Entries Tagged "psychology of security"

Page 15 of 26

How Smart are Islamic Terrorists?

Organizational Learning and Islamic Militancy (May 2009) was written by Michael Kenney for the U.S. Department of Justice. It’s long: 146 pages. From the executive summary:

Organizational Learning and Islamic Militancy contains significant findings for counter-terrorism research and policy. Unlike existing studies, this report suggests that the relevant distinction in knowledge learned by terrorists is not between tacit and explicit knowledge, but metis and techne. Focusing on the latter sheds new insight into how terrorists acquire the experiential “know how” they need to perform their activities as opposed to abstract “know what” contained in technical bomb-making preparations. Drawing on interviews with bomb-making experts and government intelligence officials, the PI illustrates the critical difference between learning terrorism skills such as bomb-making and weapons firing by abstraction rather than by doing. Only the latter provides militants with the experiential, intuitive knowledge, in other words the metis, they need to actually build bombs, fire weapons, survey potential targets, and perform other terrorism-related activities. In making this case, the PI debunks current misconceptions regarding the Internet’s perceived role as a source of terrorism knowledge.

Another major research finding of this study is that while some Islamic militants learn, they do not learn particularly well. Much terrorism learning involves fairly routine adaptations in communications practices and targeting tactics, what organization theorists call single-loop learning or adaptation. Less common among militants are consequential changes in beliefs and values that underlie collection action or even changes in organizational goals and strategies. Even when it comes to single-loop learning, Islamic militants face significant impediments. Many terrorist conspiracies are compartmented, which makes learning difficult by impeding the free flow of information between different parts of the enterprise. Other, non-compartmented conspiracies are hindered from learning because the same people that survey targets and build bombs also carry out the attacks. Still other operations, including relatively successful ones like the Madrid bombings in 2004, are characterized by such sloppy tradecraft that investigators piece together the conspiracy quickly, preventing additional attacks and limiting militants’ ability to learn from experience.

Indeed, one of the most significant findings to emerge from this research regards the poor tradecraft and operational mistakes repeatedly committed by Islamic terrorists. Even the most “successful” operations in recent years—9/11, 3/11, and 7/7—contained basic errors in tradecraft and execution. The perpetrators that carried out these attacks were determined, adaptable (if only in a limited, tactical sense)—and surprisingly careless. The PI extracts insights from his informants that help account for terrorists’ poor tradecraft: metis in guerrilla warfare that does not translate well to urban terrorism, the difficulty of acquiring mission-critical experience when the attack or counter-terrorism response kills the perpetrators, a hostile counter-terrorism environment that makes it hard to plan and coordinate attacks or develop adequate training facilities, and perpetrators’ conviction that they don’t need to be too careful when carrying out attacks because their fate has been predetermined by Allah. The PI concludes this report by discussing some of the policy implications of these findings, suggesting that the real threat from Islamic militancy comes less from hyper-sophisticated “super terrorists” than from steadfast militants whose own dedication to the cause may undermine the cunning intelligence and fluid adaptability they need to survive.

Posted on November 18, 2009 at 1:45 PMView Comments

A Useful Side-Effect of Misplaced Fear

A study in the British Journal of Criminology makes the point that drink-spiking date-raping is basically an urban legend:

Abstract. There is a stark contrast between heightened perceptions of risk associated with drug-facilitated sexual assault (DFSA) and a lack of evidence that this is a widespread threat. Through surveys and interviews with university students in the United Kingdom and United States, we explore knowledge and beliefs about drink-spiking and the linked threat of sexual assault. University students in both locations are not only widely sensitized to the issue, but substantial segments claim first- or second-hand experience of particular incidents. We explore students’ understanding of the DFSA threat in relationship to their attitudes concerning alcohol, binge-drinking, and responsibility for personal safety. We suggest that the drink-spiking narrative has a functional appeal in relation to the contemporary experience of young women’s public drinking.

In an article on the study in The Telegraph, the authors said:

Among young people, drink spiking stories have attractive features that could “help explain” their disproportionate loss of control after drinking alcohol, the study found.

Dr Burgess said: “Our findings suggest guarding against drink spiking has also become a way for women to negotiate how to watch out for each other in an environment where they might well lose control from alcohol consumption.”

