TSA Considering Implementing Randomized Security

For a change, here’s a good idea by the TSA:

TSA has just issued a Request for Information (RFI) to prospective vendors who could develop and supply such randomizers, which TSA expects to deploy at CAT X through CAT IV airports throughout the United States.

“The Randomizers would be used to route passengers randomly to different checkpoint lines,” says the agency’s RFI.

The article lists a bunch of requirements by the TSA for the device.

I’ve seen something like this at customs in, I think, India. Every passenger walks up to a kiosk and presses a button. If the green light turns on, he walks through. If the red light turns on, his bags get searched. Presumably the customs officials can set the search percentage.

Automatic randomized screening is a good idea. It’s free from bias or profiling. It can’t be gamed. These both make it more secure. Note that this is just an RFI from the TSA. An actual program might be years away, and it might not be implemented well. But it’s certainly a start.

EDITED TO ADD (7/19): This is an opposing view. Basically, it’s based on the argument that profiling makes sense, and randomized screening means that you can’t profile. It’s an argument I’ve argued against before.

EDITED TO ADD (8/10): Another argument that profiling does not work.

Tags: , , , ,

Posted on July 19, 2013 at 2:45 PM60 Comments

Comments

AussieDan July 19, 2013 3:02 PM

Looks to me like it’s just specifying which line you go to, there’s no varying level of scrutiny between different lines.

W Mellon July 19, 2013 3:10 PM

I’ve encountered the “India” push-button in Mexico & Brazil airport customs.

S Walsh July 19, 2013 3:17 PM

Canada makes use of a floor mat that you step on and it points you to a line. Not sure how widespread. YHZ at least.

Figureitout July 19, 2013 3:21 PM

Cue the arguments as to what is and is not random. I won’t trust it until I see Congress, Google CEO’s, etc. get the business; if they stoop down to public transit.

JohnAnonymous July 19, 2013 3:27 PM

I would think it could be brute forced, eg, have multiple expendable terrorists go through, who cares if one or two gets caught?

Not that I think this is the major security problem anyone is facing. They do seem to adequate security, catching the shoe bomber and underwear bomber.

Assassin drones might be a solution here, with the capability to detect nervousness. If someone is nervous in an airline security line with a floating drone over their face, shoot to kill!

Problem solved!

Of course, you would need a model that could work inside, and maybe it could also play some comfortable music like Steely Dan.

As long as it had something like a roving red eye that would lock onto people. To see if they had any traces of nervousness.

Sheri July 19, 2013 3:28 PM

I have seen these at airports in various airports including Mexico. If you pay attention, you’ll realize quickly that there is nothing random about it. The agents trigger the alarms. You can easily pick out who will get a green light and who will get red.

Figureitout July 19, 2013 3:39 PM

I don’t like this Bruce, it gives an almost unattackable position of “Hey, my little thingy-majig randomly told me to search you; not my decision!”. And just like when you ask a police officer about their radar device, they don’t understand how it works at all and tell you to shove it.

david July 19, 2013 3:56 PM

I agree with AussieDan. I read this spec when it first came out, it is just telling you which line to be in, not if you get inspected or not.

Figureitout July 19, 2013 4:02 PM

LOL, did you catch the end of the article?

Responses to the agency’s RFI must not exceed 15 pages.

AussieDan/david
–Then what’s the point of it then?

Victor Engmark July 19, 2013 4:05 PM

“Automatic randomized screening is a good idea. It’s free from bias or profiling. It can’t be gamed.”

Actual randomization would be a good idea, but even the RFI doesn’t exclude pseudo-random number generators. They could for example calculate two successive digits of pi, and see if that’s higher or lower than the percentage. If the algorithm gets known (or someone observes the device long enough to figure out the calculation) it can be gamed.

Instead, somebody with an Arduino, a Geiger teller and a day could (in an ideal world) make a lot of money doing this right.

