Page 9 of 25
In Europe, although the article doesn’t say where:
Many banks have fitted ATMs with devices that are designed to thwart criminals from attaching skimmers to the machines. But it now appears in some areas that those devices are being successfully removed and then modified for skimming, according to the latest report from the European ATM Security Team (EAST), which collects data on ATM fraud throughout Europe.
Things are happening so fast that I don’t know if I should bother. But here are some links and observations.
The head of the Allied Pilots Association is telling its members to avoid both the full body scanners and the patdowns.
This first-hand report, from a man who refused to fly rather than subject himself to a full-body scan or an enhanced patdown, has been making the rounds. (The TSA is now investigating him.) It reminds me of Penn Jillette’s story from 2002.
A woman has a horrific story of opting-out of the full body scanners. More stories: this one about the TSA patting down a screaming toddler. And here’s Dave Barry’s encounter (also this NPR interview).
Sadly, I agree with this:
It is no accident that women have been complaining about being pulled out of line because of their big breasts, having their bodies commented on by TSA officials, and getting inappropriate touching when selected for pat-downs for nearly 10 years now, but just this week it went viral. It is no accident that CAIR identified Islamic head scarves (hijab) as an automatic trigger for extra screenings in January, but just this week it went viral. What was different?
Suddenly an able-bodied white man is the one who was complaining.
Seems that once you enter airport security, you need to be subjected to it—whether you decide to fly or not.
I experienced the enhanced patdown myself, at DCA, on Tuesday. It was invasive, but not as bad as these stories. It seems clear that TSA agents are inconsistent about these procedures. They’ve probably all had the same training, but individual agents put it into practice very differently.
Of course, airport security is an extra-Constitutional area, so there’s no clear redress mechanism for those subjected to too-intimate patdowns.
This video provides tips to parents flying with young children. Around 2:50 in, the reporter indicates that you can find out if your child has been pre-selected for secondary, and then recommends requesting “de-selection.” That doesn’t make sense.
Neither does this story, which says that the TSA will only touch Muslim women in the head and neck area.
Nor this story. The author convinces people on line to opt-out with him. After the first four opt-outs, the TSA just sent people through the metal detectors.
Yesterday, the TSA administrator John Pistole was grilled by the Senate Commerce, Science, and Transportation Committee on full-body scanners. Rep. Ron Paul introduced a bill to ban them. (His floor speech is here.) I’m one of the plaintiffs in a lawsuit to ban them.
Book for kids: My First Cavity Search. Cover seen at at TSA checkpoint.
T-shirts: one, two, and three and four. “Comply with Me” song parody. Political cartoons: one, two, three, and four. New TSA logo. Best TSA tweets, including “It’s not a grope. It’s a freedom pat.”
Good essay from a libertarian perspective. Two more. Marc Rotenberg’s essay. Ralph Nader’s essay. And the Los Angeles Times really screws up with this editorial: “Shut Up and Be Scanned.” Amitai Etzioni makes a better case for the machines.
Michael Chertoff, former Department of Homeland Security secretary, has been touting the full-body scanners, while at the same time maintaining a financial interest in the company that makes them.
There’s talk about the health risks of the machines, but I can’t believe you won’t get more radiation on the flight. Here’s some data:
A typical dental X-ray exposes the patient to about 2 millirems of radiation. According to one widely cited estimate, exposing each of 10,000 people to one rem (that is, 1,000 millirems) of radiation will likely lead to 8 excess cancer deaths. Using our assumption of linearity, that means that exposure to the 2 millirems of a typical dental X-ray would lead an individual to have an increased risk of dying from cancer of 16 hundred-thousandths of one percent. Given that very small risk, it is easy to see why most rational people would choose to undergo dental X-rays every few years to protect their teeth.
More importantly for our purposes, assuming that the radiation in a backscatter X-ray is about a hundredth the dose of a dental X-ray, we find that a backscatter X-ray increases the odds of dying from cancer by about 16 ten millionths of one percent. That suggests that for every billion passengers screened with backscatter radiation, about 16 will die from cancer as a result.
