

Schneier On Security: The Trouble With Airport Profiling - protomyth
http://www.schneier.com/blog/archives/2012/05/the_trouble_wit.html

======
B-Con
The most important argument he mentioned against profiling, IMO, is that
attackers can change to evade profiles.

In the case of terrorism, there are about 1 billion Muslims and only about 300
million Middle Easterners. It's trivial for radical Muslims to recruit non-
Middle Easterners, and they do. Profiling on Middle Easterners sets you up to
only catch 1/3 of the potential attackers at best, and that assumes they don't
pick their recruits to not look suspicious.

The type of thinking that thinks that profiling is effective in this type of
case is generally rooted in the naive security approach of treating _malicious
adversaries_ as _random accidents_. Most people are better at defending
against tornadoes than hijackers. Tornadoes are random and dumb, they just pop
up here and there and don't adapt to your defenses so defending against them
is a 1-step process. Malicious adversaries, however, make the game multi-step.
We reveal our defenses, they probe them and adapt to them. We then have to
probe and adapt to those as well. And so on. You have to constantly out-think
the attacker who is trying to out-think you.

Having had many conversations on the topic of airport security with random
people here and there, it would seem that most people's threat model assumes
that terrorists, inside and outside airports, make their plans barely a day in
advance with little to no knowledge of the defense system, stand helplessly by
making no active attempts to thwart the defenses, have little to no creativity
or originality, and are kind of dumb. In all honesty, that's the attacker that
most people seem to have in mind.

Those kind of people do exist, but they've always existed an law enforcement
is long since accustomed to dealing with it. They aren't the threat. It's the
smart, probing, adaptable, well-funded attackers who we always have to think
about.

All that said, to be fair, some degree of profiling _can_ be advantageous
under two conditions: when the target has actually a known non-uniform
distribution that can be exploited (not the case for airport security), and
only if the profiling is kept secret. When the attacker evades a profiling
system, it's because they a) know a profiling system exists, and b) knows how
the profiling system works. (Sometimes knowing (a) is itself a strong hint at
(b).) If both are kept secret, the attacker may not be able to adapt. But the
TSA couldn't keep it a secret, they have way too many employees that could
leak information (intentionally or accidentally) and all their screening
decisions are public, so an attacker would quickly learn the pattern anyway.

------
serverascode
We should be stopping possible terrorist attacks before they get to the
airport, not after.

------
maeon3
Lets suppose there are going to be 10 events in the next 5 years where
passengers try to take down airplanes from the interior. Also suppose there
are going to be 800 million people per year boarding planes. Any system that
identifies the 10 people among the (800 million * 5) will have to have "ten
nines" worth of accuracy: 99.99999999% in order for the system to have any
value. These systems do not exist, and almost provibly cannot exist. We are
back to square one: brute force, check each passenger for every possible
threat.

