Schneier on Security
A blog covering security and security technology.
« Web Security |
| Transport Canada on its New Security Regulations »
January 22, 2010
German TV on the Failure of Full-Body Scanners
The video is worth watching, even if you don't speak German. The scanner caught a subject's cell phone and Swiss Army knife -- and the microphone he was wearing -- but missed all the components to make a bomb that he hid on his body. Admittedly, he only faced the scanner from the front and not from the side. But he also didn't hide anything in a body cavity other than his mouth -- I didn't think about that one -- he didn't use low density or thinly sliced PETN, and he didn't hide anything in his carry-on luggage.
Full-body scanners: they're not just a dumb idea, they don't actually work.
Posted on January 22, 2010 at 7:28 AM
• 73 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
On a related note, I just read this article (written by a journalist who took a job with the TSA to get an understanding of what really goes on inside airport security) today http://www.concierge.com/cntraveler/articles/...
What I'm puzzled by is this passage from page 14:
"Whether or not Schneier is correct [that TSA security measures are designed to catch stupid terrorists], it's hard to argue with his assertion that the ultimate solution will be found in technology such as the sophisticated 3-D X-ray machines and explosives sniffers that are in place at only a handful of airports."
Is this a misquote or what? Since when did Bruce ever assert that technology is the solution for making airports/planes more secure? Everything I've read seems to indicate exactly the opposite.
one letter missing from a database = full body scans. very logical.
Some things that were said:
Before the scan he told the scanner operator that he had a cellphone and a swiss army knife. (the scan didn't show the swiss army knife, it did pick up the phone and the microphone transmitter).
The defense of the scanner operator was that bodyscanners can only pick up stuff worn beneath tight clothing and the skin, no way to catch things in jacket pockets. The jacket would have been off in an airport though.) No explanation why it didn't catch the thing beneath the band-aid on the leg.
He carried the ingredients for Thermite, could have probably brought them on in plain sight, after all its no liquid ;)
And yet, a poll recently found 75% of the sheeple still thought these were a good idea.
I guess they hear 'scans to detect ' and just turn off the part of the brain that questions if it works or not.
Evidently the machine was confused by this boy's girth...
Just a small note: He hid no bomb components on his body, thermite is not an explosive (it just burns hot enough to melt iron). I am not sure what it was that he hid in his mouth though, he says that it's an igniter.
There is an interview with him where he mentions that we are very much focused on explosives, while there are other things that are equally dangerous. He muses that one could use a catapult to kill an important person - basically throwing a large rock...
Is it just me or did the images they showed on the screen seem completely useless? Based on other body-scanning images I've seen online this particular scanner seemed quite low-res and awful.
However, the problem still remains that a person has to look at these images all day long and try to discern the 'dangerous' items. Even if the scan gave perfect images it is still very hard to have a person interpret them accurately all day long.
Here is a link to a three part video of a blogger/journalist trying the patients of the Detroit TSA agents.
If you combine that video with the article YT provided, a group of observant patient terrorist could rely on overwhelming the check points and the pack maneuvers of the TSA agents into creating a successful attack.
The numbers are against the TSA catching any terrorist. They are looking for a needle in a hay stack with very few people with inadequate training.
One could say the TSA agents are the weak link in the security.
Great, so now everyone will have to wear body stockings to go through scanners...
It seems we're back to the classic sensitivity/specificity tradeoff. If an operator passes every scan that look potentially dangerous to the body-search people, you find stuff, but you don't have the capacity to actually get people where they're going.
"Just a small note: He hid no bomb components on his body, thermite is not an explosive (it just burns hot enough to melt iron)"
Well, if the underwear bomber incident is any indication of the current state of things, all you really need to do to pull of a sucessful attack is light your pants on fire. This man could have packed his carry-on luggage full of dangerous flammable blue-jeans, then set them all on fire with his thermite! Several times more caos!
Sarcasm aside, thermite is very hard to put out (has its own oxidizer so it will burn just fine underwater). If someone set their seat cusion on fire (are those flammable?) it could cause a minor incident.
@jgreco "If someone set their seat cusion on fire (are those flammable?)"
They are if you use thermite to ignite them. ;) I think they're supposed to be flame retardant, but they will eventually burn even in a "normal" fire.
I can see a business opportunity here to produce tops with slogans woven into them using metallised or foil thread that only shows up in the full-body scanner screen.
Another option would be underwear with fig leaves woven into them with the same method to protect your modesty.
I wonder what they would do to passengers wearing these!
There is one very good line in that article on page 15 bottom:
"...Congressman John Mica, a vocal critic of the TSA, has often observed: "We are spending all our resources checking the same people over and over again."
How many suicide bombers fly regularly?
This was a passive scanner working by identifying anything which obstructed the body's natural radiant heat. Notice the way in which ties were quite clearly visible... but the Home Affairs Committee rep's pacemaker didn't show up, because it is subcutaneous.
Bruce - I agree the video can be informative even if you don't speak German, but it can also create quite a misleading impression if you don't understand the details of what's going on. (For instance, if you equate this machine with the millimeter-wave X-ray ones in the media).
The Home Affairs guy also noted several of the caveats German implementations have to satisfy if they are to be deployed... such as not actually displaying a body image to the operator: just a "Yes" or "No" message. In the case of a "No" message, the suspicious area of the passenger's body would be indicated by a graphic of a stick man.
So, (leaving aside the argument about efficacy of different scanner technologies) more privacy-respecting deployments of the technology are possible if the implementation and the processes are well thought through.
Just to clarify: I am not a fan of dumb airport 'security' measures (as readers of my blog will know), I just wanted to correct some possible misinterpretations of the programme.
