Schneier on Security
A blog covering security and security technology.
« Malware Contributory Cause of Air Crash |
| Social Steganography »
August 24, 2010
And you thought fingerprints were intrusive.
The Wright State Research Institute is developing a ground-breaking system that would scan the skeletal structures of people at airports, sports stadiums, theme parks and other public places that could be vulnerable to terrorist attacks, child abductions or other crimes. The images would then quickly be matched with potential suspects using a database of previously scanned skeletons.
Because every country has a database of terrorist skeletons just waiting to be used.
Posted on August 24, 2010 at 6:56 AM
• 106 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Gives a whole new meaning to having skeletons in the closet
(sorry, bad pun, had to make it)
Well, if the assault on your privacy doesn't getcha, the assault on your bone marrow will. "Depending on the selected technology, a skeletal scan would only expose a person to radiation that is the approximate equivalent of taking one cross-country airline flight."
Yes, but if they implement it as they hope, to "scan the skeletal structures of people at airports, sports stadiums, theme parks and other public places ... vulnerable to terrorist attacks" - how much is that per year? One five-hour flight times every trip on the subway?
This would require ionizing radiation exposure such as x-rays. What about the operator's medical malpractice liability?
To balance exposing somebody to the risk of developing cancer, the operator should have to pay some money up front. $100,000 a pop sounds right to me.
"Because every country has a database of terrorist skeletons just waiting to be used."
That is why it is so important that we collect skeleton-scans of all Good Citizens(tm) right away.
Talk about picking the flesh of the bones of forensic technology....
(sorry had to be done :)
I see no problem with this. If you're not doing something wrong, then you have nothing to worry about.
The fact that your skeletal image will be stored in a DB should not bother you, it does not define you as a person, it's just part of who you are.
For those that have a problem with this; why aren't you on a holy crusade against traffic light cameras, speed cameras, toll plaza cameras, security cameras, john q public taking tourist pictures etc...that happen to capture you in them?
We are in a state of almost constant surveillance of one type or another, I don't see how one can argue successfully that skeletal databases would be a breach of personal privacy when people subscribe to voluntary breaches all the time.
You do it every day when you access a website, when you sign up for a new service and when you send email.
Doesn't this presume that they can link a skeleton to an act of terrorism? People don't leave latent skeletons at the scene of a crime...
The comedy never ends @ " Because every country has a database of terrorist skeletons just waiting to be used."... rofl OMG
"radiation that is the approximate equivalent of taking one cross-country airline flight."
So they are, in essence, doubling our radiation exposure?
I wouldn't mind so much if I wasn't sure that at some point some mid tier security manager is gonna say "Nope. Not good enough. Pull out the skeleton, all the skeletons, so we can prove it's what we see on the scanner."
Hmm the claim of "impossible to change is not that valid.
We are changing the length and other properties of bone by surgery all the time these days for cosmetic and other reasons.
My jaw line got altered without my permission ten years ago when my head was karate kicked into a street sign post one morning on the way to work. For a short while I had a left and a right jaw bone not connected in the middle (@BF Skinner no that does not mean I look like a snake 8). The process of rejoining them was problematical and after what felt like an endless round of surgery I had a distinctly different bite and I get an anoying pain when the barometer changes or I fly in an aircraft. Also some of the bones in my sinus areas got likewise changed (giving rise to sleep problems).
We also get to hear about people getting bones in their legs extended (when young) by tens of millimeters or more
Unlike finger prints bones do not grow back the same way they where before a physical insult.
"I see no problem with this. If you're not doing something wrong, then you have nothing to worry about. "
That's a ridiculous argument. Would you allow the government to put surveillance cameras in your shower, bathroom, bedroom? After all, you're not doing anything wrong there, do you?
We need less intrusion, not more. The fact there is already to much of it going on, does not justify piling it on further. This isn't about having anything to hide, it's about the right to basic human dignity, and not being treated as a suspect everywhere you go.
@Daniel Wood: Please note this facts:
* There is no database of skeletons of known terrorists available.
* There is no database of skeletons of currently unknown terrorists available for obivious reasons.
* Scanning your skeleton is only possible with radiation that is strong enough to "reach" your bones.
* "a skeletal scan would only expose a person to radiation that is the approximate equivalent of taking one cross-country airline flight", which means they are talking about ionizing radiation that can damage body cells and thus might lead to cancer.
This is not "just data". This is not "just a privacy issue". This is potential bodily injury.
Security Theater now includes osteomancy... Nice.
Who do you write to when the authorities are more of a concern than the terrorists?
@ Daniel Wood,
I cann't tell if you are being sarcastic or complacent...
Each time I read about one of these latest greatest "Bio scans" I'm reminded of a scene in the Futurama episode "A Fish Full of Dollars" where Fry takes his ATM card to the "Big Apple Bank" when he presents it the girl behind the counter says "Mr Fry we do not appear to have your retinal or rectal scan on file"...
You just know that there are two types of people that come up with these "eye watering" ideas those who are on a Tax Money grab and those whose sanity is at best somewhat in doubt.
@Daniel Wood: Seriously? Your comment wasn't a troll?
You don't have any objections to the nanny state babysitting your skeletal image? Comparing it to a database, at light speed, when you go thru the turnstile to get on the subway?