Ryan Lile July 19, 2013 4:22 PM

I agree that random is good and bias-free, but I hope they don’t use this to replace the existing PreCheck regime. I’m not a threat to aircraft, the airlines know it and the TSA/DHS regime knows it. PreCheck is one of the few things the TSA has done right.

wumpus July 19, 2013 4:28 PM

From the TSA Blog:

“Whether or not the gun was put in the bag intentionally, TSOs are required to contact law enforcement immediately. In addition to potentially missing their flight, passengers could have their gun confiscated and/or face criminal charges. A fine from TSA is also possible.

In other words, if they catch you the first time, have a different member of the team try to bring the guns next time. Still security theater as long as they are pandering to those who can’t stand to spend an hour without their precious gun strapped to their side.

Peter July 19, 2013 4:46 PM

@W Mellon – I’ve saw the button thing in Mexico when I was there about 20 years ago. You either got a cursory once over, or you took your chances with the button. Green, you get nothing checked, red you get a full and thorough inspection.

AussieDan July 19, 2013 4:53 PM

Figureitout: that’s roughly my point!

Unless it’s a building block for varying the level of scrutiny per-line later (highly doubtful), the only attack it’s actually doing anything about is one where the attacker has a better chance of getting through a particular line than any others.

Realistically for that to be the case (assuming all lines are using the same equipment and procedures as they mostly do today) they would have to have an accomplice within the TSA. At that point you have bigger problems than whether your attacker can choose which line to go through.

As far as I can see it’s pure security theater at best and realistically it’s yet another way for a “security” company to line their pockets at our expense while also making the screening process even less efficient because travelers will no longer be able to choose the shortest line.

name.withheld.for.obvious.reasons July 19, 2013 5:06 PM

Ya lost me on this one Bruce, I could see this easily a used. Can you imagine, one warm summer’s eve a woman enters the “random” que. First off, she’s not a woman (originally), has affairs with well known lesbians, is a member of PITA and the NRA and she purchases medicines online from some Albanian pharmacy. Today’s random numbers are briught to you today (in the spirit of Sesame Street) by the NSA’s transgender, lesbian, pill popper campaign. And yes, our audit shows that it was perfectly legal…wait, I meant to say random.

dragonfrog July 19, 2013 5:08 PM

@ S Walsh

Canada makes use of a floor mat that you step on and it points you to a line.

I had the opportunity a while ago to watch a large Sikh family step on the “random” line chooser – that sure was a long string of unlucky spins on the old security lineup roulette wheel.

Unless of course there’s a hidden foot switch somewhere. Naaaah, that couldn’t be.

mishehu July 19, 2013 5:33 PM

How does supposed random screening improve security at all? The whole point is to be able to identify dangerous people and check them out more. But all this does is mean that I might not get a free prostate exam next time I fly, or I might.

Nick P July 19, 2013 5:38 PM

Re randomizer

There are many inexpensive products on the market, including USB & PCI devices, that can generate the randomness. An embedded systems guy could probably put together the whole thing super cheap, as well. I vote Steve Gibson.

Re or not-a-randomizer

Of course, I doubt the process will be truly random. They like being in control. There might be a “pick that person anyway” command they can send through. Additionally, there might be procedural (official or not) bypasses that occur. Also, what happens if the machine “accidentally” starts doing lots of false alarms. Will the agents take over with their biases against randomness?

Re terrorists

There is already a somewhat random interception scheme that’s been going on in the drug war at the borders. The bad guys just threw large numbers of people at large numbers of targets. Enough got through to make the strategy worth it. Terrorists might use a similar strategy.

Spaceman Spiff July 19, 2013 5:45 PM

They do this when you go through customs in Mexico City. It definitely speeds things up, and reduces the manpower requirements for luggage inspection. FWIW, I have never got a red light, but my wife has… 🙂 And she is the least likely person in the world to try and smuggle something anywhere! Me… No Comment! :rolleyes:

Dihydrogen Monoxide July 19, 2013 6:11 PM

I agree with all those who don’t think such a process would ever be completely randomized. At a minimum, I expect the following tests to always be applied:

1) Automated facial recognition.
2) Visual profiling.

If you pass those two tests THEN maybe you get randomly sent to the fast line or the slow line.