This isnt the same type of scanner that TSA is implementing at the airports. Interesting, but not a useful comparison.
In the (German spoken) introduction, they explain that this is a passive-infrared scanner, hence the "red blob" images. What the TSA is drooling over are the X-ray scatter scanners, which produce the more intrusive "silver surfer" images.
Me wonders how long it will take for the TSA to get sued for giving a frequent flyer cancer....
It's called "Security Theater"
It's just like the "Sniffer" scanners the airports all have. The only two in the USA that still work are the two that are installed at the entrances of the White House. The TSA bought hundreds of them with taxpayer money and then failed to realize how dirty airports are. The filters need to be changed constantly and nearly all of them sit around unplugged "looking" like they could be used at any minute.
i don't like this kind of tv shows, but a lot of people watch this.
at the airport München an "event" occurred: they detected a substance at a laptop. the man was ask to wait during investigation. he went away (with the computer) and disappeared in the crowd and is still missing.
now they blame the woman working at the checkpoint. yes, she made a mistake. but the bomb detector probably made a mistake. the architect made a mistake when designing the checkpoint. the security routine is faulty.
the discussion in Germany shows how unknowing a lot of people are and it shows the way some politicians "do their job". this is theater, it will cost us a lot of money to build an illusion.
@ "The Home Affairs guy also noted several of the caveats German implementations have to satisfy if they are to be deployed... such as not actually displaying a body image to the operator: just a "Yes" or "No" message. In the case of a "No" message, the suspicious area of the passenger's body would be indicated by a graphic of a stick man"
how is this a caveat? Isn't it a design criteria?
If the millimeter scanners considered for the US were doing this there would be less conflict over the intrusiveness.
Bruce, you remind me of my favorite line from "Man of La Mancha," spoken by Don Quixote after Dr. Carrasco confronts him with facts he doesn't want to hear: "Facts are the enemy of truth."
The fact is that the full body scanners are worthless for airport screening, especially when questionably competent "officers" are using them. The truth is that the TSA's "leadership" has decided they WILL scan all passengers, and nothing will stop them from doing so. They believe that if they make screening more intrusive, costly, time-consuming, and humiliating, the security theater will more convincing to the many people who fervently want the government to "do something."
They don't want to hear any questions about the value and effectiveness of their new toys. They particularly don't want to hear concerns about privacy and intrusiveness. They want passengers to be good docile little sheep who have unquestioning blind faith that the government is keeping them safe and secure, since docile and compliant passengers make the screener's job so much easier. They want the complexities of the Global War on Terror reduced to a simple "Good vs. Evil." The TSA is Good, and everything they do is necessary and effective no matter how stupid it looks. The terrorists are Evil, and that's what we should be frightened of, not the TSA (which is doing everything possible to keep us safe).
People who don't Believe, and who ask embarrassing questions and challenge the official party line with contrary facts, are the TSA's Enemy. The War they're fighting is as much about neutralizing critics armed with "facts" that might make the sheep unruly as about their supposed mission to protect aviation. So that's why they have a propaganda department to deflect all the questions, criticisms, and facts with a perfumed fog of lies and fear.
I'm afraid the battle is lost. A better analogy would be cancer. The TSA has been allowed to metastasize to the point where nothing can stop it. And our own politicians have been feeding it increasing doses of carcinogenic incompetence and cowardice because it serves their own purposes. When there's an embarrassing failure, it's much easier to punish passengers with "enhanced airport security" than to fix what actually failed. So aside from refusing to fly, there's absolutely nothing any of us can do.
So perhaps, Bruce, you might be more effective by conceding this particular unwinnable battle to the TSA. Then you can concentrate on areas, such as computer security, where you can actually make a difference.
Read the second sentence of the wikipedia entry on "Security Theatre" you just linked, and re-evaluate whether it needs to be posted on this blog.
As some have pointed out, there might be better scanners than this. But take a closer look at the politician in the show (the gray haired guy, Wolfgang Bosbach, chairman of the Interior Committee of the German Parliament):
He is _not_ saying "well, there are better scanners" but something like "not using a technique as it is not 100% perfect is like not locking a door as thefts might brake the window". And the audience applauds.
Furthermore, instead of questioning such security measures, he is nagging about telling the tricks to the terrorists via television.
I look forward to van Eck interception
of the images. Why should TSA
have all the fun? TMZ should too :-)
Oh great. Once TSA sees this we'll all have to "stick out your tongue and say AHHH" to get on an airplane.
You're right, it's informative even if you don't speak German. It's also quite misleading if you don't, or can't follow the quite sophisticated discussions of the issues at hand.
This scanner is designed to detect objects between clothing and skin. The fat guy would have had to remove the jacket before being scanned, and as he was scanned, the thermite and components were not between clothing and skin. As the tech points out, in a real scenario, the fat guy would have been made to turn 90 degrees so that he could have been scanned from all angles.
The tech makes it clear (in English!) that things would be considerable different in an airport scenario.
The government representative points out that no single security measure is perfect or 100% effective; that's why we deploy them in layers. He remarks that no sane person decides to not lock the front door to their house on the basis that a crook could just break in through the window anyway.
The device is clearly designed to be deployed as an additional layer in a screening process. As is appears to be very unobtrusive, and adds value, it would seem to be effective, just not by itself.
Finally, on the subject of "security theatre".... clearly the TSA are not the only ones who understand security theatre. This video clip is clearly an example in and of itself, just not one calculated to make anyone feel safer.
I don´t really understand this thing. You can spend billions of dollars at a device that sees throw cloth or you can simply ask people to take there cloth of.