Given that there will be 600 million airplane passengers per year, that makes the machines deadlier than the terrorists.
Nate Silver on the hidden cost of these new airport security measures.
According to the Cornell study, roughly 130 inconvenienced travelers died every three months as a result of additional traffic fatalities brought on by substituting ground transit for air transit. That’s the equivalent of four fully-loaded Boeing 737s crashing each year.
Jeffrey Goldberg asked me which I would rather see for children: backscatter X-ray or enhanced pat down. After remarking what an icky choice it was, I opted for the X-ray; it’s less traumatic.
Here are a bunch of leaked body scans. They’re not from airports, but they should make you think twice before accepting the TSA’s assurances that the images will never be saved. RateMyBackscatter.com.
November 24 is National Opt Out Day. Doing this just before the Thanksgiving holiday is sure to clog up airports. Jeffrey Goldberg suggests that men wear kilts, commando style if possible.
At least one airport is opting out of the TSA entirely. I hadn’t known you could do that.
The New York Times on the protests.
Common sense from the Netherlands:
The security boss of Amsterdam’s Schiphol Airport is calling for an end to endless investment in new technology to improve airline security.
Marijn Ornstein said: “If you look at all the recent terrorist incidents, the bombs were detected because of human intelligence not because of screening … If even a fraction of what is spent on screening was invested in the intelligence services we would take a real step toward making air travel safer and more pleasant.”
And here’s Rafi Sela, former chief security officer of the Israel Airport Authority:
A leading Israeli airport security expert says the Canadian government has wasted millions of dollars to install “useless” imaging machines at airports across the country.
“I don’t know why everybody is running to buy these expensive and useless machines. I can overcome the body scanners with enough explosives to bring down a Boeing 747,” Rafi Sela told parliamentarians probing the state of aviation safety in Canada.
“That’s why we haven’t put them in our airport,” Sela said, referring to Tel Aviv’s Ben Gurion International Airport, which has some of the toughest security in the world.
They can be fooled by creased clothing. And remember this German video?
I’m quoted in the Los Angeles Times:
Some experts argue the new procedures could make passengers uncomfortable without providing a substantial increase in security. “Security measures that just force the bad guys to change tactics and targets are a waste of money,” said Bruce Schneier, a security expert who works for British Telecom. “It would be better to put that money into investigations and intelligence.”
I’m quoted in The Wall Street Journal twice—once as saying:
“All these machines require you to guess the plot correctly. If you don’t, then they are completely worthless,” said Bruce Schneier, a security expert.
Mr. Schneier and some other experts argue that assembling better intelligence on fliers is the key to making travel safer.
and once as saying:
Security guru Bruce Schneier, a plaintiff in the scanner suit, calls this “magical thinking . . . Descend on what the terrorists happened to do last time, and we’ll all be safe. As if they won’t think of something else.”
In 2005, I wrote:
I’m not impressed with this security trade-off. Yes, backscatter X-ray machines might be able to detect things that conventional screening might miss. But I already think we’re spending too much effort screening airplane passengers at the expense of screening luggage and airport employees…to say nothing of the money we should be spending on non-airport security.
On the other side, these machines are expensive and the technology is incredibly intrusive. I don’t think that people should be subjected to strip searches before they board airplanes. And I believe that most people would be appalled by the prospect of security screeners seeing them naked.
I believe that there will be a groundswell of popular opposition to this idea. Aside from the usual list of pro-privacy and pro-liberty groups, I expect fundamentalist Christian groups to be appalled by this technology. I think we can get a bevy of supermodels to speak out against the invasiveness of the search.
On the other hand, CBS News is reporting that 81% of Americans support full-body scans. Maybe they should only ask flying Americans.
I still stand by this, also from 2005:
Exactly two things have made airline travel safer since 9/11: reinforcement of cockpit doors, and passengers who now know that they may have to fight back. Everything else—Secure Flight and Trusted Traveler included—is security theater. We would all be a lot safer if, instead, we implemented enhanced baggage security—both ensuring that a passenger’s bags don’t fly unless he does, and explosives screening for all baggage—as well as background checks and increased screening for airport employees.