Figureitout July 19, 2013 6:59 PM

AussieDan
–God that’s dumb! Then it must be for drug smuggling where TSO’s are getting subverted. Oh well, I didn’t make any money living in my parent’s basement so not much tax money from me to spend on stupid shit.

Katsmeat July 19, 2013 7:46 PM

JohnAnonymous • July 19, 2013 3:27 PM

I would think it could be brute forced, eg, have multiple expendable terrorists go through, who cares if one or two gets caught?

Surely the moment one terrorist get’s caught, the airport will be effectively locked down. Flights will be suspended; all passengers already through security and in the departure area would be held there until they can be rechecked. Anybody looking even a bit suspicions would be arrested.

Simple probability theory shows the brute force approach vastly increases the chance the overall plot would fail.

atk July 19, 2013 8:25 PM

@Bruce: I strongly disagree with your premise base premise that the government searching people before boarding an airplane is either necessary or right. I postulate it is neither.

It is unnecessary in that, if TSA were really stopping crimes that would be committed onboard an aircraft, we would expect them to announce that to the Nth degree, claiming it to be terrorism – or, if not, to demonstrate some value for the screening beyond just detecting contraband.

It is wrong in that the government is required to have reasonable suspicion (or better) or a warrant to stop and search us. Case law that says otherwise is as bad as the Cruikshank decision and I hope will some day be overturned. The government has neither reasonable suspicion nor warrant. Therefore, it is a violation of our constitution, our right to privacy, and our right to be secure in our persons and possessions.

Shawn Clester July 19, 2013 8:46 PM

First saw this in Cancun Mexico. Heh drugs bring out the best in security I guess…

SadStory July 19, 2013 9:34 PM

I’d be stunned if the push button gizmo is used in Indian customs. There are many airports and it is possible that one has this randomized system of checks. Typically in India, baggage handlers scan all checked-in luggage before it is dropped off at the carousel, and the guy at the scanner uses a piece of chalk to mark a big “X” on the bag. (You can fill in the blanks on the security of this system here …..) All Xs are stopped when exiting the airport and opened and checked. The corrupt custom officials demand bribes from folks carrying more than 1 laptop or importing fancy electronic devices.

The free-of-import-duty limits in India are paltry in order to support such a corrupt system. The bribes make their way up the hierarchy to the folks setting these impractical limits. So there is ample incentive not to use a randomized checker. They profile and target those who won’t challenge them. Elderly women traveling alone and flashy travelers who are wet behind their ears are often forced to pay up.

J July 19, 2013 10:03 PM

Randomization is already used in every detection hardware, for instance metal detectors: these will ring if you carry metal, but also are randomized to produce false positives.

These false positives trigger thorough inspection (i.e. pat downs), so are in essence unbiased controls.

AC2 July 19, 2013 10:49 PM

This doesn’t happen in India.

There is a green and a red channel.

Almost everyone lines up at the green channel , where there are 1-2 Xray baggage screeners. All baggage gets screened. Some 10% gets opened for inspection based on some criteria – not sure exactly what.

If there is a huge rush a custom officer walks down the line and picks people who can go thru without screening.

asdfasdf July 19, 2013 11:38 PM

yeah blah blah blah Brucie, you are a wanna-be insider that accepted the faustian compromise eons ago. you helped build all this bullshit that you now purportedly rail against. you used your incredible intelligence to help design crypto backdoors for the NSA, and all of your public rants about the surveillance state are moot based on the millions you made with your managed security services firm that helped design a major portion of this panopticon we all now live in.

shut the fuck up about your purported pro-Constitution ideals and just be truthful for once.

asdfasdf July 19, 2013 11:49 PM

hey brucie why don’t you talk about your work with the clinton administration about the zimmerman/pgp false flag

why don’t you squawk about the clipper chip and how clinton pulled those plans based on the rsa backdoor they were handed from the crown and ecuador

“hey brucie, you are going to lead this crypto anarchist movement, you’ll be the next digital abbie hoffman. we will harass you publicly for publishing a book that promotes rsa and a bunch of other bullshit crypto algorithms, mkay? then you’ll make millions with your book royalties and then become the cto of a bullshit mss company that will build the technology used to enslave the human race”

nice brucie, a super carbon based biped you are

Jenny Juno July 20, 2013 12:10 AM

@Ryan Lile
PreCheck is one of the few things the TSA has done right.

