Prisons and Guards

This Iowa prison break illustrates an important security principle:

State Sen. Gene Fraise said he was told by prison officials that the inmates somehow got around a wire that is supposed to activate an alarm when touched. The wall also had razor wire, he said.

"The only thing I know for sure is they went over the wall in the southwest corner with a rope and a grappling hook they fashioned out of metal from somewhere," Fraise said.

Fred Scaletta, a Corrections Department spokesman, said the inmates used upholstery webbing, a material used by inmates who make furniture at a shop inside the prison, to scale the wall. The guard tower in that section of the prison was unmanned at the time because of budget cuts, he said.

"I don't want to say I told you so, but those towers were put there for security, and when you don't man those towers, that puts a hole in your security," Fraise said.

Guards = dynamic security. Tripwires = static security. Dynamic security is better than static security.

Unfortunately, some people simply don't understand the fundamentals of security:

State Rep. Lance Horbach, a Republican, criticized Fraise for suggesting budget cuts were a factor in the escape.

"In reality, we should explore why the taut wire system failed to alert guards and security staff that these two convicts were attempting to escape," he said.

Actually, in reality you should be putting guards in the guard towers.

Posted on November 18, 2005 at 3:34 PM • 42 Comments

Comments

Michael AshNovember 18, 2005 4:03 PM

Of course, Horbach's intention is not to improve security at the prison, and he probably doesn't actually believe that the tripwire is critical.

A failed tripwire puts the blame on the prison warden, or other low-level prison officials. Budget cuts put the blame much higher up. What is the higher-up going to blame? Just another example of an agenda distorting things.

Koray CanNovember 18, 2005 4:04 PM

Cute. Systems will fail, always, somehow, including the human and artificial components. Horbach knows the operating cost of the human element, but nothing about the value of the human element. (I stole this line from the LISP programmer vs C programmer quote...)

Davi OttenheimerNovember 18, 2005 4:07 PM

Well said. Incidentally the plot gets thicker when you dig a little on Iowa prisons and their fences. Here's an incident from 2003:

http://www.prisontalk.com/forums/showthread.php?...

"The company that supplied a trouble-prone fence at a state prison in which two inmates escaped has not registered to do business in the state since 1998. [...] 'I think it's a travesty,' said Rep. Lance Horbach, R-Tama, chairman of the legislative committee responsible for the Department of Corrections budget. "'We set up the rules. We require compliance. Then we don't even abide by the rules.' [...] Records show Safeguards is incorporated in Georgia, where online Secretary of State records show the company is delinquent in its filings, as well."

Roy OwensNovember 18, 2005 6:23 PM

There should also be people checking the detection equipment to guarantee its integrity, and people outside the wall watching the wall.

My guess as to the 'how' is a jumper.

Davi OttenheimerNovember 18, 2005 6:30 PM

@ Anonymous

Thanks for the link. Some good info in there:

"DOC records obtained by the Press-Citizen after the Oakdale escape revealed that the taut-wire fence might never have worked properly. Records showed that it was a combination of budget, computer and installation problems caused by miscommunication, weather and delay that led to the Oakdale escape -- the first flight from a secured state correctional facility in more than 15 years."

So I would add two more security considerations that should be reviewed after this incident:

1) Technology solutions are always prone to (human) error, thus eliminating the humans in the tower doesn't eliminate the need for humans who can think like guards in the towers

2) Defense-in-depth. How critical was the wire to the perimeter? Did it replace just the guard in the tower, or was it expected to also replace a number of other controls?

Roy OwensNovember 18, 2005 8:15 PM

The escapees could have scammed security by forcing relentless false alarms ahead of the escape, so that the guards would turn off or disable the alarm. When the guards quick reacting to the deliberate triggering, the escapees would know the alarm was off.

MikeNovember 19, 2005 12:47 AM

Sorry Bruce, but I think you downplay the importance of that tripwire. Your article sounds like you think they *shouldn't* investigate why it failed. It may not be the most important failure, but surely it bears a bit more thought, at the very least, no?

