Schneier on Security
A blog covering security and security technology.
« How Information Warfare Changes Warfare |
| Outliers in Intelligence Analysis »
April 16, 2012
Hawley Channels His Inner Schneier
Kip Hawley wrote an essay for the Wall Street Journal on airport security. In it, he says so many sensible things that people have been forwarding it to me with comments like "did you ghostwrite this?" and "it looks like you won an argument" and "how did you convince him?"
(Sadly, the essay was published in the Journal, which means it won't be freely available on the Internet forever. Because of that, I'm going to quote from it liberally. And if anyone finds a permanent URL for this, I'll add it here.)
Any effort to rebuild TSA and get airport security right in the U.S. has to start with two basic principles:
First, the TSA's mission is to prevent a catastrophic attack on the transportation system, not to ensure that every single passenger can avoid harm while traveling. Much of the friction in the system today results from rules that are direct responses to how we were attacked on 9/11. But it's simply no longer the case that killing a few people on board a plane could lead to a hijacking. Never again will a terrorist be able to breach the cockpit simply with a box cutter or a knife. The cockpit doors have been reinforced, and passengers, flight crews and air marshals would intervene.
This sounds a lot like me (2005):
Exactly two things have made airline travel safer since 9/11: reinforcement of cockpit doors, and passengers who now know that they may have to fight back.
I'm less into sky marshals than he is.
Second, the TSA's job is to manage risk, not to enforce regulations. Terrorists are adaptive, and we need to be adaptive, too. Regulations are always playing catch-up, because terrorists design their plots around the loopholes.
Me in 2008:
It's this fetish-like focus on tactics that results in the security follies at airports. We ban guns and knives, and terrorists use box-cutters. We take away box-cutters and corkscrews, so they put explosives in their shoes. We screen shoes, so they use liquids. We take away liquids, and they're going to do something else. Or they'll ignore airplanes entirely and attack a school, church, theatre, stadium, shopping mall, airport terminal outside the security area, or any of the other places where people pack together tightly.
These are stupid games, so let's stop playing.
He disses Trusted Traveler programs, where known people are allowed bypass some security measures:
I had hoped to advance the idea of a Registered Traveler program, but the second that you create a population of travelers who are considered "trusted," that category of fliers moves to the top of al Qaeda's training list, whether they are old, young, white, Asian, military, civilian, male or female. The men who bombed the London Underground in July 2005 would all have been eligible for the Registered Traveler cards we were developing at the time. No realistic amount of prescreening can alleviate this threat when al Qaeda is working to recruit "clean" agents. TSA dropped the idea on my watch -- though new versions of it continue to pop up.
Me in 2004:
What the Trusted Traveler program does is create two different access paths into the airport: high security and low security. The intent is that only good guys will take the low-security path, and the bad guys will be forced to take the high-security path, but it rarely works out that way. You have to assume that the bad guys will find a way to take the low-security path.
Hawley's essay ends with a list of recommendations for change, and they are mostly good:
What would a better system look like? If politicians gave the TSA some political cover, the agency could institute the following changes before the start of the summer travel season:
1. No more banned items: Aside from obvious weapons capable of fast, multiple killings -- such as guns, toxins and explosive devices -- it is time to end the TSA's use of well-trained security officers as kindergarten teachers to millions of passengers a day. The list of banned items has created an "Easter-egg hunt" mentality at the TSA. Worse, banning certain items gives terrorists a complete list of what not to use in their next attack. Lighters are banned? The next attack will use an electric trigger.
Me in 2009:
Return passenger screening to pre-9/11 levels.
2. Allow all liquids: Simple checkpoint signage, a small software update and some traffic management are all that stand between you and bringing all your liquids on every U.S. flight. Really.
This is referring to a point he makes earlier in his essay:
I was initially against a ban on liquids as well, because I thought that, with proper briefing, TSA officers could stop al Qaeda's new liquid bombs. Unfortunately, al Qaeda's advancing skill with hydrogen-peroxide-based bombs made a total liquid ban necessary for a brief period and a restriction on the amount of liquid one could carry on a plane necessary thereafter.
