Latest Essays
Page 38
To Profile or Not to Profile? (Part 1)
A Debate between Sam Harris and Bruce Schneier
Introduction by Sam Harris
I recently wrote two articles in defense of “profiling” in the context of airline security (1 & 2), arguing that the TSA should stop doing secondary screenings of people who stand no reasonable chance of being Muslim jihadists. I knew this proposal would be controversial, but I seriously underestimated how inflamed the response would be. Had I worked for a newspaper or a university, I could well have lost my job over it.
One thing that united many of my critics was their admiration for Bruce Schneier. Bruce is an expert on security who has written for …
The Trouble with Airport Profiling
Why do otherwise rational people think it’s a good idea to profile people at airports? Recently, neuroscientist and best-selling author Sam Harris related a story of an elderly couple being given the twice-over by the TSA, pointed out how these two were obviously not a threat, and recommended that the TSA focus on the actual threat: “Muslims, or anyone who looks like he or she could conceivably be Muslim.”
This is a bad idea. It doesn’t make us any safer—and it actually puts us all at risk.
The right way to look at security is in terms of cost-benefit trade-offs. If adding profiling to airport checkpoints allowed us to detect more threats at a lower cost, than we should implement it. If it didn’t, we’d be foolish to do so. Sometimes profiling works. Consider a sheep in a meadow, happily munching on grass. When he spies a wolf, he’s going to judge that individual wolf based on a bunch of assumptions related to the past behavior of its species. In short, that sheep is going to profile…and then run away. This makes perfect sense, and is why evolution produced sheep—and other animals—that …
Economist Debates: Airport Security
These essays are part of a debate with Kip Hawley, the former Administrator of the TSA. For the full debate, see The Economist‘s website.
Opening Remarks
Let us start with the obvious: in the entire decade or so of airport security since the attacks on America on September 11th 2001, the Transportation Security Administration (TSA) has not foiled a single terrorist plot or caught a single terrorist. Its own “Top 10 Good Catches of 2011” does not have a single terrorist on the list. The “good catches” are forbidden items carried by mostly forgetful, and entirely innocent, people—the sorts of guns and knives that would have been just as easily caught by pre-9/11 screening procedures. Not that the TSA is expert at that; it regularly …
How Changing Technology Affects Security
View or Download in PDF Format
This essay was republished in Wired on February 24, 2014.
Security is a tradeoff, a balancing act between attacker and defender. Unfortunately, that balance is never static. Changes in technology affect both sides. Society uses new technologies to decrease what I call the scope of defection—what attackers can get away with—and attackers use new technologies to increase it. What’s interesting is the difference between how the two groups incorporate new technologies.
Changes in security systems can be slow. Society has to implement any new security technology as a group, which implies agreement and coordination and—in some instances—a lengthy bureaucratic procurement process. Meanwhile, an attacker can just use the new technology. For example, at the end of the horse-and-buggy era, it was easier for a bank robber to use his new motorcar as a getaway vehicle than it was for a town’s police department to decide it needed a police car, get the budget to buy one, choose which one to buy, buy it, and then develop training and policies for it. And if only one police department did this, the bank robber could just move to another town. Defectors are more agile and adaptable, making them much better at being early adopters of new technology…
High-Tech Cheats in a World of Trust
I CAN put my cash card into an ATM anywhere in the world and take out a fistful of local currency, while the corresponding amount is debited from my bank account at home. I don’t even think twice: regardless of the country, I trust that the system will work.
The whole world runs on trust. We trust that people on the street won’t rob us, that the bank we deposited money in last month returns it this month, that the justice system punishes the guilty and exonerates the innocent. We trust the food we buy won’t poison us, and the people we let in to fix our boiler won’t murder us…
The Big Idea: Bruce Schneier
My big idea is a big question. Every cooperative system contains parasites. How do we ensure that society’s parasites don’t destroy society’s systems?
It’s all about trust, really. Not the intimate trust we have in our close friends and relatives, but the more impersonal trust we have in the various people and systems we interact with in society. I trust airline pilots, hotel clerks, ATMs, restaurant kitchens, and the company that built the computer I’m writing this short essay on. I trust that they have acted and will act in the ways I expect them to. This type of trust is more a matter of consistency or predictability than of intimacy…
Empathy and Security
View or Download in PDF Format
Several independent streams of research seem to have converged on the role of empathy in security. Understanding how empathy works and fails—and how it can be harnessed—could be important as we develop security systems that protect people over computer networks.
Mirror neurons are part of a recently discovered brain system that activates both when an individual does something and when that individual observes someone else doing the same thing. They’re what allow us to “mirror” the behaviors of others, and they seem to play a major role in language acquisition, theory of mind, and empathy…
Detecting Cheaters
Our brains are specially designed to deal with cheating in social exchanges. The evolutionary psychology explanation is that we evolved brain heuristics for the social problems that our prehistoric ancestors had to deal with. Once humans became good at cheating, they then had to become good at detecting cheating—otherwise, the social group would fall apart.
Perhaps the most vivid demonstration of this can be seen with variations on what’s known as the Wason selection task, named after the psychologist who first studied it. Back in the 1960s, it was a test of logical reasoning; today, it’s used more as a demonstration of evolutionary psychology. But before we get to the experiment, let’s get into the mathematical background…
Why Terror Alert Codes Never Made Sense
The Department of Homeland Security is getting rid of the color-coded threat level system. It was introduced after 9/11, and was supposed to tell you how likely a terrorist attack might be. Except that it never did.
Attacks happened more often when the level was yellow (“significant risk”) than when it was orange (“high risk”). And the one time it was red (“severe risk”), nothing happened. It’s never been blue or green, the two least dangerous levels.
The system has been at yellow for the past four years, and before then the changes seemed more timed to political events than actual terrorist threats. Not that any of this matters. We all ignored the levels because they didn’t tell us anything useful…
Schneier-Ranum Face-Off on Whitelisting and Blacklisting
This essay appeared as the second half of a point/counterpoint with Marcus Ranum.
The whitelist/blacklist debate is far older than computers, and it’s instructive to recall what works where. Physical security works generally on a whitelist model: if you have a key, you can open the door; if you know the combination, you can open the lock. We do it this way not because it’s easier—although it is generally much easier to make a list of people who should be allowed through your office door than a list of people who shouldn’t—but because it’s a security system that can be implemented automatically, without people…
Sidebar photo of Bruce Schneier by Joe MacInnis.