Schneier on Security
A blog covering security and security technology.
« Bot Networks |
| Memoirs of an Airport Security Screener »
July 27, 2006
Good Example of Smart Profiling
In Beyond Fear, I wrote about profiling (reprinted here). I talked a lot about how smart behavioral-based profiling is much more effective than dumb characteristic-based profiling, and how well-trained people are much better than computers.
The story I used was about how U.S. customs agent Diana Dean caught Ahmed Ressam in 1999. Here's another story:
An England football shirt gave away a Senegalese man attempting to enter Cyprus on a forged French passport, police on the Mediterranean island said on Monday.
Suspicions were aroused when the man appeared at a checkpoint supervising crossings from the Turkish Cypriot north to the Greek Cypriot south of the divided island, wearing the England shirt and presenting a French passport.
"Being a football fan, the officer found it highly unlikely that a Frenchman would want to wear an England football jersey," a police source said.
"That was his first suspicion prior to the proper check on the passport, which turned out to be a fake," said the source.
That's just not the kind of thing you're going to get a computer to pick up on, at least not until artificial intelligence actually produces a working brain.
Posted on July 27, 2006 at 12:46 PM
• 43 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
"That's just not the kind of thing you're going to get a computer to pick up on, ..."
It will when the government requires RFID chips embedded in every football jersey and passport.
> That's just not the kind of thing you're going to get a computer to pick up on, at
> least not until artificial intelligence actually produces a working brain.
20 years to digital telepathy! Or 15 years until the researchers are collectively absorbed into some Manhattan-Project like community and quantum computing becomes Secrets Man Was Not Meant To Know.
Better start thinking about quantum cryptography, Bruce ;)
It's also not a thing that will provide any real security. Terrorists can just stop doing that. I think it's a bad idea to stop anybody because of being slightly apparently incoherent. And I really thought Bruce agreed. Oh well.
The guy wasn't randomly pulled over for wearing a football jersey. He was going through customs. His passport was going to be checked anyway.
The customs officer simply noted an inconsistency and decided to check the passport more carefully.
It appears that "smart profiling" steps into "typical stereotyping". Which really is what people have been doing in the past (until everyone started to get offended by being stereotyped) - I guess if you jumble up the letters enough people won't realize the similarities and no longer be offended. ;)
What a sad, sad world this has become, stooping to jersey-based profiling.
What's next, neckwear-based profiling, footwear-based profiling?
If you know someone who is fashion-challenged, you know it's painful enough already.
Stop Sartorial Profiling Now!
>"That was his first suspicion prior to the proper check on the passport, which turned out to be a fake,"
What defines a "proper check on the passport"? Why would it take a strange event to prompt for a "proper check" of the passport? Is this an admission that passports are not checked properly on a normal basis? If that is an admission, isn't that the root problem, not the lack of "Smart Profiling"?
Well, knowing more than a few resident Yankees fans here in Massachusetts, I for one will be glad to hear they may catch the white (plastic) glove treatment when entering Logan!
Still, I'm sort of hoping behavorial-based profiling has more to do with Dean's human intuition of a 'nervous and strange manner' and less to do with the odd clothing choices people make, particularly in regard to something like sports where loyalties often transcend national boundaries and citizenship. The wide array of non-US football jerseys seen here recently in the US should attest to that.
At least he wasn't trying to enter Scotland. A shirt like that could get you into some serious trouble, fake passort or not.
FWIW, while riding NYC public transportation I see people wearing teamware hats, shirts, jerseys, etc. all the time where I'm highly certain they haven't any rooting interest in the team they are sporting.
I've always thought they just pick this stuff up in the bargin bins or wherever as it doesn't usually look like high quality stuff.
What terrorists (and everyone else) can't stop doing is making mistakes. It takes a creative mind to spot those mistakes and drill down on them.
It doesn't take any kind of brain to identify black people driving expensive cars or Arabic people getting onto planes.
One of these methods works a lot better than the other.
What defines a "proper check on the passport"? Why would it take a strange event to prompt for a "proper check" of the passport? Is this an admission that passports are not checked properly on a normal basis?
I recall some time ago, travelling to the UK from Germany (via Belgium, France, and the channel tunnel). I got in the line for British citizens, and the officer there waved me through without even opening my passport - he could see that the cover was the EU-standard burgundy colour, and that was really about it.
My wife, in the non-UK citizens' line, had her passport briefly inspected and stamped, and was asked the standard questions about where she was travelling, who she'd be staying with, etc.
Incidentally, this was after the EU had resulted in open borders within much of mainland Europe, but before the Euro was introduced, though I don't recall the year exactly. Certainly before 11.9.2001
> Is this an admission that passports are not checked properly on a normal basis?
I suppose that depends on what you call "properly", but in an absolute sense, yes.
> If that is an admission, isn't that the root problem, not the lack of "Smart Profiling"?
