Security-by-credential or security-by-inspection

[Nomen Nescio]

There are so many misconceptions floating around here it's hard to know
where to begin.  But let's start with two points of agreement.

First, airport screening is far from perfect.  There is no way to detect
all possible threats coming on the airplane.  And given the technology
and time available, it will always be possible to smuggle aboard knives,
explosives and other dangerous devices more than sufficient to risk the
lives of everyone on that airplane.

Second, no ID based system is perfect, either.  People can falsify their
ID with varying degrees of expense and difficulty.  Moving to biometrics
can help but these can be spoofed as well.

But to conclude from these points that we should just let everyone
walk onto a plane with no more than the cursory inspection that has
been used in the past is pure bullshit.  Absence of perfection is no
argument against a system.  Someone once said that "all cryptography
is economics."  Well, all security is economics as well.  Any argument
which is based on the fact that loopholes and failures will exist is
irrelevant.  The point of security is to raise the cost of breaching it.
That's all.  Understanding and accepting this would raise the level of
the dialog considerably.

Given this fact, it makes no sense to intentionally blind screeners
to relevant data when performing their security analysis.  Those guards
should have every scrap of information possible available to them.  People
who have a history of violence, who make threats, who are associates
with known terrorists, all represent correspondingly greater risks.
An efficient screening system will use this information to determine
how carefully each passenger is examined.

Resources are finite, and it is highly inefficient to apply exactly the
same procedure to each individual.  You'll have far more security for the
same cost by allocating greater security resources to those individuals
who pose the greatest risk based on the data available.  They are the ones
who need their bags hand-searched.  They need the metal detector wand run
over their entire bodies.  They can empty their pockets and have their
shoes removed and inspected.  It is not practical to apply this level of
scrutiny to every passenger.  But by making use of public information,
high risk individuals can be subjected to high levels of inspection.

This is where the irony was pointed out, of cypherpunks calling for limits
on the use of information!  A group which prides itself on developing
technologies that can keep damaging information alive is suddenly afraid,
now that they may be the ones to suffer from their own past words.

Tim May himself has called for the nuclear destruction of Washington, DC.
He has expressed support for the actions of Tim McMay, sorry, McVeigh.
He threatens death to judges, police officers, even reporters who
misquote him.  He has said that the local police have put him on their
watch list as a potentially dangerous individual.  Clearly, he would be
a prime target for any selective screening effort.  And this is entirely
appropriate.  Certainly many of us here would feel more comfortable
riding on a plane with an unstable, violent individual if he had been
searched thoroughly, preferably including body cavities.

Some have claimed to object only because the government is involved in
the search.  That's a red herring in this case.  Yes, the government is
setting security policies, but they are only responding to public demand.
Any fully private security system would see the same kinds of checks in
order to get the flying public back into the air.  No one wants to fly
with someone who has a history of calling for the violent overthrow of
the U.S. government at a time when planes are being turned into guided
missiles.

Then there is the absurd fantasy that if unregulated, some airlines
would differentiate themselves by offering minimal screening in order
to corner the lucrative market composed of all the Tim McVeighs of
the world.  Only a blind man would think that businesses work this way.
In every industry there are a limited number of profitable market niches
and companies fight for those.  Fringe markets, like people who want
to fly with unscreened terrorists, are not served.  (Look at all the
successful companies selling products to cypherpunks.)  There would be
no airlines seeking such a market.  At a time when passenger levels have
dropped precipitously the airlines will do everything they can to assure
their passengers that they are safe.  That means screening of exactly
the type we are discussing.

A few other irrelevant points have been made.  Given that ID is not
perfectly reliable, do we need to tattoo numbers on people's forearms?
This is the fallacy of perfection.  ID can be combined with a simple
thumbprint for biometric identification (already widely used for cashing
checks) and you will raise the cost of forgery considerably.  Many of
the hijackers would have been caught simply by cross-referencing their
IDs against existing databases.  That's what El Al does and they have an
excellent safety record in the most terrorist-infested part of the world.

What about Chaum credentials?  Well, how would they help?  Are you
going to show a not-a-terrorist credential?  No one is in a position
to issue such a thing.  And even if you had one, how would you prove
it isn't stolen?  If ID can be forged then so can any other sort of
credential.  The Chaum technology is nothing but a pipe dream anyway.
It's never been used and never will be, because there is no incentive
(see above re unserved markets).

Then there is this whole "credential vs capability" debate.  This is
nothing but an ivory tower abstraction with very little relevance to
the practical problems involved in screening real people before they
get on an airplane.  Here's an arab guy who looks shifty and nervous.
They do a biometric face scan and run it through the customs database
against known terrorists.  Is that a credential?  A capability?  Neither,
it's just good security sense and the use of all information resources
available.

When confronted with an unpleasant reality, cypherpunks retreat into
their imaginary world of abstractions.  That doesn't help when planes
are falling from the skies.  Try to stick with reality for a few minutes
at least.  Information which is available will be used.  Screeners are
free to use any and all information that is relevant in assessing risk.

If cypherpunks would remove their blinders they would see that this is
entirely in keeping with the ideas of Blacknet and information wanting
to be free.  What, is Blacknet going to refuse to sell to Argenbright?
This is how far cypherpunks have come from their free market roots,
that somehow they think that information can be kept under wraps just
because it doesn't fit their ideology.  It's amazing to see a supposedly
pro-information group suddenly claiming that their own pasts should be
off limits when faced with a life or death situation.  Cypherpunks need
to take a harder look at themselves and resolve this contradiction.