James Fallows

James Fallows is a national correspondent for The Atlantic and has written for the magazine since the late 1970s. He has reported extensively from outside the United States and once worked as President Carter's chief speechwriter. His latest book is China Airborne. More

James Fallows is based in Washington as a national correspondent for The Atlantic. He has worked for the magazine for nearly 30 years and in that time has also lived in Seattle, Berkeley, Austin, Tokyo, Kuala Lumpur, Shanghai, and Beijing. He was raised in Redlands, California, received his undergraduate degree in American history and literature from Harvard, and received a graduate degree in economics from Oxford as a Rhodes scholar. In addition to working for The Atlantic, he has spent two years as chief White House speechwriter for Jimmy Carter, two years as the editor of US News & World Report, and six months as a program designer at Microsoft. He is an instrument-rated private pilot. He is also now the chair in U.S. media at the U.S. Studies Centre at the University of Sydney, in Australia.

Fallows has been a finalist for the National Magazine Award five times and has won once; he has also won the American Book Award for nonfiction and a N.Y. Emmy award for the documentary series Doing Business in China. He was the founding chairman of the New America Foundation. His recent books Blind Into Baghdad (2006) and Postcards From Tomorrow Square (2009) are based on his writings for The Atlantic. His latest book is China Airborne. He is married to Deborah Fallows, author of the recent book Dreaming in Chinese. They have two married sons.

Fallows welcomes and frequently quotes from reader mail sent via the "Email" button below. Unless you specify otherwise, we consider any incoming mail available for possible quotation -- but not with the sender's real name unless you explicitly state that it may be used. If you are wondering why Fallows does not use a "Comments" field below his posts, please see previous explanations here and here.

James Fallows: Security sanity

  • I Opt In! And Other TSA News of the Day

    'Or are you just glad to see me?'

    hawley.jpg1) Permanent emergency. Kip Hawley, right, who was TSA administrator during GW Bush's second term, has an important and eminently sensible-seeming big essay today in the WSJ on re-thinking airport security. I was out of the country during most of his time in office and have never met or interviewed him, so I don't know how what he says now matches what he did then. Also, I have not yet read his new book laying out his views at greater length. But at face value this essay makes convincing points about "security theater," which I hope will carry extra heft because of his background.

    Most of Hawley's points accord with my pre-existing views, so naturally I think they're correct. But on one, he has changed my mind, or at least opened it. If you've been in countries where you can keep your shoes on when being screened -- as I've recently experienced, for instance, in both Australia and China -- you are amazed by how much this reduces the cumbersomeness and delay of the screening process. Hawley says he came to TSA determined to change that rule but became convinced that it still mattered. You can read his case for yourself.

    Here is a point so obviously true that I wish Romney and Obama were competing to embrace it. An item on Hawley's must-do list is:

    Eliminate baggage fees: Much of the pain at TSA checkpoints these days can be attributed to passengers overstuffing their carry-on luggage to avoid baggage fees. The airlines had their reasons for implementing these fees, but the result has been a checkpoint nightmare. Airlines might increase ticket prices slightly to compensate for the lost revenue, but the main impact would be that checkpoint screening for everybody will be faster and safer.

    2) I opt in! As I've mentioned more than a few times, I take a dim view of the TSA's new "backscatter" full-body-scan machines. That is because they use X-rays, and my policy toward ionizing radiation is to avoid it when I can. Yes, I am aware that sitting at high altitude inside an airplane exposes you to extra cosmic radiation. But unless you travel in a lead-lined plane, which creates engineering challenges of its own, that's an inextricable part of the flying equation. About backscatter machines you have a choice, and I have chosen to opt-out.

    But if my concern is about needless (in my view) exposure to X-rays, then there is no reason to worry about the similar-seeming but technically different other kind of full-body scanner. This is the millimeter wave machine. Sometime later I will describe a meeting that Jeffrey Goldberg and I had, in February, with TSA officials to explain how these machines work, and what images the operators see. The point for the moment is: millimeter-wave machines are of course based on a form of radio-frequency transmission, not X-rays. I know that there are scenarios and hypotheses in which radio-frequency waves can theoretically be dangerous. But my working policy is:
       X-rays are assumed dangerous unless demonstrated to be safe
       Radio waves are assumed safe unless demonstrated to be dangerous.

    So I recently opted-in to my first millimeter-wave scan, at DC's National Airport, and lived to tell about it (although I look for lines with metal detectors as my first choice). Here's the handy guide. (roundish in shape, transparent open sides): I opt in.
    MilliWave.png

    Backscatter scan (two big boxes that you stand between): I opt out.

    005_rapiscan_secure_1000sp.jpg


    3) Or are you just glad to see me? A reader who has lived and worked around the world sends the not-entirely-constructive-in-spirit plan he has for his next trip through security.

