Don’t Fear the TSA Cutting Airport Security. Be Glad That They’re Talking about It.

Don’t Fear the TSA Cutting Airport Security. Be Glad That They’re Talking about It.:

Last week, CNN reported that the Transportation Security Administration is considering eliminating security at U.S. airports that fly only smaller planes — 60 seats or fewer. Passengers connecting to larger planes would clear security at their destinations.

To be clear, the TSA has put forth no concrete proposal. The internal agency working group’s report obtained by CNN contains no recommendations. It’s nothing more than 20 people examining the potential security risks of the policy change. It’s not even new: The TSA considered this back in 2011, and the agency reviews its security policies every year. But commentary around the news has been strongly negative. Regardless of the idea’s merit, it will almost certainly not happen. That’s the result of politics, not security: Sen. Charles E. Schumer (D-N.Y.), one of numerous outraged lawmakers, has already penned a letter to the agency saying that “TSA documents proposing to scrap critical passenger security screenings, without so much as a metal detector in place in some airports, would effectively clear the runway for potential terrorist attacks.” He continued, “It simply boggles the mind to even think that the TSA has plans like this on paper in the first place.”

We don’t know enough to conclude whether this is a good idea, but it shouldn’t be dismissed out of hand. We need to evaluate airport security based on concrete costs and benefits, and not continue to implement security theater based on fear. And we should applaud the agency’s willingness to explore changes in the screening process.

There is already a tiered system for airport security, varying for both airports and passengers. Many people are enrolled in TSA PreCheck, allowing them to go through checkpoints faster and with less screening. Smaller airports don’t have modern screening equipment like full-body scanners or CT baggage screeners, making it impossible for them to detect some plastic explosives. Any would-be terrorist is already able to pick and choose his flight conditions to suit his plot.

Over the years, I have written many essays critical of the TSA and airport security, in general. Most of it is security theater — measures that make us feel safer without improving security. For example, the liquids ban makes no sense as implemented, because there’s no penalty for repeatedly trying to evade the scanners. The full-body scanners are terrible at detecting the explosive material PETN if it is well concealed — which is their whole point.

There are two basic kinds of terrorists. The amateurs will be deterred or detected by even basic security measures. The professionals will figure out how to evade even the most stringent measures. I’ve repeatedly said that the two things that have made flying safer since 9/11 are reinforcing the cockpit doors and persuading passengers that they need to fight back. Everything beyond that isn’t worth it.

It’s always possible to increase security by adding more onerous — and expensive — procedures. If that were the only concern, we would all be strip-searched and prohibited from traveling with luggage. Realistically, we need to analyze whether the increased security of any measure is worth the cost, in money, time and convenience. We spend $8 billion a year on the TSA, and we’d like to get the most security possible for that money.

This is exactly what that TSA working group was doing. CNN reported that the group specifically evaluated the costs and benefits of eliminating security at minor airports, saving $115 million a year with a “small (nonzero) undesirable increase in risk related to additional adversary opportunity.” That money could be used to bolster security at larger airports or to reduce threats totally removed from airports.

We need more of this kind of thinking, not less. In 2017, political scientists Mark Stewart and John Mueller published a detailed evaluation of airport security measures based on the cost to implement and the benefit in terms of lives saved. They concluded that most of what our government does either isn’t effective at preventing terrorism or is simply too expensive to justify the security it does provide. Others might disagree with their conclusions, but their analysis provides enough detailed information to have a meaningful argument.

The more we politicize security, the worse we are. People are generally terrible judges of risk. We fear threats in the news out of proportion with the actual dangers. We overestimate rare and spectacular risks, and underestimate commonplace ones. We fear specific “movie-plot threats” that we can bring to mind. That’s why we fear flying over driving, even though the latter kills about 35,000 people each year — about a 9/11’s worth of deaths each month. And it’s why the idea of the TSA eliminating security at minor airports fills us with fear. We can imagine the plot unfolding, only without Bruce Willis saving the day.

