Schneier on Security
A blog covering security and security technology.
« Google vs. China |
| Wrasse Punish Cheaters »
January 20, 2010
The Problems of Profiling at Security Checkpoints
Posted on January 20, 2010 at 6:41 AM
• 42 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
With toung very much in cheek I say "I told you so"
I have posted a few times over the past week or so about to things,
1, Stoping enumeration
2, Increasing the cost of enumeration.
And Oh in the BBC article where they use the "square root" they are actually using the wrong "windowing" profile. The Square root window applies to fully indipendant items under observation. Which does not apply to humans who travel...
So when are the BBC going to talk about making enumeration more expensive for terrorists which is the real key to making such systems work.
Well, the obvious reaction of wannabe terrorists to profiling will be to 'deprofile' themselves, thus lowering their chances of being caught (whether or not they understand the mathematics). Perhaps shaving, wearing the right clothes, having a plausible explanation for their itinerary, becoming a frequent traveler (knowing the drill) will certainly be helpful.
One of the things I learned as a frequent traveler is for instance that at Brussels airport you get told to wait at your luggage before being manually searched after the detector gate beeps at you. The loophole is obvious. (No, your luggage is not being rescanned, and in some instances they forget about you)
For airport security bosses it is perhaps wise to analyze how to spend their limited training resources; on profiling or on following procedures effectively.
Let's see: while they make us take off our shoes and our belts, ban us from the lavatory for the last hour of the flight, ban placing objects on our laps in the last hour of the flight, and all the other crazy stuff, now we should demand that they think logically and mathematically about profiling?
There is also a small difference between ElAl's intelligence led profiling and the proposed - only search anyone muslim/arab/brown skin.
There is also the slight problem of international cooperation - do you demand that Saudi airlines do extra screening of any of it's muslim passengers on flights into the US? Can Britain demand extra searches for anyone of Irish ancestry flying out of Boston?
Then who searches the searchers? The majority of security personnel at Vancouver airport are Sikh, yet Canada's only air terrorism was by Sikhs. So Canada should only search Sikhs? Obviously you can't allow Sikhs to do the searching, can you allow them to work at the airport at all? Can they work for the airline, for an aircraft maker?
Crazy bits and their talk of maths.
This reminds me of on the news the other day they were giving tips about how to tell if someone is a terrorist, I thought, easy, assume he is not, this will be right more often than any other method.
Nobody, the number of terrorist attacks on planes is so low that one should assume that none of the passengers on a plane has terrorist intent. The average passenger has under 1 in a million terrorist intent. When profiling is well done it may flag one in 10.000 passengers as "high risk", with a one in thousand or more probability of being a terrorist.
How do you treat someone where your "intelligence oracle" says he has 1% risk of being a dangerous terrorist (99% chance on a harmless innocent traveller)? Have him miss his plane with a three hour long interview and stripping him naked twice?
“If someone is stopped by security for extra checks because they seem to pose a potential risk, they are almost certainly innocent, Prof Spiegelhalter suggests.
“There are more than a 100 million people flying out of UK airports every year and you might be trying to foil one or two terrorist plots,” he says.
“Even if you had a profiling system that was 99.99% accurate, there would be 1 in 10,000 errors.
“If you consider that around 100 million people go through UK airports each year, that would mean 10,000 innocent people would trigger the system.”
“I would hope that in any training of staff, this is really rammed home.”
I hope someone reads that who controls UK airport security; things might become more civilized in the UK at least. Sadly there’s no hope that anyone in TSA could understand the concept.
"This reminds me of on the news the other day they were giving tips about how to tell if someone is a terrorist, I thought, easy, assume he is not, this will be right more often than any other method."
Bingo. And take the savings and put them into explosive detection research.
Figure that someone with a bomb in their luggage (or on their person) is more likely to be a terrorist or associated with a terrorist than the average passenger.
@Brandioch: "Bingo. And take the savings and put them into explosive detection research."
I agree. One major loss seldom calculated in all this is the opportunity cost of what could be done with wasted resources.
Remember the hollywood scenario to get around this, simply leverage someone with their personal attachments (aka loved ones). Suddenly the unprofilable granny is packing some fruit of the boom.
Yes, it's a good article but listening to the original More or Less podcast will give details of El Al successfully using profiling to prevent a pregnant woman travelling with a bomb that her boyfriend (and father of her unborn child) had secretly packed in her suitcase before dropping her off at the airport... there are some real lowlifes out there... but the More or Less podcast is well worth subscribing to!
