Entries Tagged "cost-benefit analysis"

Page 9 of 23

Cost of the U.S. No-Fly List

Someone did the analysis:

As will be analyzed below, it is estimated that the costs of the no-fly list, since 2002, range from approximately $300 million (a conservative estimate) to $966 million (an estimate on the high end). Using those figures as low and high potentials, a reasonable estimate is that the U.S. government has spent over $500 million on the project since the September 11, 2001 terrorist attacks. Using annual data, this article suggests that the list costs taxpayers somewhere between $50 million and $161 million a year, with a reasonable compromise of those figures at approximately $100 million.

Posted on February 3, 2009 at 1:01 PMView Comments

Jeffrey Rosen on the Department of Homeland Security

Excellent article:

The same elements of psychology lead people to exaggerate the likelihood of terrorist attacks: Images of terrifying but highly unusual catastrophes on television—such as the World Trade Center collapsing—are far more memorable than images of more mundane and more prevalent threats, like dying in car crashes. Psychologists call this the “availability heuristic,” in which people estimate the probability of something occurring based on how easy it is to bring examples of the event to mind.

As a result of this psychological bias, large numbers of Americans have overestimated the probability of future terrorist strikes: In a poll conducted a few weeks after September 11, respondents saw a 20 percent chance that they would be personally harmed in a terrorist attack within the next year and nearly a 50 percent chance that the average American would be harmed. Those alarmist predictions, thankfully, proved to be wrong; in fact, since September 11, international terrorism has killed only a few hundred people per year around the globe, as John Mueller points out in Overblown. At the current rates, Mueller argues, the lifetime probability of any resident of the globe being killed by terrorism is just one in 80,000.

This public anxiety is the central reason for both the creation of DHS and its subsequent emphasis on showy prevention measures, which Schneier calls a form of “security theater.” But that raises a question: Even if DHS doesn’t actually make us safer, could its existence still be justified if reducing the public’s fears leads to tangible economic benefits? “If the public’s response is based on irrational, emotional fears, it may be reasonable for the government to do things that make us feel better, even if those don’t make us safer in a rational sense, because if they feel better, people will fly on planes and behave in a way that’s good for the economy,” Tierney told me. But the psychological impact of DHS still has to be subject to cost-benefit analysis: On balance, is the government actually calming people rather than making them more nervous? Tierney argues convincingly that the same public fears that encourage government officials to spend money on flashy preventive measures also encourage them to exaggerate the terrorist threat. “It’s very difficult for a government official to come out and say anything like, ‘Let’s put this threat in perspective,'” he told me. “If they were to do so, and there isn’t a terrorist attack, they get no credit; and, if there is, that’s the end of their career.” Of course, no government official feels this pressure more acutely than the head of homeland security. And so, even as DHS seeks to tamp down public fears with expensive and often wasteful preventive measures, it may also be encouraging those fears—which, in turn, creates ever more public demand for spending on prevention.

Michael Chertoff’s public comments about terrorism embody this dilemma: Despite his laudable efforts to speak soberly and responsibly about terrorism—and to argue that there are many kinds of attacks we simply can’t prevent—the incentives associated with his job have led him at times to increase, rather than diminish, public anxiety. Last March he declared that, “if we don’t recognize the struggle we are in as a significant existential struggle, then it is going to be very hard to maintain the focus.” If nuclear attacks aren’t likely and smaller events aren’t existential threats, I asked, why did he say the war on terrorism is a “significant existential struggle”? “To me, existential is a threat that shakes the core of a society’s confidence and causes a significant and long-lasting line of damage to the country,” he replied. But it would take a series of weekly Virginia Tech-style shootings or London-style subway bombings to shake the core of American confidence; and Al Qaeda hasn’t come close to mustering that frequency of low-level attacks in any Western democracy since September 11. “Terrorism kills a certain number of people, and so do forest fires,” Mueller told me. “If terrorism is merely killing certain numbers of people, then it’s not an existential threat, and money is better spent on smoke alarms or forcing people to wear seat belts instead of chasing terrorists.”

Posted on January 30, 2009 at 11:38 AMView Comments

Helping the Terrorists

It regularly comes as a surprise to people that our own infrastructure can be used against us. And in the wake of terrorist attacks or plots, there are fear-induced calls to ban, disrupt or control that infrastructure. According to officials investigating the Mumbai attacks, the terrorists used images from Google Earth to help learn their way around. This isn’t the first time Google Earth has been charged with helping terrorists: in 2007, Google Earth images of British military bases were found in the homes of Iraqi insurgents. Incidents such as these have led many governments to demand that Google remove or blur images of sensitive locations: military bases, nuclear reactors, government buildings, and so on. An Indian court has been asked to ban Google Earth entirely.

