Blog: November 2010 Archives

The Constitutionality of Full-Body Scanners

Jeffrey Rosen opines:

Although the Supreme Court hasn’t evaluated airport screening technology, lower courts have emphasized, as the U.S. Court of Appeals for the 9th Circuit ruled in 2007, that “a particular airport security screening search is constitutionally reasonable provided that it ‘is no more extensive nor intensive than necessary, in the light of current technology, to detect the presence of weapons or explosives.'”

In a 2006 opinion for the U.S. Court of Appeals for the 3rd Circuit, then-Judge Samuel Alito stressed that screening procedures must be both “minimally intrusive” and “effective” – in other words, they must be “well-tailored to protect personal privacy,” and they must deliver on their promise of discovering serious threats. Alito upheld the practices at an airport checkpoint where passengers were first screened with walk-through magnetometers and then, if they set off an alarm, with hand-held wands. He wrote that airport searches are reasonable if they escalate “in invasiveness only after a lower level of screening disclose[s] a reason to conduct a more probing search.”

As currently used in U.S. airports, the new full-body scanners fail all of Alito’s tests.

In other news, The New York Times wrote an editorial in favor of the scanners. I was surprised.

Posted on November 30, 2010 at 12:09 PM48 Comments

Mohamed Osman Mohamud

I agree with Glenn Greenwald. I don’t know if it’s an actual terrorist that the FBI arrested, or if it’s another case of entrapment.

All of the information about this episode — all of it — comes exclusively from an FBI affidavit filed in connection with a Criminal Complaint against Mohamud. As shocking and upsetting as this may be to some, FBI claims are sometimes one-sided, unreliable and even untrue, especially when such claims — as here — are uncorroborated and unexamined.

This, although old, is relevant. So is this, although even older:

The JFK Airport plotters seem to have been egged on by an informant, a twice-convicted drug dealer. An FBI informant almost certainly pushed the Fort Dix plotters to do things they wouldn’t have ordinarily done. The Miami gang’s Sears Tower plot was suggested by an FBI undercover agent who infiltrated the group. And in 2003, it took an elaborate sting operation involving three countries to arrest an arms dealer for selling a surface-to-air missile to an ostensible Muslim extremist. Entrapment is a very real possibility in all of these cases.

In any case, notice that it was old-fashioned police investigation that caught this guy.

EDITED TO ADD (12/13): Another analysis.

Posted on November 30, 2010 at 5:54 AM45 Comments

Zoo Security

From a study on zoo security:

Among other measures, the scientists recommend not allowing animals to walk freely within the zoo grounds, and ensuring there is a physical barrier marking the zoo boundaries, and preventing individuals from escaping through drains, sewers or any other channels.

Isn’t all that sort of obvious?

Posted on November 29, 2010 at 12:32 PM43 Comments

Causing Terror on the Cheap

Total cost for the Yemeni printer cartridge bomb plot: $4200.

“Two Nokia mobiles, $150 each, two HP printers, $300 each, plus shipping, transportation and other miscellaneous expenses add up to a total bill of $4,200. That is all what Operation Hemorrhage cost us,” the magazine said.

Even if you add in costs for training, recruiting, logistics, and everything else, that’s still remarkably cheap. And think of how many times that we spent in security in the aftermath.

As it turns out, this is bin Laden’s plan:

In his October 2004 address to the American people, bin Laden noted that the 9/11 attacks cost al Qaeda only a fraction of the damage inflicted upon the United States. “Al Qaeda spent $500,000 on the event,” he said, “while America in the incident and its aftermath lost — according to the lowest estimates — more than $500 billion, meaning that every dollar of al Qaeda defeated a million dollars.”

The economic strategy of jihad would go through refinement. Its initial phase linked terrorist attacks broadly to economic harm. A second identifiable phase, which al Qaeda pursued even as it continued to attack economic targets, is what you might call its “bleed-until-bankruptcy plan.” Bin Laden announced this plan in October 2004, in the same video in which he boasted of the economic harm inflicted by 9/11. Terrorist attacks are often designed to provoke an overreaction from the opponent and this phase seeks to embroil the United States and its allies in draining wars in the Muslim world. The mujahideen “bled Russia for 10 years, until it went bankrupt,” bin Laden said, and they would now do the same to the United States.

[…]

The point is clear: Security is expensive, and driving up costs is one way jihadists can wear down Western economies. The writer encourages the United States “not to spare millions of dollars to protect these targets” by increasing the number of guards, searching all who enter those places, and even preventing flying objects from approaching the targets. “Tell them that the life of the American citizen is in danger and that his life is more significant than billions of dollars,” he wrote. “Hand in hand, we will be with you until you are bankrupt and your economy collapses.”

None of this would work if we don’t help them by terrorizing ourselves. I wrote this after the Underwear Bomber failed:

Finally, we need to be indomitable. The real security failure on Christmas Day was in our reaction. We’re reacting out of fear, wasting money on the story rather than securing ourselves against the threat. Abdulmutallab succeeded in causing terror even though his attack failed.

If we refuse to be terrorized, if we refuse to implement security theater and remember that we can never completely eliminate the risk of terrorism, then the terrorists fail even if their attacks succeed.

