Did this really make travel safer? How can you tell and what sort of numbers support this?

There are all sorts of things which could potentially make things safer but, to quote a Romulan from DS9, "this is all just theory and speculation"

http://www.dailymail.co.uk/news/article-2131857/...

Wasn't there an incident with the TSA a while back where they were sending attractive women through the X-ray machines multiple times?

On the other hand, showing off my man-boobs does seem to get me through a bit faster. Especially if I offer to jump up and down. ;-)

If you put it in absolutes like that you've already lost.

The TSA's mission should be to reduce the risk of a catastrophic attack as much as possible.

Security is always a usabilityrisk trade off. If you accept zero risk (or put that in your mission statement), you'll have low usability and fail to achieve the stated results.

Works better if you're female and blonde.

J.

*) Dress nicely. Skip the torn jeans and T-shirt. Wear slacks, good shoes (that come off easily), a dress shirt, etc. Sad to say, but folks really do treat you quite differently when you dress up.

*) Pay a little extra for business class on SouthWest. That sometimes lets you skip to the head of the line for screening. At the very least, it flags you as a VIP.

*) Chat up a guard or two. They want to practice voice-screening you. Act clueless. Naive. Helpful. You want to be classified as harmless.

*) At all costs, refrain from pointing out how absolutely worthless a job they are really doing or how terribly wrong their thinking is.

*) That's a lot harder than it sounds. At one point security told me they were only worried if the 150+ feet of cat5e cable I was carrying onboard *DIDN'T* have copper wire it in. Quote "It could be an explosive. We think of things like that." Unquote. Yeah, right. I'm going to extrude 150+ feet of LABELED cable, labels printed on the cable that is, and leave out the wire? As opposed to putting 1/8th inch thick sheets of HE on all 6 walls of my luggage? Which one is easier? Which one can't be detected by X-ray? Nevertheless, pointing out these flaws does not move one through their line any faster.

*) When you are a woman, tell them you're pregnant, that you miscarried your last baby, and inquire how safe their X-ray machines really are? Those folks are paranoid about lawsuits.

*) When being felt up, mention that you don't want to risk getting cancer AGAIN! They understand that. It can make the groping go much faster.

*) Wearing disposable footwear, or even just plastic bags with rubber bands over your feet, while your shoes are X-rayed can get you flagged as a hypochondriac. As in don't worry about X-raying Mr. Monk there, he clearly has enough issues already. Plus you don't track through stinky crap, pick it up on your socks, and get it permanently inside your good shoes.

Anyone else want to add to this list?

I will not submit to the new scanners or more invasive "pat-down" that have come into play since I got my job. After having to consult with our ethics department and my management, my job is in some danger because I must refuse to fly from or to some airports (or in the future, any at all). All I can do for now is try not to get any assignments where I might need to travel. This is what I get for being just a dabbler instead of an actually smart security person :-)

To bring back sanity to airline security it should be returned to the airlines. They, unlike TSA, have incentives to be both efficient (they don't want to lose multi-million assets, get huge insurance rate raises, and seriously bad reputation in case if some terrorist manages to get through undetected) *and* as unobtrusive as possible (they do have customers to serve, not the cattle which gets no choice - even if you refuse to fly, you 're still taxed for the benefit of the TSA).

Finally... unionized TSA is going to be even worse. The same bottom-of-the-barrel "officers", but now overpaid, and impossible to fire, and thus even more expensive and useless.

Thanks. An interesting point. Self obvious in a way although it doesn't say much for a person's integrity...

So my question is, why doesn't Corporate America (ex-defense contractors) band together to fix or replace the TSA? Together their lobbying power outweighs the few who benefit from TSA contracts.

But no-one in power wants to be the one who made the decision to allow these items should it turn out that there is an attack no-one thought of that somehow involves nail clippers or the toy gun from a G.I. Joe.

... don't think the "randomization" is as catastrophic as BS would like to believe. Maybe because he didn't think of it...?

I don't know if it was Bruce or one of the posters here who suggested it first, what I do remember is most thought it was a good idea...

Initialy it looked like a very good idea, and I for one thought yes this has potential, but then I had a think about how to "game it"...

Like many ideas that are fine in theory, they often tend not to be in practice because of the "hidden assumptions" underlying the theoretical model are not adheared to in practice.

