Schneier on Security: Tagged searches

Entries Tagged "searches"

Page 6 of 15

Voluntary Security Inspections

What could possibly be the point of this?

Cars heading to Austin-Bergstrom International Airport will see random, voluntary inspections Monday.

The searches are part of an increase in security at the airport.

It’s a joint operation between the U.S. Department of Homeland Security, Austin Police, and airport security.

The enhancements are not a response to specific threats, and the security level has not changed.

Officials say the searches are voluntary and drivers can opt out if they want.

Training? Reassuring a jittery public? Looking busy? This can’t possibly be done for security reasons.

Posted on June 1, 2010 at 1:00 PM • View Comments

Bringing Lots of Liquids on a Plane at Schiphol

This would worry me, if the liquid ban weren’t already useless.

The reporter found the security flaw in the airport’s duty-free shopping system. At Schiphol airport, passengers flying to countries outside the Schengan Agreement Area can buy bottles of alcohol at duty-free shops before going through security. They are then permitted to take these bottles onto flights, provided that they have the bottles sealed at the shop.

Mr Stegeman bought a bottle, emptied it and refilled it with another liquid. After that he returned to the same shop and ‘bought’ the refilled bottle again. The shop sealed the bottle in a bag, allowing him to take it with him through security and onto a London-bound flight. In London, he transferred planes and carried the bottle onto a flight to Washington DC.

The flaw, of course, is the assumption that bottles bought at a duty-free shop actually come from the duty-free shop.

But note that 1) it’s the same airport as underwear bomber, 2) reporter is known for trying to defeat airport security, and 3) body scanners would have made no difference.

Watch the TV program here.

Posted on March 19, 2010 at 12:58 PM • View Comments

The Limits of Visual Inspection

Interesting research:

Target prevalence powerfully influences visual search behavior. In most visual search experiments, targets appear on at least 50% of trials. However, when targets are rare (as in medical or airport screening), observers shift response criteria, leading to elevated miss error rates. Observers also speed target-absent responses and may make more motor errors. This could be a speed/accuracy tradeoff with fast, frequent absent responses producing more miss errors. Disproving this hypothesis, our experiment one shows that very high target prevalence (98%) shifts response criteria in the opposite direction, leading to elevated false alarms in a simulated baggage search. However, the very frequent target-present responses are not speeded. Rather, rare target-absent responses are greatly slowed. In experiment two, prevalence was varied sinusoidally over 1000 trials as observers’ accuracy and reaction times (RTs) were measured. Observers’ criterion and target-absent RTs tracked prevalence. Sensitivity (d’) and target-present RTs did not vary with prevalence. These results support a model in which prevalence influences two parameters: a decision criterion governing the series of perceptual decisions about each attended item, and a quitting threshold that governs the timing of target-absent responses. Models in which target prevalence only influences an overall decision criterion are not supported.

This has implications for searching for contraband at airports.

Posted on February 8, 2010 at 1:54 PM • View Comments

Scanning Cargo for Nuclear Material and Conventional Explosives

Still experimental:

The team propose using a particle accelerator to alternately smash ionised hydrogen molecules and deuterium ions into targets of carbon and boron respectively. The collisions produce beams of gamma rays of various energies as well as neutrons. These beams are then passed through the cargo.

By measuring the way the beams are absorbed, Goldberg and company say they can work out whether the cargo contains explosives or nuclear materials. And they say they can do it at the rate of 20 containers per hour.

That’s an ambitious goal that presents numerous challenges.

For example, the beam currents will provide relatively sparse data so the team will have to employ a technique called few-view tomography to fill in the gaps. It will also mean that each container will have to be zapped several times. That may not be entirely desirable for certain types of goods such as food and equipment with delicate electronics.

Just how beams of gamma rays and neutrons affect these kinds of goods is something that will have to be determined

Then there is the question of false positives. One advantage of a machine like this is that it has several scanning modes is that if one reveals something suspicious, it can switch to another to look in more detail. That should build up a decent picture of the cargo’s contents and reduce false positives.

Posted on January 27, 2010 at 6:53 AM • View Comments

Transport Canada on its New Security Regulations

Okay, it’s really the Rick Mercer Report.

