James Fallows

James Fallows is a national correspondent for The Atlantic and has written for the magazine since the late 1970s. He has reported extensively from outside the United States and once worked as President Carter's chief speechwriter. His latest book is China Airborne. More

James Fallows is based in Washington as a national correspondent for The Atlantic. He has worked for the magazine for nearly 30 years and in that time has also lived in Seattle, Berkeley, Austin, Tokyo, Kuala Lumpur, Shanghai, and Beijing. He was raised in Redlands, California, received his undergraduate degree in American history and literature from Harvard, and received a graduate degree in economics from Oxford as a Rhodes scholar. In addition to working for The Atlantic, he has spent two years as chief White House speechwriter for Jimmy Carter, two years as the editor of US News & World Report, and six months as a program designer at Microsoft. He is an instrument-rated private pilot. He is also now the chair in U.S. media at the U.S. Studies Centre at the University of Sydney, in Australia.

Fallows has been a finalist for the National Magazine Award five times and has won once; he has also won the American Book Award for nonfiction and a N.Y. Emmy award for the documentary series Doing Business in China. He was the founding chairman of the New America Foundation. His recent books Blind Into Baghdad (2006) and Postcards From Tomorrow Square (2009) are based on his writings for The Atlantic. His latest book is China Airborne. He is married to Deborah Fallows, author of the recent book Dreaming in Chinese. They have two married sons.

Fallows welcomes and frequently quotes from reader mail sent via the "Email" button below. Unless you specify otherwise, we consider any incoming mail available for possible quotation -- but not with the sender's real name unless you explicitly state that it may be used. If you are wondering why Fallows does not use a "Comments" field below his posts, please see previous explanations here and here.

James Fallows: Security sanity

  • I Opt In! And Other TSA News of the Day

    'Or are you just glad to see me?'

    hawley.jpg1) Permanent emergency. Kip Hawley, right, who was TSA administrator during GW Bush's second term, has an important and eminently sensible-seeming big essay today in the WSJ on re-thinking airport security. I was out of the country during most of his time in office and have never met or interviewed him, so I don't know how what he says now matches what he did then. Also, I have not yet read his new book laying out his views at greater length. But at face value this essay makes convincing points about "security theater," which I hope will carry extra heft because of his background.

    Most of Hawley's points accord with my pre-existing views, so naturally I think they're correct. But on one, he has changed my mind, or at least opened it. If you've been in countries where you can keep your shoes on when being screened -- as I've recently experienced, for instance, in both Australia and China -- you are amazed by how much this reduces the cumbersomeness and delay of the screening process. Hawley says he came to TSA determined to change that rule but became convinced that it still mattered. You can read his case for yourself.

    Here is a point so obviously true that I wish Romney and Obama were competing to embrace it. An item on Hawley's must-do list is:

    Eliminate baggage fees: Much of the pain at TSA checkpoints these days can be attributed to passengers overstuffing their carry-on luggage to avoid baggage fees. The airlines had their reasons for implementing these fees, but the result has been a checkpoint nightmare. Airlines might increase ticket prices slightly to compensate for the lost revenue, but the main impact would be that checkpoint screening for everybody will be faster and safer.

    2) I opt in! As I've mentioned more than a few times, I take a dim view of the TSA's new "backscatter" full-body-scan machines. That is because they use X-rays, and my policy toward ionizing radiation is to avoid it when I can. Yes, I am aware that sitting at high altitude inside an airplane exposes you to extra cosmic radiation. But unless you travel in a lead-lined plane, which creates engineering challenges of its own, that's an inextricable part of the flying equation. About backscatter machines you have a choice, and I have chosen to opt-out.

    But if my concern is about needless (in my view) exposure to X-rays, then there is no reason to worry about the similar-seeming but technically different other kind of full-body scanner. This is the millimeter wave machine. Sometime later I will describe a meeting that Jeffrey Goldberg and I had, in February, with TSA officials to explain how these machines work, and what images the operators see. The point for the moment is: millimeter-wave machines are of course based on a form of radio-frequency transmission, not X-rays. I know that there are scenarios and hypotheses in which radio-frequency waves can theoretically be dangerous. But my working policy is:
       X-rays are assumed dangerous unless demonstrated to be safe
       Radio waves are assumed safe unless demonstrated to be dangerous.

    So I recently opted-in to my first millimeter-wave scan, at DC's National Airport, and lived to tell about it (although I look for lines with metal detectors as my first choice). Here's the handy guide. (roundish in shape, transparent open sides): I opt in.

    Backscatter scan (two big boxes that you stand between): I opt out.


    3) Or are you just glad to see me? A reader who has lived and worked around the world sends the not-entirely-constructive-in-spirit plan he has for his next trip through security.

    My prank is somewhat tasteless, so be forewarned.  It's taking Jeffrey Goldberg's kilt proposal and turning it up to eleven.  I want to opt-out while wearing a large dildo strapped to my inner-thigh.  The look on the screener's face when he discovers it would be priceless.  As far as I can tell, the list of prohibited items says nothing about large latex appendages, so I couldn't be accused of trying to smuggle anything in. 

    Of course, with my luck, the whole situation would spiral out of control and end up going viral on the internet - not exactly the way I wish to gain international notoriety. It also strikes me as a good way to get fast-tracked onto the No-Fly List. 

    Pleasurable to think about, but never something I'd actually do.

    Which brings us back to a central argument of Kip Hawley's piece: that the cookie-cutter experience most passengers have with the TSA makes it harder for travelers to think of the agency as helping us all avoid extreme risks, and easier to think of it as a rote rule-enforcer to be exasperated with, and to think subversive thoughts about. In the long term its effectiveness depends on people feeling that they are working with the TSA rather than against it. Let's hope Hawley's essay makes a difference.

    Millimeter wave

  • Clash of the Titans! Airport-Security Culture vs. Brazilian Carnival Culture

    Dancing through the TSA queue: it doesn't happen here

    Two powerful forces. When they collide, which will prevail?

    As it turns out, it's no contest. A reader writes about what played out at this year's Carnaval:

    This video touches on two of your themes: airport security and cross-cultural differences. It's a bloco, or parade dance party, at Santos Dumont the city airport for Rio de Janeiro. Minute 1:30 to 2:00 has the best sambaing. [JF: Yes, by all means see at least that part. And here is more on the namesake Alberto Santos-Dumont.]
    I doubt that the same joie de vivre is possible in a TSA-sanctioned environment.

    I share such doubts. On a more positive note, soon I will offer a declaration of peace, at least on one front, between my own personal preferences and the rules of the modern TSA. Meanwhile, Viva Brasil!
    Update. A reader who travels very frequently in and out of China's main airports was in Beijing Capital airport today. He sends a shot of the security line a few hours ago at what is now the second-busiest airport in the world.

