To Profile or Not to Profile? (Part 1)

A Debate between Sam Harris and Bruce Schneier

Introduction by Sam Harris

I recently wrote two articles in defense of “profiling” in the context of airline security (1 & 2), arguing that the TSA should stop doing secondary screenings of people who stand no reasonable chance of being Muslim jihadists. I knew this proposal would be controversial, but I seriously underestimated how inflamed the response would be. Had I worked for a newspaper or a university, I could well have lost my job over it.

One thing that united many of my critics was their admiration for Bruce Schneier. Bruce is an expert on security who has written for The New York Times, The Economist, The Guardian, Forbes, Wired, Nature, The Bulletin of the Atomic Scientists, The Boston Globe, The San Francisco Chronicle, The Washington Post, and other major publications. His most recent book is Liars and Outliers: Enabling the Trust that Society Needs to Thrive. Bruce very generously agreed to write a response to my first essay. He also agreed to participate in a follow-up discussion that has now occupied us, off and on, for two weeks. The resulting exchange runs over 13,000 words.

This debate was conducted entirely by email, without a moderator. While the gloves came off early, Bruce and I permitted one another to modify previous statements and to insert comments into each other’s text. This occasionally complicated matters—requiring further work from the freshly injured party—but the resulting exchange is more temperate than it would have otherwise been, as well as more complete. Of course, there is only so much ripping and mending that a linear conversation can accommodate. And, as readers will see, Bruce and I still occasionally talk past one another, grow a little prickly, and leave important issues unresolved. Despite its imperfections, I think the following debate is a good example of how two people with very different perspectives on a controversial topic can engage in a rational conversation.

* * *

SH: First, let me say how much I appreciate your willingness to engage on this issue, Bruce. Whether or not our views fully converge in the end, I suspect that readers will find this discussion useful.

There are many things in your essay that I’d like to respond to, but I don’t want us to just hurl op-eds at each other. My hope is that this will be a proper conversation. So rather than attempt to hit every point in each round, I think we should assume that we will keep turning the problem of terrorism over and over until we are both satisfied (or have killed our readers with boredom).

In the essay that got me into so much trouble with my fellow secular liberals, and in response to which you have now attempted an exorcism, I was addressing the problem of airline security. In fact, I was talking about only one aspect of airline security—the most visible part, where passengers and their luggage get screened for bombs and weapons by the TSA. 

It is important to acknowledge the narrowness of this focus, and I hope you will agree that your bringing up Timothy McVeigh and the Unabomber in this context was misleading. Everyone passing through security at an airport is getting on an airplane. Consequently, when it comes to airline security, we are not merely faced with a generic threat of “terrorism.”  When searching the bodies of passengers (either with back-scatter X-ray scanners, magnetometers, or pat downs), we are worried about the threat of suicidal terrorism.

In fact, the profile for airline security is even more specific—we are worried about suicide bombers who want to kill hundreds of people selected at random (i.e., the people who just happen to be on a particular airplane). Therefore, the terrorist knows that his intended victims are not directly responsible for whatever grievance he might have. We are not talking about anti-tax maniacs bombing a federal building, animal rights activists targeting laboratories, or unhinged Christians killing abortion doctors. We are talking about people who have a cause for which they are eager to die (and perhaps have their families die), and who believe this cause can be advanced by hideous acts of instrumental violence, in which truly innocent and uninvolved people are murdered.

So, to begin, I just want us to agree about this initial focus. I’m happy to explore related issues of terrorism and to even talk about security in general, but let’s stay on point for the moment and discuss the unique circumstance of screening passengers and their luggage at the airport.

Before I discuss what I think is wrong with your analysis, I want to see if we share the same background assumption about the reality of suicidal terrorism in the year 2012:

Imagine that a terrorist is attempting to board an airplane bound for a major city in Europe or the United States with a bomb strapped to the body of his four-year-old daughter. Let’s also assume that he is not some lone lunatic engaged in an inexplicable crime. Rather, he has a community of supporters behind him who have helped bring this terrible plot to fruition. A trained engineer made the bomb and showed him how to detonate it; another accomplice drove him and his daughter to the airport; even his wife gave her blessing and vowed to perform a similar act of terrorism with their son in the near future. The man has dozens of confederates who would have been willing, even eager, to take his place with a child of their own—and each of these people knows a score of others who fully support his aims. In fact, there are hundreds of thousands of people, in dozens of countries, who would actively support this man’s actions, if given the chance, and perhaps millions who would do nothing to dissuade him, even if they could. What are the chances, in your view, that this terrorist is Muslim.

