Forgot your password?
typodupeerror
Math Privacy

LA Airport Uses Random Numbers To Catch Terrorists 321

Posted by CmdrTaco
from the better-than-searching-me-whenever-i-have-a-beard dept.
An anonymous reader writes "Los Angeles International Airport (LAX) is using randomization software to determine the location and timing of security checkpoints and patrols. The theory is that random security will make it impossible for terrorists to predict the actions of security forces. The ARMOR software, written by computer scientists at the University of Southern California, was initially developed to solve a problem in game theory. Doctoral student Praveen Paruchuri wrote algorithms on how an agent should react to an opponent who has perfect information about the agent's choices."
This discussion has been archived. No new comments can be posted.

LA Airport Uses Random Numbers To Catch Terrorists

Comments Filter:
  • by he1icine (512651) on Sunday September 30, 2007 @08:30AM (#20800855)
    Sorry it had to be said.
    • by Entrope (68843) on Sunday September 30, 2007 @08:39AM (#20800933) Homepage
      Quite the opposite. The bit about strategies given "perfect knowledge" by the opponent assumes that any information about practices or techniques could leak out. Given that, it seems obvious that the proper response is to determine an appropriate level of coverage, and then implement a randomized search pattern that conforms to those constraints. The security is not through obscurity but through a smaller window for discovering and exploiting the search pattern.
      • The Art of war (Score:5, Insightful)

        by Anonymous Coward on Sunday September 30, 2007 @11:21AM (#20802007)
        "The pinnacle of military deployment approaches the formless: if it is formless, then even the deepest spy cannot discern it nor the wise make plans against it."

        --Sun Tzu, "The Art of War"
        • by EmbeddedJanitor (597831) on Sunday September 30, 2007 @04:05PM (#20803861)
          Sure you can't predict random screening, but still the residual number of operatives will get through. If you're screening half the people (randomly) then:

          If you send one operative you have a 50% chance of one getting through.

          Send two and you have a 75% chance of at least one getting through.

          Send ten and you have a 99.9% chance of at least one getting through.

          The handy thing about many organisations is that they are willing to play the numbers.

          • by NMerriam (15122) <NMerriam@artboy.org> on Sunday September 30, 2007 @05:27PM (#20804329) Homepage

            Sure you can't predict random screening, but still the residual number of operatives will get through. If you're screening half the people (randomly) then:
            If you send one operative you have a 50% chance of one getting through.
            Send two and you have a 75% chance of at least one getting through.
            Send ten and you have a 99.9% chance of at least one getting through.
            The handy thing about many organisations is that they are willing to play the numbers.


            But that's only if you assume that security doesn't react in any way to the discovery of an operative, which is of course false. Once any operative is found, security will then force ALL passengers to be rescreened at that location, and increase security at other locations temporarily as well.

            So sending in one operative gives you a 50/50 chance of being successful.
            Send two and you have only a 25% chance of successfully penetrating security.
            Send ten and you're virtually guaranteed to initiate a complete lockdown of all air traffic in the country.
            • That all depends. (Score:3, Insightful)

              by raehl (609729)
              What is success for a terrorist?

              If you have 10 operatives, send an operative a month every 30 days +/- 10 days. Even if they all get caught, you'll have instilled a much higher level of terror. Either one of the operatives will certainly get through, or the level of security will be so high that the costs of air travel will increase substantially.
      • by deepvoid (175028) on Sunday September 30, 2007 @11:59AM (#20802265) Journal
        Randomized patrols have been around along time. There are several problems with this guy's approach. First, there are inner and outer bounds to patrol initiation and duration, as well as the human tendency to repeat the familiar, thus while the schedule may get changed, the actual patrols will follow a non-random, pattern. In addition, consigning the schedule to a computer also adds a level of security failure potential that shouldn't exist. If the guards, examiners, and cameras, are on a purely random schedule, and are following the direct orders of a machine, eventually, a social engineering exploit would open the door for the opponent to get a complete schedule from the computer itself. Just like lost page encryption can be circumvented by compromising the message sender, random patrols can be brought down by compromising the computer, and unlike computers in Hollywood movies, no computer on Earth, is secure, and connected at the same time.