Hmm. These are indeed different to the millimeter wave scanners that are frequently shown in the news. This is ThruVision - which is a passive terahertz imaging system rather than an active EHF system.
I've seen this demoed before, and it's a great system in certain applications. It can actually be used from a distance and on moving subjects, unlike millimeter wave scanners. I was under the impression they were targetting this at knive and gun crime in railway stations and the like.
It's pretty clear that this guy was set-up. He doesn't speak German, he gets railroaded into allowing the guy to wear a jacket, doesn't get to use a metal detector, he isn't allowed to pat him down. He also doesn't appear to be the most charismatic or quick-thinking character and ends up getting pwned. I'd seriously be questioning the reasoning of the people who sent him out there.
To be fair, one data point is not exactly an exhaustive study.
Also to be fair, we have plenty of anecdotes to bring into question the efficacy of these silly things.
With regard to full body scanners, since they don't penetrate the skin, let alone deeper tissues, what about concealing contraband - sheets of semtex, chemical initiators, packets A & B of binary nerve agent - within the fat folds of the morbidly obese? It's happened before in other settings http://blogs.app.com/saywhat/2009/08/06/... and http://forums.canadiancontent.net/hot-topics/... On the plus side, appropriately draconian TSA regulations to defend against this scenario might serve to increase the comfort of other travelers, at least those of us with a BMI of less than 35.
@Cybergibbons at January 22, 2010 1:23 PM
If the device is meant to scan people at a distance at railway stations, but doesn't work if somebody wears a jacket, then it really is worthless.
If it were any good, it wouldn't need a smooth-talker to defend it.
"what about concealing contraband... ...within the fat folds of the morbidly obese?"
Fly French Airways.
Apparently people have turned up having fully paid for their ticket and been told they either by a second full price ticket there and then or they don't fly, and don't get a refund or transfer to another airline.
On being "legaly chalenged" their PR people came up with some twaddle about only for fully booked flights...
It appears it is little more than financial blackmail as they already have peoples money and just want to be greedy.
I was happy to see this.
As a chemist, I often amuse myself while waiting in the TSA lines at the airport by thinking of destructive things they wouldn't catch. Thermite was the very first thing I ever thought of. Unlike the video, if you know how, you can even ignite it without a flame.
I'm not going to discuss the numerous other things I've figured out - no point in giving people ideas. But I believe what has prevented further catastrophes has not been the post-9/11 changes to airport security so much as the technical ignorance and ineptness of the terrorists, combined with good police and intelligence work.
It would be a lovely idea if somebody like 60 Minutes put a bunch of chemists, physicists, electrical engineers, etc. on TV to brainstorm ways to destroy or cause panic on airplanes that wouldn't be caught by the TSA. That would demonstrate how theatrical and futile these measures actually are. But I'm not holding my breath for that to happen.
Hmmm, Bruce Schneier promotes biased, non-scientific, inconclusive test as proof positive. Schneier is rapidly becoming completely irrelevant. What's next, his denial of AGW?
The only way they're going to be even close to 100% certain there's no weapons on board is if they follow these simple instructions:
All passengers must remove all clothing in full view of security. Passengers are then subject to full body x-rays and given special disposable, one piece, form-fitting flight suits. No luggage is allowed, carry on or otherwise. They must be shipped separately. Passengers are locked into their seats which have toilets built in, nobody is allowed to move from their seat while the plane is in motion. The flight attendants will enjoy their new jobs as it allows them more freedom and variety than their previous jobs as prison guards. In flight meals are either served as everything in a bowl with no silverware or blended into a shake and served in a plastic cup.
As long as we treat passengers like prisoners and/or livestock we should be fairly safe.
My guess is that the thing in the man's mouth was a water-tight container with a magnesium strip inside. Thermite is not easily ignitable by a match or a cigarette lighter since neither provides enough heat, but with either of those he could (and did) light a magnesium strip which can. He may have described it only as "an igniter" in order to not give the terrorists any ideas (beyond what is available in any Western high school or college-level chemistry lab).
"So perhaps, Bruce, you might be more effective by conceding this particular unwinnable battle to the TSA. Then you can concentrate on areas, such as computer security, where you can actually make a difference."
Who's side are you on. Why silence one of the few voices where we can still get to find out what the truth is.
@ Bob, (AFM),
"Thermite was the very first thing I ever thought of. Unlike the video, if you know how, you can even ignite it without a flame."
You can infact ignite it with water without any problem.
I found a way to do it when just an early teenager. And yes if you search backwards in time against my name you will find a recipe for it and more than one type of thermite (of which there are a considerable number).
"I believe what has prevented further catastrophes has not been the post-9/11 changes to airport security"
"... so much as the technical ignorance and ineptness of the terrorists,"
Here I strongly disagree Cptn Underpants and Cpl Hotfoot where I agree clules inept and more likly to blow them selves up if they tried to light a camping gas light. They where at best Walter Mitty types who are a real danger to whom so ever had anything to do with them. They would almost certainly pass the old fashiond "idiot test" and probably the imbeceil test as well.
However I do not belive those behind them are technicaly ignorant or inept.
The design of both the Underpant and Shoe bomb and the choice of explosives was actualy reasonably good (actuall try to make as good yourself to see why).
Importantly from a technical perspective they are like the IED's in Afganistan and Iraq more likley to work than not.
BUT they would not bring down an aircraft and it is highly unlikely they would have caused significant fatalities.
Make some of the explosive up yourself and stick 3ounces wraped in a little cloth ontop of a three foot high bit of plastic tube in the midle of a field and set it off. It looks good it sounds good but is it realy any good, nah.
Which brings me around to,
"...combined with good police and intelligence work."
