Schneier on Security
A blog covering security and security technology.
« Another Contest: Fixing Airport Security |
| Connecting the Dots »
January 7, 2010
Post-Underwear-Bomber Airport Security
In the headlong rush to "fix" security after the Underwear Bomber's unsuccessful Christmas Day attack, there's been far too little discussion about what worked and what didn't, and what will and will not make us safer in the future.
The security checkpoints worked. Because we screen for obvious bombs, Umar Farouk Abdulmutallab -- or, more precisely, whoever built the bomb -- had to construct a far less reliable bomb than he would have otherwise. Instead of using a timer or a plunger or a reliable detonation mechanism, as would any commercial user of PETN, he had to resort to an ad hoc and much more inefficient homebrew mechanism: one involving a syringe and 20 minutes in the lavatory and we don't know exactly what else. And it didn't work.
Yes, the Amsterdam screeners allowed Abdulmutallab onto the plane with PETN sewn into his underwear, but that's not a failure, either. There is no security checkpoint, run by any government anywhere in the world, designed to catch this. It isn't a new threat; it's more than a decade old. Nor is it unexpected; anyone who says otherwise simply isn't paying attention. But PETN is hard to explode, as we saw on Christmas Day.
Additionally, the passengers on the airplane worked. For years, I've said that exactly two things have made us safer since 9/11: reinforcing the cockpit door and convincing passengers that they need to fight back. It was the second of these that, on Christmas Day, quickly subdued Abdulmutallab after he set his pants on fire.
To the extent security failed, it failed before Abdulmutallab even got to the airport. Why was he issued an American visa? Why didn't anyone follow up on his father's tip? While I'm sure there are things to be improved and fixed, remember that everything is obvious in hindsight. After the fact, it's easy to point to the bits of evidence and claim that someone should have "connected the dots." But before the fact, when there are millions of dots -- some important but the vast majority unimportant -- uncovering plots is a lot harder.
Despite this, the proposed fixes focus on the details of the plot rather than the broad threat. We're going to install full-body scanners, even though there are lots of ways to hide PETN -- stuff it in a body cavity, spread it thinly on a garment -- from the machines. We're going to profile people traveling from 14 countries, even though it's easy for a terrorist to travel from a different country. Seating requirements for the last hour of flight were the most ridiculous example.
The problem with all these measures is that they're only effective if we guess the plot correctly. Defending against a particular tactic or target makes sense if tactics and targets are few. But there are hundreds of tactics and millions of targets, so all these measures will do is force the terrorists to make a minor modification to their plot.
It's magical thinking: If we defend against what the terrorists did last time, we'll somehow defend against what they do next time. Of course this doesn't work. We take away guns and bombs, so the terrorists use box cutters. We take away box cutters and corkscrews, and the terrorists hide explosives in their shoes. We screen shoes, they use liquids. We limit liquids, they sew PETN into their underwear. We implement full-body scanners, and they're going to do something else. This is a stupid game; we should stop playing it.
But we can't help it. As a species, we're hardwired to fear specific stories -- terrorists with PETN underwear, terrorists on subways, terrorists with crop dusters -- and we want to feel secure against those stories. So we implement security theater against the stories, while ignoring the broad threats.
What we need is security that's effective even if we can't guess the next plot: intelligence, investigation, and emergency response. Our foiling of the liquid bombers demonstrates this. They were arrested in London, before they got to the airport. It didn't matter if they were using liquids -- which they chose precisely because we weren't screening for them -- or solids or powders. It didn't matter if they were targeting airplanes or shopping malls or crowded movie theaters. They were arrested, and the plot was foiled. That's effective security.
Finally, we need to be indomitable. The real security failure on Christmas Day was in our reaction. We're reacting out of fear, wasting money on the story rather than securing ourselves against the threat. Abdulmutallab succeeded in causing terror even though his attack failed.
If we refuse to be terrorized, if we refuse to implement security theater and remember that we can never completely eliminate the risk of terrorism, then the terrorists fail even if their attacks succeed.
This essay previously appeared on Sphere, the AOL.com news site.
EDITED TO ADD (1/8): Similar sentiment.
Posted on January 7, 2010 at 1:18 PM
• 63 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
"Finally, we need to be indomitable... Abdulmutallab succeeded in causing terror even though his attack failed.
If we refuse to be terrorized, if we refuse to implement security theater and remember that we can never completely eliminate the risk of terrorism, then the terrorists fail even if their attacks succeed."
Amen to that !
I think the biggest failure was not to pull aside someone who bought a one way longhaul ticket and travelled with no baggage. That's got to be a rare enough scenario to make it worth asking them a few extra questions - maybe even going as far as El Al style questioning for those people.
Some people have mentioned buying in cash as a flag too, but in Africa it's pretty standard to buy airline tickets for cash because the credit/cheque clearing systems aren't widespread or advanced enough.
The one way ticket with no checked baggage should have been an indicator to ask an extra question or two.