@uk_visa: Its true that the intelligent profiling methods used by El Al (which unfortunately, would not scale up to larger airlines that process tens or hundreds of millions of passengers onto flights every year) helped prevent this one, extremely well known terrorist bombing attempt.
That does not justify trying to do it on a larger scale, though. Especially not with the huge expense, the likeliood of abuse (or at least, totally-undeserved bad treatment) of minorities or people with particular traits, etc. Its an expensive proposition, and a bad use of resources. (Like HJohn pointed out, there is a huge opportunity cost because those resources--the money, and the time of the security personnel--could be spent on other more effective measures).
I think a good way to select passengers for secondary screening is to select some percentage (perhaps 1 in 500) of passengers TOTALLY RANDOMLY for extra screening (i.e. they could literally use a handheld device with a hardware RNG in it). NO exceptions: if the device picks a 90-year old white woman in a wheelchair, or if it picks a 3-year old toddler or an infant, then thats who they screen. (Of course in those cases the secondary screening might be much quicker than if it turned out to select a 25-year-old muslim male...) And then allow the human security guys to select a further 1/10 as many (i.e. 1 in 5000) based on their intuitions, prejudices, profiling patterns, or whatever.
It would still be possible for terrorists to avoid the profiling patterns (if they could figure out what they were), but why would they bother, if they knew that >90% of the people selected for secondary screening were chosen totally at random by a computer. And it would mollify minorities if they knew that the decision to select them for secondary screening was made (at least 90% of the time) totally at random and with no human bias involved.
Everybody probably knows passengers with a muslim-sounding name, or dark skin, or who wear certain religious indicators, and who gets selected for secondary screening virtually any time they fly. We allow our airlines to treat them as second-class citizens, just because they were perceived as "different" from us during a seconds-long appraisal by a flawed human security drone who appraises thousands of people like that every day? Its offensive to their dignity, and if we as a society collectively had any balls and a well-developed sense of right and wrong, we would stand up and revile their treatment as wrong and take steps to put a stop to it.
[Another thought: perhaps a 1-in-500 chance of being caught is not enough to deter terrorists to any significant degree, nor enough to catch terrorists. In which case, secondary screening should be only used for cases where it will give a higher rate of return--such as when suspicious substances are detected on the passenger or their baggage.]
Lying with statistics. "that would mean 10,000 innocent people would trigger the system" is very misleading. It's true because there are so many innocent people flying. Another way of stating it is that of every 10,000 terrorism attempts, only one would not be flagged for extra screening. Of course this is a completely hypothetical error rate, so it doesn't mean anything.
Exactly how many "terrorists" have the existing measures detected? From the deafening silence it would appear that not one terrorist has ever been caught before they got on the plane.
When I read the article I couldn't help but to think about the parallels in the credit card fraud detection industry.
How successful is credit card profiling? What are the failures and successes? Can the approaches and/or technology in credit systems be applied to travel?
One difference I see is that credit card companies worry about getting to a manageable level of fraud. Whereas with air travel, one mistake is one too many.
Profiling has failed us; we don’t need profiling to identify Individuals like the Christmas-Day Bomber or the Fort Hood Shooter! There is a better solution!
Virtually all media outlets are discussing whether we should be profiling all Arab Muslims; I will in the one-page explain why we don’t need profiling. Over 15 years ago, we at the Center for Aggression Management developed an easily-applied, measurable and culturally-neutral body language and behavior indicators exhibited by people who intend to perpetrate a terrorist act. This unique methodology utilizes proven research from the fields of psychology, medicine and law enforcement which, when joined together, identify clear, easily-used physiologically-based characteristics of individuals who are about to engage in terrorist activities in time to prevent their Moment of Commitment.
Since the foiled terrorist attack by Umar Farouk Abdulmutallab, the Nigerian national on Northwest Flight 253 to Detroit, the President has repeatedly stated that there has been a systemic failure as he reiterates his commitment to fill this gap in our security. This incident, like the Fort Hood shooting, exemplifies why our government must apply every valid preventative approach to identify a potential terrorist.
The myriad methods to identify a terrorist, whether “no-fly list,” “explosive and weapons detection,” mental illness based approaches, “profiling” or “deception detection” - all continue to fail us. Furthermore, the development of deception detection training at Boston Logan Airport demonstrated that the Israeli methods of interrogation will not work in the United States.