This is hit and miss at the best of times. There are to many people to watch and insufficient is known about how Cptn Underpants and Cpl Hotfoot where recruited.
My bet is that they went around and around the mosques etc looking to get involved. They would have been loud and inept about it and a clear danger to any terrorist organisation. Terrorist organisations do not want the liability these two would have clearly been, and thuss may have assumed they where the lead edge of a sting organisation. Even if they where not they where going to attract attention.
Thus the best thing is "enrol them sideways" that is setup a fake "organisation" away from any real activity. Send them to places where they will not be high visability and play on their "Walter Mitty" charecter asspects. Make them think they need "deep cover" etc etc just to keep them of every radar.
Dust of some old plans and use them to test airport defences etc. As long as they never get to meet the real organisation then it does not matter if the succeed or not.
In fact it's better that they do fail...
If you are a smart terrorist you use the sorry idiots to make not just airport security, but the whole Intel community look dumb. And worse the Intel community will get no real information out of them at all just fake info fed to the two designed to stir up people in the UK and US communities. Thus the authorities will be wasting resources trogging around doing the terrorists work for them...
I suspect that in both cases the bomb realy would not have been that viable and deliberatly so...
So no I would not say the terrorist organisations are technicaly ignorant or inept. There is just to much evidence around from other events IEDs, "homemade" rockets etc etc to make a credible argument that they are.
Cptn Underpants and Cpl Hotfoot where patsies who where used and thrown away with a very very definate purpose, and at an appropriate time as well. They themselves where at best a liability to those around them, they are not any longer.
In the process lots of good press for the terrorists, no women and children killed so no bad press on that score. The bombs contain no traceable materials so are a dead ends, lots of false leads for the "Plods" to ruffle the feathers of the minority communities, which gives rise to the better recruits being found, etc, etc.
Does this sound like those behind them where inept to you?
Think of it as a clown show we are all laughing at the "pratt falls" and "squirty flowers". But that's what's funny and a lot of planning goes into a clown show or it just does not work. Which is why sometimes clows turn out to be very clever and far from the "stupid" they pretend to look.
"Great, so now everyone will have to wear body stockings to go through scanners..."
Awesome! I hate wearing normal clothes anyway. Especially on long flights, they bind up and become really uncomfortable. I'd love to just wear spandex, but at my age and girth that would be a bit painful for others. But, if the government forces me to, then no one can really complain.
I saw on the Internet a captured terahertz image of a woman, and a Photoshop alteration that took the original as a black-and-white negative, then produced the positive. Voila, a nekkid lady.
Let's all be watching the Internet for the first 'negatives' and 'positives' to show up. Make sure the ACLU gets cc'd.
The machines are required to record and transmit images 'for training purposes', which means there's an on-off switch for this function.
"So perhaps, Bruce, you might be more effective by conceding this particular unwinnable battle to the TSA."
Err actualy the TSA are losing credability by the day. Cptn Underpants was a major PR disaster for them because people are starting to laugh at them.
If you want to win against the TSA you do it in two ways,
1, Laugh at them.
2, Make the front line staff feel dirty about themselves because of the job.
You can do both quite safely in one go.
When they try and scan you refuse quite loudly to attract attention then insist on a pat down as the machines just don't work. Then as the person starts again say very loudly "Don't you just love that personal touch, it brings a new joy before being more than a mile high in club".
Or "You know it's at times like these I remember my mother saying 'be a good boy and check all your important little places' and 'don´t forget to put on clean underware'".
You get the voice right and other passengers are going to laugh or snigger at the TSA. The TSA person "touching you up" is going to feel "used and abused".
The point is they have pretty much lost at that point, whatever the TSA person does the best they can do is joke back at you to get a draw...
And cracking jokes back all day quickly sounds strained or false to other people who will only snigger that little bit more...
@ Old Fat Guy,
"Awesome! I hate wearing normal clothes anyway. Especially on long flights, they bind up..."
Shame, I was hoping you were going to crack "It realy gets your panties in a wad" joke 8)
"I'd love to just wear spandex, but at my age.."
Yeh that is why Bruce Dickinson (lead singer of Iron Maiden) took up flying comercial planes as a part time job.
He tells a quite funny story of walking through an airport in his captins uniform when he was aproached by a person in an outsized Iron Maiden T-shirt, and braced himself for being asked for his autograph etc. Instead the callowed youth asked him if directions to the loo.
Oh and in recent times he has been given as an example of a modern day polymath due to his other minor sucesses as author, script and song writter, international fencer, and train and aviation nut. He has also flown a number of humanitarian missions in the past couple of years, and apart from his roucous voice appears to be a "pretty good egg".
@Clive Robinson: I suspect that in both cases the bomb realy would not have been that viable and deliberatly so...
I believe you are right. If the bomb worked, there might just have been another lost plane like the Air France from Brazil. Now they have managed to get a lot of media coverage and thus made a lot of people scared. Why kill people when the terror works even better when you don't.
Dumb idea that doesn't work. Sounds perfect for TSA. Oh yeah, it has to be really expensive and time consuming as well.
Unless the TSA is different, in Canada we rotate positions on the floor to avoid complacency with the same mundane tasks over and over.
One thing I haven't seen mentioned yet is the chemical composition of thermite. Passing through one of these scanners is only one part of TSA's security. The other part is a metal detector. Thermite has IRON oxide (which is metal) in it and would of lit up a metal detector like the presidental christmas tree.
If you think about it, the most effective anti-terrorist move has been the no-smoking sign. Anybody who tries to light up anything at all in an airplane is immediately suspect and will not get very far.