Privacy be damned, scanning skeletons takes time, man! The math doesn't work ... scan each person's skeleton, and compare the image to a database of (potentially) millions of skeletons? Yeah, THAT won't delay anybody at all.
But yeah, I'll surrender all my privacy since it's already gone.
Welcome to the wasteland.
I've got a bone to pick with the people imposing terror labels on innocent folks.
But the system is for spotting terminators, not terrorists.
@A Nonny Bunny: "That's a ridiculous argument. Would you allow the government to put surveillance cameras in your shower, bathroom, bedroom? After all, you're not doing anything wrong there, do you?"
Now who is being ridiculous? You can't have an invasion of privacy when you are in public. When you are in your own private domicile, then it becomes an invasion of privacy.
@alfora: Do you use a cell phone? Do you use wifi? Watch satellite tv, eat microwaved food; ad nasuem.
On the other hand, I agree that this can cause undue bodily injury down the road, but as I just mentioned above, so do all the other things (potentially).
This is where RESEARCH is key, proper research before implementation is warranted for technologies such as this. I have no desire to cook myself more than any of you do.
@ Clive Robinson: How is my comment being complacent? I'll leave that to you and a dictionary to work out. As a relative "newbie" to the security field, I am far from complacent - it's pretty much the opposite.
@ D Brant: No, it wasn't a troll. I do have objections with the act of this, but not with the technology. Perhaps I should have made myself more clear when I said "I have no problems with this"; it was in reference to the research - research paves the way to better and greater things (mostly).
oh great, yet another technology whos only purpose is to discover transgendered women.
All this is useless until you can instantly teleport identified suspects out of the high risk area...
@Clive Robinson at August 24, 2010 7:57 AM
I'm going with "sarcastic". He almost had me, but laid it on just a bit too thick. "If you're not doing something wrong, then you have nothing to worry about. " in particular just seems way to cliché, engineered specifically to rile our feathers. :)
@ Daniel Wood - cellphones use has not been shown to cause anything - on the other hand, nobody with a modicum of knowledge disputes the fact that X-ray do damage DNA, and induce cancers of various types.
It's all good for the research part, OK, but planning to put these scanners in libraries and malls is criminal.
This article reads like a parody. Some guy is (supposedly) worried about sex offenders in the neighborhood - I know, let's X Ray everyone everyday ! That will surely keep people safe, until they all die of cancer.
Seriously, are these guys stuck in the 1950's ? Penetrating radiation for bone scans ? On a daily basis ? I can remember when children's shoe stores had X ray machines, so Mom could view how the shoe fit, but such common uses of X Rays were stopped for a reason, and as a screening device this has no chance.
From the article : Depending on the selected technology, a skeletal scan would only expose a person to radiation that is the approximate equivalent of taking one cross-country airline flight
From the World Health Organization, INFORMATION SHEET Nov. 2005, on Cosmic Radiation and Air Travel :
Aircrew are now recognized in many countries as occupationally exposed to radiation, and radiation protection limits for aircrew are similar to those established for nuclear workers.
If you work through the numbers (and I read the above to mean that, at best, radiation exposure would be similar to air travel, so this is a lower bound), a daily scan would thus amount to 2 to 5 milliSievert (mSv) of radiation each year, substantially exceeding the ICRP guideline of no more than 1 mSv exposure to any fetus during pregnancy, and coming close to or exceeding the guideline of 4 mSv exposure for ordinary workers.
This would, at a minimum, mean that anyone at risk of pregnancy should not be scanned, and radiation workers should not be scanned (as they are typically close to their limits). There is thus just no chance that this would be adopted for regular screening of the general population
If you have the 'terrorist' in custody, why would you release him/her?
How would you know to take such a skeletal scan? Wouldn't you have to scan everyone?
Note: DEXA equipment is very expensive.
U. MD researchers proposed a gait-matching identification last year. This would be a MUCH BETTER approach than skeleton imaging, since aerial drones and satellites can capture the gait of people in their training camps and gathering places.
@ jgreco & Clive Robinson
I think sarcastic or naive (not complacent) would have been a better go at it. I come from a criminal justice background and understand the right to privacy and why everyone is so adamant that the government stays out of their lives; however I also honestly do feel that if you have nothing to hide - what's the big deal?
I will gladly allow and do so on a regular basis airport screeners to rifle through my belongings. I'm not bringing a bomb, a weapon, or drugs on a plane so I have nothing to hide. I would sacrifice whatever it is you want to call said action above of freedom; for freedom to live - if we don't screen passengers I can guarantee you there would be countless hijackings and bombings starting tomorrow. Who cares if they see my underwear and toothbrush? I would like to brush my teeth tomorrow.
To get back on track, I don't think I was being overly sarcastic with what I said as I do believe in what I said and it wasn't meant to foster the feeling of sarcasm nor "complacency". My comment was meant to express my opinion, perhaps it could have been articulated in a better way.
But I won't apologize for my opinion - whether you're on the far left or not, it doesn't matter.
@ Luca: "@ Daniel Wood - cellphones use has not been shown to cause anything..."
Really? Despite being in the news recently (the past month or so), it has been proven that cell phone usage is linked to an increase in cancer.
"Wright State researchers are currently working on identifying key elements and measurements of the skeleton that differentiate one person from another."
Translation: We wish we had a clue how skeleton matching might be accomplished. Please continue to support our modest but adequate lifestyle why we pretend to figure it out.