Richard BraakmanNovember 19, 2005 4:15 AM

The Representative posits a false dilemma. Investigating why the wire failed does not exclude putting guards in the tower. He pretends that people in favor in one should be opposed to the other, and he seems to have succeeded in channeling the discussion that way :)

More hyperboleNovember 19, 2005 5:59 AM

What we need is less facilities for prisoners - no TVs, no internet access, no access to better schooling than regular folk. If they spent more time in their cells then we wouldn't need so many guards. Prison isn't a punishment any more.

Why exactly is dynamic security better? It costs more and no-one competent in their right mind wants to work as security guards. This is just another pointless GOP bash.

Tell me Einstein, how many terrorists has dynamic security caught, versus intense profiling?

Go and hug a tree.

AnonymousNovember 19, 2005 8:10 AM

If you are going to do that, why not just take them out and shoot them after the have been convicted. It is already too hard for convicts to get jobs after release, if you don't give them any way to earn a reasonable living after release, they are much more likely to return to crime.
You are nuts if you think being able to watch TV or use computers with internet connections makes a prison a nice place to stay.

RichNovember 19, 2005 10:06 AM

@Hyperbole

a) stopping prisoners from getting out is very different from keeping terrorists from getting in.

b) profiling IS dynamic security.

c) Bruce is for profiling- behavioral profiling, not image profiling.

Bruce SchneierNovember 19, 2005 2:23 PM

"Prison isn't a punishment any more."

Really? Are you saying that you wouldn't mind being locked in prison for a year. Because if you're not, then there is obviously some punishment going on.

There might not be ENOUGH punishment for your tastes, but that's different.

Our society has a very inconsistent view of this sort of thing. Is the goal of prison revenge, rehabilitation, or removal? Some combination of the three? What combination? The answer to that question should drive how we operate prisons. It doesn't.

Bruce SchneierNovember 19, 2005 2:29 PM

"Why exactly is dynamic security better? It costs more and no-one competent in their right mind wants to work as security guards. This is just another pointless GOP bash."

The answer is complicated, but the basic idea is that you're being attacked by a human, and unless you have a human defending you you're at a disadvantage. Static security only works if you guess the attacker's plans correctly. Dynamic security can adapt to whatever the attacker is doing.

Of course, dynamic security is more expensive. Security is always a trade-off, and we get to decide if the additional security is worth the extra money. (Of course people in their right minds want to work as security guards. I know a lot of security guards, and they're not all crazy. It's basic economics: if the salary is high enough, people will gladly do unpleasant jobs.)

I don't know what you mean about Republican bashing.

"Tell me Einstein, how many terrorists has dynamic security caught, versus intense profiling?"

Dynamic security has, near as I can tell, cought almost all the terrorists. Intelligence, investigation, military operations, covert operations -- that's all dynamic security.

Profiling has also cought terrorists. It's behavoiral profiling -- the dynamic kind -- that works. It's the static kind -- data mining -- that's a failure.

"Go and hug a tree."

For what purpose?

Bruce SchneierNovember 19, 2005 2:30 PM

"You are nuts if you think being able to watch TV or use computers with internet connections makes a prison a nice place to stay."

Maybe he doesn't have any of those things now.

Bruce SchneierNovember 19, 2005 2:31 PM

"Sorry Bruce, but I think you downplay the importance of that tripwire. Your article sounds like you think they *shouldn't* investigate why it failed. It may not be the most important failure, but surely it bears a bit more thought, at the very least, no?"

I don't mean to downplay the importance of that tripwire, and certainly the prison should investigate why it failed.

In any security story there are many angles. I try to pick the one for this blog that I think is the most interesting; I don't mean to imply that the others are unimportant.

peachpuffNovember 19, 2005 2:41 PM

"Why exactly is dynamic security better? It costs more and no-one competent in their right mind wants to work as security guards. This is just another pointless GOP bash."