It's interesting. While I don't agree with the liquids ban, I wonder what may have happened here without it. (i.e., he may have been able to prepare a slightly more reliable bomb)
I think this "we as a species think X" is silly.
That's NOT what's driving these reactions, "hardwired" biases. It's social structures. The media is structured in a certain way -- the bureaucracies are structured in certain ways. Those are not produced by "innate" mechanisms, but social evolution.
We are terrorized because it's in the interests of important organizations to keep us terrorized. We react stupidly because important organizations are structured to react stupidly (CYA). It has very little to do with what happened on the savannah half a million years ago, and everything to do with the national security state instituted half a century ago.
You're looking in the wrong place -- and it leads you to distract from the right places.
@Keith: The one way ticket with no luggage is a single story again. The next will travel differently.
If the terrorists just want to terrorise, then the war on terror was lost before it started.
The fact that everyone is now herded and inspected, poked, prodded and scanned each time they travel says to me that the terrorists are winning hands down.
The way to redress the balance is to not harrass and inconveniece the travelling public. These high profile, knee jerk reactions don't dissuade the terrorist one iota, they just do the terrorising without involving the terrorist.
The IRA bombed us repeatedly in the 1980's and they didn't stop because they had their socks examined everytime they got on a plane.
Kangaroo makes a valid point, but I don't think he disagrees with Bruce as much as he thinks he does.
I suspect Kangaroo has read Glassner's "Culture of Fear" and this has helped to form (or reinforce) his opinions. But I think Bruce is spot on: if nothing else, our evolutionary hard-wiring is what makes us so easy to manipulate by those who are interested in keeping us afraid.
I hope Obama and other leaders pay attention to the message here. We need them to lead, and part of that is delivering the message that you can never be 100% secure, that we need to accept risk in a free society, and that we must carry on. Churchill would not have said "Fatalities are unacceptable" and thrased around spending billions building bomb shelters on every block, when what was needed was to thrash the Germans until they no longer had the capacity to bomb England.
"Abdulmutallab succeeded in causing terror even though his attack failed.
If we refuse to be terrorized, if we refuse to implement security theater and remember that we can never completely eliminate the risk of terrorism, then the terrorists fail even if their attacks succeed."
Completely agree. Or reactions have made it so that terrorists can commit terrorism without successfully killing anyone, or even without breaking the law. We terrorize ourselves with all these stupid restrictions and extra security far more than terrorists are able to do.
I agree with that.
@kangaroo "We are terrorized because it's in the interests of important organizations to keep us terrorized"
Not sure I agree with this as stated but each time I see the color of the threat level strangely following the colors of a "mood ring", I always wonder who benefits from the info.
If a threat is confirmed and Homeland Security needs to raise the level, why make it public ? All these intermediary colors between "Severe" and "Low" (high, elevated, guarded) only confuse people, feed the paranoïa and don't trigger any change in behavior.
A bit like if during WWII the officials in London would have rang the bomb raid alarm "just in case"... either there is a threat and you should change your behavior (run for shelter, avoid flying, etc) or it is ok to go on with your life normally.
We, the people, are not hardwired for CYA practices. Bureaucrats and politicians who want to keep their pensions are.
Again we come back to the fact that this is a miniscule threat from people with no experience. It's not like suicide bombers get to practice. "*Boom* Encore, enco...Oh"
Were "the terrorists" really at war with us, they would be hitting the easy, soft targets in America. It's already been proven that you can walk across the US southern border with a mariachi band and a troop of elephants and not even be questioned, so anyone could have easily waltzed in with whatever materials they wished and attacked the US at home already. But they haven't. Why not? Because the threat doesn't exist at the level of paranoia that the US government attaches to the problem.
Bruce said years ago that he felt the draconian state would be more likely to arrive under a Democratic president. I agreed with him then and we're seeing the beginning now.
It's not because one party or the other is more evil (they are both filled with stupid people). It's because one can pretend to have an edge in national security while the other will think they have to fight to show they are "tough enough".
But Americans, who vote, aren't savvy enough about security to understand the parts of security that worked, what parts didn't, and the vast number of pieces that will never work and are a waste of time and resources.
Our leaders are merely a reflection of our national understanding about security. Voters aren't security experts so they will never elect a security expert.
@Bruce: I am often critical because I do not wholeheartedly buy your oft-used line of "Refuse to be terrorized!"
Frankly, I think as a country, we have refused to be terrorized for a long time.
If we were truly terrorized, we would stop going to work or school or the mall or going to sporting events or flying. But even this latest incident does nothing to stop such commerce.
But I must agree with your line to the point of saying: "Selling terror makes administrations look tough, and right now they think that wins votes." We'll see the result of that in future elections (still hard to say because elections, even now, seem to be won and lost purely on how the economy is doing... something no President has control over. Wow we really are a stupid electorate).