[…]

“As Dr Burgess observes, it is not scientific evidence which keeps the drug rape myth alive but the fact that it serves so many useful functions.”

Basically, the hypothesis is that perpetuating the fear of drug-rape allows parents and friends to warn young women off excessive drinking without criticizing their personal choices. The fake bogeyman lets people avoid talking about the real issues.

Posted on November 17, 2009 at 5:58 AMView Comments

Public Reactions to Terrorist Threats

Interesting research:

For the last five years we have researched the connection between times of terrorist threats and public opinion. In a series of tightly designed experiments, we expose subsets of research participants to a news story not unlike the type that aired last week. We argue that attitudes, evaluations, and behaviors change in at least three politically-relevant ways when terror threat is more prominent in the news. Some of these transformations are in accord with conventional wisdom concerning how we might expect the public to react. Others are more surprising, and more disconcerting in their implications for the quality of democracy.

One way that public opinion shifts is toward increased expressions of distrust. In some ways this strategy has been actively promoted by our political leaders. The Bush administration repeatedly reminded the public to keep eyes and ears open to help identify dangerous persons. A strategy of vigilance has also been endorsed by the new secretary of Homeland Security, Janet Napolitano.

Nonetheless, the breadth of increased distrust that the public puts into practice is striking. Individuals threatened by terrorism become less trusting of others, even their own neighbors. Other studies have shown that they become less supportive of the rights of Arab and Muslim Americans. In addition, we found that such effects extend to immigrants and, as well, to a group entirely remote from the subject of terrorism: gay Americans. The specter of terrorist threat creates ruptures in our social fabric, some of which may be justified as necessary tactics in the fight against terrorism and others that simply cannot.

Another way public opinion shifts under a terrorist threat is toward inflated evaluations of certain leaders. To look for strong leadership makes sense: crises should impel us toward leadership bold enough to confront the threat and strong enough to protect us from it. But the public does more than call for heroes in times of crisis. It projects leadership qualities onto political figures, with serious political consequences.

In studies conducted in 2004, we found that individuals threatened by terrorism perceived George W. Bush as more charismatic and stronger than did non-threatened individuals. This projection of leadership had important consequences for voting decisions. Individuals threatened by terrorism were more likely to base voting decisions on leadership qualities rather than on their own issue positions or partisanship. You did read that correctly. Threatened individuals responded with elevated evaluations of Bush’s capacity for leadership and then used those inflated evaluations as the primary determinant in their voting decision.

These findings did not just occur among Republicans, but also among Independents and Democrats. All partisan groups who perceived Bush as more charismatic were also less willing to blame him for policy failures such as faulty intelligence that led to the war in Iraq.

[…]

A third way public opinion shifts in response to terrorism is toward greater preferences for policies that protect the homeland, even at the expense of civil liberties, and active engagement against terrorists abroad. Such a strategy was advocated and implemented by the Bush administration. Again, however, we found that preferences shifted toward these objectives regardless of one’s partisan stripes and, as well, outside the U.S.

Nothing surprising here. Fear makes people deferential, docile, and distrustful, and both politicians and marketers have learned to take advantage of this.

Jennifer Merolla and Elizabeth Zechmeister have written a book, Democracy at Risk: How Terrorist Threats Affect the Public. I haven’t read it yet.

Posted on November 16, 2009 at 6:39 AMView Comments

Beyond Security Theater

[I was asked to write this essay for the New Internationalist (n. 427, November 2009, pp. 10–13). It’s nothing I haven’t said before, but I’m pleased with how this essay came together.]

Terrorism is rare, far rarer than many people think. It’s rare because very few people want to commit acts of terrorism, and executing a terrorist plot is much harder than television makes it appear. The best defenses against terrorism are largely invisible: investigation, intelligence, and emergency response. But even these are less effective at keeping us safe than our social and political policies, both at home and abroad. However, our elected leaders don’t think this way: they are far more likely to implement security theater against movie-plot threats.

A movie-plot threat is an overly specific attack scenario. Whether it’s terrorists with crop dusters, terrorists contaminating the milk supply, or terrorists attacking the Olympics, specific stories affect our emotions more intensely than mere data does. Stories are what we fear. It’s not just hypothetical stories: terrorists flying planes into buildings, terrorists with bombs in their shoes or in their water bottles, and terrorists with guns and bombs waging a co-ordinated attack against a city are even scarier movie-plot threats because they actually happened.

