Schneier on Security
A blog covering security and security technology.
« More Ideas for Privacy Reform |
| A Taxonomy of Privacy »
April 19, 2005
Failures of Airport Screening
According to the AP:
Security at American airports is no better under federal control than it was before the Sept. 11 attacks, a congressman says two government reports will conclude.
The Government Accountability Office, the investigative arm of Congress, and the Homeland Security Department's inspector general are expected to release their findings soon on the performance of Transportation Security Administration screeners.
This finding will not surprise anyone who has flown recently. How does anyone expect competent security from screeners who don't know the difference between books and books of matches? Only two books of matches are now allowed on flights; you can take as many reading books as you can carry.
The solution isn't to privatize the screeners, just as the solution in 2001 wasn't to make them federal employees. It's a much more complex problem.
I wrote about it in Beyond Fear (pages 153-4):
No matter how much training they get, airport screeners routinely miss guns and knives packed in carry-on luggage. In part, that's the result of human beings having developed the evolutionary survival skill of pattern matching: the ability to pick out patterns from masses of random visual data. Is that a ripe fruit on that tree? Is that a lion stalking quietly through the grass? We are so good at this that we see patterns in anything, even if they're not really there: faces in inkblots, images in clouds, and trends in graphs of random data. Generating false positives helped us stay alive; maybe that wasn't a lion that your ancestor saw, but it was better to be safe than sorry. Unfortunately, that survival skill also has a failure mode. As talented as we are at detecting patterns in random data, we are equally terrible at detecting exceptions in uniform data. The quality-control inspector at Spacely Sprockets, staring at a production line filled with identical sprockets looking for the one that is different, can't do it. The brain quickly concludes that all the sprockets are the same, so there's no point paying attention. Each new sprocket confirms the pattern. By the time an anomalous sprocket rolls off the assembly line, the brain simply doesn't notice it. This psychological problem has been identified in inspectors of all kinds; people can't remain alert to rare events, so they slip by.
The tendency for humans to view similar items as identical makes it clear why airport X-ray screening is so difficult. Weapons in baggage are rare, and the people studying the X-rays simply lose the ability to see the gun or knife. (And, at least before 9/11, there was enormous pressure to keep the lines moving rather than double-check bags.) Steps have been put in place to try to deal with this problem: requiring the X-ray screeners to take frequent breaks, artificially imposing the image of a weapon onto a normal bag in the screening system as a test, slipping a bag with a weapon into the system so that screeners learn it can happen and must expect it. Unfortunately, the results have not been very good.
This is an area where the eventual solution will be a combination of machine and human intelligence. Machines excel at detecting exceptions in uniform data, so it makes sense to have them do the boring repetitive tasks, eliminating many, many bags while having a human sort out the final details. Think about the sprocket quality-control inspector: If he sees 10,000 negatives, he's going to stop seeing the positives. But if an automatic system shows him only 100 negatives for every positive, there's a greater chance he'll see them.
Paying the screeners more will attract a smarter class of worker, but it won't solve the problem.
Posted on April 19, 2005 at 9:22 AM
• 23 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Nothing will change. The government doesn't care. How can anyone argue with this? Nearly four years have passed, yet airport security hasn't improved. In fact, you could argue that airport security fails now more than ever, since so much time and money is being wasted, with no security ROI.
Unfortunately, I think that another breach will occur, something awful will happen, and then we'll watch the idiots on C-Span, holding hearings, wasting more of our money, yet no one will be held accountable, and nothing will improve.
Thanks for not paying attention, America. Yep, just keep watching Fear Factor and American Idol, and it'll all be OK.
I sincerely hope these reports get some major media attention when they come out. It annoys me to no end when I hear people on TV or at airports saying idiotic things like "yeah, well, the line may take longer, but it's all in the name of saftey." That is complete bunk, as these reports should show. Almost every single "security enhancement" enacted since 9/11 is purely cosmetic, and will do nothing in preventing another attack. (Which, I predict, will come from inside the airports next time. From my standpoint, the largest security hole in airports is not in the terminal, but outside at the gates. There are dozens of people running around on the tarmac, all of them with access to the underside and cargo areas of the planes. If some one is going to take out a plane, or hijack it, they will enter the plane from the outside near the gate, not though the terminal.)