Truly, if there were reasonable terrorists somewhere in this world, they would have seen the example of the DC Sniper and understood 9/11 to be their "Shock and Awe" moment, but that all it takes is two men in a van to terrorize the nation.
And it doesn't happen.
Where are these supposed terrorists? No one seems to be able to say.
Why does government work so hard to screw up security? There are a LOT of worthless jobs at stake. The screeners are unionized, the bureaucrats have cushy jobs and nice offices. To protect those jobs they will tell us they can make sure "this never happens again."
It is impossible to say this will never happen again. Impossible. That is a throwaway pointless line.
I am impressed to see that our largely pointless security screening did at least raise the bar to the point that this idiot had to try and brew up a homemade bomb that had little chance of going off. I guess to some extent the theater of scanning works, but only to raise the bar for idiots.
It's the silly no-fly lists and relying on passports. Considering I applied for my passport almost entirely by mail, I can't see how you can ever guarantee its authenticity.
Ironically, it took a lot of time to get the fire out because the passengers weren't permitted to have water on hand. They had to get it from the crew.
There's the CYA (cover your ass) factor. If someone succeeds a second time with the exact same attack, government officials looks incompetent and get fired. If there's a novel attack, then of course the government officials were doing the best they could. Condi Rice's favorite phrase was "No one could have anticipated ...".
@Condi Rice's favorite phrase was "No one could have anticipated ...".
Speaking after 9/11, she was absolutely right. Anyone who says it should have been seen coming is not being honest with themselves.
CYA is no doubt part of why we defend against yesterday's tactics. But also, I believe, is that whenever a tactic is used, either successful or unsuccessful, people who would attack but aren't creative enough to come up with their own tactic now know of another way that may work.
We'll never know how much copycatting is prevented by defending against tactics. Not enough to justify it probably, I'm not trying to justify it. I'm just saying that whenever a tactic is made known, we expand the universe of people who might try it to people who otherwise wouldn't have figured it out themselves, so CYA is not the only consideration.
Here is another security measure: if anyone is more than 15 minutes in the lavatory, release sleep gas into it and break in.
That would also avoided this attempt.
PS: I actually believe the more attention and money we spend in these measures and devote media/internet attention, the more these wackos will show up.
PS/2: Did you ever stop to think why these people hate the US so much? (please don't give me the "we are #1" speech. that is not it)
"Why didn't anyone follow up on his father's tip?...millions of dots..."
There are millions of dots, but some dots are much bigger than others. A lot of apologists for the intel community seem to miss that the tipster is not some random guy. He is the bomber's father and "one of the richest men in Africa and the prominent former Chairman of First Bank of Nigeria and former Nigerian Federal Commissioner for Economic Development." (from http://en.wikipedia.org/wiki/...
I can't imagine there are more than a few hundred tips from senior government officials who claim personal knowledge of a potential attacker. Shouldn't such tips be given much more credence than the millions of tips that come from people reporting someone doing something unusual?
The only counterargument I can think of would be that tips of this magnitude have been investigated in the past and have ALWAYS amounted to a senior government official trying to use the U.S. government to eliminate an enemy.
@Nelson: "Did you ever stop to think why these people hate the US so much? (please don't give me the "we are #1" speech. that is not it)"
Because they believe an evil ideology?
The US is flawed, just as any nation, no doubt about it. But when you look at the atrocities committed against various peoples for frivilous reasons throughout history, even recent history, the hatred of the US is quite illogical considering we're one of the most peaceful, humane, and generous nations ever to have existed. (note, i didn't say we're perfect.)
@@Nelson: "Did you ever stop to think why these people hate the US so much? (please don't give me the "we are #1" speech. that is not it)"
I'll give another reason: television news.
One would think (hope) that television news would have increased exposure of the evils perpetuated by tyrrants. But that is not the case. During the Rwanda massacre, people in the US questioned if it was happening in the rare event it was reported (almost always in print) because it was never on the news. The reason is that some of the worst tyrrants in history controlled the press and news in their countries.
Take Iraq for another example. Iraq has been a swamp of tyrrany, brutality, and death for decades. Do you you think Saddam let the cameras roll as he gassed entire Kurdish cities? What do you supposed would happen if a newsman reported the torture of a child in front of its mother in order to get her to spill the father's whereabouts? Do you think CNN was invited to witness someone being dropped feet first in a tree shredder for forgetting to kiss Saddam's armpit when greeting him? But, as soon as Saddam is deposed, the cameras are there and rolling for the world to see.
Please not, that isn't to argue in favor of the Iraq war (likely wasn't worth it) but to point out the thought shaping power of the media--where it is allowed.
You asked why. I answered. It is an extention of our tolerance as a nation--there isn't much consequence to anti-US propaganda. Any imperfections on our part are quite easy to expose.