Security theater refers to security measures that make people feel more secure without doing anything to actually improve their security. An example: the photo ID checks that have sprung up in office buildings. No-one has ever explained why verifying that someone has a photo ID provides any actual security, but it looks like security to have a uniformed guard-for-hire looking at ID cards. Airport-security examples include the National Guard troops stationed at US airports in the months after 9/11—their guns had no bullets. The US colour-coded system of threat levels, the pervasive harassment of photographers, and the metal detectors that are increasingly common in hotels and office buildings since the Mumbai terrorist attacks, are additional examples.

To be sure, reasonable arguments can be made that some terrorist targets are more attractive than others: aeroplanes because a small bomb can result in the death of everyone aboard, monuments because of their national significance, national events because of television coverage, and transportation because of the numbers of people who commute daily. But there are literally millions of potential targets in any large country (there are five million commercial buildings alone in the US), and hundreds of potential terrorist tactics; it’s impossible to defend every place against everything, and it’s impossible to predict which tactic and target terrorists will try next.

Feeling and Reality

Security is both a feeling and a reality. The propensity for security theater comes from the interplay between the public and its leaders. When people are scared, they need something done that will make them feel safe, even if it doesn’t truly make them safer. Politicians naturally want to do something in response to crisis, even if that something doesn’t make any sense.

Often, this “something” is directly related to the details of a recent event: we confiscate liquids, screen shoes, and ban box cutters on airplanes. But it’s not the target and tactics of the last attack that are important, but the next attack. These measures are only effective if we happen to guess what the next terrorists are planning. If we spend billions defending our rail systems, and the terrorists bomb a shopping mall instead, we’ve wasted our money. If we concentrate airport security on screening shoes and confiscating liquids, and the terrorists hide explosives in their brassieres and use solids, we’ve wasted our money. Terrorists don’t care what they blow up and it shouldn’t be our goal merely to force the terrorists to make a minor change in their tactics or targets.

Our penchant for movie plots blinds us to the broader threats. And security theater consumes resources that could better be spent elsewhere.

Any terrorist attack is a series of events: something like planning, recruiting, funding, practising, executing, aftermath. Our most effective defenses are at the beginning and end of that process—intelligence, investigation, and emergency response—and least effective when they require us to guess the plot correctly. By intelligence and investigation, I don’t mean the broad data-mining or eavesdropping systems that have been proposed and in some cases implemented—those are also movie-plot stories without much basis in actual effectiveness—but instead the traditional “follow the evidence” type of investigation that has worked for decades.

Unfortunately for politicians, the security measures that work are largely invisible. Such measures include enhancing the intelligence-gathering abilities of the secret services, hiring cultural experts and Arabic translators, building bridges with Islamic communities both nationally and internationally, funding police capabilities—both investigative arms to prevent terrorist attacks, and emergency communications systems for after attacks occur—and arresting terrorist plotters without media fanfare. They do not include expansive new police or spying laws. Our police don’t need any new laws to deal with terrorism; rather, they need apolitical funding. These security measures don’t make good television, and they don’t help, come re-election time. But they work, addressing the reality of security instead of the feeling.

The arrest of the “liquid bombers” in London is an example: they were caught through old-fashioned intelligence and police work. Their choice of target (airplanes) and tactic (liquid explosives) didn’t matter; they would have been arrested regardless.

But even as we do all of this we cannot neglect the feeling of security, because it’s how we collectively overcome the psychological damage that terrorism causes. It’s not security theater we need, it’s direct appeals to our feelings. The best way to help people feel secure is by acting secure around them. Instead of reacting to terrorism with fear, we—and our leaders—need to react with indomitability.

Refuse to Be Terrorized

By not overreacting, by not responding to movie-plot threats, and by not becoming defensive, we demonstrate the resilience of our society, in our laws, our culture, our freedoms. There is a difference between indomitability and arrogant “bring ’em on” rhetoric. There’s a difference between accepting the inherent risk that comes with a free and open society, and hyping the threats.

