Schneier on Security
A blog covering security and security technology.
« The Devil's Infosec Dictionary |
| E-Mail Interception Decision Reversed »
August 14, 2005
Do-it-Yourself Security Checkpoint
Photograph from What-the-Hack.
Posted on August 14, 2005 at 12:09 PM
• 24 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
"With our patented inherent adaptive inspection intelligence technology the terrorists don't stand a chance."
Thanks, this is just what I needed to brighten up my Sunday afternoon.
I liked the "off the hook" podcast on this item as it highlighted some interesting issues which are possibly more serious. "What the Hack" basically hired a baggage scanner without significant authority, to be able to hack it in peace and quiet.
This is 'open disclosure' or is it 'open sourcing' step should be encouraged of course, but I doubt if it will be appreciated by governments.
more food for thought.
Homeland Security Advisory System: Personal Edition
For those who tire of relying on the DHS to feel less secure on a random basis, try the new Homeland Security Advisory System, Personal Edition. Before leaving the house each day, just roll a standard 6-sided die. If it comes up 7, it's a red advisory day, 6: orange, and anything else: green.
GUARANTEED TO MEET OR EXCEED THE ACCURACY OF THE DHS ADVISORY SYSTEM CURRENTLY IN PLACE.
Martin: Can you post a link to the podcast?
This is ridiculously funny.
Bruce, in your opinion, do you believe the psychological effects of obviously imperfect security outweigh the real costs of implementation? There seems to be a grain of truth to the picture's message...
"Bruce, in your opinion, do you believe the psychological effects of obviously imperfect security outweigh the real costs of implementation"
Don't know, but it's an important question.
Security is both a feeling and a reality, and it's important to deal with both. I'm a security technologist; I deal with the reality of security. But the psychology of security needs to also be taken into account. Example: after 9/11, people were afraid to fly. Security measures, even if they didn't do any real security good, got people flying again and the economy moving again. They did psychological good.
As funny as it is, it's missing the point. People feel more secure when _other_ people are inspected, not when they are inspected themself. So in order to make DIY security work we need to allow people to search other people whenever they feel insecure.
And don't be alarmed the possible inconvenience this may cause for everybody can be dealt with. The event organizers just have to hire some suspicously looking young males that act as primary inspection targets. This way the professionals will handle most of the inspection workload and everybody is happy and feels a lot more secure.
For those who feel insecure, it should say something about patting down other "suspicious looking" passengers at will....
In the tv programme Airport there was a great example of how psychology plays a role in airport security. There was this gentleman who didn't want to show an ID and therefore was searched all the way before he was allowed on the plane, much to the dismay of a lady who was also getting on that plane. She completely freaked out over the fact that the guy didn't have valid ID. The flight attendant told the lady that they better knew what the guy was carrying on to the plane than that they knew of the lady and most of the other passengers, this however didn't put the lady at ease and she took a later flight.
People like rituals. Whether it is religion or in security, they like rituals. Rituals are: a security guard at the entrance of a shopping center or company building, installing a virusscanner, but never updating it etc.
On the other hand, you can have 300 amateur security agents in a Boeing 747 if the passengers know that they are expected to do more that keeping their mouths shut and their seatbelts fastened. Spend some time in school on "self defence" and "intelligence" and you have a population that is able to protect itself from a lot of minor threaths.
Yes, I see a need for metal detectors and luggage scans on airports; but why should they confiscate toenail clippers if there are steak-knives available in the airport restaurants?
Tim Hunkin built a voluntary Frisk-o-Matic waaay back in 1993. It can be found on Southwold's Pier in Suffolk:
Very useful if your date for that seaside outing starts acting suspiciously.
MathFox: At least at European Airports, you have to walk through two metal detectors - one after you check in, and another one before you board the plane. So the steak knife problem doesn't occur.
Also, you could give people security crash courses, but the one thing that you need to get out of their minds, and can't in such a short time, is panic. People tend to do the stupidest things the first time they are confronted with a real crisis situation, unless they have been trained for weeks, if not months, not to do so.
kingmob, it depends on the airport. But I've allways wondered why I was scanned 3 times on my way into the US and only once on the way back to Europe.
Actually, my comment was inspired by the situation in the US, where I've seen restaurant employees operating kitchen knives, only separated from the "secure area" by a counter. When I discussed the issue with a friend, he suggested to have a set of "tax-free" kitchen knives delivered at the door of the plane. (I don't know whether it will work, but it would be an interesting thing to try.)
I agree with your "panic" remark. That's why I suggested to include it in the standard (high-)school curriculum.
Hearing about this last week from friends at What The Hack inspired me to come up with a similar approach that's only about 90% tongue-in-cheek: P2P Security, where passengers who feel suspicious about fellow travellers are encouraged to approach them and ask to pat them down, rifle through their luggage, etc. I'm still working out the protocols, but it could be great if we engineer it to avoid the racist lynch-mob behavior it might otherwie engender.
Picture it: little old white ladies from Kansas approaching swarthy young men wearing turbans and asking to search their bags would serve several functions:
1. It would reassure the little old ladies in question, as well as their fellow passengers who feel similarly about anyone with dark skin travelling on a plane.
2. It would create opportunities for cultural education and social intercourse between strangers. ("Why certainly you may frisk me, madam, but I should like to point out that I am a Sikh, and my irrational prejudice against Muslims is at least as strong as your own. We have something in common already!")
3. It would eliminate the government's liability for discriminatory profiling.
4. It would obligate the Chiken Littles and the racists to announce themselves and to take proactive steps to assuage their neuroses, instead of spending government resources pandering to them.
The people talking about about knives are missing the point. You can't hijack a plane with a knife. 9/11 hijackers used the threat of a bomb to hijack the planes, the box-cutters were just for additional crowd control.
Maybe this is a good way to look at the Trusted Traveler program - its shite at protecting us from terrorists, but if it speeds up the security process while still reassuring the sheep, that's a win.
OK, this is classic, yet, they ought to add it:
Staticians allways bring their own bomb whenever they go out flying, because they know that while the probability of there being one bomb on the plane is incredibly small, the probability that there are two is close to nil.
So, why don't they set up a stal where they hand out bombs to those who feel insecure? Knowing that you are the one who has the bomb should make you feel more secure...
Be careful about the word "panic". It gets over-used these days, as the recent airliner crash in Canada shows.
Everybody on a burning airliner got out alive, in generally good condition. Yet some media still referred to "panic".
People were doing the right things, without training. They were maybe relying on assumptions about the situation, but the default assumptions work pretty well.
Default assumptions about a hijack -- sit quiet and don't attract attention -- were part of what made 9/11 possible. But people have been expecting panic as a disaster reaction for most of the last century, and getting it wrong.
Maybe there is a cultural element to this, and maybe the cinematic shorthand around the fleeing crowd shown in a movie misleads us. But don't mistake fear and terror, often entirely rational, from the disabling effects of panic.
One more for your vast collection of idiots giving security a bad name....
On vacation in Bar Harbor last month, we took the whale watching boat trip. A sign at the entrance said: No one allowed on board without valid photo ID. We saw an Amish family turned away at the ticket counter for lack of photo ID.
Are you certain about the enabler of the hijacking? It seems to me that what enabled the hijacking was the general policy that has pilots cooperate with hijackers because history showed that you stood a better chance of getting everyone out safely that way.
9/11 effected a policy rule-set reset. Now an attempted hijacking triggers an effective license for all to use lethal force. Banning knives is just a smart psychological soothing agent.
i think metal detectors are a great thing but everyone is affected by them not just one person, students, and teachers at schools that have them as well as everyone at airports and such.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.