Intent and Forensics

Because of the Crotch-Bomber, all the talk around terrorism, and the current freakout at Newark International Airport, I’m going to babble a little bit about security and crime here and there. Feel free to ignore me for a few days until I get back to talking about something more important like Muse albums.

Someone dumb commits an act.

The political establishment yells: “Something must be done! Something has to be done! Why hasn’t anything been done!” The techs and the geeks and the weirdos and the cops go: “We can only do so much!” Unless a suspect is already under suspicion for an attempted act it is coming asymptotically close to impossible to divine the intent to commit a crime out of the line noise of the universe. Human beings during the course of their daily lives generate noise. Computers collect noise, sift noise, and raise easily ignored false positives on noise. Other computers analyze the sifted noise. It’s still noise.

The legal system cannot prosecute for a crime someone is going to commit. No one computer system can sift enough data and no one can read enough tarot cards to divine the future and see the act that someone, somewhere, is going to do at some time. Even if a Certified Good Guy ™ knows someone, somewhere, has intent to commit a crime because of intelligence, the intent to commit the crime is not the crime. Reality is a random number generator.

Post facto, following the forensic trail blazes a big white line through the noise. Of course the weaknesses in the system are clear now! Why didn’t anyone see all the weaknesses in a hugely complex global system before it broke down once in 11 billion times! Why were these holes, which are quite clear now, not addressed by all the smart people involved in international terror and crime, immigration services, the US government, all foreign governments worldwide, and the airlines? Someone must do something! Why isn’t anyone doing something?

Real security is a tower defense game, not unlike Plants vs. Zombies. Zombies come at you in a big shambling horde and you have to layer your flowery defenses so that you eliminate the threat at the perimeter. Layer defenses so if a zombie happens to sneak past your perimeter defenses they’re schpocked appropriately. We do this in the computer world with IDS and firewalls and SEIM and log correlation and encryption and all sorts of other fun electronic toys, all which generate noise.

Rational people stand back and say: now that we have a forensic trail from a crime actually committed instead of trying to predict what will happen, what is the actual risk and how were the defensive systems penetrated? The actual odds of one passenger carrying one bomb one one plane — a bomb unlikely to go off or do any serious harm — shows how impressive the defenses truly are. The system, as Janet Napolitano unfortunately blurted out before being forced to recant, actually does work. The real risk is very low; it is unlikely adding more layers will actually lower risk. Beef up the perimeter defenses (immigration layer), treat the act as the crime it is (intent to murder), let the cops do their jobs and move on.

But we have this forensics trail and we have a hot political issue so something must be done. Near certainly after all the reviews of the system are conducted the rational response is to accept that neither computers nor humans can pick out intent out of the vast amounts of intelligence noise hovered up by the systems. Yet we will do draconian and expensive things anyway to make people “feel better.” This is the core of security theater: we have forensics on the crime and can reconstruct the trail, so now we are going to secure against that attack we know about at enormous cost. But we still cannot divine intent with our magic witching wands.

I am going to pimp David Brooks today who makes a very similar argument today in the New York Times.