Last Updated: 9/12/06

Guesswork won't do it,' anti-terror guru says

Barre Montpelier Times Argus
June 11, 2006

Soon after the terrorist attacks of Sept. 11, 2001, security expert and cryptologist Bruce Schneier was in line waiting to go through security at an airport. A huge line was backing up, as new security measures were slowing down the progress through the airport, he said. Wouldn't a terrorist just make an attack there, rather than waiting to go through a metal detector and board a plane? he wondered.

"Too much of our security is based on guessing right. That's silly," he said in a recent telephone interview. "I want security that works, regardless of what the terrorists are planning."

Schneier (yes, he is the Schneier mentioned in Dan Brown's "The Da Vinci Code") has developed a following and a speaking tour by questioning how the country is going about security from terrorism since those attacks and others. Tuesday he will be in Montpelier at the American Civil Liberties Union of Vermont's conference on privacy.

It is a good time for Schneier, who lives in California, to come to Vermont. For one thing, the state is proposing an investigation into whether telephone companies gave the National Security Agency access to their customers' records. And Vermonters would be significantly impacted by a federal proposal to require passports or a different federal identification card to cross the Canadian border.

"We need to find a way that is not as burdensome," Gov. James Douglas said last week. "The Pee Wee hockey team that crosses the border from Derby Line & are not a threat to national security."

A national identity card is "completely useless," Schneier said.

Those concerned about security should not fall into the trap of relying on fancy new systems, or new technology, which can actually siphon money and effort away from less ostentatious but more practical solutions.

For instance, the recent exposure of a terror plot in Canada was achieved through basic intelligence-gathering and investigation.

"That is the way you get successes," he said.

But it is easier for politicians to get attention and credit for a new system to fingerprint everyone coming into the country, than by spending more on recruiting Arabic translators, Schneier said.

"In his book ("Beyond Fear") he talks about two questions you always want to ask about a security measure: What are you getting? and what are you giving up?" said Allen Gilbert, head of the Vermont ACLU.

Schneier said security measures often fall into what he calls "move plot threats." When that happens we react to what has happened, rather than developing an intelligent approach to stopping future attacks.

For instance, after Sept. 11 everyone was afraid of airplanes. After the unsuccessful attempt by "shoe bomber" Richard Reid, everyone had to take their shoes off at the airport.

As for the NSA's attempts to monitor patterns of telephone calls and catch terrorists that way, such data mining systems work well to catch credit card thieves, but not terrorists. For one thing, Schneier said, there are so few terrorists such a system isn't practical in terms of return on investment, so monitoring doesn't function well at catching them. And the signals tipping off potential terrorist activity are too hard to define, while credit card thieves have set patterns that make them easier to identify, for instance testing out stolen cards at a gas pump.

Perhaps most importantly, the cost of missing a terrorist is much greater than missing a stolen credit card, he added.

"If you watch everyone, you watch no one," he said.

Another problem is that Americans are making security decision for non-security reasons, he said. For instance the U.S.A. Patriot Act had been drafted before Sept. 11.

"Security decisions are made for non-security reasons. Invading Iraq was a prime example," he said.

Gilbert said he decided to invite Schneier to speak after hearing him at a national ACLU conference.

"We have wanted to do a privacy rights conference for several years," Gilbert said. "With the NSA surveillance issues, this seems a really appropriate time to talk about security and privacy."

Speakers at the conference in the Capitol Plaza Hotel will also include Zachary Chambers, an Internet technology consultant; Anne Cramer, an expert on national health care privacy legislation; Donna Sutton Fay of the Vermont State Health Care Ombudsman's office. Also, Gary Kessler of Champlain College's computer and digital forensics program; Robin Lane of Champlain College; John Shullenberger of the Vermont Bar Association; and Barry Steinhardt, director of the national ACLU's Program on Technology and Liberty.

(C) Barre Montpelier Times Argus

Search WWW Search

Center for International Policy

1717 Massachusetts Avenue NW
Suite 801
Washington, DC 20036
(202) 232-3317 / fax (202) 232-3440