Entries Tagged "terrorism"

Page 79 of 80

Shutting Down the GPS Network

More stupid security from our government. From an AP story:

President Bush has ordered plans for temporarily disabling the U.S. network of global positioning satellites during a national crisis to prevent terrorists from using the navigational technology, the White House said Wednesday.

During a national crisis, GPS technology will help the good guys far more than it will help the bad guys. Disabling the system will almost certainly do much more harm than good.

This reminds me of comments after the Madrid bombings that we should develop ways to shut down the cell phone network after a terrorist attack. (The Madrid bombs were detonated using cell phones, although not by calling cell phones attached to the bombs.) After a terrorist attack, cell phones are critical to both rescue workers and survivors.

All technology has good and bad uses—automobiles, telephones, cryptography, etc. For the most part, you have to accept the bad uses if you want the good uses. This is okay, because the good guys far outnumber the bad guys, and the good uses far outnumber the bad ones.

Posted on January 5, 2005 at 8:49 AMView Comments

Illegal Aliens and Driver's Licenses

Has anyone heard of the Center for Advanced Studies in Science and Technology Policy? They released a statement saying that not issuing driver’s licenses to illegal aliens is bad for security. Their analysis is good, and worth reading:

As part of the legislative compromise to pass the intelligence reform bill signed into law by the President today, the administration and Congressional leaders have promised to attach to the first ‘must pass’ legislation of the new year a controversial provision that was rightly dropped from the intelligence reform bill—this provision would effectively prevent the states from issuing driver’s licenses to illegal aliens by requiring ‘legal presence’ status for holders of licenses to be used as ‘national ID.’

Although this provision is being touted by its supporters as a security measure, its implementation in practice will be to undermine national security because it ignores three widely-recognized principles of counter-terrorism security: the shrinking perimeter of defense; the need to allocate resources to more likely targets; and the economics of fraud.

First, the very fact that 13 million illegal aliens are already within our borders means that a perimeter-based defense is porous. The proposed policy would eliminate another opportunity to screen this large pool of people and to separate ‘otherwise law abiding’ illegal aliens from terrorists or criminals by confirming identity when licenses are issued or when such licenses are presented or used for identity screening at checkpoints.

Recognizing the porous nature of perimeter defense does not mean that border security should not be improved or that additional steps to prevent illegal immigration should not be taken, however, not recognizing its porous nature is unrealistic, counter to current trends in security practice, and undermines national security. Rather than excluding 13 million people already within our borders, we should encourage non-terrorist illegal aliens to participate in internal security screening systems.

This leads to the second point. Contrary to the argument made by its supporters that denying illegal aliens licenses would prevent terrorists from ‘melting’ into society, this legislation would guarantee a larger haystack in which terrorists can hide thus making it more difficult for law enforcement to identify them. Counter-terrorism strategy is based on reducing the suspect population so that security resources can be focused on more likely suspects. Denying identity legitimacy to 13 million illegal aliens—the vast majority of whom are not terrorists or otherwise threats to national security—just increases the size of the suspect pool for law enforcement to have to sort through. Since law enforcement resources are already unable to effectively cope with the large illegal alien population why further complicate their task?

Third, the proposed legislation would increase the incentives for fraud by greatly inflating the value of a driver’s license and by creating significant new demand for fraudulent licenses by making the driver’s license actual proof of citizenship or legal status. Arguments in support of the legislation are based in part on denying illegal aliens the de facto legitimacy that a driver’s license currently confers, yet the legislation would actually make such legitimacy a matter of law, thus increasing the demand for fraudulent licenses not only among those illegal aliens wishing to drive but among all 13 million who may now see it as a way to get jobs or otherwise prove their legitimate status.

If 13 million people living within our borders can’t drive, fly, travel on a train or bus, or otherwise participate in society without a driver’s license and they cannot get a legitimate one, then the market will supply them an illegal fraudulent one. State DMV bureaucracies, no matter how well- intentioned, do not have the resources, training, or skill to prevent fraud driven by this additional demand and no federal mandate will be able to prevent organized criminal elements from responding.

On the other hand, if illegal aliens are allowed to get legitimate licenses upon thorough vetting of their identity, then the only ones who will be trying to get fraudulent documents will be terrorists or criminals—who will face increased costs and more opportunities for mistakes if there is less overall demand—and law enforcement resources can be focused on these activities.