Two such assumptions I noted way back are,

1, Unlimited (or adiquate) test resources.
2, Inanimate test samples.

Firstly the TSA check points don't have unlimited resources, in fact far from it, in most cases they are under resourced to the point that they are effectivly running well above 100% capacity and thus have to "drop" sample rates to just maintain throughput (this is an instant security fail whichever way you look at it).

Thus any small problem causes major tail backs and other issues which can be exploited fairly easily (have a look at "queing/scheduling theory" to see just how badly it can go wrong as you aproach 80% utilisation let alone 100% or above).

Now the second issue arises "inanimate test samples" by definition cannot game the system, they just sit passivly waiiting to be selected or not for testing. This is where "sampaling theory" for GIT (goods inwards test) gets it's magnification factor due to another couple of underlying assuptions,

3, Faults trend
4, Small failure rates are accepptable.

That is in any batch of mechanicaly produced goods they tend to go slowly from good to bad over many samples due to "tool ware". And this "trend" can be spotted fairly easily, thus a simple "test every tenth item" usually suffices to see the trend and reject a batch.

This obviously does not work when it comes to "lone suicide bombers"...

Likewise small failure rates are far from acceptable when it comes to "lone suicide bombers"...

But all the theory goes out of the window because humans are far from inanimate and can decide quite acuratly where they will appear in the que (Bruce has indicated he can already game the system to avoid the body scanners most times).

So a "test every tenth person" stratagem will fail very very badly.

The apparent solution is "randomly select 10% of people". But it likewise is doomed to fail because it cannot be even close to truely random and actually needss to be "tailored" to demand.

That is without unlimited test resources and a major requirment to meet a certain throughput rate for people to actually get to their plane before take off the "random" can be gamed.

Because your sample rate has to change with demand, the lower the demand the higher the sample rate can be and could go to 100% testing. However a sudden surge will put the sample rate right down to maybe 1% or less. Even a small surge could cause testing to be "blocked" simply because the test resources are 100% utilized when a person gets to the head of the line.

Simply standing a little way off and observing what happens when and how will give you plenty of opportunity to work out when to put a small spanner in the works to create a surge. Thus you and a single "clean" accomplice can que at the appropriate distance appart, when they get to the check point they "drop the spanner" and then you being the right distance back in the que are almost gaurenteed not to be searched...

Which is something I've indicated in the past. And various other people have been thinking about it and likewise found defects and it has became clear that for a whole host of reasons random sampaling for testing passengers would end up being fully "gameable" by those who put a bit of thought into it and little or no impediment to those who cann't even be bothered to try...

Now I don't know what method Bruce uses for,

I've gotten really good at avoiding lanes with full-body scanners

And to be honest I hope he does not broadcast it as other frequent flyers no doubt have similar tricks to make traveling less wearisome and it would be a shame to spoil it for them.

However I suspect Bruce has not "realy tried" to do it by the scientific method (Observation, hypothesize, test, rinse and repeate) just a simplistic heuristic based on a gut feeling or simply being "hinky".

At the risk of being paid a visit by the men in brown shoes, I have to ask: Why doesn't anyone ever consider the chemical weapons of WWI?

Why do we only consider weapons that have already been deployed against us?

Relatively small quantities of Clorox will do hellish things to you in an enclosed space. I should know. I use it, cut with water, to kill mold in the basement/bathroom. But that's what? Only 3-6% BEFORE I diluted it? You can buy far worse.

Banning cups/bottles was a real problem. Lack of proper fluid intake when stranded somewhere for hours or days is a real problem. Needing to fill up a water jug after you get through security, that's less of an issue.

When your luggage can take 24 hours or more to arrive after you do, carrying it on makes sense. (Happened to me, with the baby's travel crib.)

When your luggage is a crib for the infant you are traveling with, or your wheelchair, or formal clothing for an interview, or hardware for the install job you are doing, and your visit is short, carrying it on is the only way to go.

In any case, I don't think there's any proof what so ever that making certain peocesses in the screening active at random. For example, airports in Europe have walk-through metal detectors that will randomly select 20% of people passing for pat-downs, no matter if an alarm was triggered or not.