BS:  High.

But so what?  You’ve proposed a correlation between being Muslim and being a terrorist.  I could propose other correlations with terrorism: wearing a gun, carrying a certain kind of reading material, having a certain micro-facial expression, appearing on a particular government list, buying a one-way ticket, holding a passport from a particular set of countries.  There’s no shortage of correlations.

You’ve gone further, though.  You’ve advocating a nationwide security system with two tiers of security based on your correlation.  What you’re missing is that your correlation is just a small piece of that complex system and, as such, you’ve skipped a lot of steps along the way.

Security is a trade-off, and requires some sort of cost-benefit analysis.  What is the cost of your security system?  What are the benefits?  What, exactly, is your correlation?  (TSA screeners can’t sort based on religion; they have to sort based on something they can detect.  And since there’s no such thing as “looking Muslim”—it’s a belief system, not an ethnic group—they’re going to sort on something like “looking Arab,” whatever that ends up meaning.)  Then, you’re going to have to analyze the resulting security system.  How does it work, and how does it fail?  What’s the false-positive and false-negative rate?  (You’ll have to do some theoretical analysis, at the very least refuting current research.)  Can your system be gamed?  (You’ll need some experimental data with real-world TSA agents in real-world conditions.  The last thing we want is a security system that can be defeated with a bottle of blonde hair dye.)  You will need it to relate to other security systems.  We only have a limited security budget.  Is your security system better than other airport security options?  How does it affect the other security systems already in place at airports?  Would we be better off spending that money on some other aspect of airport security?  Or something more general than airports?  In my book Beyond Fear, I proposed a five-step process to think through some of these questions.  There are other, more rigorous models.  But security engineering requires something more than intuition.

Here’s another correlation, perhaps easier to understand.  Pilots have long complained about being subjected to the same security as everyone else.  They can crash the planes, for heaven’s sake.  It’s just common sense.  But you can’t actually sort on “being a pilot” at a security checkpoint; you have to sort on “wearing a pilot’s uniform” or “carrying a valid pilot ID.”  So now the question becomes whether it makes sense to develop an unforgeable pilot ID, train TSA screeners in how to recognize that ID, and develop a separate set of screening procedures for people with that ID—or simply screen pilots like everyone else and ignore their whining.  And this is where the analysis starts.

Your intuition on the efficacy of an airport profiling system is wrong.  The psychology of security is complex, and there is a great deal of of research about how our brains systematically get security decisions wrong.  This is an example of that.  Profiling at airports gives us less security at greater cost.

SH: You have delivered a litany of concerns about profiling that are (in my view) easily answered. I do not think that the problem we are discussing—how to keep people from blowing up airplanes—is as recondite or as complicated as you make it out to be. It seems to me that there are many things you are pretending not to know—or pretending that other people can’t easily know—that make the problem of preventing terrorism reasonably straightforward.

And I am not proposing a mere correlation between extremist Islam and suicidal terrorism. I am claiming that the relationship is causal. There are many ways to see this, and not too many ways to credibly deny it (though Robert Pape keeps at it by skewing his data with the Tamil Tigers).

The first sign of a religious cause comes from what the terrorists say of themselves: al Qaeda and its sympathizers have not been shy about discussing their motives in public. The second indication is what they say when they think no one is listening. As you know, we now have a trove of private communications among jihadists. The fine points of theology are never far from their thoughts and regularly constrain their actions. The 19 hijackers were under surveillance by German police for months before September 11, 2001 (read Perfect Soldiers). Islam was all that these men appeared to care about.

And we should recall how other people behave when subjected to military occupation or political abuse. Where are the Tibetan Buddhist suicide bombers? They have the suicide part down, because they are now practicing a campaign of self-immolation—which, being the incendiary equivalent of a hunger strike, is about as far from suicide bombing as can be conceived. And where is that long list of Palestinian Christian suicide bombers you’ve been keeping in your desk? Now would be a good time to produce it. As you know, Palestinian Christians suffer the same Israeli occupation. How many have blown themselves up on a bus in Tel Aviv? One? Two? Where, for that matter, are the Pakistani, Iraqi, or Egyptian suicide bombers killing for the glory of Christ? These Christian communities are regularly attacked by suicidal jihadists—why don’t they respond with the same sort of violence? This is practically a science experiment: We’ve got the same people, speaking the same language, living in the same places, eating the same food—and one group forms a death cult of aspiring martyrs and the other does not.