Fourteen states currently allow driver’s licenses to be obtained without showing ‘legal presence.’ These laws were enacted for public safety reasons—to ensure that drivers meet some standard to drive and to lower insurance premiums by decreasing the pool of unlicensed and uninsured drivers. In most cases, these laws were passed with the strong support of state law enforcement officials who recognized the advantages of being able to identify drivers and discourage unlicensed drivers from fleeing from minor traffic infractions or accidents because they were fearful of being caught without a license. The analogous arguments hold for national security—the more we can encourage otherwise law abiding people within our borders to participate in the system the easier it will be to identify those that pose a true threat.

There may be legitimate reasons for cracking down on illegal immigration, there may even be reasons to deny illegal aliens driver’s licenses, but counter-terrorism security is not one. This provision was appropriately dropped from the intelligence reform bill and it should not be resurrected in the 109th Congress.

Posted on January 4, 2005 at 8:00 AM

Security Notes from All Over: Israeli Airport Security Questioning

In both Secrets and Lies and Beyond Fear, I discuss a key difference between attackers and defenders: the ability to concentrate resources. The defender must defend against all possible attacks, while the attacker can concentrate his forces on one particular avenue of attack. This precept is fundamental to a lot of security, and can be seen very clearly in counterterrorism. A country is in the position of the interior; it must defend itself against all possible terrorist attacks: airplane terrorism, chemical bombs, threats at the ports, threats through the mails, lone lunatics with automatic weapons, assassinations, etc, etc, etc. The terrorist just needs to find one weak spot in the defenses, and exploit that. This concentration versus diffusion of resources is one reason why the defender’s job is so much harder than the attackers.

This same principle guides security questioning at the Ben Gurion Airport in Israel. In this example, the attacker is the security screener and the defender is the terrorist. (It’s important to remember that “attacker” and “defender” are not moral labels, but tactical ones. Sometimes the defenders are the good guys and the attackers are the bad guys. In this case, the bad guy is trying to defend his cover story against the good guy who is attacking it.)

Security is impressively tight at the airport, and includes a potentially lengthy interview by a trained security screener. The screener asks each passenger questions, trying to determine if he’s a security risk. But instead of asking different questions—where do you live, what do you do for a living, where were you born—the screener asks questions that follow a storyline: “Where are you going? Who do you know there? How did you meet him? What were you doing there?” And so on.

See the ability to concentrate resources? The defender—the terrorist trying to sneak aboard the airplane—needs a cover story sufficiently broad to be able to respond to any line of questioning. So he might memorize the answers to several hundred questions. The attacker—the security screener—could ask questions scattershot, but instead concentrates his questioning along one particular line. The theory is that eventually the defender will reach the end of his memorized story, and that the attacker will then notice the subtle changes in the defender as he starts to make up answers.

Posted on December 14, 2004 at 9:26 AMView Comments

Sensible Security from New Zealand

I like the way this guy thinks about security as a trade-off:

In the week United States-led forces invaded Iraq, the service was receiving a hoax bomb call every two or three hours, but not one aircraft was delayed. Security experts decided the cost of halting flights far outweighed the actual risk to those on board.

It’s a short article, and in it Mark Everitt, General Manager of the New Zealand Aviation Security Service, says that small knives should be allowed on flights, and that sky marshals should not.

Before 9/11, New Zealand domestic flights had no security at all, because there simply wasn’t anywhere to hijack a flight to.

Posted on December 3, 2004 at 10:00 AMView Comments

Behavioral Assessment Profiling

On Dec. 14, 1999, Ahmed Ressam tried to enter the United States from Canada at Port Angeles, Wash. He had a suitcase bomb in the trunk of his car. A US customs agent, Diana Dean, questioned him at the border. He was fidgeting, sweaty, and jittery. He avoided eye contact. In Dean’s own words, he was acting “hinky.” Ressam’s car was eventually searched, and he was arrested.

It wasn’t any one thing that tipped Dean off; it was everything encompassed in the slang term “hinky.” But it worked. The reason there wasn’t a bombing at Los Angeles International Airport around Christmas 1999 was because a trained, knowledgeable security person was paying attention.

