Entries Tagged "security theater"

Page 12 of 20

Security vs. Privacy

If there’s a debate that sums up post-9/11 politics, it’s security versus privacy. Which is more important? How much privacy are you willing to give up for security? Can we even afford privacy in this age of insecurity? Security versus privacy: It’s the battle of the century, or at least its first decade.

In a Jan. 21 New Yorker article, Director of National Intelligence Michael McConnell discusses a proposed plan to monitor all—that’s right, all—internet communications for security purposes, an idea so extreme that the word “Orwellian” feels too mild.

The article (now online here) contains this passage:

In order for cyberspace to be policed, internet activity will have to be closely monitored. Ed Giorgio, who is working with McConnell on the plan, said that would mean giving the government the authority to examine the content of any e-mail, file transfer or Web search. “Google has records that could help in a cyber-investigation,” he said. Giorgio warned me, “We have a saying in this business: ‘Privacy and security are a zero-sum game.'”

I’m sure they have that saying in their business. And it’s precisely why, when people in their business are in charge of government, it becomes a police state. If privacy and security really were a zero-sum game, we would have seen mass immigration into the former East Germany and modern-day China. While it’s true that police states like those have less street crime, no one argues that their citizens are fundamentally more secure.

We’ve been told we have to trade off security and privacy so often—in debates on security versus privacy, writing contests, polls, reasoned essays and political rhetoric—that most of us don’t even question the fundamental dichotomy.

But it’s a false one.

Security and privacy are not opposite ends of a seesaw; you don’t have to accept less of one to get more of the other. Think of a door lock, a burglar alarm and a tall fence. Think of guns, anti-counterfeiting measures on currency and that dumb liquid ban at airports. Security affects privacy only when it’s based on identity, and there are limitations to that sort of approach.

Since 9/11, approximately three things have potentially improved airline security: reinforcing the cockpit doors, passengers realizing they have to fight back and—possibly—sky marshals. Everything else—all the security measures that affect privacy—is just security theater and a waste of effort.

By the same token, many of the anti-privacy “security” measures we’re seeing—national ID cards, warrantless eavesdropping, massive data mining and so on—do little to improve, and in some cases harm, security. And government claims of their success are either wrong, or against fake threats.

The debate isn’t security versus privacy. It’s liberty versus control.

You can see it in comments by government officials: “Privacy no longer can mean anonymity,” says Donald Kerr, principal deputy director of national intelligence. “Instead, it should mean that government and businesses properly safeguard people’s private communications and financial information.” Did you catch that? You’re expected to give up control of your privacy to others, who—presumably—get to decide how much of it you deserve. That’s what loss of liberty looks like.

It should be no surprise that people choose security over privacy: 51 to 29 percent in a recent poll. Even if you don’t subscribe to Maslow’s hierarchy of needs, it’s obvious that security is more important. Security is vital to survival, not just of people but of every living thing. Privacy is unique to humans, but it’s a social need. It’s vital to personal dignity, to family life, to society—to what makes us uniquely human—but not to survival.

If you set up the false dichotomy, of course people will choose security over privacy—especially if you scare them first. But it’s still a false dichotomy. There is no security without privacy. And liberty requires both security and privacy. The famous quote attributed to Benjamin Franklin reads: “Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety.” It’s also true that those who would give up privacy for security are likely to end up with neither.

This essay originally appeared on Wired.com.

Posted on January 29, 2008 at 5:21 AMView Comments

Anti-Missile Technology on Commercial Aircraft

There have been stories previously, but this time it looks like it will actually happen:

Up to three American Airlines jets carrying passengers will be outfitted with anti-missile technology this spring in the latest phase of testing technology to protect commercial planes from attack.

[…]

The technology is intended to stop a missile attack by detecting heat given off from the rocket, then firing a laser beam that jams the missile’s guidance system.

I have several feelings about this. One, it’s security theater against a movie-plot threat. Two, given that that’s true, attaching an empty box to the belly of the plane and writing “Laser Anti-Missile System” on it would be just as effective a deterrent at a fraction of the cost. And three, how do we know that’s not what they’re doing?

More news here.

Posted on January 18, 2008 at 11:29 AMView Comments

MySpace and U.S. Attorneys General Agree to Fight Sexual Predators

MySpace has reached an agreement with the attorneys general of 49 states—Texas sat out—to protect children from sexual predators on the site.

The attorneys general are all congratulating themselves, as is MySpace—and there’s a lot of commentary out there. To me, this all seems like much ado about nothing.

The measures—details here—won’t do anything to stop child predators on MySpace. But, on the other hand, there isn’t really any problem with child predators—just a tiny handful of highly publicized stories—on MySpace. It’s just security theater against a movie-plot threat. But we humans have a well-established cognitive bias that overestimates threats against our children, so it all makes sense.