This isn’t the only way our information technology helps terrorists. Last year, a US army intelligence report worried that terrorists could plan their attacks using Twitter, and there are unconfirmed reports that the Mumbai terrorists read the Twitter feeds about their attacks to get real-time information they could use. British intelligence is worried that terrorists might use voice over IP services such as Skype to communicate. Terrorists may train on Second Life and World of Warcraft. We already know they use websites to spread their message and possibly even to recruit.

Of course, all of this is exacerbated by open-wireless access, which has been repeatedly labelled a terrorist tool and which has been the object of attempted bans.

Mobile phone networks help terrorists, too. The Mumbai terrorists used them to communicate with each other. This has led some cities, including New York and London, to propose turning off mobile phone coverage in the event of a terrorist attack.

Let’s all stop and take a deep breath. By its very nature, communications infrastructure is general. It can be used to plan both legal and illegal activities, and it’s generally impossible to tell which is which. When I send and receive email, it looks exactly the same as a terrorist doing the same thing. To the mobile phone network, a call from one terrorist to another looks exactly the same as a mobile phone call from one victim to another. Any attempt to ban or limit infrastructure affects everybody. If India bans Google Earth, a future terrorist won’t be able to use it to plan; nor will anybody else. Open Wi-Fi networks are useful for many reasons, the large majority of them positive, and closing them down affects all those reasons. Terrorist attacks are very rare, and it is almost always a bad trade-off to deny society the benefits of a communications technology just because the bad guys might use it too.

Communications infrastructure is especially valuable during a terrorist attack. Twitter was the best way for people to get real-time information about the attacks in Mumbai. If the Indian government shut Twitter down – or London blocked mobile phone coverage – during a terrorist attack, the lack of communications for everyone, not just the terrorists, would increase the level of terror and could even increase the body count. Information lessens fear and makes people safer.

None of this is new. Criminals have used telephones and mobile phones since they were invented. Drug smugglers use airplanes and boats, radios and satellite phones. Bank robbers have long used cars and motorcycles as getaway vehicles, and horses before then. I haven’t seen it talked about yet, but the Mumbai terrorists used boats as well. They also wore boots. They ate lunch at restaurants, drank bottled water, and breathed the air. Society survives all of this because the good uses of infrastructure far outweigh the bad uses, even though the good uses are – by and large – small and pedestrian and the bad uses are rare and spectacular. And while terrorism turns society’s very infrastructure against itself, we only harm ourselves by dismantling that infrastructure in response – just as we would if we banned cars because bank robbers used them too.

This essay originally appeared in The Guardian.

EDITED TO ADD (1/29): Other ways we help the terrorists: we put computers in our libraries, we allow anonymous chat rooms, we permit commercial databases and we engage in biomedical research. Grocery stores, too, sell food to just anyone who walks in.

EDITED TO ADD (2/3): Washington DC wants to jam cell phones too.

EDITED TO ADD (2/9): Another thing that will help the terrorists: in-flight Internet.

Posted on January 29, 2009 at 6:00 AMView Comments

Two Security Camera Studies

From San Francisco:

San Francisco’s Community Safety Camera Program was launched in late 2005 with the dual goals of fighting crime and providing police investigators with a retroactive investigatory tool. The program placed more than 70 non-monitored cameras in mainly high-crime areas throughout the city. This report released today (January 9, 2009) consists of a multi-disciplinary collaboration examining the program’s technical aspects, management and goals, and policy components, as well as a quasi-experimental statistical evaluation of crime reports in order to provide a comprehensive evaluation of the program’s effectiveness. The results find that while the program did result in a 20% reduction in property crime within the view of the cameras, other forms of crime were not affected, including violent crime, one of the primary targets of the program.

From the UK:

The first study of its kind into the effectiveness of surveillance cameras revealed that almost every Scotland Yard murder inquiry uses their footage as evidence.

In 90 murder cases over a one year period, CCTV was used in 86 investigations, and senior officers said it helped to solve 65 cases by capturing the murder itself on film, or tracking the movements of the suspects before or after an attack.

In a third of the cases a good quality still image was taken from the footage from which witnesses identified the killer.

My own writing on security cameras is here. The question isn’t whether they’re useful or not, but whether their benefits are worth the costs.

