Entries Tagged "homeland security"

Page 26 of 37

Recognizing "Hinky" vs. Citizen Informants

On the subject of people noticing and reporting suspicious actions, I have been espousing two views that some find contradictory. One, we are all safer if police, guards, security screeners, and the like ignore traditional profiling and instead pay attention to people acting hinky: not right. And two, if we encourage people to contact the authorities every time they see something suspicious, we’re going to waste our time chasing false alarms: foreigners whose customs are different, people who are disliked by someone, and so on.

The key difference is expertise. People trained to be alert for something hinky will do much better than any profiler, but people who have no idea what to look for will do no better than random.

Here’s a story that illustrates this: Last week, a student at the Rochester Institute of Technology was arrested with two illegal assault weapons and 320 rounds of ammunition in his dorm room and car:

The discovery of the weapons was made only by chance. A conference center worker who served in the military was walking past Hackenburg’s dorm room. The door was shut, but the worker heard the all-too-familiar racking sound of a weapon, said the center’s director Bill Gunther.

Notice how expertise made the difference. The “conference center worker” had the right knowledge to recognize the sound and to understand that it was out of place in the environment he heard it. He wasn’t primed to be on the lookout for suspicious people and things; his trained awareness kicked in automatically. He recognized hinky, and he acted on that recognition. A random person simply can’t do that; he won’t recognize hinky when he sees it. He’ll report imams for praying, a neighbor he’s pissed at, or people at random. He’ll see an English professor recycling paper, and report a Middle-Eastern-looking man leaving a box on sidewalk.

We all have some experience with this. Each of us has some expertise in some topic, and will occasionally recognize that something is wrong even though we can’t fully explain what or why. An architect might feel that way about a particular structure; an artist might feel that way about a particular painting. I might look at a cryptographic system and intuitively know something is wrong with it, well before I figure out exactly what. Those are all examples of a subliminal recognition that something is hinky—in our particular domain of expertise.

Good security people have the knowledge, skill, and experience to do that in security situations. It’s the difference between a good security person and an amateur.

This is why behavioral assessment profiling is a good idea, while the Terrorist Information and Prevention System (TIPS) isn’t. This is why training truckers to look out for suspicious things on the highways is a good idea, while a vague list of things to watch out for isn’t. It’s why this Israeli driver recognized a passenger as a suicide bomber, while an American driver probably wouldn’t.

This kind of thing isn’t easy to train. (Much has been written about it, though; Malcolm Gladwell’s Blink discusses this in detail.) You can’t learn it from watching a seven-minute video. But the more we focus on this—the more we stop wasting our airport security resources on screeners who confiscate rocks and snow globes, and instead focus them on well-trained screeners walking through the airport looking for hinky—the more secure we will be.

EDITED TO ADD (4/26): Jim Harper makes an important clarification.

Posted on April 26, 2007 at 5:43 AMView Comments

TSA Failures in the News

I’m not sure which is more important—the news or the fact that no one is surprised:

Sources told 9NEWS the Red Team was able to sneak about 90 percent of simulated weapons past checkpoint screeners in Denver. In the baggage area, screeners caught one explosive device that was packed in a suitcase. However later, screeners in the baggage area missed a book bomb, according to sources.

“There’s very little substance to security,” said former Red Team leader Bogdan Dzakovic. “It literally is all window dressing that we’re doing. It’s big theater on TV and when you go to the airport. It’s just security theater.”

Dzakovic was a Red Team leader from 1995 until September 11, 2001. After the terrorist attacks, Dzakovic became a federally protected whistleblower and alleged that thousands of people died needlessly. He testified before the 9/11 Commission and the National Commission on Terrorist Attacks Upon the US that the Red Team “breached security with ridiculous ease up to 90 percent of the time,” and said the FAA “knew how vulnerable aviation security was.”

Dzakovic, who is currently a TSA inspector, said security is no better today.

“It’s worse now. The terrorists can pretty much do what they want when they want to do it,” he said.

Posted on April 2, 2007 at 12:16 PMView Comments

Homeland Security Pork

This article is a perfect illustrating of the wasteful, pork-barrel, political spending that we like to call “homeland security.” And to think we could actually be spending this money on something useful.

When the fire department in the tiny Berkshire hamlet of Cheshire needed a new fire truck, it asked Uncle Sam for a little help.

The response last month was stunning: a $665,962 homeland security grant.

The award was nearly 26 times the annual budget of the volunteer fire department in the town of 3,500. And the rub: The department is not allowed to spend it on a fire truck.

[…]

The town does have the Cheshire Cheese Monument, a sizable concrete sculpture of a cheese press commemorating a 1,450-pound cheese hunk given by town elders to Thomas Jefferson in 1801. But its value as a terrorist target is not readily apparent.

[…]

…Sweet said he might use some of the money to recruit high school students. Or he might put some of the windfall into a marketing campaign to lure volunteers to Cheshire.

“It’ll be on billboards, TVs, and radio stations, and that kind of stuff,” he said. “We’ll have to spend it wisely.”

How many times is this story being repeated across the country? I’m sure the town needs its fire truck, and I hope it gets it. But this is just appalling.

Posted on February 12, 2007 at 6:20 AMView Comments

Schneier on Video: Security Theater Against Movie Plot Threats

On June 10, 2006, I gave a talk at the ACLU New Jersey Membership Conference: “Counterterrorism in America: Security Theater Against Movie-Plot Threats.” Here’s the video.

EDITED TO ADD (2/10): The video is a little over an hour long. You can download the .WMV version directly here. It will play in the cross-platform, GPL VLC media player, but you may need to upgrade to the most recent version (0.8.6).

EDITED TO ADD (2/11): Someone put the video up on Google Video.

Posted on February 9, 2007 at 1:07 PMView Comments

Non-Terrorist Embarrassment in Boston

The story is almost too funny to write about seriously. To advertise the Cartoon Network show “Aqua Teen Hunger Force,” the network put up 38 blinking signs (kind of like Lite Brites) around the Boston area. The Boston police decided—with absolutely no supporting evidence—that these were bombs and shut down parts of the city.

Now the police look stupid, but they’re trying really not hard not to act humiliated:

Governor Deval Patrick told the Associated Press: “It’s a hoax—and it’s not funny.”

Unfortunately, it is funny. What isn’t funny is now the Boston government is trying to prosecute the artist and the network instead of owning up to their own stupidity. The police now claim that they were “hoax” explosive devices. I don’t think you can claim they are hoax explosive devices unless they were intended to look like explosive devices, which merely a cursory look at any of them shows that they weren’t.

But it’s much easier to blame others than to admit that you were wrong:

“It is outrageous, in a post 9/11 world, that a company would use this type of marketing scheme,” Mayor Thomas Menino said. “I am prepared to take any and all legal action against Turner Broadcasting and its affiliates for any and all expenses incurred.”

And:

Rep. Ed Markey, a Boston-area congressman, said, “Whoever thought this up needs to find another job.”

“Scaring an entire region, tying up the T and major roadways, and forcing first responders to spend 12 hours chasing down trinkets instead of terrorists is marketing run amok,” Markey, a Democrat, said in a written statement. “It would be hard to dream up a more appalling publicity stunt.”

And:

“It had a very sinister appearance,” [Massachusetts Attorney General Martha] Coakley told reporters. “It had a battery behind it, and wires.”

For heavens sake, don’t let her inside a Radio Shack.

I like this comment:

They consisted of magnetic signs with blinking lights in the shape of a cartoon character.

And everyone knows that bombs have blinking lights on ‘em. Every single movie bomb you’ve ever seen has a blinking light.

Triumph for Homeland Security, guys.

And this one:

“It’s almost too easy to be a terrorist these days,” said Jennifer Mason, 26. “You stick a box on a corner and you can shut down a city.”

And this one, by one of the artists who installed the signs:

“I find it kind of ridiculous that they’re making these statements on TV that we must not be safe from terrorism, because they were up there for three weeks and no one noticed. It’s pretty commonsensical to look at them and say this is a piece of art and installation,” he said.

Right. If this wasn’t a ridiculous overreaction to a non-existent threat, then how come the devices were in place for weeks without anyone noticing them? What does that say about the Boston police?

Maybe if the Boston police stopped wasting time and money searching bags on subways….

Of the 2,449 inspections between Oct. 10 and Dec. 31, the bags of 27 riders tested positive in the initial screening for explosives, prompting further searches, the Globe found in an analysis of daily inspection reports obtained under the state’s Freedom of Information Act.

In the additional screening, 11 passengers had their bags checked by explosive-sniffing dogs, and 16 underwent a physical search. Nothing was found.

These blinking signs have been up for weeks in ten cities—Boston, New York, Los Angeles, Chicago, Atlanta, Seattle, Portland, Austin, San Francisco, and Philadelphia—and no one else has managed to panic so completely. Refuse to be terrorized, people!

EDITED TO ADD (2/2): Here’s some good information about whether the stunt broke the law or not.

EDITED TO ADD (2/3): This is 100% right:

Let’s get a few facts straight on the Aqua Teen Hunger Force sign fiasco:

1. Attorney General Martha Coakley needs to shut up and stop using the word “hoax.” There was no hoax. Hoax implies Turner Networks and the ATHF people were trying to defraud or confuse people as to what they were doing. Hoax implies they were trying to make their signs look like bombs. They weren’t. They made Lite-Brite signs of a cartoon character giving the finger.

2. It bears repeating again that Turner, and especially Berdovsky, did absolutely nothing illegal. The devices were not bombs. They did not look like bombs. They were all placed in public spaces and caused no obstruction to traffic or commerce. At most, Berdovsky is guilty of littering or illegal flyering.

3. The “devices” were placed in ten cities, and have been there for over two weeks. No other city managed to freak out and commit an entire platoon of police officers to scaring their own city claiming they might be bombs. No other mayor agreed to talk to Fox News with any statement beyond “no comment” when spending the day asking if this was a “terrorist dry run.”

4. There is nothing, not a single thing, remotely suggesting that Turner or the guerilla marketing firm they hired intended to cause a public disturbance. Many have claimed the signs were “like saying ‘fire’ in a crowded theater.” Wrong. This was like taping a picture of a fire to the wall of a theater and someone freaked out and called the fire department.

And this is also worth reading.

EDITED TO ADD (2/6): More info.

Posted on February 1, 2007 at 1:08 PMView Comments

"Clear" Registered Traveller Program

CLEAR, a private service that prescreens travelers for a $100 annual fee, has come to Kennedy International Airport. To benefit from the Clear Registered Traveler program, which is run by Verified Identity Pass, a person must fill out an application, let the service capture his fingerprints and iris pattern and present two forms of identification. If the traveler passes a federal background check, he will be given a card that allows him to pass quickly through airport security.

Sounds great, but it’s actually two ideas rolled into one: one clever and one very stupid.

The clever idea is allowing people to pay for better service. Clear has been in operation at the Orlando International Airport since July 2005, and members have passed through security checkpoints faster simply because they are segregated from less experienced fliers who don’t know the drill.

Now, at Kennedy and other airports, Clear is purchasing and installing federally approved technology that will further speed up the screening process: scanners that will eliminate the need for cardholders to remove their shoes, and explosives detection machines that will eliminate the need for them to remove their coats and jackets. There are also Clear employees at the checkpoints who, although they can’t screen cardholders, can guide members through the security process. Clear has not yet paid airports for an extra security lane or the Transportation Security Administration for extra screening personnel, but both of those enhancements are on the table if enough people sign up.

I fly more than 200,000 miles per year and would gladly pay $100 a year to get through airport security faster.