This is “behavioral assessment” profiling. It’s what customs agents do at borders all the time. It’s what the Israeli police do to protect their airport and airplanes. And it’s a new pilot program in the United States at Boston’s Logan Airport. Behavioral profiling is dangerous because it’s easy to abuse, but it’s also the best thing we can do to improve the security of our air passenger system.

Behavioral profiling is not the same as computerized passenger profiling. The latter has been in place for years. It’s a secret system, and it’s a mess. Sometimes airlines decided who would undergo secondary screening, and they would choose people based on ticket purchase, frequent-flyer status, and similarity to names on government watch lists. CAPPS-2 was to follow, evaluating people based on government and commercial databases and assigning a “risk” score. This system was scrapped after public outcry, but another profiling system called Secure Flight will debut next year. Again, details are secret.

The problem with computerized passenger profiling is that it simply doesn’t work. Terrorists don’t fit a profile and cannot be plucked out of crowds by computers. Terrorists are European, Asian, African, Hispanic, and Middle Eastern, male and female, young and old. Richard Reid, the shoe bomber, was British with a Jamaican father. Jose Padilla, arrested in Chicago in 2002 as a “dirty bomb” suspect, was a Hispanic-American. Timothy McVeigh was a white American. So was the Unabomber, who once taught mathematics at the University of California, Berkeley. The Chechens who blew up two Russian planes last August were female. Recent reports indicate that Al Qaeda is recruiting Europeans for further attacks on the United States.

Terrorists can buy plane tickets—either one way or round trip—with cash or credit cards. Mohamed Atta, the leader of the 9/11 plot, had a frequent-flyer gold card. They are a surprisingly diverse group of people, and any computer profiling system will just make it easier for those who don’t meet the profile.

Behavioral assessment profiling is different. It cuts through all of those superficial profiling characteristics and centers on the person. State police are trained as screeners in order to look for suspicious conduct such as furtiveness or undue anxiety. Already at Logan Airport, the program has caught 20 people who were either in the country illegally or had outstanding warrants of one kind or another.

Earlier this month the ACLU of Massachusetts filed a lawsuit challenging the constitutionality of behavioral assessment profiling. The lawsuit is unlikely to succeed; the principle of “implied consent” that has been used to uphold the legality of passenger and baggage screening will almost certainly be applied in this case as well.

But the ACLU has it wrong. Behavioral assessment profiling isn’t the problem. Abuse of behavioral profiling is the problem, and the ACLU has correctly identified where it can go wrong. If policemen fall back on naive profiling by race, ethnicity, age, gender—characteristics not relevant to security—they’re little better than a computer. Instead of “driving while black,” the police will face accusations of harassing people for the infraction of “flying while Arab.” Their actions will increase racial tensions and make them less likely to notice the real threats. And we’ll all be less safe as a result.

Behavioral assessment profiling isn’t a “silver bullet.” It needs to be part of a layered security system, one that includes passenger baggage screening, airport employee screening, and random security checks. It’s best implemented not by police but by specially trained federal officers. These officers could be deployed at airports, sports stadiums, political conventions—anywhere terrorism is a risk because the target is attractive. Done properly, this is the best thing to happen to air passenger security since reinforcing the cockpit door.

This article originally appeared in the Boston Globe.

Posted on November 24, 2004 at 9:33 AMView Comments

Amtrak "Security"

Amtrak will now randomly check IDs:

Amtrak conductors have begun random checks of passengers’ IDs as a precaution against terrorist attacks.

This works because, somehow, terrorists don’t have IDs.

I’ve written about this kind of thing before. It’s the kind of program that makes us no safer, and wastes everyone’s time and Amtrak’s money.

Posted on November 19, 2004 at 10:03 AMView Comments

The Security of Checks and Balances

Much of the political rhetoric surrounding the US presidential election centers around the relative security posturings of President George W. Bush and Senator John Kerry, with each side loudly proclaiming that his opponent will do irrevocable harm to national security.

Terrorism is a serious issue facing our nation in the early 21st century, and the contrasting views of these candidates is important. But this debate obscures another security risk, one much more central to the US: the increasing centralisation of American political power in the hands of the executive branch of the government.

