" sending on a "fools erand" that is fighting on the insurgents/terrorists chosen battle ground...
"Halon is used in fire suppression systems precisely because it extinguishes flame without asphyxiating people."
Err no it's used because it is "mainly" non toxic and is considerably more effective than other (usually very toxic) fire suppresent gases.
If you get your lungs full of Halon then you will suffer considerable effects as it displaces the oxygen in them (first effects are the same as you expect from altitude sickness effectivly like drunken silliness followed by unconciousness and eventually death).
The Wiki page you pointed to actually mentions this problem immediatly after a Halon dump with,
"During this time the enclosure may be entered by persons wearing SCBA . (There exists a common myth that this is because halon is highly toxic; in fact it is because it can cause giddiness and mildly impaired perception..."
If you do not know SCBA is "self contained breathing aparatus" it usually consists of a compressd air cyclinder presure reduction valve and hood or mask.
It is very similar to Scuba (Self contained under water breating aparatus) gear and serves the same purpose in that ensures a breathable supply of air is made available at slightly above the ambiant pressure so that you don't get asphixiated by your surounding environment.
Asphixiation by Halon is adout as common (after normalisation) as accidental drowning due to rainwater during/after downpours.
Like rain water Halon collects in depressions if you are insensible face down in a depression you had better hope somebody pulls you out before you "drown" in it...
It must surely only be a matter of time before an enterprising terrorist launches a major attack at an airport security queue. My impression is that terrorist attacks outside the security cordon were much more common in the 1970s but have gone out of fashion since. In recent years the only example which comes to mind is the ridiculously-incompetent attempted bombing at Glasgow.
I am from New Zealand and have often thought about doing a holiday to USA but...
frankly I have little interest in going on a holiday that starts with a cavity search.
USA, the land of the free?
USA, we water-board all visitors, just in-case...
Bruce - Stratfor Global Intelligence – http://www.stratfor.com - published a piece on the Christmas day attack that includes the following:
"To a great extent, this is the American strategy. The United States has created a system for screening airline passengers. No one expects it to block a serious attempt to commit terrorism on an airliner, nor does this effort have any effect on other forms of terrorism. Instead, it is there to reassure the public that something is being done, to catch some careless attackers and to deter others. But in general, it is a system whose inconvenience is meant to reassure."
see http://www.stratfor.com/weekly/... for the complete article.
Stratfor is a serious security advisory company and here they are basically agreeing with you that this is security theater.
This wack a mole game is interesting. We hope or want the Gov't to keep us safe? We have already told extremists and trading partners that we fear pain or loss to the exclusion of all else.
Let's wear pillows in our cars, drive 20 m/h, and sing the oscar myer weiner song? movie reference....
Since air passengers seem to be the only people capable of preventing these bombings, I vote we put air marshalls on every flight, educate passengers on how to spot suspicious behavior and notify the crew to get word to the marshall.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.