Then we could take all the money we save and apply it to intelligence, investigation and emergency response. These are security measures that pay dividends regardless of what the terrorists are planning next, whether it’s the movie plot threat of the moment, or something entirely different.
And this, written in 2010 after the Underwear Bomber failed:
Finally, we need to be indomitable. The real security failure on Christmas Day was in our reaction. We’re reacting out of fear, wasting money on the story rather than securing ourselves against the threat. Abdulmutallab succeeded in causing terror even though his attack failed.
If we refuse to be terrorized, if we refuse to implement security theater and remember that we can never completely eliminate the risk of terrorism, then the terrorists fail even if their attacks succeed.
See these two essays of mine as well, from the same time.
More resources on the EPIC pages.
What else is going on?
EDITED TO ADD: (11/19): Lots more political cartoons.
Good summary of your legal rights and options from the ACLU. They also have a form you can fill out and send to your Congresscritter.
This has to win for DHS Quote of the Year, from Secretary Janet Napolitano on the issue:
I really want to say, look, let’s be realistic and use our common sense.
The TSA doesn’t train its screeners very well. A response to a letter-writer from Sen. Coburn. From Slate: "Does the TSA Ever Catch Terrorists?" A pilot’s story. The screeners’ point of view. Good essay from the National Post.
Fun with the Playmobil airline security screening playset.
Meg McLain, whose horrific story I linked to above, lied. Here’s an interview with her.
EDITED TO ADD (11/20): I was interviewed by Popular Mechanics.
Woman forced to remove prosthetic breast. TSO officer caught saying “heads up, got a cutie for you” into his headset to the other officers. Complication news video of TSA behavior.
Here’s an alert you can hand out to passengers at security checkpoints where there are backscatter machines.
EDITED TO ADD (11/21): Me in an Associated Press piece on the anti-TSA backlash:
“After 9/11 people were scared and when people are scared they’ll do anything for someone who will make them less scared,” said Bruce Schneier, a Minneapolis security technology expert who has long been critical of the TSA. “But … this is particularly invasive. It’s strip-searching. It’s body groping. As abhorrent goes, this pegs it.”
President Obama comments:
“I understand people’s frustrations, and what I’ve said to the TSA is that you have to constantly refine and measure whether what we’re doing is the only way to assure the American people’s safety. And you also have to think through are there other ways of doing it that are less intrusive,” Obama said.
“But at this point, TSA in consultation with counterterrorism experts have indicated to me that the procedures that they have been putting in place are the only ones right now that they consider to be effective against the kind of threat that we saw in the Christmas Day bombing.”
TSA sendup on Saturday Night Live yesterday.
EDITED TO ADD (11/22): The thing about Muslim women being exempt seems to be based on a misreading of this press release. What they seem to be saying is that if you’re selected because you could have something under your hijab, then they only need to just pat down the area the hijab covers. It’s not a special exemption.
TSA Administrator John Pistole comments:
We are constantly evaluating and adapting our security measures, and as we have said from the beginning, we are seeking to strike the right balance between privacy and security. In all such security programs, especially those that are applied nation-wide, there is a continual process of refinement and adjustment to ensure that best practices are applied and that feedback and comment from the traveling public is taken into account.
EDITED TO ADD (11/23): Fantastic infographic. Excellent poster image. This, too. And another political cartoon.
Yesterday I participated in a New York Times “Room for Debate” discussion on airline security. My contribution is nothing I haven’t said before, so I won’t reprint it here. The other participants are worth reading too.
More from Nate Silver, on public opinion and the likely TSA reaction:
It is perhaps foolish to predict how the T.S.A. will respond this time—when they have relaxed rules in the past, they have done so quietly, rather than in response to some acute public backlash. But caution aside, I would be surprised if the new procedures survived much past the New Year without significant modification.
CNN’s advice to the public.