Standing in line for an extra 30 minutes DOES NOT MAKE USE SAFER. Forcing my 85 year old grandparents to take off their belts and shoes is not helping anything. The TSA screeners are the same high-school drop outs that worked the x-ray machines before 9/11 - just because they're federal employees now doesn't make them any better.
We have yet to take a significant pro-active step in preventing another attack - everything to this point has been reactive. Somebody hijacks a plane with boxcutters? Ban boxcutters! Somebody hides explosives in their shoes? X-ray shoes, then ban matches!
Ah, forget it. If this report hits the mainstream media, it won't help anything... Maybe it's better for everybody to live under their false sense of security.
I think I'll wait and read the reports before I make any conclusions. The "facts" here are coming out of the mouths of politicos and I'm just not wanting to make a judgement based on someone elses judgements. They may very well be right. But I'm not the trusting sort.
I'm wondering what the baseline was for the comparison. I'm also wondering what the actual detection rate is in tests. The find rate in a normal environment isn't really telling in this case since you can't tell what made it through. Though it would be interesting to know what the level of finds for weapon like materials was before the government took over.
I do have to agree with Bruce here on his quote from his book. (Which I'm reading at the moment.) The screener may very well be doing their best, but the methods that are being used just set them up for failure.
I'd like to know if there are any proposals for better systems anywhere that I could look at.
"How many fingers, Winston?"
my lighter was confiscated at LAX last night, but the friendly TSA suggested with a wink that i buy a replacement at one of the shops just past security.
i feel a lot safer knowing all the lighters on board are brand new!
A lesson of 9/11 is that there is more damage an attacker can do with a plane than blowing it up. If the primary goal of screeners is to prevent the take over of a plane then a solution is to severely limit what you can take on a plane. Hence, nothing that is not needed in flight should be taken into the passenger compartment.
Yes, its inconvenient. But it is easier to solve the convenience issue than the security issue.
Excellent post Bruce.
I agree wholeheartedly with your analysis of a better path forward. Another example is the recent advances (and coming boom) in video surveillance technology, which aim to automate the boring parts of surveillance, leaving the analytic and qualitative parts to humans. This system has been found to be far more effective since humans are not fatigued by monotony -- they are only involved when something is flagged as suspicious. This of course depends on some amazing new technology with complex methods to define and set trigger events.
I also agree with the other comments and find issue with the presumption that the present US Adminstration is actually trying to solve the problem.
The fact is, the US Administration uses a blind-faith approach to problems. They believe in a privitization dogma, and they can not see how the situation on the ground is getting worse for passengers with little or no real security benefit.
Here is an interesting look at how this dogma (in it's most unadulterated form) has actually led to the complete destruction of personal and public security in Iraq:
Were there in fact lighters available beyond the security line?
In other government security news.
March 17, 2005
Over A Third Of IRS Workers
"Hacked" By Auditors
By TechWeb News
More than a third of workers and managers at the IRS failed a simple anti-hacker test, the Treasury Department's Inspector General said Wednesday.
Just consider everything cracked, compromised or at the least prone to security breaches. The IRS people handling other peoples information don't have much to lose if that information is lost or compromised by a criminal hacker or a well organized well financed group of hackers. Somebody calls and says change your user name and use this password and hears, yes right away. The whole system starts falling apart from that point.
The federal airport screeners aren't getting on the aircraft, so if there is a security problem, they aren't on the breached aircraft. I know, but they are caring people. The best solution for aircraft security is a trained group of security officers on every flight. The airlines would benefit from replacing or retraining flight attendants as security officers. Forget about passing around the soda and peanuts, that should be secondary. Without proper security, any system will degrade and fall apart. Bank ATM's are secure because they contain money. Commercial aircraft should be more secure than a bank ATM. The airlines need to take the lead on aviation security. The corporate response is usually the same, get more insurance and market cheap tickets and pass security off on the federal government. The airlines with the best security systems will be successful, the airlines that lose your baggage, have little or no financial integrity and generally screw things up will go out of business.
