Entries Tagged "terrorism"

Page 78 of 80

Satellite Tracking Data Made Secret

Here’s another example of harmful government secrecy, ostensibly implemented as security against terrorism.

How an adversary might damage a spacecraft more than 100 miles up and moving at five miles per second—eight times faster than a rifle bullet—was not specified.

Good question, though.

But unclassified military or civilian communications satellites could, in theory, be jammed. And an adversary could use the unclassified data to know when a commercial imaging satellite, possibly operating under contract to the Department of Defense, would be flying overhead.

It might even be possible, through the process of elimination, for knowledgeable amateurs to ferret out the orbit of a classified spacecraft by comparing actual observations with the list of known, unclassified satellites.

Clearly I need to write a longer essay on “movie-plot” threats, and the wisdom of spending money and effort defending against them.

Posted on March 12, 2005 at 10:31 AMView Comments

Airport Screeners Cheat to Pass Tests

According to the San Franciso Chronicle:

The private firm in charge of security at San Francisco International Airport cheated to pass tests aimed at ensuring it could stop terrorists from smuggling weapons onto flights, a former employee contends.

All security systems require trusted people: people that must be trusted in order for the security to work. If the trusted people turn out not to be trustworthy, security fails.

Posted on February 24, 2005 at 8:00 AMView Comments

Fertilizer as a Weapon

In an attempt to protect us from terrorism, there are new restrictions on fertilizer sales in the Kansas (and elsewhere):

Under the rules, retailers would have to obtain the name, address and telephone and driver’s license number of purchasers of ammonium nitrate fertilizer and maintain records, including the date of the sale and the amount purchased, for at least two years.

The administrative guidelines would authorize retailers to refuse to sell ammonium nitrate when it was being purchased out of season, in unusual quantities or in other suspicious circumstances.

The proposal, similar to rules in place in South Carolina and Nevada, is designed to make ammonium nitrate more secure and keep it out of the hands of terrorists….

Posted on February 8, 2005 at 7:58 AMView Comments

TSA's Secure Flight

As I wrote previously, I am participating in a working group to study the security and privacy of Secure Flight, the U.S. government’s program to match airline passengers with a terrorist watch list. In the end, I signed the NDA allowing me access to SSI (Sensitive Security Information) documents, but managed to avoid filling out the paperwork for a SECRET security clearance.

Last week the group had its second meeting.

So far, I have four general conclusions. One, assuming that we need to implement a program of matching airline passengers with names on terrorism watch lists, Secure Flight is a major improvement—in almost every way—over what is currently in place. (And by this I mean the matching program, not any potential uses of commercial or other third-party data.)

Two, the security system surrounding Secure Flight is riddled with security holes. There are security problems with false IDs, ID verification, the ability to fly on someone else’s ticket, airline procedures, etc.

Three, the urge to use this system for other things will be irresistible. It’s just too easy to say: “As long as you’ve got this system that watches out for terrorists, how about also looking for this list of drug dealers…and by the way, we’ve got the Super Bowl to worry about too.” Once Secure Flight gets built, all it’ll take is a new law and we’ll have a nationwide security checkpoint system.

And four, a program of matching airline passengers with names on terrorism watch lists is not making us appreciably safer, and is a lousy way to spend our security dollars.

Unfortunately, Congress has mandated that Secure Flight be implemented, so it is unlikely that the program will be killed. And analyzing the effectiveness of the program in general, potential mission creep, and whether the general idea is a worthwhile one, is beyond the scope of our little group. In other words, my first conclusion is basically all that they’re interested in hearing.

But that means I can write about everything else.

To speak to my fourth conclusion: Imagine for a minute that Secure Flight is perfect. That is, we can ensure that no one can fly under a false identity, that the watch lists have perfect identity information, and that Secure Flight can perfectly determine if a passenger is on the watch list: no false positives and no false negatives. Even if we could do all that, Secure Flight wouldn’t be worth it.

Secure Flight is a passive system. It waits for the bad guys to buy an airplane ticket and try to board. If the bad guys don’t fly, it’s a waste of money. If the bad guys try to blow up shopping malls instead of airplanes, it’s a waste of money.

If I had some millions of dollars to spend on terrorism security, and I had a watch list of potential terrorists, I would spend that money investigating those people. I would try to determine whether or not they were a terrorism threat before they got to the airport, or even if they had no intention of visiting an airport. I would try to prevent their plot regardless of whether it involved airplanes. I would clear the innocent people, and I would go after the guilty. I wouldn’t build a complex computerized infrastructure and wait until one of them happened to wander into an airport. It just doesn’t make security sense.

That’s my usual metric when I think about a terrorism security measure: Would it be more effective than taking that money and funding intelligence, investigation, or emergency response—things that protect us regardless of what the terrorists are planning next. Money spent on security measures that only work against a particular terrorist tactic, forgetting that terrorists are adaptable, is largely wasted.

Posted on January 31, 2005 at 9:26 AMView Comments

Iraqi Election Security

This is so ridiculous I have trouble believing it’s true:

Election security chiefs in Iraq will set up decoy polling centres in an attempt to outwit insurgents who have vowed to target voters with suicide bombs and mortar rounds on Sunday.

Everyone has to vote, right? This means one of two things will happen. One, everyone will know about the decoy sites, and the insurgents will know to avoid them. Or two, no one will know about the decoy sites, voters will flock to them, and it won’t matter to the insurgents that they are decoys.

Posted on January 30, 2005 at 2:00 AMView Comments

Airplane Defense Security Trade-Off

It’s nice to see the government actually making security trade-offs. From the Associated Press:

Outfitting every U.S. commercial passenger plane with anti-missile systems would be a costly and impractical defense against terrorists armed with shoulder-fired rockets, according to a study released Tuesday.

Researchers said it could cost nearly $40 billion over 20 years to deploy defense technology on the country’s 6,800 passengers jets. By comparison, the federal government currently spends roughly $4.4 billion a year on all transportation security.

The Rand study also cited the unreliability of the system, and the problems of false alarms.

Identifying terrorism security countermeasures that aren’t worth it…maybe it’s the start of a trend.

Posted on January 26, 2005 at 8:42 AMView Comments

Terrorism False Positives

Security systems fail in two different ways. The first is the obvious one: they fail to detect, stop, catch, or whatever, the bad guys. The second is more common, and often more important: they wrongly detect, stop, catch, or whatever, an innocent person. This story is from the New Zealand Herald:

A New Zealand resident who sent $5000 to his ill uncle in India had the money frozen for nearly a month because his name matched that of several men on a terrorist watch list.

Because there are far more innocent people than guilty ones, this second type of error is far more common than the first type. Security is always a trade-off, and when you’re trading off positives and negatives, you have to look at these sorts of things.

Posted on January 8, 2005 at 8:00 AMView Comments

Terrorists and Border ID Systems

This Washington Times article titled “Border Patrol hails new ID system” could have just as accurately been titled “No terrorists caught by new ID system.”

Border Patrol agents assigned to U.S. Customs and Border Protection (CBP) identified and arrested 23,502 persons with criminal records nationwide through a new biometric integrated fingerprint system during a three-month period beginning in September, CBP officials said yesterday.

Terrorism justifies the security expense, and it ends up being used for something else.

During the three-month period this year, the agents identified and detained 84 homicide suspects, 37 kidnapping suspects, 151 sexual assault suspects, 212 robbery suspects, 1,238 suspects for assaults of other types, and 2,630 suspects implicated in dangerous narcotics-related charges.

Posted on January 7, 2005 at 7:58 AMView Comments

1 76 77 78 79 80

Sidebar photo of Bruce Schneier by Joe MacInnis.