Monday, 21 November 2005

Lie Detectors to be Used for Airline Security [more absurdity; && /. ]

I tremble at the thought....
(Score:5, Insightful)
by bziman (223162) Alter Relationship on Thursday November 17, @11:30PM (#14060336)
(http://swisspig.net/ | Last Journal: Friday July 26, @01:37PM)

Although I would really hate to see what would happen if the US tried to institute a *real* airport security system like the Israelis have, rather than the "security theatre" that we have, I found it very impressive.

The only worse thing I can imagine than the farse that is American airport security, is the possibility that some day they might actually successfully implement true security. I thought society was taking a step forward since you no longer need papers to travel inside Russia, or passports to go between France and Germany. I dread travelling now, because it offends me to have to take off my shoes and belt at the airport to maintain the illusion of security. But how much worse would it be when they confiscate my laptop because I could make an explosive from the battery in about three seconds? Or when I'm detained indefinitely because I'm a 20-something travelling alone, and I happen to be carrying a Quoran for some leisure reading.

In my life, terror doesn't come from desperate fundamentalists. Terror is the government trying to control every aspect of the way I live and the way I think. I can only hope that it's not too late to undo the damage. Vote while you still can! And pray, if you're into that sort of thing.

-------------------------
by swillden (191260) Alter Relationship <shawn-sd@willden.org> on Thursday November 17, @07:41PM (#14058970)

I travelled to and from Israel prior to 9/11 and, being the security geek that I am, I found their approach to airport security very interesting. Not only is it utterly different from what we do in the US, but it is obviously devastatingly effective. Israel has been under open attack from terrorists for *decades* and yet they've never, ever had an incident.

What do they do that's different? The whole focus is different. In the US, we focus on the (arguably futile) task of assuring that there are no weapons on the aircraft. In Israel, they focus on assuring that there are no terrorists on the aircraft. Their approach is about screening people more than bags, on the theory that weapons aren't dangerous, people are dangerous.

The screening is intensive, detailed and time-consuming. They do search the bags while they're at it, but the main purpose of searching bags isn't to look for weapons, it's to look for clues and to provoke reactions. I'll describe my experience of going through security in Tel Aviv on the way out of Israel by way of example.

I was travelling with my boss, on business. The first thing they did was to separate us, sending each of us to a different table. At each table were three agents. One of them searched my bag -- *very* thoroughly, picking through it piece by piece. Another asked me questions at a rapid-fire pace, jumping around between who I was, what I was doing, where I had gone, who I had spoken with, who I knew in Israel and what was the purpose and origin of various pieces from my luggage. The questioner was detailed, but not necessarily thorough. He asked about seemingly random things, but inquired in great detail, testing to see how my story would hold together under scrutiny. After asking the names and phone numbers of some people I had met with, he pulled out a phone and actually called one of them and grilled him for a minute! Then he and the agent who had been speaking with my boss stepped away and conferred with one another, obviously cross-checking our stories to see if they matched up.

The third agent at each table just watched. The guy at my table had his eyes glued to me the whole time, watching for any hint of abnormal reaction... it's unbelievable how nervous that made me! But I suppose my reaction was normal.

I can see *exactly* how a lie detector would fit into this model. Even if it didn't actually work, it would make the subject that much more worried and frightened, making it harder for a terrorist to stay calm enough to have all the right reactions. It wouldn't even matter if it gave bad readings from time to time, because in a situation like that, with trained, experienced agents, the lie detector would be just another tool to help both trigger and analyze reactions; it would be the agents themselves that made the decisions about who to investigate further and who to pass on.

Although I would really hate to see what would happen if the US tried to institute a *real* airport security system like the Israelis have, rather than the "security theatre" that we have, I found it very impressive. It sucked royally to be the subject of that scrutiny, even as an honest guy just trying to fly home... it's easy to see why they have such an amazing track record.
=============================

I know I'm posting as an A.C., so up front is the basis for my observations: I am a dual-citizen and did my service in the Israeli military. I'm very familar with the security rationale and my closest cousin (practically my older brother) was one of the "Security Selectors" you talk about. (Un?)Fortunately, being Israeli and secular means that I have never been subjected to the intense screening process that non-Israelis endure at border crossings, so I can't speak to the process from personal experience. I have flown in and out of Israel some 80-90 times over the course of my life, and have entered by ship once.

Their approach is about screening people more than bags, on the theory that weapons aren't dangerous, people are dangerous.


Precisely. Your description of the screening process is also dead-on accurate.

However, what works for Israel doesn't necessarily work for the USA. You're right in stating that the goal is to put some stress on the individual to evaluate the strength of their story. The security screeners aren't Einsteins in every field, however anybody (especially trained anybodys) can spot deceptive behavior when they see it. So, like you note, the screeners aren't so interested with the details so much as they are interested in the overall story and making sure it doesn't crumble under scrutiny.

