[tptacek]

This article demonstrates what I like about Matt Blaze's physical security writing that I don't like about Schneier's.

Both are computer security experts by training, but Blaze's writing has a concrete engineering-driven perspective that Schneier's lacks. Schneier's writing always "feels" right, but leaves you with the sense that's it's not based on any operational reality.

It's probably not a coincidence that Matt Blaze has done formal research on physical security topics (safecracking, wiretapping, etc) --- in addition to being a bona fide computer scientist.

[rogersm]

First of all I must say I don't believe in these kind of unpredictable systems: rarely doing this 'select randomly the process from a set of processes' works better than using the best process in the set.

But I don't think this applies:

  But terrorist organizations -- especially those employing 
  suicide bombers -- have very different goals and incentives 
  from those of smugglers, fare beaters and tax cheats. 
  Groups like Al Qaeda aim to cause widespread disruption and 
  terror by whatever means they can, even at great cost to 
  individual members. In particular, they are willing and 
  able to sacrifice -- martyr -- the very lives of their 
  solders in the service of that goal. The fate of any 
  individual terrorist is irrelevant as long as the loss 
  contributes to terror and disruption. 

Training a terrorist has a cost, and he should succeed the "fate of any individual terrorist is not irrelevant". The terrorist group does not have an infinite number of terrorists (as he correctly concedes in the next paragraph).

So random screening works, not because that influences the behavior even of those who aren't checked, but because makes executing the attack more expensive to overcome the possibility of being detained in the random test.

Of course random screening is not as good as full screening, but from a realistic point of view is the only thing you can apply without shutting down world economy.

[alterego]

But if you read the article, I believe the point was that if the terrorist gets caught under a random system, the terrorist still achieves a positive result for the terrorists (the govt becomes forced to shut down aviation and then apply the maximum screening to everyone, causing expensive chaos and terror of its own).

[rogersm]

This is not the kind of chaos of terror the terrorist has on his mind. Otherwise they will be shutting down traffic light control systems.

Getting caught is a failure. A bomb exploding is a victory.

[tptacek]

Getting caught this time was a huge win. By all accounts, the guy who got caught was a nobody. Had he even been to the camps for training? For the cost of a pair of explosive underpants and the life of one shmuck, AQ is once again top-of-mind in the west --- not to mention the tens of millions of dollars of disruption the stunt caused.

There is a practically limitless supply of shmucks out there for AQ to weaponize. All they have to do is get better at converting them. What evidence do we have that this will be a long-term operational problem for AQ? Everything I see indicates that they will get better at it, not worse.

This is also why they aren't shutting down traffic lights. A failed attempt to shut down traffic lights wins nothing. Nobody is viscerally afraid of darkened traffic lights. In fact, until it happens, nobody is going to be viscerally afraid of someone taking out the grid. But everyone is afraid in their gut of exploding planes. Just the threat --- just 5% of the threat --- is enough to wreak havoc.

[tptacek]

Ramping up a new KSM has a high cost. Ramping up a mujahedeen to skirmish with NATO in Khost has a high cost. Ramping up the guys who know how to rig PETN bombs has high cost. Ramping up guys who can operate safe houses and route money through a paranoid cell system has a high cost.

Building the system has a high cost. Using the system to exploit the dumbfucks who get captured by the system in order to get them to put the explosive underpants on is cheap.

If the system was jeopardized by any terrorist attempt, you'd be right. But it isn't. It's like spam. It may have a 0.001% conversion rate, but as long as it pays off 10000000:1, it's sustainable and resilient.

[ghshephard]

I disagree with your premise that a comparison can be made between SPAM and Sending-terrorists into the American Aviation system. SPAM is cheap because it is simply software than can be used to send out billions of copies. The number of possible jihad-motivated individuals that can be sent into the American Aviation system, between the screening, visa, and no-fly/selective screen lists (that you just _know_ are about to get a lot more aggressive in the next 90-120 days) is pretty limited.

There just aren't that many jihadists that will be allowed to fly without a lot of careful screening anymore.

Particularly after international airlines now have some experience with patting down and inconveniencing _all_ of their customers as a result of missing the christmas underwear bomber - there is now a pretty good incentive for them to start being cautious about those who were in gray area previously. No more gray area - if there are doubts (I.E. you are on the TIDE list) - you get checked carefully.

[tptacek]

You keep using this word "jihadist" as if the people on the flights have spent a year running obstacle courses and stripping down kalashnikovs in the camps in Waziristan. That's not who they'll put on the planes. For every AQ op that can shoot straight, somewhere in the world there are 100 shmucks that can put a pair of underpants on and board a plane.

All AQ has to do is get better at taking mentally unstable people from unstable parts of the world and pointing them in the right direction. 90% of them will fail. Hell, 99%. But the 1% that succeed will make us react horribly to the other 99%.

[gojomo]

Theoretically, yes. But why hasn't AQ gotten better at this "flood 'em with attempts" strategy so far?

Perhaps even most fanatics and angry unstable people prefer to shoot at soldiers than take a 99-in-100 chance of winding up in infidel custody, famous only in failure.

[ghshephard]

Per - Jihad: The Origin of Holy War in Islam. Oxford University Press

'The term "Jihad" used without any qualifiers is generally understood in the West to be referring to holy war on behalf of Islam.'