As I’ve written elsewhere, it isn’t impossible to conceive of Tibetan Buddhists practicing suicide bombing or of Middle Eastern Christians practicing terrorism at the same rate as their Muslim neighbors, but Islam offers a doctrine of jihad and martyrdom that makes such behavior perfectly understandable. And, again, it is the reason that jihadists themselves give for their actions.

In any case, you have conceded that the next person who will try to blow himself up on an airplane bound for Europe or the United States is very likely to be Muslim. When considering the details of the example I gave—of terrorists who will even build their own children into their bombs—it should be clear that, in the year 2012, we are talking about Muslims waging jihad.

For this reason, I have argued that we should profile for Muslims, or anyone who could conceivably be Muslim, at airport security. More specifically, I argue that we should anti-profile—paying less attention to people who, based on the totality of their characteristics, could not conceivably be jihadists. Once again, I would not put you or myself in this category, but many people one sees at the airport would fall into it.

I think you overestimate the ability of jihadists to recruit people who do not fit the profile, and you seriously underestimate the talent that neurologically intact observers (not to mention trained screeners, like those who work for El Al) have for spotting high-risk individuals. While it is clearly prudent to scan everyone’s bags, doing a secondary screening of low-risk travelers, purely for the sake of fairness, seems like a dangerous waste of time.

Please remember, we are talking about recruiting people who want to die for the privilege of waging jihad against infidels. Just how deep a recruiting pool could this be among people born as non-Muslims? Not very. How easy can it be to recruit an old rancher and his wife from Texas to be suicide bombers? What about a pretty blonde from San Diego who once had a walk-on part on Battlestar Galactica? If it were easy to recruit such people—people about whom you would say, “Are you kidding me? They are members of al-Qaeda?”—then we would not be seeing young middle-eastern men show upon on the news, again and again.

Take a look at the FBI’s most wanted terrorists. There appears to be one non-Muslim among them—an animal rights extremist. The rest fit the profile (absurdly well). Muslim terrorists have no trouble finding people willing to martyr themselves in places like Pakistan, Yemen, Saudi Arabia, and Somalia—and in their satellite communities in Europe—but, lucky for us, they still have a hard time recruiting a family that looks as if it just stepped out of a Ralph Lauren ad. Until this changes, it strikes me as completely irrational not to take these facts into account when screening for terrorists.

Of course I’m aware that a terrorist could place a bomb in an old lady’s bag—and that is why I was careful to say that everyone’s baggage should be screened. But it is very far-fetched to think that jihadist organizations will successfully recruit people of the sort pictured in my original blog post. And if we are concerned that terrorists might kidnap some old lady’s grandchildren and force her to walk through security with a bomb in her girdle—well, that’s what behavioral profiling is for. Presumably, our screeners would find themselves in the presence of one very nervous old lady.

We have to ask ourselves which is more plausible—that terrorists will find it easier to recruit or coerce the least likely suspects, or that they will benefit from our needlessly searching these suspects by the hundreds of millions, year after year? I do not doubt that a profile can be gamed—and this is worth worrying about—but I am more concerned about the risk of airport screeners obviously wasting their time. 

So I hope we can put that bit about mere “correlation” behind us. Generally speaking, we know who we are looking for—Muslim jihadists.

In your article, you declare that my profile isn’t accurate because “it isn’t true that almost all Muslims are out to blow up airplanes. In fact, almost none of them are.” Unfortunately, this gets things exactly backwards. The question is not, What is the probability that any given Muslim is a terrorist? The question is, What is the probability that the next terrorist will be a Muslim? You can bury the signal in as much noise as you want; it will not change the fact that the threat of suicidal terrorism is coming from a single group.