Why is this the tactic that is used? Suicide attacks need somebody willing to commit suicide. Although I am sure there are individuals in this world who can be ice-cold when walking to their own deaths, the overwhelming majority require a little assistance by way of religious fervor to convince themselves that they're simply going to go somewhere "better" when they explode. Israel has a long and sad library of suicide bombers for other means of transportation, and of the few that are caught every once in a while, there is enough data to form a profile. I'll focus on Muslim extremists here, since they account for the overwhelming majority of terrorists: the ones planning the attacks are most often *not* the ones carrying out the attacks. To understand why the security model is built the way it is, it is useful to understand the terrorist food chain and who it is that goes out to perform the attacks:

  1. Note the age difference between planners and executors: planners are old and the executors are young.
  2. Planning takes methodical, careful thought and patience. Execution takes the ability to ignore your evolution for a few minutes and the ability to shoulder some weapons.
  3. If all the planners committed attacks, we would be seeing much fewer attacks.


For all of their talk, the planners are not the ones doing the deeds they profess to believe in. They stay home and send brainwashed teens to do the dirty work. What are the lures?

  1. Sex. Islamic culture is highly prohibitive of sexual behavior outside of marriage, and "Secular" Islam is largely a modern invention that translates roughly to "slightly less than orthodox". Islamic teens are no less horny than the other billion teens on the planet, however where western teens are fooling around at 14, Islamic teens aren't allowed to be alone in a room with a member of the opposite sex, let alone hold hands, until they are (or are practically) married. Under these circumstances, undestand that the promise of 70 virgins waiting for you in heaven can be pretty attractive. Remember when you were a teen and sex made you think backwards?
  2. Shame. Islamic culture is also highly prohibitive of deviant behavior. Homosexuality among Islamic culture is more than just "frowned upon". There is no reason to believe that the incidence of homosexuality among the members of the Islamic faith are any different than any other faith on the globe. The incidence of homosexuality among males cited in the Kinsey report is 10% if I remember correctly, so even assume a 5% rate or a 2.5% rate, you have a quite a few homosexuals living very much in the closet. Terrorist groups can use this as a lever to acquire another soldier of god: "perform this operation and you can go to eden as a martyr, and not suffer this stigma all your life". Refusal brings threats of "we'll tell your community".
  3. Prearranged marriage. Many marriages in Islam are prearranged, with little to no input from the couple in question. Even if there was input, it would not come from the woman in question, as women have practically no standing in Palestinian (and many other Islamic) culture. The recent trend towards using female suicide bombers is because women are usually subjected to less scrutiny during security, and so the terrorist organizations use bad forced marriages as a carrot to lure women into their ranks. If you're a woman of any ambitions whatsoever, you can easily find yourself looking at a hopeless life bearing and raising children for some schmuck of a husband who you didn't even choose, who decides your every desire for you. Or, even without the no-hope marriage, you may want to make something of yourself, and here comes the Hamas telling you that you can be a glorious martyr in the service of Islam, that your life can have meaning if you choose to end it at the opportune time, with a few explosives...
  4. Drugs. Distasteful as it sounds, some terrorists are addicts to some drug or another. Terrorist organizations often do double business as drug suppliers, so they often cull impressionable, already-addicted young men from the ranks of their users and start conditioning them using withdrawl as the stick vs. more drugs as the lure. I've never been a drug addict but I'm sure this can cause powerfully illogical courses of action ("go commit suicide") to appear reasonable.
  5. Religion. The classic case is simply religious fervor. God will love you if you kill this or that people. Some people simply don't need a lever to be pushed to do something in the name of Allah. I personally find it sad that the ones sending these terrorists to kill and die are cynics, unwilling to put their money where their mouth is.


So, now that you have a clearer background of the people carrying out terrorist attacks, you understand why stress-testing their backgrounds is important. Most terrorists arrive to do their jobs in an unstable state. I've read many case studies (don't know if they're public or not) where terrorists were apprehended because some minor detail in their mission plan didn't match up and they simply stopped what they were doing, waiting forever for step 13b to complete so they can move on the the next part of the plan. One case involved a terrorist literally getting confused and stopping what he was doing because he boarded the wrong bus, asked the driver which bus it was, and when the line number was wrong he started acting confused enough for the bus driver to call the police and evacuate the bus. Granted, you have to choose to accept that little anecdote as hearsay since I can't point to source documents.

So, to re-phrase the Israeli strategy, it's about keeping bad people outside, not their weapons. As 9/11 proved, bad people with poor weapons are perfectly capable of killing many. We don't blame the boxcutters for 9/11, we blame the terrorsts (pause here while I tell anti-Semites to fuck off with their conspiracy talk). Testing a person requires other people, and no amount of technology will be able to do this, in my opinion. There are many technological _tools_ which can aid the screener in their detection process, but in the end, screeners must be vigilant, smart people on the lookout for liars, and then need to spend time sifting the terrorists from the liars.