Subtext: With our powerful X-ray technology, we have discovered that most grant agencies are governed by boneheads.
You may gladly allow them to go through your belongings, but it annoys me every time, /especially/ because I have nothing to hide. I haven't done anything wrong so why treat me like I have?
@Daniel Wood "You can't have an invasion of privacy when you are in public."
While your argument is in general true...it's not entirely true.
Warrentless audio taps on a glass phone booth was held inadmissable since the perp had "a reasonable expectation of privacy" not from visible but audio survellience. He demonstrated his expectation of privacy by using the phone booth and closing the door. I believe garbage in cans at the curb is considered the same way. It's not public until it's co-mingled with all the neighbors trash.
The FBI has just been told that dropping GPS tracking sensors on cars is a violation of the US Constitution.
Our bones and the layer of ourselves we choose not to disclose below our clothing (Janet Jackson not withstanding) is not visible to public inspection. You can't see the plate in my head (and aren't you glad?). I demonstrate my expectation of privacy by wearing clothes (and skin and muscle).
@ Daniel Wood
There are two enormous assumptions in your opinion that are difficult to take seriously. First, you have assumed that without the increased "security" since 911 there would instantly be "countless hijackings and bombings starting tomorrow." Your second and related assumption would be that the increased "security" measures in place are actively preventing this onslaught. I think I understand your position, if you believe taking off your shoes and surrendering your water is keeping you safe from terrorists then whats the big deal about submitting to extra searches or scans to be even safer? From my perspective these invasive "security" measures aren't in fact preventing terror attacks at all. Do some research and check statistics, I think Schneier is more accurate in his opinion that the only thing actually keeping you safer is lockable cockpits and the passengers that are not thinking from a 70's-80's plane hijacking mindset. If these scans don't do anything to prevent terror attacks then what is the point of trying to subject people to invasive scanning?
One of the things that concerns me is that this is not detecting (or capturing) the current crop of terrorists...
If we move towards a more authoritarian government (or some facsimile thereof, like a religious autocracy) these records will capture the "terrorist" who resist this kind of political change.
Yes, my paranoia goes to eleven... and sometime higher.
Checks and Balances exist because trust is limited... and, when fewer feedback mechanisms exist, you have no choice *but* to trust (or resist).
"A free society is one where it is safe to be unpopular" - Adlai Stevenson
There's a general mindset that just because I have nothing to hide, doesn't mean there's a right for it to be made "public" -- and then there's the fact that information is potentially saved and could be used for unintended purposes. There's also the who watches the watchers issue.
Daniel Wood invites us to consider harms with no regard for severity or likelihood. Daniel Wood is a Troll.
@ BF Skinner: Yes, I was speaking in a general sense. We can't walk down the street and expect privacy; this is what I was referring to in a broad scope.
The US Court of Appeals decision was based upon warrantless GPS tracking. It does not make GPS tracking with a warrant unconstitutional - huge difference there.
@ Trey Murray: I am not assuming anything; besides countless documented attempts that are public knowledge there are also others that are for the sake of cutting this argument short - on a need to know basis.
If we only locked the cockpit (which by the way has shown to be breakable but which is entirely another matter) and 'educated' passengers to correct this mindset from the 70's and 80's - how would this prevent blowing a plane up from within the cabin? A lockable (and truly functional locked door) will only prevent hijackings, not bombings.
Just like with multifactor authentication, you need multiple security measures to prevent an attack. To reference your last statement, I will reference my first to you - the need to know.
@ Appsec: Yes those are all the general issues that are floating about, however, we are talking about some very specific here - I thought I clarified my position on this several posts up?
@ Tom Hanks: Pot meet kettle.
I am contributing my opinion, which has sparked a healthy debate. I don't know where I ever asked you to consider harms with no regard for severity or likelihood. Perhaps you should go to troll school.
"Countless documented attempts" of post 911 security measures preventing a terror attack? I'm not aware of a single one. Waiving your hands in the air and saying that because the police arrested some people that might have had a plot is laughable. Name one instance where a terror attack was prevented BY THE SECURITY MEASURES you are defending. A need to know basis? Thats a pretty shallow argument to be honest, there is lots of evidence to support your argument but its too secret for me (and you!) so I should just accept your opinion? Sorry if I take a little more convincing than your misleading, anecdotal or just plain absent logic.
I don't care. The tinfoil-lined shirt I wear to stop aliens irradiating me will stop humans too!
If everyone is worried about x-ray overdosing how about we all submit to pre-flight DNA mouth swabs instead? There are some latency issues of course, but unlike the bone collecting DNA grabbing might pay for itself by catching deadbeat dads, creating a massive organ donor registry, and assembling a pay-per-view genetic research database. Remember, if it saves one life it's worth it.
@ Trey Murray: You are correct that countermeasures YOU are implying were discussed have not prevented a terrorist attack that we as the "public" know of.
I am not defending specific security measures, I am merely stating that we should have more security measures than a locked cockpit door and an attentive cabin of passengers.
Where did I say "countless documented attempts of post 911 security measures" have "prevented a terror attack"? Now you are putting words in my mouth and only seeing what you want to see.
I said: "@ Trey Murray: I am not assuming anything; besides countless documented attempts that are public knowledge there are also others that are for the sake of cutting this argument short - on a need to know basis."
