Schneier on Security
A blog covering security and security technology.
« Matt Blaze on the New "Unpredictable" TSA Screening Measures |
| Breaching the Secure Area in Airports »
January 5, 2010
Me on Airport Security Profiling
Yesterday I participated in a "Room for Debate" discussion on airport security profiling. Nothing I haven't said before.
Posted on January 5, 2010 at 2:05 PM
• 27 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
"As counterintuitive as it may seem, we’re all more secure when we randomly select people for secondary screening — even if it means occasionally screening wheelchair-bound grandmothers and innocent looking children."
Yup. As horrid as it sounds, people evil enough to blow up or crash a plane with children, disabled passengers, and elderly grandparents on it certainly wouldn't mind using some of those innocents to smuggle things past security.
"I feel bad for children who go through the check points. I hate to see a 90 year old person confined to a wheelchair checked out. But I also have no doubt that if we start making exceptions based on characteristics, attackers will exploit it. They'll use the trust afforded the individual to smuggle something through."
It's like logs or an IDS, when you know most of your data is noise, you use filters to reduce the dataset. Most people in this huge system are pure noise to the purpose of security. You've got to REMOVE the noise, rather than trying to improve haystack needle detection methods amidst the noise.
Something like a federalized version of the Clear program needs to happen, using a biometric flyer ID. Two factor--something you carry, something you know or are. Make it computerized entry, it can't be more fallible than tired and irritated screeners.
It shouldn't be mandatory but those of us who have no ill intentions and who really don't walk around with the tinfoil on our heads shouldn't have to suffer this silly and humiliating haystack search, the same way we don't have to suffer it on a bus or train.
We know that the plane (as opposed ot the train/bus) has become scrutinized because of its abuse by FTOs, well, those of us who aren't members of an FTO should be filtered out.
Could a third generation American blow up a plane? Sure, but she could also blow up a train. The point of the plane scrutiny is/was 9/11 and FTOs, get back on task and repair the scope.
Remove the noise and you are very likely to miss the people you need to screen. None of the 9/11 hijackers looked the part (no long beards, no thobes, no kufis or turbans) and assuming there will be more attempts, it is likely they will not be Arab and not look Muslim.
I happen to be a fourth generation American of mostly German and English decent who is a convert to Islam. I don't happen to be a terrorist but if I had that misguided and warped mentality I could easily be part of the noise that would be ignored if profiling was used.
What a way to start the New Year.
We're afraid of terror.
We're afraid of flying.
We're afraid of an entire religion.
We're afraid we're not well-liked.
We're afraid of terror counter-measures.
We're afraid of people from 14 specific countries.
We're afraid we're not smarter than the bad guys.
We're afraid we are smarter our elected officials, civil servants, and the military.
I'd say OBL has accomplished more than he ever hoped to achieve. 3000 dead, 300 million wounded.
Bruce...maybe if you paint your face blue _before_ you go to the interview?
WHEN TERROISTS GET SMART THEY WILL REALIZE THEY DONT HAVE TO TRY AND SNEAK EXPLOSIVES THRU THE SECURITY CHECKPOINTS, ALL THEY HAVE TO DO IS GO THRU SECURITY UNARMED, WALK TO THE DUTY FREE SHOP BUY 2 LARGE BOTTLES OF LIQUOR, WHEN BOARDING AT THE GATE THE DUTY FREE PERSONNAL WILL HAND HIM HIS PURCHASE, HE THEN JUST HAS TO PUT IT IN HIS CARRYON WHILE WALKING THRU THE GATE TUNNEL TO THE PLANE. ONCE AIRBORNE HE THEN PULLS OUT THE BOTTLES STICKS A PIECE OF NAPKIN OR CLOTH IN IT, LIGHTS IT WITH HIS APPROVED ON BOARD MATCHES AND 2 INSTANT MOLOTOV COCKTAILS WHICH HE THROWS DOWN CAUSING AN EXPLOSION...
THIS SCENARIO IS ABLE TO BE DONE AT ALL USA AIRPORTS WITH DUTY FREE SHOPS AS WELL AS FOREIGN AIRPORTS. THE DUTY FREE SHOPS ARE AFTER THE SECURITY CHECK POINT
@mcb: OBL did win. We like to claim that we won, but its not true.
I've often wondered if OBL had any CLUE just how absurdly effective his work would be. He decimated our faith in eachother for pennies on the dollar!
I've got a trick that I use to keep my terror levels in check (I think I stole it from Schneier, but I can't remember). Whenever I hear of an event occurring, I find out how far away it occurred, and draw a circle on the earth of that radius and imagine just how many people are in that circle. its great fun when you receive notices of sex offenders moving into your area!
Jeff, I'm pretty sure they don't sell alcohol which is > 100 proof, so it won't burn.
I am afraid for the day one one of these criminals figures out how to rapidly unleash the energy in their telephone of laptop battery on an airplane.
Then it will be no electronics on an airplane.
But...nothing really has to explode. Isn't there something like a "denial of service" principle at work here where getting enough people to fly with suspicious powder in their underwear (no straight lines, please) will clog and overload the brittle security systems in place and make things grind very slowly if not to a halt altogether? All you need are enough loonies to do it and a bunch of plane tickets...
