stupid security rules

[piranha]

bruce schneier is making two points about ridiculous security rules: 1) they turn regular people into criminals (PA supreme court justice tries to sneak small swiss army knife through airport security) and 2) that this sort of incident qualifies not as a success as the TSA wants us to believe, but as a security failure because it flags innocent people.

i agree with 1) because i tend to be fairly quick at violating rules i view as dumb and ineffectual, and i know i am not alone.

but i am of two minds about 2). it's a failure only in hindsight, isn't it? airport security does not know who is an innocent and generally upstanding member of society. and if there were no special rules about what items one can carry onto an airplane, there would be an increased chance of any random nutcase acquiring a weapon from an innocent person (i am generally more worried about nutcases than terrorists). so i can, to some degree, understand why the TSA counts any prevention of a weapon-like item being taken onto a plane as a success, though i don't appreciate how that gets blown out of proportion, as if any actual terrorists had been caught by these measures, and as if those tests were foolproof (hell, no).

where i part ways with the TSA is over what items are on their list of dangerous items. let's hear it for guns, sure, and for explosives. but i think a 2 inch knifeblade on a keyring swiss army knife is extremely unlikely to be a danger. yes, i know some of the 9-11 terrorists used box cutters, which have an even shorter blade. but you know? that doesn't matter anymore. all the hoopla about nail clippers, knitting needles, and small knives is wasted effort, wasted money, and wasted goodwill. i do not believe that it will be possible to hijack another plane in the US with anything like that as one's only weapon. in fact it might not be possible to hijack a plane at all anymore without something like automatic weapons or explosives. i believe there will always be people on a plane now who will be determined to stop the hijackers. and all the TSA is doing, is ensuring those of us who would band together to jump the fuckers have absolutely nothing we might use as a weapon in an emergency.

billions of dollars are now going into ineffectual security measures, while restricting the civil rights of law abiding people. it's stupid because it detracts efforts and funds from fighting the actual dangers, and it lulls people into a false sense of security.

Comments

[novazembla.livejournal.com]

Only yesterday I bought another keyring Swiss Army knife to replace the one I forgot to slip off my keyring when headed to Boston earlier this month and had to forfeit. I have a feeling I'll forget this one next month when I'm off to Louisiana.

@%

[kightp.livejournal.com]

For what it's worth, the TSA has backed off considerably on its original list of prohibited items. Both nail clippers and knitting needles, for instance, are expressly permitted in carry-on and checked luggage these days. (The current prohibed-permitted list can be found here (http://www.tsa.gov/public/display?theme=177).)

[tigertoy.livejournal.com]

I'm totally with you on the counter-productiveness of stupid laws that large numbers of people will either not obey or resent obeying. The way traffic enforcement concentrates on stupid speed limits doesn't do very much to make the roads safer, but the fact that every time the average driver sees a cop he experiences fear does, IMAO, significantly worsen the public's attitude toward the police in general, which in turn makes it much harder to protect public safety in general. And don't even get started on US drug policy.

[king-tirian.livejournal.com]

This (http://www.cnn.com/2005/TRAVEL/02/14/airport.knife.found.ap/index.html) is another hilarious TSA story in the news.

I'm mildly bothered by silly laws, but highly bothered that I fear they are applied unevenly. "Thomas Saylor" tries to smuggle a knife onto a flight after being expressly told he cannot, and he might be looking at a $6K fine. Of course he's not a threat to national security, he's just a regular Joe that doesn't want to lose a keepsake. But what if it were someone named "Mohammed Aziz" who tried to deliberately sneak a weapon on a plane or a man who had vacationed in Egypt eighteen months ago accidentally leaving a butcher knife in a carry-on? There's a one-way trip to Gitmo and you can talk to a lawyer when the Democrats regain control of the White House.

Definition of security success

[eagle]

I think Schneier is using security success in the technical way that one uses it when doing computer analysis, whereas TSA is using it in a practical way that can be measured. I can see both sides of it.

From a theoretical perspective, success involves keeping bad things from happening (false negative) and failure involves impinging on the desired actions of people who wouldn't have done anything bad (false positive). By that definition, refusing to let someone on the plane carrying high explosives is still a security failure (or perhaps to use less charged language, a security cost -- it's a failure in the false positive sense, though) if they wouldn't have set off the explosives. This method of analysis is better from a theoretical standpoint, I think, because it includes all of the real costs. There is a cost in not allowing people to transport high explosives on a plane. It's a cost that pretty much everyone agrees should be paid, but that doesn't make the cost go away or mean you don't have to count it as a cost.

There is no perfect security. There are always false positives and false negatives, as well as general verification overhead everyone pays. The goal of a security policy is to achieve an acceptable quantity of false negatives while minimizing the overall cost of security, which is the sum of the cost of the false positives and the total verification cost.

The drawback, of course, is that there's almost no practical way of measuring success directly using that sort of analysis, since it's nearly impossible to tell whether or not the person you prevented from getting on the plane would have done something.

However, the problem with the TSA definition of success, and what I think Schneier is trying to point out, is that there's a subtle redefinition going on that hides some of the real costs of security and also changes public perceptions in a scary way. The TSA definition to a degree has lost track of the purpose of airline security, which is not to keep dangerous items off of planes but rather is to protect planes. It has redefined the bad people from the set of people who try to attack planes to the set of people who try to bring dangerous items onto planes, even if they are completely trustworthy. This happens in other areas when in order to prevent an end result, we outlaw a means to that result (which could also be a means to other results), and then our thinking shifts and we consider anyone pursuing those means to be the criminal even when they weren't doing it for the original reason we were trying to prevent. For instance, now people think of anyone who tries to bring a gun onto a plane as a criminal because bringing a gun onto a plane has been successfully redefined as inherently bad, instead of just something that we are preventing because we're trying to prevent actions made possible by the presence of the gun. I think Schneier is trying to highlight that shift and point out that it's to some degree artificial.

There are, of course, some actions that are dangerous in many different ways even if the person is trustworthy (high explosives on a plane, to use my own example, are simply a bad idea even if one ignores terrorism entirely), so the analysis isn't as simple as all that. But that's what I saw in his way of putting it.

[firecat]

I had a swiss army knife in my fanny pack on the way to Las Vegas over President's Day weekend. I didn't discover it until the day I was supposed to leave, when I was digging around in my fanny pack looking for something else. Since I wasn't checking luggage on that trip, I ended up giving it to my hosts because I'd rather they got to keep it than airport security.

I had a metal http://www.securityedition.com/ card with me the time before that. I didn't put it in the bin, I left it in my fanny pack, and my pack got searched - every pocket except the one the card was in.