Entries Tagged "air travel"

Page 34 of 46

Copycats

It’s called “splash-and-grab,” and it’s a new way to rob convenience stores. Two guys walk into a store, and one comes up to the counter with a cup of hot coffee or cocoa. He pays for it, and when the clerk opens the cash drawer, he throws the coffee in the clerk’s face. The other one grabs the cash drawer, and they both run.

Crimes never change, but tactics do. This tactic is new; someone just invented it. But now that it’s in the news, copycats are repeating the trick. There have been at least 19 such robberies in Delaware, Pennsylvania and New Jersey. (Some arrests have been made since then.)

Here’s another example: On Nov. 24, 1971, someone with the alias Dan Cooper invented a new way to hijack an aircraft. Claiming he had a bomb, he forced a plane to land and then exchanged the passengers and flight attendants for $200,000 and four parachutes. (I leave it as an exercise for the reader to explain why asking for more than one parachute is critical to the plan’s success.) Taking off again, he told the pilots to fly to 10,000 feet. He then lowered the plane’s back stairs and parachuted away. He was never caught, and the FBI still doesn’t know who he is or whether he survived.

After this story hit the press, there was an epidemic of copycat attacks. In 31 hijackings the following year, half of the hijackers demanded parachutes. It got so bad that the FAA required Boeing to install a special latch—the Cooper Vane—on the back staircases of its 727s so they couldn’t be lowered in the air.

The internet is filled with copycats. Green-card lawyers invented spam; now everyone does it. Other people invented phishing, pharming, spear phishing. The virus, the worm, the Trojan: It’s hard to believe that these ubiquitous internet attack tactics were, until comparatively recently, tactics that no one had thought of.

Most attackers are copycats. They aren’t clever enough to invent a new way to rob a convenience store, use the web to steal money, or hijack an airplane. They try the same attacks again and again, or read about a new attack in the newspaper and decide they can try it, too.

In combating threats, it makes sense to focus on copycats when there is a population of people already willing to commit the crime, who will migrate to a new tactic once it has been demonstrated to be successful. In instances where there aren’t many attacks or attackers, and they’re smarter—al-Qaida-style terrorism comes to mind—focusing on copycats is less effective because the bad guys will respond by modifying their attacks accordingly.

Compare that to suicide bombings in Israel, which are mostly copycat attacks. The authorities basically know what a suicide bombing looks like, and do a pretty good job defending against the particular tactics they tend to see again and again. It’s still an arms race, but there is a lot of security gained by defending against copycats.

But even so, it’s important to understand which aspect of the crime will be adopted by copycats. Splash-and-grab crimes have nothing to do with convenience stores; copycats can target any store where hot coffee is easily available and there is only one clerk on duty. And the tactic doesn’t necessarily need coffee; one copycat used bleach. The new idea is to throw something painful and damaging in a clerk’s face, grab the valuables and run.

Similarly, when a suicide bomber blows up a restaurant in Israel, the authorities don’t automatically assume the copycats will attack other restaurants. They focus on the particulars of the bomb, the triggering mechanism and the way the bomber arrived at his target. Those are the tactics that copycats will repeat. The next target may be a theater or a hotel or any other crowded location.

The lesson for counterterrorism in America: Stay flexible. We’re not threatened by a bunch of copycats, so we’re best off expending effort on security measures that will work regardless of the tactics or the targets: intelligence, investigation and emergency response. By focusing too much on specifics—what the terrorists did last time—we’re wasting valuable resources that could be used to keep us safer.

This essay originally appeared on Wired.com.

Posted on March 8, 2007 at 3:23 PMView Comments

Sky Marshals in Australia

Their cost-effectiveness is being debated:

They’ve cost the taxpayer $106 million so far, they travel in business class, and over the past four years Australia’s armed air marshals have had to act only once—subduing a 68-year-old man who produced a small knife on a flight from Sydney to Cairns in 2003.

I have not seen any similar cost analysis from the United States.

Posted on March 8, 2007 at 7:37 AMView Comments

The Doghouse: Onboard Threat Detection System

It’s almost too absurd to even write about seriously—this plan to spot terrorists in airplane seats:

Cameras fitted to seat-backs will record every twitch, blink, facial expression or suspicious movement before sending the data to onboard software which will check it against individual passenger profiles.

[…]

They say that rapid eye movements, blinking excessively, licking lips or ways of stroking hair or ears are classic symptoms of somebody trying to conceal something.

A separate microphone will hear and record even whispered remarks. Islamic suicide bombers are known to whisper texts from the Koran in the moments before they explode bombs.

The software being developed by the scientists will be so sophisticated that it will be able to take account of nervous flyers or people with a natural twitch, helping to ensure there are no false alarms.

The only thing I can think of is that some company press release got turned into real news without a whole lot of thinking.

Posted on February 16, 2007 at 6:55 AMView Comments

"Clear" Registered Traveller Program

CLEAR, a private service that prescreens travelers for a $100 annual fee, has come to Kennedy International Airport. To benefit from the Clear Registered Traveler program, which is run by Verified Identity Pass, a person must fill out an application, let the service capture his fingerprints and iris pattern and present two forms of identification. If the traveler passes a federal background check, he will be given a card that allows him to pass quickly through airport security.

Sounds great, but it’s actually two ideas rolled into one: one clever and one very stupid.

The clever idea is allowing people to pay for better service. Clear has been in operation at the Orlando International Airport since July 2005, and members have passed through security checkpoints faster simply because they are segregated from less experienced fliers who don’t know the drill.