Existing scanners could allow passengers to carry on any amount of liquid they want, so long as they put it in the gray bins. The scanners have yet to be used in this way because of concern for the large number of false alarms and delays that they could cause. When I left TSA in 2009, the plan was to designate "liquid lanes" where waits might be longer but passengers could board with snow globes, beauty products or booze. That plan is still sitting on someone's desk.
I have been complaining about the liquids ban for years, but Hawley's comment confuses me. He says that hydrogen-peroxide based bombs -- these are the bombs that are too dangerous to bring on board in 4-oz. bottles, but perfectly fine in four 1-oz bottles combined after the checkpoints -- can be detected with existing scanners, not with new scanners using new technology. Does anyone know what he's talking about?
3. Give TSA officers more flexibility and rewards for initiative, and hold them accountable: No security agency on earth has the experience and pattern-recognition skills of TSA officers. We need to leverage that ability. TSA officers should have more discretion to interact with passengers and to work in looser teams throughout airports. And TSA's leaders must be prepared to support initiative even when officers make mistakes. Currently, independence on the ground is more likely to lead to discipline than reward.
This is a great idea, but it's going to cost money. Being a TSA screener is a pretty lousy job. Morale is poor: "In surveys on employee morale and job satisfaction, TSA often performs poorly compared to other government agencies. In 2010 TSA ranked 220 out of 224 government agency subcomponents for employee satisfaction." Pay is low: "The men and women at the front lines of the battle to keep the skies safe are among the lowest paid of all federal employees, and they have one of the highest injury rates." And there is traditionally a high turnover: 20% in 2008. The 2011 decision allowing TSA workers to unionize will help this somewhat, but for it to really work, the rules can't be this limiting: "the paper outlining his decision precludes negotiations on security policies, pay, pensions and compensation, proficiency testing, job qualifications and discipline standards. It also will prohibit screeners from striking or engaging in work slowdowns."
TSA workers who are smart, flexible, and show initiative will cost money, and that'll be difficult when the TSA's budget is being cut.
4. Eliminate baggage fees: Much of the pain at TSA checkpoints these days can be attributed to passengers overstuffing their carry-on luggage to avoid baggage fees. The airlines had their reasons for implementing these fees, but the result has been a checkpoint nightmare. Airlines might increase ticket prices slightly to compensate for the lost revenue, but the main impact would be that checkpoint screening for everybody will be faster and safer.
Another great idea, but I don't see how we can do it without passing a law forbidding airlines to charge those fees. Over the past few years, airlines have drastically increased fees as a revenue source. Sneaking in extra charges allows them to advertise lower prices, and I don't see that changing anytime soon.
5. Randomize security: Predictability is deadly. Banned-item lists, rigid protocols -- if terrorists know what to expect at the airport, they have a greater chance of evading our system.
This would be a disaster. Actually, I'm surprised Hawley even mentions it, given that he wrote this a few paragraphs earlier:
One brilliant bit of streamlining from the consultants: It turned out that if the outline of two footprints was drawn on a mat in the area for using metal-detecting wands, most people stepped on the feet with no prompting and spread their legs in the most efficient stance. Every second counts when you're processing thousands of passengers a day.
Randomization would slow checkpoints down to a crawl, as well as anger passengers. Do I have to take my shoes off or not? Does my computer go in the bin or not? (Even the weird but mostly consistent rules about laptops vs. iPads is annoying people.) Yesterday, liquids were allowed -- today they're banned. But at this airport, the TSA is confiscating anything with more than two ounces of aluminum and questioning people carrying Tom Clancy novels.
I'm not even convinced this would be a hardship for the terrorists. I've gotten really good at avoiding lanes with full-body scanners, and presumably the terrorists will simply assume that all security regulations are in force at all times. I'd like to see a cost-benefit analysis of this sort of thing first.
Hawley's concluding paragraph:
In America, any successful attack -- no matter how small -- is likely to lead to a series of public recriminations and witch hunts. But security is a series of trade-offs. We've made it through the 10 years after 9/11 without another attack, something that was not a given. But no security system can be maintained over the long term without public support and cooperation. If Americans are ready to embrace risk, it is time to strike a new balance.