Very little today is immune to politics, including the TSA. It drove most of the agency’s decisions in the early years after the 9/11 terrorist attacks. That the TSA is willing to consider politically unpopular ideas is a credit to the organization. Let’s let them perform their analyses in peace.

This essay originally appeared in the Washington Post.

(Via Schneier on Security – emphasis above is mine)

Bruce knows at least as much about this as anyone outside of TSA, and one can argue more than most inside. I always appreciate his analysis.

Also on:

New Polling Agency

New Polling Agency:

There is a new polling agency on the block, called DeltaPoll.

I had never heard of them until last week, when they had a strange poll published in the Daily Mail (which, obviously, I’m not going to link to).

I think we need new pollsters like we need a hole in the head. These companies are forever misrepresenting the accuracy of their surveys and they confuse more than they inform. I was intrigued, however, so I looked up their Twitter profile and found this:

They don’t have a big Twitter following, but the names behind it have previously been associated with other polling agencies, so perhaps it’s not as dodgy as I assumed.

On the other hand, what on Earth does ’emotional and mathematical measurement methods’ mean?

(Via In the Dark)

Also on:

Amazon Echo Data Leaks, Shows Poor Engagement

Amazon Echo Data Leaks, Shows Poor Engagement:

First, Alexa and the Echo speakers came to market for a single reason only: To provide Amazon’s customers with yet another way to easily make purchases from its online store.

Second, while Amazon does currently lead in the market for smart speakers, Google is very quickly catching up. And I still expect Google to surpass Amazon, perhaps as soon as by the end of 2018.

Not being able to monetize Echo and Alexa is a problem. And it’s going to be a problem for Google, too. In that case, the online search giant will attempt to leverage its own Google Home/Google Assistant user base with, yep, you guessed it, advertising. Something that Google has publicly stated is coming to the platform.

(Via Thurrott.com)

I’ve seen this first hand at my sister’s — she & her husband add items to the shopping list only to shop at an actual brick-and-mortar store (the horror!). Even when they buy from Amazon they fire up a web browser on their laptop and don’t use their Echo at all. Mostly, they use it for music and for the occasional trivia question.

This cannot be what Amazon hoped for when they released this beast.

Also on:

John Oliver Calls Facebook ‘History’s Most Profitable Data-Harvesting Machine’

John Oliver Calls Facebook ‘History’s Most Profitable Data-Harvesting Machine’:

“We came here for your data and the data of everyone you’ve ever come into contact with,” the ad’s narrator says. “Your data allowed us to make a fuckton of ad money … but here’s the thing. Nothing’s going to change. We’ve got your data, we’ve got your friends. And really, where are you going to go?”

(Via Motherboard)

Also on:

Secret Quiet Skies surveillance program tracks citizens not suspected of wrongdoing ←

Secret Quiet Skies surveillance program tracks citizens not suspected of wrongdoing:

Federal air marshals (FAMs) told the Globe that the program is a waste of taxpayer dollars and actually makes the U.S. less safe as they are not working on “legitimate, potential threats.” Many are not even sure if it is legal, but the TSA told the Globe it is part of its “mission to ensure the safety and security of passengers, crewmembers, and aircraft throughout the aviation sector. As its assessment capabilities continue to enhance, FAMS leverages multiple internal and external intelligence sources in its deployment strategy.”

But John Casaretti, president of the Air Marshal Association, said, “Currently the Quiet Skies program does not meet the criteria we find acceptable.” He added, “The American public would be better served if these [air marshals] were instead assigned to airport screening and check in areas so that active shooter events can be swiftly ended, and violations of federal crimes can be properly and consistently addressed.”

(Via CSO Online)

I almost understand the false sense of security current airport practices provide the average Jane and John Doe.

But super secret security theater busywork?