Clearing security in Charlotte on Jan 1, I saw an examination of a wheelchair bound person (elderly). I put my shoes on very slowly so I could watch it.
TSA agent wheels passenger through checkpoint (beeps) and helps collect carryon. Agent asks passenger to raise legs, passenger says he can't. Grossly overweight agent can't comfortably inspect them. Pax says that the left one is prosthetic, so agent raps knuckles on it and feels resistance from plastic.
This pax could have had a pistol in an ankle holster on either (or both) legs and they would have gone undetected.
Why do we pay these people?
mcb is half-right. Duty free is an excellent source of weapons - if you can hijack planes with boxcutters, surely a broken bottle stuffed into the first face you see will have a similar effect?
Profiling would work for as long as nobody knew it was happening. So not long. As pointed out, you find out the profile, select an attacker who clearly does not fit that profile, attack. Repeat.
As a white, European-looking male, I don't get much hassle at airports. Except, that is, from being one of the millions having to think about what's in my carry-on, if I have to take my shoes off and if I will still go beep.
Flying and pleasure do not go together for me anymore. Does this mean that the terrorists have already won?
More people have been added to the no-fly list:
... so if you traveled to your current location by plane last week, that does NOT necessarily mean you will be allowed to fly back to your home.
I wonder if they've put former Senator Edward Kennedy back on the no-fly list? Nah, they're not so stupid as to put a dead man on the no-fly list, especially when they looked so stupid for putting him on it when he was alive ... are they?
@lee: "Does this mean that the terrorists have already won?"
Yes, and all it takes for them to hold on to their victory is to convince some poor third world guy that life in an American prison is not too bad compared to life at home. They don't even need suicide bombers any-more. Perhaps that is the real reason no bomb has been blown up in the queues for security check?
@lee: "Does this mean that the terrorists have already won?"
It frustrates me that the Underwear Bomber succeeded in causing terror, even though his plot failed. If we were collectively smarter -- if our leaders were smarter, if we were smarter as a nation -- we could respond to these things so that the terrorists fail even if their plots succeed.
@ jeff abelman
I don't think anything explosive can be made with the liquor for sale at duty free shops.
@HJohn: "I feel bad for children who go through the check points. I hate to see a 90 year old person confined to a wheelchair checked out. But I also have no doubt that if we start making exceptions based on characteristics, attackers will exploit it. They'll use the trust afforded the individual to smuggle something through."
You say, "Without an accurate profile, the system can be statistically demonstrated to be no more effective than random screening."
But the article you link to doesn't say that. It says "According to Press, the solution is something that's widely recognized by the statistics community: identify individuals for robust screening based on the square root of their risk value. That gives the profile some weight, but distributes the screening much more broadly through the population, and uses limited resources more effectively."
MediaCurves.com conducted a study among 300 Americans viewing an interview with a former Department of Transportation inspector. Results found that the majority (74%) reported that the government should spend more money on improving airport security. After viewing the video the percentage of viewers who reported feeling “not at all safe” on an airplane flight increased from 14% to 25%.
More in depth results can be seen at: http://www.mediacurves.com/NationalMediaFocus/...
The TSA's approach to screening is clearly an admission that they're completely incapable of identifying the terrorists who extremely infrequently walk through the checkpoint gate. So their only recourse is to regard all passengers as terrorist suspects until they're proven innocent (under whatever arbitrary methods and standards of proof individual screeners use).
They have no effective tools to find that rare possible needle in all those haystacks, not even a magnet. So the only thing they can do is to run their paws haphazardly through as much of the hay as they can reach. Their ransacking turns enough enough extraneous material (drugs, cash, fake military jackets) to let them claim continuing "success." That's supposed to convince the public that should a terrorist stumble into a checkpoint they'll somehow pick him out. (Assuming they're not too busy looking for contraband toothpaste and shampoo, or bellowing at passengers to either put their shoes on the conveyor belt or in the bin according to whichever version is in effect at that checkpoint.)
It's much easier to punish passengers with "enhanced security" after the security bureaucrats fail yet again to connect the dots than to hold the bureaucrats accountable and fix the broken bureaucracy. So of course that's just what they're doing after the latest failure. The TSA exists to punish passengers for all the failures of the security apparatus, so the real culprits can continue to fail. And we can all admit they do a spectacular job of that!
I agree with Eponymous' comment back on 1/5. There has to be a system of mutual trust for the vast majority of the population who don't pose a risk. The Clear program was a good thought but badly executed. For example, I am a retired Navy officer with a TS clearance and I work as a DoD contractor. The Federal government has plenty of information on me. Couldn't there be a program accept the low risk of most people (via showing some kind of two factor authentication) and concentrate on people with a high degree of risk?
@Rebuttal - um, Sailer's post was a mainly a bunch of name calling, and several of the comments were rather thinly veiled racism.
Some of the other comments do add to the discussion, but I wouldn't call them 'clock-cleaning'.
I find it hilarious that Sailer labels Schneier a "liberal".
I guess these days anyone with a working brain is called a "liberal".
nope 151 proof rum, 101 whiskey, 100 plus proof tequila r just a few of the available flammable booze at duty free shops, i fly internationally at least once a yr and have looked... funny thing is i never buy because its cheaper here at home at places like costco so y buy at duty free
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..