    My prank is somewhat tasteless, so be forewarned.  It's taking Jeffrey Goldberg's kilt proposal and turning it up to eleven.  I want to opt-out while wearing a large dildo strapped to my inner-thigh.  The look on the screener's face when he discovers it would be priceless.  As far as I can tell, the list of prohibited items says nothing about large latex appendages, so I couldn't be accused of trying to smuggle anything in. 

    Of course, with my luck, the whole situation would spiral out of control and end up going viral on the internet - not exactly the way I wish to gain international notoriety. It also strikes me as a good way to get fast-tracked onto the No-Fly List. 

    Pleasurable to think about, but never something I'd actually do.

    Which brings us back to a central argument of Kip Hawley's piece: that the cookie-cutter experience most passengers have with the TSA makes it harder for travelers to think of the agency as helping us all avoid extreme risks, and easier to think of it as a rote rule-enforcer to be exasperated with, and to think subversive thoughts about. In the long term its effectiveness depends on people feeling that they are working with the TSA rather than against it. Let's hope Hawley's essay makes a difference.

    Millimeter wave

  • Clash of the Titans! Airport-Security Culture vs. Brazilian Carnival Culture

    Dancing through the TSA queue: it doesn't happen here

    Two powerful forces. When they collide, which will prevail?

    As it turns out, it's no contest. A reader writes about what played out at this year's Carnaval:

    This video touches on two of your themes: airport security and cross-cultural differences. It's a bloco, or parade dance party, at Santos Dumont the city airport for Rio de Janeiro. Minute 1:30 to 2:00 has the best sambaing. [JF: Yes, by all means see at least that part. And here is more on the namesake Alberto Santos-Dumont.]
    I doubt that the same joie de vivre is possible in a TSA-sanctioned environment.

    I share such doubts. On a more positive note, soon I will offer a declaration of peace, at least on one front, between my own personal preferences and the rules of the modern TSA. Meanwhile, Viva Brasil!
    __
    Update. A reader who travels very frequently in and out of China's main airports was in Beijing Capital airport today. He sends a shot of the security line a few hours ago at what is now the second-busiest airport in the world.

    Thumbnail image for PEKTSA.JPG


    Passengers are entering the screening queue from the left of the scene above and passing through metal detectors there. Then they head toward their planes (including the man walking toward the camera at the left). The reader writes, under the subject line "Beats TSA":
    Greetings from Beijing Airport! Last year I sent you a photo of the TSA equivalent and it's still so much better than TSA! You could say in software terms it's a much better UX! [User Experience.] Every time!
  • Today's Online Security Tips

    More ideas on avoiding the 'Mugged in Madrid!' nightmare

    1) I am not a fan of the "less info! more blank space!" new look of Gmail, described by the company as "cool" and "modern." Fortunately the company offers customization options. (Although there is an ominous note in the Gmail blog suggesting that it might take those options away: "Our new interface will eventually expand dynamically to accommodate different screen sizes and user preferences, but until then you can pick the information density that you prefer." Until then?)

    For as long as the customization era lasts, you can apply the tips that Alexis Madrigal recently offered to show more actual email on your screen. Call me crazy, but my email is what I'm hoping to see when I load Gmail.

    LastPassGoogle.png2) I am a fan of Gmail's "two step authentication" system, as mentioned in items so numerous that I won't link to any of them. (I will, though, link to my article on why you really, really don't want to have your email account hacked.) Via reader MQ, news that the password-manager system LastPass is piggybacking on Google's "two-step" security system, to make its role as a "vault" for your online passwords all the more secure.

    I am also a big fan of password managers. I use LastPass, but many are good, and 1Password and RoboForm are also very well known. All of them are designed to solve the Catch-22 problem of passwords: A password that is easy to remember can be easy to hack, and passwords that are hard to hack can be impossible to remember. One way out of this predicament, as mentioned before, is to use long "phrase" passwords, as described in my Hacked article. But another is the online-manager approach: a browser extension that remembers your passwords and applies them automatically when you visit sites.

    Does using one of these managers make you even more vulnerable, in that anyone who hacked your master account would get all your passwords at once? Well-run sites, like the ones mentioned above, should reduce rather than increase your risk. Partly that is because of a human-factors bet: that users will do better thinking up and remembering just one very secure password to guard all the others, than they will trying to juggle dozens of passwords on their own. It's also due to a technical arrangement: your passwords are stored at the master site in a gibberish form that can only be deciphered in combination with info that you enter each time, or is on your local machine. See this explanation of LastPass's approach to this problem. So, things could go wrong, but on balance they seem safer. And the more you worry about this, the greater the incentive to switch to "two-factor" system like the one LastPass has just introduced.

    One more point, particularly significant to those who travel overseas or otherwise do a lot of work from "public" computers. Very often when using internet cafes in China, I would worry about "keystroke loggers." These are devices that can track everything entered on a computer and thereby get any username/PW combo that you type in. Manager programs enter the passwords without your doing anything on the keyboard and therefore avoid this vulnerability.