All media outlets are discussing the need for profiling of Muslim Arabs, but profiling does not work for the following three reasons:
1. In practice, ethnic profiling tells us that within a certain group of people there is a higher probability for a terrorist; it does not tell us who the next terrorist is!
2. Ethnic profiling is contrary to the value our society places on diversity and freedom from discrimination based on racial, ethnic, religious, age and/or gender based criteria. If we use profiling it will diminish our position among the majority of affected citizens who support us as a beacon of freedom and liberty.
3. By narrowing our field of vision, profiling can lead to the consequence of letting terrorists go undetected, because the terrorist may not be part of any known “profile worthy” group – e.g., the Oklahoma City bomber, Timothy McVeigh
Our unique methodology for screening passengers can easily discern (independently of race, ethnicity, religious affiliation, age, and gender) the defining characteristics of human beings who are about to engage in terrorist acts.
The question is when will our government use true “hostile intent” through the “continuum of aggressive behavior” to identify potential terrorists? Only when observers focus specifically on “aggressive behavior” do the objective and culturally neutral signs of “aggression” clearly stand out, providing the opportunity to prevent these violent encounters. This method will not only make all citizens safer, but will also pass the inevitable test of legal defensibility given probable action by the ACLU.
As our Government analyzes what went wrong regarding Abdulmatallab’s entrance into the United States, you can be assured that Al Qaeda is also analyzing how their plans went wrong. Who do you think will figure it out first . . . ?
Visit our blog at http://blog.AggressionManagement.com where we discuss the shooting at Fort Hood and the attempted terrorist act on Flight 253.
@Nomen Publicus: Exactly how many "terrorists" have the existing measures detected? From the deafening silence it would appear that not one terrorist has ever been caught before they got on the plane.
@Phil: How successful is credit card profiling? What are the failures and successes? Can the approaches and/or technology in credit systems be applied to travel?
Sometimes, successes are tough to measure because they don't take deterence into account. Think speed limits: the number of people adhering to speed limits isn't necessarily the number of people who would speed if they knew they would not get clocked.
I can think of examples for both your discussions. Security personnel can go years without detecting guns, but that does not mean metal detectors have no value. Eliminate them, and you'd have guns very soon.
Same with credit card fraud. Skilled fraudsters adjust their tactics. Some unskilled fraudster wannabes don't even try knowing the controls are in place.
In the case of guards forgetting about passengers whose bags have triggered an alert, the procedural breakdown at Brussels it more likely the product of a system that does not allow for sufficient time to follow procedure. It is a management failure, but not in regards to procedural compliance training. It is a matter of poor design.
Guards don't make the decisions regarding procedure. They have been reduced to mindless drones on the theater assembly line. It is one of the prime failings of our present system. The idea of employing "people who can think and make decisions" is an anathema to the security industry. It destroys their whole business model.
@John Byrnes: "3. By narrowing our field of vision, profiling can lead to the consequence of letting terrorists go undetected, because the terrorist may not be part of any known “profile worthy” group – e.g., the Oklahoma City bomber, Timothy McVeigh"
Or if Joe Jihad tricks the nearly completely risk free Ma Kettle, Stevie Wonder, Kenny Kindergarten, or Wanda N. Wheelchair into smuggling something on the plane for him knowing they probably won't be screened.
Create an easy way (trusted group) and a hard way (profiled and heavily screened group) you invite attackers to exploit the easy way.
Is this a good time for a commercial plug? I have a supply of devices that will glow red in the close presence of terrorists on a mission, and for deception purposes look like ordinary rocks at all other times. I guarantee 99.9999% accuracy when used for domestic US flights (the failure rate in Israel might be slightly higher), and the fact that there are no false positives will recommend it to the ACLU and similar organizations. How many other detection methods can guarantee six nines of accuracy?
For added security, I do recommend screening passengers for guns and explosives, and my reasonable prices will not preclude these additional layers.
@ HJohn, Nomen Publicus, Phil,
All comes around to the age old "Defense spending appropriations" question "are we spending to much or to little on defense".
Historicaly there has only been one answer,
"If we have not been attacked then probably to much, if we have been attacked then probably to little".
Has a major flaw in it which is the time element. Or How much less would we need to spend today if we had spent X yesterday (/last year/year befor that/etc/etc).
Thus not only is there a optimum spend, each component of that spend is also subject to an optimum time.
All of which has one major problem "how do you test it" in a legal/moral/safe way.
Which brings me onto Nomen Publicus's point,
"Exactly how many "terrorists" have the existing measures detected? From the deafening silence it would appear that not one terrorist has ever been caught before they got on the plane."