    Thumbnail image for PEKTSA.JPG

    Passengers are entering the screening queue from the left of the scene above and passing through metal detectors there. Then they head toward their planes (including the man walking toward the camera at the left). The reader writes, under the subject line "Beats TSA":
    Greetings from Beijing Airport! Last year I sent you a photo of the TSA equivalent and it's still so much better than TSA! You could say in software terms it's a much better UX! [User Experience.] Every time!
  • Today's Online Security Tips

    More ideas on avoiding the 'Mugged in Madrid!' nightmare

    1) I am not a fan of the "less info! more blank space!" new look of Gmail, described by the company as "cool" and "modern." Fortunately the company offers customization options. (Although there is an ominous note in the Gmail blog suggesting that it might take those options away: "Our new interface will eventually expand dynamically to accommodate different screen sizes and user preferences, but until then you can pick the information density that you prefer." Until then?)

    For as long as the customization era lasts, you can apply the tips that Alexis Madrigal recently offered to show more actual email on your screen. Call me crazy, but my email is what I'm hoping to see when I load Gmail.

    LastPassGoogle.png2) I am a fan of Gmail's "two step authentication" system, as mentioned in items so numerous that I won't link to any of them. (I will, though, link to my article on why you really, really don't want to have your email account hacked.) Via reader MQ, news that the password-manager system LastPass is piggybacking on Google's "two-step" security system, to make its role as a "vault" for your online passwords all the more secure.

    I am also a big fan of password managers. I use LastPass, but many are good, and 1Password and RoboForm are also very well known. All of them are designed to solve the Catch-22 problem of passwords: A password that is easy to remember can be easy to hack, and passwords that are hard to hack can be impossible to remember. One way out of this predicament, as mentioned before, is to use long "phrase" passwords, as described in my Hacked article. But another is the online-manager approach: a browser extension that remembers your passwords and applies them automatically when you visit sites.

    Does using one of these managers make you even more vulnerable, in that anyone who hacked your master account would get all your passwords at once? Well-run sites, like the ones mentioned above, should reduce rather than increase your risk. Partly that is because of a human-factors bet: that users will do better thinking up and remembering just one very secure password to guard all the others, than they will trying to juggle dozens of passwords on their own. It's also due to a technical arrangement: your passwords are stored at the master site in a gibberish form that can only be deciphered in combination with info that you enter each time, or is on your local machine. See this explanation of LastPass's approach to this problem. So, things could go wrong, but on balance they seem safer. And the more you worry about this, the greater the incentive to switch to "two-factor" system like the one LastPass has just introduced.

    One more point, particularly significant to those who travel overseas or otherwise do a lot of work from "public" computers. Very often when using internet cafes in China, I would worry about "keystroke loggers." These are devices that can track everything entered on a computer and thereby get any username/PW combo that you type in. Manager programs enter the passwords without your doing anything on the keyboard and therefore avoid this vulnerability.

    3) Via reader BW in Washington state, this Computerworld story on a free service, to all appearances legit, that offers clues about whether your email address has been compromised. It is called PwnedList.com, and if you merely enter an address it tells you what it has founded on data bases of compromised sites.
    This is not a perfect guide to whether you'll actually have trouble. My wife's Gmail account, which was the object of a devastating hack about six months ago, comes up clean on the PwnedList -- whereas my address, which to the best of my knowledge has not been compromised, gets a warning message. (That warning comes from last December, when I was out of the country. I've changed the password several times since then.) Still, worth a look.

    After the jump, a couple of reader testimonials on other tips and tricks.

    From a reader in Massachusetts:

    I'm writing because there are several good personal security options that you (and others) should consider.

    1. Throwaway email accounts. You attribute all this trouble to password reuse between important sites like Gmail and unimportant, throwaway sites, possibly Gawker (google "aaron barr anonymous"). You didn't give this advice, but someone should: whenever you're asked to register with an email (and password) for some throwaway account (like Gawker), ALWAYS use a throwaway email account supplied by a site like mailinator.com and a unique, throwaway password. Once registered, the original email account is unnecessary, and your personal identifying information is never used for Gawker-like sites.

    2. Personal clouds. You quote, "Where the sensitive information is concentrated, that is where the spies will go. This is just a fact of life." So stay away from highly concentrated sensitive data stores like Gmail and Yahoo! Tools to set up and host your own personal cloud services are becoming increasingly easy and inexpensive. This is also easily done with virtual servers sold by Amazon, Rackspace, and others. Apple OS X Lion Server costs $20, once.

    The security issues associated with having your computer online (which it already is and always will be) must still be addressed, but the likelihood is miniscule that intensive hacker resources will be used to catch a tiny guppy. And when you backup your computer, you also backup your cloud. Finally and perhaps most importantly, you protect your personal privacy by not using a "free" cloud service that has the ability to scrape, use, and sell personal information about you from email and other accounts.

    The theme for both approaches is that looking out for your privacy on the web provides greater security, unlike the traditional false "privacy versus security" dichotomy.

    Along these lines, one could add a third point about always-on encryption. Gmail does this well, but not Yahoo or others. I tell my family to avoid any site that accepts personal information without providing a secure HTTPS link. The EFF's Firefox plugin HTTPS-Everywhere make this easier.

    The larger societal issue is that it's the Wild West right now for nearly everything that involves cyber privacy and cyber security, and like the wild west of old (or at least of film), your only protection now is to take care of these issues yourself because no one else will.

    I've added emphasis to that last sentence because for me it's the main lesson of this whole hacking episode.

    Another reader:

    I spend my time as a freelance IT Consultant with many small businesses who are interested in using GMail as their primary mail provider. Google has made this easier with their "Google Apps" offering. Surprisingly, backing up the email isn't one of the services that they offer (as you well know).

    After some investigation, I'm happy to report that I've discovered Backupify, a business that creates a separate copy of your Google-hosted mail.  Even if Google goes belly-up, like it did for your wife, you would still have a copy of your messages, including their attachments.

    The pricing is reasonable, but the peace-of-mind is enormous.

    I know nothing about Backupify, but FWIW check it out. And one of many tips on the art of generating "easy to remember, impossible to crack" passwords:

    I have hundreds of Internet passwords, only four are passwords used for more than one site. It is my position that even those four are inappropriate; each account should have its own unique password and your article has prompted me to make them such.

    Let me share with you one of the memory tricks I use, and as one who is four score plus, I need all the help I can get. I select a reasonably long phrase, e.g., roses are red violets are blue sugar is sweet and so are you,  and compose the password from the first letter of each word, i.e., rarvabsisasay. Sometimes I make a letter or two uppercase. It works for me, although I do use an online password manager, 1Password.

    More tips from readers shortly.

    More »

  • More About 'Secret' Info on the Front Page

    Sometimes "security theater" has a hidden -- and plausible -- plot line

    I mentioned yesterday a memo sent to employees and contractors of the Department of Commerce, warning that even though Wiki-leaked State Department cables had been published all over the world, their contents should still be considered "classified." Therefore employees were still forbidden to quote or discuss this material while using their workplace computer or email systems.

