Emergent Chaos

• Ed Hasbrouck on “Lessons from the case of the man who set his underpants on fire”
• A Canadian woman who’s been through the new process is too scared to fly. “Woman, 85, ‘terrified’ after airport search.” Peter Arnett reported
  

  “‘It became necessary to destroy the town to save it,’ a TSA major said today. He was talking about the decision by allied commanders to shock and awe the public regardless of civilian casualties, to rout al Qaeda.”

• Ethan Ackerman on risks of ionizing radiation, via Froomkin, but also see Technology Review, “How Terahertz Waves Tear Apart DNA.”
• TSA has been telling us that the machines “can’t” record you naked, while ordering machines that can. See EPIC Posts TSA Documents on Body Scanners. TSA responded, and Ed Hasbrouck responds TSA lies again.
• The EU is objecting to new US rules, and the Pirate Party of Berlin is protesting them.
• If you want to see why they’re protesting, watch this not safe for work video, “Body scanner, with detailed genitalia reporting”
• There’s a well worth reading article by Paul Campos in the Wall St. Journal, “Undressing the Terror Threat:”
  

  I’m not much of a basketball player. Middle-age, with a shaky set shot and a bad knee, I can’t hold my own in a YMCA pickup game, let alone against more organized competition. But I could definitely beat LeBron James in a game of one-on-one. The game just needs to feature two special rules: It lasts until I score, and when I score, I win.

  We might have to play for a few days, and Mr. James’s point total could well be creeping toward five figures before the contest ended, but eventually the gritty gutty competitor with a lunch-bucket work ethic (me) would subject the world’s greatest basketball player to a humiliating defeat.

  The world’s greatest nation seems bent on subjecting itself to a similarly humiliating defeat, by playing a game that could be called Terrorball. The first two rules of Terrorball are:

  1. The game lasts as long as there are terrorists who want to harm Americans; and
  2. If terrorists should manage to kill or injure or seriously frighten any of us, they win.

As I simmer with anger over how TSA is subpoening bloggers, it occurs to me that the state of airline security is very similar to that of information security in some important ways:

• Failures are rare
• Partial failures are generally secret
• Actual failures are analyzed in secret
• Procedures are secret
• Procedures seem bizarre and arbitrary
• External analysis seems to show that the procedures are fundamentally flawed
• Those charged with doing the work appear to develop a bunker mentality

In this situation, anyone can offer up their opinions, and most of us do.

It’s hard to figure out which analysis are better than others, because the data about partial failures is harder to get than opinions. And so most opinions are created and appear equal. Recommendations in airline security are all ‘best practices’ which are hard to evaluate.

Now, as Peter Swire has pointed out, the disclosure debate pivots on if an attacker needs to expose themselves in order to test a hypothesis. If the attacker needs to show up and risk arrest or being shot to understand if a device will make it through a magnometer, that’s very different than if an attacker needs to send packets over the internet.

I believe much of this swivels on the fact that most of the security layers have been innocently exposed in many ways. The outline of how the intelligence agencies and their databases work is public. The identity checking is similarly public. It’s easy to discover at home or at the airport that you’re on a list. The primary and secondary physical screening layers are well and publicly described. The limits of tertiary screening are easily discovered, as an unlucky friend discovered when he threw a nazi salute at a particularly nosy screener in Amsterdam’s Schiphol airport. And then some of it comes out when government agencies accidentally expose it. All of this boils down to partial and unstructured disclosure in three ways:

1. Laws or public inquiries require it
2. The public is exposed to it or can “innocently” test it
3. Accidents

In light of all of this, the job of a terrorist mastermind is straightforward: figure out a plan that bypasses the known defenses, then find someone to carry it out. Defending the confidentiality of approaches is hard. Randomization is an effort to change attacker’s risk profiles.

But here’s the thing: between appropriate and important legal controls and that the public goes through the system, there are large parts of it which cannot be kept secret for any length of time. We need to acknowledge that and design for it.

So here’s my simple proposal:

1. Publish as much of the process as can be published, in accordance with the intent of Executive Order on Classified National Security Information:
   

   “Agency heads shall complete on a periodic basis a comprehensive review of the agency’s classification guidance, particularly classification guides, to ensure the guidance reflects current circumstances and to identify classified information that no longer requires protection and can be declassified,”

   That order lays out a new balance between openness and national security, including terrorism. TSA’s current approach does not meet that new balance.