Things are definitely strained out there:
Through a statement released by his attorney Sunday night, Wolanyk said “TSA needs to see that I’m not carrying any weapons, explosives, or other prohibited substances, I refuse to have images of my naked body viewed by perfect strangers, and having been felt up for the first time by TSA the week prior (I travel frequently) I was not willing to be molested again.”
Wolanyk’s attorney said that TSA requested his client put his clothes on so he could be patted down properly but his client refused to put his clothes back on. He never refused a pat down, according to his attorney. Wolanyk was arrested for refusing to complete the security process.
From the same article:
A woman, identified by Harbor police as Danielle Kelli Hayman,39, of San Diego was detained for recording the incident on a phone.
That’s much more worrying.
Interview with Brian Michael Jenkins, a senior advisor at the RAND Corp. and a former member of the White House Commission on Aviation Safety and Security.
Here’s someone who managed to avoid both the full-body scanners and the enhanced pat down. It took him two and a half hours. And here someone who got patted down, and managed to sneak two razor blades through security anyway.
How the TSA will deal with people with disabilities. How the pat downs affect survivors of sexual assault. (Read also the comments here.) Juan Cole on how airport security has shifted from looking for people with guns and traditional bombs to looking for people with PETN. And TSA-proof underwear.
EDITED TO ADD (11/24): Information on the health risks of the backscatter machines. And here’s a woman who stripped down to her underwear before going through airport security. This comes from a perspective I generally don’t buy, but it’s hard to dismiss his writing. I don’t think it’s a conspiracy, but I do think it’s a trend. “This Modern World” has a comic on the topic. Slate on the lack of guidelines. Why the TSA should be privatized.
EDITED TO ADD (11/25): I was on Keith Olbermann last night.
Good article on security options for the Washington Monument:
Unfortunately, the bureaucratic gears are already grinding, and what will be presented to the public Monday doesn’t include important options, including what became known as the “tunnel” in previous discussions of the issue. Nor does it include the choice of more minimal visitor screening—simple wanding or visual bag inspection—that might not require costly and intrusive changes to the structure. The choice to accept risk isn’t on the table, either. Finally, and although it might seem paradoxical given how important resisting security authoritarianism is to preserving the symbolism of freedom, it doesn’t take seriously the idea that perhaps the monument’s interior should be closed altogether—a small concession that might have collateral benefits.
[…]
Closing the interior of the monument, the construction of which was suspended during the Civil War, would remind the public of the effect that fears engendered by the current war on terrorism have had on public space. Closing it as a symbolic act might initiate an overdue discussion about the loss of even more important public spaces, including the front entrance of the Supreme Court and the west terrace of the Capitol. It would be a dramatic reminder of the choices we as a nation have made, and perhaps an inspiration to change our ways in favor of a more open, risk-tolerant society that understands public space always has some element of danger.
EDITED TO ADD (11/15): More information on the decision process.
Internet Eyes is a U.K. startup designed to crowdsource digital surveillance. People pay a small fee to become a “Viewer.” Once they do, they can log onto the site and view live anonymous feeds from surveillance cameras at retail stores. If they notice someone shoplifting, they can alert the store owner. Viewers get rated on their ability to differentiate real shoplifting from false alarms, can win 1000 pounds if they detect the most shoplifting in some time interval, and otherwise get paid a wage that most likely won’t cover their initial fee.
Although the system has some nod towards privacy, groups like Privacy International oppose the system for fostering a culture of citizen spies. More fundamentally, though, I don’t think the system will work. Internet Eyes is primarily relying on voyeurism to compensate its Viewers. But most of what goes on in a retail store is incredibly boring. Some of it is actually voyeuristic, and very little of it is criminal. The incentives just aren’t there for Viewers to do more than peek, and there’s no obvious way to discouraging them from siding with the shoplifter and just watch the scenario unfold.
This isn’t the first time groups have tried to crowdsource surveillance camera monitoring. Texas’s Virtual Border Patrol tried the same thing: deputizing the general public to monitor the Texas-Mexico border. It ran out of money last year, and was widely criticized as a joke.