    Since then I've received copies of similar memos from almost every federal Department and many big contractors. And many accounts like this, from a reader:

    >>A number of defense contractors have taken the step of totally blocking access to the Wikileaks web site, to prevent employees from accessing the leaks at work.

    As well, they've issued warnings not to even think about keeping copies of any of the leaked documents on any company IT assets, lest the company as well as the individual responsible be guilty of a security violation.<<

    But a number of past and present government employees have written in to say: Not so fast. What may look like a pointless "shutting the barn door" gesture actually has some merit. For the record, here's their case:

    As a matter of principle, one person explained to me, anyone who handles classified material has signed a legal pledge to protect that information. The fact that someone else -- say, Pfc Bradley Manning -- has broken the pledge doesn't relieve others from the legal commitment they made.

    That may seem purely symbolic -- although, as another person pointed out, leaked information would have additional weight if the act of leaking freed everyone in the government to say, "Oh, sure, that's all true" rather than declining to comment. But a scientist who has done classified work wrote to explain the practical consequence that had federal administrators really worried: the "contamination" and consequent immobilization of their regular, non-classified computer networks with still-classified info. This scientist says:

    >>I am not a fan of 'security theater'. But I am actually sympathetic to the officials that put out the memo....

    If you discuss classified info on an unclassified computer system, then you have contaminated your hard drive.

    That is very, very bad for your workplace productivity because an IT person has to come over, take out your hard drive and run it through a shredder.

    You will get a new HD with your last 'clean' backup.

    You think that is not a big deal, because your stuff is backed up over the network nightly or hourly.

    But you share a backup tape or drive with other folks, who may also be chattering [ie, quoting a Wikileaked passage that they saw online or in the NYT]. Suppose they started chattering last week? When was your last 'clean' backup?

    This can be a real nightmare as a small cadre of IT staff have to scrub hundreds (or thousands) of systems while people sit on their hands, waiting to get their system scrubbed.

    Just because something has been leaked, doesn't mean it is now clear. That email isn't a threat. It's a reminder to people not to put classified info on their unclassified hard drive or mail server.

    If they have to shut down a mail server because of your indiscretion, all your coworkers on the same mail server will also be shut down. And some of them might hold grudges or be less helpful when you need a favor in the future.<<

    Reasonable point. Update: An interesting Christian Science Monitor story on similar concerns, here.

  • True Thankfulness -- Plus, Christmas Comes Early

    A step toward sanity for the holidays?

    From the NYT just now:ColorCode.png

    Merciful heavens, we give praise and thanks -- if we are indeed saying goodbye to this:


    What is wrong with the familiar monotone "The Department of Homeland Security has determined that the threat level is 'Orange' " announcement and mentality?

    1) It is meaningless. You hear that at the airport in San Antonio, when there's a threat in Baltimore?

    2) It is unhelpful. What exactly are you supposed to do? Apart from being worried?

    3) It is ignorable, since it hardly ever changes. It's been "Orange" since the summer of 2006. It has never been "Blue" or "Green." The U.S. "surges" in Iraq and then withdraws; it has Bush and then Obama; a Republican majority in both Houses, then Democratic, then a Republican House again; it changes strategy in Afghanistan; it has an "underwear" bomber and then introduces new machines -- and through all this time, we are steady at "Orange."

    So we have movement on the lamentable color codes; and the TSA backing off strip-searches of uniformed pilots; and today's apparently low-stress day at the airports... perhaps there is a common-sense way out of the security-theater ratchet? I'll hope so, and on that positive note bow out until next Monday. Happy Thanksgiving.
  • A Way Out of the Security Theater Impasse?

    Could the public accept responsibility for important choices?

    I mentioned earlier today that I was fatalistically resigned to the security-theater "ratchet." Politicians or security agencies can keep loading on extra "security" features, but politically they can't afford to take them away. My colleague Ta-Nehisi Coates came to a similar conclusion here.

    From reader Don Friedman, a suggestion that might initially seem trivial but that appeals to me more as I think about it. It's a way to have the public share responsibility for setting the right balance in "security" measures, rather than complaining about measures the government introduces and then blaming politicians if anything goes wrong. He says (emphasis added): 

    >>As you suggest, the controversy over the new security measures gives us the opportunity to think about what level of risk we are willing to bear, recognizing that risk can never be reduced to zero....

    The outcry against the new search techniques creates an opportunity here for the Administration to start a process to educate the public about the risk equation. Were I the President, I would immediately arrange for polling of air travelers in order to get some data as to just how unpopular these measures are. If the polling shows that these measures are actually supported by the majority of travelers, then the Administration should announce that fact and state that, since air travelers want this additional level of security, we'll keep the measures in place. If, on the other hand, polling shows these to be unpopular, the President should make a speech to the country in which he announces the suspension of these security measures by popular demand and then discusses the risks of terrorism, talks about the fact that the country is not prepared to take every possible precaution (since to do so would turn the country into an environment akin to the old Soviet Union), and we need to balance the efficacy of security measures against the impact on quality of life and the rule of law.

    This can, and should, be used by the President as a "teaching moment" which we badly need. I think that most people in this country, characteristically, want it both ways--they want an absolute guarantee of safety and they don't want to be inconvenienced. People need to understand that there are trade-offs here.<<

    You can imagine practical problems here. If you poll only air travelers, is that elitist? And who counts as an air traveler anyway? And how do Presidents conduct polls? And so on. You can  also imagine conceptual issues. Would people really take "responsibility" for a different security/liberty balance, once an attack occurred? Etc. But with those to one side, it's a very useful thought experiment about how to get out of this bind, by involving the public in this choice.

    After the jump, two other messages about striking the right security balance. Then I will try to leave this alone for a while.

    Fred H. Cate, director of the Center for Applied Cybersecurity Research at Indiana University, has posted (PDF here) a letter to Senators Rockfeller and Hutchinson, making a detailed case against the pointlessness of the "enhanced" security measures. Samples:

    >> •Intrusive searches often don't work. They have been repeatedly shown to miss potential explosives and other contraband. A TSA agent, wearing gloves, searching through clothes, just isn't likely to find a thin wafer of plastic explosives secreted under an arm, against the small of the back, between the legs, or on the soles of the feet.

    • This is especially true of the searches triggered by the presence of medical devices. Hand searches are simply incapable of determining whether or not the "anomalous" device presents a risk. For example, I am a diabetic on an insulin pump--a tiny device strapped to my waist that provides life-sustaining insulin. Despite the fact that the device causes no alarm, the agent searches me head to toe, including a careful pat-down of my genitals (as if somehow my genitals have become suspicious because I use an insulin pump), but at the end of the search has no better idea than he did at the beginning whether the pump is loaded with insulin or high-tech explosives. The search is the very definition of "security theater"--it looks like the agency is doing something, but it accomplishes nothing. The same is true with most other medical devices. After agents finish feeling the breasts of a woman with an implant, they have not better idea whether the implant is filled with liquid explosives or silicone. The same is true with prosthetic limbs and urostomy bags...