The feds have kept bankrupt USAirways flying, despite the fact that most if not all of their systems have broken down at various points. Some of this is just politics and compromise. That should not inspire confidence in the aviation system. This is like a bad joke, except that it is very real. No joking. The TSA can only hope to improve the security of otherwise secure commercial airlines with the integrity to make their operations secure and thus profitable. You can bank on it. Don't bank on bankrupt airlines being propped up with federal bailout schemes and excuses. You can't bailout at 20,000 feet on a compromised jet. The good news is that there are secure commercial airlines, so if a bankrupt stops flying then the whole system becomes more secure and the important job the TSA and other fed agencies do is less complicated and more likely to achieve the intended results. Before you board a flight, consider the integrity of the airline. You wouldn't want to put your money into a bankrupt bank. Why put yourself on a bankrupt airline that can't provide basic job security for its own workforce? You guys do what you want!
The alternative to security is allowing untrained, uncertified people to take responsibility for securing important systems.
"It annoys me to no end when I hear people on TV or at airports saying idiotic things like "yeah, well, the line may take longer, but it's all in the name of saftey." That is complete bunk, as these reports should show"
No no joe, it's not bunk at all - it's completely in the NAME of safety, it just doesn't accomplish it. I also disagree with you that the Next Thing will be on the tarmac. Why go that far? I once stood in a security line with over 1000 people for over an hour at Dulles airport. The last 500 feet we were packed in a disney world style back and forth roped area. Imagine the result of a suicide bomber in that well-packed provided crowd.
You see similar dopey lineups all over the National Mall at the Smithsonian exibits. You can't get into the Archives via the huge front steps anymore, you line up in a very narrow little section below and to the left. Huddle up into a tight vulnerable crowd for safety!
The fact remains - there is a sure-fire method to getting an electronically triggered bomb aboard any commercial airliner, in spite of all of the security measures taken today, and have it blow up whenever.
There is also a sure-fire way to prevent attacks on airplanes by non-personnel:
1. X-ray and backcatter all luggage
2. Provide dressing rooms where the passengers will strip naked and be rendered unconscious by some method
3. Bring the passengers onto the airplanes on stretchers, x-raying them in the process
4. Take off safely!
5. Upon landing, awaken the passengers, and provide them with their clothes and luggage.
Side effects include abolishment of flight-fright.
What if screening devices themselves had software which randomly superimposed weapons in luggage?
In case it wasn't obvious. The superimposed weapon idea would serve as a kind of on the job test. Every day there would be, say, 1 to 20 weapons inserted and screeners could be graded, retrained, etc.
This'd be a sight to see if anyone actually adopted the idea, but one pattern-matching technology that might be even easier to implement than software is animals. If you give a hungry pigeon, for example, a snack every time it correctly picks out a deviant, it'll stare at a stream of objects and pick out deviants with excellent accuracy for hours. Eventually it'll fill up, of course, but it's cheaper to put another pigeon into rotation than to pay an airport screener. (Which is, of course, why this hasn't happened and won't happen -- the only thing worse than being replaced by a machine that can do your job better is being replaced by a dumb beast that can do your job better...)
Excellent idea. Anything to put an end to in-flight conversations and meals.
You would also dramiticaly improve the passenger density - you could stack people on shelves like a warehouse. That would more than make up for the lack of in-flight sales. Of course, the airliens wouldn't mention this, saying they put passenger safety before their own profits (an so need some federal subsidy for their generousity).
You should take out a patent.
1. Screeners are looking for extremely rare events. Without frequent test events for them check their skills against, they will zone out the first day on the job and never recover, not even with annual 'surprise' tests (which any insider will know of in advance).
2. Worse yet, the list of prohibited items is restricted to easily identifiable items. Nobody needs a metal object to bring down an airliner, not even explosives. Practically everything inside the aircraft is easily flammable, except for the people, so all anyone needs is oxidizer. Do any of the automated screening devices detect oxidizers? Are the human screeners trained to recognize them?
3. One problem with superimposing weapon images is that human screeners will be trained only on the canonical set of weapons selected by the TSA. Anything unlike that set is likely to slip right through. The selection should be done by very talented people, but in reality will be made by unimaginative professional bureaucrats.
4. A second problem with superimposing weapon images is that the vast preponderance of positives will be false positives, so the rare true positive has little chance of being detected. The guy in charge will assume the computer goofed, adding a fictitious image but somehow failing to report it -- just a computer glitch, a hiccup, nothing to worry about, ho-hum.
Is there ANY evidence that there's a need for "improved" screening?
I thought that reinforced pilot cabin doors (and prohibition to open them while passengers are aboard!) would be quite sufficient to prevent repetition of 9/11.