Also on:

Homeland Security photography alert is ‘a seed of fear’

Homeland Security photography alert is ‘a seed of fear’:

“I’d be real curious to see the research telling us that terrorists are prone to stand on public sidewalks conspicuously filming their intended targets ‘in a prolonged manner,’” LoMonte says. “This just seems like an invitation for people who don’t like journalists to sic the cops on them.”

(Via Columbia Journalism Review)

DHS is a monumentally flawed organization. Read the whole article for some idea of how DHS focuses on Security Theater & propaganda instead of, oh I don’t know, doing their jobs.

Also on:

Newsmaker Interview: Bruce Schneier on ‘Going Dark’ and the Crypto Arms Race

Newsmaker Interview: Bruce Schneier on ‘Going Dark’ and the Crypto Arms Race:

TP: Thinking about the FBI, is there is there a middle ground between the things that law enforcement wants to do and the people’s right for security and privacy?

Bruce: The middle ground is having less security and giving more access to people who want to break into systems – that’s the FBI and the Chinese government and cybercriminals. That’s the middle ground. Think of it as a dial. How much security do you want to have? How much access do you want?

This notion that I can build a backdoor that only works if a [person with a] certain morality tries to use it. That’s what doesn’t work. If you’re willing to have your nuclear power plant a little less safe in exchange for giving the FBI access, that’s your tradeoff.

(Via The first stop for security news | Threatpost)

A lightweight read that makes for a great resource when trying to explain this to non-security types.

※ Typical full disclosure as Bruce and I are part of the same organization.

Also on:

Summary: The Supreme Court Rules in Carpenter v. United States

Summary: The Supreme Court Rules in Carpenter v. United States:

On Friday, June 22, the Supreme Court issued its much-anticipated opinion in Carpenter v. United States, holding that a warrant is required for police to access cell site location information from a cell phone company—the detailed geolocation information generated by a cellphone’s communication with cell towers. As predicted, Chief Justice Roberts authored the majority opinion, reversing the Sixth Circuit’s decision. He was joined by Justices Ginsburg, Breyer, Sotomayor and Kagan. The remaining four justices, Justices Kennedy, Thomas, Alito, and Gorsuch each filed separate dissenting opinions.

(Via Lawfare – Hard National Security Choices)

There has been a ton of coverage about this in the US. As per usual, Lawfare does a great job of reviewing this without hyperbole. Give it a good read as it has far reaching potential implications.

Also on:

Why Do We Care So Much About Privacy? | The New Yorker

Why Do We Care So Much About Privacy? | The New Yorker:

Possibly the discussion is using the wrong vocabulary. “Privacy” is an odd name for the good that is being threatened by commercial exploitation and state surveillance. Privacy implies “It’s nobody’s business,” and that is not really what Roe v. Wade is about, or what the E.U. regulations are about, or even what Katz and Carpenter are about. The real issue is the one that Pollak and Martin, in their suit against the District of Columbia in the Muzak case, said it was: liberty. This means the freedom to choose what to do with your body, or who can see your personal information, or who can monitor your movements and record your calls—who gets to surveil your life and on what grounds.

I like changing the argument to liberty. There’s a ton of Founding Fathers materials on the topic.

Of course, in my professional capacity there’s a different argument to make but one that still applies to the individual.

As we are learning, the danger of data collection by online companies is not that they will use it to try to sell you stuff. The danger is that that information can so easily fall into the hands of parties whose motives are much less benign.

New Data Privacy Regulations

New Data Privacy Regulations:

Surveillance is the business model of the internet. It’s not just the big companies like Facebook and Google watching everything we do online and selling advertising based on our behaviors; there’s also a large and largely unregulated industry of data brokers that collect, correlate and then sell intimate personal data about our behaviours. If we make the reasonable assumption that Congress is not going to regulate these companies, then we’re left with the market and consumer choice. The first step in that process is transparency. These new laws, and the ones that will follow, are slowly shining a light on this secretive industry.

(Via Schneier on Security)