Evading Airport Security

The news is reporting about Evan Booth, who builds weaponry out of items you can buy after airport security. It’s clever stuff.

It’s not new, though. People have been explaining how to evade airport security for years.

Back in 2006, I—and others—explained how to print your own boarding pass and evade the photo-ID check, a trick that still seems to work. In 2008, I demonstrated carrying two large bottles of liquid through airport security. Here’s a paper about stabbing people with stuff you can take through airport security. And here’s a German video of someone building a bomb out of components he snuck through a full-body scanner. There’s lots more if you start poking around the Internet.

So, what’s the moral here? It’s not like the terrorists don’t know about these tricks. They’re no surprise to the TSA, either. If airport security is so porous, why aren’t there more terrorist attacks? Why aren’t the terrorists using these, and other, techniques to attack planes every month?

I think the answer is simple: airplane terrorism isn’t a big risk. There are very few actual terrorists, and plots are much more difficult to execute than the tactics of the attack itself. It’s the same reason why I don’t care very much about the various TSA mistakes that are regularly reported.

Tags: , , , , ,

Posted on December 4, 2013 at 6:28 AM49 Comments

Comments

Wm December 4, 2013 6:46 AM

I had a job that took me flying about 1 to 3 times a week when all this enhanced security began. As a result of an airline’s ß0mß sniffer detecting an alarm clock I was carrying to be a ß0mß (it had a phosphorus dial), I was put on an internal watch list. I couldn’t fly that airline without going through 3 to 4 searches. I quit that job and haven’t flown since. Won’t be flying ever again in the states.

Luigi Rosa December 4, 2013 6:51 AM

Wonder where he got lithium at the airport.
Batteries are not so easy to get pure lithium from, and there’s the problem of Li reacting with O.
Granted that you can have near-pure Li, make a simil-handgun would be reduntant because you can use the reactivity of Li and water for a (not so) small bomb.

Darren Martyn December 4, 2013 7:00 AM

@Luigi Rosa – Lithium is trivial enough to extract from camera batteries, the non-rechargeable ones contain a fair amount of it in reasonably pure form.

A good writeup on extracting it is here

Honestly though, most of the chap doing those airport-weapon demos are hilariously contrived.

The incendiary bag one made me giggle a bit, as unattended luggage tends to spark an immediate security response.

Karl Koscher December 4, 2013 7:19 AM

My guess is that the TSA only really cares about threats that can take down an entire plane. None of these weapons seem capable of doing that. While they go to great lengths to detect explosives, they seem unprepared for chemical or biological weapons.

Luigi Rosa December 4, 2013 7:35 AM

@Darren Martyn granted that you can easily (with tools that you cannot smuggle past the security checks) disassemble batteries you muste face other problems.
The first is a place where do that without rising attention. Could be a toilet, but there is so much water and you risk to trigger Li reaction if you drop a piece of Li.
Once you have the Li, you must store it. The link talks about kerosene (forget it, and JET-A1 is not an option…), you could buy olive oil to put Li into.
I think that is not as easy as it seems.

h4xx December 4, 2013 8:03 AM

In 2004 while working for an airline a janitor discovered that somebody had dumped a ton of ammunition in the bathroom that was in the departure lounge so post clearance. It was obviously some hunter who forgot he had it and dumped it before getting on the plane but surprising you could get a garbage bag full of ammo past security undeclared.

They freaked and shut down the airport for about an hour then lied about it to the media claiming just regular delays.

Skeptical December 4, 2013 8:23 AM

Just to make two points explicit (I realize that they’re obvious, but think they should be stated):

1 – the risk isn’t simply that of an airplane crash, but also of all the follow-on effects from such an incident. Depending on the nature of the cause, those effects can range from military action to loss of confidence in air travel. In fact follow-on effects from attacks are an integral part of the strategy being followed by AQAP and others.

It may well be that the follow-on effects aren’t entirely rational. But if we only planned for rational responses, the world would be a much more dangerous place.

2 – this point can be slightly misleading, but it’s important: what type of attacker is most likely to make it to a TSA checkpoint, and be categorized for regular screening, without previous identification by intelligence and law enforcement agencies? Is it (a) the well supported, well trained attacker, (b) the well supported, poorly trained attacker, (c) the unsupported, untrained attacker?

Dave December 4, 2013 8:34 AM

Surely the whole point here is that there in no longer any need for the ‘bad guys’ to actually do anything. A simple threat is enough to give the authorities the ‘heebie jeebies’ and throw another layer of ‘security’ over whatever is perceived to be at risk.
Last month 11 cyclists were killed in London by vehicles, in the whole of this year we have had no ‘real’ terrorist deaths (there have been a couple of murders ‘in the name of Islam’, but I don’t consider that to be terrorism, just plain murder). Just imagine the safety improvements that would be possible if the anti-terror budget was transferred to building safe cycle ways.

Michael. December 4, 2013 9:47 AM

Just a heads-up. The comment by “home”, starting “The very next time I read a blog, Hopefully it” is in fact spam. The same comment appears to have been posted on a good many other blogs and sites.