    3) Via reader BW in Washington state, this Computerworld story on a free service, to all appearances legit, that offers clues about whether your email address has been compromised. It is called PwnedList.com, and if you merely enter an address it tells you what it has founded on data bases of compromised sites.
     
    This is not a perfect guide to whether you'll actually have trouble. My wife's Gmail account, which was the object of a devastating hack about six months ago, comes up clean on the PwnedList -- whereas my address, which to the best of my knowledge has not been compromised, gets a warning message. (That warning comes from last December, when I was out of the country. I've changed the password several times since then.) Still, worth a look.

    After the jump, a couple of reader testimonials on other tips and tricks.

    More »

  • More About 'Secret' Info on the Front Page

    Sometimes "security theater" has a hidden -- and plausible -- plot line

    I mentioned yesterday a memo sent to employees and contractors of the Department of Commerce, warning that even though Wiki-leaked State Department cables had been published all over the world, their contents should still be considered "classified." Therefore employees were still forbidden to quote or discuss this material while using their workplace computer or email systems.

    Since then I've received copies of similar memos from almost every federal Department and many big contractors. And many accounts like this, from a reader:

    >>A number of defense contractors have taken the step of totally blocking access to the Wikileaks web site, to prevent employees from accessing the leaks at work.

    As well, they've issued warnings not to even think about keeping copies of any of the leaked documents on any company IT assets, lest the company as well as the individual responsible be guilty of a security violation.<<

    But a number of past and present government employees have written in to say: Not so fast. What may look like a pointless "shutting the barn door" gesture actually has some merit. For the record, here's their case:

    As a matter of principle, one person explained to me, anyone who handles classified material has signed a legal pledge to protect that information. The fact that someone else -- say, Pfc Bradley Manning -- has broken the pledge doesn't relieve others from the legal commitment they made.

    That may seem purely symbolic -- although, as another person pointed out, leaked information would have additional weight if the act of leaking freed everyone in the government to say, "Oh, sure, that's all true" rather than declining to comment. But a scientist who has done classified work wrote to explain the practical consequence that had federal administrators really worried: the "contamination" and consequent immobilization of their regular, non-classified computer networks with still-classified info. This scientist says:

    >>I am not a fan of 'security theater'. But I am actually sympathetic to the officials that put out the memo....

    If you discuss classified info on an unclassified computer system, then you have contaminated your hard drive.

    That is very, very bad for your workplace productivity because an IT person has to come over, take out your hard drive and run it through a shredder.

    You will get a new HD with your last 'clean' backup.

    You think that is not a big deal, because your stuff is backed up over the network nightly or hourly.

    But you share a backup tape or drive with other folks, who may also be chattering [ie, quoting a Wikileaked passage that they saw online or in the NYT]. Suppose they started chattering last week? When was your last 'clean' backup?

    This can be a real nightmare as a small cadre of IT staff have to scrub hundreds (or thousands) of systems while people sit on their hands, waiting to get their system scrubbed.

    Just because something has been leaked, doesn't mean it is now clear. That email isn't a threat. It's a reminder to people not to put classified info on their unclassified hard drive or mail server.

    If they have to shut down a mail server because of your indiscretion, all your coworkers on the same mail server will also be shut down. And some of them might hold grudges or be less helpful when you need a favor in the future.<<

    Reasonable point. Update: An interesting Christian Science Monitor story on similar concerns, here.

  • True Thankfulness -- Plus, Christmas Comes Early

    A step toward sanity for the holidays?

    From the NYT just now:ColorCode.png

    Merciful heavens, we give praise and thanks -- if we are indeed saying goodbye to this:

    dhs-threat1.jpg

    What is wrong with the familiar monotone "The Department of Homeland Security has determined that the threat level is 'Orange' " announcement and mentality?

    1) It is meaningless. You hear that at the airport in San Antonio, when there's a threat in Baltimore?

    2) It is unhelpful. What exactly are you supposed to do? Apart from being worried?

    3) It is ignorable, since it hardly ever changes. It's been "Orange" since the summer of 2006. It has never been "Blue" or "Green." The U.S. "surges" in Iraq and then withdraws; it has Bush and then Obama; a Republican majority in both Houses, then Democratic, then a Republican House again; it changes strategy in Afghanistan; it has an "underwear" bomber and then introduces new machines -- and through all this time, we are steady at "Orange."

    So we have movement on the lamentable color codes; and the TSA backing off strip-searches of uniformed pilots; and today's apparently low-stress day at the airports... perhaps there is a common-sense way out of the security-theater ratchet? I'll hope so, and on that positive note bow out until next Monday. Happy Thanksgiving.
  • A Way Out of the Security Theater Impasse?

    Could the public accept responsibility for important choices?