What I'm trying to state is that the number of individuals who have radicalized to the point at which they will blow themselves up AND are authorized to fly on the American Aviation system, are few and far between. Even the christmas underwear bomber had been reported to both the CIA and State Department. If they had simply taken the father at his word "My Son is radicalized islamist and has a Visa which permits him to fly into the USA" they would have put him onto a list of selective screening and a bit of an extra pat-down, if not revoked his Visa in the same manner as the UK.

You can be certain that the TIDE list is going to be aggressively reviewed, and the list of 14,000 or so people currently targeted for selective screening is going to grow dramatically in the next few months.

[pyre]

> You can be certain that the TIDE list is going to be aggressively reviewed, and the list of 14,000 or so people currently targeted for selective screening is going to grow dramatically in the next few months.

They really need to make this a list of names/photos instead of just a list of names. The idea that we can target terrorists with a 'no-fly list' based entirely off of someone's name and not the mugshot is absurd.

[btilly]

Ironically religious beliefs mean that Islamic extremists won't let people with a known mental illness become suicide bombers. So they have to filter for sane people then get them to act insane.

[tptacek]

Uh, what?

[gojomo]

Also, consider that the greatest threat is not from people who hope to live and accept a strategic risk of death. Rather, the greatest threat is from people who believe that death is the ultimate success, for both their worldly and otherworldly aims.

While a one-in-a-twenty chance of success sounds good from a terror chief's perspective, no suicide bomber wants a 95% chance of winding up in captivity, famous only as a failure. Out of the twenty, they want to be the one!

So plans that allocate many participants to expected capture will have far fewer volunteers. And every report of a capture will decrease potential-volunteers' willingness to sign up, because they will adjust upward their expectation of embarrassing capture rather than martyrdom.

[tptacek]

What AQHQ knows about the odds of success for a operation are and what some shmuck is told about the odds of success are two different and unrelated things.

[gojomo]

Even granting that the bombers are gullible and unstable, and that "AQHQ" will oversell them on the chances of success, they can see the actual track record, and the mere act of training them sensitizes them to all the ways things can go wrong.

There's also a tradeoff between their naivete and effectiveness: a bumpkin who's never traveled internationally might believe whatever his handlers tell him, but is also more likely to draw suspicion or otherwise foul the mission.

[ghshephard]

Another thing to note - Matt Blaze typically approaches security scenarios with a different cost/benefit perspective than Schneier, for example Blaze writes:

"The TSA's much maligned "three ounce" liquid rule is, in fact, a nice example of good security engineering of this kind. "

Schneier, on the other hand, considers the inconvenience to travelers to be not worth the hassle. He always seems to fail to recognize the principles of defense-in-depth, and over-emphasizes the importance of stopping the terrorist before they launch an attack. I say this as someone who has ready pretty much every essay and book he has ever written, sometimes multiple times.

For example:

http://www.schneier.com/blog/archives/2006/08/terrorism_secu...

". Banning box cutters since 9/11, or taking off our shoes since Richard Reid, has not made us any safer. And a long-term prohibition against liquid carry-ons won't make us safer, either. It's not just that there are ways around the rules, it's that focusing on tactics is a losing proposition."

o Banning box-cutters (and other sharp devices) has made it much more difficult to bring on an _effective_ weapon on board a plane. Nobody is denying that you can still fashion a shiv, of some kind - but the amount of damage you can do with a roughly fashioned hand weapon, versus something designed to kill lots of people at close range, is enough to deter people from trying to do so. Note - one of the principal reasons for banning box cutters and their like is so that the _other_ passengers on the plane have a pretty straightforward mechanism for subduing a malevolent passenger.

o Banning Large amounts of liquids, in the face of Liquid Bombs being _actually designed_ just makes good sense. Likewise banning powdered substances (PETN) from being brought onto planes makes sense now that we know that there are active attempts to use this vector.

Focusing on tactics is actually a very effective proposition - It's actually pretty damn difficult to bring down a plane these days from inside - not impossible, I'm sure there are a lot of vectors still left, but they are getting pretty few and far between. Not to say you don't still try and stop attacks at their source, but, if one gets by - you hope that further lines of defense will stop them.

[tptacek]

Maybe it's just that Blaze's stuff seems falsifiable, and Schneier's stuff is slippery and abstract. At least we can argue rationally about the three-ounce rule. But if you accept Schneier's argument, there's no incremental discussion to be had.

Even if I agree with that (I do more than I don't), it's not productive. Regardless of whether "it's time for the TSA to go" (+34 yesterday last time I checked), the TSA isn't going anywhere. Shut up?

[jeremyw]

He always seems to fail to recognize the principles of defense-in-depth...

That's a broad claim given that Schneier's built his reputation/business around defense-in-depth. It's practically his hobby horse and I don't read any such misunderstanding in his essays on the TSA.

[ghshephard]

Of course he has built his reputation on it - I've probably learned half of what I know about defense-in-depth from Schneier. The thing is, when it comes to aviation security, he has a tendency to discount the importance of preventing bad things from getting on airplanes, and over emphasize the importance of preventing bad people from getting on airplanes.

I think they are both important. The TSA clearly thinks the "prevent bad things from getting on airplanes" is a more containable problem. We have the NSA/CIA/FBI and other intelligence services that will work on the bad-people problem, which in no way means we can't simultaneously dedicate resources to the "bad things on airplane problem."

As an aside, our last line of defense is clearly "Prevent Bad people from doing bad things on airplanes" - which is how both the christmas underwear bomber and the shoe bomber were stopped.