** Documented attempts of terrorist attacks, specifically, regarding this discussion, on airplanes.**
I invite you to take a look at the Heritage Reports: http://www.heritage.org/research/reports/2010/04/...
"its too secret for me (and you!)" Is it?
No, you shouldn't "just accept my opinion", but at least think a little more in depth about it before you outright dismiss it. You can do what you want, and honestly I couldn't care less if you agree or disagree with me - but at least admit to yourself that others are allowed to have an opinion that differs from your own.
Next time when trying to pick a fight, make sure you do it without making ideas up that were never mentioned in the first place.
I actually agree with more of what you say than what you think.
But, the fact is, while this is a speicific case, the specific cases lead to generalities and that's the fear.
As much as some of us say that those in charge are creating policies and reacting based on fear -- we can criticize the LEOs and policy makers because we fear what they might do based on some percentage of actions of those in charge before and assume those are not movie plot threats.
There are how many hundreds of millions of archived x-rays in the US? First, I'd like to see some good work on how much individual skeletons change over time. Then we can move on to scanning everyone in the country every five or 10 years to establish the baseline file.
Interesting... for all people worried about cancer and X-rays... maybe there will be a chance that the scan image is used to search for cancer... what about going at the airport and the guy tells you: "uh... you are not a terrorist but you have a very small opaque zone there... you should ask your doctor..." (joke? maybe...)
Again, waiving your hands and changing the the topic doesn't help you here. The subject of this discussion is the usefulness of deploying x-ray scanners as a tool to prevent terror attacks. Presumably these scanners would be used in public places like airports to augment their existing security measures. You have argued that this should not be seen as invasive and unnecessary as it will make us safer passengers. Your link is interesting but ultimately it does nothing to disprove my assertion. Which of those 30 "plots" were prevented by public security measures? Short answer, none. If the adding more invasive security measures is intended to prevent these attacks, shouldn't there be some evidence that the security we have now is preventing them?
@ Trey Murray: It seems that you didn't fully comprehend my reply to you. My previous posts can also serve as a reply to your latest.
@Daniel Wood: Your comment on the GPS tracking seems to me to miss the point. Nobody here is arguing about court-ordered X-rays of suspects, but rather about X-ray screening of the general population. This isn't a modern version of the old Bertillon measurements, but a way of verifying identity of each individual in a mass, and so any law or ruling that "X may be done with a warrant" is irrelevant.
There's also the safety issue. This will hit a very large number of people with a small amount of ionizing radiation. There is, as far as I know, no limit under which ionizing radiation is harmless. Certainly there is no safety with repeated exposure, which is why people who take X-rays do so from a safe distance. If this is done for sports stadiums, then dedicated baseball fans could get 81 full body X-rays per year, which is way over any recommendation.
Therefore, this measure will kill people. It probably won't be many people, but it really does need study to show that it will, net, save lives. Since no lives have been lost due to terrorism on US airlines or in US sports arenas in quite a few years, the prima facie conclusion is that this is a step way backwards in safety.
The 'nothing to hide' argument has been killed dead 1,000 times over. Go read a book.
Subsequently, being bombarded with fucking radiation every time you walk through an airport terminal should hardly be anyone's idea of 'not a problem'.
There's a reason they shove you in a lead vest during x-rays, to protect your vital organs and everything else from unnecessary, cancer inducing, DNA destroying waves of radiation. Chalking a deep x-ray up to 'eh, same as using a cell phone or wifi', is pure ignorance. There are many publicly available international studies regarding the use of both wifi and cellphones, as well as x-rays. What did you say before in all caps? Oh yea, RESEARCH. I'll give you microwaves though, which is why I don't use them, and subsequently why I'm glad that I have a fucking choice in the matter.
People like you with your cliched quips are why the rest of the country is so docile in the face of rampant government abuse of personal liberties. Idiocy breeds the same, as does ignorance.
"You can't have an invasion of privacy when you are in public. When you are in your own private domicile, then it becomes an invasion of privacy."
That's a vast misconception if you're talking about the US. The 4th amendment guarantees the right not to be physically searched excepting for probable cause and backed by search warrant.
The courts have found that a warrantless search may be permissible "where there is probable cause to believe that a criminal offense has been or is being committed", but this seems to fail that test miserably.
Remember we're discussing searching inside humans and damaging them in the process. This kind of radiation exposure will increase the incidence of cancer in the population, you just can't be sure who draws the short straw in advance.
Daniel, the Heritage Foundation "study" is nothing but a polemic defending the Cheney and attacking the Obama administrations.
Many of the "attempted terrorist attacks" cites in the study are completely bogus. For instance, the "plot" to blow up the Sears Tower fails on simply the "attempted" criteria. Of those that don't fail the laugh test, I don't see a single one that wasn't foiled by good old fashioned police work, in at least several cases, by foreign police departments.
What's your salary? Who do you work for? Where do you live? When are you next on holiday? Are you male or female? Always? Sexuality? Have you ever committed a crime? Were you a member of the communist party at college? Have you ever cheated on a partner?
What's the matter? You've got nothing to hide, right?
@ Daniel Wood: By the link you gave of 30 plots stopped not a single one was due to security screenings. In fact, two (at least) made it past security and were stopped by civilians on the planes rather than flight attendants or air marshals.