In the UK the authorities would argue several and the US authorities would argue on or two.
However they did not commit an act of terror so all they technicaly are is conspiritors and their guilt at that depends on how a jury can be "credibaly frightened" into beliveing the prosecution case about possible evidence.
Which kind of boils down to the old argument of "I say there is a God but it is also the Devil" to which another person would say (quite rightly) "Prove your argument".
Which brings me around to Phil's question,
"How successful is credit card profiling? What are the failures and successes? Can the approaches and/or technology in credit systems be applied to travel?"
To which the answer is yes. But there is then the issue of can the profiling be "gamed" to which the answer is yes if the "test subject" knows or can make a reasonable guess at the rules used to profile.
And this is a subtal point profiling is actually applying logic to probability. The logic is pattern matching of some kind.
Here is a thought for you all to think about "pattern matching" is a form for "sampling" (as in signal processing) and this has a field of mathmatics of it's own.
One interesting effect seen in sampling is "fuzzing" that is where you modulate the sample and hold signal with a jitter signal (time) but also by adding in jitter in the amplitude axis as well.
There are various other tricks as well such as oversampling. The net effect is to pull a signal out of the noise.
The problem is the signal has to have a predictable nature that can be used to build up an average over random noise.
Is it possible to produce another signal that can be used to change a "looked for signal" from one type of signal (High Risk) to another kind of signal (low risk).
I think all of you would all agree that the answer is yes.
The question then arises is it possible to detect either the effect of the change signal or the change signal it's self. And surprisingly the answer turns out to be yes because it is "determanistic in nature" but more importantly is an "active feed back" signal. That is it's presense can be detected by the way it responds to step inputs.
Oddly we also know about this from some interegation techniques which detect hinky.
If an interegator throws in a "wtf" question people who are inocent tend to respond to it randomly, people who are trying to cover up something respond in a predictable way in that they try to minimise the error signal.
Thus if I ask you a series of questions that are designed to get at something you may be hiding your "change signal" will be able to make a limited prediction and thus provide a correction prior to the next probable question (the old "I know where this is going" feeling).
However a random "wtf" question will cause an error signal to be generated as it was not what was expected.
In an "active feedback system" this signal can "over compensate" and thus produce a visable signal of it's own.
If you know when to throw in "wtf" questions you will be able to get the over compensation signal to stand out nice and clear, and make it amenable to detection by all the other little signal processing tricks to pull signals out of noise.
That is you are forcing a signal to be generated by an "active feedback" system that you can correlate out from the noise by coherant detection. However if there is no active feedback system it will just produce a random signal with low corelation to the "wtf" questions.
Have a think on it and let me know what you think or ask questions if you want further info.
In your answer to Derob,
"In the case of guards forgetting about passengers whose bags have triggered an alert, the procedural breakdown at Brussels it more likely the product of a system that does not allow for sufficient time to follow procedure."
It is actually one thing I have thought about and it is technicaly a "queing capacity error".
That is most people assume "average" capacity / through put / etc. And also assume that the over flow will occure randomly and thus is not an issue as it will "average out" (sadly many process and security engineers assume this as well and they realy should know better).
As such It is as you say "a management failure but not in regards to procedural compliance training. It is a matter of poor design."
The thing is you can not design out a queing capacity error on a continuous process, except by making capacity always greater than any potential que.
There are several ways to do this
The first is a fixed rate of input which is less than the time of the longest process. Thus the process is guarenteed to finish before the next input item and no que is formed (this generaly works for walk through metal detectors).
The second is a controled variable rate of input where you stop or slow the input rate when the que gets above a certain threashold and start or increase the input rate when the que gets below a certain threshold.
And several other less well known ways, one of which is to make the processing time variable. That is when the que reaches a certain size you either stop or lessen the processing (which is effectivly what has happened).
Unfortunatly the first and second do not work simply because the process must get all input processed in a given time period (that is a flight should not leave without a passenger who has baggage on the flight).
The consiquence of the third option is that observation alone will tell you the charecteristics of the system, specificaly the longest process time and at what point the processing effectivly stops.
Thus a terrorist can easily game the system, simply by forcing a greater than average number of inputs into the longest process forcing it to be bypassed or further gamed.
One way might be to drop a load of small pieces of slightly sticky tin foil in the checkin area some of these will end up on peoples feet as they go through the metal detector the number of positives rise, the que for wanding down builds to maximum a que error now occures.