It's more effective. It's so much more effective that it's more effective dollar-for-dollar than static security, despite often costing more. Bruce was clearly bringing this article up to talk about security, not the Republican Party. The GOP is mentioned in passing in a quote about security. Unclench, please.

Bruce SchneierNovember 19, 2005 2:56 PM

"Bruce was clearly bringing this article up to talk about security, not the Republican Party. The GOP is mentioned in passing in a quote about security. Unclench, please."

If I thought anyone would go all wacky about this, I would have deleted that sentence. The names of the political parties has nothing to do with the point.

RobNovember 19, 2005 10:35 PM

The "dynamic = good, static = bad" concept is nice and simple. The only problem is it's too simple.

Security is fundamentally an economic choice. We never have all the resources we'd like to spend on security, and that means we have to prioritize, to mix-and-match. Dynamic security is expensive, but has a great bang for the buck. Static isn't very expensive, but isn't as reliable. You can think of it as a set of linear equations: you want to pick the particular combination of static and dynamic security measures which will give you the best security bang for your buck.

When I'm surfing the Net with an Ethereal window open, I'm an extremely dynamic security measure. That doesn't mean my firewall is bad or useless or superfluous, just because it's a static measure.

Bruce SchneierNovember 19, 2005 10:50 PM

"Security is fundamentally an economic choice. We never have all the resources we'd like to spend on security, and that means we have to prioritize, to mix-and-match."

Definitely. This is the point I try to make again and again. It's the core point of security.

NickNovember 20, 2005 1:18 AM


Static security relies on the intruder performing a set task in order for detection to occur. If the door is alarmed, but not the window, a thief will enter through the window - the door, and its associated alarm, are static ... unable to respond to a different approach.

Monitored security, such as most alarm companies and Counterpane Systems, have human brains on the other end of a range of detection methods/systems. That's not just dynamic security, but defense-in-depth: multiple zones of overlapping and interconnected detection, such that the failure of one zone does not automatically negate the others, nor is there a single path through mutually exclusive zones.

It's a prison fence that has a tripwire, but there are men watching the fence, and men monitoring the wire who are talking to the men watching the fence, and dogs that can be released between the monitored fence and a second fence.

Yes, we want to know why the tripwire didn't work, but we should also be asking why bypassing that one system is get-out-of-jail-free card.

If Mr. Horbach was asking the right question, Bruce would have lauded him for doing so. Making security decisions through the lens of political affiliation is a recipe for disaster.

Bruce SchneierNovember 20, 2005 10:12 AM

Actually, what I said up there is sloppy.

Dynamic security is better than static security. It's not simplistic; it's true. Just like good wine tastes better than lousy wine.

But it's only part of the trade-off. You have to evaluate the costs as well. Good wine is more expensive than lousy wine, and dynamic security is -- in general -- more expensive than static security.

Whether or not the trade-off is worth it is what's important; that's the economic issue.

Yaniv PessachNovember 20, 2005 4:39 PM

>>Whether or not the trade-off is worth it is what's important; that's the economic issue.

But everything is economy; granting a given level of security with minimal budget is the challenge.

Also, I think the 'less guards' plan would have worked better if:
1. It is impossible for prisoners to determine if there are guards in any given tower (one-way mirror windows?)
2. Attempted escape carries a severe penalty

However today, any prisoner with a two-digit sentence is well advise to try and escape; punishment for attempted escape would not double his sentence, but the reward for success would zero his sentence.

This observation has a lesson for computer security, as I see the same myopia in computer security discussions; often, deterrence is not valued enough. compare this to real life (say, grocery stores) deterrence is the only game in town - there is nothing to prevent me from walking into the local grocery store, grab (grocery of my choice) and simply run out. Assuming I can outrun security, I'm home safe. it's the retaliation (spelled p.o.l.i.c.e) that makes that strategy not worthwhile.

