From the archive, originally posted by: [ spectre ]

FROM:

CRYPTO-GRAM
BY Bruce Schneier      November 15, 2007
http://www.schneier.com/crypto-gram-0711.html

** *** ***** ******* *********** *************

The War on the Unexpected

We’ve opened up a new front on the war on terror. It’s an attack on the
unique, the unorthodox, the unexpected; it’s a war on different. If you
act different, you might find yourself investigated, questioned, and
even arrested — even if you did nothing wrong, and had no intention of
doing anything wrong. The problem is a combination of citizen informants
and a CYA (Cover Your Ass) attitude among police that results in a
knee-jerk escalation of reported threats.

This isn’t the way counterterrorism is supposed to work, but it’s
happening everywhere. It’s a result of our relentless campaign to
convince ordinary citizens that they’re the front line of terrorism
defense. “If you see something, say something” is how the ads read in
the New York City subways. “If you suspect something, report it” urges
another ad campaign in Manchester, UK. The Michigan State Police have
a seven-minute video. Administration officials from then-attorney general
John Ashcroft to DHS Secretary Michael Chertoff to President Bush have
asked us all to report any suspicious activity.

The problem is that ordinary citizens don’t know what a real terrorist
threat looks like. They can’t tell the difference between a bomb and a
tape dispenser, electronic name badge, CD player, bat detector, or trash
sculpture; or the difference between terrorist plotters and imams,
musicians, or architects. All they know is that something makes them
uneasy, usually based on fear, media hype, or just something being
different.

Even worse: after someone reports a “terrorist threat,” the whole system
is biased towards escalation and CYA instead of a more realistic threat
assessment.

Watch how it happens. Someone sees something, so he says something.
The person he says it to — a policeman, a security guard, a flight
attendant — now faces a choice: ignore or escalate. Even though he
may believe that it’s a false alarm, it’s not in his best interests to
dismiss the threat. If he’s wrong, it’ll cost him his career. But if
he escalates, he’ll be praised for “doing his job” and the cost will be
borne by others. So he escalates. And the person he escalates to also
escalates, in a series of CYA decisions. And before we’re done, innocent
people have been arrested, airports have been evacuated, and hundreds
of police hours have been wasted.

This story has been repeated endlessly, both in the U.S. and in other
countries. Someone — these are all real — notices a funny smell, or
some white powder, or two people passing an envelope, or a dark-
skinned man leaving boxes at the curb, or a cell phone in an airplane seat;
the police cordon off the area, make arrests, and/or evacuate airplanes;
and in the end the cause of the alarm is revealed as a pot of Thai chili
sauce, or flour, or a utility bill, or an English professor recycling,
or a cell phone in an airplane seat.

Of course, by then it’s too late for the authorities to admit that they
made a mistake and overreacted, that a sane voice of reason at some
level should have prevailed. What follows is the parade of police and
elected officials praising each other for doing a great job, and
prosecuting the poor victim — the person who was different in the
first place — for having the temerity to try to trick them.

For some reason, governments are encouraging this kind of behavior.
It’s not just the publicity campaigns asking people to come forward and
snitch on their neighbors; they’re asking certain professions to pay
particular attention: truckers to watch the highways, students to
watch campuses, and scuba instructors to watch their students. The U.S.
wanted meter readers and telephone repairmen to snoop around houses. There’s
even a new law protecting people who turn in their travel mates based
on some undefined “objectively reasonable suspicion,” whatever that is.

If you ask amateurs to act as front-line security personnel, you
shouldn’t be surprised when you get amateur security.

We need to do two things. The first is to stop urging people to report
their fears. People have always come forward to tell the police when
they see something genuinely suspicious, and should continue to do so.
But encouraging people to raise an alarm every time they’re spooked
only squanders our security resources and makes no one safer.

We don’t want people to never report anything. A store clerk’s tip led
to the unraveling of a plot to attack Fort Dix last May, and in March
an alert Southern California woman foiled a kidnapping by calling the
police about a suspicious man carting around a person-sized crate. But
these incidents only reinforce the need to realistically assess, not
automatically escalate, citizen tips. In criminal matters, law
enforcement is experienced in separating legitimate tips from
unsubstantiated fears, and allocating resources accordingly; we should
expect no less from them when it comes to terrorism.

Equally important, politicians need to stop praising and promoting the
officers who get it wrong. And everyone needs to stop castigating, and
prosecuting, the victims just because they embarrassed the police by
their innocence.