Finally, someone who gets it! The current reaction to homeland security is scripted and totally disingenuous. It’s difficult to establish the NWO with a strong and confident America. Let’s create wars, and rumors or wars, monetary and accounting systems designed to fail, leverage our grandchildren’s future against our promise to pay tomorrow, jump in with the “Global (National Socialist) Solution” after the sure fire meltdown that will happen right on cue… and call Amerika’s new system a universal victory for freedom, honor, and oh yes, light!.
What’s coming to this country will make the depravity of Nazi Germany look like party night at a frat house in an East Coast Ivy League “establishment of higher learning.” Make no mistake, the Gods that the Power Elite worship were well positioned to rule this world 3,500 years ago as they and their human servants built a grand tower in the plain of Shinar we today call Babel. But Yahweh (the Chief and Head of all gods) dropped by for an audit and the rest is history. The Sons of God in the Council of Gods have been positioning themselves through their human disciples to return to the power and glory that died on that ancient plain long ago. Our country, its wealth, its weapons, and the lives of many, many of its people will be used to reestablish their truncated One World Government. And very, very few Sons of Adam really understand.
@HJohn at January 7, 2010 3:56 PM
I apologize for that post. Not that I think it was inaccurate, I don't. It gets very easy to start getting off topic when someone asks questions like "why do they hate us" and I probably should not have responded.
"The one way ticket with no luggage is a single story again. The next will travel differently."
Yeah. Round-trip tickets are a trivial additional cost and you can steal luggage from the lost and found (or buy a suitcase and fill it with stuff straight off the racks). We have a limited amount of security officer time, we should focus on other things.
"He is the bomber's father and 'one of the richest men in Africa and the prominent former Chairman of First Bank of Nigeria and former Nigerian Federal Commissioner for Economic Development.'"
Obviously the urgent email regarding a rich Nigerian government official/banker got caught in the spam filter. :-)
I agree with your general analysis of people focusing on rare events, but I would have to disagree in the specific context of airplane terrorism because if we do not shore
up our security for specific threats like the underwear bomber, then it could be
exploited and bring down a few hundred planes in a short amount of time. Even though he was not successful it does not mean it will not work next time. Bottom line is they are creating fear, which is 50% of the fight.
One day if they keep this up, I predict people will not be allowed to carry on anything onto the plane, and will have to go into a changing room, where they have to disrobe completely and walk into another room (camera surveillance of course), put on some uniform, their old clothes will get packaged up, screened, and will become a checked bag. They arrive at their destination, go into another room, and repeat the process.
This would only occur if screening technology is not good enough to catch people, and they blow up 5+ planes within a few month. I don't think I am far off. Your thoughts?
I keep wondering what part of the plot would be foiled by keeping passengers in their seats during the last hour. Surely, any attack that can be done standing can also be done sitting.
Seriously, what is forced seating supposed to prevent?
@ ZachPruckowski - "Obviously the urgent email regarding a rich Nigerian government official/banker got caught in the spam filter. :-)"
You say that in jest, but I would not be completely surprised if something like that was true.
"It's magical thinking: If we defend against what the terrorists did last time, we'll somehow defend against what they do one time. Of course this doesn't work. We take away guns and bombs, so the terrorists use box cutters. We take away box cutters and corkscrews, and the terrorists hide explosives in their shoes. We screen shoes, they use liquids. We limit liquids, they sew PETN into their underwear. We implement full-body scanners, and they're going to do something else. This is a stupid game; we should stop playing it."
And do away with the restrictions? Bruce is correct to use the term "Security Theater" to describe the more ridiculous TSA policies, but some of the common-sense rules have made it far more difficult to hijack an airplane, or injure/kill other passengers.
I'm sure I am not the only one who remembers the bad old days when criminals, mentally ill people, non-suicidal terrorists, and political extremists would regularly hijack flights here and abroad. I can't remember the last time it's happened, because now it's nearly impossible for anyone to bring on the most common types of weapons or get into the cockpit.
No. It is not increased inspection for weapons that has stopped hijackings, but rather the understanding that any hijacking attempt will result in the death of the passengers, so the passengers will overpower and/or kill the hijackers, as they did on one of the four 9/11 planes (yeah, the last highjacker crashed the plane as the passengers were getting to the cockpit). Hijacking is no longer a useful criminal activity.
Do you even read Schneier's posts?
Some good comments on security are now on the last 100 comments.
Why so little terrorism in the USA, as derf asks an important question to handle well. Please forgive me with the next: Michael Moore "There are no Terrorists.." That is dangerous and naive. Business is war, and there is a war going on with radical Islam, that is going to flash up sometime.
There was "terrorism" on a small scale, if you read the right places, but also because it gets hard with some of our good security work that has been quietly going on.
There are a lot of little gotchas with how things are close, but fizzle out, or power out, or have unique issues. Ignorance and obscurity theater does help sometimes.
Some of the security overrides, also screw up innovation. GRR. Security overrides are a complex subject, that I hope progress happens behind closed and open doors.
No, Ian's point still stands.
