Essays in the Category “Airline Travel”

Could Your Plane Be Hacked?

  • Bruce Schneier
  • CNN
  • April 16, 2015

Imagine this: A terrorist hacks into a commercial airplane from the ground, takes over the controls from the pilots and flies the plane into the ground. It sounds like the plot of some "Die Hard" reboot, but it's actually one of the possible scenarios outlined in a new Government Accountability Office report on security vulnerabilities in modern airplanes.

It's certainly possible, but in the scheme of Internet risks I worry about, it's not very high. I'm more worried about the more pedestrian attacks against more common Internet-connected devices.

Read More →

Unsafe Security: A Sociologist Aptly Analyzes our Failures in Top-Down Protection

  • Bruce Schneier
  • Reason
  • January 2013

Against Security: How We Go Wrong at Airports, Subways, and Other Sites of Ambiguous Danger, by Harvey Molotch, Princeton University Press, 278 pages, $35.

Security is both a feeling and a reality, and the two are different things. People can feel secure when they’re actually not, and they can be secure even when they believe otherwise.

This discord explains much of what passes for our national discourse on security policy.

Read More →

To Profile or Not to Profile? (Part 2)

A Debate between Sam Harris and Bruce Schneier

  • Sam Harris and Bruce Schneier
  • Sam Harris's Blog
  • May 25, 2012

Return to Part 1

A profile that encompasses "anyone who could conceivably be Muslim" needs to include almost everyone. Anything less and you're missing known Muslim airplane terrorist wannabes.

SH:It includes a lot of people, but I wouldn't say almost everyone. In fact, I just flew out of San Jose this morning and witnessed a performance of security theater so masochistic and absurd that, given our ongoing discussion, it seemed too good to be true.

Read More →

To Profile or Not to Profile? (Part 1)

A Debate between Sam Harris and Bruce Schneier

  • Sam Harris and Bruce Schneier
  • Sam Harris's Blog
  • May 25, 2012
Introduction by Sam Harris

I recently wrote two articles in defense of "profiling" in the context of airline security (1 & 2), arguing that the TSA should stop doing secondary screenings of people who stand no reasonable chance of being Muslim jihadists. I knew this proposal would be controversial, but I seriously underestimated how inflamed the response would be. Had I worked for a newspaper or a university, I could well have lost my job over it.

One thing that united many of my critics was their admiration for Bruce Schneier.

Read More →

The Trouble with Airport Profiling

  • Bruce Schneier
  • Forbes
  • May 9, 2012

Why do otherwise rational people think it's a good idea to profile people at airports? Recently, neuroscientist and best-selling author Sam Harris related a story of an elderly couple being given the twice-over by the TSA, pointed out how these two were obviously not a threat, and recommended that the TSA focus on the actual threat: "Muslims, or anyone who looks like he or she could conceivably be Muslim."

This is a bad idea. It doesn’t make us any safer -- and it actually puts us all at risk.

The right way to look at security is in terms of cost-benefit trade-offs.

Read More →

Economist Debates: Airport Security

  • Bruce Schneier
  • The Economist
  • March 20, 2012

These essays are part of a debate with Kip Hawley, the former Administrator of the TSA. For the full debate, see The Economist's website.

German translation

Opening Remarks

Let us start with the obvious: in the entire decade or so of airport security since the attacks on America on September 11th 2001, the Transportation Security Administration (TSA) has not foiled a single terrorist plot or caught a single terrorist. Its own "Top 10 Good Catches of 2011" does not have a single terrorist on the list. The "good catches" are forbidden items carried by mostly forgetful, and entirely innocent, people -- the sorts of guns and knives that would have been just as easily caught by pre-9/11 screening procedures.

Read More →

Why the TSA Can't Back Down

  • Bruce Schneier
  • The Atlantic
  • December 2, 2010

Organizers of National Opt Out Day, the Wednesday before Thanksgiving when air travelers were urged to opt out of the full-body scanners at security checkpoints and instead submit to full-body patdowns -- were outfoxed by the TSA. The government pre-empted the protest by turning off the machines in most airports during the Thanksgiving weekend. Everyone went through the metal detectors, just as before.

Now that Thanksgiving is over, the machines are back on and the "enhanced" pat-downs have resumed.

Read More →

A Waste of Money and Time

  • Bruce Schneier
  • New York Times Room for Debate
  • November 23, 2010

A short history of airport security: We screen for guns and bombs, so the terrorists use box cutters. We confiscate box cutters and corkscrews, so they put explosives in their sneakers. We screen footwear, so they try to use liquids. We confiscate liquids, so they put PETN bombs in their underwear.