The vast majority were by old-fashioned police work, something Bruce has repeatedly stated as the best way to actually improve security. (Especially because it improves security outside of just terrorist plots -- bonus points!)
Also, as for expectation of privacy -- you have an expectation of privacy against the authorities unless they have a warrant or probable cause. When a cop is on a stakeout it's because they have probable cause -- they don't get to just randomly watch your house all night because they feel like it and are waiting for you to do something illegal that they do not expect. (By the letter of the law, at least. It would be harassment, but it would be exceptionally hard to prove you were being harassed.)
"To balance exposing somebody to the risk of developing cancer, the operator should have to pay some money up front. $100,000 a pop sounds right to me."
C'mon, let's make it fair -- let's say that each screening is about equal to 6-months of background radiation and that background radiation contributes to 10% of your cancer risk over 70 years. So we're looking at 1/140th of 10% chance of cancer. And cancer costs, say $100k. Some quick math says that it's about $70 a pop. Not a bad bet if they put it at every shopping mall in America -- I mean, we'd die of cancer a lot sooner but until then it'd end all poverty. Just think of it as the sci-fi "lottery" ATMs.
"People don't leave latent skeletons at the scene of a crime..."
Sometimes they do, but only once!
@Daniel Wood "The US Court of Appeals decision was based upon warrantless GPS tracking. It does not make GPS tracking with a warrant unconstitutional - huge difference there."
Not so huge. I'm not talking here about warrented searches/seizures. That is duely processed through a check and balance however imperfect. The case with the bookie and the phone booth was also warrentless. The investigators argument was look I can see the guy therefore no privacy expecation. The Feebies argument was the same in regards to the GPS. 'Look I can assign an agent to follow this person from point to point without a warrent. Why can't I just use an automated device to do the same thing?'
The GPS issue is interesting case in point and availiable at http://pacer.cadc.uscourts.gov/docs/common/...
From the finding -
Aguring that an earlier case (Knots) ruled in this case
"...not that such a person has no reasonable expectation of privacy in his movements whatsoever, world without end, as the government argues."
"Here the police used the GPS device not to track Jones‘s ―movements from one place to another,‖ Knotts, 460 U.S. at 281, but rather to track Jones‘s movements 24 hours a day for 28 days as he moved among scores of places, thereby discovering the totality and pattern of his movements from place to place to place."
"...unlike one‘s movements during a single journey, the whole of one‘s movements over the course of a month is not _actually_ exposed to the public because the likelihood anyone will observe all those movements is effectively nil."
Ginsburg "Practical considerations prevent visual surveillance from lasting very long. Continuous human surveillance for a week would require all the time and expense of several police officers,"
Because technology makes things easier they are ever more prone to abuse and changing the meaning of how we relate. It seems the court is aware of this and cites a current California law that indicates its unacceptable to society to gps track anyone unwitting.
Naked body scanners, now, (as opposed to mm backscatter scanners that present images against a outline human body) are a strip search. Health concern aside the practical control...IS a strip search of every human boarding a plane a good idea? Even if it was, We would never permit it because it's impractical and it violates our personal zone...until the technology made it 'practical, reasonable, un-invasive'.
Assuming your $70 / scan run rate and using publicly available estimates of actual (physical and human) losses from 9/11 (http://www.l20.org/publications/9_7Q_wmd_krugman.pdf) of ~$31B, you do more damage than 9/11 every time you scan the entire population twice.
I'd further suggest that the $70 figure is low since cancer can cost quite a bit more than that, and there is no included calculation for the loss of life entirely, but that's just a gut feeling.
In any case, this is a system we could hardly justify on basis of cost in dollar terms, privacy, or in loss of life.
@Clive Robinson: "picking the flesh..."
That was great!
@Daniel Wood: "look at the Heritage Reports..."
I took a look at that page and what I saw was quite a few arrests of people planning to blow something up and a couple arrests of people who actually got the chance to blow something up but failed.
There is a pattern. Schneier it out years ago. Either the group was large enough to be caught by investigators before they could attack or they got to carry out their attack but it wasn't technically feasible.
I can't help but think we are spending good money on investigations and I hope we aren't wasting too much money on baseless TSA style dragnets. The TSA is coming up on its first decade of failure in about a year but who knows. Maybe they this year will be their year! We are already spending a significant fraction of the CIA's budget on the TSA, the TSA is already reviled because it is too invasive, and airline baggage theft has gone through the roof. Yet despite all these costs they haven't actually prevented anything yet.
The only thing that you've been getting out of their rifling through (and sometimes stealing) your stuff is that they have been rifling through your stuff. I have one question for you: would you be interested in buying some used discount (10% off!) lottery tickets?
@Alex " this is a system we could hardly justify on basis of cost in dollar terms, privacy, or in loss of life."
Time to buy stock in the company i'd say then.
Alas poor Yorick, I knew him.
Rep. Louie Gohmert (R-Crazytown): "Believe me, it's happening. The terror zombies are on their way, and this technology is the only way to identify them!"
@@Roy at August 24, 2010 12:01 PM
"let's say that each screening is about equal to 6-months of background radiation and that background radiation contributes to 10% of your cancer risk over 70 years. So we're looking at 1/140th of 10% chance of cancer."