Hijacking had diminished dramatically from the 1960s to 2001 thanks largely to weapons screening.
Extrapolating from the 1960s data, the security measures implemented in 1973 are estimated to have reduced hijackings by 80%. (1969 was the peak year for hijackings at 82. In addition in 1973 intelligence agencies in the U.S. and Cuba, as well as Taiwan and China, agreed to end series of tit-for-tat hijackings they had been orchestrating against their rival)
9/11's locking cockpit doors and the change in passenger reaction have taken away much of that remaining 20%.
Ian is talking about TSA policies that are generally described as "security theatre", and suggesting that the TSA security theatre has contributed to the cessation of hijacking attempts. I don't think either of us agree with that.
Dean: But I think Bruce is spot on: if nothing else, our evolutionary hard-wiring is what makes us so easy to manipulate by those who are interested in keeping us afraid.
All that says is that it's not surprising that you see lots of boobs in beer commercials, but not lots of ears. But why male bottoms instead of boobs? Why not more shiny jewelry? Or sophisticated philosophy? Or hunting prowess? All those are hard-wired "sexy" signals historically to some of the human race -- why are boobs specifically chosen to sell beer?
So, talking about hard-wiring doesn't buy us much. A lot of things are hard-wired. Xenophobia might be hard-wired -- but so is Xenophilia. Outsized weighing of unusual risks may be "innate" -- but so is the disregarding of outliers.
Sure, folks don't buy ultraviolet colored dancing shoes. But I didn't really need to say that, did I? There's a lot of innate functions available to abuse -- we should focus on the abuse of the innate function, not on what the innate function is.
Bruce, do you think having King Fu classes for passengers at airport lounges would be a more effective way to increase security than buying body scanners? Just a wild idea.
We need to judge TSA et al not just by the threats that get past them, but also by the way they respond after a threat. Whoever implemented that silly 1 hour rule is incompetent and should be fired immediately. We can't trust people like that with our safety. It's obvious they have no clue.
No, visitor, that's not what I am talking about. Sealing cockpit doors and making sure people don't bring guns in their carry-on bags isn't security theater, it's common sense. These two policies -- as opposed to security theater B.S. like patting down senior citizens at checkpoints -- have made it extremely difficult for anyone to take over a flight.
I have become convinced that the government reacts to incidents like the underwear bomber by punishing all passengers because it's the easiest thing to do. Cleaning up the failed walled layers of "intelligence" bureaucracy is a nearly impossible task, on which little progress seems to be made since 9/11 despite all the billions of dollars spent on the "Department of Homeland Security." It would be very hard work (well beyond any election cycle) with almost nothing visible to show for it even if the necessary organizations wanted to cooperate. But like all bureaucracies they are interested only in protecting their own turf and expanding their own empires, so they have no interest in cooperation with rivals. The DHS merely shuffled things up, and most likely made the situation worse than it was on 9/11 because the bureaucracy is so much more bloated.
Conversely, ordering the TSA to come up with boneheaded new hassles to inflict inconsistently on all passengers is trivially easy. It's highly visible, yields immediate "results," and seems to bamboozle enough of the public into believing that more hassles (and/or more loss of privacy, dignity, and liberty) at checkpoints automatically translate into more protection. It doesn't matter whether it's effective; and if it's found ineffective, they can just add more boneheaded hassles in reaction. It's just the easiest way for embarrassed government officials to dress up their failures in the props and costumes of security theater.
They can get away with it because enough people buy into it, and even defend it against critics who point out the truth. Terrorists terrorize, and people want to be safe. The preferred solution is security theater, which offers the illusion of safety that people crave while avoiding the difficult job of making the bureaucracies work effectively together to provide actual security. As long as people embrace the TSA's shameful sham as "security," the theatrical production will enjoy an endless (and continually expanding) run.
Description of the "detectability vs. reliability" tradeoff
was fascinating. But the "they only
need win once" aphorism applies.
And we've all been ignoring
(in practice, albeit not theory)
Barometers, puppies, converts.
Whee! What say jason?
Glass empires ought not fly drones.
Someone commented that the plotters were naive in not testing that type of bomb on the ground before hand.
I wonder if they did, and either the lower air pressure or restricted airflow of the dude's nether regions prevented runaway combustion.
@Zach: Round trip tickets are very often cheaper then single trips. The only thing more twisted then a terrorists mind is the way airlines calculate the trip fee. I'm pretty sure none of Umar's co passangers payed the same price for their tickets.
>Speaking after 9/11, she was absolutely right. Anyone who says it should have been seen coming is not being honest with themselves.
I love this phrase from James Bamfords book "The only predictable thing about the terrorists is the fact that they will be unpredictable"
@ Tom, Zach,
"Round trip tickets are very often cheaper then single trips. The only thing more twisted then a terrorists mind is the way airlines calculate the trip fee."
A large part of it is actualy down to governments and Treasury income via Airport Tax and Tourism.