It is only “right” in the sense that reduces the TSA’s risk of being defunded. The people who will pay for PreCheck are the affluent, the very same people with the political clout to knock the TSA down. By letting the politically connected opt out of most of the TSA’s worst practices, they are assured that the politically connected won’t have the kind of bad experience that leads to talking to their representatives on the golf course.

I’m not a threat to aircraft, the airlines know it and the TSA/DHS regime knows it.

And if someone who is a threat kidnaps your wife and child and says they’ll kill them unless you carry this bag of drugs (that is actually C4 explosives) would you let them kill your family? Do you believe that everyone with PreCheck clearance would chose to let their family die instead of smuggle what they think is a key of cocaine?

No, PreCheck only works for the same reason all the rest of the TSA security theater works – for all practical purposes there are no terrorists in the USA. Bad policies are just as effective as good policies when the actual threat is non-existent. So far, the TSA has yet to indict a single person on charges of attempted terrorism, they just don’t exist.

Christopher Rath July 20, 2013 9:19 AM

I’m with the nay-sayers in this one, Bruce. Here in Canada, at the YOW security line leading to the US immigration post, the metal detectors have a so-called random selection feature. I fly almost every Monday morning, and my experience is that the feature is simply used to manage traffic flow: when lines are short, almost everyone is selected for “random” extra screening; when things are busy, the machine selects a much smaller group of people.

Here the “extra” screening is done by a millimeter wave machine (or, a full pat down, at the passengers discretion), and the random feature is simply a way of keeping the machine fully occupied while not causing security lines to grow overly long.

One might argue that this is a good program; however, if the goal is to catch terrorists then you cannot come to this conclusion since the goal of the program is to manage workload (a very different goal than catching terrorists).

I fly almost every week. I’ve flows >2M miles on business over the past 25 years. I am a top tier flyer with United. I was top tier with US Air before that. CATSA, TSA, and all the other “brown-shirts” know that I’m not a terrorist. Any time they spend searching me is simply a reflection of their own incompetence and lack of attention to the point of catching terrorists. The fact that I am frequently detained and searched telegraphs their true intent: they are bullies and they use terrorism as an excuse for bullying and abusing people in an open display of power that is intended to ensure that I understand that I am not free.

Figureitout July 20, 2013 9:48 AM

Bruce
–For the love of god not another debate w/ Sam Harris! You’re right, please; you’re right! 🙂

bullying and abusing people in an open display of power
Christopher Rath
–This is all they got, any TSO’s I meet I can’t contain a grin and ask how many dildos they confiscate; sorry, no respect. They’ll tell you A LOT. As for other bullies, they got it coming in other ways.

Tracy Johnson July 20, 2013 11:12 AM

To avoid profiling, it would be easier (and cheaper) to put in a little clear plastic box attached to a chain with a 10 sided die. If the “number of the day” comes up you are searched.

Cost of a die $1 (prices have gone up, I remember when they were a quarter.)

Cost of a box and chain at best $10 ($2 if made in China.)

That being said, how about that Chinese guy at the Beijing airport in a wheelchair that went boom? I guess now TSA has precedent to search the handicapped and the elderly. Prior to that most articles I read were whining how it was unfair it was. Now they can say “See? It has already happened.”

Figureitout July 20, 2013 12:04 PM

To avoid profiling…
Tracy Johnson
–So now you’re basically accepting random searches at the airport, next they will be mandatory for all, perhaps you’re ok with random searches on the highway, what next?

You tell DHS to buy a die, and they’ll end up w/ some snowcone machines too. Maybe they can use their vibrating dildos to mix up a nice drink.

Regarding the Chinese bombing, it appears as if he just hurt himself, no flights were affected, and operations are back to normal now. What ever happened to this, “WE’RE NOT AFRAID!” nonsense? I think they just pissed their pants again.