This system suffered the same problems as Internet Eyes—not enough incentive to do a good job, boredom because crime is the rare exception—as well as the fact that false alarms were very expensive to deal with.
Both of these systems remind me of the one time this idea was conceptualized correctly. Invented in 2003 by my friend and colleague Jay Walker, US HomeGuard also tried to crowdsource surveillance camera monitoring. But this system focused on one very specific security concern: people in no-mans areas. These are areas between fences at nuclear power plants or oil refineries, border zones, areas around dams and reservoirs, and so on: areas where there should never be anyone.
The idea is that people would register to become “spotters.” They would get paid a decent wage (that and patriotism was the incentive), receive a stream of still photos, and be asked a very simple question: “Is there a person or a vehicle in this picture?” If a spotter clicked “yes,” the photo—and the camera—would be referred to whatever professional response the camera owner had set up.
HomeGuard would monitor the monitors in two ways. One, by sending stored, known, photos to people regularly to verify that they were paying attention. And two, by sending live photos to multiple spotters and correlating the results, to many more monitors if a spotter claimed to have spotted a person or vehicle.
Just knowing that there’s a person or a vehicle in a no-mans area is only the first step in a useful response, and HomeGuard envisioned a bunch of enhancements to the rest of that system. Flagged photos could be sent to the digital phones of patrolling guards, cameras could be controlled remotely by those guards, and speakers in the cameras could issue warnings. Remote citizen spotters were only useful for that first step, looking for a person or a vehicle in a photo that shouldn’t contain any. Only real guards at the site itself could tell an intruder from the occasional maintenance person.
Of course the system isn’t perfect. A would-be infiltrator could sneak past the spotters by holding a bush in front of him, or disguising himself as a vending machine. But it does fill in a gap in what fully automated systems can do, at least until image processing and artificial intelligence get significantly better.
HomeGuard never got off the ground. There was never any good data about whether spotters were more effective than motion sensors as a first level of defense. But more importantly, Walker says that the politics surrounding homeland security money post-9/11 was just too great to penetrate, and that as an outsider he couldn’t get his ideas heard. Today, probably, the patriotic fervor that gripped so many people post-9/11 has dampened, and he’d probably have to pay his spotters more than he envisioned seven years ago. Still, I thought it was a clever idea then and I still think it’s a clever idea—and it’s an example of how to do surveillance crowdsourcing correctly.
Making the system more general runs into all sorts of problems. An amateur can spot a person or vehicle pretty easily, but is much harder pressed to notice a shoplifter. The privacy implications of showing random people pictures of no-mans lands is minimal, while a busy store is another matter—stores have enough individuality to be identifiable, as do people. Public photo tagging will even allow the process to be automated. And, of course, the normalization of a spy-on-your-neighbor surveillance society where it’s perfectly reasonable to watch each other on cameras just in case one of us does something wrong.
This essay first appeared in ThreatPost.
The burglars broke into their latest store near Paris and drilled a hole in the “pneumatic tube” that siphons money from the checkout to the strong-room.
They then sucked rolls of cash totalling £60,000 from the safe without even having to break its lock.
I like attacks that bypass the defender’s threat model.
In seconds.
Garage doors with automatic openers have always seemed like a lot of security theater to me.
From the Freakonomics blog:
At some point, the Club was mentioned. The professional thieves laughed and exchanged knowing glances. What we knew was that the Club is a hardened steel device that attaches to the steering wheel and the brake pedal to prevent steering and/or braking. What we found out was that a pro thief would carry a short piece of a hacksaw blade to cut through the plastic steering wheel in a couple seconds. They were then able to release The Club and use it to apply a huge amount of torque to the steering wheel and break the lock on the steering column (which most cars were already equipped with). The pro thieves actually sought out cars with The Club on them because they didn’t want to carry a long pry bar that was too hard to conceal.
The Canadian government disclosed Tuesday that the total price tag to police the elite Group of Eight meeting in Muskoka, as well as the bigger-tent Group of 20 summit starting a day later in downtown Toronto, has already climbed to more than $833-million. It said it’s preparing to spend up to $930-million for the three days of meetings that start June 25.