With all this being said, there are several fundamental problems with applying this strategy in the USA:

  • Racial Profiling: Israel has a very specific ethnic group of people which is desirous of it's destruction. With the exception of the Japanese citizens who carried out an attack at Ben-Gurion airport in the 60's/70s (don't remember the exact date), I can't think of any large terrorist operation carried out against Israel by non-Muslims, off the top of my head. Contrast with the USA, which suffers the displeasure of a much wider audience, in addition to the predominant Islamic threat. The US is (understandably) wary of adopting racial profiling methods for screening individuals, because for a country on the scale of the USA, it takes one stupid screener (and there are MANY such) to start a racial outrage similar to what is going on near Paris. Lawmakers won't touch this issue with a 10ft pole because they fear public outcry, and because the threats against the USA encompass a much wider group than just Muslims. They (and I) don't know how to make a law that is at once worthwhile and also balanced, so as not to start a "slippery slope" situation where civil rights go downhill faster than they already are. My personal view is that Islamic people should (unhappily) be subject to greater scrutiny on the basis of their race, seeing as Islamic terrorists are the primary threat to the security of all western nations at this point. The problem is preventing overzealous screeners from turning security checkpoints into Islamic Humiliation Camps, and I don't know of any way to prevent screeners from being stupid at the salaries they draw.
  • Scale: the USA simply handles too much traffic for there to be a 3-minute screening process for each individual. I'm sure that clever people can sit down and work out a "formula" for checkpoints, but this would simply defeat the purpose of the check -- terrorists would memorize all of the question recipies and prepare glib responses ahead of time. The function of a security screener in Israel is much like the function of a polygraph technician -- the technology doesn't expose lies, the technician has to ask a creative series of questions so as to put the subject into a state where the readings are meaningful. This approach requires ingeneuity and intelligence from screeners, which is also absent at the level of pay that they receive (mostly).
    The corollary to this is the scale of the USA. Israel does not face the problems of organizational scale like the USA does. In Israel it is feasible and valid to group all the screeners together for the 1 large international airport and educate them, refresh them periodically, and otherwise perform the "screener maintenance" that must happen. In the USA, this would need to happen in many different locations, and would require a governmental behemoth of overhead that would collapse under it's own weight. This is why governmental regulations must be so "by the book" coded -- when regulators don't have personal contact with the actual screeners, then they must code their regulations for the lowest common denominator of intelligence and capacity, giving a step-by-step "script" for screning. Anything less would lead to chaos for a systeam as large as the USA, however it defeats the purpose of adaptive, intelligent screening.

==================

Re:So...

(Score:5, Interesting)
by MightyMartian (840721) Alter Relationship on Friday November 18, @11:12AM (#14063715)
I've been hearing "Usenet is dead" for about six or seven years now. It's this oft-repeated bit of nonsense, sometimes used by ISPs justifying why they're cutting their Usenet feed, and sometimes by people who, for some odd reason, think that web forums are superior.

I first accessed Usenet from a BBS in 1992, and got my own small UUCP of my favorite groups a year later. I'm still a regular on some Usenet forums, and paid my thirteen bucks to the German individual.net. Not the greatest retention, but carries all the groups I care about. Groups like talk.origins are as busy as ever, with damn little spam. The groups that seem to be dead or dying are mainly the vanity groups like alt.barney.die.die.die.

--
The world's burning. Moped Jesus spotted on I50. Details at 11.
============

Nonsense

(Score:5, Insightful)
by dpilot (134227) Alter Relationship on Friday November 18, @11:11AM (#14063702)
(http://slashdot.org/ | Last Journal: Thursday May 12, @08:37AM)
IPV6 could well be DOA, because it solves the wrong problem.

IPV6 solves the problems of the Internet, as originally conceived - egalitarian and end-to-end.

Nobody in power wants that any more. I'm sure that those in power would mostly prefer that the Internet would just go back and hide under the rock it came from, but they DO like the benefits it gives to THEM. If IPV6 goes forward, it'll only be because it has enough momentum as the "logical successor," and because TPTB can't propose what they'd really like.

If IPV6 were being designed TODAY:
It would have DRM built-in for the ??AA, as well as router-based monitors and controls for peer-to-peer networking.
It would have built-in provisions for wiretapping, even at the opportunistic VPN level, for government TLAs.
It would have content and traffic filtering provisions, for China and the Religious Right.

Of course IPV6 really runs counter to all of these "design criteria."
================

In other news...