     • The new policy is demoralizing for TSA agents. They often comment about this. As one TSA agent in Indianapolis put it to me last week, said "you wouldn't believe what we have to put up with from Washington. If those bureaucrats would spend even 15 minutes in the field, they would quickly realize how silly many of their policies are."<<

    And from another reader, an argument that politicians should be braver and more honest on this issue than they now are: 

    >>Discussions about this topic in the press are painfully over-simplistic, and supporters of such measures always fall back on "the people support it" as a trump argument. It appears the White House is currently embracing that idea full bore with their view that only a slow press week has caused the uproar.

    There are many subjects where polling is irrational. Megan McCardle has frequently provide evidence regarding how the public responds to economic polls--they support more spending, less taxes and a balanced budget. The same effect is in place on this topic. "People support it" because the other side of the argument is never presented.

    There seems to be a school of thought that any additional procedure for safety is a rational behavior for public officials since they will be blamed when the next terrorist event occurs. The logic seems to be that the officials will be able to say "we did everything possible." Wrong. When the next attack occurs they will be blamed no matter what procedures are, or are not, in place. Even for political purposes the focus should be on actual safety, not the theater. For purely political reasons, policy makers would be better off plugging the holes in cargo security instead of buying back-scatter machines. Of course it would actually increase public safety too.<<

    More »

  • Body-Searching Children: No for the US Army, Yes for the TSA

    The U.S. military outlaws in Afghanistan what is now routine in TSA screening lines

    Please read the note below. A US Army staff sergeant, now serving in Afghanistan, writes about the new enhanced pat-down procedure from the TSA. Summary of his very powerful message: to avoid giving gross offense to the Afghan public, and to prevent the appearance of an uncontrolled security state, the US military forbids use on Afghan civilians of the very practices the TSA is now making routine for civilian travelers at US airports. Here is what he says:

    >>In reading your post and the most recent one from Mr. Goldberg about the War on Terror and pedophilia, I am disturbed. What bothers me is that I am on the verge of re-deploying from Afghanistan after a 10-month combat tour that involved having to deal with, among other things, conducting searches of local nationals when involved with security tasks within my Infantry company. At no time were we permitted or even encouraged to search children or women. In fact, this would have been considered an extreme violation of acceptable cultural practice and given the way word travels here, been a propaganda victory for the Taliban.

    Yet somehow the TSA is engaged in this at home while my unit and I spent our tour unable to safeguard ourselves equally in an environment where the Taliban have often disguised themselves in burkas and used children as both spies and fighters. While I have no conflict with the necessity to safeguard civilians against terrorism or with the risks we all voluntarily assumed as Soldiers, it seems as if the bureaucracy has become so obsessed with safety that we have forgotten that war entails risks beyond those of physical combat. If we are truly at war, then we need to decide what civil liberties we truly view as negotiable and which are inviolate- otherwise the greater risk than underwear bombers at home will be losing the values that make us unique as a nation.

    These people terrify us as much as we allow them to. Apparently FDR's idea about "the only thing to fear" is lost on TSA and the current administration.<<

    Everything about security involves a balance. "Perfect" security would mean complete controls on freedom, elimination of privacy, etc. Someone who is now exposed to real, daily danger in Afghanistan because of decisions about the proper balance argues that we need to be braver society-wide. Yes, soldiers accept different risks from those that are tolerable for society at large. But this is profound and powerful testimony.

  • Security Theater: The New War of 1812

    The Brits fight back against the TSA

    [Update after the jump.] My plan had been to lay off the TSA/Security Theater dispatches unless some actual event made it seem odd not to say something. That event has now arrived, in the form of complaints from Martin Broughton, the chairman of British Airways (!), saying that symbolic, redundant, and inconsistent aspects of American airport security screening had gotten out of hand. More here, here, and here. Thanks to many readers worldwide for writing to ask whether I'd seen this news.

    I'm using this occasion to kick off a master wrap-up of recent user comments on "security theater" generally. Some people are tired of the (my) whining on the topic; others think that a free society depends on exactly such continued whining. The first part of the compendium comes after the jump, with comments from readers who are tired of carping criticism of the TSA. Later on, some comments on the other side. As a send off, here are the final words of a Guardian article today on Martin Broughton's request for pared-down security-theater requirements:

    "Broughton is right. But history shows his words will have no useful effect. Nothing will change."

    For more, read on.

    After I mentioned a pilot who objected to special security screening, a reader in the tech industry begged to differ:

    >>I cannot abide by the constant TSA criticism.

    The TSA has to have some blunt security measure. Sure, people have to take off their shoes and belts - the horror! And then the old guy forgets the change in his pocket, has to walk through again, and thinks the whole thing is ridiculous because surely he would never blow up a plan. I can't believe that people really complain about that sort of thing. What's so hard about taking off shoes? How is walking through an imaging machine some terrible violation of privacy? Of course, real invasions of privacy occur and should be handled appropriately, but minor inconveniences shouldn't be mistaken for invasions of privacy. And yes, the liquid limit is extremely annoying, but that rule wasn't implemented on a whim. I don't know how much liquid it would take to blow up a plane, but it's probably a lot more than 3 oz. - otherwise we wouldn't be allowed to take any liquids.

    So this pilot thinks he's above these silly rules? Sure, the pilot could crash his own plane if he wants, but it takes a different kind of person to kill himself. A sympathetic pilot could smuggle weapons for others. More likely, it's probably a lot easier to fake pilot's credentials than to smuggle a weapon through security. And if the pilots are exempt, who else? Surely the flight attendants, because a ripped flight attendant presumably has enough access to the pilots to take down a plane. The mechanics, too (just where do they go through security, anyway?). Instead, the blunt instrument, everyone goes through security, is the easiest approach. And from airplane conversations with security experts discussing the various ways one could blow up an airplane, the TSA does a lot more than the blunt instrument at security. But we only see the surface, so we complain, and that's probably fine with everyone.

    I'm on board with the TSA rules until a terrorist blows up a plane with a functioning computer that passes through security. When that happens, and it will (there's a reason they carefully inspect computers, right? It must be a vulnerability), then we won't be able to take computers on the plane, and that's it for my flying days. I'd risk a small chance of death for my computer.<<

    And in the same vein, about the arrogance or ignorance of treating flight crews differently from other people in the TSA screening queue:

    >>I was very impressed with your article regarding your South Carolina reader reporting on the Delta pilot having to go through TSA screening. I am just curious how she knew he really was a Delta pilot. Because he was a white dude, [UPDATE: the original South Carolina writer responds, Why do you assume he was a "white dude"? He wasn't.] maybe 6'2", had all those IDs around his neck. There is, of course, no possibility that he bought that uniform on Ebay is there. And how many IDs around one's neck are needed so that you know the person is really, really a pilot. Is two enough? 3? 4? Or do we let white folks in pilot's uniforms (or flight attendants' uniforms) through and only screen their darker skinned cohorts who are in uniform?

