A very nice essay about US Fear culture from TomDispatch called Fear Inc. It is a nice analysis of the 9/11 that never ends, the US fear culture, and who profits.
Newsweek is running a similar sentiment. Maybe the news media has gotten their teeth on a newer, and more interesting, story: how we have all been spent into bankruptcy by make-believe fear mongering.
More boring Crotch-Bomber stuff. Once it’s out of my system I will move on to other things. I promise!
The terrorist does not have to set off a bomb.
All a terrorist has to do is create terror.
The Crotch-Bomber was spectacularly successful if not, in hindsight, bizarrely stupid. He managed to throw the TSA into a complete tizzy, send the US Government off into spasms of hysteria, have the President of the United States have to “do something fast” and, best of all, get us to care about terrorists in general again and Al-Qaeda in specific. New, enormous investments will be placed in dubious technological equipment (because technology solves all problems). Everyone will be trained to Worship the Machine because the Machine Keeps Us Safe from Terrorists. Our society becomes less Free. We give up more freedoms and rights and dignities to feel “safe.” We profile people who might look dark skinned or might be naggingly Muslim again.
These sort of things don’t seem to happen when the US economy is at its peak but down at the trough where little disruptions in the infrastructure have giant ripples. Almost as if someone watches the news and says, “Let’s do this. It seems like a great time.” Disrupt a weak economy by making people more afraid to fly? Spectacular!
Until the US Government, and the TSA in particular, understands they need to model their security against real threats that generate terror and stop trying to stop every threat in the history of time as it flows forward and backward, they will never stop people trying to smuggle non-functioning bombs in their crotch. Threat Modeling is not just for software systems! It’s for breakfast, lunch and dinner! Figure out what the threats are and stop the threats. Define the threats, define the objectives of the threats, and secure against those problems. Don’t spend loads of money on new technological devices and inconvenience millions and millions of people. Not only will security at airports become far more efficient but the entire system will become safer. Fight the threat, not the dream. Stop securing against yesterday’s pathetic attack. Stop being afraid! Come on, folks. Real engineering, please. No more faith-based security.
That no one will put up with a terrorist action on an airplane any more makes us far more safer than any technological gadgets or buckets of money we toss into the Department of Homeland Security. DHS is a big money pit that spends money on garbage with no clear mandate, management, or budget oversight. Now they want to buy more toys. Say no. Go for the low-tech solution: If you would jump on a guy trying to light his crotch on fire, raise your hand. Give everyone kindles, because they double as bludgeoning devices.
I say, scrap the machines down to reasonable search, remove the tantalizing target of the security lines through optimization, stop looking at people’s shoes, give up the worthless but intrusive random searches of senior citizens and give all stewardesses some serious martial arts training. Or tasers. Would you light your crotch on fire if that nice lady who just gave you a Coke could rip your arms off? Or taser you in the face?
What’s the threat? Someone waving a gun/bomb/knife around on board. What’s the solution? Strengthen the doors on the cockpits and teach cabin crew to kick ass.
Because of the Crotch-Bomber, all the talk around terrorism, and the current freakout at Newark International Airport, I’m going to babble a little bit about security and crime here and there. Feel free to ignore me for a few days until I get back to talking about something more important like Muse albums.
Someone dumb commits an act.
The political establishment yells: “Something must be done! Something has to be done! Why hasn’t anything been done!” The techs and the geeks and the weirdos and the cops go: “We can only do so much!” Unless a suspect is already under suspicion for an attempted act it is coming asymptotically close to impossible to divine the intent to commit a crime out of the line noise of the universe. Human beings during the course of their daily lives generate noise. Computers collect noise, sift noise, and raise easily ignored false positives on noise. Other computers analyze the sifted noise. It’s still noise.
The legal system cannot prosecute for a crime someone is going to commit. No one computer system can sift enough data and no one can read enough tarot cards to divine the future and see the act that someone, somewhere, is going to do at some time. Even if a Certified Good Guy ™ knows someone, somewhere, has intent to commit a crime because of intelligence, the intent to commit the crime is not the crime. Reality is a random number generator.
Post facto, following the forensic trail blazes a big white line through the noise. Of course the weaknesses in the system are clear now! Why didn’t anyone see all the weaknesses in a hugely complex global system before it broke down once in 11 billion times! Why were these holes, which are quite clear now, not addressed by all the smart people involved in international terror and crime, immigration services, the US government, all foreign governments worldwide, and the airlines? Someone must do something! Why isn’t anyone doing something?
Real security is a tower defense game, not unlike Plants vs. Zombies. Zombies come at you in a big shambling horde and you have to layer your flowery defenses so that you eliminate the threat at the perimeter. Layer defenses so if a zombie happens to sneak past your perimeter defenses they’re schpocked appropriately. We do this in the computer world with IDS and firewalls and SEIM and log correlation and encryption and all sorts of other fun electronic toys, all which generate noise.
Rational people stand back and say: now that we have a forensic trail from a crime actually committed instead of trying to predict what will happen, what is the actual risk and how were the defensive systems penetrated? The actual odds of one passenger carrying one bomb one one plane — a bomb unlikely to go off or do any serious harm — shows how impressive the defenses truly are. The system, as Janet Napolitano unfortunately blurted out before being forced to recant, actually does work. The real risk is very low; it is unlikely adding more layers will actually lower risk. Beef up the perimeter defenses (immigration layer), treat the act as the crime it is (intent to murder), let the cops do their jobs and move on.
But we have this forensics trail and we have a hot political issue so something must be done. Near certainly after all the reviews of the system are conducted the rational response is to accept that neither computers nor humans can pick out intent out of the vast amounts of intelligence noise hovered up by the systems. Yet we will do draconian and expensive things anyway to make people “feel better.” This is the core of security theater: we have forensics on the crime and can reconstruct the trail, so now we are going to secure against that attack we know about at enormous cost. But we still cannot divine intent with our magic witching wands.
I am going to pimp David Brooks today who makes a very similar argument today in the New York Times.
Recent Comments