    I mentioned earlier today that I was fatalistically resigned to the security-theater "ratchet." Politicians or security agencies can keep loading on extra "security" features, but politically they can't afford to take them away. My colleague Ta-Nehisi Coates came to a similar conclusion here.

    From reader Don Friedman, a suggestion that might initially seem trivial but that appeals to me more as I think about it. It's a way to have the public share responsibility for setting the right balance in "security" measures, rather than complaining about measures the government introduces and then blaming politicians if anything goes wrong. He says (emphasis added): 

    >>As you suggest, the controversy over the new security measures gives us the opportunity to think about what level of risk we are willing to bear, recognizing that risk can never be reduced to zero....

    The outcry against the new search techniques creates an opportunity here for the Administration to start a process to educate the public about the risk equation. Were I the President, I would immediately arrange for polling of air travelers in order to get some data as to just how unpopular these measures are. If the polling shows that these measures are actually supported by the majority of travelers, then the Administration should announce that fact and state that, since air travelers want this additional level of security, we'll keep the measures in place. If, on the other hand, polling shows these to be unpopular, the President should make a speech to the country in which he announces the suspension of these security measures by popular demand and then discusses the risks of terrorism, talks about the fact that the country is not prepared to take every possible precaution (since to do so would turn the country into an environment akin to the old Soviet Union), and we need to balance the efficacy of security measures against the impact on quality of life and the rule of law.

    This can, and should, be used by the President as a "teaching moment" which we badly need. I think that most people in this country, characteristically, want it both ways--they want an absolute guarantee of safety and they don't want to be inconvenienced. People need to understand that there are trade-offs here.<<

    You can imagine practical problems here. If you poll only air travelers, is that elitist? And who counts as an air traveler anyway? And how do Presidents conduct polls? And so on. You can  also imagine conceptual issues. Would people really take "responsibility" for a different security/liberty balance, once an attack occurred? Etc. But with those to one side, it's a very useful thought experiment about how to get out of this bind, by involving the public in this choice.

    After the jump, two other messages about striking the right security balance. Then I will try to leave this alone for a while.

    More »

  • Body-Searching Children: No for the US Army, Yes for the TSA

    The U.S. military outlaws in Afghanistan what is now routine in TSA screening lines

    Please read the note below. A US Army staff sergeant, now serving in Afghanistan, writes about the new enhanced pat-down procedure from the TSA. Summary of his very powerful message: to avoid giving gross offense to the Afghan public, and to prevent the appearance of an uncontrolled security state, the US military forbids use on Afghan civilians of the very practices the TSA is now making routine for civilian travelers at US airports. Here is what he says:

    >>In reading your post and the most recent one from Mr. Goldberg about the War on Terror and pedophilia, I am disturbed. What bothers me is that I am on the verge of re-deploying from Afghanistan after a 10-month combat tour that involved having to deal with, among other things, conducting searches of local nationals when involved with security tasks within my Infantry company. At no time were we permitted or even encouraged to search children or women. In fact, this would have been considered an extreme violation of acceptable cultural practice and given the way word travels here, been a propaganda victory for the Taliban.

    Yet somehow the TSA is engaged in this at home while my unit and I spent our tour unable to safeguard ourselves equally in an environment where the Taliban have often disguised themselves in burkas and used children as both spies and fighters. While I have no conflict with the necessity to safeguard civilians against terrorism or with the risks we all voluntarily assumed as Soldiers, it seems as if the bureaucracy has become so obsessed with safety that we have forgotten that war entails risks beyond those of physical combat. If we are truly at war, then we need to decide what civil liberties we truly view as negotiable and which are inviolate- otherwise the greater risk than underwear bombers at home will be losing the values that make us unique as a nation.

    These people terrify us as much as we allow them to. Apparently FDR's idea about "the only thing to fear" is lost on TSA and the current administration.<<

    Everything about security involves a balance. "Perfect" security would mean complete controls on freedom, elimination of privacy, etc. Someone who is now exposed to real, daily danger in Afghanistan because of decisions about the proper balance argues that we need to be braver society-wide. Yes, soldiers accept different risks from those that are tolerable for society at large. But this is profound and powerful testimony.

  • Security Theater: The New War of 1812

    The Brits fight back against the TSA

    [Update after the jump.] My plan had been to lay off the TSA/Security Theater dispatches unless some actual event made it seem odd not to say something. That event has now arrived, in the form of complaints from Martin Broughton, the chairman of British Airways (!), saying that symbolic, redundant, and inconsistent aspects of American airport security screening had gotten out of hand. More here, here, and here. Thanks to many readers worldwide for writing to ask whether I'd seen this news.

