The failing of American security spending

If you have any interest in security – physical or virtual – you should be reading Bruce Schneier’s blog (and subscribing to his Crypto-gram newsletter, but there’s a fair bit of overlap sometimes) regularly. In the past few weeks, he has written a few articles about the current problems with the American government’s security spending. In particular, I liked his write-up on airport security screening. He points out how poorly we are spending our security dollars for very limited effect.

It seems like every time someone tests airport security, airport security fails. In tests between November 2001 and February 2002, screeners missed 70 percent of knives, 30 percent of guns and 60 percent of (fake) bombs. And recently (see also this), testers were able to smuggle bomb-making parts through airport security in 21 of 21 attempts. It makes you wonder why we’re all putting our laptops in a separate bin and taking off our shoes. (Although we should all be glad that Richard Reid wasn’t the “underwear bomber.”)

This isn’t really surprising for a lot of folks, I suspect. I’ve seen similar results before, and most others reading this probably have as well. Bruce even continues by pointing out the fact that this really shouldn’t be unexpected.

The failure to detect bomb-making parts is easier to understand. Break up something into small enough parts, and it’s going to slip past the screeners pretty easily. The explosive material won’t show up on the metal detector, and the associated electronics can look benign when disassembled. This isn’t even a new problem.

In other words, take something we can recognize, break it into smaller pieces, and suddenly it is not so recognizable. Not that this explains the missed guns and knives, but it does explain a little of why security screening is a problem. Bruce writes more about the difficulty of doing the job well – for instance, it’s an issue of repetition and searching for potentially hard to find dangerous items in a mess of other similar looking but harmless items.

Further on in the article, he writes about the limited value in removing guns, knives, and other weapons:

And, as has been pointed out again and again in essays on the ludicrousness of post-9/11 airport security, improvised weapons are a huge problem. A rock, a battery for a laptop, a belt, the extension handle off a wheeled suitcase, fishing line, the bare hands of someone who knows karate … the list goes on and on.

And this is such a huge problem that no one making these silly security and screening rules wants to talk about. Too many people pretend that removing a certain category of weapons removes the threat.

Stopping box knives just means if (and let me interject here that I don’t believe airline hi-jacking is even a concern now, regardless of how much hype it still garners today) another 9/11-style were attempted, the terrorists would have to resort to things they can still assuredly get on board, like pens, laptop batteries, canes, umbrellas, and other seemingly harmless items for weapons. People forget a pen in the eye will still completely incapacitate an opponent. A laptop battery can smash a skull quite effectively, just as a cane can break a bone or an umbrella can be effective in gutting someone.

So how do we protect the planes if all these weapons are still available and feasably dangerous? Well, we don’t really – we need to focus on terrorism, not a single potential, unlikely, now low-risk target.

The terrorists’ goals have nothing to do with airplanes; their goals are to cause terror. Blowing up an airplane is just a particular attack designed to achieve that goal. Airplanes deserve some additional security because they have catastrophic failure properties: If there’s even a small explosion, everyone on the plane dies. But there’s a diminishing return on investments in airplane security. If the terrorists switch targets from airplanes to shopping malls, we haven’t really solved the problem.

I don’t hear a lot of people clamoring to protect our shopping malls. Sure, some people do, but so many people still focus on the old threat. Of course, that’s the American way, isn’t it? We have short attention spans and tend to focus on things that were problems in the past, rather than looking ahead to figure out what problems are likely in the future.

What that means is that a basic cursory screening is good enough. If I were investing in security, I would fund significant research into computer-assisted screening equipment for both checked and carry-on bags, but wouldn’t spend a lot of money on invasive screening procedures and secondary screening. I would much rather have well-trained security personnel wandering around the airport, both in and out of uniform, looking for suspicious actions.

When I travel in Europe, I never have to take my laptop out of its case or my shoes off my feet. Those governments have had far more experience with terrorism than the U.S. government, and they know when passenger screening has reached the point of diminishing returns. (They also implemented checked-baggage security measures decades before the United States did — again recognizing the real threat.)

Smart moves, smart comments. Too bad more people don’t pay attention to Bruce Schneier’s advice. We could stop wasting money on useless “protection” and put it to better use.

A lot of his article is quoted here, but there are still things I’ve left out. Head to his site and see what else Bruce says about all this. He’s a much better writer than I am.

[tags]Terrorism, Airport security, Security spending[/tags]