[ghshephard]

Another thing to note - Matt Blaze typically approaches security scenarios with a different cost/benefit perspective than Schneier, for example Blaze writes:

"The TSA's much maligned "three ounce" liquid rule is, in fact, a nice example of good security engineering of this kind. "

Schneier, on the other hand, considers the inconvenience to travelers to be not worth the hassle. He always seems to fail to recognize the principles of defense-in-depth, and over-emphasizes the importance of stopping the terrorist before they launch an attack. I say this as someone who has ready pretty much every essay and book he has ever written, sometimes multiple times.

For example:

http://www.schneier.com/blog/archives/2006/08/terrorism_secu...

". Banning box cutters since 9/11, or taking off our shoes since Richard Reid, has not made us any safer. And a long-term prohibition against liquid carry-ons won't make us safer, either. It's not just that there are ways around the rules, it's that focusing on tactics is a losing proposition."

o Banning box-cutters (and other sharp devices) has made it much more difficult to bring on an _effective_ weapon on board a plane. Nobody is denying that you can still fashion a shiv, of some kind - but the amount of damage you can do with a roughly fashioned hand weapon, versus something designed to kill lots of people at close range, is enough to deter people from trying to do so. Note - one of the principal reasons for banning box cutters and their like is so that the _other_ passengers on the plane have a pretty straightforward mechanism for subduing a malevolent passenger.

o Banning Large amounts of liquids, in the face of Liquid Bombs being _actually designed_ just makes good sense. Likewise banning powdered substances (PETN) from being brought onto planes makes sense now that we know that there are active attempts to use this vector.

Focusing on tactics is actually a very effective proposition - It's actually pretty damn difficult to bring down a plane these days from inside - not impossible, I'm sure there are a lot of vectors still left, but they are getting pretty few and far between. Not to say you don't still try and stop attacks at their source, but, if one gets by - you hope that further lines of defense will stop them.

[tptacek]

Maybe it's just that Blaze's stuff seems falsifiable, and Schneier's stuff is slippery and abstract. At least we can argue rationally about the three-ounce rule. But if you accept Schneier's argument, there's no incremental discussion to be had.

Even if I agree with that (I do more than I don't), it's not productive. Regardless of whether "it's time for the TSA to go" (+34 yesterday last time I checked), the TSA isn't going anywhere. Shut up?

[jeremyw]

He always seems to fail to recognize the principles of defense-in-depth...

That's a broad claim given that Schneier's built his reputation/business around defense-in-depth. It's practically his hobby horse and I don't read any such misunderstanding in his essays on the TSA.

[ghshephard]

Of course he has built his reputation on it - I've probably learned half of what I know about defense-in-depth from Schneier. The thing is, when it comes to aviation security, he has a tendency to discount the importance of preventing bad things from getting on airplanes, and over emphasize the importance of preventing bad people from getting on airplanes.

I think they are both important. The TSA clearly thinks the "prevent bad things from getting on airplanes" is a more containable problem. We have the NSA/CIA/FBI and other intelligence services that will work on the bad-people problem, which in no way means we can't simultaneously dedicate resources to the "bad things on airplane problem."

As an aside, our last line of defense is clearly "Prevent Bad people from doing bad things on airplanes" - which is how both the christmas underwear bomber and the shoe bomber were stopped.