On topic, I agree with Dave about spending money in a better fashion. If more ‘anti-terrorism’ money was spent on bicycle safety (perhaps educating drivers, or putting in clearly delineated bike lanes), then more lives could be saved. Similarly, lives could be saved by simply donating money to the poorest people on the planet (see givewell.org for their suggestion).

If terrorism actually was a problem, we would be seeing bombs go off in malls, buses, and the security lines at airports. If there were people willing to die for the cause, why aren’t there more mass shootings by “terrorists” in the USA (where getting your hands on a gun isn’t exactly difficult I understand)?

But, the ‘anti-terrorism’ crap isn’t about terrorism at all. As our host repeatedly says, terrorism is rare. And as I keep saying, terrorism is a meaningless term. It is an essentially politicised term, which means “an act that the speaker (normally a government official), says is bad”. Fuck the newspeak.

Murder is murder. Simple. But then “terrorism” is also used to mean bombing a pipeline, cutting a telecommunications line, and various other lesser forms of property damage (source, Australian federal law).

Some_Guy_In_A_Diner December 4, 2013 9:55 AM

http://tsaoutofourpants.wordpress.com/

Bottom line, DHS and the TSA has to go. They are worthless organization and are a detriment to airport security. Don’t think about it too much. Get rid of them. Put airport security firmly on the shoulders of the airlines and airports and hold them civilly and criminally responsibility for breaches in security and attacks. You put a executives asses on the line and see how motivated they can be.

Of course our 6% approval rated congress with F@#$ up everything.

jackson December 4, 2013 10:09 AM

Added layers of complexity are more likely to cause problems which in turns causes people to find ways around it. I think you wrote about people disabling stuff thereby defeating the whole purpose. And then if the original problem materializes the people who added the layers of complexity for a reason just reinforce the whole thing by saying “oh see, the problem is those stupid people disabled it and that’s why this happened.”

MS just pushed out IE10 and suddenly I couldn’t enter passwords, anywhere, my email clients, anything. It is apparently caused by Kaspersky and the Safe Money feature. It’s there with the best of intentions, to protect me and anyone else that uses the machine. And it worked fine before. Think MS is going to fix it? No, I had to disable Safe Money and finally quit using IE10. But it’s not just an MS problem. I have had similar breaks with Firefox.

This is exactly like the TSA and airport security, exactly. What if TSA mindlessness ultimately creates a bigger uglier problem than first existed? Bureaucrats will only care about having someone else to blame “see, this happened because people kept going around the system. ” Booth will be the scapegoat.

jones December 4, 2013 10:42 AM

I wonder how long this security theatre would drag on for if politicians and businessmen flying on private jets were subjected to the same scrutiny before boarding, since, after all, a private jet can be hijacked and used as a missile just as well as an airliner. Congress exempted themselves from these screenings.

The further problem is, nobody will stick their necks out and reduce security, because if something does happen — even if carried out by a dope put up to the task by a paid FBI informant — people will want heads to roll.

In the mean time, the FBI is using the TSA watch list as a recruitment tool for paid informants to launch fake attacks to justify the security measures.

But Mr. Schneier’s overarching point is really the significant one — there really aren’t many terrorists out there.

Guns are abundant in the US, but no jihadi shooting sprees. Many airports are on the coast, but nobody sits in boats with a high powered rifle taking potshots at landing planes. Nobody bombs the unguarded high tension powerlines criss-crossing the nation. No terrorists drive cars into crowds. No busses explode. We have nothing like what Israel deals with, nor what went on in the UK with the IRA. It’s all a sham.

Most high-profile terrorism cases have involved people given operational plans and dummy explosives by paid informants. Many are cases of entrapment. There have been acquittals and counter-charges of prosecutorial misconduct — just to fill the headlines.

And what terrorism we do have to deal with is largely the result of our own policy. We overthrew Mohammad Mossadaq for BP, and now Iran is a problem. Saddam Hussein was a CIA asset in the 1980’s. We trained the jihadists in Afghanistan to fight the Soviets. We’re totally in bed with the Saudi’s. And we do nothing about the enormous refugee population we created in Iraq — some 5 million displaced persons, pouring into Syria, Jordan, Egypt… we create recruiting tools for the terrorists overseas, and we instill the misery that makes these people amenable to radicalization.

And we have the same misery here, but nobody talks about it. Suicide bombers in Palestine, suicide shooters in the US. 20,000 murders a year is a war zone, but in America we call this peace.

erica December 4, 2013 10:53 AM

The best way to seize control of an aircraft is to be one or more of the aircrew in the cockpit side of the locked door; and be able to overpower the non-hijacking aircrew.

How long would it take, from scratch, to plant sleepers who are actively and successfully seeking a career in aviation as pilots? And who can get themselves crewed together on a flight with some strategic reason to hijack and destroy?

The odds are low, and you’d perhaps need to have 40+ such sleepers to hope for a success in a decade.