Posted on January 17, 2008 at 1:12 PMView Comments

Patrick Smith on Aviation Security

Excellent essay from The New York Times:

In the end, I’m not sure which is more troubling, the inanity of the existing regulations, or the average American’s acceptance of them and willingness to be humiliated. These wasteful and tedious protocols have solidified into what appears to be indefinite policy, with little or no opposition. There ought to be a tide of protest rising up against this mania. Where is it? At its loudest, the voice of the traveling public is one of grumbled resignation. The op-ed pages are silent, the pundits have nothing meaningful to say.

The airlines, for their part, are in something of a bind. The willingness of our carriers to allow flying to become an increasingly unpleasant experience suggests a business sense of masochistic capitulation. On the other hand, imagine the outrage among security zealots should airlines be caught lobbying for what is perceived to be a dangerous abrogation of security and responsibility—even if it’s not. Carriers caught plenty of flack, almost all of it unfair, in the aftermath of September 11th. Understandably, they no longer want that liability.

As for Americans themselves, I suppose that it’s less than realistic to expect street protests or airport sit-ins from citizen fliers, and maybe we shouldn’t expect too much from a press and media that have had no trouble letting countless other injustices slip to the wayside. And rather than rethink our policies, the best we’ve come up with is a way to skirt them—for a fee, naturally—via schemes like Registered Traveler. Americans can now pay to have their personal information put on file just to avoid the hassle of airport security. As cynical as George Orwell ever was, I doubt he imagined the idea of citizens offering up money for their own subjugation.

How we got to this point is an interesting study in reactionary politics, fear-mongering and a disconcerting willingness of the American public to accept almost anything in the name of “security.” Conned and frightened, our nation demands not actual security, but security spectacle. And although a reasonable percentage of passengers, along with most security experts, would concur such theater serves no useful purpose, there has been surprisingly little outrage. In that regard, maybe we’ve gotten exactly the system we deserve.

Posted on January 11, 2008 at 1:47 PMView Comments

Consumer Reports on Aviation Security and the TSA

It’s not on their website yet, and you’d have to pay to read it in any case, but the February 2008 issue of Consumer Reports has an article on aviation security. Much of it you’ve all heard before, but there are some new bits:

Larry Tortorich, a TSA training officer and former representative to the Joint Terrorism Task Force who retired in 2006, also says he saw problems from the inside. “There was a facade of security. There were numerous security flaws and vulnerabilities I identified. The response was, it wasn’t apparent to the public, so there would not be any corrective action.”

I’ve regularly pointed to reinforcing the cockpit doors as something that was a good idea, and should have been done years earlier.

Critics, however, say a stronger door is only half of the solution. “People have this illusion that hardened cockpit doors work, and they don’t,” Dzakovic says. “If you want to have a secure door, you need to have a double hulled door.”

Consumer Reports searched NAS, the Aviation Safety Reporting System, and found 51 incidents since April 2002 in which flight crews reported problems with the hardened doors.

Most of them weren’t really security issues: locking mechanisms failing, doors popping open in flight, and so on. But this was more interesting:

A 2006 study of aviation security by DFI International, a Washington, D.C. security consultancy, found that a drunken passenger kicked a hole in a door panel and that aircraft cleaners “broke a fortified door off its hinges by running a heavy snack cart into it on a bet.”

El Al, of course, has double doors. But since the cost is between $5K and $10K per aircraft, the airline industry has fought the measure in the U.S.

The article also talks about how poor the screeners actually are, but I’ve covered all that already.

Posted on January 10, 2008 at 1:58 PMView Comments

Five-Year-Old Boy Detained by the TSA

His name is similar to someone on the “no fly” list:

A five-year-old boy was taken into custody and thoroughly searched at Sea-Tac because his name is similar to a possible terrorist alias. As the Consumerist reports, “When his mother went to pick him up and hug him and comfort him during the proceedings, she was told not to touch him because he was a national security risk. They also had to frisk her again to make sure the little Dillinger hadn’t passed anything dangerous weapons or materials to his mother when she hugged him.”

The explanation is simple: to the TSA, following procedure is more important than common sense. But unfortunately, catching the next terrorist will require more common sense than it will following proper procedure.

If I ever get to interview Kip Hawley again, I’ll ask him about this.

EDITED TO ADD (1/12): Another kid on the no-fly list.

Posted on January 10, 2008 at 10:53 AMView Comments

New Lithium Battery Rules for U.S. Airplanes

Starting in 2008, there are new rules for bringing lithium batteries on airplanes:

The following quantity limits apply to both your spare and installed batteries. The limits are expressed in grams of “equivalent lithium content.” 8 grams of equivalent lithium content is approximately 100 watt-hours. 25 grams is approximately 300 watt-hours:

  • Under the new rules, you can bring batteries with up to 8-gram equivalent lithium content. All lithium ion batteries in cell phones are below 8 gram equivalent lithium content. Nearly all laptop computers also are below this quantity threshold.
  • You can also bring up to two spare batteries with an aggregate equivalent lithium content of up to 25 grams, in addition to any batteries that fall below the 8-gram threshold. Examples of two types of lithium ion batteries with equivalent lithium content over 8 grams but below 25 are shown below.
  • For a lithium metal battery, whether installed in a device or carried as a spare, the limit on lithium content is 2 grams of lithium metal per battery.
  • Almost all consumer-type lithium metal batteries are below 2 grams of lithium metal. But if you are unsure, contact the manufacturer!