I'm not convinced it actually works like that though. Does a doubled exposure to radiation translate to a doubled risk of cancer? You have to keep in mind that these scans are going to be stacking on top of each other, people could easily have dozens of scans a year, resulting in getting "half a years worth" of radiation several times over.
Then again, hard radiation shouldn't be bio-accumulative like fallout could be... so I'm not really sure. Calculating radiation exposure risk isn't something I've exactly done before, so perhaps someone else could weigh in?
Anyways, this number seems pretty low. For only $70 worth of risk why does my dentist bother putting a lead apron on me when he does dental x-rays (once every 2 years or so...)? Those things seem relatively directional anyways. Are lead aprons actually security theatre of a sort? Wouldn't surprise me a lot actually.
Thoughts of Jeff Dunham and Achmed ....
Props for avoiding the common mistake of tacking on "well" at the end of that. Far too many people misquote Shakespeare. :)
Someone was watching "Total Recall" and got some ideas.
None of these identification methods tell us anything about intent, and they all presume that the bad guy is already on file.
Someone said it earlier. If you had a terrorist in custody, why would you scan and release him? This technique is an ill-considered solution looking for an ill-defined problem.
Let's give Daniel Wood a rectal exam everytime he decides to spend some time in public. It's not like he has any expectation of privacy when in public, and since he has nothing to hide...
I know you're trying to use expletives to drive home your point and we're not choirgirls here, but really, we'll understand what you're trying to say even if you don't swear.
I see bones. I see gizzards and bones,
and a few kidney stones, among your lovely bones!
I see hips, and fourteen paper clips,
three asparagus tips, among your lovely bones.
I see things in your paratenium
that belong in the British Museum!
I see your spine, and your spine looks divine,
it's exactly like mine, now doesn't that seem strange!
Really, you people have got to look on the bright side.
Free X-rays! Beat the medical establishment!
You think you've got a fracture. Don't go to the hospital. Go to the ball park. Ask the technician what he sees.
If you've got a break, fine. If not, you've beat the system out of big bucks.
I can't see a hole in it. By definition then, it's fool proof.
"however I also honestly do feel that if you have nothing to hide - what's the big deal?"
It may be that honest, decent, good people have nothing to hide from other honest, decent, good people.
The problem is that the world contains a significant percentage of thieves, lawyers, gossips, corrupt cops, vindictive prosecutors, newspaper reporters, and similar scum; and until all of these are hanged by the neck and fed to the vultures there will be excellent reason for honest, decent, good people to keep some things private.
@Rookie - There are worse things on the interbutts than my marine upbringing shining through a charged blog rant. That said, point taken.
There is convincing medical evidence that ionizing radiation is not linearly cumulative. "Linear no threshold" model is still used in calculating cancer risk and so on, but it's quite controversial.
However, even if we assume LNT is not true and low doses of radiation can be beneficial, well, the "concerned scientist" wants to put the scanner around THEME PARKS? Children have smaller body mass, are more vulnerable to radiation and will live longer lives, so exposure is more harmful.
I mean WTF, the guy says that he wants to protect his daughters against evil sex offenders and wants to regularly irradiate them? Not very smart, for a scientist.
OK, the sob origin story seems a bit far fetched to me, the true origin story of the idea was probably "hm, let's think how to get grant money out of the intelligence complex, they have plenty of it". And anyway, is it possible to live in States and live somewhere where there are no registered sex offenders, with the War on (teenage) Sex? ("Because War on Drugs and War on Tourism were not enough"(TM)) I think not. Discovering that "there are registered sex offenders around" seems to be equivalent to "and then, the scientist realised the chilling truth - he was living in a city, and thus his daughters were in danger!".
Why do the whole skeleton? You can tell from just their skull! (If this isn't funny, google "phrenology")
It seems the more we fear external threats, the more insane, introspective and intrusive our solutions become. It's similar to our immune system that disarms itself by overreacting to false threats.
"... until all of these are hanged by the neck and fed to the vultures ..."
What have vultures ever done to deserve being fed that sort of toxic carrion?
Anyway hanging is generaly lacking in "good old fashioned entertainment value" where "justice has to be seen to have been done".
Thus I'm more in favour of the old tried and tested methods of "gelding and gouging", "breaking by hammer and anvil" having "their tongues pulled out with pincers" and the removal of finger and toe nails prior to the fingers and toes themselves, for mild offences.
For the more serious offences this can be preceded by a year or so in "little ease" or rack or maiden...
Then there are such minor diversions as "death by a thousand cuts" and "breaking on the wheel" both of which pale in comparison to the little games of "Vlad the impaler".
There is much we can learn in the way of entertaining diversions from our ancestors for whom rotting teeth running sores and infestation by lice flees and other parisites where the excruciating norm.
Let's extrapolate this technology a little. Is it good for anything?
Suppose you could scan individuals at 50 meters and do perfect matching against a database. Is it useful (to police, security officials, librarians, police states, ...)? What would it actually be used for after it was realized that terrorists aren't volunteering for scans?
@Sasha van den Heetkamp "... the more insane, introspective and intrusive our solutions become. It's similar to our immune system that disarms itself by overreacting to false threats."
Our security responses are the social equivilent of autoimmune disorders? Interesting notion.
Dude! I don't ROFL unless I've been shooting Jagermiester with the Irish. But Funny!