Posted on January 22, 2010 at 1:56 PM • View Comments

German TV on the Failure of Full-Body Scanners

The video is worth watching, even if you don’t speak German. The scanner caught a subject’s cell phone and Swiss Army knife—and the microphone he was wearing—but missed all the components to make a bomb that he hid on his body. Admittedly, he only faced the scanner from the front and not from the side. But he also didn’t hide anything in a body cavity other than his mouth—I didn’t think about that one—he didn’t use low density or thinly sliced PETN, and he didn’t hide anything in his carry-on luggage.

Full-body scanners: they’re not just a dumb idea, they don’t actually work.

Posted on January 22, 2010 at 7:28 AM • View Comments

Body Cavity Scanners

At least one company is touting its technology:

Nesch, a company based in Crown Point, Indiana, may have a solution. It’s called diffraction-enhanced X-ray imaging or DEXI, which employs proprietary diffraction enhanced imaging and multiple image radiography

Rather than simply shining X-rays through the subject and looking at the amount that passes through (like a conventional X-ray machine), DEXI analyzes the X-rays that are scattered or refracted by soft tissue or other low-density material. Conventional X-rays show little more than the skeleton, but the new technique can reveal far more, which makes it useful for both medical and security applications.

Posted on January 14, 2010 at 6:00 AM • View Comments

Breaching the Secure Area in Airports

An unidentified man breached airport security at Newark Airport on Sunday, walking into the secured area through the exit, prompting the evacuation of a terminal and flight delays that continued into the next day. This isn’t common, but it happens regularly. The result is always the same, and it’s not obvious that fixing the problem is the right solution.

This kind of security breach is inevitable, simply because human guards are not perfect. Sometimes it’s someone going in through the out door, unnoticed by a bored guard. Sometimes it’s someone running through the checkpoint and getting lost in the crowd. Sometimes it’s an open door that should be locked. Amazing as it seems to frequent fliers, the perpetrator often doesn’t even know he did anything wrong.

Basically, whenever there is—or could be—an unscreened person lost within the secure area of an airport, there are two things the TSA can do. They can say “this isn’t a big deal,” and ignore it. Or they can evacuate everyone inside the secure area, search every nook and cranny—inside the large boxes of napkins at the fast food restaurant, above the false ceilings in the bathrooms, everywhere—looking for anyone hiding or anything anyone hid, and then rescreen everybody: causing delays of six, eight, twelve, or more hours. That’s it; those are the options. And there’s no way someone in charge will choose to ignore the risk; even if the odds of a terrorist exploit are minuscule, it’ll cost him his career if he’s wrong.

Several European airports have their security screening organized differently. At Schipol Airport in Amsterdam, for example, passengers are screened at the gates. This is more expensive and requires a substantially different airport design, but it does mean that if there is a security breach, only the gate has to be evacuated and searched, and the people rescreened.

American airports can do more to secure against this risk, but I’m reasonably sure it’s not worth it. We could double the guards to reduce the risk of inattentiveness, and redesign the airports to make this kind of thing less likely, but those are expensive solutions to an already rare problem. As much as I don’t like saying it, the smartest thing is probably to live with this occasional but major inconvenience.

This essay originally appeared on ThreatPost.com.

EDITED TO ADD (1/9): A first-person account of the chaos at Newark Airport, with observations and recommendations.

Posted on January 6, 2010 at 6:10 AM • View Comments

Matt Blaze on the New "Unpredictable" TSA Screening Measures

Interesting:

“Unpredictable” security as applied to air passenger screening means that sometimes (perhaps most of the time), certain checks that might detect terrorist activity are not applied to some or all passengers on any given flight. Passengers can’t predict or influence when or whether they are be subjected to any particular screening mechanism. And so, the strategy assumes, the would-be terrorist will be forced to prepare for every possible mechanism in the TSA’s arsenal, effectively narrowing his or her range of options enough to make any serious mischief infeasible.

