An Easy Path for Terrorists

By Bruce Schneier
Boston Globe
August 24, 2004

If you fly out of Logan Airport and don't want to take off your shoes for the security screeners and get your bags opened up, pay attention. The US government is testing its "Trusted Traveler" program, and Logan is the fourth test airport. Currently, only American Airlines frequent fliers are eligible, but if all goes well the program will be opened up to more people and more airports.

Participants provide their name, address, phone number, and birth date, a set of fingerprints, and a retinal scan. That information is matched against law enforcement and intelligence databases. If the applicant is not on any terrorist watch list and is otherwise an upstanding citizen, he gets a card that allows him access to a special security lane. The lane doesn't bypass the metal detector or X-ray machine for carry-on bags, but it bypasses more intensive secondary screening unless there's an alarm of some kind.

Unfortunately, this program won't make us more secure. Some terrorists will be able to get Trusted Traveler cards, and they'll know in advance that they'll be subjected to less stringent security.

Since 9/11, airport security has been subjecting people to special screening -- sometimes randomly and sometimes based on profile criteria as analyzed by computer. For example, people who buy one-way tickets or pay with cash are more likely to be flagged for this extra screening.

Sometimes the results are bizarre. Screeners have searched children and people in wheelchairs. In 2002, Al Gore was randomly stopped and searched twice in one week. And last week Senator Edward Kennedy told about being flagged and denied boarding because the computer decided he was on some "no fly" list.

Why waste precious time making Grandma Lillie from Worcester empty her purse when you can search the carry-on items of Anwar, a 26-year-old who arrived last month from Egypt and is traveling without luggage?

The reason is security. Imagine you're a terrorist plotter with half a dozen potential terrorists at your disposal. They all apply for a card, and three get one. Guess which are going on the mission? And they'll buy round-trip tickets with credit cards and have a "normal" amount of luggage with them.

What the Trusted Traveler program does is create two different access paths into the airport: high security and low security. The intent is that only good guys will take the low-security path, and the bad guys will be forced to take the high-security path, but it rarely works out that way. You have to assume that the bad guys will find a way to take the low-security path.

The Trusted Traveler program is based on the dangerous myth that terrorists match a particular profile and that we can somehow pick terrorists out of a crowd if we only can identify everyone. That's simply not true. Most of the 9/11 terrorists were unknown and not on any watch list. Timothy McVeigh was an upstanding US citizen before he blew up the Oklahoma City Federal Building. Palestinian suicide bombers in Israel are normal, nondescript people. Intelligence reports indicate that Al Qaeda is recruiting non-Arab terrorists for US operations.

Airport security is best served by intelligent guards watching for suspicious behavior, not dumb guards blindly following the results of a Trusted Traveler program.

Moreover, there's no need for the program. Frequent fliers and first-class travelers already have access to special lanes that bypass long lines at security checkpoints, and the computers never seem to flag them for special screening. And even the long lines aren't very long. I've flown out of Logan repeatedly, and I've never had to wait more than 10 minutes at security. The people who could use the card don't need one, and infrequent travelers are unlikely to take the trouble or pay the fee to get one.

As counterintuitive as it may seem, it's smarter security to screen people randomly than it is to screen solely based on profile. And it's smarter still to do a little bit of both: random screening and profile-based screening. But to create a low-security path, one that guarantees someone on it less rigorous screening, is to invite the bad guys to use that path.

earlier essay: Cryptanalysis of MD5 and SHA: Time for a New Standard
later essay: U.S. "No-Fly" List Curtails Liberties
categories: Airline Travel, Terrorism, Trust
back to Essays and Op Eds

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..