    Do you think that when that pilot showed up for his flight, that Delta just handed over the keys to the plane (or however they start the engines)? Or do you think they examined his ID, knowing exactly what a real Delta ID looks like.

    Can you tell me how many different airline ID's there are for US Airlines? How about all the airlines in the world? Do you think you could tell the difference between a real BF Airline ID and a fake one. Do you think that TSA should be giving the TSA screeners who examine photo IDs training in recognizing all the different airline IDs and how to spot fake ones. Why do I think that if TSA did that, you would be screaming that it was a waste of taxpayers money and that the flight crews should just be screened like everyone else.

    Now you know why the pilot was not upset when he was in the screening line. He got it. Unfortunately, you don't.<<

    We'll hear from the other side shortly.

    More »

  • Airline Electronics: Rosen-v-Virgin America

    Can an airplane match the Bolt Bus as a tech-friendly conveyance? The jury is still out.

    Two tech items for today.

    1) Power Outlets on Virgin America. This week Jay Rosen, of PressThink and NYU, chose Virgin America for a trip to Las Vegas, in part because of VA's tech-friendly features. It offers wifi internet coverage on all trips -- just like the Bolt Bus! and Acela -- and, also like the bus and the train, has "regular" power outlets at seats. Not just those odd "EmPower" outlets you find on some premium seats on United, American, etc, which put out 15 volt DC power and require a special adapter, but instead a standard socket that (presumably) supplies standard 110 volt AC power.

    Empower.jpgBut to Rosen's dismay, he found that whole banks of the sockets seemed to lose power at intervals throughout the trip. He sent out a Tweet about this in flight -- and, while still in the air and wondering about his battery's reserve, he had a long Twitter-mediated discussion with Virgin America's PR department on whether they were making false claims about their internet-era features. Whole skein after the jump -- Rosen's opening dispatch, and then the followup Direct Messages.

    Interesting tech aspect for the future: whether airliners as presently equipped (and regulated) could actually handle a whole planeful of AC-power-using passengers. At the moment, Virgin America's apparently can't. The company's Twitter messages to Rosen explain that power is automatically cut to certain users when the load becomes too great. (Rosen's argument: Well, don't advertise that you have power throughout the plane, then.)

    Interesting tech aspect for the present: the real-time reputational management that companies or institutions must be prepared for. Obviously Virgin's PR department has alerts set up for blog or Twitter mentions and is ready to respond. No larger point, but an interesting instance.

    UPDATE: A reader writes to say that Virgin America really should have replied to a complaint about "unreliable AC power during flight" with a link to this famous Louis C.K. riff on "Everything's Amazing and Nobody's Happy."

    2) Noise-canceling headsets. Southwest Airlines's route structure doesn't match where I usually travel, so I don't fly on it often. When I do, I'm usually glad (and these are usually short trips). It's refreshing that its staff members act like actual people rather than "staff members" and, compared with some other airlines, seem less unhappy with their predicament and their passengers. They are famous for delivering the mandatory safety announcements as if they were really talking, rather than reciting a catechism from memory. And in the SWA inflight magazine yesterday I saw this refreshingly common-sense touch:SWHeadset.png
    The part to notice: the lower right-hand corner announcement that noise-canceling headsets, by Bose, Panasonic, Philips, et al, are perfectly fine to have switched on at any point in the flight.

    From a technical point of view, every airline should permit this on every flight at any time. There is no plausible reason to think that noise-canceling headsets could in any way interfere with an airplane's operation. I could give a long explanation, but the short version is: they were invented for pilots to reduce the stress and ear damage that come from exposure to airplane noise. Except in pressurized airplanes where the cockpit has other kinds of noise protection,  pilots -- sitting right next to the controls and displays -- are wearing them, switched on, during the whole flight, notably including takeoff and landing. (They also often have their cell phones turned on right next to them, but that's a different story.) Every hour I've spent flying an airplane has been with noise-canceling headsets running -- at various stages, models from David Clark, Lightspeed, and Bose. That's why I can still hear! There is zero possibility that your headset in seat 13D has any effect on a commercial flight.

    So why, on other airlines, is there a last-minute war with the flight attendants about switching headsets off? I can imagine one reason: during takeoff and landing, when the flight crew has to entertain the possibility of an evacuation, you want to remove any barrier to getting the passengers' full attention. If an airline explained it that way, OK. But when I've asked attendants about it (nicely!), I've always heard that this is part of the "anything with an Off/On switch must be turned OFF" no-exceptions drill, which makes as much sense as being sure that your digital camera is turned OFF.

    This is a tiny point, so why mention it? Because the headsets-off rule has the drawback of other "safety theater" routines: an insistence on pointless restrictions can, over time, undermine respect for the rules that really matter. So congrats to Southwest for a minor but welcome step toward common sense. (For another time: why the "cell phones turned off" rule is slightly more plausible, even though it is obviously never enforced and therefore not taken seriously.)

    After the jump, the Rosen-Virgin America chronicles.

    Here is the Twitter stream between Jay Rosen and a Virgin America rep. Newest messages are at the top, so read from the bottom up. It starts, at the bottom, with a Tweet from Rosen to his many followers, and then switches to a Direct Message exchange between him and the company.

    Virgin AmericaVirginAmerica
    at every plug before being certified. Our team is currently testing new designs to remedy this issue and we appreciate your feedback.
    18 hours ago 
    Virgin AmericaVirginAmerica
    the wave. These thresholds are set for safety in accordance with FAA regulations. Similarly each aircraft is tested to proved full power
    18 hours ago 
    Virgin AmericaVirginAmerica
    to prevent surging. Charging components within laptops have very sharp charging sine waves and the lower the stored power, the more extreme
    18 hours ago 
    Virgin AmericaVirginAmerica
    Hey Jay - I discussed with one of our engineering managers and he informed me that the plugs have set thresholds where power will shut off..
    18 hours ago 
    Jay Rosen jayrosen_nyu
    You should stop saying you have power at every seat; it is hurting you to be wrong http://twitter.com/#!/magicandrew/statuses/27690169683
    18 Oct at 04:21 
    Jay Rosen jayrosen_nyu
    The issue is you are making a false claim. You cannot supply power to every seat. I plan to talk about this on Twitter; others are on to it.
    18 Oct at 04:18 
    Jay Rosen jayrosen_nyu
    It's not sometimes; according to the flight attendants it is regularly. And I tried that trick. It did not work. Flight #260, 23-D.
    18 Oct at 04:16 
    Virgin AmericaVirginAmerica
    Would you mind sharing your flight/seat # so I can share with our Engineering dept? Sorry for the inconvenience.
    18 Oct at 03:23 
    Virgin AmericaVirginAmerica
    Hi Jay - Sometimes the outlets will shut off to protect surging. A trick is to unplug a few times and the power comes back. (cont)
    18 Oct at 03:22 
    Jay Rosen jayrosen_nyu
    Your claim is a lie. I understand the 2 out of 3. But there is not enough power to keep those outlets on and mine has been off an hour+.

