Facial recognition software. Trace portal machines. The Total Information Awareness database. And now, body scanners. All these new technologies have enjoyed their day in the sun, immediately following terrorist attacks, as a potential magic bullet to keep us safe while traveling.
But repeatedly, gadget defenses have shown themselves to be costly, flawed and difficult to implement. Meanwhile, they take precious resources away from tried and true counterterrorism measures, like hiring more highly trained airline screeners or additional State Department officials.
"Our reaction has been predictably irrational," complains Bruce Schneier, author of numerous books on security, including "Beyond Fear." "We're going to spend a lot of money and it won't make us safer."
Body scanners became an immediate focus of attention the days after the failed Christmas Day plot to bring down a Northwest jetliner. There are plans to more than triple the number of scanners in U.S. airports this year. At $150,000 each, plus operations and maintenance costs, the machines represent a significant investment. David Schanzer, director of the Triangle Center on Terrorism and Homeland Security at Duke University, says U.S. officials should think long and hard before spending that kind of money on terrorism-fighting technology.
"There's never a discussion of trade-offs," Schanzer said. "...Everyone acts as if we can do everything. We can't. Public officials are often attracted to things that are visible, that they can point to and say, 'We're taking action to make you safer,' when instead they should be looking at the types of things that might give you more bang for your buck."
For example, he continued, “Extra staff in State Department consular offices reviewing visa applications, people going to more interagency meetings, placing more personnel in our embassies to work with the British government so when they deny a visa we know. ... These are unglamorous and can get lost in the budget. But they work."
Fighting terrorism and securing air travel involves tricky, nuanced discussions about resource allocation and risk. But reasonable choices about risk are challenging in the emotionally charged atmosphere of terrorism, he said.
"We need to asses risk and look at limited resources and figure out where to most effectively deploy them," he said.
Schanzer said that, because fighting terrorism is as much about perception as reality, there is some value in taking steps simply to reassure the public.
"Measures make people feel more secure, maybe that is a part of Homeland Security," he said.
But Schneier said U.S. officials have fallen into the bad habit of encouraging "magical thinking," suggesting that security technologies can make the world substantially safer.
"I wish Barack Obama would get up on stage and treat us all like adults and say, 'We're doing our best but sometimes these things are going to get through, but we're not going to change our way of life,'" he said. "But politically he can't do that. So instead he's going to respond to movie plot threats and we'll waste money. … It's very human that we fear stories, and the way to make people feel better is to secure against the story."
While body scanners are the technology du jour, it is unclear whether they would have stopped Umar Farouk Abdulmutallab's alleged plot. A scanner may or may not have shown a suspicious lump in his underwear, revealing the bomb-making material he allegedly secreted there. But even if it did, an airport screener may not have noticed it or deemed it a threat.
Other existing technologies, such as the trace portal or "puffer" machine, may have also detected the presence of explosives on Abdulmutallab's skin or clothes. Chemical swabbing -- more commonly used today -- might also have detected elements. But they can also be circumvented.
Regardless, the cat-and-mouse game of implementing technology and screening tactics to defeat already-used terrorist attack techniques is largely ineffective. After nearly 10 years of removing shoes while entering security lines, it is still highly doubtful another attacker will attempt a shoe bomb. Explosives hid in body cavities will not be detected by new body scanners.
"All these strategies require that we guess the plot. Security that requires us to guess the plot correctly doesn't work," Schneier said. "If we spend money on technology that protects against liquid explosives and they use solids then we've wasted our money. If we spend money to protect the Olympics and they attack the Super Bowl we wasted our money. "
The sudden focus on body scanner technology is also misplaced, Schanzer said, because the attack technique used on Christmas Day wasn't new.
"Nothing changed the other day," he said. "We knew about the threat (of a passenger carrying an explosive combination of chemicals onto a plane). Everyone was aware this was a possibility and the potential path of attack and yet we were not devoting extraordinary new resources into full body scanners. What's changed is the perception of the threat."
List is ignored
While even expensive new technology may have been ineffective against the failed attack or similar future attacks, existing tools might produce better results, Schanzer said. Abdulmutallab had left plenty of red flags in his wake, including his father's warning to U.S. officials. But that warning, and other intelligence, wasn't enough to place Abdulmutallab on the "no-fly" list that would have prevented him from boarding the plane to Detroit. On Tuesday, President Obama placed the blame on a "failure to connect the dots." In the future, similar suspects will not be allowed to board flights headed for the U.S., he promised.
But Abdulmutallab was on a list – a government database called the Terrorist Identities Datamart Environment, or TIDE. While there may not have been enough information to permanently ban him from entering the U.S., clearly there was enough to flag him for additional, intense screening. It's unclear why all travelers in TIDE aren't always subjected to increased scrutiny, but lack of resources is a likely explanation. Atlantic magazine reported this week that the National Counterterrorism Center, which maintains the database, was slated for budget cuts in 2010 – and workers who maintain TIDE were slated for layoffs.
It's hard to understand the lack of added screening, given how easily the list might be narrowed on a daily basis, Schanzer said.
"How many on that list have a visa? How many have international airline tickets? How many are paying in cash? There's lots of information out there," he said. "I don't think data mining is a dirty word to narrow down the people who present the greatest risk and should get far greater scrutiny. ... Doing so is far more effective them applying expensive technology to everyone."
In fact, Schneier argues, some steps taken since the Christmas attack have made U.S. travelers less safe. Profiling large groups of people -- such as travelers from the 14 nations that are now subject to additional scrutiny -- creates a dangerous two-tiered security system.
"Once you profile, you invite the bad guys to get around the profile," he said. "When you create a hard way and an easy way through security, you invite the bad guys to figure out how to take the easy way."
In the end, while the Christmas Day plot failed, terrorists may ultimately gain if substantial money is wasted on new technologies and Americans are subjected to longer airport lines and more hassles.
"Even after he failed, he succeeded," Schneier said. "But if we didn't react with all this fear and panic, he would have failed even if he succeeded. Terrorism requires us to be accomplices. And we're really good at terrifying ourselves."