(Score:5, Insightful)
by patio11 (857072) Alter Relationship on Friday November 18, @08:49AM (#14062328)
"Next year to be really, really scary on the computer security front", says a company which makes money from designing Comprehensive Solutions to Security Threats yet cannot decide whether keyloggers are silent but lethal or whether they have observable symptoms like a system slowdown (because you KNOW your 1 GHz Pentium just crawls when it tries to do processor-intensive tasks like parsing keyboard input). Honestly, these kind of folks give security research a bad name. Its like the doctor down the street who says "Hey, AIDS cases are likely to increase next year -- symptoms include coughing or feeling less energetic than you usually do. Be afraid!"
============

Re:Why this is necessary

(Score:5, Insightful)
I don't think the Founding Fathers ever intended the "one dollar, one vote" system that occurs when you don't have regulation of campaign finance.

Do you?
---------------

Amendment I

(Score:5, Insightful)
by Woldry (928749) Alter Relationship on Thursday November 17, @10:08PM (#14059926)
"Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances."

Freedom of speech applies to political speech. Campaign finance laws are blatantly unconstitutional. This ruling is offensive because it implies that only established and recognized "press" entities qualify -- and the government, whose interest is markedly not neutral, gets to decide who is and isn't "press".
--
Guy walks into a bar. Bartender says, "What is this, some kind of a joke?"
-------------------

If JPGs aren't available...

(Score:5, Funny)
by ian_mackereth (889101) Alter Relationship on Thursday November 17, @08:40PM (#14059389)
then beware of geeks bearing GIFs.
-------------

Interestingly, I could have been a target of Unisys, except they couldn't have gotten much blood from this stone. I was the original author of the "compress" program, which turned into an early "open source" effort (although the term hadn't been invented at the time). Compress was an implementation of LZW, based on Welch's 1984 paper in Computer. Only later was I informed that it was patented. After it had been incorporated into Berkeley Unix releases and into the GIF format. I was happy when that patent finally expired, but I had absolutely no doubt of its legitimacy.

As for the claimed superiority of PNG over JPEG, I'd say it depends on the application. JPEG was designed precisely and specifically for the purpose of compressing photographic images. Such images

  • Do not compress well using techniques like LZW and Huffman coding
  • Have intrinsic variation in pixel values due to noise in the recording process
  • Don't have precisely straight and sharp edges
These characteristics make them poorly suited to lossless compression techniques, and also mean that a lossy technique will not degrade the image further than the original noisy recording method did. (Unless you turn up the loss level too high.)

Because of the "if you have a hammer, every problem looks like a nail" principle, people have used JPEG in applications that it's not suited for -- applications where the lossy compression DOES degrade the image quality, and where a different method (LZW, for example) would in fact give a smaller file. Then other people point at these examples and say "PNG (or GIF) is better than JPEG!" My toolbox has hammers, screwdrivers, wrenches, etc. I try to pick the appropriate tool, and don't hammer with a wrench, for example. The same should be true of our computer tools.
===================

by Harry Balls (799916) * Alter Relationship on Thursday November 17, @07:27PM (#14058845)
Elementary, Watson.

Once a user logs on, a logon script mounts his own personal "network drive" from a central file server.

Just configure OpenOffice so that OpenOffice will read (and write) the OO configuration from that personal "network drive".
Yes, a user could still mess up his configuration, but that would only affect himself, not others.

--
Dedicated Linux servers with root access only [hostingator.com]
-----------------

Use a macro

(Score:5, Informative)
by David_Bloom (578245) Alter Relationship <slashdot@3lesson.org> on Thursday November 17, @07:31PM (#14058889)
Make an OpenOffice.org BASIC macro that sets the configuration settings [openoffice.org]. Put the macro in an empty document, and make it autoopen that document on startup only once (also code the document so it closes automatically once it's done).
-----------------
Especially the really heavy users of Excel? The ones who build "models"? Don't tell them, but all that "macro" stuff they build? It's essentially a furball of VB. Furball? Yes, because it's been written by somebody who doesn't know how to program. They just keep whacking at it until it works.

And guess what? It doesn't work in OpenOffice.
==================

OOo 2.0 Network Installation Script

(Score:5, Informative)
by mgpeter (132079) Alter Relationship on Friday November 18, @09:34AM (#14062724)
(http://www.pcc-services.com/)
I created a Kixtart Net install script to rollout OpenOffice.org 2.0 - The requirements are simply a Domain Admin Account and the ability to access the Default Administrative Shares that Windows automatically creates.

You can Download it at

http://www.pcc-services.com/kixtart/scripts.html [pcc-services.com]

For the default saving into Office filetypes - All of the user settings are saved in XML files and you can edit these files before you roll-out OpenOffice.org. To do this simply adjust the settings on a separate machine, find out what file was modified to see what you need to change in the default installation. For instance I created a menu item for my script to add a "From Gallery" option to the "Insert - Picture" Menu.
----------------




0 Comments:

Post a Comment

<< Home