Even before 9/11 the price of a return ticket from London to any other European Country (and many many others) was priced on if you stayed the weekend or not...
For instance an "Economy ticket" for Monday Morning to any other working day in that week would cost something like 1000USD. However push the ticket to the following Monday and the price dropped to around 500USD.
Now if you then went Wednesday PM and came back Tuseday PM then the ticket could be 200USD or less...
This practice started unravaling with "Low Cost airlines" (however they ramp prices up by other tricks).
This is because the airlines make their profit in "business class" travel. They are usually seen as a captive revenue source to be "stretched across a barrel".
As was once said by an airline executive "First Class Fares are there just to justify the high business class fares".
Now there is a subtal loyalty trick that goes on...
If you fly with the likes of say BA you get not just "air miles" but also "frequent flyer points". If you get enough then your first privalage is the "business lounge" with free drinks, snacks and newspapers and comfortable furniture and decent tables with Internet conectivity etc.
But you also as a passanger with that privalage have a rather usefull hook in that if you buy the tickets or nominate passangers traveling with you, they automaticaly get upgraded to "business lounge" with many airlines...
However it gets better "first class" comes a knocking...
If you are a frequent flyer you also get "upgrade options" even if you only fly economy.
That is most "first class" seats are empty on most flights. Thus if business is a little full, the airline can "bump you up" to first class to make a seat available for another "fair payer". Likewise if you fly enough economy flights you will get bumped up to Business class or even first class.
Then there are other perks like free hotels, resteraunts and all sorts of other goodies including meeting rooms. You just have to ask...
Now if you realy do fly a lot of miles and you pick the right airline you can get "friends and family" tickets not just via yor "air miles" but via your "frequent flyer" points as well.
And this can be quite a lucrative thing. Because what some airlines do is make them transferable, via "business accounts"...
So let us assume you are the boss of a company where the employees do a lot of travel in economy etc. As you buy the tickets you get to keep not just the airmiles but you can also nick their frequent flyer advantage points as well.
So as boss you get to fly first class for free to a 5star hotel for free with your family or perhaps that nice little brunet in accounts who has become your "special friend for the weekend"...
If you are somebody like Bruce who flies 10times around the world each year it is worth taking serious time to check your various options. It might actually be advantageous to take an unneeded trip just to get over the limit to some serious "goodies"...
A friend of mine used to work in "the business" of actually advising business men on their "flight options" to take advantage of such deals.
Hint if you ever get an illness like a CE, PE be it HACE or HAPE or not or a DVT or ever get put on certain medications do not mention it to anyone involved with the airline business. You can get a huge black mark and you lose out on the "ask for" perks or worse (it is said in some places certain airlines have access to DBs compiled from private health insurers just to make life fun).
One little trick for us less travel weary persons.
You probably know that the further away from the date of your flight you book it the less the cost.
But did you know it also works the other way with things like "city breaks".
I have flown to various European cities at fairly short notice (ie a couple of days) and paid less for a "city break" with all inclusive hotel, traveling on the same airline as colleagues who have paid twice what I have just for the flight. Sometimes you also can register the city break flight with you frequent flyer and get not just the frequent flyer but air miles as well.
Funny story, some charge cards (Amex in UK) have tied deals with airlines (BA) where you get not just air miles but other advantages. A friend who I'd told about the city break trick had a business meeting in a rather loverly part of Italy at short notice on a Friday. He found that if he also paid for the city break on his CC he got all the perks saved money on the flight got a 4 star hotel and hire car for free and a ticket for his wife as well all for less than the flight price the airline advertised on line. The only problem he had was talking his children into staying the weekend with their adoring and doting grandparents (tough job but somebody had to do it 8)
"Why was he issued an American visa?"
From what I've read, he was issued a visa long before he became a terrorist. And there is no infrastructure to rescind a visa before boarding a flight (but only at customs).
So short of putting someone on the no-fly list because of a rumor that he might have been radicalized, there was no way of preventing him getting on board.
"...remember that everything is obvious in hindsight".
If that were true we would always learn the right lessons from history.
For some publicity-squelched security angles concerning whether or not the bomber used a passport, and whether there were one or two accomplices, google for Kurt Haskell Passport (or video testimony from Daniel Huisinga).
I doubt many of the policies of the TSA have yielded any real improvement in the safety of flights. But even if they have, I'm sure we'd all agree that those are very, very marginal improvements. So the question becomes, how much are we willing to pay for a .01% improvement in safety on flights? $1B? $10B? $30B? Since air travel is already many, many times safer than alternatives, couldn't that money be better spent reducing other greater risks?
Or maybe the better question: why is the federal government responsible for airport security at all? Since the majority can agree that the government bureaucracy is incapable of efficiently managing health care in this country, why does the majority accept that the government can efficiently run airport security?
Couldn't we instead let the airlines manage their own security? That would allow for competition among many different approaches, and allow the market to sort out which types people most want and are willing to pay for. While that approach may not be perfect, I'd bet that it's much more likely to lead to smart security advances than will letting a bunch of politicians be the sole authorities on what gets implemented.