    [Rosen note: From here up the messages are DM's (direct messages) meaning from Virgin to me like an email, but not posted publicly for all to see.]

    Thanks for contacting me, @VirginAmerica, but the fact is your planes don't have enough power to offer it at every seat http://bit.ly/ccKJk2

    Virgin America
    @VirginAmericaVirgin America
    @jayrosen_nyu Would you mind following back so I can DM some info?

    Jay Rosen
    jayrosen_nyu Jay Rosen 
    For Your Information and the company's, Virgin America's claim to offer power at every seat is false. I am experiencing that fake claim now.

    More »

  • The TSA and Me: Allies at Last

    The good news about aviation security

    In the endless quest for balanced coverage on all topics, two better-news items about the TSA and the effort to distinguish "security" from "security theater."

    1) "Recognizing a problem is half the battle" department. From an interview yesterday in the Atlantaic [oops - muscle-memory typo] Journal-Constitution with John Pistole, the new head of TSA. Pistole says:

    "I see my job and really TSA's job as one of really managing risk. So my goal is to ensure that we provide the best possible security for the traveling public but doing it in a way that provides greater scrutiny to those that need greater scrutiny, and so we don't use a cookie cutter approach for everybody. Right now we use somewhat of a blunt instrument to screen virtually everybody the same way. And my goal is to use intelligence in a more informed fashion so we can apply greater scrutiny to those who need it and keep up with throughput in that fashion. [Emphasis added.]

    2) "Not even the mighty Chinese have figured this out perfectly" department. Andrew Galbraith, editor of the China Economic Review in Shanghai, writes in with his report:

    >>A note on the growing ridiculousness of security theatre - and a reminder it's not just the TSA!

    I have an artificial leg, which always sets off the metal detectors - I always alert the security personnel, and in most places, a few swipes of the wand and a pat down is considered enough. I've found it useful occasionally to hitch up my pant leg as an additional illustration. In China, going back approximately to the Olympics, security personnel usually ask me to go to a separate screening room. Apparently, hitching up my pant leg there is "more convenient."

    Flying out of Pudong Airport Terminal 1 to Thailand a few weeks ago, I was asked to go the screening room, as usual - but then was told I would have to take my leg off for a safety check. I refused. I was told that this was the rule, and that I would not be allowed to board the plane if I did not comply. I replied that I was happy to comply with a standard security check, but that I would not take my leg off - and that in six years of flying in China, I had never encountered such a rule. Their response was something along the lines of "从很早就有这个规定".* I'll admit that after a few minutes of such bureaucratic stonewalling, I lost my temper - but in the end, I nevertheless had to sit in the room for several minutes, legless, while they carried my prosthesis and passport away "为了你的安全."*

    For all the annoyances I've had at North American airports, I had never encountered a security check as demeaning as the one at Pudong. That must count in the TSA's favour, somehow!<<

    *[ According-to-me rough translations: "No, it's always been this way" for the first, and "for your own safety" for the second.]

    After the jump, a reminder of why Mr. Pistole is right in identifying a "cookie cutter approach" as a sensible next target for reform.

    A reader in South Carolina writes:

    Not long after 9-11, when they were still figuring out what security theater should look like, I was standing in PDX [Portland, OR], at the end of a long line. The guy in front of me was a very classic looking Delta pilot (obviously ex-military and so forth). We chatted about all this stuff going on around us, but I kept coming back to what seemed obviously ridiculous: "Why are you in this line?" He wasn't clear, but was very good natured about the whole thing (back then everybody was much more understanding).

    Once we got to the metal detector, and most everything he owned has been sent down the conveyor belt, he slowly walked through the arch like everybody else. You can guess what happened.


    At that time, when someone set off the alarm, that brought everybody else in line to a screeching halt. So I now have a front row seat to the security folks asking the Captain questions (".... maybe it's your belt buckle?..."), but the crowd in the long line can see this as well, and they were starting to get vocal.

    But what was so funny was the pilot's humor as he interacted with what became three security people trying to decipher whether the alarm was set off by his belt buckle, his tie clip, or his watch. (Of course in addition to being in uniform, he's got all these badges and IDs hanging around his neck)

    Very soft spoken, respectfully, but with a hint of a smile: "Do you understand that I'm the one flying the plane?.... I will be the one in control of the plane..... "

    This literally went on for 10 minutes until someone higher up the foodchain came along and put a stop to it.

    That was long ago, but as the "Revolt of Michael Roberts" indicated, the mentality behind it still prevails. I am delighted that Administrator Pistole's comments allow me to switch my own strategic position. No longer am I a carping critic of the TSA. Now I can be an enthusiastic backer of the goal its own administrator has set forward! Onward, together, we will prevail.

    More »

  • The Teva Menace: Pro and Con

    An argument about the way forward in ending "security theater"

    After yesterday's report about four-year-old girls taking off their sandals in the airport security line, one reader writes:

    Several years ago, a TSA agent at the Islip/Macarthur NY airport made us remove a pacifier from the mouth of our toddler daughter before going through the metal detector. After she started crying, he said, rather sarcastically, "If that's the worst thing that happens to her all day, it's a pretty good day."

    I haven't punched anyone in the face since I was fourteen years old, but I kind of regret not slugging the jerk. (Though I'd probably be in federal prison right now if I had...)

    But another demurs:

    It certainly sounds stupid to make 4-year old girls remove their sandals. But here's what I think is going on: The TSA doesn't want their employees working on the security lines to exercise independent judgment about what constitutes a potential threat and what doesn't. These men and women have a limited amount of training and it certainly isn't enough to be able to spot a potential terrorist.

    I think this approach is correct. Yes, it does lead to some absurdities, like making 4-year olds remove their sandals. But this sort of rigid application of the rules doesn't terribly inconvenience anybody and it doesn't appreciably add to the length of time it takes to get through security. Better that everyone be subject to the same rules than that some 26-year old TSA employee, with a 2-week training course under his or her belt, be charged with the discretion to decide who looks like a possible threat and who doesn't.

    Could they revise the protocol so that travelers don't need to remove sandals? Maybe that would make sense, but bear in mind that the more rules there are and exceptions to rules, the less reliable the system will be. If there are too many rules or exceptions to rules, more mistakes will be made by the TSA personnel. That's not in anyone's best interest.

    It's a fair point that rules are rules, and that as soon as you allow or require each TSA agent to make judgment calls, you're asking for new complications. Lines would probably be longer and, if anything, more confrontational, since each individual agent's judgment, rather than "the rules," would be the source of intrusions we didn't like.

    Still, the fundamental problem with "security theater" is that it elevates the appearance of greater security, plus the machinery and process of seeming safety-concerned, over the reality. In my view, the no-exceptions, no-common-sense-allowed application of rules undermines the long-term faith that the security authorities know what they are doing. We're really making the pilots of the plane (along with four-year-olds) give up their bottled water at the checkpoint? What do we think they're going to do with it? If a pilot is a secret agent bent on suicide terrorism, confiscating his water isn't going to make any difference. And in all other circumstances, since we are after all trusting him to fly the damned plane, why won't we trust him with his water?