    I'm using this occasion to kick off a master wrap-up of recent user comments on "security theater" generally. Some people are tired of the (my) whining on the topic; others think that a free society depends on exactly such continued whining. The first part of the compendium comes after the jump, with comments from readers who are tired of carping criticism of the TSA. Later on, some comments on the other side. As a send off, here are the final words of a Guardian article today on Martin Broughton's request for pared-down security-theater requirements:

    "Broughton is right. But history shows his words will have no useful effect. Nothing will change."

    For more, read on.

    More »

  • Airline Electronics: Rosen-v-Virgin America

    Can an airplane match the Bolt Bus as a tech-friendly conveyance? The jury is still out.

    Two tech items for today.

    1) Power Outlets on Virgin America. This week Jay Rosen, of PressThink and NYU, chose Virgin America for a trip to Las Vegas, in part because of VA's tech-friendly features. It offers wifi internet coverage on all trips -- just like the Bolt Bus! and Acela -- and, also like the bus and the train, has "regular" power outlets at seats. Not just those odd "EmPower" outlets you find on some premium seats on United, American, etc, which put out 15 volt DC power and require a special adapter, but instead a standard socket that (presumably) supplies standard 110 volt AC power.

    Empower.jpgBut to Rosen's dismay, he found that whole banks of the sockets seemed to lose power at intervals throughout the trip. He sent out a Tweet about this in flight -- and, while still in the air and wondering about his battery's reserve, he had a long Twitter-mediated discussion with Virgin America's PR department on whether they were making false claims about their internet-era features. Whole skein after the jump -- Rosen's opening dispatch, and then the followup Direct Messages.

    Interesting tech aspect for the future: whether airliners as presently equipped (and regulated) could actually handle a whole planeful of AC-power-using passengers. At the moment, Virgin America's apparently can't. The company's Twitter messages to Rosen explain that power is automatically cut to certain users when the load becomes too great. (Rosen's argument: Well, don't advertise that you have power throughout the plane, then.)

    Interesting tech aspect for the present: the real-time reputational management that companies or institutions must be prepared for. Obviously Virgin's PR department has alerts set up for blog or Twitter mentions and is ready to respond. No larger point, but an interesting instance.

    UPDATE: A reader writes to say that Virgin America really should have replied to a complaint about "unreliable AC power during flight" with a link to this famous Louis C.K. riff on "Everything's Amazing and Nobody's Happy."

    2) Noise-canceling headsets. Southwest Airlines's route structure doesn't match where I usually travel, so I don't fly on it often. When I do, I'm usually glad (and these are usually short trips). It's refreshing that its staff members act like actual people rather than "staff members" and, compared with some other airlines, seem less unhappy with their predicament and their passengers. They are famous for delivering the mandatory safety announcements as if they were really talking, rather than reciting a catechism from memory. And in the SWA inflight magazine yesterday I saw this refreshingly common-sense touch:SWHeadset.png
    The part to notice: the lower right-hand corner announcement that noise-canceling headsets, by Bose, Panasonic, Philips, et al, are perfectly fine to have switched on at any point in the flight.

    From a technical point of view, every airline should permit this on every flight at any time. There is no plausible reason to think that noise-canceling headsets could in any way interfere with an airplane's operation. I could give a long explanation, but the short version is: they were invented for pilots to reduce the stress and ear damage that come from exposure to airplane noise. Except in pressurized airplanes where the cockpit has other kinds of noise protection,  pilots -- sitting right next to the controls and displays -- are wearing them, switched on, during the whole flight, notably including takeoff and landing. (They also often have their cell phones turned on right next to them, but that's a different story.) Every hour I've spent flying an airplane has been with noise-canceling headsets running -- at various stages, models from David Clark, Lightspeed, and Bose. That's why I can still hear! There is zero possibility that your headset in seat 13D has any effect on a commercial flight.

    So why, on other airlines, is there a last-minute war with the flight attendants about switching headsets off? I can imagine one reason: during takeoff and landing, when the flight crew has to entertain the possibility of an evacuation, you want to remove any barrier to getting the passengers' full attention. If an airline explained it that way, OK. But when I've asked attendants about it (nicely!), I've always heard that this is part of the "anything with an Off/On switch must be turned OFF" no-exceptions drill, which makes as much sense as being sure that your digital camera is turned OFF.

    This is a tiny point, so why mention it? Because the headsets-off rule has the drawback of other "safety theater" routines: an insistence on pointless restrictions can, over time, undermine respect for the rules that really matter. So congrats to Southwest for a minor but welcome step toward common sense. (For another time: why the "cell phones turned off" rule is slightly more plausible, even though it is obviously never enforced and therefore not taken seriously.)

    After the jump, the Rosen-Virgin America chronicles.

    More »

  • The TSA and Me: Allies at Last

    The good news about aviation security

    In the endless quest for balanced coverage on all topics, two better-news items about the TSA and the effort to distinguish "security" from "security theater."