But the stupid idea is the background check. When first conceived, traveler programs focused on prescreening. Pre-approved travelers would pass through security checkpoints with less screening, and resources would be focused on everyone else. Sounds reasonable, but it would leave us all less safe.

Background checks are based on the dangerous myth that we can somehow pick terrorists out of a crowd if we could identify everyone. Unfortunately, there isn’t any terrorist profile that prescreening can uncover. Timothy McVeigh could probably have gotten one of these cards. So could have Eric Rudolph, the pipe bomber at the 1996 Olympic Games in Atlanta. There isn’t even a good list of known terrorists to check people against; the government list used by the airlines has been the butt of jokes for years.

And have we forgotten how prevalent identity theft is these days? If you think having a criminal impersonating you to your bank is bad, wait until they start impersonating you to the Transportation Security Administration.

The truth is that whenever you create two paths through security—a high-security path and a low-security path—you have to assume that the bad guys will find a way to exploit the low-security path. It may be counterintuitive, but we are all safer if the people chosen for more thorough screening are truly random and not based on an error-filled database or a cursory background check.

I think of Clear as a $100 service that tells terrorists if the F.B.I. is on to them or not. Why in the world would we provide terrorists with this ability?

We don’t have to. Clear cardholders are not scrutinized less when they go through checkpoints, they’re scrutinized more efficiently. So why not get rid of the background checks altogether? We should all be able to walk into the airport, pay $10, and use the Clear lanes when it’s worth it to us.

This essay originally appeared in The New York Times.

I’ve already written about trusted traveller programs, and have also written about Verified Identity Card, Inc., the company that runs Clear. Note that these two essays were from 2004. This is the Clear website, and this is the website for Verified Identity Pass, Inc.

Posted on January 22, 2007 at 7:11 AMView Comments

No-Fly List to Be Scrubbed

After over five years of harassing innocents and not catching any terrorists, the no-fly list is finally being checked for accuracy, and probably cut in half.

Yes, it’s great to see that even the threat of oversight by a Democratic Congress is enough to get these things done, but it’s nowhere near enough.

The no-fly list doesn’t work. And, of course, you can easily bypass it. You can 1) print a boarding pass under an assumed name or buy a ticket under an assumed name, or 2) fly without ID. In fact, the whole notion of checking ID as a security measure is fraught with problems. And the list itself is just awful.

My favorite sound bite:

Imagine a list of suspected terrorists so dangerous that we can’t ever let them fly, yet so innocent that we can’t arrest them – even under the draconian provisions of the Patriot Act.

Even with a better list, it’s a waste of money.

Posted on January 19, 2007 at 7:14 AMView Comments

Do Terrorists Lie?

Terrorists might bomb airplanes, take and kill hostages, and otherwise terrorize innocents. But there’s one thing they just won’t do: lie on government forms. And that’s why the State of Ohio requires certain license (including private pilot licenses) applicants to certify that they’re not terrorists. Because if we can’t lock them up long enough for terrorism, we’ve got the additional charge of lying on a government form to throw at them.

Okay, it’s actually slightly less silly than that. You have to certify that you are not a member of, a funder of, a solicitor for, or a hirer of members of any of these organizations, which someone—presumably the Department of Homeland Security—has decided are terrorist organizations.

The Aircraft Owners and Pilots Association is pissed off, as they should well be.

More security theater.

I assume Ohio isn’t the only state doing this. Does anyone know anything about other states?

EDITED TO ADD (1/18): Here’s a Pennsylvania application or a license to carry firearms that asks: “Is your character and reputation such that you would be likely to act in a manner dangerous to public safety?” I agree that Pennsylvania shouldn’t issue carry permits to people for whom this is true, but I’m not sure that asking them is the best way to find out.

Posted on January 17, 2007 at 7:34 AMView Comments

1 24 25 26 27 28 37

Sidebar photo of Bruce Schneier by Joe MacInnis.