Causing a city-wide panic over blinking signs, a guy with a pellet
gun, or stray backpacks, is not evidence of doing a good job: it’s evidence
of squandering police resources. Even worse, it causes its own form of
terror, and encourages people to be even more alarmist in the future.
We need to spend our resources on things that actually make us safer, not
on chasing down and trumpeting every paranoid threat anyone can come
up with.

Ad campaigns:
http://www.mta.info/mta/security/index.html
http://www.manchestereveningnews.co.uk/news/s/1000/1000981_help_us_spot_terrorists__police.html
or http://tinyurl.com/27wuan
http://www.schneier.com/blog/archives/2007/04/citizencountert.html

Administration comments:
http://www.washingtonpost.com/wp-srv/nation/attacked/transcripts/ashcroft_100801.htm
http://www.usatoday.com/news/washington/2005-07-07-dc-londonblasts_x.htm
or http://tinyurl.com/25vf3y
http://query.nytimes.com/gst/fullpage.html?res=9C05E6DC1F3AF932A05752C0A9649C8B63
or http://tinyurl.com/2463aw

Incidents:
http://news.bbc.co.uk/1/hi/northern_ireland/6387857.stm
http://www.schneier.com/blog/archives/2007/09/woman_arrested.html
http://www.lineofduty.com/content/view/84004/128/
http://www.schneier.com/blog/archives/2007/05/uk_police_blow.html
http://www.startribune.com/462/story/826056.html
http://dir.salon.com/story/tech/col/smith/2004/07/21/askthepilot95/index.html
or http://tinyurl.com/2bn3qo
http://www.schneier.com/blog/archives/2006/10/this_is_what_vi.html
http://www.schneier.com/blog/archives/2007/10/latest_terroris.html
http://www.msnbc.msn.com/id/20441775/
http://www.thisisbournemouth.co.uk/display.var.1717690.0.seized_by_the_police.php
or http://tinyurl.com/36dgj8
http://alternet.org/rights/50939/
http://www.schneier.com/blog/archives/2007/04/english_profess.html
http://www.mercurynews.com/breakingnews/ci_7084101?nclick_check=1
http://www.boston.com/news/globe/city_region/breaking_news/2007/01/bomb_squad_remo.html
or http://tinyurl.com/ywumfl
http://www.postgazette.com/pg/06081/674773.stm
http://www.schneier.com/blog/archives/2007/04/another_boston.html

CYA:
http://www.schneier.com/blog/archives/2007/02/cya_security_1.html

Public campaigns:
http://www.schneier.com/blog/archives/2005/12/truckers_watchi.html
http://www.winnipegfirst.ca/article/2007/09/24/report_suspicious_behaviour_u_of_m_tells_students
or http://tinyurl.com/2c2t2a
http://www.underwatertimes.com/print.php?article_id=64810251370
http://en.wikipedia.org/wiki/Operation_TIPS

Law protecting tipsters:
http://www.post-gazette.com/pg/07245/813550-37.stm

Successful tips:
http://www.washingtonpost.com/wp-dyn/content/article/2007/05/08/AR2007050800465.html
or http://tinyurl.com/38t6vd
http://www.pe.com/localnews/publicsafety/stories/PE_News_Local_D_honor06.3ee3472.html
or http://tinyurl.com/2g26xv

This essay originally appeared in Wired.com:
http://www.wired.com/politics/security/commentary/securitymatters/2007/11/securitymatters_1101
or http://tinyurl.com/yqvoy6

Some links didn’t make it into the original article.  There’s this
creepy “if you see a father holding his child’s hands, call the cops”
campaign:
http://www.bloggernews.net/18108
There’s this story of an iPod found on an airplane:
http://forums.worldofwarcraft.com/thread.html?topicId=11211166&pageNo=1
or http://tinyurl.com/ogpbv
There’s this story of an “improvised electronics device” trying to get
through airport security:
http://www.makezine.com/blog/archive/2007/09/microcontroller_programme.html?CMP=OTC-0D6B48984890
or http://tinyurl.com/2ynbru
This is a good essay on the “war on electronics.”
http://www.cnet.com/surveillance-state/8301-13739_1-9782861-46.html

** *** ***** ******* *********** *************

by Bruce Schneier
Founder and CTO
BT Counterpane
schneier [at] schneier [dot] com
http://www.schneier.com
http://www.counterpane.com

A free monthly newsletter providing summaries, analyses, insights, and
commentaries on security: computer and otherwise.

For back issues, or to subscribe, visit
.

You can read this issue on the web at
.  These same essays
appear in the “Schneier on Security” blog:

About these ads