If you build a system where change(detection)>0.5 and chance (conviction)>0.5 and years_in_prison_for_attempted_hacker_convicted>3, you get an average cost of 1.5yrs for hacking. That would be enough of a deterrant for all but the juciest prizes.

If you are to plan the net Internet, focus on planning it so that security breaches are easily traceble and punishable; investing in security measures such as access control alone does not help society (as opposed to the individual trying to prevent security attacks) reduce the attempts, and ultimately the success, of security breaches.

DylanNovember 20, 2005 5:27 PM

@Yaniv
Interesting point.

Imagine a world where there is an effective deterrent for computer crime. I don't know what that would be, but try and imagine it anyway.

In this world, there is nowhere for experienced security processionals to develop their skills. Nobody wants security because there is no threat.

This would become self-correcting, and the level of threat would rise. This isn't theory, this is what is actually happening. Life is a constant organic tradeoff between risk and reward, a series of self-correcting systems.

Crime is the same. There will always be someone who is willing to commit a crime, just as there will always be someone willing to take the job guarding them, no matter what the pay rate is.

We choose to fiddle the balance by changing the definition of what is a crime, and how important that crime is (= how long you are in prison.) We also fiddle the balance by deciding how much money to spend on the containment of criminals.

If there was no crime, then there wouldn't be any need for criminal investigators, and crime would become easier to commit. Whoops, here we go again.

The ratio of 'prisoners' to 'population' would give an indication of the health of the balance. But fiddling the balance does nothing to address the problems that cause crime in the first place.

Paul ONovember 20, 2005 9:42 PM

Seems to me the example of Counterpane is a useful one: a focus on remote monitoring of technological systems. Just as a trip wire system involves remote monitoring of a technological system.

Why doesn't Counterpane exclusively station an individual in front of my computer monitor 24/7, to monitor only a single computer and no more? Why do they respond to "alarms" of various descriptions, and focus then on the areas that require additional attention?

Clearly dedicating a human monitor 24/7 to my own computer is better than waiting for some trigger event to draw additional attention. And two, three, or more such exclusive-task monitors are better still. But there's a price tag, you say? Piffle. That apparently wasn't a good enough argument in the original post, therefore it isn't accepted as a good enough argument here.

Not all areas of a prison are accessed 24/7. Those areas are quite appropriate to monitor remotely with more ad-hoc patrols to supplement.

Bill NNovember 20, 2005 11:03 PM

@Yaniv
"If you build a system where change(detection)>0.5 and chance (conviction)>0.5 and years_in_prison_for_attempted_hacker_convicted>3, you get an average cost of 1.5yrs for hacking. That would be enough of a deterrant for all but the juciest prizes."

Just to nit a pick:
Since detection and conviction are serial processes (one after the other) and (presumably) independent, then wouldn't average cost be 3*.5*.5 = .75 yrs. Is that still an effective deterrant?

ARLNovember 21, 2005 7:02 AM

I can't tell that the tripwire system was installed to replace the guard tower's funciton. The tripwire, guard tower and razor wire all seem to be part of the total system.

How was the tripwire defeated? My guess was it was just avoided. It being a static object, you just do like they do in the movies and step over it.

A lot of time objects like tripwires and razor wire are used to slow down people so that they have a better chance of being observed. If you take the observers away then their value drops. Sure they present some level of physical barrier, but it is easy to understand how to defeat that.

The guards in the tower are not security. But they are part of the overall system. Take away one part and the rest is ineffective.

JosephNovember 21, 2005 9:18 AM

Did anyone realize how happy the prison was to point out their budget cuts? Now I'm just fishing, but what if the guards deliberately didn't pay much attention to the unmanned corner, knowing that if someone escaped through that corner they would get more funding from an obviously troubled public?

ProbitasNovember 21, 2005 11:19 AM

"How was the tripwire defeated? My guess was it was just avoided. It being a static object, you just do like they do in the movies and step over it. "

Silly String

Davi OttenheimerNovember 21, 2005 11:51 AM

@ More hyperbole

"Why exactly is dynamic security better? It costs more and no-one competent in their right mind wants to work as security guards."