It's an ill wind that turns no lining. Too my mind even bastards make good compost. The plants don't care. But We can stop just short of summary execution (wheeee) and merely point and laugh and have children run after them and make fun of them as they do the Ms Macbeth and shoe salesmen.
This sounds a lot like a high-tech version of the system of "anthropometry" Alphonse Bertillon introduced in the 19th century. It had some success but wa ultimately abandoned because inconsistencies in measurement led to corrupt data, ones' measurements can change as one ages, and fingerprints were better.
Technology may solve the first but I bet not the second.
Well if I can get my annual lower back scans for free then I'm not complaining... Though I would prefer MRI to X-ray...
"how much is that per year? One five-hour flight times every trip on the subway?"
More like two flights' worth per trip. Once on entering the subway system and once when leaving it..
I'm curious about what exactly is the problem that this is supposed to solve. I mean, it's not like dead terrorists cause many problems - dead people being the only ones, whose skeletons are available for any sort of reliable matching.
No two males, nor any two females, have exactly-identical external genitalia. Ergo, we simply photograph, measure, etc. the genitalia of the entire world.
When people enter airlines, shopping malls, stadia, etc., they expose their genitalia; it's compared to the database; and if no match to a wanted suspect, they're OK.
Hey, they're in a public place, and if they're innocent, they have nothing to hide...
Oh, by the way, I'm first in line among applicants to do the females.
"This sounds a lot like a high-tech version of the system of "anthropometry" Alphonse Bertillon introduced in the 19th century"
A point to you for remembering Alphonse and his work I was racking my brains trying to remember his name.
As you note his work had some success, unlike the "bumps on the head" and "shapes of the ears and nose" brigades looking for criminal genotypes.
And it still lives on in various non intrusive bio metrics either directly (hand geometry) or indirectly (gait identification).
Which begs the question can we turn a forensic identification tool "facialreconstruction" on it's head. That is it uses normalised depth for the flesh over the bones of the skull to reconstruct what a victim might have looked like from just their skull.
Using surface reflection imaging microwave systems we can "look through" clothes to reveal the body underneath. I've been told that multispectral versions can distinquish between fat and muscle, which if true alows certain variations to be taken into account. Thus the general shape and dimensions of the skeleton can be determind fairly readily.
Which then brings up the question of "overlap" just how many different "groups sizes" are there?
A look in your average clothes shop for "fitting sizes" shows just how few groups their are on a granularity of a couple of inches.
Thus if you have two people of the same shape and build just how different are their skeletal structures. and what would the false positive rate be...
From that then evaluate in terms of system cost and risk to individuals after rational evaluation I cannot see the system being viable...
The "risks" factor to individuals is currently difficult to quantitate. We know all EM radiation ionising or otherwise carries energy into the body and thus has the potential to interfere with biological processes. The evaluation of this is difficult in that we know DNA etc contains a lot of redundancy and the biological processes have the ability to "error correct" in ways we are only just begining to understand. We also make the possibly false assumption that as the body deals with part of the EM Spectrum (heat and light) in a recognizable maner it deals with all other non ionising EM radiation similarly. As others have noted this may not be true. Then there is the issue of an individuals susceptiblity, we know from smoking and lung and other related cancers and smoking disease that individuals vary very differently by many orders of magnitude therefore finding a representative group to test is at best difficult verging on impossible. also there are the ethical issues of testing. Thus like smoking I expect in 20 to 50 years enough data from mobile phone users to be able to get a limited impprovment on the very little we currently know about EM susceptability below the IR band.
I wasn't going to reply to any other comments, however, the following is so pointless I felt the need to.
@ brain fart: "Let's give Daniel Wood a rectal exam everytime he decides to spend some time in public. It's not like he has any expectation of privacy when in public, and since he has nothing to hide..."
I have no idea where to start on this one, so I will start off with calling you a dolt. About half the people on here understood what I was saying; whether they agreed with it or not is another matter - but to say something like that when I had previously posted that the expectation of privacy is moot when in public, OBVIOUSLY comes in to play when it comes to your physical body. There are some exceptions to this rule (e.g., stop and frisk) but a rectal exam is going too far outside the box.
I guess with someone who calls themselves "brain fart" online would naturally be so immature to liken everything to the anus in some way shape or form.
@ Everyone else: I never said I agree with subjugating civilians to needless harm; I said I see nothing wrong with it - as in the technology of skeletal identification. I didn't go as in depth as I perhaps should in explaining myself, but strictly speaking about the technology itself - I have no problem with it; using it on people without testing the ramifications and without a plethora of research before doing so - I am NOT ok with.
If you find something wrong with what I just said above, that's fine; but to resort to "how would you like it if _" or "I guess Daniel Wood wants a rectal _" is plain childish.
"...but a rectal exam is going too far outside the box..."
Daniel Wood at August 25, 2010 5:58 AM
Isn't taking x-ray scan going too far?
Do we actually have a major child abduction crime wave?
I am surprised this wasn't entered in the security theater contest.
Where's the sign saying "Don't feed the troll?
This is the first thread I've read on this blog that has descended into petty namecalling. Let's avoid feeding trolls in the future.
@Sortkatt "first thread I've read... that has descended into petty namecalling"
It's not the first, though they are rare.
It's why I usually preface all my responses with "Stich this Jimmy!"