    In a larger sense this is why it's a shame that the TSAs's "intelligence-based" program to identify probable threats, as opposed to its "apply the same rules to everybody" approach at the airport checkpoints, has so far proven disappointing.  (Background here.) And someone with long involvement in this field wrote to me recently, more and better intelligence-based security is the only sensible way ahead for the TSA:

    You can't have it both ways -- thumping on TSA for security theater in its traditional checkpoint screening and then, when TSA introduces an intelligence-driven, non-intrusive layer of security, whack 'em again.... TSA needs encouragement to do more things that are intelligence-driven. They are very risk-averse from the public affairs point of view and if, even when they venture out into smart security, people like you beat on them, it will cause them to stick with the old stuff.

    Again a fair point. So, for the record, I henceforth resolve to be supportive and constructive -- including with constructive criticism! -- in urging TSA to develop the intelligence-based systems that will mean less hassle for four-year-olds, teething infants, and uniformed flight crews, and more on more-probable malefactors. (And, yes, I realize that the next stage is a debate about "profiling" -- that is for another time. "Profiling" is merely "intelligence" done clumsily.)

  • Security Insanity, Cont.

    More front-line accounts -- from Shanghai, Dublin, Rome, Manhattan -- in the ongoing struggle against security theater

    In dispatches previously here and here, I mentioned one instance of security-theater being ratcheted back, and another of its permanence. Now, two more items reporting modest progress in the "sanity about security" campaign. After that, some less heartening accounts. A reader writes:

    Security was ratcheted back at Heathrow recently. Yesterday I got a flight Heathrow-Dublin and accidentally left my pocket knife in carry on. Instead of losing it, it was allowed - new rule is blades under 6cm are ok. Unfortunately, it wasn't allowed on the way back Dublin-Heathrow, which is expectedly silly. Fortunately I could check my bag.

    In the same vein:

    I hesitate to mention it, but I have noticed that it is now rarely necessary to take one's quart bag of cosmetics out of one's carry-on bag when going through TSA screening in the U.S. and China (China experience was last night). I presume that the screeners can see it and analyze it easily enough using the X-ray machine.

    On the other hand, reader Kostya, from upstate New York, reports:

    I was standing in the security line at a Manhattan federal building recently. My partner Barbara was with me and I told her it was strange for me being there and seeing the photos of President Obama and Vice President Biden staring down on us. The last time I was there, the photo was of GHWB and I did not remember VP Quayle being there. It was further strange to me since I now live in a Catskills hollow and rarely go into government buildings and I am not used to seeing Barack Obama's smiling presidential photo anywhere except on my computer screen.

    A guard in the security detail heard me say this to Barbara and came up to us and asked us to show him our identification. No on else in line was asked to produce IDs. We complied and he seemed satisfied. While walking away from us he asked me to stand on the carpet, the common kind of narrow runner many buildings and homes use. Evidently, the carpet has hidden powers that keep the building secure.

    I admit I was pissed that the security guy, someone who gets paid to spend his day hanging out near an x-ray machine telling people to stay on the carpet, offended me. Plus, he was black and I am white and my unconscious racism must have contributed to my anger. My experience was a "how dare he" moment on many levels.

    Nevertheless, it was my conversation with my partner, my speech, that made this guy ask us and no one else, for our ID. Had I complained about being singled out, we probably would created a major incident that would have included our being arrested and/or removed from the building and missing our meeting.

    Just another anecdote from the new national security reality.

    And a reader in Italy writes:

    Ever the suspecting, non-trusting fellow, I wonder how many realize that this is not about stupidity or mindless bureaucracy, but about the fastest growing business on earth: security.

    After the jump, a report on the security-theater ratchet in China. Thanks to all.

    A reader in Shanghai writes:

    Re: your recent posts on security theater, this from today's Shanghai Daily (emphasis added):

    >>Swimming pools across the city have introduced security checks at entrances, banning swimmers from bringing drinks, as well as big bottles of shampoo and body wash into the facilities, an official with the Shanghai Sports Bureau said yesterday. The new regulation took effect on June 20 and will continue to September 10. It was issued by the sports bureau, the Shanghai Public Security Bureau and other departments to ensure the city is safe during the World Expo period, said an official surnamed Li with the Shanghai Social Sports Management Center of the sports bureau. Other dangerous or flammable articles such as knives, alcohol and gasoline were also on the ban list, Li said.

    >>"Large swimming centers or parks will be equipped with X-ray machines at the entrances for baggage checks," Li said. "But the checks will be carried out by security guards at smaller swimming pools." However, security checks will not be as strict as those at the Expo site. Visitors may still take small containers of drinks, shampoo or body wash if approved by security guards. "They may bring their beverages if they drink some in front of the guards to prove that they are safe," Li said. She said they could also bring in a small bottle of shampoo or body wash after showing them to guards.

    >>"An official surnamed Zhang with Dino Beach, a water park in Shanghai, said they had installed X-ray machines last year. Zhang said the machines can detect dangerous or flammable substances so visitors may still bring shampoo or body wash into the park if they pass the security check. The park has also prepared free shampoo and body wash for swimmers."<<
    The Expo has served as the all-purpose excuse for everything for the last 5 years in Shanghai, being even more general than the "since 9-11" explanation for everything security-related in the US. But seriously, what the hell? I'm not aware of any potential or actual threat to Shanghai's swimming pools.

    I have a running bet with a Beijing resident, who says that security checks to enter the Beijing metro put in place for the Olympics are still there and will not go away, and that similar checks put in place for the Expo will also become permanent. I maintain that SH residents won't put up with them (there have been several "incidents") but I am beginning to wonder...

    It certainly is true that the "special" Olympic security measures in Beijing have stayed on next two years after the Games have ended. I will be impressed -- and, I have to say, surprised -- if the results are different in Shanghai.

    And, one more, from an American reader who thinks I'm being too negative-sounding:

    The ratchet goes both ways, of course. After 9/11 it was reported that many facilities in small towns across the country had instituted security measures (the Onion made fun of it, at least). I'm fairly sure that the Terre Haute Public Library no longer requires a full-body x-ray scan to enter its children's afternoon reading hour. Likewise, Yankee Stadium has pretty strict rules about bringing bags into the facility, but it's an outlier in this regard, which was probably not true in late 2001. It's just not true that security measures, once adopted, cling like barnicles. Some do, some don't. I wish I had better documentation on this to offer you, but surely a time traveler to, say, the spring of 2002 would notice much greater restrictions?

    More »

  • Sanity About Security: a Step Forward in New York

    A rare victory over the hollow symbolism of "security theater," in New York

    Previously in this series here.  A reader who works in the main Citibank building in Manhattan writes to report:

    My office building is the world headquarters of Citibank. In the wake of 9/11 they decided they needed increased security and so have required all bags and packages to go through an x-ray machine. You could be carrying Dirty Harry's revolver in a shoulder holster under your jacket,, or ten pounds of plastic explosive taped to your chest, but your attaché case had to be screened. Amazingly, after nearly nine years of doing this, they stopped this week, although the announcement from building management reassuringly told us that the x-ray machines are in storage and can be wheeled out at a moment's notice.