I agree with this. Sadly, I'm not optimistic for change anytime soon. There's one point Hawley makes, but I don't think he makes it strongly enough. He says:
I wanted to reduce the amount of time that officers spent searching for low-risk objects, but politics intervened at every turn. Lighters were untouchable, having been banned by an act of Congress. And despite the radically reduced risk that knives and box cutters presented in the post-9/11 world, allowing them back on board was considered too emotionally charged for the American public.
This is the fundamental political problem of airport security: it's in nobody's self-interest to take a stand for what might appear to be reduced security. Imagine that the TSA management announces a new rule that box cutters are now okay, and that they respond to critics by explaining that the current risks to airplanes don't warrant prohibiting them. Even if they're right, they're open to attacks from political opponents that they're not taking terrorism seriously enough. And if they're wrong, their careers are over.
It's even worse when it's elected officials who have to make the decision. Which congressman is going to jeopardize his political career by standing up and saying that the cigarette lighter ban is stupid and should be repealed? It's all political risk, and no political gain.
We have the same problem with the no-fly list: Congress mandates that the TSA match passengers against these lists. Rolling this back is politically difficult at the best of times, and impossible in today's climate, even if the TSA decided it wanted to do so.
I am very impressed with Hawley's essay. I do wonder where it came from. This wasn't the same argument Hawley made when I debated him last month on the Economist website. This definitely wasn't the same argument he made when I interviewed him in 2007, when he was still head of the TSA. But it's great to read today.
Hopefully, someone is listening. And hopefully, our social climate will change so that these sorts of changes become politically possible.
ETA (4/16): Slashdot thread.
Posted on April 16, 2012 at 12:29 PM
• 48 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
It's interesting that these goobers come around all sensible-like the moment they're out of office and not while they could actually, you know, do something.
It's the same with dope busting, drug hatin' District Attorneys and Chiefs of Police -- the moment they retire, they become all NORML-ized and everything.
Steve, I believe Upton Sinclair explained that ...
That last bit about people loosing jobs if they get unlucky is where having "congressman for life" would actually be a good thing. OTOH I can't think of any other advantage to the arrangement.
Bruce, you know that you'll never get credit from him for addressing the facts back when he was financially obligated to ignore those facts.
But great job anyway!
Now all you need is the various media outlets running this with the "Should Kip have listened to Bruce years ago" headlines.
My suggestion: Have the TSA charge to bring carry on bags through the security checkpoint. There would be no charge for a single bag of modest size, but charges for over-sized or multiple bags. The charges should be more than what the airlines charge to check a bag. This would address the current perverse inventive for passengers to not check their bags.
I can imagine, and like, randomization systems that work. Flag 1 in 20 people using a random source. For example, the person managing the line could have a handheld computer that says, "Let 17 people go by, select the next one, not matter who they are." Pull these people aside to a separate line (to speed things up). Any multi-attacker plan goes way up in risk. Even a single attacker plan now needs to face a 5% chance of getting caught at security; will that be enough to change their calculations? You can "pay for" the extra cost of these screenings by the savings from dropping some of the existing rules. For example, I'm sure many man hours are wasted every day searching luggage when contraband pocket knives and water bottles are discovered.
"...presumably the terrorists will simply assume that all security regulations are in force at all times."
Isn't that the point? To get the benefits of terrorists assuming 100% security coverage while only paying for 5% of it.
Regarding eliminating baggage fees.
Doesn't TSA's screening process raise the pain/cost of travel and make paying bag fees more attractive to the passengers? I'd think the airlines would be happy with blaming TSA for ineffciencies in travel that they might like.
For instance, the document checking doesn't help security, but it all but eliminates the resale values of tickets. Similarly, TSA snooping through your underwear in public make the public more likely to pay for checked baggage.
@Alan: The TSA already charges you to go through security. It is one of the many fees attached to each ticket. Having different lanes for big bags versus normal would also achieve the goal.