Profiling candidates to work as any type of guard is extremely important and often overlooked. You'd be surprised how many ex-felons end up getting hired as night guards.

You're therefore correct to say that the guards have issues of their own, but dynamic security by *definition* has a superior number of prevent/detect options than static and therefore better in sheer terms of capability. In other words, your question might be like asking "why exactly would fifty security capabilities be better than one"?

Then again, while more options can be better, they can also introduce new areas of risk and points of failure. Is it better to have a tripwire fail or a guard turn bad?

Davi OttenheimerNovember 21, 2005 11:57 AM

Here's some interesting background to one of the problems with dynamic security (guards) I mentioned above:

http://www.gsnmagazine.com/feb_05/...

"Of the estimated nine million private-sector job applicants on whom the FBI performed background checks last year, some 900,000 of them were found to have criminal histories, according to Steven Fischer, a spokesman at the FBI’s fingerprint identification facility in Clarksburg, WV.

'In about 11 percent, it’s a match,' said Fischer.

Thus, the odds are slightly better than 1-out-of-10 that the private security guard protecting your office building, nuclear power plant or chemical manufacturing facility has been arrested for, charged with, or convicted of a crime. And those are odds that the new law aims to change."

No mention of the rate of false positives or false negatives...

RogerNovember 21, 2005 8:47 PM

@Davi:
"You'd be surprised how many ex-felons end up getting hired as night guards."

Ah, reminds of an amusing anecdote. I know someone (who, incidentally, is competent, intelligent and in his right mind, so far as I know) who did a 7 day security guard course to get part time work while he was studying at university. On the first day, they had to fill out a release authorising the agency to ask the police if you were a "fit and proper person" for the work. On the second day, the police came into the classroom and arrested one of the other candidates for burglary! The chump had filled out the release without even remembering the cops were looking for him!

Anyway ...
"Thus, the odds are slightly better than 1-out-of-10 that the private security guard ... has been arrested for, charged with, or convicted of a crime."

Huh? That's not right. 11% was the number of attempted criminal candidates that were thwarted when an FBI check was done. There is no simple relationship between that number and the number who slip through when only a state police check is done, however unless the state police have an extremely high false acceptance rate, it is likely to be a lot lower than 1-in-10.

RogerNovember 23, 2005 1:13 AM

"How was the tripwire defeated? My guess was it was just avoided. It being a static object, you just do like they do in the movies and step over it. "

Note that Rep. Horbach calls it a "taut wire system". This is not the same as a tripwire. A taut wire system is a fence composed of wires under high tension spaced about 15 cm apart, and sets of tension sensing switches in a tamper-resistant enclosure. Near its midpoint each wire is connected to a switch which triggers if the tension rises above or drops below an acceptable window. Older systems used very simple mechanical switches, newer ones may have strain gauges and some preprocessing logic. Thus the system can detect both cutting of the wire or climbing. However there are a number of ways it might fail: turned off, broken fence wires, corroded switches or connections, defeat of the tamper-resistant enclosure, defeat of the signal cable outside tamper-resistant enclosure, fence installed badly and able to be bypassed, etc.

One interesting failure mode is that of being ignored due to false alarms. Taut wire systems are generally regarded as being less prone to false alarms due to wind, animals etc. than are other types of fence alarms (one manufacturer claims an average of 4 false alarms per year per kilometre of fence even in stormy areas). It has been stated that this is dependant on diligent maintenance, especially periodic adjustment of wire tension -- a tedious and difficult job. Obviously, if the fence triggers when the tension falls outside the accepted window, then any deterioration that causes the tension to gradually drift toward one of the cutoff values, will increase the incidence of false alarms. However some manufacturers make taut wire systems which they claim do not require periodic retensioning. This is possible through the use of strain gauges and microprocessors; if the microprocessor sees the strain drift slowly enough, it can adjust the sensing window to compensate.

