Schneier, Journalist Poke Holes In TSA Policies

Fallen Andy points out an article in The Atlantic written by Jeffrey Goldberg. He and Bruce Schneier teamed up to put the TSA's policies to the test at the Minneapolis-St. Paul International Airport. They found plenty of evidence for security theater, and rather less for actual security. Quoting: "'The whole system is designed to catch stupid terrorists,' Schneier told me. ... As I stood in the bathroom, ripping up boarding passes, waiting for the social network of male bathroom users to report my suspicious behavior, I decided to make myself as nervous as possible. I would try to pass through security with no ID, a fake boarding pass, and an Osama bin Laden T-shirt under my coat. I splashed water on my face to mimic sweat, put on a coat (it was a summer day), hid my driver's license, and approached security with a bogus boarding pass that Schneier had made for me. ... 'All right, you can go,' [an airport security supervisor] said, pointing me to the X-ray line. 'But let this be a lesson for you.'"

Well...

[Ironix]

I wouldn't doubt that the whole system isn't there to catch actual terrorists, but to simply condition the populace into accepting this kind of routine as a the standard quo. Fo

Re:Well...

[Dun+Malg]

I wouldn't doubt that the whole system isn't there to catch actual terrorists, but to simply condition the populace into accepting this kind of routine as a the standard quo.

I know people desperately want to see this as a subtle plot by hidden puppetmasters, but really, as with all conspiracy theories, Hanlon's Razor needs to be considered:

"Never attribute to malice that which can be adequately explained by stupidity."

The desire to seek explanations involving some controlling individual or group is as old as humanity itself. The vast pantheon of gods invented to explain the frighteningly random whims of nature bear witness to this. Unfortunately, that's simply not the way it is. Nature is implacable. Tornadoes and tidal waves are inevitable, as is stupid security theater. Security theater is itself a kind of appeal to "the gods" to keep us safe. The truth is, people are just plain fucking stupid, particularly large groups of people put in charge of something that can't really be prevented. Yes, they do think this is to "stop terrorists". It's not logical, it's just blind reaction. In its own way, this is actually worse than the machinations of a secret cabal, because there's no central controlling authority to expose and thwart. It's just a giant morass of human nature. Half the population has an IQ of under 100, and many of them work for the TSA. All we can do is keep explaining their error and hope they learn.

Obamaism

When I went through at JFK and asked questions about why they were segregating my bag the supervisor came over and accused me of suffering from "Obamaism".

I complained and TSA dismissed my complaint that the supervisor was making a joke. Really? TSA thinks that a citizen asking about his rights is a joke? Really?

Re:Strictly speaking the system worked

[QuantumG]

1. It's trivial to get around airport security.
2. Everyone knows this.
3. There hasn't been any hijackings.

Therefore:

4. There is no-one attempting hijackings.

The best we can do

[aaandre]

I think the current state of airport security is just that - the best the agency can do, with it's current resources, budget and enormous demand for speedy throughput.

I myself have pondered the possibility of some kind of conspiracy, but all I'm seeing is an outdated, overwhelmed structure under a lot of pressure.

This is a very difficult problem to solve:
- fast processing of people
- spotting potential threats with minimum resources
- overstretched, tired, worn-out employees
- far from state-of-the-art equipment
- unbeliavable throughput

If the throughput is 1/100 of the LAX or JFK demands, then maybe it would be possible to look at each passanger, "check in" with them, evaluate their level of nervousness, clothing, carefully check for tell-signs etc.

With 1 second per passenger that's impossible and the best an agency can do is issue blanket policies including racial/name-based profiling, travel patterns, databases of destinations etc. and hope for the best.

I truly believe that the security policies are not an adequate protection. I don't think that's by design, rather a limitation of the design.

No conspiracy theory here, just lots of frustration with what I perceive as needless delay and inconvenience, bordering with disrespect and abuse in some cases (large-scale profiling and temporary detention of people entering the US etc.).

Re:The best we can do

[swillden]

I think the current state of airport security is just that - the best the agency can do, with it's current resources, budget and enormous demand for speedy throughput.