        The thing about having "Perfect Knowledge" of a patrol or observation pattern, is that you have to expect certain variations anyways, and plan accordingly, but the polar bear under the ice is that you also have to expect certain regularities, certain things that repeat, regardless of schedule. Most unit commanders and security bosses have had to learn this the hard way, and after they loose a certain amount of confidence in human nature, they learn how to manipulate it to make their facility more secure.

        A low level security guard is going to look at the schedule, and try to make it conform to his own sense of order, rounding up or down patrol times, falsifying patrols, or just plain blowing off the whole schedule entirely. After going through more than a few guards, the commander is going to have to admit, that going against human nature is not only counter productive, but dangerous. The radio messages, audio stimulus, and other auditory or visual stimulus that is used to keep the pattern random, can always be intercepted and used to an opponent's advantage, and with the high turnover rate already present in security jobs, it is a simple matter to place somebody on location that can compromise everything.

        What the commander has to do is assume that his bottom line guards are going to be compromised, individually. For instance, he can safely assume, that at even if all of his guards are compromised that very few of them are going to entrust that fact with another guard. By identifying the loners on guard staff, he can group them in pairs, or triplets that are socially incompatible, and thus untrusting of one another. Since self preservation is a stronger human reaction than loyalty, the commander has to rely on this to prevent an actual incursion.

        In military units, officers do not mix much with enlisted, and doing so can mean punishment or even jail time for the offenders. The reason for this, is that if two groups are not socially compatible, and they have a common stated goal, then the change of a conspiracy amongst the two is greatly reduced. If The officers decided as a group to betray, then military code would force the enlist, or non-commissioned officers to act against it, and visa versa.

        The military relies on routine, because, unlike the scientist with his computer driven, game theory approach, they know it works. If patrols become regular, then is easier for those patrols to spot anything out of order. The only way to have consistent security, is to have reliable, consistent, and above all, complete coverage of the facility.
        • Re: (Score:3, Informative)

          by 644bd346996 (1012333)
          You make some good points about getting humans to actually follow the random search patterns, but I don't think we need to worry too much about terrorists being able to steal the schedules. Because they are random, they don't need to be generated very far in advance, leaving would-be infiltrators at most a few hours to steal the information, plan the timing of an attack, and execute it. Even though the actual window of opportunity for slipping through security won't be reduced, it becomes much much harder
        • by bhebing (741840) on Sunday September 30, 2007 @02:42PM (#20803309)
          If they use your comma placement as a random seed, the system will be absolutely secure.
        • by niktemadur (793971) on Sunday September 30, 2007 @07:19PM (#20804963)
          A low level security guard is going to look at the schedule, and try to make it conform to his own sense of order, rounding up or down patrol times, falsifying patrols, or just plain blowing off the whole schedule entirely.

          Damn right. A few years back, my hometown was in the midst of a crime wave, and at the business where I worked, a guy was hired to go and deposit money in the bank. The first thing management told him was to never, ever repeat the same route nor schedule twice in a row. At first, the guy followed this advice, but after a couple of weeks, probably without even realizing it, he fell into a mindless, hurried routine that you could set your watch by. Within a month, he was ambushed - his car was crashed into at an intersection, then when he got off to inspect the damage, a gun was pointed at his temple.

          A few days later, the guy resigned and I was given bank duty for a while, and I dare you to try and discern a pattern in the way I handled this baby. Once out of the office, I had six options to choose from within a half block in either direction (east, then straight, left or right - west, then left or right). Sometimes I stalled for up to three hours before dashing off, sometimes I repeated the same route three times at different hours, just to confound whoever might be watching.

          To take it up a notch from the PP, here's the twist: Management itself, for all their initial concerns, began dropping hints about other needs I wasn't taking into consideration, such as needing the money deposited within a certain hour. After the assault and robbery shake-up, the organization became open to flexibility, then soon after went back to rigid, routine expectations, downgrading safety for convenience. As an example, the financial department was screaming for regularity, to sort out money movements by X hour.