We face an ongoing threat of people bringing bombs onto airplanes. There will surely be a next attempt, and one after that, and one after that. Even as you and I have been conducting this debate, we have been hearing reports about new and improved “underwear bombs” and about the prospect of terrorists having IEDs surgically implanted in their bodies. How likely is it that these ghoulish attempts to murder innocent people will come from Muslims waging jihad? It isn’t 1 in 80 million, or 1 in 8 million, or even 1 in 8. You admit that the likelihood is “high.”

Your concern about the low base rate of terrorism, leading to the problem of too many false positives, seems misguided. The problem of base rate is often very important, of course, but not in the case of airport security. For readers who might be unfamiliar with Bayesian statistics, let me briefly illustrate what I think you were trying to do with your math:

Let’s say I get a blood test designed to screen for some terrible disease and it comes back positive. My doctor tells me that this test is 99% accurate and only produces false positives 1% of the time. Does this mean that that I have a 99% chance of having the disease? No. We need to know how prevalent this disease is in the population of people who share my risk factors (the base rate). If the disease is rare, the chance that I have it will still be quite low. A false-positive rate of 1% will produce 100 errors per 10,000 tests. If the disease only affects 1 in 10,000 people like me, my actual chance of having the disease (given that I tested positive) will be 1/101—or slightly less than 1%.

This seems to be the kind of sobering and counterintuitive demonstration of the “base rate fallacy” you were attempting in your article. The lesson that you and many others seem desperate to draw is that a little Bayesian analysis proves that profiling Muslims makes absolutely no sense. But what is interesting about false positives in my medical example is that the consequences of entertaining them (i.e., believing that one has a deadly illness) are huge, and learning the base rate completely changes one’s sense of the risk. This is not the case with the threat of Muslim terrorism.

What is a false positive in the context of airport security? It might be nothing more than asking a person a follow-up question or performing a hand inspection of his bag. We are not talking about imprisoning people who fit the profile at the airport. A concern about false positives only makes sense if paying closer attention to innocent Muslims has some truly terrible consequences. You suggest that it will have two: it will produce a backlash in the Muslim community and allow terrorists to game the system (rendering the profile inaccurate). I am skeptical about both these claims for reasons that I hope we will discuss.

Of course your base rate argument could also be used to justify taking no security precautions whatsoever—which I’m beginning to worry is what you recommend. In your essay, you assume that false positives (screening innocent Muslims) are so unpleasant as to be morally unacceptable, while false negatives (letting the occasional bomb-laden terrorist onto an airplane) aren’t so bad that we should seek to prevent every instance of them. I am open to the idea that we are irrationally afraid of airline terrorism (and airplane crashes generally), but you have not made this case. And I would point out that our horror at the prospect of planes exploding at 30,000 feet is part of the cost of terrorism that we must consider. If, as result of some quirk in human psychology, a few downed airplanes will cripple our economy in a way that a few blown up trains never will, then it is rational for us to have a zero-tolerance policy regarding bombs on airplanes.

BS:  It turns out designing good security systems is as complicated as I make it out to be.  Witness all the lousy systems out there designed by people who didn’t understand security.  Designing an airport security system is hard.  Designing a passenger profiling system within an airport security system is hard.  And I’m going to walk you through an analysis of your security design.

In your response above, you make a big deal about two points that are unimportant.

One, it doesn’t matter that the correlation between Muslim and terrorist is a causal relationship. We’re taking about a detection system.  You’re proposing that we can detect attribute A (terrorist) by using attribute B (Muslim).  That’s what matters, not whether or not there’s a causal arrow or which direction it points.  In using the word “correlation” I was giving you the benefit of the doubt; it’s a lower bar.

And two, “the probability that the next terrorist will be a Muslim” doesn’t matter either.  To demonstrate that, for now I’ll just assume the probability equals one.

To analyze your system, I first need to describe it.  In security, the devil is in the details, and it’s the details that matter.  Lots of security systems look great in one sentence but terrible once they’re expanded to a few paragraphs.

You’re proposing an airport passenger screening system with two tiers of security.  Everyone gets subjected to the lower tier, but only people who meet your profile, “Muslims, or anyone who could conceivably be Muslim,” would be subjected to the higher tier.

SH:  Yes, and anyone else whose bag or behavior seems to merit follow up (e.g., the Hindawi affair).

BS:  That’s behavioral profiling, completely different from what we’re discussing here.  I want to stick with your ethnic profiling system.