Now, at Kennedy and other airports, Clear is purchasing and installing federally approved technology that will further speed up the screening process: scanners that will eliminate the need for cardholders to remove their shoes, and explosives detection machines that will eliminate the need for them to remove their coats and jackets. There are also Clear employees at the checkpoints who, although they can’t screen cardholders, can guide members through the security process. Clear has not yet paid airports for an extra security lane or the Transportation Security Administration for extra screening personnel, but both of those enhancements are on the table if enough people sign up.

I fly more than 200,000 miles per year and would gladly pay $100 a year to get through airport security faster.

But the stupid idea is the background check. When first conceived, traveler programs focused on prescreening. Pre-approved travelers would pass through security checkpoints with less screening, and resources would be focused on everyone else. Sounds reasonable, but it would leave us all less safe.

Background checks are based on the dangerous myth that we can somehow pick terrorists out of a crowd if we could identify everyone. Unfortunately, there isn’t any terrorist profile that prescreening can uncover. Timothy McVeigh could probably have gotten one of these cards. So could have Eric Rudolph, the pipe bomber at the 1996 Olympic Games in Atlanta. There isn’t even a good list of known terrorists to check people against; the government list used by the airlines has been the butt of jokes for years.

And have we forgotten how prevalent identity theft is these days? If you think having a criminal impersonating you to your bank is bad, wait until they start impersonating you to the Transportation Security Administration.

The truth is that whenever you create two paths through security—a high-security path and a low-security path—you have to assume that the bad guys will find a way to exploit the low-security path. It may be counterintuitive, but we are all safer if the people chosen for more thorough screening are truly random and not based on an error-filled database or a cursory background check.

I think of Clear as a $100 service that tells terrorists if the F.B.I. is on to them or not. Why in the world would we provide terrorists with this ability?

We don’t have to. Clear cardholders are not scrutinized less when they go through checkpoints, they’re scrutinized more efficiently. So why not get rid of the background checks altogether? We should all be able to walk into the airport, pay $10, and use the Clear lanes when it’s worth it to us.

This essay originally appeared in The New York Times.

I’ve already written about trusted traveller programs, and have also written about Verified Identity Card, Inc., the company that runs Clear. Note that these two essays were from 2004. This is the Clear website, and this is the website for Verified Identity Pass, Inc.

Posted on January 22, 2007 at 7:11 AMView Comments

No-Fly List to Be Scrubbed

After over five years of harassing innocents and not catching any terrorists, the no-fly list is finally being checked for accuracy, and probably cut in half.

Yes, it’s great to see that even the threat of oversight by a Democratic Congress is enough to get these things done, but it’s nowhere near enough.

The no-fly list doesn’t work. And, of course, you can easily bypass it. You can 1) print a boarding pass under an assumed name or buy a ticket under an assumed name, or 2) fly without ID. In fact, the whole notion of checking ID as a security measure is fraught with problems. And the list itself is just awful.

My favorite sound bite:

Imagine a list of suspected terrorists so dangerous that we can’t ever let them fly, yet so innocent that we can’t arrest them – even under the draconian provisions of the Patriot Act.

Even with a better list, it’s a waste of money.

Posted on January 19, 2007 at 7:14 AMView Comments

Do Terrorists Lie?

Terrorists might bomb airplanes, take and kill hostages, and otherwise terrorize innocents. But there’s one thing they just won’t do: lie on government forms. And that’s why the State of Ohio requires certain license (including private pilot licenses) applicants to certify that they’re not terrorists. Because if we can’t lock them up long enough for terrorism, we’ve got the additional charge of lying on a government form to throw at them.

Okay, it’s actually slightly less silly than that. You have to certify that you are not a member of, a funder of, a solicitor for, or a hirer of members of any of these organizations, which someone—presumably the Department of Homeland Security—has decided are terrorist organizations.

The Aircraft Owners and Pilots Association is pissed off, as they should well be.

More security theater.

I assume Ohio isn’t the only state doing this. Does anyone know anything about other states?

EDITED TO ADD (1/18): Here’s a Pennsylvania application or a license to carry firearms that asks: “Is your character and reputation such that you would be likely to act in a manner dangerous to public safety?” I agree that Pennsylvania shouldn’t issue carry permits to people for whom this is true, but I’m not sure that asking them is the best way to find out.

Posted on January 17, 2007 at 7:34 AMView Comments

Architecture and Airport Security

Good essay by Matt Blaze:

Somehow, for all the attention to minutiae in the guidelines, everything ends up just slightly wrong by the time it gets put together at an airport. Even if we accept some form of passenger screening as a necessary evil these days, today’s checkpoints seem like case studies in basic usability failure designed to inflict maximum frustration on everyone involved. The tables aren’t quite at the right height to smoothly enter the X-ray machines, bins slide off the edges of tables, there’s never enough space or seating for putting shoes back on as you leave the screening area, basic instructions have to be yelled across crowded hallways. According to the TSA’s manual, there are four models of standard approved X-ray machines, from two different manufacturers. All four have sightly different heights, and all are different from the heights of the standard approved tables. Do the people setting this stuff up ever actually fly? And if they can’t even get something as simple as the furniture right, how confident should we be in the less visible but more critical parts of the system that we don’t see every time we fly?

Yes, Matt Blaze now has a blog. See also his essay on making your own fake boarding pass.

Posted on January 12, 2007 at 7:08 AMView Comments

1 32 33 34 35 36 46

Sidebar photo of Bruce Schneier by Joe MacInnis.