I like your points about deterring serious offenders and how random changes do improve security.

It is also hard on passengers when regulations keep changing. Right after the 9/11 security features were put in place, I happened to be carrying a bike allen wrench. I wasted five minutes of their time since I didn’t know it was prohibited, and I wanted to hear options on how I could mail it or send it off. Eventually, they just threw it away in a pile of otherwise very useful items–screwdrivers, makeup, scissors, etc. I wonder what happens to all of those things.

I like to look at things “backwards”. I see the security teams adopting certain specific measures. That leads me immediately to wonder two things. What threat are they trying to protect against, and secondly now that they have possibly identified a threat, what measures could a malefactor do to counter it. I am sure that there are a lot of cleverer people than I who are engaged in doing this for real, as opposed to my rather amateurish attempts. However some things do pop up in the make it hard, but not impossible camp.

It seems to me that a great deal of the security is designed to stop relatively amateurish or naive individuals, but do little to deter determined conspirators. For example, the first test is to show a valid travel document (usually a boarding pass) and a government issued photo id. Well the boarding pass is easily forged (i can log into a web site at home and print the pass for a flight I am going to take). I presume that it wouldn’t be impossible to change a couple of critical fields (like the date) and use that document to gain access to the secured area. Since the security team doesn’t check against passenger lists, that seems to be a good possibility.
Next the liquids. I can bring up to 3 ounces of liquids in a clear plastic 1quart ziploc (TM) bag. So can everyone else. So with my forged boarding pass + my three ounces of peroxide or whatever + 100 friends doing the same thing, I have a pretty potent opportunity. Oh, and the poison in the ink capsule of my expensive fountain pen….

So, as we look at security from another perspective, I suspect the intention is to make it significantly harder for malefactors to do their dirty deeds, and to slow the process sufficiently so that everyone gets photographed.

While the random changes are an annoyance, sometimes I have to put shoes by themselves in a bin, sometimes not. Sometimes I have to take my belt of, sometimes not, etc. The random changes serve a purpose. Classic diversion. How can an observer know which of the security checks matter – in other words how can the observer determine which security precautions actually are designed to protect against a threat, and which are blinds.

Sure randomness might be hard to get, but there’s a lot of tricks to achieve it, something as simple has having the user wave the mouse around to get a sample of points. Something like that would be extremely difficult to replicate in the case of software theft.

But yea, I kind of doubt the software can figure out where terrorists would want to attack with high probability, but crazy random security is better than most alternatives.

That idea from Schneier is very intriguing. And yes, I am one that like to “change the game” Thanks for the great discussion.

Another blog I read by Bruce Schneier, a security expert, addresses airport security frequently. One thing he wrote about it really stuck with me: “We can’t keep weapons out of prisons. Why should we expect to be able to keep weapons out of airports.” (This is probably not an exact quote.) He always advocates taking a broader view and investing more in intelligence and response mechanisms than in specific counter measures. This is akin to “changing the game” as you often say, Presh.