I wish the airlines would make more of a fuss over the numerous fees on a ticket. IMHO it will be the only way this whole TSA situation would be resolved. If it was made clear to each and every passenger that they are paying $20 each time they go through security, there would be far more of an incentive to get the current excesses resolved by voters. Currently the fees are given inscrutable names so passengers don't realise what they are actually being used for. Heck maybe there should be a big sign in front of security saying just how much you are paying for it.
So, does this mean we find out tomorrow that Kip Hawley has joined a Washington DC think tank, and has begun lobbying Congress for increased, or re-focused, TSA expenditures, that happily coincide with his funding sources?
Here's an existing technology that can readily detect hydrogen peroxide in the kind of concentrations needed to make a bomb:
"Pour a bit of that on your hand, please"
(silently count to 10)
"Thank you, here's a paper towel to dry your hands with. Enjoy your flight"
If you've ever handled 35% hydrogen peroxide, you know what I'm talking about...
(nevermind that it would be all but impossible to make such a bomb in an airplane bathroom - 99.9% chance of blowing it up around the 'singe off your eyebrows' stage, well before you get anywhere near enough TATP to blow a hole in a plane)
not gonna happen
That's what bureaucracy is for!
He has a book coming out, and to sell more books he has to say his hands were tied, and it was me against the system, read all about it. He's a "fair weather fan" of the TSA. He resigned in 2009 and with no heir-apparent for 16 months... Obviously "auto-pilot" (pun intended) is all the TSA needs.
"Steve at April 16, 2012 1:13 PM" writes It's the same with dope busting, drug hatin' District Attorneys and Chiefs of Police -- the moment they retire, they become all NORML-ized and everything.
That's "LEAP"ed — Law Enforcement Against Prohibition — to be more precise.
This is the fundamental political problem of airport security: it's in nobody's elf-interest to take a stand for what might appear to be reduced security.
This is indeed the fundamental problem of airport security. It's not about security at all, but strictly about political arse-covering for everyone from the President and Congress on down to the legions of bureaucrats at DHS and TSA. Nobody wants to be blamed for even appearing to support something that looks like a reduction of security.
The result is that TSA screening is a continual accumulation of measures, procedures, and rules that are ever more costly, burdensome, and intrusive. Nobody wants to be responsible for removing anything, even if it's been proved ineffective, out of fear that they'll be blamed for it when the next inevitable failure occurs.
For the same reason, the only thing we get out of Congress is a kind of political theatre that parallels the TSA's security theatre. They'll hold hearings where they blast TSA officials with complaints, and issue scathing reports, strictly as a theatrical performance to show they're responding to the many concerns and complaints of their constituents. When the show is over, the TSA officials shrug it all off as part of their job, and go back to business as usual. They know very well that nobody in Congress will seriously propose anything that imposes the oversight and accountability that the TSA so urgently needs. And they know that when it's time to write the budget, Congress will yet again give them the usual blank check to do whatever they want.
I don't know what can be done about the TSA's continuing metastasis. Congress will never do anything. And the public is increasingly recognizing that "resistance is futile," and that if they "want to fly today" they had better act like good docile little sheep when they enter a TSA rights-free zone, and unquestioningly accept whatever intrusive humiliations the TSA decides to inflict.
The worst part is that the TSA's only unquestioned success is in conditioning Americans to accept, and even welcome, the routine surrender of their rights and privacy in the name of security. And I'm sure former FBI deputy director John Pistole regards this conditioning as even more important to "security" than his stated mission of protecting aviation. If he can succeed in making the majority of Americans share his apparent belief that fighting terrorism requires the suspension of once-sacrosanct rights and privacy, he will surely consider that his proudest achievement.
But I don't know what has gotten into Kip Hawley. Maybe he's a victim of identity theft?
Now that I've actually read (and saved) the full essay, I understand what happened to Kip Hawley. It's pretty clear that he decided he has more to gain from joining the ranks of TSA critics than from continuing to defend his indefensible former agency.
He's written a book that will surely make him a lot of money, since the TSA has earned the hatred of so many Americans. He has a lot to gain and nothing to lose from cashing in on criticism from a position of authority. Especially since he fully (and perhaps uniquely) understands that it will only strengthen the TSA.