    Within my experience, this is just about the only occasion in which security theater has not been subject to a one-way ratchet effect -- once a "security" measure is adopted, no matter how foolish it is, no one ever has the courage to discontinue it. Is there hope that the broader society will follow this brave beacon?

    To the reader's final question: maybe we can find out who had the guts and good sense to make this decision about one (important) building in one (very important) city, and unleash that person to work on the "Threat Level is Orange" charts that symbolize security theater at its most mindless. As always, we take our good news where we can find it. I welcome any similar accounts of the security-theater ratchet being reversed.

  • The "Cyber War Threat" Debate

    Are we worrying too much? Or too little?

    I mentioned back in April that I was going to be out of DC on June 8 -- but that if I had been around, I would have been sure to attend the Intelligence Squared debate at the Newseum on the motion that "The Cyber War Threat Has Been Grossly Exaggerated."

    Well, the results are in, and the "against the motion" side won big. Ie, the team of Mike McConnell, former DNI/NSA director, and Jonathan Zittrain, of Harvard Law School, was apparently way more effective in arguing that the threat was real, than the "for the motion" team of (my natural allies) Bruce Schneier, all purpose security-guru, and Marc Rotenberg of the Electronic Privacy Information Center was in arguing that it has been overstated. Info on all debaters at the site.

    Teams "win" or "lose" these debates by measured movement in audience opinion before and after the discussion. Obviously such results can be cooked, but here are the reported opinions:

    BEFORE: 24% for the motion (agree on "gross exaggeration"); 54% against; 22% undecided.
    AFTER: 23% for; 71% against; 6% undecided.
         Net change: "undecided" vote breaks in a major way for the "threat is real" camp.

    A transcript of the whole debate is available in PDF here. I've just read it through quickly, but on first glance I can rationalize the results this way. First, the "anti" team, especially Zittrain, seems to have taken the requirements of structured debate more seriously than the "pro" team, especially Schneier. A sample from Zittrain after the jump. Second, and to my relief, the "anti" team took great care not to say that a "cyber war" was going on now. Rather its point was, the threat of such a thing happening was serious enough to justify the current level of press and political hype.

    Congrats to all participants. And, no joke, it's a real public service to have debates of this sort that bring top-tier participants together and add the sizzle of prize fight competition to a discussion of issues of first-order importance.

    Fundamentals of Debate 101: Of the four participants, my guess is that Jonathan Zittrain had most experience as a high school or college debater. Illustration of his approach: setting up the opponents' argument in a way that suits the rebuttal he has planned. This may not be spellbinding rhetoric, but it's a very effective debate presentation. After Rotenberg and Schneier had spoken, Zittrain said:

    So, here's where we're at so far. Marc says, "Vote for us if you don't want a police state." Bruce says, "Vote for us if you think journalists and their headline writers and sometimes their sources exaggerate," and, "Vote for us if you don't want a military state." So, I stand here proudly before you in the negative, despite the fact that I do not want a police state. I do think that journalists and their headline writers sometimes exaggerate -- is it okay to say that in the Newseum? Is that all right?...

    I want to give a more gradual view of the vulnerabilities that you'll notice both Bruce and Marc handily acknowledge. "Oh, we're not saying the system works. In fact, we agree it's utterly vulnerable. We just don't like the use of the word 'war,' and we don't like the use of the word 'war' because it might give people a platform through which to have bad things happen after that, to militarize or to create a police state or something like that." Well, fine. We have to argue against that, but let us be truth-tellers about the state of vulnerability in our networks and our endpoints, and then deal with it from there, neither exaggerating nor understating it.

    So, what kind of threat am I talking about? Let me just give you two quick examples...

    Worth checking out.

    More »

  • Sanity About Security: Kicking Off a Series

    What if they gave a cyber war and no one....

    I hate negativity! Therefore, as a counterweight to chronicles of "security theater" nuttiness on this site and from Jeffrey Goldberg in the magazine and online, let's kick off a little hall-of-fame feature. It's time to honor people who manage to talk about real threats the nation faces, and ways to cope with them, without succumbing to threat-inflation, chicken-little-ism, fear-mongering, budget-boosting, and the general, cowering, "be very afraid" mentality summed up by the robotic reminders that the "current Threat Level is Orange."

    To start, a retrospective award for recent efforts to counter the idea that the United States is involved in a "cyberwar." James Lewis, of the Center for Strategic and International Studies, is one of the nation's real experts on all the bad things that can happen when governments, criminals, corporations, and other ominous-sounding groups misuse electronic information. I quoted him several times in my article on cyber-threats early this year. But as he pointed out in his speech last month in China, the idea that this constitutes electronic warfare between countries is intellectually lazy and politically and economically dangerous. 

    It's lazy, because it confuses the theoretical capacity to do harm from actually inflicting harm. It's like saying: I'm carrying a pack of matches, so therefore I am actually an arsonist. (Now, the TSA might think that way, but...) It is dangerous not just because it hypes mutual suspicions but also because distracts attention from the real, ongoing source of cyber-menace: the unglamorous but serious reality of corporation-vs-corporation espionage and "normal" criminal fraud.

    Lewis has made this point before, but in a recent speech to the China Institutes of Contemporary International Relations (PDF here), he laid it out:

    Powerful misperceptions on both sides [US and China] shape these decisions but there is one misperception we can clear away immediately. We are not in a cyber war.

    War is the use of force to achieve political ends. It involves using force to attack, damage or destroy an opponent's capability and will to resist. A cyber attack would damage data and perhaps physical infrastructure, create uncertainty in the mind of an opposing commander, and be used for political effect....

    Advanced militaries also have missiles and aircraft and plans to use them, but they will not use these weapons outside of a larger armed conflict. No one would launch a missile or an aircraft at the United States on a whim or as a test, as this would invite a devastating response.... [Similarly] outside of a larger armed conflict, cyber war is unlikely.

    That is: if the US and China are already shooting at each other, they might try to bring down the other's cyber networks too. Otherwise, "cyber war" just is not plausible. Naturally Lewis's argument is more nuanced than the way I'm summarizing it, and it concludes with an assessment of the things we should be worrying about more than we do. But if you read it you'll find yourself cringing the next time someone refers to the harsh new reality of "cyber war." Which is a start.


The Death of Film

You'll never hear the whirring sound of a projector again.


How to Hunt With Poison Darts

A Borneo hunter explains one of his tribe's oldest customs: the art of the blowpipe


A Delightful, Pixar-Inspired Cartoon

An action figure and his reluctant sidekick trek across a kitchen in search of treasure.


I Am an Undocumented Immigrant

"I look like a typical young American."


Why Did I Study Physics?

Using hand-drawn cartoons to explain an academic passion



From This Author