Movie plot, not credible approach for a long-term planner.

But odds could be improved by radicalizing existing aircrew.

NobodySpecial December 4, 2013 11:17 AM

@erica – before the NTSB was separated from the FAA it was an automatic conclusion that any crash by a US manufactured airliner was “pilot error”. Presumably now it will be terrorism if Dreamliner batteries explode in mid-air.

Gur December 4, 2013 11:29 AM

Terrorism can be conceived as the fear of violent action and not the action itself. The actual actions are murder and destruction. The profound changes to our quality of life are the results achieved and realized by terrorists. The bitter loss of privacy and our increasingly authoritarian government are the conquest that the terrorists have won. Terrorists have not assailed us because their previous endeavors are still working. They don’t need to. The media has kept their efforts forefront in everybody’s mind and this is also what they want. If we forget them, they will be back. If we remember them, we pay the price of their winnings. In the immortal words of John F. Kennedy “Let every nation know, whether it wishes us well or ill, that we shall pay any price, bear any burden, meet any hardship, support any friend, oppose any foe to assure the survival and the success of liberty.” But have we?

Anura December 4, 2013 11:31 AM

I figure that as time advances, technology previously considered advanced becomes easier and easier to make at home. I’m sure someone with half-way decent skill could probably build radio-controlled missiles to shoot down airliners on takeoff or landing. TSA too much of a risk for you? Avoid it entirely!

The point is that the role of the TSA isn’t to make us safer, it’s to make us feel less-safe and act as a reminder, every time we go to the airport, that terrorists can kill you at any time. Or something.

Kate Y. December 4, 2013 12:03 PM

Hm. Why is it that I do care about TSA mistakes?— the screener who lets me through with the wrong boarding pass, or my seatmate with Dangerous Scissors in her purse?

Not because they make us less safe (as you point out, the system is already porous at that level).

Rather because they serve to point up just how pointless the whole dance is, and that millions of people are regularly being inconvenienced and/or humiliated to no good purpose. They are the punchline that says “Ha ha, joke’s on you.”

NobodySpecial December 4, 2013 12:11 PM

@Kate Y – you care because you lose your job since you can no longer fly because somebody at the TSA put you on a list.

Perhaps you were rude to them, or filed a complaint about an airline employee, or you are a 3year old with the same name as somebody on Nixon’s list, or refused to cooperate with an undercover investigation.

Chris December 4, 2013 12:14 PM

Do you think that falsifying a boarding pass could be used to gain access to airline lounges? Usually if you travel under certain rate codes, the ticket includes free lounge access.

Does the lounge attendant check the validity of your ticket? Or just verify name on ticket with your ID?

herman December 4, 2013 1:43 PM

The Typhoid Mary Attack:
In the new age of suicide bombers and septic 3rd world cities full of disease ridden desperate people, it would be easy to find an infected person and put her on a plane through a busy hub or two to a large city, spreading disease as she goes.

max December 4, 2013 1:44 PM

Wm: ß0mß sniffer detecting an alarm clock I was carrying to be a ß0mß

What’s with the “ß0mß” thing? Are you afraid to say “bomb”? Or is it now one of those words that we’re not supposed to use? 🙂

Brian M. December 4, 2013 2:18 PM

@Luigi Rosa:
Wonder where he got lithium at the airport.

One of the videos shows him using a small pipe cutter to open up a Lithium AA battery.

The lithium just has to be reactive with water, and build up pressure in a sealed container. However, none of the “devices” Mr. Booth created would be a serious threat. Would they shake people up and cause the plane to land? Yes, I’m sure of that. But none of them would take out the plane. Not like a swallow would, anyways. Especially a swallow laden with a coconut.

Zap or December 4, 2013 3:31 PM

@Chris

Sorry the boarding pass is normally scanned at reception and reconciled with the flight manifest / checked-in list – at least for lounges after security.

Don’t know about lounges land side…

Z.

jon December 4, 2013 4:41 PM

@Erica:
Air crew seizing the plane was the premise of the James Bond novel/movie Thunderball. The pilot of a fighter plane gasses the rest of his crew while on a training/patrol mission with nuclear weapons, and then flies away with them.

Anura December 4, 2013 4:52 PM

There was also the Egypt Air crash in which the copilot deliberately downed the jet in the Ocean (according to the US; the Egyptians say it was mechanical failure).

Bob S. December 4, 2013 4:59 PM

I dunno.

The whole flying-tsa thing has been overdone to a crispy critter.

I don’t fly anymore. I think it’s a betrayal of the Constitution to allow them to abuse us like they do. Its humiliating.

As for threats and weapons and all that: pre 9-11 security, or less, would take care of that because the cockpits are hardened, because the pilots have guns, the on board sky marshal in first class has lots of guns, people know to fight back and so on…I am thinking an attack isn’t as easy as Bruce suggests.