          Within a few months, an armored car service opened in town, which my company hired immediately, and things went back to normal.

          Now here's my point: it's not just the grunts, it's also the supervisors and management. On paper, somebody's gonna have to wrack their brain and work harder to schedule activities that follow no pattern, probably for the same amount of pay. Supervisors will constantly have to change their schedules accordingly. There will be initial grudging compliance on all levels, then resistance will manifest itself through groaning, then procrastination turning into inaction. To change organizational habits, an initial push towards implementation is not enough, somebody has to really exert pressure for a long, long time, and who's going to do it, old employees? Unlikely. New employees? A big possibility they'll be sucked into the organizational culture within a couple of unhappy months. You have to find and hire the right outside person, and that'll take a bit of luck, never mind Game Theory, an old and iffy construction that's always caused more harm than good when applied in "real life".

          Going offtopic here, and as crazy as it may sound, I do miss the bank deposits, as they turned weekdays into an adventure. First of all, it was a daily shot of adrenaline. And then, there was the deposit itself, not through regular bank tellers, but within a backdoor bank vault, a security-clearance (automated door, long hallway, automated door), CC-monitored bizarro world where the same hungover guys from other companies deposited every day, and the bank employees always kept ice-cold beer for us... in the morning. To get the beer to us on the other side of the 8-inch glass, it had to go through the same time-delay security mechanisms that we placed the ingoing deposits into. It was a small space with no chairs, so we sat on the floor, drinking beer out of paper cones, a thick cloud of cigarette smoke hanging in the air, crushed butts and cones strewn on the floor. After a while, you find yourself regarding this as normal. Talk about organizational culture.
          • Re: (Score:3, Interesting)

            by Pollardito (781263)

            A few days later, the guy resigned and I was given bank duty for a while, and I dare you to try and discern a pattern in the way I handled this baby. Once out of the office...

            boom! right there! you always left the office to get to the bank!

            seriously though, you're describing the methods yourself, so it's doubtful you would mention something non-random that you hadn't thought of at the time. depending on the size of the cashbox, why wouldn't someone just be willing to wait out the entire 3 hour window and/or pick one or more of the 6 routes and take a couple tries for you to finally choose that same route they picked?

            • Re: (Score:3, Interesting)

              by niktemadur (793971)
              Back in the day, the wave of robberies in my hometown were precise, quick and bloodless (for the most part). These people were not desperate robbers with an itchy trigger finger, they were professionals. Because they were professionals, surely they calculated cost (time, effort and risk) and return of investment. If you're a robber and think like this, it's inevitable that you also think of "opportunity cost", which is basically "How much am I losing elsewhere by staking out this particular person?" I w
    • by brusk (135896) on Sunday September 30, 2007 @08:46AM (#20800977)

      Actually it didn't. In some ways this sounds like the opposite of security through obscurity. I'd feel more secure with a system whose entire workings was public knowledge, but that was still effective enough to be difficult to penetrate. Randomness is a great way of doing that. You may know, as a potential attacker, how the system is set up, but if you don't know where the people and equipment will be the best you can do is take an informed risk. It also makes it harder to do things like purchase information about the system: it's little use to bribe a guard for the schedule if he doesn't know it until he starts his shift (and then may only know his first task, not the remainder of his schedule).

      To my mind, security through obscurity would be setting up a very complicated schedule, then overconfidently assuming that an attacker won't figure it out. There are lots of cases where randomness increases security (e.g. random strings as passwords).

      • Re: (Score:3, Interesting)

        by rthille (8526)
        (I haven't read the article, typically I find the comments more interesting :-)

        Well, the seed for the random number generator should probably be kept secret. Or there should be no seed, there should be hardware randomness so without that data stream, there's no way to predict. Not sure how you distribute the schedule in real time from the hardware random generator to the actual officers and keep it from being eavsdropped on, but I guess encrypted communications can be assumed...
      • by drgonzo59 (747139) on Sunday September 30, 2007 @11:35AM (#20802103)
        The randomness can be used as far as behavior is concerned in social encounters. For example you are being robbed, it is expected that you will be scared and pull out your wallet. Instead try acting like a mental case or pretend you don't understand the language, or say, offer to them a cigarette instead. For a couple of seconds, the robber will be confused as they lose control of the situation because something unexpected happened. Then it's up to you to either keep it up or if you feel brave strike back.