We should treat terrorists like common criminals and give them all the benefits of true and open justice—not merely because it demonstrates our indomitability, but because it makes us all safer. Once a society starts circumventing its own laws, the risks to its future stability are much greater than terrorism.

Supporting real security even though it’s invisible, and demonstrating indomitability even though fear is more politically expedient, requires real courage. Demagoguery is easy. What we need is leaders willing both to do what’s right and to speak the truth.

Despite fearful rhetoric to the contrary, terrorism is not a transcendent threat. A terrorist attack cannot possibly destroy a country’s way of life; it’s only our reaction to that attack that can do that kind of damage. The more we undermine our own laws, the more we convert our buildings into fortresses, the more we reduce the freedoms and liberties at the foundation of our societies, the more we’re doing the terrorists’ job for them.

We saw some of this in the Londoners’ reaction to the 2005 transport bombings. Among the political and media hype and fearmongering, there was a thread of firm resolve. People didn’t fall victim to fear. They rode the trains and buses the next day and continued their lives. Terrorism’s goal isn’t murder; terrorism attacks the mind, using victims as a prop. By refusing to be terrorized, we deny the terrorists their primary weapon: our own fear.

Today, we can project indomitability by rolling back all the fear-based post-9/11 security measures. Our leaders have lost credibility; getting it back requires a decrease in hyperbole. Ditch the invasive mass surveillance systems and new police state-like powers. Return airport security to pre-9/11 levels. Remove swagger from our foreign policies. Show the world that our legal system is up to the challenge of terrorism. Stop telling people to report all suspicious activity; it does little but make us suspicious of each other, increasing both fear and helplessness.

Terrorism has always been rare, and for all we’ve heard about 9/11 changing the world, it’s still rare. Even 9/11 failed to kill as many people as automobiles do in the US every single month. But there’s a pervasive myth that terrorism is easy. It’s easy to imagine terrorist plots, both large-scale “poison the food supply” and small-scale “10 guys with guns and cars.” Movies and television bolster this myth, so many people are surprised that there have been so few attacks in Western cities since 9/11. Certainly intelligence and investigation successes have made it harder, but mostly it’s because terrorist attacks are actually hard. It’s hard to find willing recruits, to co-ordinate plans, and to execute those plans—and it’s easy to make mistakes.

Counterterrorism is also hard, especially when we’re psychologically prone to muck it up. Since 9/11, we’ve embarked on strategies of defending specific targets against specific tactics, overreacting to every terrorist video, stoking fear, demonizing ethnic groups, and treating the terrorists as if they were legitimate military opponents who could actually destroy a country or a way of life—all of this plays into the hands of terrorists. We’d do much better by leveraging the inherent strengths of our modern democracies and the natural advantages we have over the terrorists: our adaptability and survivability, our international network of laws and law enforcement, and the freedoms and liberties that make our society so enviable. The way we live is open enough to make terrorists rare; we are observant enough to prevent most of the terrorist plots that exist, and indomitable enough to survive the even fewer terrorist plots that actually succeed. We don’t need to pretend otherwise.

EDITED TO ADD (11/14): Commentary from Kevin Drum, James Fallows, and The Economist.

Posted on November 13, 2009 at 6:52 AMView Comments

The Problems with Unscientific Security

From the Open Access Journal of Forensic Psychology, by a whole list of authors: “A Call for Evidence-Based Security Tools“:

Abstract: Since the 2001 attacks on the twin towers, policies on security have changed drastically, bringing about an increased need for tools that allow for the detection of deception. Many of the solutions offered today, however, lack scientific underpinning.

We recommend two important changes to improve the (cost) effectiveness of security policy. To begin with, the emphasis of deception research should shift from technological to behavioural sciences. Secondly, the burden of proof should lie with the manufacturers of the security tools. Governments should not rely on security tools that have not passed scientific scrutiny, and should only employ those methods that have been proven effective. After all, the use of tools that do not work will only get us further from the truth.