Thermite is bloody awful stuff to get going though once it *is* lit it would be a literal hell in the air. Nothing worse than trying to get a smoldering airplane on the ground quickly from 40,000 feet.
bac's link to the 3 part video is very interesting, as it contains a recording of a person being interviewed by a BDO - Behaviour Detection Officer. Supposedly BDOs are the people that have been trained in the model of El Al "profiling."
Unfortunately, it just confirms that the TSA BDO's are no better at their jobs than the rest of the TSA is at theirs. The woman is pretty blatant about trying to get the subject to affirm to certain phrases which she repeats very pointedly. And despite what is clearly a case of someone being a smart-ass rather than a threat, the BDO's ultimate decision is that he should be treated as a threat and he is then detained and searched.
I realize it is only a sample size of one, but it suggests that anyone who realizes they are being interviewed is going to qualify for detainment then it seems the BDO adds no value to the equation - might as well just go straight to detaining and searching people of interest and skip the interview.
Here's the link to the videos again, iirc the BDO shows up in the second video, she is the attractive black woman:
@ Pat Cahalan,
Long time no hear, hope you are well?
"Also to be fair, we have plenty of anecdotes to bring into question the efficacy of these silly things."
The problem with them (apart from the "naughty pics" that are realy not needed by unskilled operators) is, that they mearly give an indistinct indication of something. And thus rely on the operator to "make something of it" (Radar operators very very rarely see raw displays, they are processed for noise, clutter and many other things before they get to the operators eye).
Now if you regard the backscater / millimetric / IR / etc as being individual sensor types for a tomograph you can in theory (and in practice I suspect) hitch three or four diferent types together in a single unit and let a computer crunch the numbers quite rapidly.
The result should be considerably greater than the sum of it's parts, and at thus actually start proving more usefull.
However the big failing of many of these systems is time. They just take way to long to be of any real use for general scanning. Unlike a walkthrough metal / radiation detector which can atleast keep up with walking pace.
The second is they often lack "volume" or "depth" information. For instance if I take thin lead foil sheet and cut a shadow of a hand gun out of it and put it in the inside cover of a large book and drop it on the X-Ray scanner belt it should (hopefully) be spotted, incorrectly as a gun. With a volumetric tomograph the computer would realise it had no depth and as such could indicate that additional information (thus reducing the oportunity of DoS attacks).
The computer should also be able to render the object on an outline in 3D and rotate it automaticaly to the three optimal plain views for easy recognition.
There most definatly, has to be a smarter way to do it, and my view is use orthagonal systems to do broad searches and crossover set reduction down to a sensible alarm level. And use computers to do the number crunching not 10hour shift workers who's brains have turned to just so much burger filling due to tedium etc.
For instance just millimetric EM reflection tomography and IR transmission tomograhy with appropriate computer technology would tell us one heck of a lot about objects.
We know all of this is possible (at a price) but the real question is, is it realy worth it?
To which I suspect the answer would be no...
As others have noted determind terrorists will,
"Simply change their tactics".
At the moment the "smart terrorist" has one heck of a lot going in their favour and we need to start fighting them and stop trying to stop the "Walter Mitty" types they point in our direction.
From my perspective I would say that your smart terrorist will "Observe", "hypotosise", "test" and "refine" in the Newtonian Science methodology simply because the cost is quite reasonable and the penalty non existant.
That is a terrorist organisation arranges for the performance of the machine to be "observed". They then come up with "ideas" of how to get around the system like an 8ounce plastic or glass hip flask in a pocket. Then they send a smart and clean terrorist who they have laundered into a role out to "test" the idea.
If it gets through it's a success, but if it does not it just ends up in those bins you see at the side and the smart terorist tester is free to try again a little later without penalty. Next time you see those overflowing bins ask yourself "could one of those be from a terrorist test?"
We now know that is what the 9/11 terrorists did. They identified a way by observation or previous experiance, tested it and built their plans accordingly (this is not something you would see the likes of Cptn Underpants or Cpl Hotfoot doing successfully).
Currently there is effectivly no penalty that is going to stop the smart terrorist enumerating the system to their hearts content. Which just makes a smart terrorist smarter (by experiance).
However the work involved with recruiting, training, identity laundering, etc is a very very resourse expensive activity and a major weekness in any terrorist organisation.
Thus IF there where penalties to be paid like first offence "you don't fly on the day and all your bio-metrics are recorded", second offence you are banned from flying in US airspace for a year etc. This would quite heavily attack the one realy vital resourse that terrorist organisations have which is smart experianced personel.
There should be a few other graduated safe guards but you get the general idea.
The next trick is to make the observation stage of little relavance.
Let us say a heirachy of tests exist for various asspects.
1, Walk through metal detector.
2, Wanding down by operator.
3, Patting down by operator
4, Thorough search by operator.
etc,etc. Importantly if a person fails at any point and a cause is found don't as in some places let them procead send them back through the previous stage again with a delay as this upsets a number of potential attack vectors.
However to limit the usefullness of the observation stage If in the initial two stages you put in a "random fail" on individuals set at some significant percentage (10% or more). Then if it is done properly neither the terrorist observer or equipment operator knows if the alarm is true or false and thus pushes them through to the next stage. The trick is to make the uncertainty sufficiently high that many of what the 9/11 terrorists did would not be possable.
It has several advantages which I'm sure you will realise takes the cost of "enumerating" a flight departure quite expensive for terrorists.
However even though it is still just "Security Theater" it will have a significant effect on how the terrorists behave and that hopefully will open up other avenues of enqiry etc.