Posted on January 13, 2009 at 6:58 AMView Comments

Impersonation

Impersonation isn’t new. In 1556, a Frenchman was executed for impersonating Martin Guerre and this week hackers impersonated Barack Obama on Twitter. It’s not even unique to humans: mockingbirds, Viceroy butterflies, and the mimic octopus all use impersonation as a survival strategy. For people, detecting impersonation is a hard problem for three reasons: we need to verify the identity of people we don’t know, we interact with people through “narrow” communications channels like the telephone and Internet, and we want computerized systems to do the verification for us.

Traditional impersonation involves people fooling people. It’s still done today: impersonating garbage men to collect tips, impersonating parking lot attendants to collect fees, or impersonating the French president to fool Sarah Palin. Impersonating people like policemen, security guards, and meter readers is a common criminal tactic.

These tricks work because we all regularly interact with people we don’t know. No one could successfully impersonate your brother, your best friend, or your boss, because you know them intimately. But a policeman or a parking lot attendant? That’s just someone with a badge or a uniform. But badges and ID cards only help if you know how to verify one. Do you know what a valid police ID looks like? Or how to tell a real telephone repairman’s badge from a forged one?

Still, it’s human nature to trust these credentials. We naturally trust uniforms, even though we know that anyone can wear one. When we visit a Web site, we use the professionalism of the page to judge whether or not it’s really legitimate—never mind that anyone can cut and paste graphics. Watch the next time someone other than law enforcement verifies your ID; most people barely look at it.

Impersonation is even easier over limited communications channels. On the telephone, how can you distinguish someone working at your credit card company from someone trying to steal your account details and login information? On e-mail, how can you distinguish someone from your company’s tech support from a hacker trying to break into your network—or the mayor of Paris from an impersonator? Once in a while someone frees himself from jail by faxing a forged release order to his warden. This is social engineering: impersonating someone convincingly enough to fool the victim.

These days, a lot of identity verification happens with computers. Computers are fast at computation but not very good at judgment, and can be tricked. So people can fool speed cameras by taping a fake license plate over the real one, fingerprint readers with a piece of tape, or automatic face scanners with—and I’m not making this up—a photograph of a face held in front of their own. Even the most bored policeman wouldn’t fall for any of those tricks.

This is why identity theft is such a big problem today. So much authentication happens online, with only a small amount of information: user ID, password, birth date, Social Security number, and so on. Anyone who gets that information can impersonate you to a computer, which doesn’t know any better.

Despite all of these problems, most authentication systems work most of the time. Even something as ridiculous as faxed signatures work, and can be legally binding. But no authentication system is perfect, and impersonation is always possible.

This lack of perfection is okay, though. Security is a trade-off, and any well-designed authentication system balances security with ease of use, customer acceptance, cost, and so on. More authentication isn’t always better. Banks make this trade-off when they don’t bother authenticating signatures on checks under amounts like $25,000; it’s cheaper to deal with fraud after the fact. Web sites make this trade-off when they use simple passwords instead of something more secure, and merchants make this trade-off when they don’t bother verifying your signature against your credit card. We make this trade-off when we accept police badges, Best Buy uniforms, and faxed signatures with only a cursory amount of verification.

Good authentication systems also balance false positives against false negatives. Impersonation is just one way these systems can fail; they can also fail to authenticate the real person. An ATM is better off allowing occasional fraud than preventing legitimate account holders access to their money. On the other hand, a false positive in a nuclear launch system is much more dangerous; better to not launch the missiles.

Decentralized authentication systems work better than centralized ones. Open your wallet, and you’ll see a variety of physical tokens used to identify you to different people and organizations: your bank, your credit card company, the library, your health club, and your employer, as well as a catch-all driver’s license used to identify you in a variety of circumstances. That assortment is actually more secure than a single centralized identity card: each system must be broken individually, and breaking one doesn’t give the attacker access to everything. This is one of the reasons that centralized systems like REAL-ID make us less secure.

Finally, any good authentication system uses defense in depth. Since no authentication system is perfect, there need to be other security measures in place if authentication fails. That’s why all of a corporation’s assets and information isn’t available to anyone who can bluff his way into the corporate offices. That is why credit card companies have expert systems analyzing suspicious spending patterns. And it’s why identity theft won’t be solved by making personal information harder to steal.

We can reduce the risk of impersonation, but it will always be with us; technology cannot “solve” it in any absolute sense. Like any security, the trick is to balance the trade-offs. Too little security, and criminals withdraw money from all our bank accounts. Too much security and when Barack Obama calls to congratulate you on your reelection, you won’t believe it’s him.

This essay originally appeared in The Wall Street Journal.

Posted on January 9, 2009 at 2:04 PMView Comments

Allocating Resources: Financial Fraud vs. Terrorism

Interesting trade-off:

The FBI has been forced to transfer agents from its counter-terrorism divisions to work on Bernard Madoff’s alleged $50 billion fraud scheme as victims of the biggest scam in the world continue to emerge.