    1) "Recognizing a problem is half the battle" department. From an interview yesterday in the Atlantaic [oops - muscle-memory typo] Journal-Constitution with John Pistole, the new head of TSA. Pistole says:

    "I see my job and really TSA's job as one of really managing risk. So my goal is to ensure that we provide the best possible security for the traveling public but doing it in a way that provides greater scrutiny to those that need greater scrutiny, and so we don't use a cookie cutter approach for everybody. Right now we use somewhat of a blunt instrument to screen virtually everybody the same way. And my goal is to use intelligence in a more informed fashion so we can apply greater scrutiny to those who need it and keep up with throughput in that fashion. [Emphasis added.]

    2) "Not even the mighty Chinese have figured this out perfectly" department. Andrew Galbraith, editor of the China Economic Review in Shanghai, writes in with his report:

    >>A note on the growing ridiculousness of security theatre - and a reminder it's not just the TSA!

    I have an artificial leg, which always sets off the metal detectors - I always alert the security personnel, and in most places, a few swipes of the wand and a pat down is considered enough. I've found it useful occasionally to hitch up my pant leg as an additional illustration. In China, going back approximately to the Olympics, security personnel usually ask me to go to a separate screening room. Apparently, hitching up my pant leg there is "more convenient."

    Flying out of Pudong Airport Terminal 1 to Thailand a few weeks ago, I was asked to go the screening room, as usual - but then was told I would have to take my leg off for a safety check. I refused. I was told that this was the rule, and that I would not be allowed to board the plane if I did not comply. I replied that I was happy to comply with a standard security check, but that I would not take my leg off - and that in six years of flying in China, I had never encountered such a rule. Their response was something along the lines of "从很早就有这个规定".* I'll admit that after a few minutes of such bureaucratic stonewalling, I lost my temper - but in the end, I nevertheless had to sit in the room for several minutes, legless, while they carried my prosthesis and passport away "为了你的安全."*

    For all the annoyances I've had at North American airports, I had never encountered a security check as demeaning as the one at Pudong. That must count in the TSA's favour, somehow!<<

    *[ According-to-me rough translations: "No, it's always been this way" for the first, and "for your own safety" for the second.]

    After the jump, a reminder of why Mr. Pistole is right in identifying a "cookie cutter approach" as a sensible next target for reform.

    More »

  • The Teva Menace: Pro and Con

    An argument about the way forward in ending "security theater"

    After yesterday's report about four-year-old girls taking off their sandals in the airport security line, one reader writes:

    Several years ago, a TSA agent at the Islip/Macarthur NY airport made us remove a pacifier from the mouth of our toddler daughter before going through the metal detector. After she started crying, he said, rather sarcastically, "If that's the worst thing that happens to her all day, it's a pretty good day."

    I haven't punched anyone in the face since I was fourteen years old, but I kind of regret not slugging the jerk. (Though I'd probably be in federal prison right now if I had...)

    But another demurs:

    It certainly sounds stupid to make 4-year old girls remove their sandals. But here's what I think is going on: The TSA doesn't want their employees working on the security lines to exercise independent judgment about what constitutes a potential threat and what doesn't. These men and women have a limited amount of training and it certainly isn't enough to be able to spot a potential terrorist.

    I think this approach is correct. Yes, it does lead to some absurdities, like making 4-year olds remove their sandals. But this sort of rigid application of the rules doesn't terribly inconvenience anybody and it doesn't appreciably add to the length of time it takes to get through security. Better that everyone be subject to the same rules than that some 26-year old TSA employee, with a 2-week training course under his or her belt, be charged with the discretion to decide who looks like a possible threat and who doesn't.

    Could they revise the protocol so that travelers don't need to remove sandals? Maybe that would make sense, but bear in mind that the more rules there are and exceptions to rules, the less reliable the system will be. If there are too many rules or exceptions to rules, more mistakes will be made by the TSA personnel. That's not in anyone's best interest.

    It's a fair point that rules are rules, and that as soon as you allow or require each TSA agent to make judgment calls, you're asking for new complications. Lines would probably be longer and, if anything, more confrontational, since each individual agent's judgment, rather than "the rules," would be the source of intrusions we didn't like.

    Still, the fundamental problem with "security theater" is that it elevates the appearance of greater security, plus the machinery and process of seeming safety-concerned, over the reality. In my view, the no-exceptions, no-common-sense-allowed application of rules undermines the long-term faith that the security authorities know what they are doing. We're really making the pilots of the plane (along with four-year-olds) give up their bottled water at the checkpoint? What do we think they're going to do with it? If a pilot is a secret agent bent on suicide terrorism, confiscating his water isn't going to make any difference. And in all other circumstances, since we are after all trusting him to fly the damned plane, why won't we trust him with his water?