It would be interesting to know what sensor type was in use at this prison: the old, cheap, but high maintenance electromechanical switches or the new expensive but self-adjusting electronic type. This is especially interesting in light of the prison having suffered budget cuts. It may well be that the same budget cuts which caused guards to be replaced by static sensors, ALSO resulted in reduced reliability of those sensors!!


Hmmm, an interesting twist. Whilst googling to see if I could find out more about this fence, it turns out that the company that installed it has had convicts escape past another of their fences 3 years ago. In that case, the system was working correctly but was switched off because of a misunderstanding by the guards - i.e., poor training.

Yaniv PessachNovember 23, 2005 2:36 AM

@Nill N
>>Just to nit a pick:
Since detection and conviction are serial processes
.. yes. but I said chance(conviction)>0.5, not chance (conviction assuming detection)> 0.5. But anyhow, yeah, the numbers are not that important. What's important is that I know I stand a good chance of taking down a major bank website, and an *excellent* chance of trying to take down a major bank website, with no hard coming to me. OTOH, I know I have a very small chance to write grafitty on the local bank ATM and get away with it. Small wonder, then, that I am efficiently deterred from doing the second, but only my good nature and pleasant demeanor (and the fact that I have a life) stand in my way of doing the first. Accountability is the mother of responsibility.

ScotirishDecember 2, 2005 7:40 AM

Having spent almost 20 years in over a dozen state and Federal penitentiaries I would like to add as to yet an unspoken premise, and that is that not all prisoners are dumb, do stupid things yes, but not all are dumb. In the 1970's at the Federal Prison in Marion, Il, a prisoner used his expertise in electricity while using the coke machine in the visiting room to generate control over the electrically operated doors and escaped out the front door. I know what kind of responses you have lined up for me, so let me say I've been out 27 years, been married to the same women 25 years and now do public speaking in colleges on subjects related to prison rehabilitation. thank you.

IowaResidentDecember 21, 2005 12:22 PM

As an Iowa resident I find it quite possible to believe that there is no desire what so ever on the part of our state legislature to ensure proper funding of the necessary security in our state prison at Ft. Madison. In particular is the location within the state and the recapture locations of the two felons, one in Illinois and the other in Missouri. The cost to recapture most escapees from the Ft. Madison penitentiary is carried by the Federal Government at the point that the escapees cross state lines, which 70% or more do from this facility. Does anyone else have any ideas on how this bit of security economics works out?

Bright eyesJanuary 5, 2006 10:38 PM

I feel that some of the prisoners in Iowa Prison are there for non-violent reasons; ie:drugs. If there were more ways to rehabilitate these felons, there would be less of them going back. Give them a reason to succeed. Give them a realistic job opportunity. The excessive amount of time for these types of convictions compared to violent crimes is terrible. It just makes things worse for the inmate when he does get out. I would think our goal is to help them be responsible Americans by rehabilitating, cutting down the time they spend in prison, and giving them an education so that they can support themselves and their families.

KittAugust 21, 2006 12:44 PM

How about a discussion about interlocking doors in prisons. They are run by the c/o using the computer with a mouse, of course, and the doors are "supposed" to open when clicked. But if you don't upgrade the Microsoft system could that fail? Recenly one door being over-ridden for officers to quell a fight did not open until the 4th click. The blame is on the officers and not even the mention of the doors having problems in the past and an outdated system. Any comments? Thanks.

NinaJanuary 8, 2007 4:22 PM

I don't care to blog, never even been on a site like this before but would like to chat with scotirish and bright eyes on the subject of prisioners since they seemed concerned about the way the system works and so am I. I have a loved one locked up for 15 plus 5 for violating probation and now it reverts back to making an unwise decision to accept a plea agreement that was ridiculous in the first place. At the time all he had was a public defender and too young to know how tough and corrupt the state of MO is.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..