SH: Well, I disagree. And the Israelis, who are generally credited with being the masters of behavioral profiling, appear to disagree as well. A person’s behavior can only be interpreted in context. What does a man’s sweating profusely and looking agitated mean? It means one thing if he is a morbidly obese senior from Alabama traveling with his wife and their church group, who is struggling to get all the trinkets he purchased in Jerusalem into a bursting suitcase; it means another if he is a 23-year-old man traveling on a Pakistani passport who is doing his best to not make eye contact with anyone. The distinction between behavioral profiling and everything else that can be noticed about a person is a myth. However, we can table this issue for the time being.

BS: You can disagree, but I assure you that the Israelis understand the difference between ethnic profiling and behavioral profiling.  Yes, they do both together, but that doesn’t mean you can confuse them.  But let’s stick to topic: ethnic profiling.

In practice, this would mean that everyone would go through primary airport screening: x-ray machine for hand luggage, and the magnetometer or full-body scanner for their bodies. But when primary screening results in an anomaly—this is generally because the magnetometer beeps, the full-body scanner shows something, or there’s something suspicious in an x-ray image—in some cases people who don’t meet the profile would be allowed through security without that anomaly being further checked.

SH:  Yes, depending on the anomaly.

BS: TSA screeners would have to make the determination, based on some subjective predetermined criteria which they would have to apply, whether or not individuals meet the profile.  You are not proposing this because it will improve security.

SH: On the contrary, I believe it will improve security. Let’s say that in each moment the TSA has $100 worth of attention, and they can spend it any way they want. A dollar spent on a toddler whose family does not stand a chance of having turned him into an IED is a dollar wasted (i.e., not spent elsewhere).

BS:  That’s also a separate issue.  We’re comparing profiling with not profiling. You are essentially making an efficiency argument in support of profiling: “I am more concerned about the risk of airport screeners obviously wasting their time.”  This efficiency, you argue, could result in either cost savings as TSA staffing was reduced, or in increased security elsewhere as superfluous screeners were retasked to do other things that might improve security.  But that is independent of, and irrelevant to, the analysis of the proposed security system.  The proposed benefit of the profiling system is the same security at reduced cost, and reduced inconvenience to non-profiled people.

SH:  I agree. I would just emphasize that I think of efficiency in terms of increased security, not in terms of reducing costs. Efficiency allows for more eyes on the problem—another person watching the scanner images, another person able to study the behavior of a suspicious person. Every moment spent following up with the wrong family is not just a moment in which the line slows down—it’s also a moment in which someone or something else gets ignored.

BS:  Of course.  Again, when you have an efficiency gain you can either realize it by reducing your cost or by doing more of what you’re already doing.  But that potential additional security has nothing to do with the efficacy of profiling.  If we believe that an extra $10 of attention will make us safer, we can either add $10 to the TSA’s budget, or save $10 by increasing efficiency somewhere else.

SH: Now I see what you are getting at—and I’m prepared to agree for the sake of letting you continue with your analysis. But I want to point out that there might be more to it than the question of efficiency. I think a policy of not profiling—that is, remaining committed to the fiction that we have no idea where the threat of suicidal terrorism is coming from—might cause screeners to be much worse at their jobs than they would otherwise be. Gains in efficiency due to profiling might not just be a matter of “doing more of what you’re already doing.” It could be doing more of what the Israelis are already doing—which I don’t think entails their lying to themselves about the source of the problem.

BS: You are, however, implying a different type of profiling system: to take a security procedure now randomly applied—swabbing luggage for explosive residue, for example—and apply it according to the profile.  Leave that aside for now; I’ll come back to it later.

One piece of security philosophy to start.  Complexity is the enemy of security.  Adding complexity to a security system invariably introduces additional vulnerabilities (see my 2000 essay).  Simple systems are easier to analyze.  Simpler systems have fewer security assumptions.  Simpler systems are more robust against mistakes in analysis.  And simpler systems are more secure. 

More specifically, simplicity tends to completely remove potential avenues of attack.  An easy example might be to think of a building.  Adding a new door is an additional complexity, and requires additional security to secure that door.  This leads to an analysis of door materials, lock strength, and so on.  The same building without that door is inherently more secure, and requires no analysis or assumptions about how it will be secured.  Of course, this isn’t to say that buildings with doors are insecure, only that it takes more work to secure them.  And it takes more work to secure a building with ten doors than with one door.  I will appeal to simplicity multiple times in any analysis of your profiling system.