In the end there's only one way to prevent the bureaucracy from running the full course from incompetence, to self-justification with lies and obfuscation, to open malevolence: namely, abolish it. And about the only way to achieve that in a modern democratic society is to remove the financial lifeblood from the bureaucracy - by voting only for those politicans who lower taxes.
The Daily Telegraph claims that the way to attack a plane in the US is through the unchecked-employee backdoor, rather than the passenger vector. Further, that the TSA has been negligent in not securing this approach to the target:
" Follow-Up Audit of
Passenger and Baggage Screening
Procedures at Domestic Airports
"Results in Brief...
Improvements are still needed in the screening process to ensure that dangerous prohibited items are not being carried into the sterile areas of airports, or do not enter the checked baggage system. "
@Joe & Don:
Personally, I think the next attack on an airport will be a coordinated, but low-tech denial of service attack against the air transportation system.
All you need is a group of people to all rush through the security checkpoints of a few major airports early on a Monday morning at about the same time. Bonus points for pretending to hand something off to an "accomplice" who's already through the checkpoint and dashing off into the crowd or down an escalator.
Security will respond as they always have -- shut down the breached quarantine zone, evacuate all the passengers and re-screen everyone while they search the area for contraband. Do this in Atlanta where there's a single checkpoint for all terminals and you've pretty much shut the entire airport down all day. Do this at about the same time at several of the nation's busiest hubs and you've effectively shut down the entire air transport system in the US for the day as delays ripple through the system and the TSA panics about the potential for another 9/11.
With no training, no weapons, and no money you've caused enormous economic damages and gotten tons of media coverage as pundits speculate for days on the significance of the event. You don't even have to kill or injure anyone to make millions of people afraid.
Worst of all, I can't think of an effective way to stop this kind of attack that doesn't require even more barriers, annoy more passengers, and slow down the security checking process even further. We'll waste millions redesigning our airports to try to defend against this as the TSA "fights the last war".
Too much of the thinking about terrorist attacks focuses on physical attacks of our persons or our property. Anthrax, dirty bombs, explosives in shoes and passengers with cigarette lighters. We shouldn't rule out economic attacks just because nobody dies.
#1 you are allowed 4 books of matches not 2. it is very clear that you do not have your info straight.
#2 for every 10 items that are prohibited that we find, the media sights the 2 that got away. now why is that? maybe it is from the inexperienced screeners, or from the 5 airports that never went federal.
#3 maybe you should speak to federal screeners instead of reading the news reports. guess what!! i am a federal screener. no one seems to want to talk to us about real issues. that might enhance your discussion.
#4 i love the person that spoke about the long lines. well dears, if you did what was suggested, and got there 2 hours ahead, instead of 15 minutes before your flight, you might get through faster! silly you!
#5 all events, if done right, are rare. i do not want to see another 9/11. therefore, that statement is just uninformed.
#6 we do not "zone out". what a truly stupid person. all objects are looked at very closely. we rotate so we do not get tired. if this person is a screener, then that maybe a problem. they are one of the screeners that have no clue as they were placed to discredit us real folks.
#7 we do not get annual 'surprise' tests. we get them everyday, and if a screener misses too may of these consistently, they are sent to training.
#8 get your info from federal screeners, not those-who-wish-to-get-a-grip-because-they-read-a-news-report.
#9 there will be another attack, but i assure you it will not be in our terminal, on our watch.
#10 there are different x-ray machines that we were trained on. some work better than others; however, it is what one is used to. our yearly exams have images from more machines. prohibited items all have the look, so if something is odd, it will always show as odd.
i just want to say a few things. i do not like smelling feet all day, and i do not like to flip thought dirty underwear, but that is my job.
i take no pleasure in searching and patting down numerous people. but that is my job.
i do not care if person "A" hates the process, and person "B" has no problem. everyone will go through the process because i am protecting everyone. you do not like it, tough!! take the bus or drive. i will do my job to protect everyone regardless.
i work in ny and many of us had friends, family, and just people we knew that died on 9/11. we are dedicated. we want to protect you. we take this job very seriously.
we have been lied to by the administration. we have been beatup by the media. we have been yelled at by the passengers. we DO NOT CARE. we will do our job and protect EVERYONE.
walking is an option.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.