Over 200 years ago, the framers of the US Constitution established an ingenious security device against tyrannical government: they divided government power among three different bodies. A carefully thought-out system of checks and balances in the executive branch, the legislative branch, and the judicial branch, ensured that no single branch became too powerful. After watching tyrannies rise and fall throughout Europe, this seemed like a prudent way to form a government.

Since 9/11, the United States has seen an enormous power grab by the executive branch. From denying suspects the right to a trial—and sometimes to an attorney—to the law-free zone established at Guantanamo, from deciding which ratified treaties to ignore to flouting laws designed to foster open government, the Bush administration has consistently moved to increase its power at the expense of the rest of the government. The so-called “Torture Memos,” prepared at the request of the president, assert that the president can claim unlimited power as long as it is somehow connected with counterterrorism.

Presidential power as a security issue will not play a role in the upcoming US election. Bush has shown through his actions during his first term that he favours increasing the powers of the executive branch over the legislative and the judicial branches. Kerry’s words show that he is in agreement with the president on this issue. And largely, the legislative and judicial branches are allowing themselves to be trampled over.

In times of crisis, the natural human reaction is to look for safety in a single strong leader. This is why Bush’s rhetoric of strength has been so well-received by the American people, and why Kerry is also campaigning on a platform of strength. Unfortunately, consolidating power in one person is dangerous. History shows again and again that power is a corrupting influence, and that more power is more corrupting. The loss of the American system of checks and balances is more of a security danger than any terrorist risk.

The ancient Roman Senate had a similar way of dealing with major crises. When there was a serious military threat against the safety and security of the Republic, the long debates and compromise legislation that accompanied the democratic process seemed a needless luxury. The Senate would appoint a single person, called a “dictator” (Latin for “one who orders”) to have absolute power over Rome in order to more efficiently deal with the crisis. He was appointed for a period of six months or for the duration of the emergency, whichever period was shorter. Sometimes the process worked, but often the injustices that resulted from having a dictator were worse than the original crisis.

Today, the principles of democracy enshrined in the US constitution are more important than ever. In order to prevail over global terrorism while preserving the values that have made America great, the constitutional system of checks and balances is critical.

This is not a partisan issue; I don’t believe that John Kerry, if elected, would willingly lessen his own power any more than second-term President Bush would. What the US needs is a strong Congress and a strong court system to balance the presidency, not weak ones ceding ever more power to the presidency.

Originally published in the Sydney Morning Herald.

Posted on October 29, 2004 at 10:21 AMView Comments

A Sensible Elected Official

The new mayor of Madison, Alabama, has a surprisingly sensible attitude about security.

From the Huntsville Times:

City Hall security. Kirkindall, Atallo and Lacy agree the city may have gone a little overboard in the wake of the Sept. 11, 2001, terror attacks by eliminating 20 to 25 prime parking spaces near the building. Starting today, people will be allowed to park there again.

Atallo says the City Hall visitors log—another recent addition—also annoys people and doesn’t do anything to make Madison safer. To prove it, he’s been signing the names of famous terrorists – “O.B. Laden,” “Carlos T. Jackal” – in the book.

No one’s caught it.

As of today, the log is out.

I have no idea if he’s a Republican or a Democrat, but I wish there were more people like him in government.

Posted on October 26, 2004 at 11:36 AMView Comments

World Series Security

The World Series is no stranger to security. Fans try to sneak into the ballpark without tickets, or with counterfeit tickets. Often foods and alcohol are prohibited from being brought into the ballpark, to enforce the monopoly of the high-priced concessions. Violence is always a risk: both small fights and larger-scale riots that result from fans from both teams being in such close proximity—like the one that almost happened during the sixth game of the AL series.

Today, the new risk is terrorism. Security at the Olympics cost $1.5 billion. $50 million each was spent at the Democratic and Republican conventions. There has been no public statement about the security bill for the World Series, but it’s reasonable to assume it will be impressive.

In our fervor to defend ourselves, it’s important that we spend our money wisely. Much of what people think of as security against terrorism doesn’t actually make us safer. Even in a world of high-tech security, the most important solution is the guy watching to keep beer bottles from being thrown onto the field.

Generally, security measures that defend specific targets are wasteful, because they can be avoided simply by switching targets. If we completely defend the World Series from attack, and the terrorists bomb a crowded shopping mall instead, little has been gained.