Let’s get started, then.  Security is always a trade-off: costs versus benefits.  We’re going to tally them up.

The primary benefit to your system is increased efficiency, but it’s not as much as you think. In Kip Hawley’s memoir of his time as head of the TSA, he talks about the shoe scanning process. After Richard Reid’s failed shoe-bombing attempt in late 2001, TSA screeners started requiring people wearing thick-heeled shoes and boots to remove them and put them through the x-ray machines.  They deliberately chose the most accurate correlation in order to minimize the passenger inconvenience. But when they revised the rule to require everyone to take their shoes off, checkpoint throughput increased.  There is an inherent inefficiency to non-uniform procedures, and when passengers knew what to expect, there was less delay.

Your system is different.  The non-uniformity is in the resolving of anomalies, not in the basic security procedures that everyone has to go through. There would be an efficiency benefit resulting from your system, but it would still be diminished because passengers wouldn’t know what to expect.

SH: Perhaps. But this is also a problem with our current system—and it would be a bigger problem with any system that fully implemented randomness (which you have recommended). People would be surprised to be pulled aside, or have their bag swabbed for explosive residue, when this didn’t happen last time around. What we have now is a system in which we pretend not to profile (while still profiling, and probably doing it badly) by wasting precious resources on obvious non-threats and further inconveniencing the profiled and non-profiled alike.

BS: “Obvious non-threats” to you, not real obvious non-threats.  But I’m getting ahead of myself.

Your system has a secondary benefit as well: reduced inconvenience to people who don’t meet the profile.  You correctly point out above that the extra inconvenience from this secondary screening is low, so I’m going to largely ignore this.

That’s it for benefits.  Let’s now get into the costs.

For the purposes of this analysis, I’m assuming that the correlation between attribute A (terrorist) and attribute B (Muslim) is 1.  Attribute B is a belief system, and effectively undetectable within the context of an airport security checkpoint.  As such, you are proposing attribute B’ (“anyone who could conceivably be Muslim”) as a substitute for B. This why I previously described this as Arab-looking, or Semitic.

In your system, people who don’t meet the profile would in some cases not be further screened if primary screening resulted in an anomaly.  There is a potential security cost associated with each of these incidents.  Since we’re assuming that all terrorists are Muslims, that cost is zero if only we could profile based on attribute B.  But since we’re profiling on related attribute rate B’, there is a cost that’s proportional to our error rate.

SH: I like the approach you are taking, but I want to make a few observations before you go further. First, I’d like to point out that the concern you raised in your essay about the low base rate of terrorism has now fallen by the wayside. This is fine, of course, but I want those readers who thought the problem of false positives to be decisive to take note. You and I now appear to agree that the “false positive” of having to endure a secondary screening is no big deal.

BS:  Actually, the base rate fallacy is still important.  If 10% of all airline travelers were terrorists, you’d end up with a very different result.  In that case, even a mediocre profile would reduce successful attacks more than random screening.

SH:  Any further significance of base rate remains to be demonstrated. I’m simply pointing out that the significance you appeared to give it in your essay has not held up. We are not worried about the “false positive” of executing a secondary search on an innocent person who fits the profile.

Second, we should acknowledge that certain travelers fit the profile so well that they are obviously Muslim, and others stand a very good chance of being Muslim, and these facts can be discerned by any trained screener simply by looking. Certain costumes and behaviors constitute ideological performances—which is to say, we can know what a person believes, or is likely to believe, by his appearance alone.

BS:  I don’t believe this is true.  But, again, so what?  The question is not whether some people look more or less Muslim, the question is whether profiling on that characteristic makes security sense.

SH: You’ve said repeatedly that there is no such thing as “looking Muslim”—but there is. And this is one instance of your denying that a channel of statistically relevant information is available to us. Given the levels of political correctness on this topic, I would not be surprised if the TSA followed suit and failed to search certain high-risk travelers for fear of offending them. I have heard stories of women in niqabs breezing through security. What percentage of niqab wearers—or, more important, the men traveling with them—hope for a global Caliphate or believe that martyrdom is a direct path to Paradise? It is surely high. It is rather like asking what percentage of skinheads wearing swastika tattoos and “White Pride Worldwide” T-shirts are racist and anti-Semitic. If we were in a global war against a cult of suicidal white supremacists, one would have to be crazy not to pay extra attention to this distinguished gentleman at the airport.