Moderator July 20, 2013 12:23 PM

Asdfasdf, you’ve made your point. Now let it go at that, and I’ll leave your existing comments standing. You are not allowed to troll thread after thread with your theories, and if you keep trying to, I will remove everything you’ve ever posted here.

Two July 20, 2013 12:30 PM

One line is X-ray’ing folks, the other has metal-detecting machines. Now we can’t pick the safer option? Some of us have survived cancer enough times already, thank you.

What happens when my autistic young child goes in line F and I get sent to line A? Last time he freaked out, bolted, and tried to run out of the airport into traffic. Now I can’t even go with him?

Hmm.

djm July 20, 2013 2:26 PM

The randomization isn’t designed to catch terrorists, it’s designed to keep the workers honest. If you’ve bribed one of the inspectors to let your contraband through, you need to be sure that you get that inspector. This stops that from happening.

amber July 20, 2013 2:27 PM

If this means that TSA will terminate their current crop of actors that are so bad, they would fail an audition for Plan Nine From Outer Space, then it would be useful.

But it looks to me like it simply going to be spending money on more props for actors that would be rejected from auditioning for an elementary school production. A production that wouldn’t survive the planning stage at elementary school, much less reach rehearsal time.

Personally, I’d terminate TSA in tota, and mandate that all airlines that have operations in the United States adhere to the security protocol that ElAl uses. If people really need that “feel good” security theatre experience, then use electronic scent sniffers, to pull out everybody whose contents emit “suspicious” odours.

If that means that somebody leaving Hartsfield is pulled aside for carrying marijuana, but that same person leaving SeaTac, carrying triple the amount of marijuana, is ignored, well so be it. That simply reflects a difference in which substances are legal in which cities.

mishehu July 20, 2013 4:25 PM

@Christopher Rath –

I see the same thing at the airports from which I fly frequently (between 1 to 3 weeks cycle usually). There’s never a point in time that there isn’t a steady stream of passengers going through the b.s. millimeter wave pornoscanners, with the exception of when they are recalibrating them. At the time of recalibration, they allow everybody to go through the standard magnetometer, and nobody is subject to the super-invasive pat downs either at that point. I have equally never seen a back-up at the millimeter waves either, and when they get a steady number of 2 or more people waiting in tow, they again start overflow procedures with the magnetometer. It’s an absolute joke to say the least.

I am to this day awaiting to hear the TSA finally boldly state “SEE!!!! After almost 12 years of making you take your shoes off, we caught another one! We’re so justified and patting ourselves on the backs!” I think that is a statement we will never actually hear them say, only the “oooh look, we prevented some knives, guns, and lots of drugs from getting on the plane!”.

aboniks July 20, 2013 5:43 PM

JohnAnonymous • July 19, 2013 3:27 PM

I would think it could be brute forced, eg, have multiple expendable terrorists go through, who cares if one or two gets caught?

Katsmeat • July 19, 2013 7:46 PM

Surely the moment one terrorist get’s caught, the airport will be effectively locked down. Flights will be suspended; all passengers already through security and in the departure area would be held there until they can be rechecked. Anybody looking even a bit suspicions would be arrested.

Simple probability theory shows the brute force approach vastly increases the chance the overall plot would fail.

Unless the plot depends on that lockdown response, of course, in which case it succeeds brilliantly.

vis. Multiple bad actors carrying explosives/aerosols in a target rich environment full of panicky stressed out travelers who can’t leave the area, but can be herded, essentially at will, into large hyperventilating groups with technology as simple as fire crackers.

wumpus July 20, 2013 6:51 PM

@amber
“Personally, I’d terminate TSA in tota, and mandate that all airlines that have operations in the United States adhere to the security protocol that ElAl uses.”

Good God, why? If there is one thing the TSA has conclusively proved is that there are no realistic attacks being made on US airlines despite only having comical security theater. The previous gun checks were useful for stopping random crazies and those who wished to emigrate to Cuba. It is entirely possible that such security might still be needed.