That price tag is more than 20 times the total reported cost for the April, 2009, G20 summit in Britain, with the government estimating a cost of $30-million, and seems much higher than security costs at previous summits the Gleneagles G8 summit in Scotland, 2005, was reported to have spent $110-million on security, while the estimate for the 2008 G8 gathering in Japan was $381-million.
These numbers are crazy. There simply isn’t any justification for this kind of spending.
By comparison, the estimated total cost of security for the 17-day 2010 Winter Olympics in Vancouver was just over $898-million.
Think of all the actual security you can buy for that money.
EDITED TO ADD (6/12): Two links detailing how the money was probably spent. Pittsburgh’s cost, less than a year before, was estimated at $18 million.
EDITED TO ADD (6/28): The total seems to be $1.2B. I haven’t found any breakdown of the spending that differentiates between operational costs and capital improvements. If, for example, the Toronto police all got new radios out of this budget, those radios will continue to provide benefits for the city of Toronto long after the summit. On the other hand, money spent on extra security guards for the week provides no ongoing benefit.
My best quote to the media: “If it really costs this much to secure a meeting of the world’s leaders, maybe they should try video conferencing.”
Cool idea, or dumb idea?
Its features include:
- Fingerprint access only
- Bluetooth enabled for notification alerts—automated notification via bluetooth if your wallet strays more than 10 feet from your body
- Protected against RFID electronic theft—the case shields all contents from RFID scanners
On the New York Times Room for Debate Blog, I—along with several other people—was asked about how to prevent terrorist attacks in crowded areas. This is my response.
In the wake of Saturday’s failed Times Square car bombing, it’s natural to ask how we can prevent this sort of thing from happening again. The answer is stop focusing on the specifics of what actually happened, and instead think about the threat in general.
Think about the security measures commonly proposed. Cameras won’t help. They don’t prevent terrorist attacks, and their forensic value after the fact is minimal. In the Times Square case, surely there’s enough other evidence—the car’s identification number, the auto body shop the stolen license plates came from, the name of the fertilizer store—to identify the guy. We will almost certainly not need the camera footage. The images released so far, like the images in so many other terrorist attacks, may make for exciting television, but their value to law enforcement officers is limited.
Check points won’t help, either. You can’t check everybody and everything. There are too many people to check, and too many train stations, buses, theaters, department stores and other places where people congregate. Patrolling guards, bomb-sniffing dogs, chemical and biological weapons detectors: they all suffer from similar problems. In general, focusing on specific tactics or defending specific targets doesn’t make sense. They’re inflexible; possibly effective if you guess the plot correctly, but completely ineffective if you don’t. At best, the countermeasures just force the terrorists to make minor changes in their tactic and target.
It’s much smarter to spend our limited counterterrorism resources on measures that don’t focus on the specific. It’s more efficient to spend money on investigating and stopping terrorist attacks before they happen, and responding effectively to any that occur. This approach works because it’s flexible and adaptive; it’s effective regardless of what the bad guys are planning for next time.
After the Christmas Day airplane bombing attempt, I was asked how we can better protect our airplanes from terrorist attacks. I pointed out that the event was a security success—the plane landed safely, nobody was hurt, a terrorist was in custody—and that the next attack would probably have nothing to do with explosive underwear. After the Moscow subway bombing, I wrote that overly specific security countermeasures like subway cameras and sensors were a waste of money.
Now we have a failed car bombing in Times Square. We can’t protect against the next imagined movie-plot threat. Isn’t it time to recognize that the bad guys are flexible and adaptive, and that we need the same quality in our countermeasures?
I know, nothing I haven’t said many times before.
Steven Simon likes cameras, although his arguments are more movie-plot than real. Michael Black, Noah Shachtman, Michael Tarr, and Jeffrey Rosen all write about the limitations of security cameras. Paul Ekman wants more people. And Richard Clarke has a nice essay about how we shouldn’t panic.
Sidebar photo of Bruce Schneier by Joe MacInnis.