I was trying to think of how one could tweak the design of the backscatter X-rays to mitigate the "nude" prurience problem... what if you basically chopped the X-ray picture into two, separating the portion of the image containing the head from the portion of the image containing the body via a moderately straightforward algorithm. And in the actual display to the tech(s), either send the head shot to one tech and the body shot to another at another console. Or at a minimum, display a screen with the body shot vertically above (rather than below) another screen with the head shot?
The goal of this design would be to depersonalize the whole viewing experience, even for a casual observer; a body isn't nearly as sexy without a head, (or with a severed head). And it mildly raises the barriers of complexity required for someone to post/capture interesting leakable pictures of someone.
(Sure, it may be "privacy theater" to the initiated, but might help people undergoing the scanning feel better about the whole thing. Just tossing an idea out there.)
"The other part is a metal detector. Thermite has IRON oxide (which is metal) in it and would of lit up a metal detector like the presidental christmas tree."
Err no that depends.
1) First off not all thermites are an oxide of iron and aluminium powder, there are other mixes.
2) Not all metal powders or metal oxide powders that can be used in thermites are conductive.
3) Most metal detectors don't actually detect metal they detect field effects caused by conductors (which are mainly metal)
So the 64K question - is it possible to make a thermite that does not get picked up by a metal detector?
I've never tried but yup I think you might well be able to.
Oh and an interesting thought for those of a realy unplesant mind is "flare material" which has a high content of PTFE set that of with a berilium to form airborn micro particulates in the aircraft, and you would not need to do much damage if any. All the passengers sentanced to death of cancer or emphasima should create enough of a scare...
Which is maybe why the US considered it as part of the load for "bunker busting" bombs to be used in Afganistan.
Ever have one of those sinking feelings where you think hmmm?
How about when somebody quotes you out of context?
Do you think this may come back to haunt you,
"even for a casual observer; a body isn't nearly as sexy without a head, (or with a severed head)."
Just smile sit back sip your coffee, wait about ten seconds and screem Ughhhh... 8)
After seeing this video, TSA will now strip search fat people. :-)
This is really about politicians and other government officials wanting to be sure they are seen doing something. They can't say, "no, these body scanners don't work," then have something happen. Unfortunately most people would be willingly walked into stocks if you told them that it was for their (or their children's) safety regardless of whether that was true or not. No one is willing to accept that there are risks in this world, and yes, you might be blown up by a terrorist even thought the odds are long.
People say body scanners are an invasion of privacy, but the so called "traditional intelligence" is a much much larger invasion of privacy. All a body scanner does is reveal the shape of the human body, traditional intelligence requires warrantless wiretaps, interrogation, ect.
Also, all it takes to blow up a plane is one person and some bomb making equipment. If that person is smart, no one else ever needs to know that that person is planning to blow up a plane, and thus the "intelligence networks" are completely useless.
If we are going to screen for explosives, why aren't we using a simple, known effective technique - bomb sniffing dogs. They and their handler could walk up and down the line, pull out for screening any that trigger. Almost parallel processing - much faster than running everyone through scanners that don't work right, much cheaper, known to be effective, etc.
The only drawback: They're not multi-million dollar contracts for "security theater" - they're simple, low tech, and effective. There seems to be an American psyche that says we need complex high-tech wizardry. We need to get over that.
"why aren't we using a simple, known effective technique - bomb sniffing dogs."
It appears to be a simple and cheapish (apart from the training) so what is wrong with it,
1, As drug smuglers know a dogs nose has a dynamic range limitation so the drug smell can be masked.
2, As drug smuglers know drugs can have their "smell" profile altered so the dog may not recognise the drug at all.
3, As a number of drug smuglers apear to know there are ways of "packaging" drugs to make them nearly inert.
4, There are some drugs that sniffer dogs don't smell.
5, As drug smuglers know there are tricks that can be used to make the dog appear unreliable (DoS type attacks).
Drugs are in the main simple organic chemicals. So for that matter are the more common explosives. And the above problems with drug sniffer dogs apply as much to explosive sniffer dogs.
Some of these problems can be seen for example,
It is now fairly well known that nearly all US citizens carry cocain around on them most of the time, as do residents of other nations.
Drug sniffer dogs ignore these people...
Chemical Agent Monitoring (CAM) "sniffer/puffer" machiens however do pick up peoples wallets etc.
(BTW please be clear I'm not saying all US etc citizens are drugs users or anything like that. The citizens don't have any real choice as cocain is embeded in most US bank notes and as it's quite volatile it only takes body heat etc to cause it to spread to adjacent notes in your back pocket etc).
This simple observation can then be further tested to show what some of the limitations of drug sniffer dogs are (which smart criminals have done).
It also needs to be noted that where as we smell "paterns of chemicals" dogs tend to smell "individual chemicals".
Thus the human smells pizza and the dog smells wheat, oil, whey, lactic protiens, licopiens...
This is another area where a smart criminal can investigate a dogs behaviour.
Then there is the problem of the dogs health fatigue etc and that of it's operator. Belive it or not sniffer dogs have a very intense relationship with their operator and want very much to please they will appear to be ready for work to the casual eye even if they could not smell a ripe cheese and fresh onion filled bread roll a foot from their nose. The operator thus needs to spot if the dog is upto the job or not (thankfully most can). This makes not just the dog but the operator highly skilled and they come as a matched pair.
So there is the issue of training etc to keep the dog and operator "highly skilled". It is complex and time intensive and may be as much as half an explosive sniffer dogs working life (less so for drug sniffing dogs).
There is another issue which is backup. A dog handler has to get close in and thus cannot be armed, they are also watching the dog more than the suspect. The team that backs up a dog handler has to be very very on the ball as they have to know and understand the handler and the dog and how it plays out. Also terrorists normally don't operate alone (another reason to belive Cptn Underpants and Cpl Hotfoot where patsies).