Read More →

Our Reaction Is the Real Security Failure

  • Bruce Schneier
  • AOL News
  • January 7, 2010

In the headlong rush to "fix" security after the Underwear Bomber's unsuccessful Christmas Day attack, there's far too little discussion about what worked and what didn't, and what will and will not make us safer in the future.

The security checkpoints worked. Because we screen for obvious bombs, Umar Farouk Abdulmutallab -- or, more precisely, whoever built the bomb -- had to construct a far less reliable bomb than he would have otherwise. Instead of using a timer or a plunger or a reliable detonation mechanism, as would any commercial user of PETN, he had to resort to an ad hoc and much more inefficient homebrew mechanism: one involving a syringe and 20 minutes in the lavatory and we don't know exactly what else.

Read More →

Stop the Panic on Air Security

  • Bruce Schneier
  • CNN
  • January 7, 2010

The Underwear Bomber failed. And our reaction to the failed plot is failing as well, by focusing on the specifics of this made-for-a-movie plot rather than the broad threat. While our reaction is predictable, it's not going to make us safer.

We're going to beef up airport security, because Umar Farouk AbdulMutallab allegedly snuck a bomb through a security checkpoint.

Read More →

Fixing a Security Problem Isn't Always the Right Answer

  • Bruce Schneier
  • Threatpost
  • January 5, 2010

An unidentified man breached airport security at Newark Airport on Sunday, walking into the secured area through the exit, prompting an evacuation of a terminal and flight delays that continued into the next day. This problem isn't common, but it happens regularly. The result is always the same, and it's not obvious that fixing the problem is the right solution.

This kind of security breach is inevitable, simply because human guards are not perfect. 

Read More →

Profiling Makes Us Less Safe

  • Bruce Schneier
  • New York Times Room for Debate
  • January 4, 2010

There are two kinds of profiling. There's behavioral profiling based on how someone acts, and there's automatic profiling based on name, nationality, method of ticket purchase, and so on. The first one can be effective, but is very hard to do right. The second one makes us all less safe.

Read More →

Is Aviation Security Mostly for Show?

  • Bruce Schneier
  • CNN
  • December 29, 2009

Last week's attempted terror attack on an airplane heading from Amsterdam to Detroit has given rise to a bunch of familiar questions.

How did the explosives get past security screening? What steps could be taken to avert similar attacks? Why wasn't there an air marshal on the flight?

Read More →

Protect Your Laptop Data From Everyone, Even Yourself

  • Bruce Schneier
  • Wired
  • July 15, 2009

Last year, I wrote about the increasing propensity for governments, including the U.S. and Great Britain, to search the contents of people's laptops at customs. What we know is still based on anecdote, as no country has clarified the rules about what their customs officers are and are not allowed to do, and what rights people have.

Companies and individuals have dealt with this problem in several ways, from keeping sensitive data off laptops traveling internationally, to storing the data -- encrypted, of course -- on websites and then downloading it at the destination.

Read More →

Clear Common Sense for Takeoff: How the TSA Can Make Airport Security Work for Passengers Again

  • Bruce Schneier
  • New York Daily News
  • June 24, 2009

It's been months since the Transportation Security Administration has had a permanent director. If, during the job interview (no, I didn't get one), President Obama asked me how I'd fix airport security in one sentence, I would reply: "Get rid of the photo ID check, and return passenger screening to pre-9/11 levels."

Okay, that's a joke. While showing ID, taking your shoes off and throwing away your water bottles isn't making us much safer, I don't expect the Obama administration to roll back those security measures anytime soon. Airport security is more about CYA than anything else: defending against what the terrorists did last time.

Read More →

Time to Show Bottle and Tackle the Real Issues

  • Bruce Schneier
  • The Guardian
  • October 23, 2008

This essay also appeared in the Taipei Times.

Airport security found a bottle of saline in my luggage at Heathrow Airport last month. It was a 4oz bottle, slightly above the 100 ml limit. Airport security in the United States lets me through with it all the time, but UK security was stricter.

Read More →

Airport Pasta-Sauce Interdiction Considered Harmful

  • Bruce Schneier
  • Wired
  • September 18, 2008

Airport security found a jar of pasta sauce in my luggage last month. It was a 6-ounce jar, above the limit; the official confiscated it, because allowing it on the airplane with me would have been too dangerous. And to demonstrate how dangerous he really thought that jar was, he blithely tossed it in a nearby bin of similar liquid bottles and sent me on my way.