Posted on November 29, 2010 at 6:52 AM61 Comments

Friday Squid Blogging: Studying Squid Hearing

At Woods Hole:

It is known now, through the work of Mooney and others, that the squid hearing system has some similarities and some differences compared to human hearing. Squid have a pair of organs called statocysts, balance mechanisms at the base of the brain that contain a tiny grain of calcium, which maintains its position as the animal maneuvers in the water. These serve a function similar to human ear canals.

Each statocyst is a hollow, fluid-filled sac lined with hair cells, like human cochlea. On the outside of the sac, the hair cells are connected to nerves, which lead to the brain. “It’s kind of like an inside-out tennis ball,” Mooney said, “hairy on the inside, smooth on the outside.”

The calcium grain, called a statolith, enables the squid to sense its position in the water, based on which hair cells it’s in contact with at a given moment. Normally it rests near the front of the sac, touching some of the hair cells.

Another article.

Posted on November 26, 2010 at 4:58 PM2 Comments

Psychopaths and Security

I have been thinking a lot about security against psychopaths. Or, at least, how we have traditionally secured social systems against these sorts of people, and how we can secure our socio-technical systems against them. I don’t know if I have any conclusions yet, only a short reading list.

EDITED TO ADD (12/12): Good article from 2001. The sociobiology of sociopathy. Psychopathic fraudsters and how they function in bureaucracies.

Posted on November 26, 2010 at 1:52 PM52 Comments

The DHS is Getting Rid of the Color-Coded Terrorism Alert System

Good. It was always a dumb idea:

The color-coded threat levels were doomed to fail because “they don’t tell people what they can do –­ they just make people afraid,” said Bruce Schneier, an author on security issues. He said the system was “a relic of our panic after 9/11” that “never served any security purpose.”

I wrote this in 2004:

In theory, the warnings are supposed to cultivate an atmosphere of preparedness. If Americans are vigilant against the terrorist threat, then maybe the terrorists will be caught and their plots foiled. And repeated warnings brace Americans for the aftermath of another attack.

The problem is that the warnings don’t do any of this. Because they are so vague and so frequent, and because they don’t recommend any useful actions that people can take, terror threat warnings don’t prevent terrorist attacks. They might force a terrorist to delay his plan temporarily, or change his target. But in general, professional security experts like me are not particularly impressed by systems that merely force the bad guys to make minor modifications in their tactics.

And the alerts don’t result in a more vigilant America. It’s one thing to issue a hurricane warning, and advise people to board up their windows and remain in the basement. Hurricanes are short-term events, and it’s obvious when the danger is imminent and when it’s over. People can do useful things in response to a hurricane warning; then there is a discrete period when their lives are markedly different, and they feel there was utility in the higher alert mode, even if nothing came of it.

It’s quite another thing to tell people to be on alert, but not to alter their plans, as Americans were instructed last Christmas. A terrorist alert that instills a vague feeling of dread or panic, without giving people anything to do in response, is ineffective. Indeed, it inspires terror itself. Compare people’s reactions to hurricane threats with their reactions to earthquake threats. According to scientists, California is expecting a huge earthquake sometime in the next two hundred years. Even though the magnitude of the disaster will be enormous, people just can’t stay alert for two centuries. The news seems to have generated the same levels of short-term fear and long-term apathy in Californians that the terrorist warnings do. It’s human nature; people simply can’t be vigilant indefinitely.

Another alert system to compare this one to is the DEFCON system. At each DEFCON level, there are specific actions people have to take: at one DEFCON level — and I’m making this up — you call everyone back from leave, at another you fuel all the bombers, at another you arm the bombs, and so on. What actions am I supposed to take when the terrorist threat level is Yellow? When it is Orange? I have no idea.

EDITED TO ADD (11/25): Good observation:

The DHS National Threat Advisory is a public alert system. That a public alert system is indicating imminent disaster is not surprising. In fact it’s inevitable. It’s the nature of public alert systems to signal imminent disaster at all times. I’ve composed “Blakley’s Law” (next time I come up with one of these I’ll rename this one “Blakley’s First Law”) to describe the phenomenon:

“Every public alert system’s status indicator rises until it reaches its disaster imminent setting and remains at that setting until it is retired from service.”

It’s easy to see why Blakley’s law holds: if something terrible happens and the alert status didn’t predict it, the keepers of the alert status will be blamed for not preparing us for the disaster. Setting the alert status to “Disaster imminent” when no disaster is likely costs the public some money and mental health, but it doesn’t hurt them in other ways. On the other hand, setting the alert status to “Don’t worry, be happy” just before a disaster does happen is the worst case for everyone – nobody prepares for the disaster, and the people in power lose their jobs for failing to prevent or prepare for the crisis.

Posted on November 25, 2010 at 6:39 AM43 Comments

New ATM Skimming Attack

In Europe, although the article doesn’t say where:

Many banks have fitted ATMs with devices that are designed to thwart criminals from attaching skimmers to the machines. But it now appears in some areas that those devices are being successfully removed and then modified for skimming, according to the latest report from the European ATM Security Team (EAST), which collects data on ATM fraud throughout Europe.

Posted on November 24, 2010 at 1:33 PM31 Comments

Sidebar photo of Bruce Schneier by Joe MacInnis.