While prompted by the current outrages of the TSA, I wanted to write this in a more general way because they are not the only folks who employ security theatre instead of real security.

I’m actually going to start in Asia, at a company HQ where I had been invited to visit them to help an engineering team sort out a technical problem.

Serial Numbers & Tape
At the gate security of the company I was visiting (at their request, to help then solve a nasty technical problem), I was faced with a typical guard following his rules:

1. The serial number of my laptop needed to be recorded.
2. They had to make sure I didn’t have a camera, flash memory cards, thumb drives or an iPod on me. That means metal detector for me & x-ray for my bag.

At the door to the building, about 100 yards from the gate, the whole thing is repeated.

Leaving the building later in the day, the guard there dutifully checked the number on the laptop matched the one on their slip of paper. And then he tapes my laptop shut, making sure he covers the DVD drive, with anti-tamper tape. And they x-ray the bag again.

At the gate, we repeat the whole thing once more, and he checks the laptop is still taped up.

Now, I understand that there are risks of industrial espionage, but really, why tape my laptop up as I leave? By that point, if I was going to copy data on to it, or record conversations, it would be done. This is pointless security theatre. It will not stop anything at all. The only result of this security was I felt I was being treated as though I was a criminal (and believe me, I don’t want to return there ever again).

The Goal
Many years ago, I was told something about encryption techniques that is a very important thing to keep in mind: the strength of an encryption algorithm only needs to be good enough to protect the data until it is no longer important. Spending billions of dollars to implement a super-strength algorithm to protect data that only needs to be secured for a few hours is a waste of time & money.

At the same time, a solution that is 100% secure is impossible to achieve too. There is a trade off to be made between the cost and the strength, but there will always be a way to defeat it if somebody is determined enough to do so.

The same thinking applies to physical security. Reaching a solution where you catch 100% of the people who wish to harm us is unlikely. The trick is to find the balance where the cost (in this case both financial and impact on the lives of innocent travelers, who far outnumber those trying to harm us) is acceptable.

Theatre?
Calling it theatre though is to say that the people making these rules know that they don’t really add much security; they just inconvenience travelers enough to make them believe those in charge are on top of the situation. Let me tell you another story…

Last Christmas I was in the UK when that idiot tried to blow up his underwear on a plane, and I was flying home a few days later. Walking from the lounge (shopping) area at Heathrow to the gate, I thought it would be simpler to keep my laptop out (I’d been using it in the lounge area) since I was certain it would need to come out to be checked.

Within site of the new, hastily erected, gate entrance security check I was accosted by a United Airlines employee insisting I check my hand luggage. I started to explain that the laptop did fit in the bag, but since I could see it would need to come out just a few steps past her desk I thought it would be more efficient to just keep it out. Big mistake.

I got lectured about how the newly instated ‘one bag’ rule, as a reaction to the underwear bomber, was for my safety. And how dare I even think about whether that made sense. Smarter people than I had decided it made sense. But I do think about these things, and more people should.

Why does it make sense to limit people flying on US carriers to one carry on bag because somebody with no bags at all tried to set off a bomb in his underwear? Other carriers flying to the US were not affected by this rule.

But the theatre didn’t end there (and I guess, almost one year on, somebody at TSA finally noticed this glaring flaw). At the gate, after they had rifled through our one bag, they patted us down everywhere but the underwear area.

And this wasn’t theatre just to make people feel safer? Really?

Feel Safer?
Terrorist attacks are the biggest threat an American faces in their life, right? In the last decade, more people have been killed by terrorists than by any other cause, right?

Wrong! Here’s a quote from Ron Paul’s speech in the congress earlier this week with some numbers:

You know, when you think about it, if you look at what’s happened over the past 10 years, during this last decade, we lost 3000 on a terrible, terrible day for America. But since that time in this last decade, we have also lost 6,000 of our military personnel going over there and trying to rectify this problem. We have lost 400,000 people on our government-run highways. We have lost 150,000 individuals from homicides. So I think there’s reason to be concerned, reason to deal with this problem. We’re not dealing with it the right way, we’re doing the wrong thing, and groping people at the airport doesn’t solve our problems

So, the US government could save more lives (by two orders of magnitude) by simply banning cars. Too restrictive of your freedoms? OK, here’s something more shocking: Statistics from the CDC for 2007 (just one year in that decade), show heart disease and cancer killed over 1 million Americans. How about we take the money we’re wasting on security theatre at the airports, and spend it on improving the health of Americans? Or on defeating the evil that is cancer?