RobS December 4, 2013 5:35 PM

@zap or
Security is clearly way better where the company’s money/reputation is concerned. Hoi-polloi in the lounges – unthinkable.

kingsnake December 4, 2013 7:03 PM

Hoi polloi are already in the lounges. Crying babies, kids running around. Sadly just like 1st/business class these days …

Dirk Praet December 4, 2013 8:38 PM

@ Skeptical

But if we only planned for rational responses, the world would be a much more dangerous place.

Really ? If safety and security were the driver, the rational thing to do would be to allocate budgets to fight the top causes of death instead of squandering billions on airport security theater in the pursuit of the odd and mostly incompetent airplane terrorist. In the US, the top 7 causes of death are: tobacco, medical errors, alcohol abuse, vehicle accidents, suicide, drug abuse and firearm homicide. Since January 1st 2013, these account for an estimated total of 868,565 deaths (Source: http://seggleston.com/1/wp-content/custom/ds_index.php ).

Statistically, Americans are about as likely to be killed by terrorists as by falling furniture, bees, wasps or hornets (Source: http://www.allgov.com/news/top-stories/more-americans-killed-by-bees-and-wasps-or-falling-televisions-than-by-terrorists?news=844603. The fact of the matter has always been that America’s fear of terrorists is totally irrational and induced by government controlled mainstream media and special interest groups. TV series like 24 or Homeland – however good entertainment – are definitely not helping. The resulting rise of the military-surveillance complex since 9/11 is an unparalleled aberration in the history of democracy and the cost at which it comes – both in taxpayer money and erosion of civil liberties – in no single way proportionate to its alleged goal of improving the safety or the security of the nation.

tyco bass December 4, 2013 9:29 PM

@ Dirk Praet

Well said, but you are still accepting the propagandistic term “terrorist,” which needs to be deconsructed.

Mike Anthis December 4, 2013 9:46 PM

1) TSA (says they) do snag weapons from apparently stupid people trying to carry them through security. Some value there.

2) Screening has values beyond detection, and screenings add more than zero security.

3) Layers of security are better than relying on one or two strategies.

I would hate screening if we weren’t forced into it.

When terrorists stop getting 168-hour news coverage for fewer injuries than a bus crash, we can ease up on the screenings. The theatre fits the crime.

Kirk Parker December 4, 2013 10:19 PM

jon @ 4:41pm: Not quite–not a member of the aircrew, but rather a “double” who trained hard to resemble the actual aircrew member who was assassinated.

And thus, not a [fictional] example of a “sleeper agent”.

George December 4, 2013 11:14 PM

I sometimes wonder whether the TSA actually has anything to do with airport security at all.

Its primary goal is that of any bureaucracy: to continually expand its size, power, and funding. The TSA enjoys unique conditions to foster that goal. As a “security” agency, it’s exempt from the oversight and “sunshine” laws that constrain the growth tendencies of ordinary agencies. It also enjoys the secrecy that’s the unique prerogative of Homeland Security agencies. As with mildew and fungus, darkness encourages growth.

It is now completely impervious to any criticism. Since the TSA has defined “security” as synonymous with “intrusiveness” and “inconvenience,” they surely regard criticism as proof of their effectiveness. TSA leadership clearly believes that airport security SHOULD make travelers feel hassled, invaded, or even violated. So complaints about arrogance, rudeness, or even inappropriate actions of “officers” are sweet music to their ears, tangibly demonstrating that they’re doing their job well.

And besides, the TSA is at war with the traveling public. (As there is no way to identify the one-in-a-billion terrorist who stumbles into a checkpoint, treating everyone as the enemy in the War on Terror is the only possible way to fulfill their mission of protecting aviation.) The enemy SHOULD be dazed and confused by the inconsistent application of arbitrary and incomprehensible rules and requirements. The enemy SHOULD approach the checkpoint with the proper apprehension and trepidation.

But beyond that, after a decade the TSA has succeeded in doing only three things. First, they have redefined the right to travel, which formerly was guaranteed in the constitution, as a privilege subject to the unfathomable whims of the TSA. (Yes, in theory they’re not infringing the right to travel, as one could always choose transportation other than flying. But those alternatives are too often impractical, if they exist at all.)

Second, they have conditioned Americans to accept (and even welcome) the increasing invasion of their privacy and even bodily integrity by uniformed “officers.” Full-body scans, patdowns, and intensive searches of belongings once were reserved for prisoners who forfeited their liberty and privacy when they were convicted of crimes. But now they’re routine “security measures” inflicted on citizens who are merely requesting the privilege of travel. And with each new intrusion, there is a brief outcry of pointless protest before it becomes accepted as the “new normal.” American travelers have learned that “resistance is futile.”

And third, the TSA serves as a reminder of 9/11, so we’ll never forget it. It reminds us that we must be continually terrorized by the events of that day that “changed everything.” More generally, it reminds citizens of their patriotic duty to BE AFRAID, so there can be no doubt that “security” officials need to to do whatever they decide is necessary (in secret) to protect us.

In light of the revelations about the NSA’s unconstrained dragnet surveillance, I can only wonder whether conditioning Americans to willingly surrender their privacy and liberty for the nascent police state is the TSA’s real purpose.

