Bruce Schneier: Airline Security a Waste of Cash

[David Farber <dave () farber net>]

I call it Kabuki theater also. djf

Begin forwarded message:

From: "Robert J.Berger" <rberger () ibd com>
Date: December 3, 2005 12:13:46 AM EST
To: Dave Farber <dave () farber net>, Dewayne Hendricks  
<dewayne () warpspeed com>
Subject: Bruce Schneier: Airline Security a Waste of Cash

Airline Security a Waste of Cash
By Bruce Schneier
Story location: http://www.wired.com/news/privacy/0,1848,69712,00.html

02:00 AM Dec. 01, 2005 PT

Since 9/11, our nation has been obsessed with air-travel
security. Terrorist attacks from the air have been the threat
that looms largest in Americans' minds. As a result, we've
wasted millions on misguided programs to separate the regular
travelers from the suspected terrorists -- money that could have
been spent to actually make us safer.

Consider CAPPS and its replacement, Secure Flight. These are
programs to check travelers against the 30,000 to 40,000 names
on the government's No-Fly list, and another 30,000 to 40,000 on
its Selectee list.


Security Matters

They're bizarre lists: people -- names and aliases -- who are
too dangerous to be allowed to fly under any circumstance, yet
so innocent that they cannot be arrested, even under the
draconian provisions of the Patriot Act. The Selectee list
contains an equal number of travelers who must be searched
extensively before they're allowed to fly. Who are these people,
anyway?  The truth is, nobody knows. The lists come from the
Terrorist Screening Database, a hodgepodge compiled in haste
from a variety of sources, with no clear rules about who should
be on it or how to get off it. The government is trying to clean
up the lists, but -- garbage in, garbage out -- it's not having
much success.

The program has been a complete failure, resulting in exactly
zero terrorists caught. And even worse, thousands (or more) have
been denied the ability to fly, even though they've done nothing
wrong. These denials fall into two categories: the "Ted Kennedy"
problem (people who aren't on the list but share a name with
someone who is) and the "Cat Stevens" problem (people on the
list who shouldn't be). Even now, four years after 9/11, both
these problems remain.

I know quite a lot about this. I was a member of the
government's Secure Flight Working Group on Privacy and
Security. We looked at the TSA's program for matching airplane
passengers with the terrorist watch list, and found a complete
mess: poorly defined goals, incoherent design criteria, no clear
system architecture, inadequate testing. (Our report was on the
TSA website, but has recently been removed -- "refreshed" is the
word the organization used -- and replaced with an "executive
summary" (.doc) that contains none of the report's findings. The
TSA did retain two (.doc) rebuttals (.doc), which read like
products of the same outline and dismiss our findings by saying
that we didn't have access to the requisite information.) Our
conclusions match those in two (.pdf) reports (.pdf) by the
Government Accountability Office and one (.pdf) by the DHS
inspector general.

Alongside Secure Flight, the TSA is testing Registered Traveler
programs. There are two: one administered by the TSA, and the
other a commercial program from Verified Identity Pass called
Clear. The basic idea is that you submit your information in
advance, and if you're OK -- whatever that means -- you get a
card that lets you go through security faster.

Superficially, it all seems to make sense. Why waste precious
time making Grandma Miriam from Brooklyn empty her purse when
you can search Sharaf, a 26-year-old who arrived last month from
Egypt and is traveling without luggage?

The reason is security. These programs are based on the
dangerous myth that terrorists match a particular profile and
that we can somehow pick terrorists out of a crowd if we only
can identify everyone. That's simply not true.

What these programs do is create two different access paths into
the airport: high-security and low-security. The intent is to
let only good guys take the low-security path and to force bad
guys to take the high-security path, but it rarely works out
that way. You have to assume that the bad guys will find a way
to exploit the low-security path. Why couldn't a terrorist just
slip an altimeter-triggered explosive into the baggage of a
registered traveler?

It may be counterintuitive, but we are all safer if enhanced
screening is truly random, and not based on an error-filled
database or a cursory background check.

The truth is, Registered Traveler programs are not about
security; they're about convenience. The Clear program is a
business: Those who can afford $80 per year can avoid long
lines. It's also a program with a questionable revenue model. I
fly 200,000 miles a year, which makes me a perfect candidate for
this program. But my frequent-flier status already lets me use
the airport's fast line and means that I never get selected for
secondary screening, so I have no incentive to pay for a
card. Maybe that's why the Clear pilot program in Orlando,
Florida, only signed up 10,000 of that airport's 31 million
annual passengers.

I think Verified Identity Pass understands this, and is
encouraging use of its card everywhere: at sports arenas, power
plants, even office buildings. This is just the sort of mission
creep that moves us ever closer to a "show me your papers"
society.

Exactly two things have made airline travel safer since 9/11:
reinforcement of cockpit doors, and passengers who now know that
they may have to fight back. Everything else -- Secure Flight
and Trusted Traveler included -- is security theater. We would
all be a lot safer if, instead, we implemented enhanced baggage
security -- both ensuring that a passenger's bags don't fly
unless he does, and explosives screening for all baggage -- as
well as background checks and increased screening for airport
employees.

Then we could take all the money we save and apply it to
intelligence, investigation and emergency response. These are
security measures that pay dividends regardless of what the
terrorists are planning next, whether it's the movie plot threat
of the moment, or something entirely different.

- - -

Bruce Schneier is the CTO of Counterpane Internet Security and
the author of Beyond Fear: Thinking Sensibly About Security in
an Uncertain World. You can contact him through his website.






-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/