I was joking earlier about measuring guys genitals. At least I hoped it would not reach that level. Now carville has said the scanners can measure. He's ok with it. Either he has nothing to measure or he's packing........
Someday someone, like a drug mule, is going to "stow" a bomb. Then what does the TSA respond with???
Safety of Air Travel versus Automobile travel will only matter when I am able to fly to the fast food restaurant up the street to get my fly through meal..
The whole "the terrorists get raped before leaving" thing sounds like lame propaganda to me. A prospective terrorist may think "Hey, allah isn't cool with male-male rape"
Remember when the US stole the WW1-era "The Huns are throwing babies out of incubators to loot them" during the first Gulf War?
Perhaps the reason our intel didn't listen to the Nigerian banker-father is because his note started off...
Dearest Obamma, you have been won the Natunal Nigerian lottery. I am being happy to announce your cash prize. If you will perhaps quickly send me your address and phone number....
I just wrote a similar remark up anonymously in the comments attached to your recent CNN.com article on the subject, but I'll reiterate it here in case you don't review the comments there.
You give Mr. AbdulMutallab (and indeed the farce of a reaction post-AbdulMutallab) too much credit by calling him "The Underwear Bomber."
"Underpants" is a much funnier word. Honestly, we'd get a whole different (and more accurate) perspective if he was known as "The Underpants Bomber."
Please take this under consideration.
Kamikaze: since 1944.
Flight 8969: 1994
Those who do not learn from history often post their errors on web sites.
So the "one-way ticket with light baggage" thing was a red herring. But a somewhat interesting red herring.
Namely: "everyone knows" that traveling one-way without baggage is fishy behavior. So if the next successful attacker does travel this way, it will be deliberate, to thump his nose at the authorities who couldn't catch him even given that "clue". Which, paradoxically, will make the attack more efficient for causing terror -- more egg on the government's face means more erosion of people's faith that it can keep them safe.
Saving face is not just an irrelevant agenda; it means less terror. If (when) it doesn't, that's because the face was not adequately saved after all.
This is also why people with "I'm a terrorist" t-shirts are denied boarding, even though it is trivially easy for a real terrorist NOT to wear such a shirt. We must assume that terrorists will drop the most obnoxious hints they think they can get away with. Because doing that causes more terror when the media get at it afterwards.
(Similarly, attacking the most conspicuously defended target your plot will work against gives you more terror per martyr. Which, from a certain point of view, justifies defending that target more heavily once you've started doing so).
As long as we try to strike a balance between inconvenience, transportation delays, freedom, and effectiveness, there will be mistakes made and some people will slip through the cracks. "Balance" is about probability and an acceptable / tolerable level of security. It is not about eliminating threats with certainty.
Better Intelligence is Key to Better Security and Behavioral Profiling is Key to Better Intelligence.
Politically Correct (PC) and Privacy (or civil liberty) each have very different meanings for different people. Neither has any meaning if there is no public exposure or consequences which result from the activity. Privacy and security share a common premise that information is transferred to a restricted audience on a "need to know" basis.
Observations of a person’s behavior and queries concerning "generic" activities do not expose anyone to either public embarrassment (behavioral profiling), nor do they have any consequence unless there is "probable cause" established. If the follow on screening or closer observation associated with having tripped a threshold (probable cause), then there is a case to be made that there is a need to know.
However, the follow-on activities associated with having established a need to know should be should be either covert or done in isolation. The only public exposure is the isolation process. Notice of random screening of persons (with occasional actual isolation of "non-suspect" individuals) negates any public stigma that might result.
Clearly any information that can be collected in advance from travel documents, travel itinerary, payment method, etc. should be included in the overall risk assessment. Age information from the travel document (hopefully an authenticated one!) can be used to exclude children and the elderly from the "random" selection process. However, because these people and the handicapped (could be faked) may be used as "mules," they like everyone needs to undergo a minimal level of screening. Intelligence activities are the only way to intercept criminal activities (terrorists are criminals) before they reach the execution stage. Associative analysis of relationships between passengers, (travel itinerary, same family names, noted conversations, same hotels ...), is a part of a good behavioral profiling schema. It needs to be clearly understood that a bomb detonated at a screening point upon fear of detection will have nearly the same impact as bringing down the airliner. Airports are vulnerable to attacks launched from the periphery and there are many high-risk targets besides airports and airliners.
The distinguishing feature in Israeli security methods lies in the focus on the terrorist and not the bomb. You still need to deploy the best technology available to detect explosives or other hazardous materials (guns, knives, etc.). Whether they are carrying bombs, weapons or nothing at all, it is still prudent (note the sarcasm) to keep the criminal/terrorist out of the country and away from potential targets. Behavioral/psychological profiling avoids the need to subject everyone or whole classes of people to public embarrassment. We still need to have an efficient and effective screening process for everyone to detect banned substances. However, the benefit brought by behavioral profiling is that not everyone needs to be subjected to the same level of scrutiny. This means greater efficiency and effectiveness in allocation of resources i.e. better security, lower cost, and faster throughput.