Overall, European airports are more punctual than those in the US...don't think the "randomization" is as catastrophic as BS would like to believe. Maybe because he didn't think of it...? ;)

There are several aircrafts types with the lavatory next to the cockpit with only a thin honeycomb wall separating them both.

What good will a security door that withstand a 9mm round do when you can punch your fist through the wall into the cockpit anyway - without an airmarshal noticing it?

What good will a liquid restriction do when crew are allowed to bring on how many litres liquid in what ever container they want onboard without any control what so ever.

All security work are merely small obstructions if you decide to actually do something.

- 10% of the time (per one-way flight) my bag doesn't arrive at the same time I do.
- I have often waited more than 30 minutes for my bag.

Until airlines can get baggage handling latency and reliability to reasonable levels I will elect to schlep my own bags.

Then they shouldn't charge by the bag, by your logic they should simply have you and your bags step on a scale and charge you by the total weight.

If you're traveling on vacation for two weeks, try doing this without checking a bag.

"Upton Sinclair explained that"

Quote? I've read some Sinclair but I'm missing your reference.

Quote:
This definitely wasn't the same argument he made when I <a href=''http://www.schneier.com/... him</a> in 2007.

These two quotes after href= are really two quotes.

It is not disclosed, what was the police forces' avenue of attack against these guys. It may not be related to TOR at all. They could have traced their money flows, for one instance.

Not specifically, but as hydrogen peroxide (in high concentrations, not the 2% solution you buy at the grocery store) is an oxidizer, I would imagine that the bottle sizes are an attempt to limit the quantity of the other material component of the bomb, the primary fuel that would react with the hydrogen peroxide. Perhaps the bomb fuel the TSA fears is an air-sensitive material, so that it could not be readily transferred from one bottle to another on board the plane (because it would react with the atmosphere on contact). Presumably, it would react even more vigorously, perhaps even explosively, with hydrogen peroxide.

The liquid ban is still irrational, mind, for the same reason that MOST of what the TSA does is irrational: the whole TSA paradigm is based on the assumption that a single plane hijacking could be catastrophic at a level comparable to the September 11th attack; but that was only possible because policies and public opinion at the time favored giving hijackers whatever they wanted (for a while). Since it has now been clearly demonstrated that that was a very bad idea, policies and public opinion have shifted toward a much more rational non-cooperation stance, and thus a single hijacking is now dangerous mainly to the people on board. Consequently, extremely unlikely attack profiles, such as a binary liquid explosive, are not worth protecting against. People who need that level of security on an individual basis shouldn't be traveling with the public anyway, because some random stranger could walk up and loop a fine cord around their neck and choke them to death, or bludgeon them with a blunt object, or attack them hand-to-hand, or whatever. For everyone else the risk is too obscure to worry about, as you're several hundred thousand times more likely to be in a fatal automobile accident on your way to the airport.

The TSA *should* be worried about providing just enough security (or security theatre; it hardly matters which) to maximize the number of people who A) feel that it is safe to fly but B) do not avoid flying due to the inconvenience caused by the security measures. Making everyone walk through metal detectors, for example, is good. Making everyone file paperwork for each individual flight six months in advance would be bad.

@George

Precisely. People in a position of heavy ridicule and hatred, are also in a position of heavy publicity.

@Bruce

Unbelievable, one must now question his true opinion due to the rapid change. Guess most people have a little too much self-respect to play the confidence when they don't have to.

I think Liv Tyler's portrayal of Arwen is a much more interesting elf.

http://en.wikipedia.org/wiki/Liv_Tyler

And, this engineer believes that Alan's approach to randomization is correct, so long as it is COMPLETELY random. (In the immortal words of Neal Stephenson, "mostly random is not good enough!") Why search a little old lady? Because her lovely, innocent, teenage/young adult grandchild may have joined a death cult while she wasn't looking, and slipped something lethal into her handbag for his use aboard.

http://news.yahoo.com/...

If this is what the DEA and FBI can do to TOR then what can the like of China and Iran do?

He's written a book that will surely make him a lot of money, since the TSA has earned the hatred of so many Americans. He has a lot to gain and nothing to lose from cashing in on criticism from a position of authority. Especially since he fully (and perhaps uniquely) understands that it will only strengthen the TSA.