The normal response is to divert the excess around the process (a win for the terrorists), the correct response given input and output constraint is to randomly select people from the que to be fast checked ie just wanded from the knees for arguments sake (another win for the terrorists). However even this will with a large enough positive input fail at a predictable point. So either the test subject gets through unprocessed (terrorist win) or the output is starved and flights held (terrorists score a draw). At some point the input has to be stoped at which point the whole process has failed and the terrorists have drawn.
Thus you have a game where the terrorist game it so they either "win or draw" whilst security "draw or lose".
This is irrespective of what managment plan to do unless they have unlimited and imediatly available resources (which we know the do not).
Worse we also know that the que issue gets significantly worse the smaller the margin of excess process resources is too the average need for the resources.
And we also know that the whole security system must due to shareholder requirment (ie profit) must keep the excess process resources to zero.
Not a plesant thought...
The way to stop the process being gamed by the terrorists is simple to describe.
1, You stop the possability of "observation only" process enumeration by them.
2, You put a very real and significant cost onto the terrorists to "test the system" such that they do not have the resources to enumerate the process.
I've described how you do this in posts I have made on this blog since "Capt Underpants" failed to "blow his own" as it where ;)
The article makes a good case for behavioral profiling. It is obvious that the author and her sources have no experience or understanding of how a well designed behavioral profiling system would (and does) work.
All good behavioral profiling systems will have a merged level of randomness and passenger relational cross checks for everyone. It does not stand on its own, but is only a very useful tool to limit the number and categories of individuals that require the attention of limited resources.
A factor not often understood is that any human evolvement in screening is subject to failure due to normal human frailties, no matter how well paid or motivated they are. Among these is susceptibility to: boredom (1 chance in 100,000 that you will detect a bad guy?), bribery, blackmail, intimidation, job dissatisfaction, a bad day (not feeling well, hung over, marital problems), distraction, or intimidation.
Reducing the sample set to be looked at closely and increasing the probability that you will detect a high-risk passenger lessens the boredom and makes the management task of finding, keeping and monitoring good screening personnel easier. The screening process also becomes self-auditing in that over-ride of a high-risk assessment would normally require approval of more than one person. This mitigates many of the human frailties that cause problems when everyone or even a large sample set are screened to the same level.
Then of course you have more time and less space and equipment required for the same number of travelers. This means lower net costs over time. The majority of passengers is spending much less time in the process and will have a much safer journey.
There is a paper on the subject at http:\\fraudfreeid.com/Documents/Behavioral%20Profiling.pdf . Another in depth paper on a potential overall solution is awaiting release.
In any case selecting 10,000 for added attention is better than subjecting all 100 million or even the 1 million or so needed to get a reasonable shot at detecting a bad guy. If 1 in 100,000 is a bad guy then sampling 1 in 100 gives you virtually zero chance of detecting them!
A significant percentage (>1%) of the traveling public fall into one of the "obviously not a risk" categories. A 1 in 100 random search would target them 10,000 times for sure for each 100 million travelers! These numbers are all fictitious and have no basis in reality so arguments either way are meaningless.
@DayOwl and Clive:
I was talking about training resources since the context was training for profiling. Obviously, it does not make sense to improve training if the general design of the security check is poor. But they should not use the training budget for that.
I think indeed the layout of the checks in BXL is very poor and at least part of the problem. They have groups of facing checks, which means two rows of passengers pass through two unseparated gates in the middle, with on their side the two belts and x-ray machines. Since the two rows start intermingling as soon as they passed the gates, this leads to chaos, even when it is NOT busy. Training does not help here, but perhaps putting a (transparent) wall in the middle might.
Yesterday someone walked through the controls at Munich (Germany) airport and the explosive detectors sniffed something on his laptop. So the guy just grabbed his laptop, walked on into the croud and vanished.
I perfectly understand the security personal. They NEVER had a real positive, just always false positive and followed by pissed off business men who miss their flight,
"Yesterday someone walked through the controls at Munich (Germany) airport"
Ahh, I have happy memories of Munich and it's airport. Sadly the last time I was there we where being "pulled out" due to the wall being pulled down.
"and the explosive detectors sniffed something on his laptop."
Yup happens way more often than people are aware of. Some common explosives are so ubiquitus that they are more "trace" than cocaine, and that's in just about every wallet with US curancy in it and many besides.
"So the guy just grabbed his laptop, walked on into the croud and vanished."