One excerpt:

In absence of systematic research, users will base their evaluation on data generated by field use. Because people tend to follow heuristics rather than the rules of probability theory, perceived effectiveness can substantially differ from true effectiveness (Tversky & Kahneman, 1973). For example, one well-known problem associated with field studies is that of selective feedback. Investigative authorities are unlikely to receive feedback from liars who are erroneously considered truthful. They will occasionally receive feedback when correctly detecting deception, for example through confessions (Patrick & Iacono, 1991; Vrij, 2008). The perceived effectiveness that follows from this can be further reinforced through confirmation bias: Evidence confirming one’s preconception is weighted more heavily than evidence contradicting it (Lord, Ross, & Lepper, 1979). As a result, even techniques that perform at chance level may be perceived as highly effective (Iacono, 1991). This unwarranted confidence can have profound effects on citizens’ safety and civil liberty: Criminals may escape detection while innocents may be falsely accused. The Innocence Project (Unvalidated or improper science, no date) demonstrates that unvalidated or improper forensic science can indeed lead to wrongful convictions (see also Saks & Koehler, 2005).

Article on the paper.

Posted on November 5, 2009 at 6:11 AMView Comments

Fear and Overreaction

It’s hard work being prey. Watch the birds at a feeder. They’re constantly on alert, and will fly away from food—from easy nutrition—at the slightest movement or sound. Given that I’ve never, ever seen a bird plucked from a feeder by a predator, it seems like a whole lot of wasted effort against not very big a threat.

Assessing and reacting to risk is one of the most important things a living creature has to deal with. The amygdala, an ancient part of the brain that first evolved in primitive fishes, has that job. It’s what’s responsible for the fight-or-flight reflex. Adrenaline in the bloodstream, increased heart rate, increased muscle tension, sweaty palms; that’s the amygdala in action. And it works fast, faster than consciousnesses: show someone a snake and their amygdala will react before their conscious brain registers that they’re looking at a snake.

Fear motivates all sorts of animal behaviors. Schooling, flocking, and herding are all security measures. Not only is it less likely that any member of the group will be eaten, but each member of the group has to spend less time watching out for predators. Animals as diverse as bumblebees and monkeys both avoid food in areas where predators are common. Different prey species have developed various alarm calls, some surprisingly specific. And some prey species have even evolved to react to the alarms given off by other species.

Evolutionary biologist Randolph Nesse has studied animal defenses, particularly those that seem to be overreactions. These defenses are mostly all-or-nothing; a creature can’t do them halfway. Birds flying off, sea cucumbers expelling their stomachs, and vomiting are all examples. Using signal detection theory, Nesse showed that all-or-nothing defenses are expected to have many false alarms. “The smoke detector principle shows that the overresponsiveness of many defenses is an illusion. The defenses appear overresponsive because they are ‘inexpensive’ compared to the harms they protect against and because errors of too little defense are often more costly than errors of too much defense.”

So according to the theory, if flight costs 100 calories, both in flying and lost eating time, and there’s a 1 in 100 chance of being eaten if you don’t fly away, it’s smarter for survival to use up 10,000 calories repeatedly flying at the slightest movement even though there’s a 99 percent false alarm rate. Whatever the numbers happen to be for a particular species, it has evolved to get the trade-off right.

This makes sense, until the conditions that the species evolved under change quicker than evolution can react to. Even though there are far fewer predators in the city, birds at my feeder react as if they were in the primal forest. Even birds safe in a zoo’s aviary don’t realize that the situation has changed.

Humans are both no different and very different. We, too, feel fear and react with our amygdala, but we also have a conscious brain that can override those reactions. And we too live in a world very different from the one we evolved in. Our reflexive defenses might be optimized for the risks endemic to living in small family groups in the East African highlands in 100,000 BC, not 2009 New York City. But we can go beyond fear, and actually think sensibly about security.

Far too often, we don’t. We tend to be poor judges of risk. We overreact to rare risks, we ignore long-term risks, we magnify risks that are also morally offensive. We get risks wrongthreats, probabilities, and costs—all the time. When we’re afraid, really afraid, we’ll do almost anything to make that fear go away. Both politicians and marketers have learned to push that fear button to get us to do what they want.

One night last month, I was awakened from my hotel-room sleep by a loud, piercing alarm. There was no way I could ignore it, but I weighed the risks and did what any reasonable person would do under the circumstances: I stayed in bed and waited for the alarm to be turned off. No point getting dressed, walking down ten flights of stairs, and going outside into the cold for what invariably would be a false alarm—serious hotel fires are very rare. Unlike the bird in an aviary, I knew better.