2. Publish information about failed attempts and the costs of the system
3. Stop harassing and intimidating those like Chris Soghoian, Steven Frischling or Christopher Elliott who discuss details of the system.
4. Encourage and engage in a fuller debate with facts, rather than speculation.

There you have it. We will get better security through a broad set of approaches being brought to the problems. We will get easier travel because we will understand what we’re being asked to do and why. Everyone understand we need some level of security for air travel. Without an acrimonious, ill-informed firestorm, we’ll get more security with less pain and distraction.

This is unfair, but I can’t resist. Nine days before we found out again that PETN is hard to detonate, the FBI was keeping us safe:

FBI FINALLY MAKES AN ARREST OVER ‘WOLVERINE’ LEAK

The FBI has announced the capture of an individual connected with the leak of 20th Century Fox’s “X-Men Origins: Wolverine.”

…

“Wolverine” has raked in nearly $375 million in worldwide gross since its release. How much money the leak cost Fox will never be settled for certain.

I’m glad we’re spending money on things to keep us safe.

• Air Canada is canceling US flights because of security. (Thanks, @nselby!)
• The New York Times reports that “Britain Rejected Visa Renewal for Suspect.” NPR reported that the State Department may have raised some sort of flag, but I don’t have a link.
• ABC is reporting that two of the “al Qaeda Leaders Behind Northwest Flight 253 Terror Plot Were Released by U.S..”
• Spencer Acerkman talks about “al-Qaeda’s Desperate Bid For Relevance, The Failed Plane Attack & Afghanistan:” “First, al-Qaeda’s signatures are redundance and simultaneity. Think 9/11, Madrid, London: all used multiple operatives focused on multiple targets, acting in unison. That’s to ensure something blows up if and when something goes wrong.” (Hmmm, also think US Cole, but the article is worth reading.) Thanks to Jim Harper, who also mentions that-
• On January 13th, CATO will be holding a forum on “The Obama Administration’s Counterterrorism Policy at One Year.”

And for the prurient interest, the underwear, apparently still containing the explosives. It looks like they were cut off with scissors, implying that he was wearing them at the time. I wonder how much explosive energy a human thigh absorbs?

In conversation, a friend mentioned that the media whirlwind overwhelms the right response, which is to go on with our lives. Which is what I shall now do. Look! A burning goat!

Since there’s been so much discussion about the Chrismas Bomber, I want to avoid going over the same ground everyone else is. So as much as I can, I’m going to try to stick to lightly-treaded ground.

This is a failure for the terrorists. A big one. Think about it; put yourself on the other side of the chessboard and read this movie-plot description. Yemeni Al Qaeda has a newly-radicalized, rich engineering student who wants to strike a blow against the evilness of George Clooney and Vera Farmiga. Despite being ratted out by his father, the student gets a visa, likely because he’s “wealthy, quiet, unassuming.” Using the very clever tactic of getting on a plane in Africa and transferring onto an American flight, he has one of the most powerful high explosives known sewn into his pants. Before landing in MoTown, he — fails to detonate it. Think about that again. An engineering student from one of the best universities in the world fails to set off a bomb in his lap. Worse, he ended up with a fire in his pants, leading to many humiliating jokes.

Fail, fail, fail. Epic fail. Face-palm-worthy epic fail. Worse, the US is sending counter-terrorism folks to Yemen to help find the people who planned this epic failure. For them, this is just bad, and about as bad as it gets. Supposedly, recruit these guys with promises of a half-gross of virgins, not with burning their nuts off. Ridicule is one of the most powerful forces there is, and this is deserved.

On top of this, now that the would-be bomber has been captured, he is singing like the proverbial canary. So that means that the planners really should be looking for new places to stay, because even their allies will want to purge losers from their ranks, or at least not take the fall for them.

Yet, all is not lost for the forces of terrorism. The world’s security services have panicked and instituted to security procedures that will actually make it easier for the next person by setting up rules that everyone’s supposed to stay in their seats in the last hour of flight. But that’s pretty slim pickings for them. It’s not even as good as the one-last-shocker in the traditional horror film.

