Security-by-credential or security-by-inspection
Petro
petro at bounty.org
Tue Nov 13 03:56:51 PST 2001
On Thursday, November 8, 2001, at 04:10 PM, Nomen Nescio wrote:
> There are so many misconceptions floating around here it's hard to know
> where to begin. But let's start with two points of agreement.
>
> First, airport screening is far from perfect. There is no way to detect
> all possible threats coming on the airplane. And given the technology
> and time available, it will always be possible to smuggle aboard knives,
> explosives and other dangerous devices more than sufficient to risk the
> lives of everyone on that airplane.
>
> Second, no ID based system is perfect, either. People can falsify their
> ID with varying degrees of expense and difficulty. Moving to biometrics
> can help but these can be spoofed as well.
>
> But to conclude from these points that we should just let everyone
> walk onto a plane with no more than the cursory inspection that has
> been used in the past is pure bullshit. Absence of perfection is no
No, it isn't.
Since the rise of terrorism as a common practice among the worlds
political underclass, what percentage of passengers died or were injured
in such incidents?
I'd bet (I don't have the relevant numbers at hand) that it
approaches (but of course does not reach) 0.0 percent.
And even further, I'd be that if *no* checks were done, that the
number would drop even further, airline costs would drop (no need for
expensive x-ray machines and expensive security guard payrolls (yes, I
know they aren't paid that well, but to maintain the numbers of security
personnel, support personnel for the security personnel etc. is
expensive).
The vast majority of people are not terrorists, are not willing to
die for a cause, and are generally too afraid of the Law to commit
dangerous levels of violence on an aircraft.
> argument against a system. Someone once said that "all cryptography
> is economics." Well, all security is economics as well. Any argument
> which is based on the fact that loopholes and failures will exist is
> irrelevant. The point of security is to raise the cost of breaching it.
> That's all. Understanding and accepting this would raise the level of
> the dialog considerably.
While the above is relatively true, there are not, and would not be
"Airline Hackers" as you have "Computer Hackers" today. The marginal
cost of compromising a computer system is fairly small for the gains
received, you don't have to leave home, you rarely get caught, you can
get scripts which all you to try thousands of systems an hour etc.
None of this applies to the Airline sphere. The costs are massively
greater, as are the risks. You cannot "anonymously" hijack a plane
(although planting a bomb could still be done) (side note, how hard
would it be to bomb a US Postal service plane using several small
packages all mailed to the same town, all set with a pressure sensitive
switch what would cause the explosion at a certain air pressure?) you
have to be there in person to wave the weapon around, and you expose
yourself directly to a bunch of people who really don't want you to
succeed. If even one of them is armed, you are going to fail miserably.
> Given this fact, it makes no sense to intentionally blind screeners
> to relevant data when performing their security analysis. Those guards
> should have every scrap of information possible available to them.
> People
> who have a history of violence, who make threats, who are associates
How many people who have a "history of violence" (i.e. beat the
shit out of a drunk pawing their date) fly routinely and never cause a
problem?
> with known terrorists, all represent correspondingly greater risks.
> An efficient screening system will use this information to determine
> how carefully each passenger is examined.
An efficient police system would have 92% if the population behind
bars.
> Resources are finite, and it is highly inefficient to apply exactly the
Resources are sufficient to give each passenger a .41 derringer
loaded with 2 .410 shot shells.
No more planes will be hijacked. Guaranteed.
> same procedure to each individual. You'll have far more security for
> the
> same cost by allocating greater security resources to those individuals
> who pose the greatest risk based on the data available. They are the
> ones
> who need their bags hand-searched. They need the metal detector wand
> run
> over their entire bodies. They can empty their pockets and have their
> shoes removed and inspected. It is not practical to apply this level of
> scrutiny to every passenger. But by making use of public information,
> high risk individuals can be subjected to high levels of inspection.
They are also the most likely to have the resources and connections
to spoof the system.
> Some have claimed to object only because the government is involved in
> the search. That's a red herring in this case. Yes, the government is
> setting security policies, but they are only responding to public
> demand.
They are generating the public demand.
> Any fully private security system would see the same kinds of checks in
> order to get the flying public back into the air. No one wants to fly
> with someone who has a history of calling for the violent overthrow of
> the U.S. government at a time when planes are being turned into guided
> missiles.
I don't want to fly on an airline who treats any passenger as a
fucking criminal, who insists on a background check before boarding.
And I'm putting my money where my mouth is. In december I plan on
riding to the midwest to see my daughter, 2000-2500 miles each way in
winter on a rather small bike *just* so I don't have to deal with the
airlines and give them even more of my money.
> What about Chaum credentials? Well, how would they help? Are you
> going to show a not-a-terrorist credential? No one is in a position
> to issue such a thing. And even if you had one, how would you prove
If no one is in a position to issue such a thing, then no one is in
a position to institute the kind of data-gathering you would need for
your scheme.
> When confronted with an unpleasant reality, cypherpunks retreat into
> their imaginary world of abstractions. That doesn't help when planes
> are falling from the skies. Try to stick with reality for a few minutes
Really? how many have "fallen" in the last 30 years?
And how many of those were mechanical failures as opposed to
terrorist acts?
"Planes are falling from the skies" is rhetorical fecees. Our
government, and our country got the military equivelent of a black eye.
Yes, it hurts, yes it's embarassing as all hell, but it's being used as
an excuse for all the police state bullshit that the fascists under
Reagan, Bush, Clinton, and Bush wanted.
And you're at the trough lapping it up.
--
"Remember, half-measures can be very effective if all you deal with are
half-wits."--Chris Klein
More information about the cypherpunks-legacy
mailing list