Not exactly. Anyone charged with checking passports over and over and over is going to lose the ability to distinguish one from the other. Bruce writes about this elsewhere on the blog... human brains aren't configured to notice minor differences is large sets of very similiar items.
So, since it's already a given that most passport checks are going to be cursory, the right way to escalate your checking procedure is based upon other bits of information. You make everyone go through the process of handing over the passport and check them for obvious problems, but you apply greater scrutiny in general to those that exhibit abnormal behaviors (not just in examining the passport, although that's part of it, but examining the carrier "in toto").
The way we follow sports in general is completely different from how people in many other countries follow soccer (football to those outside the country). The love for their chosen team and the vitriol expressed for anything else is even beyond the Yankees/BoSox rivalry. That people die fairly often in soccer seasons in other countries should be testament to that.
>It takes a creative mind to spot those mistakes and drill down on them.
The same "creative mind" may also create "movie plots". How do we train or filter the right "creative mind"?
I have a creative mind. You are writing movie scripts. They are fearmongering.
Her's another example of bad profiling: http://tinyurl.com/otbgt
Or maybe not of profiling but of simple stupidity. Or of racism. I'm not sure but it's worth reading.
"A refugee claimant who was handed over to American officials at the border as a terror suspect the day after 9/11 says he is still trying to figure out how he was launched into a five-year nightmare in U.S. jails.
Benamar Benatta, newly freed after 58 months in custody, is a former Algerian Air Force lieutenant. He is believed to be the last of about 1,200 Muslim men swept up in post-9/11 investigations to be released."
And what was his crime?
Carrying forged documents? Where is the victim of his crime?
"movie plots" is Bruce's pet name for far out security scenarios that are highly unlikely.
This explains so much! I was traveling from Berlin to Budapest, back in 1999, with my partner. (Both of us are American -- this is very relevant.)
At every crossing (Czech, Slovak, Hungarian) she got a very cursory check of her passport -- I got a much more detailed examination, including checks of little handheld computers, much flipping of pages, etc.
It was not until later that we realized the two mistakes I'd made -- my passport photo (taken in a hurry) had me wearing what was recognizably an AC Milan jersey. As was my wont, I'd bought a jersey from the local football club in Berlin, and was wearing it to Budapest -- Hertha BSC Berlin.
We'd long suspected, but now we know -- the border guards were wondering why the diehard American AC Milan fan would wear a Berlin jersey.
@@anonymou5: I think you misunderstood what Daedala was trying to say - he was pointing out (in a witty way) that having a "creative mind", creating "movie plots" and "fearmongering" could well be said to be the exact same thing on a purely technical level, distinguished only by their interpretation: I could say that the exact same scenario/action/... could be a sign of a creative mind when it comes from me or someone I like, for example, or a movie plot when it comes from somebody I don't know or care about (well-meaning but misguided), or fearmongering when it comes from someone I dislike. It's like the distinction between erotica, pornography and filth...
"The love for their chosen team and the vitriol expressed for anything else is even beyond the Yankees/BoSox rivalry. That people die fairly often in soccer seasons in other countries should be testament to that."
Taking aside the usual let's slander soccer [or football as the rest of the world calls it] with stereotypical statements ..... (Consider a game that is played in ~190 countries in the world, any small percentage of incident that occurs in, for example the NFL, would escalate to a large number of incidents a year)
The issue is that it was a FRENCH citizen wearing an ENGLAND football top... About as likely as Bush wearing an I LOVE SADDAM t-shirt.
Bush does love Saddam, Saddam gave Bush an excuse to invade Iraq!
Mind you, Jnr would have just made up another reason even if Saddam wasn't around...
>About as likely as Bush wearing an I LOVE SADDAM t-shirt.
I always knew irony was dangerous.
I just never realized HOW dangerous.
And shouldn't it be I [HEART] SADDAM?
Yeah, it's totally true. People feel so strongly about sports teams that it makes them far more susceptible to profiling.
There was a British film once about some boys trying to avoid military service during war. In one very memorable scene a boy from Edinburgh went to the doctor to claim he was so sick and feeble that he could not go on another day and needed to be sent home. The Doctor said something like "shame that Arsenal will have such an easy time beating those Rangers, no?"
The boy jumped from the bed, eyes wide open, nostrils flaring, fist raised and yelled "Rangers!". I think he was also starting to sing their fight song before he suddenly caught himself and fell into a look of horrible guilt...
I've been studying this for a few years and I'm giving a talk about this at a conference later this year. You'd be amazed how prejudice can work against our own sense of security; it makes us more vulnerable to surprise by those who know how to profile because the prejudice is so easy to flag and manipulate.
Nice anecdote, but I don't think it proves anything but the fact that nine times out of ten fake passports will work just fine, the one failing case being the one where the carrier happens to pick the wrong t-shirt. For the border police, this was just a lucky accident.