Figureitout December 4, 2013 11:54 PM

mind.body
Is the physical correlate to encryption the randomization of your path when you travel?
–Yeah I do embed crypto in my paths of travel, such is the state of mind when agents track you 24/7; it makes the agents stand out light as day too. Thank god I hope it’s finally winding down and will end so they can go terrorize someone else and then people make fun of them for sounding crazy. As has been said a million times (and to save the mod making a post), post this in the squid post since it’s not very relevant to evading airport security. And if the story is news to you then there are serious perception problems to address.

It’s why I’ve stated that OPSEC is overrated when you have this surveillance; more likely than not you’re going to give up your methods that get either stolen or used against you. Drones are flying domestically at night, and satellites could read the date off a nickel in the 1970’s. There are cameras at nearly every intersection, in buildings, street lights; and bluetooth is being burned into every chip which is another radio being used against you.

My funny airport security story? I’ve transported drugs thru it; and I know someone who was not very competent, who beat the system too and got drugs through. I can say this b/c I have nothing to do w/ illegal drugs like that anymore; and to point out that they’re everywhere and it’s a waste of time trying to stop the flow of them. All future companies I may apply to, these types of antics don’t pique my interest anymore so I wouldn’t be a security risk to your company; maybe you’ll appreciate my honesty. Also lighters and knives that I forgot in my backpack, made it thru too. I’ve managed past other checkpoints too, they don’t stop all weapons and in some regards it gives a challenge to people that should be directed in other more constructive and productive areas.–If they’re so creative, why not make a new medical treatment or computing method? Maybe construct a political system that actually works?–I failed at this goal very hard and it still lingers as I have to witness this failure everyday…

NotReallyAnonymous December 5, 2013 12:23 AM

In addition to all this, I believe the relative risk (although still low absolutely) of body cavity bombs is being greatly downplayed publicly to make the TSA seem far more relevant than they actually are.

I’ve got fairly extensive knowledge of general surgery, explosive chemistry, and sensor technology. Here’s a rough scenario well within the reach of any terrorist organization comprised of at least two members with some fairly rudimentary skills in general surgery and chemistry. This is just one of many, many possibilities that seem absolutely overlooked by the TSA. As far as the actual device goes, it could be easily constructed as a pressure-sensitive explosive chain type device. It would plausibly contain a frangible glass capsule filled with ethylene glycol, which would be encased in plastic with potassium permanganate mixed with erythritol tetranitrate, which would in turn be molded with pentaerythritol tetranitrate into a bio-inert non-vapor permeable plastic such as polytetrafluoroethylene. Once assembled, the device would obviously be removed from the area used to manufacture it, and carefully cleaned of explosive traces. The precursors to all these chemicals are not unreasonably difficult to manufacture from hardware store stock with correct specialized knowledge.

Such a device would actually be extremely simple and fairly safe to implant in abdominal fat. The implant procedure could be carried out under local anesthesia with minimal infectious disease precautions. The technique after prep with lidocaine injection and site disinfection would be to dissect the skin with a modified chevon incision and then dissect a small pocket of the abdominal fat on the rectus abdominis, removing the volume corresponding to the device size. Then the device would be anchored to the rectus abdominis and surrounding fat with interrupted polypropylene sutures, and the site closed with same. The “patient” would be given a short course of a broad spectrum antibiotic like ciprofloxacin as a prophylaxis against infection. The patient would be fully mobile within a couple weeks.

Activating the device would be as simple as applying enough trauma to the abdomen to rupture the inner glass capsule. This would initiate the explosive chain by creating a hypergolic reaction between the ethylene glycol and potassium permanganate, which in turn would set off the heat-sensitive erythritol tetranitrate primary explosive, in turn setting off the more powerful pentaerythritol tetranitrate secondary explosive.

A smaller yield device could be secreted anally and require no medical background to handle; while at the cost of a much more complex surgical procedure something as radical as an 80% liver resection could be used to conceal a very large device for a short time.

And the TSA has absolutely no defense against it as long as people can opt out of full-body scanners. There is no way I’m currently aware of to detect such a device at standoff distances, either.

From reading all this, you’ve probably guessed I’m smarter than the average bear, but if I can dream this up in 20 minutes, you’ve got to question how implausible it is for a halfway competent group with the exterior position. As Bruce has pointed out before, the two real reasons we don’t get attacked is almost no one actually wants to, and the few that do are overwhelmingly stupid.

Even though I’m submitting this comment over Tor on a VPN, I’m nearly certain I’ll be getting a little extra attention from the NSA thanks to semantic clustering linking it to known works of mine, on top of my current red-hot profile as a male “loner” with narcissistic traits who knows a little too much about chemistry and cryptography for “National Security” purposes. At least I’m an Atheist.