Today's hot topic is full-body scanners or "pat downs." I will not comment on the relative benefits/weaknesses here. However, I think that the issue of Privacy is a contextual one. We all have physical examinations to detect possible health issues, go to public beaches, and visit locker rooms these place will expose more of us than any proposal for a broadly applied screening method. Per the discussion above, there should not be a need to go to strip searches and body cavity exams unless there is a very strong case of need to know. There is no reason that full-body scans should be viewed by anyone except the actual screeners. After an hour or two of brief views of indistinct body parts, the biggest problem will not be voyeurism but boredom. The screener doing the "pat downs" (out of the public eye!) has similar issues to deal with and the added element of contending with issues of personal hygiene and harassment. In the end it is a responsibility for management to ensure professionalism and alertness (motivation). Since all such activities should be carried out without exposure to public scrutiny and without any consequence to the individual beyond a reason time loss, then there is no loss of privacy or civil liberty. Retention of imagery for training or product improvement purposes would have no link to an individual, therefore, no violation of privacy or civil liberties in that case either.
In short, behavioral profiling is a must, but it must be done right and be supported by a hierarchy of screening methodologies built on a base-level for everyone. Automated processes and assignment of resources on based on a risk assessment will likely result in both more secure and faster screening.
When we're all finally used to submitting to a body cavity search before each flight, the bad guys will just start using surface to air missiles.
Maybe then we can enjoy flying again.
One thing that concerns me - and I haven't noticed anyone else covering this angle - is that we've spread the details about his father's warning world-wide in mass media. That information will certainly make Al-Qaeda label the terrorist's father a traitor and possibly expose him, his family or company to risks of revenge - no? I know he is rich and probably has body guards - yeah, that would stop an Al-Quaeda suicide nut or remote-controlled bomb..
Shouldn't our TOP TOP priority be to protect the people who can give us valuable information about terror risk? Did we just show all relatives of potential extremists that we don't care about THEIR security if they talk to us?
Did *that* make us safer? Think not :-o
Bruce, I'd love to see a good post from you on this topic. I'm very concerned about the terrorist's father and hope that he will not be harmed in any way by this.
All of this "Security Theatre" is supposedly designed to make us feel safer while flying.
After we have successfully passed through the screening process, been stripped of our over-sized tube of toothpaste, our nail-clippers, and tiny mustache trimming scissors, we can then relax while waiting for our flight, secure in the knowledge that no terrrorist will ever attempt to clip our nails for us, etc.
Now we further have to endure the indignity of removing shoes, full-body scans, cavity searches and whatever else.
Because of all this excellent security, we are required to arrive at airport check-in earlier and earlier to allow sufficient time to clear all of these time-consuming hurdles.
The results are larger and larger impatient crowds waiting to be processed in lines OUTSIDE of the secure area, ALL of them potentially armed to the teeth with over-sized toothpaste tubes and nailclippers!
Why are inept "terrorists" even bothering to sneak such small quantities of explosives in their underpants through security screening checkpoints, when they could so much more easily wheel in entire steamer trunks filled with explosives into an overcrowded terminal to create havoc OUTSIDE of the secure area?
PETN is hard to detonate?
Are you sure?
May I point all recent underwear fetishists in the airport security business to one of the first artificial silk production methods - silk sheets made of - Nitrocellulose. Just like film rolls from the 20ies and 30ies.
History is full of explosions and devastating fires in film archives. And there were a few really nasty incidents with these nitro silk dresses, until production went out.
Guess what... a few loads of coats, shirts and hand luggage made of nitro silk... and the whole plane toilet volume is a prime bomb container. No ignition needed besides a match, a lighter, or a lipstick of white phosphorus in a transparent 1-liter-cosmetics-bag.
Would you still bet that the "exploisve detectors" actually work, after recent news from Great Britain? I never understood how a handheld vacuum cleaner should replace a respectable gas chromatograph or x-ray spectrometer in a decent lab...
Anyway I never had any respect for the security bots... particularly due to their lack of education in physics and chemistry.
Quote from: http://en.wikipedia.org/wiki/Rayon
"The fact that nitrocellulose is soluble in organic solvents such as ether and acetone, made it possible for Georges Audemars to develop the first "artificial silk" about 1855, but his method was impractical for commercial use. Commercial production started in 1891, but the result was flammable, and more expensive than acetate or cuprammonium rayon. Because of this, production was stopped before World War I, for example in 1912 in Germany. Briefly, it became known as "mother-in-law silk."
Nathan Rosenstein invented the spunize process by which he turned rayon from a hard fiber to a fabric. This allowed rayon to become a popular raw material in textiles."
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.