I'm all for smart profiling, but this story leaves a bad aftertaste. Does that mean that smart profiling depends mainly on luck? Does it mean we can outsmart the bad guys in only one case out of ten? Is a method depending on luck and with such high rate of false negatives really such a good method?
@dragonfrog: What's so strange about not checking your EU passport? You came from a so called Schengen state. That means, that, by definition, your passport HAS already been checked on the border to a non-Schengen state.
When you drive by car between those states NO passport is checked regardless of your nationality.
And all of this has nothing to do with the Euro. Schengen != Euro != EU states.
> For the border police, this was just a lucky accident.
Quite so - the person in question was in fact Senegalese, and I suspect that a survey would show that England supporters are not much more common in Senegal than in France. So even if he had used a valid Senegalese passport, it would not be much less reasonable to pull him over.
What's happened here is selective reporting. Every day, thousands of law enforcement officials attempt to engage in "smart profiling", or "going on a hunch". If the hunch is correct, and if they can (perhaps after the fact) articulate the factors which triggered it, and if the press are paying attention, then it is reported.
The occasions when people travel on valid French passports in England shirts, and are subjected to a bit of extra scrutiny, are not reported because they are boring. So we have no way of knowing what the cost is (in extra checks on innocent people) of this kind of creative thinking, because we don't measure it.
It's possible that the guard pulls over everyone he considers "acting suspiciously" by supporting any team not from their own country. This could be the first time in a 40-year career that he got lucky, and he has expended thousands of hours of needless extra scrutiny to catch this one guy. We just don't know.
So it's pointless debating the merits specifically of profiling based on football shirts, and in any case it misses Bruce's point that current public policy on passport control is very much about strict, preferably automated methods, whereas he advocates that officials be encouraged to use their own criteria to define "worthy of further investigation". This case illustrates that a more flexible approach might yield good results. But the emphasis is still on "might" - there's no evidence that this particular official across several years performs better as a result of his hunch-following than he would if he spread his attention evenly across all passengers.
In some sense, of course, most law enforcement work requires a bit of luck. Certainly we will never catch 100% of criminals, so we can't rule smart profiling out just because it doesn't catch everyone. If it costs a country $1000 a day (including externalities such as the inconvenience to travellers) to catch 10% of criminals, then that's a brilliant deal. $1 billion a day, not so much. Somewhere in between is a debate as to what we're willing to pay to catch those criminals. The fact that one particular scheme misses 90% doesn't necessarily matter, because there are many other schemes also trying to catch them. What matters is whether the cost of a particular measure justifies the criminals it does catch.
@alfora: The UK isn't a Schengen state. They'll still check your passport's got a burgundy cover.
Going between Schengen states you often don't see any guards at all.
> 20 years to digital telepathy! Or 15 years until the researchers are collectively absorbed into some Manhattan-Project like community and quantum computing becomes Secrets Man Was Not Meant To Know.
I have seen lots of naive "magiclike tech will make everyone happy"-visions. But think about the consequences.
Mind reading is the second most brutal violation of privacy and dignity I can imagine. Only topped by inducing thoughts and senses into the brain. Remember it's all about doing things to people without their consent, and will be abused for manipulation (politics and advertising), suppression and torture (politics and sadism).
There is no reliable or secure software. 95%+ of today's "simple abacuses" are infected with tons of mal- and spyware. Nobody knows every detail of what is going on inside their ah so primitive machines. We have already lost control. Lives are destroyed by failures in computers that cannot even act physically.
Now multiply this with the number, capacity and capabilities of "smart things" everywhere. Billions of networked, remote-controlled cameras, mind readers, sense-and-thought-inducers, cars, planes, mowers, worker robots, doors, elevators, tools, weapons. Imagine botnets in the hands of criminals, megacorporations, governments, mentally ill people, and even more mentally ill AIs (artificial intelligences).
I don't think any sane *individual* would want this. Of course, corporations, governments and dictators would love it as they are evil almost per definition.
Technology always gives power to those who own it, at the expense of those who don't own it. Causing ever more power to be centralized in ever fewer hands. The final result can only be the most dreadful dictatorship, suppression, mind control and torments.
The appliance of technology must be carefully measured, and it's integration into society negotiated with the interests of individuals.
The world should be a happy place to live in. Unfortunately, economy and politics transfer ever more power to organisations, which are no humans and such behave inhuman. The result is the opposite of a happy place to live in. It's pure hell.
Wow, that was an impressive bit of changing the subject. Lets stick to the now.
Also, he was kidding.
The problem is it is easy to turn thinking over to a box and let it do it. Its why (in the US) you will get pulled over for speeding, but not littering, driving in the wrong lane, blocking an intersection - its easy to go into court and show a radar gun readout (which in no way proves it was YOUR car generating it) but those other things require an officer's "opinion" and would more than likely be argued.
woops, too many bobs today. that last one was me, not bob or bob.