Figureitout December 5, 2013 1:04 AM

NotReallyAnonymous
–Hmm, interesting. At least you are aware of the tech-industry’s failures; you probably have embedded malware waiting to get activated or have already been compromised from “trying to live a normal life” and using your computer to do something besides computer security. I’ve physically witnessed cables be physically compromised and I’ve actually seen where some are and could dig them up and at the very least deny service; more likely than not, your connection has been flagged and if not broken w/ a flaw, stored to be cracked, maybe they have the address too so now an easy target.

If people are so evil as to have explosives implanted in their fat or their anus, then maybe we should die. At least that person gets his/her guts blown everywhere.

NotReallyAnonymous December 5, 2013 4:06 AM

Figureitout,

I was actually commenting directly on automated semantic analysis by the NSA, the same reason Snowden didn’t let much of his typed material out before going public. The Center for Advanced Study of Language is openly researching semantic analysis, no doubt for datamining things like my previous post. Most of the semantic content in my previous post has a very low conditional probability in the English language given its fairly technical content, and combing that with rudimentary automated writing style analysis will link it to discussions on related topics I’ve had without intentionally obfuscating my identity given sufficient computational power. I’ve never made a similar post before, but I’ve used most of the same terms in documents directly attributable to me.

As a few examples, terms like “smaller yield device”, “erythritol tetranitrate”, “ciprofloxacin as a prophylaxis”, “cryptography” and “exterior position” would be extremely rare to find in use by the same person, combined with my predilection for long sentences make for an extreme reduction in information entropy of my identity.

I’ve done a lot of work with parallel computing and AI, and I’m acutely aware of how powerful deep learning is given enough computational power. The thing is, the NSA is years ahead of the enterprise market on hardware design, and hasn’t failed Moore’s law yet. A lot of these algorithms also face nearly no performance constraint from Amdahl’s law, and can be parallelized almost indefinitely.

As far as my connection, I don’t even have my own connection any more. I don’t have a cell phone, I don’t have my own utilities, I don’t use social network, etc. You are 100% correct about how easy it is to compromise infrastructure in many cases.

I might seem a bit (or a lot) nutty now, but wait for the full extent of what the NSA has been up to the last few years to come out. We’re past the tip of the iceberg, but there is a lot left looming in the depths of SCI for more brave souls to leak. To paraphrase Hank Hill, I’ve seen some shit, and some shit accessories.

I’ll just say we all pretty high value targets for them in comparison to Joe Bloggs watching Monday Night Football.

Autolykos December 5, 2013 5:16 AM

@NotReallyAnonymous: Sorry to rain on your paranoia parade, but you’re probably not nearly as interesting as you think you are. Loners with more knowledge about chemistry, electronics and cryptography than they need for their jobs are quite common. They’re usually referred to as “Nerds”. Welcome to the club!

Skeptical December 5, 2013 7:42 AM

NotReally,

I doubt that the concept of surgically implanted improvised explosive devices is news to the TSA or anyone else involved in security or anti/counter-terrorism. Though the device you described, for multiple reasons, is unlikely to be successful.

Dirk,

Let me give an example of why the statistics you’re quoting are misleading.

Americans travel roughly twice as many miles by motor vehicle as they do by commercial aircraft (about 2.2 trillion miles to 1.1 trillion miles).

There were about 36,000 fatalities caused by motor vehicle accidents last year.

If 18,000 fatalities resulted every year from commercial air travel, then motor vehicle and air travel would be of roughly the same risk for a traveler.

Can you imagine what would happen to air travel in the US if 18,000 people died in airplane crashes this year?

So we can’t plan simply on the basis of the statistics you mention.

More importantly though, and this would apply to many of the arguments I’ve seen in the comments thread, anti-terrorism and counter-terrorism measures are justified largely in prospective terms. That is, their justification is not that current terrorism fatalities merit the resources, but rather that what would happen if we did not have anti-terrorist and counter-terrorist programs merits the resources.

So the references to current statistics on terrorism fatalities completely miss the point.

It would be analogous to a claim that hey, last year you were more likely to be killed by a vending machine than by a commercial airplane crash, so we should shut down all those FAA programs and regulations designed to ensure air safety.

And the prospective question is the hard question. It’s also part of the reason why terrorist attacks can have such broad impact, even though on the basis of current statistics they are rarely encountered by the average person.

Now, it may well be that the best answer to the prospective question means that we should spend less on measures to defeat or prevent terrorist attacks. But it’s a tough argument due to the murkiness of the data and the uncertainty inherent in using such data to predict different possible futures, and it’s not going to be able to rely on current statistics about terrorism related fatalities.

There’s also simply the fact that human beings, for whatever reason, tend to be more affected and concerned about harms intentionally done to them by other human beings. It’s probably related to the manner in which human beings evolved, and it’s unlikely to be something that you can avoid in assessing the likely impact of a terrorist attack.

Figureitout December 5, 2013 11:45 AM

NotReallyAnonymous
–Yeah, that can be defeated w/ tiny posts; I’ve changed up writing style sometimes too. Impressive you don’t use a cell phone, I still do, location data for the phone company but no serious computations taking place. Still got attacked at a deeper level so it’s nice to know if you rely on a cell phone for survival someone can kill you.

