Entries Tagged "homeland security"

Page 29 of 37

Screening People with Clearances

Why should we waste time at airport security, screening people with U.S. government security clearances? This perfectly reasonable question was asked recently by Robert Poole, director of transportation studies at The Reason Foundation, as he and I were interviewed by WOSU Radio in Ohio.

Poole argued that people with government security clearances, people who are entrusted with U.S. national security secrets, are trusted enough to be allowed through airport security with only a cursory screening. They’ve already gone through background checks, he said, and it would be more efficient to concentrate screening resources on everyone else.

To someone not steeped in security, it makes perfect sense. But it’s a terrible idea, and understanding why teaches us some important security lessons.

The first lesson is that security is a system. Identifying someone’s security clearance is a complicated process. People with clearances don’t have special ID cards, and they can’t just walk into any secured facility. A clearance is held by a particular organization—usually the organization the person works for—and is transferred by a classified message to other organizations when that person travels on official business.

Airport security checkpoints are not set up to receive these clearance messages, so some other system would have to be developed.

Of course, it makes no sense for the cleared person to have his office send a message to every airport he’s visiting, at the time of travel. Far easier is to have a centralized database of people who are cleared. But now you have to build this database. And secure it. And ensure that it’s kept up to date.

Or maybe we can create a new type of ID card: one that identifies people with security clearances. But that also requires a backend database and a card that can’t be forged. And clearances can be revoked at any time, so there needs to be some way of invalidating cards automatically and remotely.

Whatever you do, you need to implement a new set of security procedures at airport security checkpoints to deal with these people. The procedures need to be good enough that people can’t spoof it. Screeners need to be trained. The system needs to be tested.

What starts out as a simple idea—don’t waste time searching people with government security clearances—rapidly becomes a complicated security system with all sorts of new vulnerabilities.

The second lesson is that security is a trade-off. We don’t have infinite dollars to spend on security. We need to choose where to spend our money, and we’re best off if we spend it in ways that give us the most security for our dollar.

Given that very few Americans have security clearances, and that speeding them through security wouldn’t make much of a difference to anyone else standing in line, wouldn’t it be smarter to spend the money elsewhere? Even if you’re just making trade-offs about airport security checkpoints, I would rather take the hundreds of millions of dollars this kind of system could cost and spend it on more security screeners and better training for existing security screeners. We could both speed up the lines and make them more effective.

The third lesson is that security decisions are often based on subjective agenda. My guess is that Poole has a security clearance—he was a member of the Bush-Cheney transition team in 2000—and is annoyed that he is being subjected to the same screening procedures as the other (clearly less trusted) people he is forced to stand in line with. From his perspective, not screening people like him is obvious. But objectively it’s not.

This issue is no different than searching airplane pilots, something that regularly elicits howls of laughter among amateur security watchers. What they don’t realize is that the issue is not whether we should trust pilots, airplane maintenance technicians or people with clearances. The issue is whether we should trust people who are dressed as pilots, wear airplane-maintenance-tech IDs or claim to have clearances.

We have two choices: Either build an infrastructure to verify their claims, or assume that they’re false. And with apologies to pilots, maintenance techs and people with clearances, it’s cheaper, easier and more secure to search you all.

This is my twenty-eighth essay for Wired.com.

Posted on October 5, 2006 at 8:27 AMView Comments

The Onion on TSA's Liquid Ban

“New Air-Travel Guidelines”:

Elaine Siegel, Sales Representative
“Thank God. I don’t think I’d be able to make one more flight from New York to Chicago with a mouthful of shampoo.”

Alex Hunter, Surveyor
“The ban was a necessary precaution. We have to be willing to make these kinds of sacrifices if we’re going to prevent scientifically impossible terrorist attacks.”

Ed Johansen, Systems Analyst
“By giving passengers renewed access to these gels, lotions, and shampoos, we run the risk of creating a very dangerous and highly evasive super-slippery terrorist able to avoid all manners of restraint.”

Posted on October 1, 2006 at 9:41 AMView Comments

Bomb or Not?

Can you identify the bombs?

In related news, here’s a guy who makes it through security with a live vibrator in his pants.