You can disagree with my risk calculus, and I’m sure many hotel guests walked downstairs and outside to the designated assembly point. But it’s important to recognize that the ability to have this sort of discussion is uniquely human. And we need to have the discussion repeatedly, whether the topic is the installation of a home burglar alarm, the latest TSA security measures, or the potential military invasion of another country. These things aren’t part of our evolutionary history; we have no natural sense of how to respond to them. Our fears are often calibrated wrong, and reason is the only way we can override them.

This essay first appeared on DarkReading.com.

Posted on November 4, 2009 at 7:12 AMView Comments

Detecting Terrorists by Smelling Fear

Really:

The technology relies on recognising a pheromone – or scent signal – produced in sweat when a person is scared.

Researchers hope the ”fear detector” will make it possible to identify individuals at check points who are up to no good.

Terrorists with murder in mind, drug smugglers, or criminals on the run are likely to be very fearful of being discovered.

Seems like yet another technology that will be swamped with false positives.

And is there any justification to the hypothesis that terrorists will be more afraid than anyone else? And do we know why people tend to feel fear? Is it because they’re up to no good, or because of more benign reasons—like they’re scared of something? This link from emotion to intent is very tenuous.

Posted on November 3, 2009 at 6:12 AMView Comments

Psychology and Security Resource Page

Ross Anderson has put together a great resource page on security and psychology:

At a deeper level, the psychology of security touches on fundamental scientific and philosophical problems. The ‘Machiavellian Brain’ hypothesis states that we evolved high intelligence not to make better tools, but to use other monkeys better as tools: primates who were better at deception, or at detecting deception in others, left more descendants. Conflict is also deeply tied up with social psychology and anthropology, while evolutionary explanations for the human religious impulse involve both trust and conflict. The dialogue between researchers in security and in psychology has thus been widening, bringing in people from usability engineering, protocol design, privacy, and policy on the one hand, and from social psychology, evolutionary biology, and behavioral economics on the other. We believe that this new discipline will increasingly become one of the active contact points between computing and psychology—an exchange that has hugely benefited both disciplines for over a generation.

Posted on October 28, 2009 at 6:48 AMView Comments

Immediacy Affects Risk Assessments

New experiment demonstrates what we already knew:

That’s because people tend to view their immediate emotions, such as their perceptions of threats or risks, as more intense and important than their previous emotions.

In one part of the study focusing on terrorist threats, using materials adapted from the U.S. Department of Homeland Security, Van Boven and his research colleagues presented two scenarios to people in a college laboratory depicting warnings about traveling abroad to two countries.

Participants were then asked to report which country seemed to have greater terrorist threats. Many of them reported that the country they last read about was more dangerous.

“What our study has shown is that when people learn about risks, even in very rapid succession where the information is presented to them in a very clear and vivid way, they still respond more strongly to what is right in front of them,” Van Boven said.

[…]

Human emotions stem from a very old system in the brain, Van Boven says. When it comes to reacting to threats, real or exaggerated, it goes against the grain of thousands of years of evolution to just turn off that emotional reaction. It’s not something most people can do, he said.

“And that’s a problem, because people’s emotions are fundamental to their judgments and decisions in everyday life,” Van Boven said. “When people are constantly being bombarded by new threats or things to be fearful of, they can forget about the genuinely big problems, like global warming, which really need to be dealt with on a large scale with public support.”

In today’s 24-hour society, talk radio, the Internet and extensive media coverage of the “threat of the day” only exacerbate the trait of focusing on our immediate emotions, he said.

“One of the things we know about how emotional reactions work is they are not very objective, so people can get outraged or become fearful of what might actually be a relatively minor threat,” Van Boven said. “One worry is some people are aware of these kinds of effects and can use them to manipulate our actions in ways that we may prefer to avoid.”

[…]

“If you’re interested in having an informed citizenry you tell people about all the relevant risks, but what our research shows is that is not sufficient because those things still happen in sequence and people will still respond immediately to whatever happens to be in front of them,” he said. “In order to make good decisions and craft good policies we need to know how people are going to respond.”

Posted on September 30, 2009 at 1:17 PMView Comments

1 13 14 15 16 17 26

Sidebar photo of Bruce Schneier by Joe MacInnis.