Yup least suspicious behaviour he could have done ;)
As you say,
"always false positive and followed by pissed off business men who miss their flight."
I must admit I would like to see the stats on minor injuries and worse in airports since the introduction of "9/11" measures.
I sometimes wonder if more people have been killed (than the total number of 9/11 pasangers and air crew) since then by the measures designed to save their lives at the airport. Either at the airport or soon there after (stress deaths are afterall almost a big a killer as some social habits).
Can you imagine the roar thats going on in german Department of the Interior right now ?
He's gone, they can't find him, nothing on security TV either. No planes blown up so far, as well.
Concerning common explosives:
For example nitroglyzerin, used in medication for heart problems
"For example nitroglyzerin, used in medication for heart problems"
Yup TGN is just one of such medicinal explosives.
Then there is old style plastics (nitro celulose) and laminating on playing cards.
Oh and don't forget nitrates used in preserving meat, carden soil improvers.
Then cosmetcs and paints,
Even solvents etc etc.
The more you look into it the more you wonder why people don't just spontaniously explode ;)
Oh and some of the explosives are very darn difficult to detect even with the latest sniffers etc.
Oh and also in Germany (and most of Europe except the UK) you have sports gun users for hunting target practice etc, then there are others who do...
Hmm I think most people get the idea (except the TSA, who are still searching for silver bullets ;)
So thats obvious:
With nitrate detectors you will never find silver bullets :D
Sorry I missed your reply when scanning down with my decrepit old eye.
With regards to,
"I was talking about training resources since the context was training for profiling."
Yup it's baddly spent currently for a whole multitude of reasons so is a resource/tax waste.
"Obviously, it does not make sense to improve training if the general design of the security check is poor. But they should not use the training budget for that."
No however I think we would be better served by just re-build large chunks of airports. If we had started back last decade it would all have been done now and probably at less cost.
However whatever they do there is no way around a whole heap of problems. And simply doing nothing in the vague hope it will all go away is not working either.
The simple solution is for the US to designate large tracts of land as "no habitation or use" and put the airports there. The important feature being it alows aircraft in to the US with reduced colateral ground risk.
But that would not happen as it's politicaly unacceptable to the US citizens. So the US Gov is forcing their problem into other peoples regeions and forcing them to use up other countries tax income to protect US interests.
Another way of stating it is that of every 10,000 terrorism attempts, only one would not be flagged for extra screening.
Thing is that terrorism is so uncommon that 10,000 terrorism attempts might well take a long time. If you are only interested in terrorism attempts against passenger airliners that amount of time could well be in excess of 10,000 years. Even including all types of terrorism attempts worldwide you could still be looking at decades.
Yes, that's right. So with a 99.99% accurate system, that's the time scale that you'd be looking at for someone to bypass extra security checks. This totally doesn't support the point of the article (attempting to show that profiling is ineffective). The primary goal of profiling should not be to insure that you're aren't examining innocent people too closely, it should be to insure that you are giving extra attention to guilty people. Even if profiling doesn't catch a significant number of terrorists, it has value as a deterrent.
I'm not so sure about the WTF system. I think for many travelers, avoiding the attention of screeners has become a goal they actively pursue. Thus, you may get similar patterns from those with unwholesome intentions and from ordinary people who just want to be left alone.
More thorough checks, draconian sanctions if they find something (e.g., making you miss your plane), and inflexible procedures probably contribute to making this worse. In the pre-9/11 world, I didn't think of the screeners as potential enemies, because I didn't carry anything obviously dangerous.
Nowadays, I have to worry that the harmlessness of the things I carry may not be obvious enough. Thus I try to steer attention away from them.
Such things include unusual electronics (including prototypes or DIY devices) and medical supplies (including short and thin needles that, when applied, either go completely unnoticed or cause a bit less pain than the average gnat bite.)
"I didn't think of the screeners as potential enemies, because I didn't carry anything obviously dangerous."
Yes this is a problem I have thought about and actually (kind of) addressed on another thread on this blog.
It's actually opional "pre-screening". At the least you get a paper check list that lists common items that people might not think are a risk for people to go through their pockets and carry on. The last check is "if you are not sure ask at the security point".
Thus if you take the time to arive a little early get the check list go through it and have any "I'm not sures" you go and ask. The people at the pre-security point will say yes or no and offer ways to deal with a no (such as put in your checked baggage or put in a jiffy bag and post / couurier etc). If they ok something they log the fact that you have asked and put a sticky label or somesuch on the item and put it in a checked bag.