The Freakonomics blog discusses this:

This might lead you to ask an obvious counter-question: Has the anti-terror enforcement since 9/11 in the U.S. helped fuel the financial meltdown? That is, has the diversion of resources, personnel, and mindshare toward preventing future terrorist attacks—including, you’d have to say, the wars in Afghanistan and Iraq—contributed to a sloppy stewardship of the financial industry?

It quotes a New York Times article:

Federal officials are bringing far fewer prosecutions as a result of fraudulent stock schemes than they did eight years ago, according to new data, raising further questions about whether the Bush administration has been too lax in policing Wall Street.

Legal and financial experts say that a loosening of enforcement measures, cutbacks in staffing at the Securities and Exchange Commission, and a shift in resources toward terrorism at the F.B.I. have combined to make the federal government something of a paper tiger in investigating securities crimes.

We’ve seen this problem over and over again when it comes to counterterrorism: in an effort to defend against the rare threats, we make ourselves more vulnerable to the common threats.

Posted on January 9, 2009 at 6:54 AMView Comments

Ed Felten on TSA Behavioral Screening

Good comment:

Now suppose that TSA head Kip Hawley came to you and asked you to submit voluntarily to a pat-down search the next time you travel. And suppose you knew, with complete certainty, that if you agreed to the search, this would magically give the TSA a 0.1% chance of stopping a deadly crime. You’d agree to the search, wouldn’t you? Any reasonable person would accept the search to save (by assumption) at least 0.001 lives. This hypothetical TSA program is reasonable, even though it only has a 0.1% arrest rate. (I’m assuming here that an attack would cost only one life. Attacks that killed more people would justify searches with an even smaller arrest rate.)

So the commentators’ critique is weak—but of course this doesn’t mean the TSA program should be seen as a success. The article says that the arrests the system generates are mostly for drug charges or carrying a false ID. Should a false-ID arrest be considered a success for the system? Certainly we don’t want to condone the use of false ID, but I’d bet most of these people are just trying to save money by flying on a ticket in another person’s name—which hardly makes them Public Enemy Number One. Is it really worth doing hundreds of searches to catch one such person? Are those searches really the best use of TSA screeners’ time? Probably not.

Right. It’s not just about the hit rate. It’s the cost vs. benefit: cost in taxpayer money, passenger time, TSA screener attention, fundamental liberties, etc.

Posted on December 17, 2008 at 6:38 AMView Comments

Jim Harper Responds to My Comments on Fingerprinting Foreigners at the Border

Good comments:

Anyway, turning someone away from the border is a trivial security against terrorism because terrorists are fungible. Turning away a known terrorist merely inconveniences a terrorist group, which just has to recruit someone different. The 9/11 attacks were conducted for the most part by people who had no known record of terrorism and who arrived on visas granted to them by the State Department. Biometric border security would have prevented none of them entering.

(Another option is physical avoidance of the border—crossing into the United States from Canada or Mexico at an uncontrolled part of the border. I know of no instance of this occurring (successfully), but it could. And, most importantly, there’s no cost-effective way to prevent it.)

In summary, border biometrics have some benefit! They are at best a mild inconvenience to terrorists—an inconvenience that the 9/11 attacks mostly anticipated. But that’s not zero benefit! It’s just negligible benefit.

Posted on December 12, 2008 at 6:21 AMView Comments

Mumbai Terrorists Used Google Earth, Boats, Food

The Mumbai terrorists used Google Earth to help plan their attacks. This is bothering some people:

Google Earth has previously come in for criticism in India, including from the country’s former president, A.P.J. Abdul Kalam.

Kalam warned in a 2005 lecture that the easy availability online of detailed maps of countries from services such as Google Earth could be misused by terrorists.

Of course the terrorists used Google Earth. They also used boats, and ate at restaurants. Don’t even get me started about the fact that they breathed air and drank water.

A Google spokeswoman said in an e-mail today that Google Earth’s imagery is available through commercial and public sources. Google Earth has also been used by aid agencies for relief operations, which outweighs abusive uses, she said.

That’s true for all aspects of human infrastructure. Yes, the bad guys use it: bank robbers use cars to get away, drug smugglers use radios to communicate, child pornographers use e-mail. But the good guys use it, too, and the good uses far outweigh the bad uses.

Posted on December 8, 2008 at 2:20 PMView Comments

1 7 8 9 10 11 23

Sidebar photo of Bruce Schneier by Joe MacInnis.