"Does that mean that smart profiling depends mainly on luck? Does it mean we can outsmart the bad guys in only one case out of ten? Is a method depending on luck and with such high rate of false negatives really such a good method?"
There's a very fine line between luck and intelligence that sometimes blurs altogether. In other words computers don't get "lucky" for a reason.
One problem with officers' profiling discretion is that it can result in less-optimal-than-random results as well:
A co-worker is in the Naval Reserve. He gets pulled out in airport lines for extra screening rather often, when travelling in uniform. He also claims to frequently notice other uniformed GIs getting screened as well. His explanation is that soldiers can't complain about the screenings (or their CO gets called, and they get chewed out), so searching them instead of others makes the screeners' lives easier.
This sounds a lot like anomaly detection to me (look for new/abnormal stuff), and that is a far better method of detecting novel threats than misuse detection (looking for behavior known to be bad). The opponents will merely learn what is considered to be bad, and not do that. This is why anti-virus is almost worthless against anyone capable of and motivated to write a virus. The only things that misuse detection is good at are: (1) catching low hanging fruit and idiots (2) keeping the vendor supplying the signatures bathed in a steady flow of revenue from the subscriptions. Of course there's plenty of (1) to go around, by volume. However, on 9/11, the "signature" would have you expect it to be a routine hijacking, and not the catastrophic, arguably unprecedented attack it became.
Bruce usually makes sense but this is one of the lamest stories I have heard. Why would wearing a French football jersey and having a UK passport be suspicious? This sounds like the typical lame useless profiling Bruce usually points out is a waste of time.
Especially in Europe, where there are many people who may have parents or family in different countries. Wearing a national football jersey of one country while having a passport from another is no big deal. Ever heard of multiculturalism?
This is one of the silliest stories I have seen on this blog. Bury I say.
Using AI for Infosec Vulnerability and Profiling:
I am a dark Malaysian Jew, with an American passport, fervent supporter of North London’s Arsenal Football Club, which is full of French players, thus wore French national jersey during the World Cup, trying profiling me? Good Luck!
But, two years ago, I have been “randomly��? chosen for extra security screening three times on a Portland-NYC flight.
@ stephen singam
While the jersey and allegiance might be significant for one person, that doesn't mean it is equally as important to your profile. You have a good point, however, that profiling does become more difficult as people become comfortable with (or are given orders to adopt) moderation and cross-cultural acceptance.
"Wearing a national football jersey of one country while having a passport from another is no big deal."
Actually, it depends on what the person says when the checkpoint authorities ask "fan of England?" The profiling is not done on a single fact alone, thankfully, but from a compilation of data points. They start pulling the loose thread and see if the sweater unravels, or if it is tight...
Stepping back a bit, why shouldn't people be able to travel the world anonymously? I find it very distasteful that there are multiple classes of people simply by accident of birth - those that can get into any country on earth with their passport, and those that can't.
Border controls are not about true physical security, but are about protecting our privileged status in the world, and our economic standing.
Ah, one of these things that makes me extra screened way too many times.
One of the points in EU is that if you don't like where you were born, go and live and work where you want in EU. As still most people stay where they were born, then those who live elsewhere become something that fits this "smart profiling". At least for US screeners, if you have e.g. a Norwegian passport, you better live in Norway and not Italy or UK when you fly to US. And you should look like you were supposed to look like, so in case of Norway, one should look blond and Norwegian. So if your parents or grandparents were born in Bangladesh or Somalia or somewhere else which would cause that you would not look like typical in top of that, you'll probably hate traveling after a while.
I'm getting sort of sick of the idea that I should live in the country I was born, or in the country that is stated (and not even issued in) on the passport. What if it's boring there? And my job, family, life are elsewhere, and I could not care less about looking or being like a typical person of x country... oh wait, in Europe they don't try smart profiling you if you are white enough, the annoying "why don't you life in x.." is only for well, elsewhere. As being 'white enough' with dark hair and tan, a Northern European pass not issued there, going to Greece from Ireland, wearing a Spain soccer shirt and a Brazil jacket, they didn't even bother looking at the pass in that occasion (not long ago).
We humans are so fascinating, here we are engaged in active discourse about whether a computer if programed with all available data could then 'profile' rapidly with the interconnectiveness that our brain is capable of. The random bits of data absorbed by the passport officer triggered something, maybe it was the English football shirt on a French aligned person, maybe football was on his mind and he then gave the individual the proverbial second look. What triggered the thoughts is something we don't understand and thus supports Bruce's assertion that trained, non fatigued people will at this point in time always beat a computer in that random summation of datum that just seems to fit for no reason at all.
So, as security goes, whether we like it or not we will profile. We are human.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.