Since the few attempts made since the towers were hit have been made by passengers (starting with flight 93, but also including the underwear and shoe bombers), it doesn’t make any sense to assume any benefit for improving the TSA instead of making sure the passengers have a reasonably level “playing” field.

I think I’ll have to send in my sarcasm detector. I think it might be failing.

aboniks July 20, 2013 10:47 PM

Assuming you’re trying to find weapons, profiling based on behavior in order to effectively apply limited security resources makes sense, IF your profiling model is well designed (few missed cues, few false positives)

http://heron.nrl.navy.mil/contracts/baa/topics/551105_Adversarial%20Modeling%20and%20Decision%20Support.pdf

Profiling based on stereotype makes less sense, because stereotypes are easy to spoof.

Random security checks make almost no sense at all if you’re trying to find weapons.

We all know that profiling fails if the profiles are too broad, too narrow, or too easy to spoof.

aboniks July 20, 2013 10:54 PM

On the up side though, now that “the feds” know simply everything about all of us, it should be pretty simple to start using whitelists instead of no-fly blacklists. /snark

Figureitout July 20, 2013 11:14 PM

Profiling based on stereotype makes less sense, because stereotypes are easy to spoof.
Random security checks make almost no sense at all if you’re trying to find weapons.
We all know that profiling fails if the profiles are too broad, too narrow, or too easy to spoof.
aboniks
–OK, so going off that, how does one consult the TSA? Profiling requires intelligence gathering by other people so that’s spying in other areas. We need to give these dumbasses very specific and simple instructions.

They could use my solution which is do nothing (eliminate TSA and DHS) and accept possibly having your body blow to bits. Let all of us live w/ the collective horror and destruction; terrorists “win” but also lose b/c they can also die. I’ve had one anxiety attack where I thought this was going to happen and it was the worst ever; I’m over it and it made me stronger. You know my last living grandmother saw someone dumped a bunch of trash on the rural road she lives on, she said let it be; those that did it will also live with the trash.

Clive Robinson July 21, 2013 10:02 AM

@ Aboniks,

    Simple probability theory shows the brute force approach vastly increases the chance the overall plot would fail

We’ve discussed this before at quite some length and only an idiot would not “game the system”.

Simple probability theory has the underlying assumption that the measurments you make don’t influance the out come. That is what is being measured is incapable of responding and addapting to the measuring process.

This is manifestly not the case for humans who can not only observe the process but can actualy manipulate it.

As we know from 9/11 the terrorists were bright enough to test the system before actually making their attack. So we can assume that if they wished to make another “pasanger on a plane” attack they would again go to the trouble of testing then gaming the system.

aboniks July 21, 2013 11:38 AM

@ Clive,

I seem to have failed markup 101. That bit about probability theory was actually written by Katsmeat.

Sorry for the confusion. For what it’s worth, I agree with you.

@ Figureitout

“–OK, so going off that, how does one consult the TSA? Profiling requires intelligence gathering by other people so that’s spying in other areas. We need to give these dumbasses very specific and simple instructions.”

The sort of profiling that the NRL (see previous link) is attempting to engage in seems to be an end run around that problem. They want a system that uses existing video surveillance infrastructure and applies some algorithmic voodoo to the data in realtime to spot people who look like threats because of what they DO rather than what they ARE. If I could explain how best to do that I’d be explaining it to NRL and cashing a check, rather than posting it here, but the idea has merit.

Clive Robinson July 21, 2013 2:38 PM

@ aboniks,

Re markup fail.

Yup I now see what happened, thanks for letting me know.

John Henry July 21, 2013 8:12 PM

As several have noted I saw this at Mexico City customs a few months ago.

I also saw it at a beverage manufacturing plant in the US. I’ve been doing business with them for many years. Before, as I exited through the lobby, I used to always get my briefcase checked. Not for bombs but to make sure I was not taking any company property.

Now I have to mash a button. If it beeps, they inspect, if not, they let me pass.

I’ve been there 3-4 times since they put the system in. I’ve never hit the jackpot nor had my briefcase checked.