It's very obvious that the TSA leadership believes that a "poisonous" relationship with the public (i.e., the Enemy) is vital to "security," as they define it. Although Hawley claims that such a relationship is "unsustainable," the TSA's position as the arrogant gatekeeper to a necessary service makes it unstoppable.
Yes, that sounds more like the KGB, Stasi, DINA, Securitate, or SAVAK than an agency of a "free" country. But that's clearly how "security" agencies tend to act in the absence of independent oversight or accountability for complying with constitutional constraints. And the TSA is not merely impervious to criticism, it is accountable only to itself.
elf-interest? Is that a typo, or some kind of clever Harry Potter allusion? :-)
It seems that this article is not behind the paywall at the WSJournal. At least I haven't had any problem accessing it.
Off-topic but it turns out that TOR is about as safe as I thought it was...which is not much.
If this is what the DEA and FBI can do to TOR then what can the like of China and Iran do?
Re: bag fees. Airlines will impose them for a simple, elegant, and correct reason: anything transported requires fuel to do so. Good airlines make as much (or more) money from the cargo they're loading into the hold(s) as they do from their self-loading cargo up top. Each kilogram of bag mass added to the airplane reduces the mass available for profitable cargo.
And, this engineer believes that Alan's approach to randomization is correct, so long as it is COMPLETELY random. (In the immortal words of Neal Stephenson, "mostly random is not good enough!") Why search a little old lady? Because her lovely, innocent, teenage/young adult grandchild may have joined a death cult while she wasn't looking, and slipped something lethal into her handbag for his use aboard.
It's pretty clear that he decided he has more to gain from joining the ranks of TSA critics than from continuing to defend his indefensible former agency...He has a lot to gain and nothing to lose from cashing in on criticism from a position of authority.
Precisely. People in a position of heavy ridicule and hatred, are also in a position of heavy publicity.
Unbelievable, one must now question his true opinion due to the rapid change. Guess most people have a little too much self-respect to play the confidence when they don't have to.
> Hawley's comment confuses me. He
> says that hydrogen-peroxide based
> bombs -- these are the bombs that
> are too dangerous to bring on board
> in 4-oz. bottles, but perfectly fine in
> four 1-oz bottles combined after the
> checkpoints -- can be detected with
> existing scanners, not with new
> scanners using new technology. Does
> anyone know what he's talking about?
Not specifically, but as hydrogen peroxide (in high concentrations, not the 2% solution you buy at the grocery store) is an oxidizer, I would imagine that the bottle sizes are an attempt to limit the quantity of the other material component of the bomb, the primary fuel that would react with the hydrogen peroxide. Perhaps the bomb fuel the TSA fears is an air-sensitive material, so that it could not be readily transferred from one bottle to another on board the plane (because it would react with the atmosphere on contact). Presumably, it would react even more vigorously, perhaps even explosively, with hydrogen peroxide.
The liquid ban is still irrational, mind, for the same reason that MOST of what the TSA does is irrational: the whole TSA paradigm is based on the assumption that a single plane hijacking could be catastrophic at a level comparable to the September 11th attack; but that was only possible because policies and public opinion at the time favored giving hijackers whatever they wanted (for a while). Since it has now been clearly demonstrated that that was a very bad idea, policies and public opinion have shifted toward a much more rational non-cooperation stance, and thus a single hijacking is now dangerous mainly to the people on board. Consequently, extremely unlikely attack profiles, such as a binary liquid explosive, are not worth protecting against. People who need that level of security on an individual basis shouldn't be traveling with the public anyway, because some random stranger could walk up and loop a fine cord around their neck and choke them to death, or bludgeon them with a blunt object, or attack them hand-to-hand, or whatever. For everyone else the risk is too obscure to worry about, as you're several hundred thousand times more likely to be in a fatal automobile accident on your way to the airport.
The TSA *should* be worried about providing just enough security (or security theatre; it hardly matters which) to maximize the number of people who A) feel that it is safe to fly but B) do not avoid flying due to the inconvenience caused by the security measures. Making everyone walk through metal detectors, for example, is good. Making everyone file paperwork for each individual flight six months in advance would be bad.