There are two classes of contraband at airport security checkpoints: the class that will get you in trouble if you try to bring it on an airplane, and the class that will cheerily be taken away from you if you try to bring it on an airplane.

Read More →

A Fetishistic Approach to Security Is a Perverse Way to Keep Us Safe

  • Bruce Schneier
  • The Guardian
  • September 4, 2008

We spend far more effort defending our countries against specific movie-plot threats, rather than the real, broad threats. In the US during the months after the 9/11 attacks, we feared terrorists with scuba gear, terrorists with crop dusters and terrorists contaminating our milk supply. Both the UK and the US fear terrorists with small bottles of liquid. Our imaginations run wild with vivid specific threats.

Read More →

The TSA's Useless Photo ID Rules

No-fly lists and photo IDs are supposed to help protect the flying public from terrorists. Except that they don't work.

  • Bruce Schneier
  • Los Angeles Times
  • August 28, 2008

The TSA is tightening its photo ID rules at airport security. Previously, people with expired IDs or who claimed to have lost their IDs were subjected to secondary screening. Then the Transportation Security Administration realized that meant someone on the government's no-fly list -- the list that is supposed to keep our planes safe from terrorists -- could just fly with no ID.

Read More →

Life in the Fast Lane

  • Bruce Schneier
  • The New York Times
  • January 21, 2007

CLEAR, a private service that prescreens travelers for a $100 annual fee, has come to Kennedy International Airport. To benefit from the Clear Registered Traveler program, which is run by Verified Identity Pass, a person must fill out an application, let the service capture his fingerprints and iris pattern and present two forms of identification. If the traveler passes a federal background check, he will be given a card that allows him to pass quickly through airport security.

Sounds great, but it's actually two ideas rolled into one: one clever and one very stupid.

Read More →

The Boarding Pass Brouhaha

  • Bruce Schneier
  • Wired
  • November 2, 2006

Last week Christopher Soghoian created a Fake Boarding Pass Generator website, allowing anyone to create a fake Northwest Airlines boarding pass: any name, airport, date, flight.

This action got him visited by the FBI, who later came back, smashed open his front door, and seized his computers and other belongings. It resulted in calls for his arrest -- the most visible by Rep. Edward Markey (D-Massachusetts) -- who has since recanted. And it's gotten him more publicity than he ever dreamed of.

Read More →

Why Everyone Must Be Screened

  • Bruce Schneier
  • Wired
  • October 5, 2006

Danish translation

Why should we waste time at airport security, screening people with U.S. government security clearances? This perfectly reasonable question was asked recently by Robert Poole, director of transportation studies at The Reason Foundation, as he and I were interviewed by WOSU Radio in Ohio.

Poole argued that people with government security clearances, people who are entrusted with U.S.

Read More →

Let Computers Screen Air Baggage

  • Bruce Schneier
  • Wired
  • March 23, 2006

Danish translation

It seems like every time someone tests airport security, airport security fails. In tests between November 2001 and February 2002, screeners missed 70 percent of knives, 30 percent of guns and 60 percent of (fake) bombs. And recently, testers were able to smuggle bomb-making parts through airport security in 21 of 21 attempts. It makes you wonder why we're all putting our laptops in a separate bin and taking off our shoes.

Read More →

Airline Security a Waste of Cash

  • Bruce Schneier
  • Wired
  • December 1, 2005

Danish translation

Since 9/11, our nation has been obsessed with air-travel security. Terrorist attacks from the air have been the threat that looms largest in Americans' minds. As a result, we've wasted millions on misguided programs to separate the regular travelers from the suspected terrorists -- money that could have been spent to actually make us safer.

Consider CAPPS and its replacement, Secure Flight.

Read More →

Airplane Security and Metal Knives

  • Bruce Schneier
  • The Sydney Morning Herald
  • November 30, 2005

This essay also appeared in The Age.

Two weeks ago, Immigration Minister Amanda Vanstone caused a stir by ridiculing airplane security in a public speech. She derided much of post-9/11 airline security, especially the use of plastic knives instead of metal ones, and said "a lot of what we do is to make people feel better as opposed to actually achieve an outcome."

As a foreigner, I know very little about Australian politics. I don't know anything about Senator Vanstone, her politics, her policies, or her party.