It's very obvious that the TSA leadership believes that a "poisonous" relationship with the public (i.e., the Enemy) is vital to "security," as they define it. Although Hawley claims that such a relationship is "unsustainable," the TSA's position as the arrogant gatekeeper to a necessary service makes it unstoppable.

Yes, that sounds more like the KGB, Stasi, DINA, Securitate, or SAVAK than an agency of a "free" country. But that's clearly how "security" agencies tend to act in the absence of independent oversight or accountability for complying with constitutional constraints. And the TSA is not merely impervious to criticism, it is accountable only to itself.

This is indeed the fundamental problem of airport security. It's not about security at all, but strictly about political arse-covering for everyone from the President and Congress on down to the legions of bureaucrats at DHS and TSA. Nobody wants to be blamed for even appearing to support something that looks like a reduction of security.

The result is that TSA screening is a continual accumulation of measures, procedures, and rules that are ever more costly, burdensome, and intrusive. Nobody wants to be responsible for removing anything, even if it's been proved ineffective, out of fear that they'll be blamed for it when the next inevitable failure occurs.

For the same reason, the only thing we get out of Congress is a kind of political theatre that parallels the TSA's security theatre. They'll hold hearings where they blast TSA officials with complaints, and issue scathing reports, strictly as a theatrical performance to show they're responding to the many concerns and complaints of their constituents. When the show is over, the TSA officials shrug it all off as part of their job, and go back to business as usual. They know very well that nobody in Congress will seriously propose anything that imposes the oversight and accountability that the TSA so urgently needs. And they know that when it's time to write the budget, Congress will yet again give them the usual blank check to do whatever they want.

I don't know what can be done about the TSA's continuing metastasis. Congress will never do anything. And the public is increasingly recognizing that "resistance is futile," and that if they "want to fly today" they had better act like good docile little sheep when they enter a TSA rights-free zone, and unquestioningly accept whatever intrusive humiliations the TSA decides to inflict.

The worst part is that the TSA's only unquestioned success is in conditioning Americans to accept, and even welcome, the routine surrender of their rights and privacy in the name of security. And I'm sure former FBI deputy director John Pistole regards this conditioning as even more important to "security" than his stated mission of protecting aviation. If he can succeed in making the majority of Americans share his apparent belief that fighting terrorism requires the suspension of once-sacrosanct rights and privacy, he will surely consider that his proudest achievement.

But I don't know what has gotten into Kip Hawley. Maybe he's a victim of identity theft?

That's "LEAP"ed — Law Enforcement Against Prohibition — to be more precise.

"Pour a bit of that on your hand, please"

(silently count to 10)

"Thank you, here's a paper towel to dry your hands with. Enjoy your flight"

If you've ever handled 35% hydrogen peroxide, you know what I'm talking about...

(nevermind that it would be all but impossible to make such a bomb in an airplane bathroom - 99.9% chance of blowing it up around the 'singe off your eyebrows' stage, well before you get anywhere near enough TATP to blow a hole in a plane)

I wish the airlines would make more of a fuss over the numerous fees on a ticket. IMHO it will be the only way this whole TSA situation would be resolved. If it was made clear to each and every passenger that they are paying $20 each time they go through security, there would be far more of an incentive to get the current excesses resolved by voters. Currently the fees are given inscrutable names so passengers don't realise what they are actually being used for. Heck maybe there should be a big sign in front of security saying just how much you are paying for it.

Doesn't TSA's screening process raise the pain/cost of travel and make paying bag fees more attractive to the passengers? I'd think the airlines would be happy with blaming TSA for ineffciencies in travel that they might like.

For instance, the document checking doesn't help security, but it all but eliminates the resale values of tickets. Similarly, TSA snooping through your underwear in public make the public more likely to pay for checked baggage.

"...presumably the terrorists will simply assume that all security regulations are in force at all times."

Isn't that the point? To get the benefits of terrorists assuming 100% security coverage while only paying for 5% of it.

But great job anyway!

Now all you need is the various media outlets running this with the "Should Kip have listened to Bruce years ago" headlines.

Hmmmmmmmm.......

It's the same with dope busting, drug hatin' District Attorneys and Chiefs of Police -- the moment they retire, they become all NORML-ized and everything.

Sheesh.