Sadly, the government can’t prevent every death, but doesn’t it make sense to spend in proportion to the threat?

Backscatter & Enhanced Pat Downs
The latest escalation of airport security theatre is special scanners than can see through clothing, and if you don’t like that idea for any reason, then you get an enhanced pat down, something that in any other setting would be considered sexual battery.

Obviously a reaction to the underwear issue, but is the high cost of this equipment and pat down policy, and even more important the infringement of a pretty basic human right worth the, at best, modest improvement in actual security.

Sure, if there is probable cause to believe somebody is a threat then escalating the intensity of the process makes perfect sense. Don’t treat every traveler as a threat to the safety of the aircraft. The numbers simply don’t support that assumption.

What are the numbers? Well, I found estimates online of 1.5 million to 2 million people flying every day in the US. Taking the low value there, that means more than 5 billion person-flights in the last 10 years. How many attackers have got on board aircraft in the US during that time? By my count, just 19. The shoe bomber and the underwear bomber boarded their planes outside the US, but add them in, and let’s add in the 8 liquid bombers from 2006 who never made it onto a plane thanks to some excellent detective work. Still a tiny, tiny number. Based on the number of murders/year, I would estimate there have been many more murderers than those 29 terrorists in Oakland alone over that same period of time. So why treat everybody like a criminal? We don’t treat everybody entering or leaving Oakland as a criminal.

Of course, you don’t need scanners if you want to limit your enhanced searches for people you suspect might be a threat – you can take those people into a private room, and use the techniques police forces have been using for years.

But how do you identify that needle in the haystack? The Israelis have been doing this for a while. They have a solution that focuses on exactly the problem of identifying people who might be a threat rather than assuming everybody is a threat and looking for their weapons.

“Anything For My Safety”
Really? Let’s ignore everything I just wrote and assume that body scanners and enhanced pat downs are the panacea that makes us 100% safe. So attacks on planes are no longer possible, the terrorists will all just go home to their caves and leave us alone, right?

No, of course not. They’ve already demonstrated that they are not limiting their attacks to aircraft (ask the folks in London and Madrid who saw attacks on trains and buses). Do you think we can fit those scanners to every train station? Every bus stop? Would that still be acceptable?

Perhaps we just shut down trains and buses (after all, you probably drive, so you wouldn’t miss them). I was in my early teens, going to school every day in the suburbs of London, when the provisional IRA set off a car bomb at the Harrods department store right before Christmas. Killing 6, and injuring 90 more who were just shopping for Christmas gifts. One of many bombs they set off while I was growing up. Do you want the backscatter scanners and pat downs at every mall too? Of course, that was a car bomb, so you’d need to scan the cars too.

Questioning The Rules Means They Win
Wrong! Making rules that unnecessarily restrict, humiliate or harm innocent people in any way is how they win. When we have to change our lives so dramatically, they win. When we are afraid to travel, they win. A terrorist’s end goal is not to bring down a plane, or destroy a train. The attacks are tools to strike fear into everybody.

Remember I said I was at school in a London suburb during one of the IRAs most violent periods. What did Londoners do? They carried on with their lives. Sure, a little more vigilance from everybody, but they didn’t put checkpoints at every station, bus stop and store. Even when the IRA killed a member of the royal family. The biggest “reaction” I can remember was to remove the cast iron garbage bins from the streets after the IRA dropped a bomb in one in Camden (cast iron bins become shrapnel when a bomb goes off inside one).

Conclusion
I believe today’s Americans could learn from the Londoners of the 1980s. Of course, the attacker, the threat and the root cause are different, but their end goal is the same. Don’t let them win.

You don’t need to be photographed naked or remove your shoes at airports if the security people are allowed to use some common sense. There are more types of profiling than racial profiling. I am pretty certain that the police and FBI here in the US use criminal profiling techniques every day (the FBI’s skill at profiling serial killers is world renowned). How about changing the TSA from being airport bouncers (with all the power trip problems that go with that rôle) into world class terrorist profilers?