Sure it's the best they can do. The point, though, is that the best they can do is COMPLETELY ineffective -- and yet they still spend $7B per year doing it. Why?

Suppose you had <insert incurable disease>, and I told you that for $10,000 per year, I would sell you a cure.

"Does it work?" you ask.

"No," I respond "but it's the best anyone can do."

Would you buy it? Or would you spend your $10K on something else that actually gives you value?

Re:The best we can do

[Free+the+Cowards]

This is total bullshit. You're making the common mistake of examining their current budget, their current results, and assuming that achieving more results would require either more money or less speed.

This is simply false. It is false because it overlooks a simple fact: the current use of the budget is horrendously inefficient. In other words, better results can be achieved without making things slower (and indeed, while making things faster) on the same budget.

Most of what the TSA does is useless. Eliminate that, and suddenly you have a bunch of free money sitting around and people going through security faster. Take that money and put it into things that are actually useful. Now you have faster, better security for the same amount of money.

Why doesn't this happen? Mainly because this better security would be a lot less visible. This makes moron travelers feel less safe (even though they are actually more safe) and opens bureaucrats up to blame in the event that someone gets through it. All rationality flies out the window in the ceaseless finger-pointing that follows any failure, and the vast majority of bureaucrats are far more concerned with protecting their own asses than protecting the country.

Re:Schneier bothers me

[fuzzyfuzzyfungus]

You have a point; but I'm not sure whether the change is a result of selling out, or a principled(if very depressing) change in his view of security, based on subsequent experience. After all, the broader cultural appeal of the "cypherpunks sticking it to the man on the unregulable internet that treats censorship as damage and routes around it" has fallen massively. You used to hear it all the time; both from various luminaries and in regurgitated form from flacks and cheerleaders, not nearly as much anymore.

I suspect that it has something to do with his focus on the human element of security. The fact that you can build a cryptosystem that the feds can't break on your own computer with free tools, a modest knowledge of c, and some acquaintance with number theory is pretty damn cool. The fact that your fellow citizens will cheer as the feds waterboard the key out of you really puts that in perspective, though. It is hard to be a cypherpunk utopian when less than 1% of the population can be bothered to follow a step-by-step FAQ to set up PGP, and even geeks respond to google's data mining of their email by telling you how nice the interface is. Techies can argue, correctly, that the great firewall or any other censorware is full of fairly pitiful holes. That doesn't change the fact that it puts up enough resistance(which isn't much) to keep 95% of china's equivalent of average Joe from trying to get past it.

In a way, I think that the cypherpunk ideal fell apart when they built it and nobody came. All sorts of strong crypto are available to everybody, for free, and aren't even all that much trouble to use. Almost nobody bothers, probably so few that those who do just stand out by doing so.

I don't like the idea; but I strongly suspect that Schneier's decline in inspiration has more to do with his assessment of the state of security than it does with any specific sellout.

Re:Technically, the TSA did its job right.

[Free+the+Cowards]

And yet we're wasting billions of dollars of our money building worthless systems on top of that. That's your money, and my money. I want it to stop. The best way to do this is to show how useless it is.

I think you misunderstand Bruce's objections. He does not simply object to the fact that the TSA is insecure. He objects to the fact that the TSA wastes huge piles of money, and those huge piles of money could be used for better things.

Re:Schneier bothers me

[Obfuscant]

At this point, you're going to run up against the one advance in airplane security that *has* been made post-9/11: you're not getting through the reinforced cockpit door with anything less than a battering ram.

No, the one advance in security is not the door to the cockpit, it's the understanding on everyone's part that cooperating with a hijacker isn't in anyone's interest anymore, and the half a dozen guys (and maybe a few women) who will be beating the terrorist to a bloody pulp as the rest of the passengers applaud.

United 93 was a test. The next time, the plane won't go down while the bad guys get killed.

Re:Schneier bothers me

[Just+Some+Guy]

I knew a guy who worked airport security pre-9/11. One day they were running a security drill, and pulled him aside when he let a guy through the checkpoint with a two-piece rifle. Why did he allow him to pass? "Because it wasn't a working rifle. It wasn't put together."