If flight security screening does pull out the item you asked to be checked then no real penalty is handed out to you provided the bag is still sealed and meets the inventory list that pre-security made.
Not perfect but it makes the pre-security people appear normal helpfull and friendly and thus a person who does not bother to use the service realy only has themselves to blaim when they get pulled over at flight security with contraband.
Yup it's carrot and stick which has worked for training animals, children and some adults for hundreds if not thousands of years.
It might have it's problems those I'm still thinking through and as always I would be gratefull if others can think up pros and cons as that way we might move forward to a more sensible and cost effective solution (if that's what people actually want).
Hmm, interesting idea. But would it really make a difference ? The items I'm talking about aren't the sort that would get you prosecuted, but they rather fall into that gray zone between obviously safe and obviously dangerous where one is at the mercy of the screeners.
The effective penalty would be confiscation, missing one's flight, or restriction of the access to the item. (The latter may seem harmless, but think of insulin and a long-distance flight. Even having to summon a cabin attendant for each shot would be messy, particularly considering that most of this would happen during meals, when they're already quite busy.)
Unless the pre-screening tag can override the decisions of later screening, not much would be gained. And having a "FNORD" tag may open a quite exploitable hole of its own.
If the regular baggage screeners are still at liberty to cause trouble, it might still be a better strategy to try avoid their attention as much as possible. This would include not using pre-screening services that tag items.
What might work would be a pre-screening service that's not only optional to use but whose findings can also be ignored at no disadvantage. They may not even have to hand out FNORD tags for items they consider harmless, but instead a ticket that explains why.
That way, the passenger could present information in his or her favour to the regular baggage screener, plus there would be a - hopefully senior - contact who had already gone through this decision-making process under less rushed conditions.
The challenge would be then to make sure this ticket couldn't still be used as a FNORD tag.
And, of course, any systems that offers passengers carrying suspicious items a second chance at slipping through detection is probably politically very infeasible ...
You have caught me out not explaining things properly.
When I said pre- security tagged, inventoried and baged, I did not mean to imply it should not be scaned at flight security, just that if flight security thought it not safe for some reason then the person should not suffer the penalties.
However as you point out this can still be used to game the system.
The trick (and this the bit that needs more thinking) is how to make it minimaly invasive for passengers who go through one process a blunt reminder to those who should no better but "are to important" and those who are working for criminals.
Thus rob the criminals of a penalty free run to enumerate the system and in the speciffic case of terrorists get the "smart ones" onto the radar etc and thus severly limit their usefullness as "Clean DNA".
The idea is to make it impossible for a terrorist group to remain small thus making the likley hood of breakup into factions insiders talking in the wrong way and all those other little things that are much much easier to handle when you have a cell of two or three pluss a contact up the chain.
As was once pointed out "roaches hide under rocks, if you don't have what a roach thinks is a rock it has to change it's safe behaviour or stay away, either is to your advantage".
@Clive Robinson: "if flight security thought it not safe for some reason then the person should not suffer the penalties"
I'm not sure if we're talking about the same kind of penalties. The items I'm talking about are of the "if we find it, we'll take it away" type, not the "if we find it, we take you away" type.
So if the worst-case result is that the item de facto gets confiscated in either case, there's little point in drawing attention to it.
Of course, if you want to make sure people do announce everything they have (hey, why not require a written and signed inventory of the content of your carry-on luggage at each checkpoint ?), you could make the worst case worse. Not sure if a world where the forgotten nail cutter or water bottle gets you imprisoned would be a better place, though.
"I'm not sure if we're talking about the same kind of penalties. The items I'm talking about are of the "if we find it, we'll take it away" type, not the "if we find it, we take you away" type."
No and yes. I find the taking away of personal property inequitas unless due legal process has been followed.
Yes there are items (tools of crime) which should be out right prohibited, and there are some in that hugh set between out right prohibited by law and ok to travel with. This "maybe" set should be reduced.
In one of my posts I mentioned that the pre-security should provide you with ways or access to them that allow you to mitigate an inadvertant mistake.
I made one once of putting on the wrong coat due to a change of weather and forgot to check the pocket where I'd left my Swiss Army knife that had been a gift from somebody nolonger with us. I found it after checking my luggage but about two hours before I had to hit the departure gate. I ended up running all over Heathrow airport just to get a jiffy bag and stamps and then finding out they had blocked the post boxes up. I eventually ran to the nearest hotel and dropped it in their post box and ran back.