Thus you need two more highly trained people who again need to be closely acossiated with the dog and handler team...
Then there is the minor issue of, you need atleast 6 working teams to cover 1 area 24*365.25. Thus the dog and the operator are rare and expensive, as well as the backup personel and thus highly desirable to outside interests (comercial sector) etc. All of which means the running costs are very very large.
Further, training and high skill levels some believe is "anathma for the TSA". And the TSA's own figures tend to support this. So it starts to become clear why the TSA prefers contract trainers and machines with their own selected operators that are not smart enough to see what is the reality of their training (ie pointless) in the greater scheme of things.
There are other problems which a dog and machine share.
For instance it's a "Go / No Go" tester. It cannot tell you how much explosive is there, how it's packaged or what type it is. Or importantly if it's there at all.
Which is also the problem with CAM "sniffer" machines. Worse the "puffers" cannot even give a general localisation as to where a person may or may not have the chemicals about their body.
Most social drugs are not normal in the every day environment and thus the prescence at any level would indicate to most that a criminal is present (however as I noted above that is a false assumption for cocaine).
Explosives or their common components are a natural part of our environment and in some cases in very high quantities.
The dogs and the CAM machines have a problem in common in that they sense the components not the composits. Explosives are like pizza a very specific combination of very common componets with a charecteristic smell.
Thus a dog like the current CAM's tend to indicate that individual components are present. Which is ok when the background level of those components is vanishing to nothing. But when people buy in the components and store and use them around their homes on an almost daily basis you have a real problem.
The abcensse of such components is the exception rather than the rule. Even having all the required components there is actually not an indicator of explosives.
Thus you have to look for some extra chemical signiture that says pizza not flour, tommatoes, cheese. The human unlike the dog tends to sense smell in this more sophisticated manner and a limited number of CAMs are starting to work that way.
However there is a problem there is more than one way to come up with the pizza smell as those working for food marketting agencies know.
That is you can take the main components away and just leave some of the rare signiture components and the human brain says pizza. Unfortunatly for explosives those signiture components are volatil components from the break down of the explosive and are thus like the smell of toast due to the burning process.
Thus a clever criminal will makes these combustion by products and put them around the place to falsely trigger the CAM.
The simple fact that nobody wants to own up to is that as far as explosives go CAM has gone as far as it usefully can.
That is making it either more sensitive or more specialised is not going to improve it for this particular requirment just increase it's cost exponentialy.
What is needed is for CAM to be just an indicator nothing more. The fact that it says components of explosives are present is not an indicator that explosives are present. Or if they are they are not their for legitimate reasons (TNG spray of heart patients etc).
Oh and the final point. Not all substances have a measurable smell under normal conditions.
Fresh money has a compleatly different smell to used money dur to the initial processing smells wearing off and the amalgamation of human and other detritus that works into the fibers of the note.
What we smell is due to surface contaminates when the object has low volitility in our environment.
Some stable explosives have very low volitility in the environment humans prefere and thus may not release sufficient molecules to be detected by CAM or dog and thus like money they could only detect the volatile processing components or the surface reaction to contamnates...
All of which is compleatly pointless anyway in the working life of these sniffers be they canine or machine they will not come across a terrorist bearing an explosive they are going to detect any more than humans come into contact with moon dust.
The body scanners will do what they can do, and I have no issue with that. But I do have an issue with the people making them, and with the DHS/TSA who are buying them, saying that they can do what they obviously CANNOT do.
No single kind of technology or security can cover all the bases. We need more of these IMHO: (http://www.implantsciences.com/QS_H150.html) as an important part of a multi-layered anti-terror mechanism.
The conclusion is clear. Handcuff all passengers in orange cloths.
The problem here is, that Bosbach is terribly wrong in his statement. Of course noone will keep the frontdoor open because burglars could break in by the window. But neither will anyone lock and bar the windows while keeping the frontdoor wide open. And additional scanners of whatever type are not locks to our frontdoor but barred windows in the third floor of our security-house.
So actually, what he is saying just fits perfectly into his role in the Security Theater.
He hid no bomb components on his body, thermite is not an explosive (it just burns hot enough to melt iron).
If anything thermite is more dangerous to a pressurised plane than any explosive. Melting a hole more or less ensures that the resulting decompression will tear a much larger hole.
My understanding is that these full body scanners are performed with ionizing radiation that can alter DNA. Much like mammography machines which have just been discovered to "create" more cancers than they find...these scanners are mutagenic. This means that they could trigger mutations that could lead to cancer or sterility.
Additionally, if you read the accounts by the Detroit attorney-couple that were on the flight and helped to apprehend the suspect, it was the SECURITY company not following procedures that caused the problem. That security company, an Israeli company, has been identified in other similar situations. Face it boys and girls, this was probably a false flag operation specifically to get those mutagenic scanners installed.
Visit worldreports.org and read about what has REALLY been going on behind the scenes. If you doubt what the author of that site has to say, just go to any serious B-school library and read his mainstay--THE WORLD CURRENCY REVIEW. Harvard, Yale and Oxford carry his reports.
I'd love to hear from anyone who really understands the technology on these scanners. I want to write a news story on them that is factual and helpful.
My email address is email@example.com. Put RE: Full Body Scanner Tech in the subject line. Thanks
There seem to be at least two different kinds of scanners, some which use non-ionising milimetre waves (that have not been proven to cause cancer) and some which use X-rays.