Even so, some high-profile locations, like national monuments and symbolic buildings, and some high-profile events, like political conventions and championship sporting events, warrant additional security. What additional measures make sense?

ID checks don’t make sense. Everyone has an ID. Even the 9/11 terrorists had IDs. What we want is to somehow check intention; is the person going to do something bad? But we can’t do that, so we check IDs instead. It’s a complete waste of time and money, and does absolutely nothing to make us safer.

Automatic face recognition systems don’t work. Computers that automatically pick terrorists out of crowds are a great movie plot device, but doesn’t work in the real world. We don’t have a comprehensive photographic database of known terrorists. Even worse, the face recognition technology is so faulty that it often can’t make the matches even when we do have decent photographs. We tried it at the 2001 Super Bowl; it was a failure.

Airport-like attendee screening doesn’t work. The terrorists who took over the Russian school sneaked their weapons in long before their attack. And screening fans is only a small part of the solution. There are simply too many people, vehicles, and supplies moving in and out of a ballpark regularly. This kind of security failed at the Olympics, as reporters proved again and again that they could sneak all sorts of things into the stadiums undetected.

What does work is people: smart security officials watching the crowds. It’s called “behavior recognition,�? and it requires trained personnel looking for suspicious behavior. Does someone look out of place? Is he nervous, and not watching the game? Is he not cheering, hissing, booing, and waving like a sports fan would?

This is what good policemen do all the time. It’s what Israeli airport security does. It works because instead of relying on checkpoints that can be bypassed, it relies on the human ability to notice something that just doesn’t feel right. It’s intuition, and it’s far more effective than computerized security solutions.

Will this result in perfect security? Of course not. No security measures are guaranteed; all we can do is reduce the odds. And the best way to do that is to pay attention. A few hundred plainclothes policemen, walking around the stadium and watching for anything suspicious, will provide more security against terrorism than almost anything else we can reasonably do.

And the best thing about policemen is that they’re adaptable. They can deal with terrorist threats, and they can deal with more common security issues, too.

Most of the threats at the World Series have nothing to do with terrorism; unruly or violent fans are a much more common problem. And more likely than a complex 9/11-like plot is a lone terrorist with a gun, a bomb, or something that will cause panic. But luckily, the security measures ballparks have already put in place to protect against the former also help protect against the latter.

Originally published by UPI.

Posted on October 25, 2004 at 6:31 PMView Comments

Technology and Counterterrorism

Technology makes us safer.

Communications technologies ensure that emergency response personnel can communicate with each other in an emergency—whether police, fire or medical. Bomb-sniffing machines now routinely scan airplane baggage. Other technologies may someday detect contaminants in our water supply or our atmosphere.

Throughout law enforcement and intelligence investigation, different technologies are being harnessed for the good of defense. However, technologies designed to secure specific targets have a limited value.

By its very nature, defense against terrorism means we must be prepared for anything. This makes it expensive—if not nearly impossible—to deploy threat-specific technological advances at all the places where they’re likely needed. So while it’s good to have bomb-detection devices in airports and bioweapon detectors in crowded subways, defensive technology cannot be applied at every conceivable target for every conceivable threat. If we spent billions of dollars securing airports and the terrorists shifted their attacks to shopping malls, we wouldn’t gain any security as a society.

It’s far more effective to try and mitigate the general threat. For example, technologies that improve intelligence gathering and analysis could help federal agents quickly chase down information about suspected terrorists. The technologies could help agents more rapidly uncover terrorist plots of any type and aimed at any target, from nuclear plants to the food supply. In addition, technologies that foster communication, coordination and emergency response could reduce the effects of a terrorist attack, regardless of what form the attack takes. We get the most value for our security dollar when we can leverage technology to extend the capabilities of humans.

Just as terrorists can use technology more or less wisely, we as defenders can do the same. It is only by keeping in mind the strengths and limitations of technology that we can increase our security without wasting money, freedoms or civil liberties, and without making ourselves more vulnerable to other threats. Security is a trade-off, and it is important that we use technologies that enable us to make better trade-offs and not worse ones.

Originally published on CNet

Posted on October 20, 2004 at 4:35 PMView Comments

1 77 78 79 80

Sidebar photo of Bruce Schneier by Joe MacInnis.