    In a larger sense this is why it's a shame that the TSAs's "intelligence-based" program to identify probable threats, as opposed to its "apply the same rules to everybody" approach at the airport checkpoints, has so far proven disappointing.  (Background here.) And someone with long involvement in this field wrote to me recently, more and better intelligence-based security is the only sensible way ahead for the TSA:

    You can't have it both ways -- thumping on TSA for security theater in its traditional checkpoint screening and then, when TSA introduces an intelligence-driven, non-intrusive layer of security, whack 'em again.... TSA needs encouragement to do more things that are intelligence-driven. They are very risk-averse from the public affairs point of view and if, even when they venture out into smart security, people like you beat on them, it will cause them to stick with the old stuff.

    Again a fair point. So, for the record, I henceforth resolve to be supportive and constructive -- including with constructive criticism! -- in urging TSA to develop the intelligence-based systems that will mean less hassle for four-year-olds, teething infants, and uniformed flight crews, and more on more-probable malefactors. (And, yes, I realize that the next stage is a debate about "profiling" -- that is for another time. "Profiling" is merely "intelligence" done clumsily.)

  • Security Insanity, Cont.

    More front-line accounts -- from Shanghai, Dublin, Rome, Manhattan -- in the ongoing struggle against security theater

    In dispatches previously here and here, I mentioned one instance of security-theater being ratcheted back, and another of its permanence. Now, two more items reporting modest progress in the "sanity about security" campaign. After that, some less heartening accounts. A reader writes:

    Security was ratcheted back at Heathrow recently. Yesterday I got a flight Heathrow-Dublin and accidentally left my pocket knife in carry on. Instead of losing it, it was allowed - new rule is blades under 6cm are ok. Unfortunately, it wasn't allowed on the way back Dublin-Heathrow, which is expectedly silly. Fortunately I could check my bag.

    In the same vein:

    I hesitate to mention it, but I have noticed that it is now rarely necessary to take one's quart bag of cosmetics out of one's carry-on bag when going through TSA screening in the U.S. and China (China experience was last night). I presume that the screeners can see it and analyze it easily enough using the X-ray machine.

    On the other hand, reader Kostya, from upstate New York, reports:

    I was standing in the security line at a Manhattan federal building recently. My partner Barbara was with me and I told her it was strange for me being there and seeing the photos of President Obama and Vice President Biden staring down on us. The last time I was there, the photo was of GHWB and I did not remember VP Quayle being there. It was further strange to me since I now live in a Catskills hollow and rarely go into government buildings and I am not used to seeing Barack Obama's smiling presidential photo anywhere except on my computer screen.

    A guard in the security detail heard me say this to Barbara and came up to us and asked us to show him our identification. No on else in line was asked to produce IDs. We complied and he seemed satisfied. While walking away from us he asked me to stand on the carpet, the common kind of narrow runner many buildings and homes use. Evidently, the carpet has hidden powers that keep the building secure.

    I admit I was pissed that the security guy, someone who gets paid to spend his day hanging out near an x-ray machine telling people to stay on the carpet, offended me. Plus, he was black and I am white and my unconscious racism must have contributed to my anger. My experience was a "how dare he" moment on many levels.

    Nevertheless, it was my conversation with my partner, my speech, that made this guy ask us and no one else, for our ID. Had I complained about being singled out, we probably would created a major incident that would have included our being arrested and/or removed from the building and missing our meeting.

    Just another anecdote from the new national security reality.

    And a reader in Italy writes:

    Ever the suspecting, non-trusting fellow, I wonder how many realize that this is not about stupidity or mindless bureaucracy, but about the fastest growing business on earth: security.

    After the jump, a report on the security-theater ratchet in China. Thanks to all.

    More »

  • Sanity About Security: a Step Forward in New York

    A rare victory over the hollow symbolism of "security theater," in New York

    Previously in this series here.  A reader who works in the main Citibank building in Manhattan writes to report:

    My office building is the world headquarters of Citibank. In the wake of 9/11 they decided they needed increased security and so have required all bags and packages to go through an x-ray machine. You could be carrying Dirty Harry's revolver in a shoulder holster under your jacket,, or ten pounds of plastic explosive taped to your chest, but your attaché case had to be screened. Amazingly, after nearly nine years of doing this, they stopped this week, although the announcement from building management reassuringly told us that the x-ray machines are in storage and can be wheeled out at a moment's notice.

    Within my experience, this is just about the only occasion in which security theater has not been subject to a one-way ratchet effect -- once a "security" measure is adopted, no matter how foolish it is, no one ever has the courage to discontinue it. Is there hope that the broader society will follow this brave beacon?

    To the reader's final question: maybe we can find out who had the guts and good sense to make this decision about one (important) building in one (very important) city, and unleash that person to work on the "Threat Level is Orange" charts that symbolize security theater at its most mindless. As always, we take our good news where we can find it. I welcome any similar accounts of the security-theater ratchet being reversed.

  • The "Cyber War Threat" Debate

    Are we worrying too much? Or too little?