Needless to say, such people would be relentlessly profiled outside the airport, too (we call this “intelligence gathering”). However, I will grant you that some of the people we are worried about will take careful steps to appear non-ideological. I just want to point out that many aspiring martyrs don’t bother to do this, and don’t do a very good job of it when they do.

Again, I worry that political correctness can open up another pathway through security, allowing terrorists to hide in plain sight. If it ever became clear that we had a policy of not profiling, designed to assure everyone that we were non-racist and culturally sensitive, terrorists could safely assume that the TSA wouldn’t oblige a Muslim woman to lift her veil if she didn’t want to.

BS: Honestly, I don’t care about the political correctness of this.  Profiling is bad security.  I understand that it intuitively seems obvious to you, and that your gut tells you it’s better, but it’s not.  And I am going to continue to explain why. 

To continue: to implement this system, you’re going to have to make this profile explicit.  You’re going to need a precise definition for B’.  And it needs to be a definition that can be taught to the TSA screeners, written down in the Standard Operating Procedures (SOP) manual found at every TSA checkpoint.  I believe that once you start trying to specify your profile exactly, it will either encompass so many people as to be useless, or leave out so many people as to be dangerous.  That is, I can’t figure out how to get your error rate down.

SH: Well, we seem to be coming at this problem from opposite ends. As you know, in my first article, I spoke of “anti-profiling,” by which I meant not flagrantly wasting everyone’s time in a politically correct show of fairness. I’m told that Al Gore was once pulled aside for a random body search. Wasting a minute on the prospect that Al Gore has been recruited by al Qaeda is sheer lunacy.  I don’t think that needs to be spelled out in the policy. Agents could be well-trained to look for the threat—jihadists—under all conceivable guises and then be trusted to use their discretion to ignore people who obviously pose no threat.

BS: It doesn’t matter.  Call it profiling, call it anti-profiling.  In my analysis, all that matters is that you’re dividing people into two buckets: one has an easier path through security and the other has a harder path.  The question I’m addressing is whether this system makes any sense.  And if you think about it, an anti-profiling system makes even less sense.  The smaller your “easier path” bucket is, the less efficiency gain you get.  And you still have to pay the full cost in security, money, and inefficiency, as I’ll explain below.

In my initial rebuttal I listed Muslim terrorists who are ethnically African, Hispanic, Caribbean, and Asian.  There have been both male and female Muslim suicide bombers.  We know that Osama bin Laden was actively trying to recruit terrorists who would not look like your profile.  Khalid Sheikh Mohammed, in the testimony entered in the Moussaoui case, said he was planning a second wave attack after 9/11, but would use only Asians and Europeans for that because he assumed Arabs would be—essentially—profiled (see paragraphs numbered 77 and 79 on pp. 38—39 of his testimony, which seems not to be on the Internet).

This isn’t a red herring.  There are known European-looking Muslim terrorists.  In Kip Hawley’s book, he mentions by name specific Muslim terrorists who were 1) actively plotting against airplanes, and 2) ethnically European.  He writes about the Austrian Abdulrahman Hilal Hussein: “with his trim muscular build and light brown hair, Abdulrahman looked, talked, and acted like the other Austrian schoolchildren” and that he “resembled Nicholas Cage.”  He writes about Fritz Gelowicz, a German who converted to Islam as a teenager: “A handsome boy, with light brown hair and fair skin, Fritz was indistinguishable from his peers in many ways.”  I asked Hawley about profiling in a recent interview, and he said: “Profiling on the basis of LOOKS is terrible security.  AQ has hundreds, literally, of agents selected specifically because they don’t look like young middle-eastern men.”  When I pressed him, he added:  “AQ has trained hundreds of western operatives, including from North America, of all ages, colors, genders, whatever—many of whom we know by real name, some only by nickname.” Look at pictures of Eric Breininger, another German native.  Or Long Island altar boy Bryant Neal Vinas.  Taking the intelligence reports at face value, both of these people have undergone training at al Qaeda camps.

Read Part 2

Categories: Airline Travel, Terrorism, Theory of Security

Sidebar photo of Bruce Schneier by Joe MacInnis.