Read More →

U.S. 'No-Fly' List Curtails Liberties

Intended as a counterterrorism tool, it doesn't work and tramples on travelers' rights

  • Bruce Schneier
  • Newsday
  • August 25, 2004

Imagine a list of suspected terrorists so dangerous that we can't ever let them fly, yet so innocent that we can't arrest them - even under the draconian provisions of the Patriot Act.

This is the federal government's "no-fly" list. First circulated in the weeks after 9/11 as a counterterrorism tool, its details are shrouded in secrecy.

But, because the list is filled with inaccuracies and ambiguities, thousands of innocent, law-abiding Americans have been subjected to lengthy interrogations and invasive searches every time they fly, and sometimes forbidden to board airplanes.

Read More →

An Easy Path for Terrorists

  • Bruce Schneier
  • Boston Globe
  • August 24, 2004

If you fly out of Logan Airport and don't want to take off your shoes for the security screeners and get your bags opened up, pay attention. The US government is testing its "Trusted Traveler" program, and Logan is the fourth test airport. Currently, only American Airlines frequent fliers are eligible, but if all goes well the program will be opened up to more people and more airports.

Participants provide their name, address, phone number, and birth date, a set of fingerprints, and a retinal scan.

Read More →

BOB on Board

  • Bruce Schneier
  • The Sydney Morning Herald
  • August 2, 2004

Last Tuesday's bomb scare contains valuable security lessons, both good and bad, about how to achieve security in these dangerous times.

Ninety minutes after taking off from Sydney Airport, a flight attendant on a United Airlines flight bound for Los Angeles found an airsickness bag -- presumably unused -- in a lavatory with the letters "BOB" written on it.

The flight attendant decided that the letters stood for "Bomb On Board" and immediately alerted the captain, who decided the risk was serious enough to turn the plane around and land back in Sydney.

Even a moment's reflection is enough to realise that this is an extreme over-reaction to a non-existent threat.

Read More →

We Are All Security Customers

  • Bruce Schneier
  • CNET News.com
  • May 4, 2004

National security is a hot political topic right now, as both presidential candidates are asking us to decide which one of them is better fit to secure the country.

Many large and expensive government programs--the CAPPS II airline profiling system, the US-VISIT program that fingerprints foreigners entering our country, and the various data-mining programs in research and development--take as a given the need for more security.

At the end of 2005, when many provisions of the controversial Patriot Act expire, we will again be asked to sacrifice certain liberties for security, as many legislators seek to make those provisions permanent.

As a security professional, I see a vital component missing from the debate.

Read More →

America's Flimsy Fortress

  • Bruce Schneier
  • Wired
  • March 2004

Every day, some 82,000 foreign visitors set foot in the US with a visa, and since early this year, most of them have been fingerprinted and photographed in the name of security. But despite the money spent, the inconveniences suffered, and the international ill will caused, these new measures, like most instituted in the wake of September 11, are mostly ineffectual.

Terrorist attacks are very rare. So rare, in fact, that the odds of being the victim of one in an industrialized country are almost nonexistent.

Read More →

Homeland Insecurity

The fact that U.S. intelligence agencies can't tell terrorists from children on passenger jets does little to inspire confidence.

  • Bruce Schneier
  • Salon
  • January 9, 2004

Security can fail in two different ways. It can fail to work in the presence of an attack: a burglar alarm that a burglar successfully defeats. But security can also fail to work correctly when there's no attack: a burglar alarm that goes off even if no one is there.

Read More →

Airplane Hackers

  • Bruce Schneier
  • IEEE Security & Privacy
  • November/December 2003

Nathaniel Heatwole is a student at Guilford College. Several times between 7 February and 15 September 2003, he tested airline security. First, he smuggled in box cutters, clay resembling plastic explosives, and bleach simulating bomb-making chemicals through security. Then he hid these things in airplane lavatories, along with notes.

Read More →

Terror Profiles by Computers Are Ineffective

  • Bruce Schneier
  • Newsday
  • October 21, 2003

In September 2002, JetBlue Airways secretly turned over data about 1.5 million of its passengers to a company called Torch Concepts, under contract with the Department of Defense.

Torch Concepts merged this data with Social Security numbers, home addresses, income levels and automobile records that it purchased from another company, Acxiom Corp. All this was to test an automatic profiling system to automatically give each person a terrorist threat ranking.

Many JetBlue customers feel angry and betrayed that their data was shared without their consent. JetBlue's privacy policy clearly states that "the financial and personal information collected on this site is not shared with any third parties." Several lawsuits against JetBlue are pending.

Read More →

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient Systems, Inc.