It is not disclosed, what was the police forces' avenue of attack against these guys. It may not be related to TOR at all. They could have traced their money flows, for one instance.
Offtopic: sorry, could you please fix the source code of this blog post? It breaks RSS aggregators.
This definitely wasn't the same argument he made when I <a href=''http://www.schneier.com/... him</a> in 2007.
These two quotes after href= are really two quotes.
HTML typo fixed. Thanks.
"Upton Sinclair explained that"
Quote? I've read some Sinclair but I'm missing your reference.
> Re: bag fees ... Airlines will impose them for a simple, elegant, and correct reason ... anything transported requires fuel to do so ...
Then they shouldn't charge by the bag, by your logic they should simply have you and your bags step on a scale and charge you by the total weight.
If you're traveling on vacation for two weeks, try doing this without checking a bag.
I avoid checking bags wherever possible not because the airlines charge fees, but because:
- 10% of the time (per one-way flight) my bag doesn't arrive at the same time I do.
- I have often waited more than 30 minutes for my bag.
Until airlines can get baggage handling latency and reliability to reasonable levels I will elect to schlep my own bags.
@bob: I assume the quote llewelly is thinking of is "It is difficult to get a man to understand something, when his salary depends upon his not understanding it."
Never again will a terrorist be able to breach the cockpit simply with a box cutter or a knife. The cockpit doors have been reinforced, and passengers, flight crews and air marshals would intervene.
There are several aircrafts types with the lavatory next to the cockpit with only a thin honeycomb wall separating them both.
What good will a security door that withstand a 9mm round do when you can punch your fist through the wall into the cockpit anyway - without an airmarshal noticing it?
What good will a liquid restriction do when crew are allowed to bring on how many litres liquid in what ever container they want onboard without any control what so ever.
All security work are merely small obstructions if you decide to actually do something.
Jon Lennox, thank you - that is exactly what I was thinking. Hawley is no longer working for the TSA, and I suspect this has freed his mind in some crucial manner.
One would think that a cryptographer would hold the randomizer-idea in higher regard.
In any case, I don't think there's any proof what so ever that making certain peocesses in the screening active at random. For example, airports in Europe have walk-through metal detectors that will randomly select 20% of people passing for pat-downs, no matter if an alarm was triggered or not.
Overall, European airports are more punctual than those in the US...don't think the "randomization" is as catastrophic as BS would like to believe. Maybe because he didn't think of it...? ;)
Luggage: When your luggage is lost or damaged so often, carrying it on makes more sense. Watch how they handle door-checked items sometime. It's horrifying. Hmm, that stroller is blocking the chute. Throw something heavy down to clear it.
When your luggage can take 24 hours or more to arrive after you do, carrying it on makes sense. (Happened to me, with the baby's travel crib.)
When your luggage is a crib for the infant you are traveling with, or your wheelchair, or formal clothing for an interview, or hardware for the install job you are doing, and your visit is short, carrying it on is the only way to go.
Everyone keeps talking about liquid bans and exotic explosives.
At the risk of being paid a visit by the men in brown shoes, I have to ask: Why doesn't anyone ever consider the chemical weapons of WWI?
Why do we only consider weapons that have already been deployed against us?
Relatively small quantities of Clorox will do hellish things to you in an enclosed space. I should know. I use it, cut with water, to kill mold in the basement/bathroom. But that's what? Only 3-6% BEFORE I diluted it? You can buy far worse.
Banning cups/bottles was a real problem. Lack of proper fluid intake when stranded somewhere for hours or days is a real problem. Needing to fill up a water jug after you get through security, that's less of an issue.
... don't think the "randomization" is as catastrophic as BS would like to believe. Maybe because he didn't think of it...?
I don't know if it was Bruce or one of the posters here who suggested it first, what I do remember is most thought it was a good idea...
Initialy it looked like a very good idea, and I for one thought yes this has potential, but then I had a think about how to "game it"...