In the case of the X-rays, as far as I can tell it uses a pencil beam that scans rapidly over the suspect, backscattered into the detector. From the time when the pulses of backscattered radiation are detected, the angle of the beam at that time allows an image to be built up. These are real X-rays from an x-ray tube and that can give you cancer like any other X-rays, with a certain low probability, but not zero probability. It can also cause mutations and birth defects that would affect your descendents.
It is intereating to read this FDA report, which seems to have been written by a group composed largely of scanner manufacturers:
The report says the dose per scan is 0.1 microSieverts, and they suggest a model where each 0.01 microsieverts causes a 1 in 2 billion chance of death by cancer, and so the dose limit which is ten times higher is assumed to cause a 1 in 200 million chance of death per scan.
In 2009 UK airports handled 219 million passengers:
If all of the passengers were scanned, on average we should then expect this to result in one additional passenger getting cancer every year and dieing due having been scanned in UK airports with the X-ray body scanners. (Presumably there are also some other passengers who will get cancer and be successfully cured by unpeasant treatments such as chemotherapy.)
If one finds a Brazilian electrician and shoots him in the head seven times in the name of the War on Terror then this is widely held to be a bad decision. If the government kills an airline passenger with radiation induced cancer EVERY YEAR then apparently this doesn't matter, because no surviving family of a cancer victim can prove exactly which cancers were due to the scanners and which cancers were due to other factors.
It has been pointed out that a larger dose of radiation is received due to flying in the plane at high altitude, but this is a an unavoidable consequence of something that is of benefit to the passenger, whereas the x-ray scan is not.
One could liken the risk to forcing each passenger to inhale cigarette smoke - the risk is small, but not zero, and therefore smoking was made illegal inside public buildings in many countries. On the other hand, you can choose to smoke yourself, and this higher risk is acceptable because you choose it. Similarly it is consistent that people might accept a risk of cancer due to flying without also being willing to accept a risk of cancer due to security theatre.
You haven't written about T-Wav radiation (Airport body scanners), but you should do so and explain shielding methods.
Ungrounded metal (foils) are an effective shield to these waves. Iron-on metal tapes on underwear and bras would eliminate 4th amendment protests, and prompt a shakedown discovering foil in clothing (legal!) Clothing made from copper polyester taffeta fabric would be excellent and would be a totally opaque and effective shield to theses waves.
There is currently a big market in the UK for shielded underwear (especially for kids and pregnant women), as the UK has demanded that travelers get full-body scanned if randomly picked. This is scaring people from flying.
Although this is optional in the US, it may come to be mandatory in the US as well.
This underwear would shield a persons "bits" from the scanner, and is legal.
I suppose being frisked after the scanner discovered a reflective image is better than showing off your '"parts", especially for parents.
Let me know if I can help (testing, marketing, etc.) I am an RF engineer with 35 years experience.
This protective clothing could get huge in the future, as T-Wave active and passive scanners get more popular, as they are impossible at present, to detect, and people enjoy their modesty and 4th amendment right to privacy.
when does the bacteria / virus scanners be available? Those are the real threat.
I went through one once and when I was waiting on the other side to be cleared an agent walked over and asked me if there was anything in my cargo shorts pockets. "I don't know," says I, "you tell me." "We can't see inside those pockets sir, we need to pat you down."
Old Navy Shorts - 1, Multi-million Dollar Xray Machine - 0.
The TSA requires us to remove jackets etc. before being scanned, but cannot require us to remove long flowing skirts, cargo pants, or traditional garb that is not closely fitted. Right now I'm an "opt out" refusnik but I can see a future when I wear foil-lined undies and a flowing skirt while traveling. That way I can get both a scan AND a grope!
Since the scanners can be defeated so easily, they do not increase the passengers security level.
And since they do not increase the passengers security level, they are not worth the high price tags (or any amount of money for that matter).
The only service they seem to provide is a daily dose of low-level p0rn for the TSA folks.
George's comment above at January 22, 2010 10:37 AM hit the nail smack on the head. No argument with that whatsoever. TSA's mission is to make life uncomfortable for passengers no matter what. Their security paradigm is completely warped. They are absolutely desperate to continue justifying their existence, and will grab at whatever "improved" scanning technology comes along. Our politicians also continue to merely justify their pathetic existence, and with their "carcinogenic incompetence" will back anything TSA attempts in the name of "security for the people."
The U.S. gov't stopped protecting the citizen long ago, and acts desperately today only to justify their continued existence, however incompetent and diseased that is. Until you realize that, you won't realize they don't care one whit about taking your rights away. Wake up! Our rights are being taken away slowly but surely. This is the true purpose for TSA in the slow creep towards total police state domination.
I'm very interested in the offer made by Steve S on April 3rd 2010. I am about to launch a range of 'protective' underwear called 'x-ray kex' in the UK in response to my expulsion from the restricted area of Manchester Airport for refusing to be 'backscatter scanned'. I need someone with RF experience to prove my products as I have had no response from the DfT (the UK's answer to the TSA) to my request for testing facility / acceptance / endorsement etc. contact me at firstname.lastname@example.org
You don't even attempt to use antibiotics unless you plan on killing every disease cell. To do otherwise is to cultivate stronger and stronger germ cells.
With the billions spent on worthless technology, all the terrorists have to do to defeat it is to operate on themselves and insert a bomb a month in advance. Power it with pacemaker power or charge it with internal magnetic coils. A a simple transmitter to set it off.
Just a small note: He hid no bomb components on his body, thermite is not an explosive (it just burns hot enough to melt iron).
Your SITTING over the AIRCRAFT "WING-BOX" about 15" under seat, at the 1/2 point in the flight you have a FUEL-AIR,
mixture that is explosive, now drop your
thermite ! BOM ! Ref:
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.