Unpredictably Wrong

January 6, 2010

Matt Blaze has an excellent new essay at his “Exhaustive Search” blog, discussing recent developments in the screening procedures used by the TSA at airports.  I have written in an earlier post about some of the initial, silly changes to security procedures that were made following the unsuccessful attack by the Christmas “Underpants Bomber”.  It now seems that some of the more ludicrous restrictions will be relaxed:

A few days later the TSA, to its credit, rolled back some of the more arbitrarily punitive restrictions — in-flight entertainment systems can now be turned back on, and passengers are, at the airline’s discretion, again permitted to use the toilets during the last hour of flight.

However, as Mr Blaze notes, there are some aspects of the TSA’s revised approach that may do more harm than good.   Apparently the intent is to “randomize” the application of screening to individual passengers, so that it is difficult or impossible to predict just what kind and level of screening an individual will get:

According to the New York Times, the TSA’s strategy now relies heavily on “unpredictable” procedures that randomly subject passengers to different kinds of screenings at different times,

Random enforcement actions are used to good effect in many contexts, as the essay points out.  The IRS, for example, only audits a small fraction of the total returns filed.  Customs agents do not search every arriving traveler.  This approach is obviously much less expensive that exhaustive checking, and it works because the bad consequences of getting examined and caught deter even those who aren’t examined.

But, as the essay also points out, the payoff function for a terrorist organization, especially one that employs suicide bombers, is quite different.  The terrorists’ aim is not destruction per se, but to cause terror and disruption.  As Mr. Blaze points out, the optimal terrorist strategy may be just to increase the number of attackers.  When an attacker is caught, the security authorities face a dilemma: should they just arrest that person, or should they initiate a more comprehensive search?

We could simply arrest the unlucky suspect and do nothing else. But then what if there are others trying the same or similar things who aren’t screened in the same way? Is some other flight about to fall from the sky? And what if a second bomb-wielding terrorist is caught, perhaps with a slightly different kind of bomb? The only viable alternative at that point may be to shut down all commercial aviation until the the most rigorous screening possible can henceforth be applied universally, effectively creating the same kind of havoc that occurs after a successful attack.

In effect, if the terrorists  can saturate the system with potential attackers, they can cause a great deal of fear and disruption even if the attackers are caught.

Blaze’s suggestion, which I think makes a great deal of sense, is that the security screening should be focused on finding the obviously dangerous threats: an AK-47 in an attaché case, or a purse full of hand grenades.  Small acts of violence are of course undesirable; but, as with the Underpants Bomber, the flight crew and the other passengers are the back-up security system.

There is a reason that standard security engineering techniques emphasize the concept of “defense in depth”.  No single security measure can hope to be 100 percent effective, but by combining different measures with different failure properties, we can build a security system that works.


Mozilla Releases Firefox 3.5.7

January 6, 2010

The folks at the Mozilla organization have released a new version of the Firefox browser, version 3.5.7.  Details of the changes are in the Release Notes.  There are a couple of stability updates, and a fix for a minor problem with the built-in update mechanism, but there are no security fixes specifically listed.  The new version should be available via the built-in update system ( Help / Check for Updates from the main menu bar); you can also download installation binaries for all platforms (Mac OS X, Windows, and Linux), in 70+ languages, from the main download page.

For those who are still hanging on to version 3.0 x (support for which ends after this month), there is a corresponding new version 3.0.17, with Release Notes here, and downloads here.

I recommend installing this update.  If you are still using the 3.0.x release series, you should be planning to update to 3.5.x now.


%d bloggers like this: