Security theater

Security theater is the practice of investing in countermeasures intended to provide the feeling of improved security while doing little or nothing to achieve it.[1]

Disadvantages

Security theater may not always have real monetary costs but by definition provides no security benefits, or the benefits are so minimal as to not be worth the cost.[2] Security theater typically involves restricting or modifying aspects of people's behavior or surroundings in very visible and highly specific ways,[2] which could involve potential restrictions of personal liberty and privacy, ranging from negligible (confiscating water bottles where bottled water can later be purchased) to significant (prolonged screening of individuals to the point of harassment).

Critics such as the American Civil Liberties Union have argued that the benefits of security theater are temporary and illusory since after such security measures inevitably fail, not only is the feeling of insecurity increased, but there is also loss of belief in the competence of those responsible for security.

Researchers such as Edward Felten have described the airport security repercussions due to the September 11, 2001 attacks as security theater.[3]

Increased casualties

Two studies by a group of Cornell University researchers have found that strict airport security in the United States after the 9/11 attacks has the unintended consequence of increasing road fatalities, as would-be air travelers decide to drive and are exposed to the far greater risk of dying in a car accident.[4][5] In 2005, the researchers looked at the immediate aftermath of the attacks of September 11, 2001, and found that the change in passenger travel modes led to 242 added driving deaths per month.[4] In all, they estimated that about 1,200 driving deaths could be attributed to the short-term effects of the attacks.

In 2007, the researchers studied the specific effects of a change to security practices instituted by the TSA in late 2002. They concluded that this change reduced the number of air travelers by 6%, and estimated that consequently, 129 more people died in car accidents in the fourth quarter of 2002.[5] Extrapolating this rate of fatalities, New York Times contributor Nate Silver remarked that this is equivalent to "four fully loaded Boeing 737s crashing each year."[6]

Economic costs

The 2007 Cornell study also noted that strict airport security hurts the airline industry; it was estimated that the 6% reduction in the number of passengers in the fourth quarter of 2002 cost the industry $1.1 billion in lost business.[7]

The ACLU has reported that between October 2008 and June 2010, over 6,500 people traveling to and from the United States had their electronic devices searched at the border.[8] The Association of Corporate Travel Executives, whose member companies are responsible for over 1 million travelers and represent over $300 billion in annual business travel expenditures, reported in February 2008 that 7% of their members had been subject to the seizure of a laptop or other electronic device. Electronic device seizure may have a severe economic and behavioral impact. Entrepreneurs for whom their laptop represents a mobile office can be deprived of their entire business. Fifty percent of the respondents to ACTE's survey indicated that having a laptop seizure could damage a traveler's professional standing within a company.

The executive director of the Association of Corporate Travel Executives testified at a 2008 hearing of the Senate Judiciary Subcommittee on the Constitution seizure of data or computers carrying business proprietary information has forced and will force companies to implement new and expensive internal travel policies.[9]

Increased risk of targeted attacks

The direct costs of security theater may be lower than that of more elaborate security measures. However, it may divert portions of the budget for effective security measures without resulting in an adequate, measurable gain in security.[10]

Because security theater measures are often so specific (such as concentrating on potential explosives in shoes), it allows potential attackers to divert to other methods of attack.[2] This not only applies to the extremely specific measures, but can also involve possible tactics such as switching from using highly scrutinized airline passengers as attackers to getting attackers employed as airline or airport staff. Another alternate tactic would be simply avoiding attacking aircraft in favor of attacking other areas where sufficient damage would be done, such as check-in counters (as was done, for example, in the attacks on Brussels airport on 22 March 2016), or simply targeting other places where people gather in large numbers, such as cinemas.[2]

Benefits

While it may seem that security theater must always cause loss, it may be beneficial, at least in a localized situation. This is because perception of security is sometimes more important than security itself.[11] If the potential victims of an attack feel more protected and safer as a result of the measures, then they may carry on activities they would have otherwise avoided. In addition, if the security measures in place appear effective, potential attackers may be dissuaded from proceeding or may direct their attention to a target perceived as less secure. Unsophisticated adversaries in particular may be frightened by superficial impressions of security (such as seeing multiple people in uniform or observing cameras) and not even attempt to find weaknesses or determine effect.

Examples

Some measures which have been criticized as security theater include:

Airport security measures

  • Many procedures of the Transportation Security Administration have been criticized as security theater. Specific measures critiqued as security theater include the "patting down the crotches of children, the elderly and even infants as part of the post-9/11 airport security show" and the use of full body scanners, which "are ineffective and can be easily manipulated."[12] Many measures are put in place in reaction to past threats and "are ineffective at actually stopping terrorism, as potential attackers can simply change tactics."[13]
  • The use of Computer Assisted Passenger Prescreening System (CAPPS) and its successor, Secure Flight – programs which rely on static screening of airline passenger profiles to choose which people should be searched – has been criticized as ineffective security theater.[14] The TSA's Registered Traveler Program and Trusted Traveler Program have been criticized on similar grounds.[14] The CAPPS has been demonstrated to reduce the effectiveness of searching below that of random searches since terrorists can test the system and use those who are searched least often for their operations.[15]
  • A 2010 Government Accountability Office (GAO) report found that the TSA's $900 million Screening Passengers by Observation Techniques (SPOT) program, a behavioral-detection program introduced in 2007 that is aimed at detecting terrorists, had detected no terrorists and failed to detect at least 16 people who had traveled through airports where the program was in use and were later involved in terrorism cases.[16][17] In 2013, a GAO report found that no evidence existed to support the idea that "behavioral indicators ... can be used to identify persons who may pose a risk to aviation security."[16] A separate 2013 report by the Department of Homeland Security Office of Inspector General found that the TSA had failed to evaluate the SPOT program and could not "show that the program is cost effective."[16] The SPOT program has been described as security theater.[17][18][19]
  • With the aim of preventing individuals on a No Fly List from flying in commercial airliners, U.S. airports require all passengers to show valid picture ID (e.g. a passport or driver's license) along with their boarding pass before entering the boarding terminal. At this checkpoint, the name on the ID is matched to that on the boarding pass, but is not recorded. In order to be effective, this practice must assume that 1) the ticket was bought under the passenger's real name (at which point the name was recorded and checked against the No Fly List), 2) the boarding pass shown is real, and 3) the ID shown is real. However, the rise of print-at-home boarding passes, which can be easily forged, allows a potential attacker to buy a ticket under someone else's name, to go into the boarding terminal using a real ID and a fake boarding pass, and then to fly on the ticket that has someone else's name on it.[20][21][22][23] Additionally, a 2007 investigation showed that obviously false IDs could be used when claiming a boarding pass and entering the departures terminal, so a person on the No Fly List can simply travel under a different name.[24]
  • Facial recognition technology was introduced at Manchester Airport in August 2008. A journalist for The Register claimed that "the gates in Manchester were throwing up so many false results that staff effectively turned them off.[25] Previously matches had to be 80% the same to their passport pictures to go through, and this was quickly changed to 30%. According to Rob Jenkins, a facial recognition expert at Glasgow University, when testing similar machines at a 30% recognition level, the machines were unable to distinguish between the faces of Osama bin Laden and Winona Ryder, bin Laden and Kevin Spacey, nor between Gordon Brown and Mel Gibson.[26]

Random search programs on public transit and in other public places

Other

  • One commentator has "publicized database initiatives" generally as "acts of Security Theater," writing: "An inherently intuitive allure attaches to scanning massive amounts of data in dimly lit control rooms, using sophisticated algorithms and scientific computer-matching methods to predict future behaviors and identify suspect individuals. This approach looks smart and makes some people feel safer....Accumulation of more data to the layman suggests not only better information, but potential for better intelligence. Yet, data mining is inherently flawed in its ability to find 'extremely rare instances of patterns across an extremely wide variety of activities and hidden relationships among individuals,' and encourages 'fishing expeditions.'"[33]
  • The draft Communications Data Bill ("snoopers' charter") proposed by the British government under Prime Minister David Cameron and Home Secretary Theresa May has been criticized as security theater.[34] Similarly, Cameron's proposal to ban encryption in the UK has been criticized as ineffective security theater.[35]

Etymology

The term security theater was coined by computer security specialist and writer Bruce Schneier for his book Beyond Fear,[36] but has gained currency in security circles, particularly for describing airport security measures.

Examples of use of the term:

For theater on a grand scale, you can't do better than the audience-participation dramas performed at airports, under the direction of the Transportation Security Administration. ... The T.S.A.'s profession of outrage is nothing but 'security theater,' Mr. Schneier said, using the phrase he coined in 2003 to describe some of the agency's procedures.

"Theater of the Absurd at the T.S.A.", The New York Times; December 17, 2006[37]

Airline passengers will be able to bring many types of cigarette lighters on board again starting next month after authorities found that a ban on the devices did little to make flying safer, a newspaper reported Friday. 'Taking lighters away is security theater,' Transportation Security Administration chief Kip Hawley told The (New York) Times in an interview.

"Report: Plane Lighter Ban to Be Lifted", Associated Press; July 20, 2007[38]
gollark: Just make everything into a giant one-way loop.
gollark: Why even *have* intersections?
gollark: Well, everyone knows that what games *should* be using is regular heptagons.
gollark: In euclidean geometry, anyway.
gollark: Hexagons.

See also

References

  1. Schneier, Bruce (2003). Beyond Fear: Thinking Sensibly about Security in an Uncertain World. Copernicus Books. p. 38. ISBN 0-387-02620-7.
  2. "Smoke Screening". Vanity Fair. 20 December 2011. Retrieved 27 December 2011.
  3. Edward Felten (2004-07-09). "Security Theater". Retrieved 2009-07-22.
  4. Blalock, Garrick; Vrinda Kadiyali; Daniel H. Simon (February 10, 2005). "The Impact of 9/11 on Road Fatalities: The Other Lives Lost to Terrorism". SSRN Electronic Journal. doi:10.2139/ssrn.677549. ISSN 1556-5068. SSRN 677549.
  5. "AEM.cornell.edu" (PDF). Retrieved 2012-01-16.
  6. Silver, Nate (November 18, 2010). "The Hidden Costs of Extra Security - NYTimes.com". Fivethirtyeight.blogs.nytimes.com. Retrieved November 19, 2010.
  7. Blalock, Garrick; Vrinda Kadiyali; Daniel H. Simon (2007). "The Impact of Post‐9/11 Airport Security Measures on the Demand for Air Travel". The Journal of Law and Economics. 50 (4): 731–755. doi:10.1086/519816. ISSN 0022-2186.
  8. "GOVERNMENT DATA ABOUT SEARCHES OF INTERNATIONAL TRAVELERS' LAPTOPS AND PERSONAL ELECTRONIC DEVICES". American Civil Liberties Union. Retrieved 11 May 2015.
  9. "Statement of Susan K. Gurley, executive director, Association of Corporate Travel Executives, Alexandria, Virginia". Laptop searches and other violations of privacy faced by Americans returning from overseas travel. Hearing before the Subcommittee on the Constitution of the United States Senate Committee on the Judiciary. 25 June 2008.
  10. Zack Phillips (2007-08-01). "FEATURES Security Theater". Government Executive. Retrieved 2009-07-22.
  11. Peter N. Glaskowsky (2008-04-09). "Bruce Schneier's new view on Security Theater". Retrieved 2019-10-07.
  12. https://www.theatlantic.com/national/archive/2014/01/tsa-business-security-theater-not-security/357599/
  13. https://www.theatlantic.com/national/archive/2014/01/tsa-business-security-theater-not-security/357599/
  14. Bruce Schneier, Airline Security a Waste of Cash, Wired (December 1, 2005).
  15. Chakrabarti, Samidh & Strauss, Aaron (2002-05-16). "Carnival Booth: An Algorithm for Defeating the Computer-Assisted Passenger Screening System". Massachusetts Institute of Technology. Retrieved 2006-09-06. Cite journal requires |journal= (help)
  16. Jana Winter & Cora Currier, Exclusive: TSA’s Secret Behavior Checklist to Spot Terrorists
  17. Kevin D. Williamson, The TSA's 95 Percent Failure Rate: Security Theater as Farce, National Review (June 3, 2015).
  18. Jeffrey Goldberg, The Things He Carried, The Atlantic (November 2008).
  19. Thomas Cincotta, Behavior Profiling: Ineffective and Expensive Security Theater, Political Research Associates (July 29, 2010).
  20. Slate's Andy Bowers on Airport Security loopholes – Boing Boing Archived 2007-01-24 at the Wayback Machine
  21. Crypto-Gram: August 15, 2003
  22. A dangerous loophole in airport security. – By Andy Bowers – Slate Magazine Archived 2007-04-28 at the Wayback Machine
  23. Fake Boarding Pass Generator mirror site – Boing Boing Archived 2007-04-27 at the Wayback Machine
  24. Flying without ID won't work? Try making your own ID. – Boing Boing Archived 2007-05-17 at the Wayback Machine
  25. Cardiff Airport gets more security theatre
  26. Gardham, Duncan (2009-04-05). "Airport face scanners 'cannot tell the difference between Osama bin Laden and Winona Ryder'". Telegraph, The. Retrieved 2013-04-20.
  27. Markus Rauschecker, Metro's Random Bag Searches: Reasonableness, Randomness, and "Security Theater", University of Maryland Center for Health and Homeland Security (January 7, 2011).
  28. Ann Scott Tyson, Metro bag searches criticized by public, Washington Post (January 4, 2011).
  29. Benjamin R. Freed, Metro's Bag Searches Are Pretty Empty, It Turns Out Archived 2017-02-18 at the Wayback Machine, DCist (June 12, 2012).
  30. Tim Cushing, Chicago Transit Cops Start Up Their Own Security Theater, Will Start Randomly Swabbing Bags For Explosive Residue, TechDirt (November 6, 2014).
  31. Timothy Geigner, NFL Ramps Up Security Theatre, TechDirt (September 21, 2011).
  32. Bruce Schneier, Baseball's new metal detectors won't keep you safe. They'll just make you miss a few innings., The Washington Post (April 14, 2015).
  33. Candice L. Kline, Security Theater and Database-Driven Information Markets: A Case for an Omnibus U.S. Data Statute, 39 U. Tol. L. Rev. 443 (2008).
  34. Ray Corrigan, World War II is long over, but the fight agains [sic] oppressive, invasive state laws continues, Open University (May 12, 2015).
  35. Bruce Schneier, David Cameron's Plan to Ban Encryption in the UK, Schneier on Security (January 13, 2015).
  36. "Expert: TSA Screening is Security Theater". CBS News. 2008-12-18. Retrieved 2009-07-22.
  37. Theater of the Absurd at the T.S.A.
  38. http://www.cbsnews.com/stories/2007/07/20/national/main3080127.shtml TSA To Lift Ban On Most Lighters On Planes/Security Chief Says Taking Lighters Away From Passengers Was "Security Theater"

The dictionary definition of security theater at Wiktionary

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.