Like many ideas that are fine in theory, they often tend not to be in practice because of the "hidden assumptions" underlying the theoretical model are not adheared to in practice.
Two such assumptions I noted way back are,
1, Unlimited (or adiquate) test resources.
2, Inanimate test samples.
Firstly the TSA check points don't have unlimited resources, in fact far from it, in most cases they are under resourced to the point that they are effectivly running well above 100% capacity and thus have to "drop" sample rates to just maintain throughput (this is an instant security fail whichever way you look at it).
Thus any small problem causes major tail backs and other issues which can be exploited fairly easily (have a look at "queing/scheduling theory" to see just how badly it can go wrong as you aproach 80% utilisation let alone 100% or above).
Now the second issue arises "inanimate test samples" by definition cannot game the system, they just sit passivly waiiting to be selected or not for testing. This is where "sampaling theory" for GIT (goods inwards test) gets it's magnification factor due to another couple of underlying assuptions,
3, Faults trend
4, Small failure rates are accepptable.
That is in any batch of mechanicaly produced goods they tend to go slowly from good to bad over many samples due to "tool ware". And this "trend" can be spotted fairly easily, thus a simple "test every tenth item" usually suffices to see the trend and reject a batch.
This obviously does not work when it comes to "lone suicide bombers"...
Likewise small failure rates are far from acceptable when it comes to "lone suicide bombers"...
But all the theory goes out of the window because humans are far from inanimate and can decide quite acuratly where they will appear in the que (Bruce has indicated he can already game the system to avoid the body scanners most times).
So a "test every tenth person" stratagem will fail very very badly.
The apparent solution is "randomly select 10% of people". But it likewise is doomed to fail because it cannot be even close to truely random and actually needss to be "tailored" to demand.
That is without unlimited test resources and a major requirment to meet a certain throughput rate for people to actually get to their plane before take off the "random" can be gamed.
Because your sample rate has to change with demand, the lower the demand the higher the sample rate can be and could go to 100% testing. However a sudden surge will put the sample rate right down to maybe 1% or less. Even a small surge could cause testing to be "blocked" simply because the test resources are 100% utilized when a person gets to the head of the line.
Simply standing a little way off and observing what happens when and how will give you plenty of opportunity to work out when to put a small spanner in the works to create a surge. Thus you and a single "clean" accomplice can que at the appropriate distance appart, when they get to the check point they "drop the spanner" and then you being the right distance back in the que are almost gaurenteed not to be searched...
Which is something I've indicated in the past. And various other people have been thinking about it and likewise found defects and it has became clear that for a whole host of reasons random sampaling for testing passengers would end up being fully "gameable" by those who put a bit of thought into it and little or no impediment to those who cann't even be bothered to try...
Now I don't know what method Bruce uses for,
I've gotten really good at avoiding lanes with full-body scanners
And to be honest I hope he does not broadcast it as other frequent flyers no doubt have similar tricks to make traveling less wearisome and it would be a shame to spoil it for them.
However I suspect Bruce has not "realy tried" to do it by the scientific method (Observation, hypothesize, test, rinse and repeate) just a simplistic heuristic based on a gut feeling or simply being "hinky".
The fact is, there is a huge list of items currently banned from airplanes (or that aren't technically banned under the letter of the regulations but are seized/questioned anyway) but which are either essentially zero risk (when it comes to the threat to an airplane) or could be made zero risk with minimal changes to screening (e.g. the extra liquid screening mentioned in the article).
But no-one in power wants to be the one who made the decision to allow these items should it turn out that there is an attack no-one thought of that somehow involves nail clippers or the toy gun from a G.I. Joe.
The people harmed most by the TSA policies are business frequent travelers. 10-20 minutes lost per flight, 20-40 minutes lost per business flight, starts adding up. How much money does this cost a company like Apple?
So my question is, why doesn't Corporate America (ex-defense contractors) band together to fix or replace the TSA? Together their lobbying power outweighs the few who benefit from TSA contracts.
@llewelly / Jon Lennox
Thanks. An interesting point. Self obvious in a way although it doesn't say much for a person's integrity...
