Guesswork won't do it,' anti-terror guru says
Barre Montpelier Times Argus
June 11, 2006
after the terrorist attacks of Sept. 11, 2001, security
expert and cryptologist Bruce Schneier was in line waiting to go through security at an
airport. A huge line was backing up, as new security
measures were slowing down the progress through
the airport, he said. Wouldn't a terrorist just
make an attack there, rather than waiting to go
through a metal detector and board a plane? he
"Too much of our security is based on guessing
right. That's silly," he said in a recent telephone
interview. "I want security that works, regardless
of what the terrorists are planning."
Schneier (yes, he is the
Schneier mentioned in
Dan Brown's "The Da
Vinci Code") has developed a following and
a speaking tour by questioning how the country is
going about security from terrorism since those
attacks and others. Tuesday he will be in Montpelier
at the American Civil Liberties Union of Vermont's
conference on privacy.
It is a good time for Schneier,
who lives in California, to come to Vermont. For one thing, the state is proposing an investigation into
whether telephone companies gave the National Security
Agency access to their customers' records. And Vermonters
would be significantly impacted by a federal proposal
to require passports or a different federal identification
card to cross the Canadian border.
"We need to find a way that is not as burdensome,"
Gov. James Douglas said last week. "The Pee
Wee hockey team that crosses the border from Derby
Line & are not a threat to national security."
A national identity card is "completely useless,"
Those concerned about security should not fall into
the trap of relying on fancy new systems, or new
technology, which can actually siphon money and
effort away from less ostentatious but more practical
For instance, the recent exposure of a terror plot
in Canada was achieved through
basic intelligence-gathering and investigation.
"That is the way you get successes," he
But it is easier for politicians to get attention
and credit for a new system to fingerprint everyone
coming into the country, than by spending more on
recruiting Arabic translators, Schneier
"In his book ("Beyond Fear") he talks
about two questions you always want to ask about
a security measure: What are you getting? and what are you giving up?" said Allen Gilbert, head
of the Vermont ACLU.
Schneier said security
measures often fall into what he calls "move
plot threats." When that happens we react to
what has happened, rather than developing an intelligent
approach to stopping future attacks.
For instance, after Sept. 11 everyone was afraid
of airplanes. After the unsuccessful attempt by
"shoe bomber" Richard Reid, everyone had
to take their shoes off at the airport.
As for the NSA's attempts
to monitor patterns of telephone calls and catch
terrorists that way, such data mining systems work
well to catch credit card thieves, but not terrorists.
For one thing, Schneier said, there are so few terrorists such a system isn't
practical in terms of return on investment, so monitoring
doesn't function well at catching them. And the
signals tipping off potential terrorist activity
are too hard to define, while credit card thieves
have set patterns that make them easier to identify,
for instance testing out stolen cards at a gas pump.
Perhaps most importantly, the cost of missing a
terrorist is much greater than missing a stolen
credit card, he added.
"If you watch everyone, you watch no one,"
Another problem is that Americans are making security
decision for non-security reasons, he said. For
instance the U.S.A. Patriot Act had been drafted
before Sept. 11.
"Security decisions are made for non-security
reasons. Invading Iraq was a prime example,"
Gilbert said he decided to invite Schneier
to speak after hearing him at a national ACLU conference.
"We have wanted to do a privacy rights conference
for several years," Gilbert said. "With
the NSA surveillance issues, this seems a really
appropriate time to talk about security and privacy."
Speakers at the conference in the Capitol Plaza
Hotel will also include Zachary Chambers, an Internet
technology consultant; Anne Cramer, an expert on
national health care privacy legislation; Donna
Sutton Fay of the Vermont State Health Care Ombudsman's
office. Also, Gary Kessler of Champlain College's
computer and digital forensics program; Robin Lane
of Champlain College; John Shullenberger of the Vermont Bar Association; and Barry Steinhardt,
director of the national ACLU's Program on Technology