Only people who’ve seen this will look crazy (there are already other data collected that can basically give your living situation to a bureaucrat), and if you going to the extent not having your own utilities, then they’re coming for you man…You cannot trust any new people you meet that just “present themselves”; so it’s a pretty hellish existence. I would try and keep your knowledge secret and lead them on a wild goose chase to a derp-mine; that’ll make them happy (b/c they live like spies in movies).

I’m done w/ the cloak and dagger though and just want to make my own computer w/o having to act like some bad TV show.

Since they can’t even say how much of our money they waste, I decided to try and test just how good they are. Apparently that made them a little angry, and they continued the antics for years; like an overly-attached psycho girlfriend. My conclusion: either the B-team was sic’d on me or they won’t catch competent terrorists. Either way, gov’t agents are increasing becoming the only people capable of developing and launching terrorists attacks.

Welcome to the club!
Autolykos
–Hey now! We don’t have to be loners…some are just better talkers than others. 🙂

Dirk Praet December 5, 2013 6:07 PM

@ Skeptical

Let me give an example of why the statistics you’re quoting are misleading.

No, they aren’t. A statistic is misleading when a person decides to cross a river based on nothing more than the information that it has an average depth of half a meter, and then drowns at a spot with a heavy current where it is 4. Hard facts however are just hard facts, as in a total of 33 persons that have died from terrorism in the US since 9/11, and about 5,000 killed by police. If from these data I’m drawing the conclusion that the police represents a far bigger danger to the US public than terrorists, than you have a case where it can be argued that the interpretation of the statistical data may be a bit misleading.

In fact, the only misleading figures we have seen so far on the issue are those from the NSA where they initially claimed that their surveillance had thwarted about 50 terrorist plots, then a while later were corrected by General Alexander to “1, maybe 2”.

That is, their justification is not that current terrorism fatalities merit the resources, but rather that what would happen if we did not have anti-terrorist and counter-terrorist programs merits the resources.

Ah, the Elephant Powder-argument. One day, a farmer asks his colleague from the farm next door what the strange pink powder is he is spreading on his fields every day. Says the other farmer: “It’s to keep elephants away.” The man replies baffled: “But there are no elephants here!”. Says the other guy: “Really great powder, isn’t it ?”.

Based on the facts and data we have on terrorism today, this argument has no rational or scientific basis whatsoever, but is rooted in paranoia and irrational fear only. Even top NSA officials and politicians – at least those with half a brain – don’t go there, and for lack of a better justification of program results, DNI Clapper recently reverted to the pretty novel metric of “peace of mind” as measurement of success.

There’s also simply the fact that human beings, for whatever reason, tend to be more affected and concerned about harms intentionally done to them by other human beings.

I’m no expert in behavioural science, but then why aren’t Americans just as paranoid about mass shootings as they are about terrorism ? The explanation is simple and of a purely political nature: governments, politicians and their cronies do not give a damn about how many people suffer and die as long as it does not affect the balance of power.

As this is exactly what terrorism does or pursues, even a small group of largely incompetent terrorists will be perceived as a serious threat which needs to be eradicated by all means necessary, and at whatever cost. Bringing the general public to follow the party line for such cases is pretty much straightforward as per Hermann Goering’s legendary advice on the issue. As an upside to the problem, the process can be used to further consolidate and increase power and control over society. It’s nothing new, and has been done countless times in the course of history. Just replace terrorism by treason, heresy or communism, and Google for it.

blounttruth December 6, 2013 9:13 AM

The fact remains that more people die in their bath tub via drowning then are even witness to a terrorist attack, yet we do not allow our government to defraud the tax payers out of billions of dollars with safety devices for the tub. I guess all it would take is for the media to start harping on the dangers in the tub to get the sheep ready to sacrifice their first born to get the new auto drain system installed. It only took 9/11 for the sheep to forget why they had a constitution, and then abruptly allowed it to become irrelevant. It is true that people deserve the government they have…

Random832 December 6, 2013 11:45 AM

I don’t think the boarding pass check is really meant as a security measure, directly, anyway – its main effect is to keep traffic through the checkpoint (and the terminal) down by forbidding people from even trying to meet their families at the gate, which still works if a handful of people find a way around it.

Skeptical December 7, 2013 8:05 AM

Dirk,

I think we’re in danger of veering into an argument over the semantics of “misleading.” Let’s focus on the substance.

As to the argument that anti/counter terrorism resources are justified by prospective risk, you write:

Based on the facts and data we have on terrorism today, this argument has no rational or scientific basis whatsoever, but is rooted in paranoia and irrational fear only.

This argument is bizarre. There have been numerous terrorist plots that have failed because of luck (the attempt to detonate a device on NWA Flight 249) or detection (Najibullah Zazi, who planned on bombing a crowded stretch of the NYC subway system during rush hour). There have been terrorist plots that have succeeded (Nidal Hasan, the bombing of the Boston Marathon). And that’s simply a handful of examples from the United States. To suppose that there would be more successful terrorist attacks if resources were not devoted to deterring and preventing them is as rational as supposing that there would be more airplane crashes if the FAA were not in existence.