But terrorist organizations—especially those employing suicide bombers—have very different goals and incentives from those of smugglers, fare beaters and tax cheats. Groups like Al Qaeda aim to cause widespread disruption and terror by whatever means they can, even at great cost to individual members. In particular, they are willing and able to sacrifice—martyr—the very lives of their solders in the service of that goal. The fate of any individual terrorist is irrelevant as long as the loss contributes to terror and disruption.

Paradoxically, the best terrorist strategy (as long as they have enough volunteers) under unpredictable screening may be to prepare a cadre of suicide bombers for the least rigorous screening to which they might be subjected, and not, as the strategy assumes, for the most rigorous. Sent on their way, each will either succeed at destroying a plane or be caught, but either outcome serves the terrorists’ objective.

The problem is that catching someone under a randomized strategy creates a terrible dilemma for the authorities. What do we do when we detect a bomb-wielding terrorist whose device was discovered through the enhanced, randomly applied screening procedure?

EDITED TO ADD (1/5): In this blog post, a reader of Andrew Sullivan’s blog argues that the terrorist didn’t care if he blew the plane up or not, that he went back to his seat instead of detonating the explosive in the toilet precisely because he wanted his fellow passengers to see his attempt—just in case it failed.

Posted on January 5, 2010 at 11:41 AM • View Comments

Christmas Bomber: Where Airport Security Worked

With all the talk about the failure of airport security to detect the PETN that the Christmas bomber sewed into his underwear—and to think I’ve been using the phrase “underwear bomber” as a joke all these years—people forget that airport security played an important role in foiling the plot.

In order to get through airport security, Abdulmutallab—or, more precisely, whoever built the bomb—had to construct a far less reliable bomb than he would have otherwise; he had to resort to a much more ineffective detonation mechanism. And, as we’ve learned, detonating PETN is actually very hard.

Additionally, I don’t think it’s fair to criticize airport security for not catching the PETN. The security systems at airports aren’t designed to catch someone strapping a plastic explosive to his body. Even more strongly: no security system, at any airport, in any country on the planet, is designed to catch someone doing this. This isn’t a surprise. It isn’t even a new idea. It wasn’t even a new idea when I said this to then TSA head Kip Hawley in 2007: “I don’t want to even think about how much C4 I can strap to my legs and walk through your magnetometers.” You can try to argue that the TSA, and other airport security organizations around the world, should have been redesigned years ago to catch this, but anyone who is surprised by this attack simply hasn’t been paying attention.

EDITED TO ADD (1/4): I don’t know what to make of this:

Ben Wallace, who used to work at defence firm QinetiQ, one of the companies making the technology, warned it was not a “big silver bullet”.

[…]

Mr Wallace said the scanners would probably not have detected the failed Detroit plane plot of Christmas Day.

He said the same of the 2006 airliner liquid bomb plot and of explosives used in the 2005 bombings of three Tube trains and a bus in London.

[…]

He said the “passive millimetre wave scanners” – which QinetiQ helped develop – probably would not have detected key plots affecting passengers in the UK in recent years.

[…]

Mr Wallace told BBC Radio 4’s Today programme: “The advantage of the millimetre waves are that they can be used at longer range, they can be quicker and they are harmless to travellers.

“But there is a big but, and the but was in all the testing that we undertook, it was unlikely that it would have picked up the current explosive devices being used by al-Qaeda.”

He added: “It probably wouldn’t have picked up the very large plot with the liquids in 2006 at Heathrow or indeed the… bombs that were used on the Tube because it wasn’t very good and it wasn’t that easy to detect liquids and plastics unless they were very solid plastics.

“This is not necessarily the big silver bullet that is somehow being portrayed by Downing Street.”

A spokeswoman for QinetiQ said “no single technology can address every eventuality or security risk”.

“QinetiQ’s passive millimetre wave system, SPO, is a… people-screening system which can identify potential security threats concealed on the human body. It is not a checkpoint security system.

“SPO can effectively shortlist people who may need further investigation, either via other technology such as x-rays, or human intervention such as a pat-down search.”

Posted on January 4, 2010 at 6:28 AM • View Comments

←Previous 1 … 4 5 6 7 8 … 15 Next→

Sidebar photo of Bruce Schneier by Joe MacInnis.