The only way to fix TSA is to abolish it. They cannot function well (or at all... if you don't count the security theater "functioning") because they have completely wrong incentives. It is impossible to have a federal agency to do anything other than political arse-covering, bureaucratic fiefdom-building, and channeling funds to politically-connected business.
To bring back sanity to airline security it should be returned to the airlines. They, unlike TSA, have incentives to be both efficient (they don't want to lose multi-million assets, get huge insurance rate raises, and seriously bad reputation in case if some terrorist manages to get through undetected) *and* as unobtrusive as possible (they do have customers to serve, not the cattle which gets no choice - even if you refuse to fly, you 're still taxed for the benefit of the TSA).
Finally... unionized TSA is going to be even worse. The same bottom-of-the-barrel "officers", but now overpaid, and impossible to fire, and thus even more expensive and useless.
I take it from other posters here that "avoiding the body scanners" isn't as simple as choosing the right line, and can't be shared because doing so could cause the method not to work anymore?
I will not submit to the new scanners or more invasive "pat-down" that have come into play since I got my job. After having to consult with our ethics department and my management, my job is in some danger because I must refuse to fly from or to some airports (or in the future, any at all). All I can do for now is try not to get any assignments where I might need to travel. This is what I get for being just a dabbler instead of an actually smart security person :-)
*) Look at the lines. Pick the one with the metal detectors rather than the X-ray machines. (Usually the most successful strategy.)
*) Dress nicely. Skip the torn jeans and T-shirt. Wear slacks, good shoes (that come off easily), a dress shirt, etc. Sad to say, but folks really do treat you quite differently when you dress up.
*) Pay a little extra for business class on SouthWest. That sometimes lets you skip to the head of the line for screening. At the very least, it flags you as a VIP.
*) Chat up a guard or two. They want to practice voice-screening you. Act clueless. Naive. Helpful. You want to be classified as harmless.
*) At all costs, refrain from pointing out how absolutely worthless a job they are really doing or how terribly wrong their thinking is.
*) That's a lot harder than it sounds. At one point security told me they were only worried if the 150+ feet of cat5e cable I was carrying onboard *DIDN'T* have copper wire it in. Quote "It could be an explosive. We think of things like that." Unquote. Yeah, right. I'm going to extrude 150+ feet of LABELED cable, labels printed on the cable that is, and leave out the wire? As opposed to putting 1/8th inch thick sheets of HE on all 6 walls of my luggage? Which one is easier? Which one can't be detected by X-ray? Nevertheless, pointing out these flaws does not move one through their line any faster.
*) When you are a woman, tell them you're pregnant, that you miscarried your last baby, and inquire how safe their X-ray machines really are? Those folks are paranoid about lawsuits.
*) When being felt up, mention that you don't want to risk getting cancer AGAIN! They understand that. It can make the groping go much faster.
*) Wearing disposable footwear, or even just plastic bags with rubber bands over your feet, while your shoes are X-rayed can get you flagged as a hypochondriac. As in don't worry about X-raying Mr. Monk there, he clearly has enough issues already. Plus you don't track through stinky crap, pick it up on your socks, and get it permanently inside your good shoes.
Anyone else want to add to this list?
Yah, CharlieBrown - Have enormous breasts.
Works better if you're female and blonde.
> First, the TSA's mission is to prevent a catastrophic attack on the transportation system
If you put it in absolutes like that you've already lost.
The TSA's mission should be to reduce the risk of a catastrophic attack as much as possible.
Security is always a usabilityrisk trade off. If you accept zero risk (or put that in your mission statement), you'll have low usability and fail to achieve the stated results.
Jon: Not quite.
Wasn't there an incident with the TSA a while back where they were sending attractive women through the X-ray machines multiple times?
On the other hand, showing off my man-boobs does seem to get me through a bit faster. Especially if I offer to jump up and down. ;-)
"reinforcement of cockpit doors"
Did this really make travel safer? How can you tell and what sort of numbers support this?
There are all sorts of things which could potentially make things safer but, to quote a Romulan from DS9, "this is all just theory and speculation"
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.