There’s also a funny video on Dutch TV. A screener scans a passenger’s bag, putting aside several obvious bags of cocaine to warn him about a very tiny nail file.

Here’s where to buy stuff seized at Boston’s Logan Airport. I also read somewhere that some stuff ends up on eBay.

And finally,Quinn Norton said: “I think someone should try to blow up a plane with a piece of ID, just to watch the TSA’s mind implode.”

Posted on September 6, 2006 at 1:48 PMView Comments

Antiterrorism Expert Claims to Have Smuggled Bomb onto Airplane Twice

I don’t know how much of this to believe.

A man wearing a jacket and carrying a bag was able to sneak a bomb onto a flight from Manila to Davao City last month at the height of the nationwide security alert after Britain uncovered a plot to blow up transatlantic planes.

The man pulled off the same stunt on the return flight to Manila.

Had he detonated the bomb, he would have turned the commercial plane into a fireball and killed himself, the crew and hundreds of other passengers.

The man turned out to be a civilian antiterrorism expert tapped by a government official to test security measures at Philippine airports after British police foiled a plan to blow up US-bound planes in midair using liquid explosives.

In particular, if he actually built a working bomb in an airplane lavatory, he’s an idiot. Yes, C4 is stable, but playing with live electrical detonators near high-power radios is just stupid. On the other hand, bringing everything through security and onto the plane is perfectly plausible. Security is so focused on catching people with lipstick and shampoo that they’re ignoring actual threats.

EDITED TO ADD (9/3): More news.

EDITED TO ADD (9/8): The “expert” is Samson Macariola, and he has recanted.

Posted on September 1, 2006 at 12:41 PMView Comments

Details on the British Terrorist Arrest

Details are emerging:

  • There was some serious cash flow from someone, presumably someone abroad.
  • There was no imminent threat.
  • However, the threat was real. And it seems pretty clear that it would have bypassed all existing airport security systems.
  • The conspirators were radicalized by the war in Iraq, although it is impossible to say whether they would have been otherwise radicalized without it.
  • They were caught through police work, not through any broad surveillance, and were under surveillance for more than a year.

What pisses me off most is the second item. By arresting the conspirators early, the police squandered the chance to learn more about the network and arrest more of them—and to present a less flimsy case. There have been many news reports detailing how the U.S. pressured the UK government to make the arrests sooner, possibly out of political motivations. (And then Scotland Yard got annoyed at the U.S. leaking plot details to the press, hampering their case.)

My initial comments on the arrest are here. I still think that all of the new airline security measures are an overreaction (This essay makes the same point, as well as describing a 1995 terrorist plot that was remarkably similar in both materials and modus operandi—and didn’t result in a complete ban on liquids.)

As I said on a radio interview a couple of weeks ago: “We ban guns and knives, and the terrorists use box cutters. We ban box cutters and corkscrews, and they hide explosives in their shoes. We screen shoes, and the terrorists use liquids. We ban liquids, and the terrorist will use something else. It’s not a fair game, because the terrorists get to see our security measures before they plan their attack.” And it’s not a game we can win. So let’s stop playing, and play a game we actually can win. The real lesson of the London arrests is that investigation and intelligence work.

EDITED TO ADD (8/29): Seems this URL is unavailable in the U.K. See the comments for ways to bypass the block.

Posted on August 29, 2006 at 7:20 AMView Comments

Behavioral Profiling

I’ve long been a fan of behavioral profiling, as opposed to racial profiling. The U.S. has been testing such a program. While there are legitimate fears that this could end up being racial profiling in disguise, I think this kind of thing is the right idea. (Although I am less impressed with this kind of thing.)

EDITED TO ADD (8/18): Funny cartoon on profiling.

There’s a moral here. Profiling is something we all do, and we do it because—for the most part—it works. But when you’re dealing with an intelligent adversary, as opposed to the cat, you invite that adversary to deliberately try to subvert your profiling system. The effectiveness of any profiling system is directly related to how likely it will be subverted.

Posted on August 18, 2006 at 1:21 PMView Comments

1 27 28 29 30 31 37

Sidebar photo of Bruce Schneier by Joe MacInnis.