I don't belive simple mistakes should be penalised especialy when they keep changing the rules or making them up as they go along (their failing not ours).
With regards needles etc yup been there I have one time use fragmin injections and a positive airway breathing equipment and yes they do make a fuss about it and I have to grit my teeth, and it should not be a necesity.
Pre-screening should be able to warn the flight security I'm commig so they can deal with scanning it in a considerate fashion not the mess it currently is (and yes I do belive it should be scanned). What we currently have is neither one thing or another and at the very least it is a very bad joke.
We need clear rules that can be checked easily without scanning equipment. If illegal contraband is found at any point then it should be treated as such. And people should not be in fear of arbitary rules over personal items.
If people have an uncertainty over their legaly owned and quite legitimate items then they need to be able to get a yes or no prior to departure. If a no then there should be a way for them to post the item home or give to fedex to forward. Not have it conviscated and put up for auction to raise money by an agency or it's employees.
There has to be a way to do this that also makes life difficult for the criminal be they smuggler or terrorist.
The real question is how...
And that is what I'm trying to work towards, because it is easier to argue with authority by having a solution that they have to argue against than it is to tell them they should find a solution.
Especially when the risk is currently so small.
@Clive Robinson: ''This "maybe" set should be reduced.''
Okay, we're on the same page. I would also add that his reduction should be towards the well-defined end where things are prohibited by current law, not the fuzzy one.
"[Warning] flight security [that you're] coming" sounds a bit like my idea of giving people a ticket that explains why the item is okay and that gives a trusted contact that can explain further.
"If a no then there should be a way for them to post the item home or give to fedex to forward."
I think FedEx may rather like this idea :-) But I agree that this could indeed be a useful service.
One risk would be that the pre-screeners get overly cautious. If they give you a green flag but one of the screeners following them (i.e., the one for boarding and also those at connections) rejects it, you'll be quite angry. If they give you a red flag, you ignore them, and you get caught, then their behind is covered and their credibility gets a boost. If they give you a red flag, you ignore them, and you pass unmolested, they only suffer a very tiny loss of credibility. If they give you a red flag and you pick a different means of shipment, you'll incur a significant cost and nobody will ever find out if they were right or wrong.
So it seems that a good strategy for the pre-screeners would be to err massively on the side of caution. Besides, after encountering the first item they advise you to send with FedEx, the barrier of adding more items to the envelope is even lowered.
"There has to be a way to do this that also makes life difficult for the criminal be they smuggler or terrorist."
I think we have this. If they use the pre-screening service, the risk of clearly illegal items being discovered increases. If they don't, their luggage should have a slightly higher risk of drawing attention for unrelated reasons. If they try to counter this by eliminating all other items that could possibly look suspicious, they also remove potential camouflage.
"Okay, we're on the same page."
"I would also add that his reduction should be towards the well-defined end where things are prohibited by current law, not the fuzzy one."
Yes as I see it there are several classes of item,
2, Requires personal licence to own/operate.
3, Prohibited from use or to be carried in Aviation (FAA restriction etc).
4, Currently clearly stated by TSA.
5, What TSA personel claim is prohibited.
6, All other reasonable items.
The first three are covered by legislation that a court will (probably) support.
The forth catagory should be properly documented along with a why they are restricted and also from carry on, hold luggage etc etc, allong with what constitutes an exception and why and what form it has to be in with what traceability.
As for the "maybe" group of catagory 5 and fall outside of catagory 6. Again their needs to be a clear documented procedure which effectivly shunts them into catagory 4.
Catagory 6 is there to distinquish between ordinary items that of type are not risky but may have unacceptable charecteristics or atributes such as a particular dimmension, volume, mass or material.
You may have also noticed that the order starts with speciffic items and moves through classes of items through to attributes of items.
However I am aware of how this could also be gamed in various ways not just for illegal activities.
Although I'm not trying to find a way to make the TSA more "cuddley" I am trying to remove a lot of the arbitary nature of things.
Partly it will make the TSA more proffesional, partly it will take a lot of the "room 101" asspect out of the flight security screening. But also it will in the end lead to better aviation safety rules globaly.
I still have memories of many years ago being on a "regional" flight where the locals killed cooked and ate their in flight chicken and rice meal and boild the water to make coffee. They of course thought nothing of it, me I could not help thinking of the tanks of high octaine av-gas and god alone knows what else in the cargo nets behind us. I'm told that some of those DC3's where also still flying even after 1,000,000 miles on the clock...
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.