Defense-in-Depth Works. The major problem in fighting terrorism is that the fraction of figure to ground is between six and nine orders of magnitude. If you look at it as a signal processing issue, that’s -60 to -90 decibels of signal in noise.

Any detection system has to deal with false positives and false negatives. In the counter-terrorism biz, that means you have to deal with the inevitability that for every terrorist, you’ll be stopping tens if not hundreds of thousands of innocents. And remember as well, the times that the terrorist is not actually on a terror mission, they’re innocents.

So yeah, the guy was on a watch list. So are a million other people. (And yes, this is a reason why we need to trim the watch list, but that’s a different issue and has a different set of problems.) (And yes, yes, those million other people are only the US citizens on the list.) This still leaves the problem of what they’re supposed to do when some rich guy complains that his son has fallen in with the wrong crowd.

Here are some hard questions: Do we search every kid who pissed off a relative? Do we search everyone who ever went to Yemen? Damascus? How about people who change planes? Travel in carry-on? Have funny underwear?

The answer is that we can’t do that, and even if we do, we merely teach the bad guys how to adapt. The point of defense-in-depth is that you stack a series of defenses, each of which is only a partial solution and the constellation of them works, not any given one. Airport screening worked some — he didn’t get in a good detonator. Passenger resistance worked some — once there was a firecracker-like explosion and a fire, they saved the plane. Defense-in-depth in toto worked.

This is not the reason to disband DHS. This is not the reason to sack Napolitano. Note that I did not say that DHS shouldn’t be disbanded. Nor did I say that Napolitano shouldn’t be sacked, merely that if you’re looking for a reason, this isn’t it.

If we look at what happened and think about what we could do better, DHS isn’t involved. The visa issue is the one to examine and DHS doesn’t give out visas, State does.

My criticism of DHS is that they flinched. They’ve put up these brain-dead stupid policies that are going to annoy travelers and are as likely to make us less safe, not more safe. They should have said that the system worked and there will be no changes so have a happy new year and stay calm.

I am willing to cut them a bit of slack, but if they don’t change their tune to “Keep Calm and Carry On,” then there will be a reason to start demanding heads. Sending people to Yemen was the right response. No headphones on the plane is the wrong one.

If DHS and TSA want to give people reason to call for firings and disbandings, they should keep doing what they’re doing now, not then.

Life is Risk. Keep calm and carry on is good advice for the rest of us, too. The vast majority of us are more likely to be struck by lightning while being eaten by a shark than we are to be a victim of a terrorist. Nonetheless, there are bad, crazy people out there. Sooner or later, no matter what we do, somethings’s going to happen. A plane will go down, a ship will have a bomb on it, a train will be attacked, or something will happen.

The actual risk of terrorism is so low that most adaptations are worse than the threat. More people died in traffic accidents as a result of shunning airplanes after 9/11 than in the actual attacks. After those attacks, the best terrorist second punch would have been a simple suicide bomber in the airport security lines.

When we wring our hands because we think that risk should be zero, we’re part of the problem, too. Schneier is right: we need more investigation and counter-terrorism and less security. Kudos to CNN and Maddow for airing a bit of reason.

So we should all thank our lucky stars that PETN isn’t as easy to detonate as we’re told. We should thank the same stars for passenger resistance. And we should breathe a sigh of relief for an incident that was botched so badly it’ll make others think twice or three times or more. And while you’re at it, don’t play with sharks in a thunderstorm.