Near as I can tell, this affects pretty much no one except audio/visual professionals. And the TSA isn’t saying whether this is a safety issue or a security issue. They aren’t giving any reason. But those of you who paid close attention to the Second Movie-Plot Threat Contest know of the dangers:

Terrorists camouflages bombs as college textbooks, with detonators hidden in the lithium-ion batteries of various electronics. The terrorist nonchalantly wanders up by the cockpit with his armed textbook and detonates it right after the seat belt sign goes off, but while the plane is still over an inhabited area. Thousands die, with most of the casualties on the ground.

Chat about the ban on FlyerTalk. Does any other country have any similar restrictions?

EDITED TO ADD (12/28): It’s not a TSA rule; it’s an FAA rule.

The FAA has found that current systems for putting out aircraft cargo fires could not suppress a fire if a shipment of non-rechargeable batteries ignited during flight, the release said.

Here’s the actual rule; it’s the DOT that published it. Lithium batteries have been banned as cargo for a long time now. This is the DC-8 fire that led to the ban.

Posted on December 28, 2007 at 3:05 PMView Comments

Airport Security Study

Surprising nobody, a new study concludes that airport security isn’t helping:

A team at the Harvard School of Public Health could not find any studies showing whether the time-consuming process of X-raying carry-on luggage prevents hijackings or attacks.

They also found no evidence to suggest that making passengers take off their shoes and confiscating small items prevented any incidents.

[…]

The researchers said it would be interesting to apply medical standards to airport security. Screening programs for illnesses like cancer are usually not broadly instituted unless they have been shown to work.

Note the defense by the TSA:

“Even without clear evidence of the accuracy of testing, the Transportation Security Administration defended its measures by reporting that more than 13 million prohibited items were intercepted in one year,” the researchers added. “Most of these illegal items were lighters.”

This is where the TSA has it completely backwards. The goal isn’t to confiscate prohibited items. The goal is to prevent terrorism on airplanes. When the TSA confiscates millions of lighters from innocent people, that’s a security failure. The TSA is reacting to non-threats. The TSA is reacting to false alarms. Now you can argue that this level of failures is necessary to make people safer, but it’s certainly not evidence that people are safer.

For example, does anyone think that the TSA’s vigilance regarding pies is anything other than a joke?

Here’s the actual paper from the British Medical Journal:

Of course, we are not proposing that money spent on unconfirmed but politically comforting efforts to identify and seize water bottles and skin moisturisers should be diverted to research on cancer or malaria vaccines. But what would the National Screening Committee recommend on airport screening? Like mammography in the 1980s, or prostate specific antigen testing and computer tomography for detecting lung cancer more recently, we would like to open airport security screening to public and academic debate. Rigorously evaluating the current system is just the first step to building a future airport security programme that is more user friendly and cost effective, and that ultimately protects passengers from realistic threats.

I talked about airport security at length with Kip Hawley, the head of the TSA, here.

Posted on December 27, 2007 at 6:28 AMView Comments

Defeating the Shoe Scanning Machine at Heathrow Airport

For a while now, Heathrow Airport has had a unique setup for scanning shoes. Instead of taking your shoes off during the normal screening process, as you do in U.S. airports, you go through the metal detector with your shoes on. Then, later, there is a special shoe scanning X-ray machine. You take your shoes off, send them through the machine, and put them on at the other end.

It’s definitely faster, but it’s an easy system to defeat. The vulnerability is that no one verifies that the shoes you walked through the metal detector with are the same shoes you put on the scanning machine.

Here’s how the attack works. Assume that you have two pairs of shoes: a clean pair that passes all levels of screening, and a dangerous pair that doesn’t. (Ignore for a moment the ridiculousness of screening shoes in the first place, and assume that an X-ray machine can detect the dangerous pair.) Put the dangerous shoes on your feet and the clean shoes in your carry-on bag. Walk through the metal detector. Then, at the shoe X-ray machine, take the dangerous shoes off and put them in your bag, and take the clean shoes out of your bag and place them on the X-ray machine. You’ve now managed to get through security without having your shoes screened.

This works because the two security systems are decoupled. And the shoe screening machine is so crowded and chaotic, and so poorly manned, that no one notices the switch.

U.S. airports force people to put their shoes through the X-ray machine and walk through the metal detector shoeless, ensuring that all shoes get screened. That might be slower, but it works.

EDITED TO ADD (12/14): Heathrow Terminal 3, that is. The system wasn’t in place in Terminal 4, and I don’t know about Terminals 1 and 2.

Posted on December 14, 2007 at 5:43 AMView Comments

1 10 11 12 13 14 20

Sidebar photo of Bruce Schneier by Joe MacInnis.