John Henry

NC July 22, 2013 6:42 PM

I’m wondering, did this post get referenced in a USA Today article or similar? Without calling out specific entries, I’m noticing that the overall intelligence level of the discussion here is markedly lower than usual for comments on Bruce’s posts.

Dirk Praet July 22, 2013 8:09 PM

I have never seen this in any airport in India.

Wonder what budget they have in mind for this program, and where it will come from.

rob July 22, 2013 8:18 PM

I flew into Mexico City where they had the red/green light system at customs. I just stood in the closest line and waited my turn for customs; a co-worker watched the lights at the different lanes and said that she has figured out how to get a green. Then she went and stood in a different line. She got a red and I swear that the inspectors were laughing (I do not speak Spanish) as they rummaged through her bags. I was smiling.

Figureitout July 22, 2013 10:35 PM

NC
–Not that I know of, go reread the archives if you think this is a particularly bad thread. If you want, you could try and add some intelligence to it if your going to comment and give me something to analyze other than your motherboard.

Clive Robinson July 23, 2013 3:41 AM

@ Jurjen,

    The question “profile or random” actually is a math problem, and it is already solved: square root sampling.

Err no it’s not solved.

There are a number of problems that all these arguments usually ignore or skate/ice over.

The first is that the items being sampled can observe the system and chose when/how to enter the sample que.

Secondly the items being sampled need not be independent of each other. That is a group of samples might act together to chose when/how they enter the sample que.

Thirdly the models used rarely reflect real life, and thus ignore certain aspects of constrained quing systems.

For various reasons (efficiency and safety) aircraft have asigned slots for taking off and landing, further aircraft operators have organised the slots to have as little “on ground” time as possible. Along with other issues to do with check in procedure and times there are constraints on the sampling process.

Without going into detail it’s possible for a group of individuals to “game” the sampling process by forcing the constraints on the sampling process.

If people remember back awhile a day of protest was called against the use of certain scanners. The TSA response was in effect to just turn them off.

Then there was the various “trusted traveler” style scheams to get around the issue of the airlines lossing their “cash cow” business travelers due to excessive check in times.

Oh and how long the “laptop ban” lasted.

All of these show constraints being applied to the checkin security process on a macro basis, it’s safe to assume other constraints apply on the micro basis as well.

For instance there are only so many people that can be properly checked in a given time period and due to flight times having to be met a large number of people hitting the que at the same time will cause it to back up. At some point you will see the sample rate drop as a consiquence.

Further what happens when a scanner is “blocked” that is for some reason it cannot be used for even a short period of time, the que backs up or gets switched to an alternative method or the sample rate drops to clear the back up.

Somebody who works in the area either directly (ie TSA etc) or indirectly (airport cleaner etc) will over time observe these processes in action and can thus use the information to change the odds of being scanned in their favour at a later date.

At the end of the daythe only way to prevent an inteligent adversary “gaming” a constrained sampaling system is not to have one. That is scan everybody the same way or scan nobody that way. Thus enhanced screening is at best a very expensive publicity stunt at worst it’s a way to steal tax dollars and commit significant racial abuse.

Frank Ch. Eigler July 23, 2013 12:59 PM

Random need not mean “uniformly distributed”. Profile-based vs. randomized selection is a false dichotomy.

Cobus van Eeden September 14, 2013 3:16 AM

It bothers me that this has not been mentioned in any of the debates above, although Bruce eluded to it many times it was never explicitly mentioned.

The principle should be that if profiling is applied (even informally) the fact will become known to terrorists and they will be able to use this knowledge when planning any attack. If the system can be defeated as easily as sending in a bomber who does not meet the official (or worse unofficial) profile then the system is simply spectacularly broken as it will catch 0% of informed terrorists who will be going in ONLY as Betty White look a-likes.

Is it not obvious that Profiling is simply the TSA equivalent of security by obscurity in the sense that it ONLY works if the terrorists do NOT know that profiling is being used. (equivalent to believing that keeping the algorithm secret will ensure security even if the algorithm is extremely weak).

After all, as soon as terrorists know that profiling IS being used, and worse what the criteria used are, it immediately becomes laughably trivial to defeat the system.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.