• The Economist “The latest on Northwest flight 253:” “the people who run America’s airport security apparatus appear to have gone insane” and “This is the absolute worst sort of security theatre: inconvenient, absurd, and, crucially, ineffective.”
• Business Travel Coalition, via Dave Farber and Esther Dyson, “Aviation Security After Detroit:” “It is welcome news that President Obama has ordered an airline industry security review so long as it is strategic in nature.”
• Stuart Baker, “Six Uncomfortable Answers” which seems to boil down to “identity-based security has failed, let’s not address the good reasons why, and build more of it.” Usually Stewart has been more insightful than this. But then he writes “I asked several questions about how good the screening was in Nigeria and at Schiphol. I now think that it barely matters how good a job those screeners did. Without a reason to treat Abdulmutallab differently from other passengers, the current level of screening wasn’t likely to find the explosives.” Actually, as he points out, no acceptable level of screening is likely to find the explosives.
• The New York Times points out that “Questions Arise on Why Terror Suspect Was Not Stopped :” “That meant no flags were raised when he used cash to buy a ticket to the United States and boarded a plane, checking no bags.” It used to be that that got you extra screening. Why did we stop?
• Gawker, “The Shady Mainstream Media Payday of Flight 253 Hero Jasper Schuringa”
• I lost the link, but someone else pointed out that the new, alleged TSA rules would have made it a crime to get up and stop Abdulmutallab when he tried to set off his bomb.
• This comment on the Flyertalk thread raises the interesting question: are terrorists planning to fail, expecting over-reaction by governments? Provocation would not be a new page in terror playbooks.
• Alleged text of SD 1544-09-06
• Every international traveller to the US is being asked to spend an extra hour on these measures. Cormac Herley’s “So Long, and No Thanks for the Externalities: the Rational Rejection of Security Advice by Users” is absolutely irrelevant, unless travel to the US falls. Again. Which, of course, makes the odds of each remaining traveller being a terrorist materially higher.

Apparently, in the wake of thousands of deaths from idiots paying more attention to GPS, cell phones, GameBoys, iPods and other such electronic devices, TSA has announced a ban on all use of such devices for the last hour of your commute.

No, just kidding. Apparently, they may be imposing new secret restrictions on use of electronics during the last hour of flight.

How can we break the cycle of terrorist does something irksome, we all pay forever? Our current oversight isn’t restraining DHS or TSA.

The BBC has some really scary video “Detonation of Liquid Explosives.” However, as I thought about it, I grow increasingly confused by what it purports to show, and the implications.

At the end of the day, I think there are two possibilities: It’s a fair representation, or it’s not. I’m leaning slightly towards the second.

If it’s a fair representation, then why are we still drinking on planes? What’s the point of allowing us to bring in smaller amounts of stuff if a 16 ounce bottle can be bought at the airport, washed out, and used to contain whatever that is?

The second choice is that it’s misleading. First, we don’t see what’s being mixed: we see an orange powder poured into a liquid, with a jug labeled water nearby. We the expert tilting the bottle back and forth to mix it. Second, we don’t see how it’s detonated. Third, we don’t really see the placement of the bottle, or how many bottles are placed. There’s an implication that it’s one, but no statement. (In fact, there’s a lack of a statement of how much of a liquid bomb was used. The BBC website say “a liquid bomb.” We don’t see if there were squibs or other games played.

The BBC ought to tell us more about what they showed.

And the reason it doesn’t work is that just because you’re allowed to own something doesn’t mean you’re allowed to export it. The use, ownership, production, etc. of crypto was never restricted, only its export. In an Intenet-enabled world, export control brings lots of hair with it, which is why it was important to fight export restrictions. I could go on, but I’ve already ruined an otherwise amusing strip.

An Israeli teenager has been arrested after he donned a mask and prowled the streets of his town with a big rucksack and toy gun for a school project. The boy, 15, was seized by police in the southern town of Ashdod suspecting he was a Palestinian militant. The student was quoted as saying he was researching police reactions in the town and “just wanted to get an A+”. The stunt was considered highly risky in Israel, where attackers are often shot by police or civilians.

…

The youth was later released on bail and was not charged.

“It’s fine – he tested the police reaction,” [Ashdod police commander] Elgaret said. (From the BBC, “Israel teen ‘gunman’ wanted an A+”

Contrast that response to that in Boston, where the police said Star Simpson was “extremely lucky she followed the instructions or deadly force would have been used,” and where she was then charged with wearing a fake bomb.

In both cases there was a failure of judgement on the part of the kid. In the Israeli case, the failure was substantially larger: he tried to look like a terrorist, rather than doing so accidentally.

But in Israel, the police didn’t over-react, and didn’t charge the student.

The Israelis have regular incidents of terrorism, they know that being tested is an important part of maintaining their readiness. Much more importantly, their leadership that knows that panic and terror are exactly what the terrorists want. What societies facing terror should want is exactly what the Ashdod police displayed at all levels: a professional and restrained response.