PolySciFi Blog

Tuesday, February 15, 2005


Bruce Schneier

Bruce Schneier, author of Secrets and Lies, has a great piece today in his Cryptogram newsletter. He's on a government work group that is studying "Secure Flight," the U.S. government's new terrorist watch list program. The good news is, they're making improvements to the system that will make it less of a waste of money. The bad news is it's still kind of a waste of money. Here's Schneier:

Imagine for a minute that Secure Flight is perfect. That is, we can ensure that no one can fly under a false identity, that the watch lists have perfect identity information, and that Secure Flight can perfectly determine if a passenger is on the watch list: no false positives and no false negatives. Even if we could do all that, Secure Flight wouldn't be worth it.

Secure Flight is a passive system. It waits for the bad guys to buy an airplane ticket and try to board. If the bad guys don't fly, it's a waste of money. If the bad guys try to blow up shopping malls instead of airplanes, it's a waste of money.

If I had some millions of dollars to spend on terrorism security, and I had a watch list of potential terrorists, I would spend that money investigating those people. I would try to determine whether or not they were a terrorism threat before they got to the airport, or even if
they had no intention of visiting an airport. I would try to prevent their plot regardless of whether it involved airplanes. I would clear the innocent people, and I would go after the guilty. I wouldn't build a complex computerized infrastructure and wait until one of them happened to wander into an airport. It just doesn't make security sense.

If you don't subscribe to Schneier's monthly security and cryptography newsletter, Cryptogram, what are you waiting for?

Comments(0) |
Post a Comment

This page is powered by Blogger. Isn't yours?