As technology continues to magnify the ability of small numbers of individuals to cause destruction, as opportunities for the radicalization of individuals grow, as various locations within the United States remain tempting targets, and as various organizations hostile the US continue to show an interest in using terrorism (or the threat) as an asymmetric strategy to counter US conventional warfare dominance, it’s unlikely that terrorist attempts will abate, or that such individuals will stop seeking means of causing catastrophic events.

Now, as I’ve said before, it’s very hard to predict the ebb and flow of terrorist attempts from the data. Much of this is shrouded in uncertainty. I think there’s space for reasonable disagreement as to exactly how much to spend on anti/counter terrorism, and where to spend it. But, there’s no question that the desire, and judgment, to spend substantial resources on that mission is neither paranoid nor irrational given the facts above.

You’re certainly free to disagree with it, but as this is indeed a judgment call, it may be worthwhile to take into account that the perception of those who identify as Americans, who watched thousands of other Americans die, who are still enemy #1 for far too many assholes with ideological hard-ons, may be reasonable in coming to a different decision than you would.

Mind you, this very broad question doesn’t determine how one’s view the NSA’s programs. One can agree that it’s reasonable to spend substantial resources deterring and preventing terrorism, while disagreeing that some of the NSA’s programs are worth the cost.

Dirk Praet December 8, 2013 5:41 PM

@ Skeptical

Now, as I’ve said before, it’s very hard to predict the ebb and flow of terrorist attempts from the data. Much of this is shrouded in uncertainty.

No, it isn’t, and all available data and statistics point to the contrary. Just Google terrorism statistics USA. Unless you buy into the totally unsubstantiated myth that there are gazillions of well-organised, well-funded and well-trained terrorists out there willing and able to strike the US with deadly force at any time, the reality is that terrorism is very rare and that you’re more likely to die from almost anything else than from a terrorist attack. In fact, even with the countless enemies US foreign policy has created over the years, North America still suffers far fewer terrorist attacks than any other region in the world (except for Russia).

Just like everything else security-related, it is impossible to achieve a 100% success rate in thwarting plots. No program or measure was able to prevent the Boston Marathon bombing or the Kenya mall attack. That is not to say that we don’t need reliable intelligence, security and counter-terrorism operations. But from where I’m sitting, the TSA security theatre and the massive IC surveillance dragnet all in the name of terrorism were and still are a totally disproportionate reaction to 9/11 with more than questionable results in terms of making the nation significantly safer, especially in view of the related costs.

Skeptical December 9, 2013 12:53 PM

Dirk,

We both agree that one is incredibly unlikely to die from a terrorist attack.

We differ in what you and what I would think to be significant. In your view, we can measure the significance of the threat of terrorist attacks simply by looking at the number of deaths/injuries caused by terrorism. If it’s incredibly unlikely for an individual to be killed or injured by a terrorist attack, then the terrorist threat is not very serious.

But in my view, any terrorist attack resulting in, or attempting to result in, mass casualties is highly significant. This significance is not in linear proportion to its statistical effect upon the probability of a randomly selected individual dying.

And that was part of my point in comparing commercial air fatality stats to motor vehicle fatality stats. Society is willing to accept a much higher rate of fatalities per mile traveled from motor vehicles than it is from commercial air travel. There may or may not be a rational explanation for this difference; but regardless, that’s the way it is. And so we have to take that into account when allocating resources.

In other words, someone may be willing to accept a much higher risk of randomly dying in a motor vehicle accident than he would be willing to accept a much lower risk of dying in a terrorist attack targeting his commuter train or his airplane. I think that this has much to do with the way human beings tend to experience intentionally inflicted harm versus non-human-caused harm. It also may be tied into the sense of collective identity human beings form (terrorist attacks are attacks by outsiders on one’s tribe).

As to the specific measures taken by the TSA, one must understand that the TSA must focus on a broad spectrum of types of attacks while at the same time remaining highly sensitive to efficiency. Some measures may do well at stopping less skilled attempts at attacks, but can be evaded. That doesn’t make the measures useless, as you do want to stop low-skilled attempts (some of which may be impulsive); and there may be advantages to forcing higher-skilled evasions in a particular direction, though I’d expect those advantages to not be publicly discussed by the TSA.

Mike Hamburg December 10, 2013 12:41 AM

These are clever, but they don’t actually show a weakness in TSA’s security.

The TSA wants to prevent attacks which have a non-negligible chance of either taking over a plane, knocking it out of the sky, or killing many of the passengers. These improvised weapons wouldn’t do any of those things. Axe Body Spray is not the same as Semtex. I suspect without proof that their weakest point would be chemical or biological weapons.

Perhaps a secondary goal is to prevent the nastiness that would follow a knife-fight between a couple of assholes at 30,000 feet. But these weapons aren’t really in that category either. A broken beer bottle would be much more dangerous than a blunderbuss that takes 10 seconds to fire.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.