What usually happens if it IS a troll and I don't think D Wood is (butt face maybe of course it could be a bad day or lack of coffee) is there's some engagement, some reasonable discussion, a repeated statement that doesn't move the discussion on and the unless the troll learns to defend their position "So's your mother!" The discussion moves on without them. Our bs filters are pretty well developed.
Worse case the moderator turn turn kick ban turn turn kick ban.
Or even better: 'quarter circle back -> half circle forward -> hard kick'
@clive: thanks for the point. I will take it for remembering Bertillon (though on scanning I wasn't the first in the thread) but will confess once I remembered him I googled to get my facts straight. I know, I know, what kind of a weirdo commenter AM I?
I fear those that would cut out my eyes in the presence of an retinal scanner.
I fear those that would cut off my fingers in the presence of a finger-print scanner.
Should I fear those that would cut out my bones?
Note that it doesn't matter whether the scanners can be fooled; it only takes criminals that are foolish enough to think they can fool the scanners.
If forced to choose the lesser of evils, this bone thing sounds good.
I would still like to be able to buy special insurance to cover cases where my digits or eyes might be stolen for such purposes, and employers who employ such scanners as a security requirement should be required to pay for such insurance.
Why bother piling on? We learned all we needed to know with this one remark:
"Really? Despite being in the news recently (the past month or so), it has been proven that cell phone usage is linked to an increase in cancer. Try Google."
Translation: "I know it's true, I read it on the internet."
Comedy gold. Fingerprint scanning is too intrusive; instead we should X-ray your entire body. Oh, and it gives you cancer.
If numbers I heard from some random person are accurate... which they're probably not... about 1/5 of the risk of death due to flying is from the ionizing radiation. So best case, this has to stop more than 1 in 4 crashes to be effective.
But forget the passengers themselves. The TSA employees and waterpark guards are not gonna do well standing next to a device that skeleton-scans everyone within 50 meters. Unless they're wearing lead, they'll probably be sterilized within a week, and lead just isn't fashionable at waterparks...
When we find Osama Bin Laden's skeleton in the database, we'll realize something is a bit off. Especially if the bones don't seem to be really attached together properly.
Something like that. It always amazes me how seemingly intelligent people propose solutions to one particular problem, without realizing it's scope. It's actually an emotional response, rather than a well-thought out solution that suits both security and privacy.
It is like curing symptoms, rather than the cause. Threats have a cause that we don't cure, instead we try to mitigate it's symptoms. Clearly and eventually, the cause will not be cured and while curing symptoms we affect other parts of a system, creating a closed loop with a tip-toe repression as end result, indeed similar to a Autoimmune disease.
The challenge is to understand the complete scope of the problem for which we produce such constraints, and this is very difficult. Not many people have the right intelligence to tackle security issues wisely. I am not one of them, but neither is that professor who proposes skeletal structure scanning as a way to protect his child from potential predators.
I never heard of any security mechanism that completely reduced crime. But the costs that came a long with it was an invasion of privacy and ultimately fear and distrust, which leads to more recursive distrust -ad infinitum. Until we are back at square one.
"The bodies were too badly burned to be identified, however, dental and skeletal records suggest they were terrorists..."
Do they even have archived skeletal data on existing terroritsts? I mean some of them haven't ever been laid eyes on. I'm not saying an adamant no to this new "procedure" but would it really help?
Folks, remember this is just a bare-bones idea that still needs to be fleshed out.
The only possible (I won't say plausible) defense provided by this scheme would be against infiltration by disguised extraterrestrials. Talk about your movie-plot threats!
@Daniel Wood: It is my firm belief that everybody has something to hide, some small and some big. The side effects of being proven to be somewhere to eliminate you as a suspect of a crime could get you into all sorts of trouble elsewhere. White lies are probably not more uncommon than "real" lies and society practically relies on them.
Cancer from ionizing radiation exposure (in addition to a number of other environmental factors) is modeled as a linear no-threshold hazard: 100 units of identical radiation will cause as many cancers if spread out over 10 million people as if they were spread out over 100,000 people - minus the infinitesimal number who were given cancer *twice* simultaneously. This is what is actually being stated by scientists when journalists hear & repeat "there is no safe level of exposure". The number of scans will be proportional to the number of cancers caused, which is not overly difficult to measure if you have the luxury of grisly Nazi-style test results.
Could you, as salesman, offer this product knowing that (for example) over the warrantied service life it will give 10 people cancer, and 6 of them will die of that cancer? If the odds are that nobody will benefit?
Low per-scan exposures don't change the actuarial calculus here, it only obscures the liability.
Perhaps jet aircraft are killing just as many people per trip... but jet aircraft have a reason to exist and an inherent limitation on how often they can be used.
Before 9/11, the merest hint of a product like this being forced on people who just wanted to go to the waterpark/subway/mall/Statue of Liberty would spark a congressional hearing and a swift ban on commercial sale.
You can't make this stuff up...
What's next? Are they are going to "read" the bumps on our heads like some kind of twisted vulcan mind meld? Wait, they are working on profiling by reading minds (CTs?). 19th century pseudoscience makes a comeback along with steampunk. Waiting for corsets to come back in style and high collars. I rather think they had a better sense of fashion back then. I am now putting down the red bull....
I can envision an entrepreneur coming out with a line of fashionable lead-lined clothing, or at least clothing with lead-coated threads woven into the fabric. Sheesh.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.