    I mentioned back in April that I was going to be out of DC on June 8 -- but that if I had been around, I would have been sure to attend the Intelligence Squared debate at the Newseum on the motion that "The Cyber War Threat Has Been Grossly Exaggerated."

    Well, the results are in, and the "against the motion" side won big. Ie, the team of Mike McConnell, former DNI/NSA director, and Jonathan Zittrain, of Harvard Law School, was apparently way more effective in arguing that the threat was real, than the "for the motion" team of (my natural allies) Bruce Schneier, all purpose security-guru, and Marc Rotenberg of the Electronic Privacy Information Center was in arguing that it has been overstated. Info on all debaters at the site.

    Teams "win" or "lose" these debates by measured movement in audience opinion before and after the discussion. Obviously such results can be cooked, but here are the reported opinions:

    BEFORE: 24% for the motion (agree on "gross exaggeration"); 54% against; 22% undecided.
    AFTER: 23% for; 71% against; 6% undecided.
         Net change: "undecided" vote breaks in a major way for the "threat is real" camp.

    A transcript of the whole debate is available in PDF here. I've just read it through quickly, but on first glance I can rationalize the results this way. First, the "anti" team, especially Zittrain, seems to have taken the requirements of structured debate more seriously than the "pro" team, especially Schneier. A sample from Zittrain after the jump. Second, and to my relief, the "anti" team took great care not to say that a "cyber war" was going on now. Rather its point was, the threat of such a thing happening was serious enough to justify the current level of press and political hype.

    Congrats to all participants. And, no joke, it's a real public service to have debates of this sort that bring top-tier participants together and add the sizzle of prize fight competition to a discussion of issues of first-order importance.

    More »

  • Sanity About Security: Kicking Off a Series

    What if they gave a cyber war and no one....

    I hate negativity! Therefore, as a counterweight to chronicles of "security theater" nuttiness on this site and from Jeffrey Goldberg in the magazine and online, let's kick off a little hall-of-fame feature. It's time to honor people who manage to talk about real threats the nation faces, and ways to cope with them, without succumbing to threat-inflation, chicken-little-ism, fear-mongering, budget-boosting, and the general, cowering, "be very afraid" mentality summed up by the robotic reminders that the "current Threat Level is Orange."

    To start, a retrospective award for recent efforts to counter the idea that the United States is involved in a "cyberwar." James Lewis, of the Center for Strategic and International Studies, is one of the nation's real experts on all the bad things that can happen when governments, criminals, corporations, and other ominous-sounding groups misuse electronic information. I quoted him several times in my article on cyber-threats early this year. But as he pointed out in his speech last month in China, the idea that this constitutes electronic warfare between countries is intellectually lazy and politically and economically dangerous. 

    It's lazy, because it confuses the theoretical capacity to do harm from actually inflicting harm. It's like saying: I'm carrying a pack of matches, so therefore I am actually an arsonist. (Now, the TSA might think that way, but...) It is dangerous not just because it hypes mutual suspicions but also because distracts attention from the real, ongoing source of cyber-menace: the unglamorous but serious reality of corporation-vs-corporation espionage and "normal" criminal fraud.

    Lewis has made this point before, but in a recent speech to the China Institutes of Contemporary International Relations (PDF here), he laid it out:

    Powerful misperceptions on both sides [US and China] shape these decisions but there is one misperception we can clear away immediately. We are not in a cyber war.

    War is the use of force to achieve political ends. It involves using force to attack, damage or destroy an opponent's capability and will to resist. A cyber attack would damage data and perhaps physical infrastructure, create uncertainty in the mind of an opposing commander, and be used for political effect....

    Advanced militaries also have missiles and aircraft and plans to use them, but they will not use these weapons outside of a larger armed conflict. No one would launch a missile or an aircraft at the United States on a whim or as a test, as this would invite a devastating response.... [Similarly] outside of a larger armed conflict, cyber war is unlikely.

    That is: if the US and China are already shooting at each other, they might try to bring down the other's cyber networks too. Otherwise, "cyber war" just is not plausible. Naturally Lewis's argument is more nuanced than the way I'm summarizing it, and it concludes with an assessment of the things we should be worrying about more than we do. But if you read it you'll find yourself cringing the next time someone refers to the harsh new reality of "cyber war." Which is a start.

Video

Is Technology Making Us Better Storytellers?

The minds behind House of Cards and The Moth weigh in.

Video

A Short Film That Skewers Hollywood

A studio executive concocts an animated blockbuster. Who cares about the story?

Video

In Online Dating, Everyone's a Little Bit Racist

The co-founder of OKCupid shares findings from his analysis of millions of users' data.

Video

What Is a Sandwich?

We're overthinking sandwiches, so you don't have to.

Video

Let's Talk About Not Smoking

Why does smoking maintain its allure? James Hamblin seeks the wisdom of a cool person.

Writers

Up
Down

From This Author