            The same strategy goes for when you don't want to interact with certain individuals, solicitors, pan-handlers and so on -- when they ask for you attention, reply with something completely unrelated, for example "Can you spare some change? -No thanks, I'm good. -Huh?...that don't make no sense..." by the time they processes the confusing statement you already walked too far and they'll focus on the next person.


            Another example, say you are having a heated debate with someone. When the argument is the most intense immediately switch and start arguing against your position. Ok, that's more for fun...The actual strategy is to use non-sequiturs. Statements that at first sound normal but when you think about them they just don't make any sense. Stuff like "How do you know that's what you mean?" That statement has to be immediately followed by whatever real point you are trying to make. The brain is trying to process the non-sequitur and it keeps getting segfaulting-ing, but because you keep talking it is also forced to keep up with the argument. Eventually they just remain quiet. If they ask you to repeat the non-sequitur pretend you said something else or make fun of them for being slow.


          Randomizing your response is a good way to throw off an opponent. They expect a certain response or reaction but they are getting something else. That gives you a short window of opportunity while the opponent tries to process or guess your next move. Of course your moves have a degree of randomness (that you control) and it is pointless for them to spend resources (mental, computational) to look for patterns in randomness.

        • Re: (Score:3, Funny)

          by Cowclops (630818)
          Or when you're in court, you could start talking about Chewbacca and how he was born on Kashyyyk but lives on Endor.
    • by Hangtime (19526) on Sunday September 30, 2007 @09:05AM (#20801099) Homepage
      There is a difference between Security Through Obscurity and disguising the strength, numbers, and routines of your forces by trying to nullify patterns in your behavior. People pick up on patterns very quickly. Patterns makes it easy to train, equip and ultimately be successful when addressing fluid, complex situations. If I know that once I see people streaming from one platform I have 30 seconds before the next train arrives I have an advantage.

      By truly randomizing protocols, I can no longer plan for one or two specific scenarios but must be ready for hundreds. This increases the time, energy, and manpower it takes me to prep and execute a mission. In fact, if I can't bank on the fact that there will NOT be a canine unit to take my plastic through security I may change my approach and try to work from a stand-off position rather then a close-end. This makes it easier for security because I can fortify and create choke points in and around my perimeter.

      Security Through Obscurity relies on your ability to hide something alone (hiding a key) versus what this is (moving the key every 4 hours and randomizing the patrols in and around the key). There is quite a bit of difference between the two.
    • by Anonymous Coward on Sunday September 30, 2007 @09:21AM (#20801213)
      So, to be exact, the security staff is going to play DnD?

      Staff sergeant: "Ok, Ralph" *rolls dice* "you are going to move 4 feet to the left."
    • One has to be careful not to mistake "arbitrary" for "random." What they are doing is randomizing elements of systematic security, not promoting arbitrary security. That is, they are still sending trained patrols, K9 units, inspectors, etc. but randomizing the time, location, and duration. This seems quite smart to me. The irony is that a huge fraction of airport security today IS arbitrary, but NOT random: everyone must stand in line, take off shoes, pack liquids a certain way, scan their laptops, scan
  • by mulhollandj (807571) on Sunday September 30, 2007 @08:31AM (#20800861)
    I read a fascinating article in the Freeman comparing train security, mostly privately done, with airports security, done by the government. The key difference was that when it was done commercially the inconvenience to customers was quite minimal. On the other hand when the government runs it, it is very inconvenient for customers. Why do you think this is?
    • Re: (Score:3, Insightful)

      I don't know. However first we must look at the sampling done by the article and determine if it was a valid sample that would produce non-biased results. Then we need to look at the numbers themselves and see if they were interpreted correctly (involving both layman and well known mathematicians who are either known to offer non-biased results or enough mathematicians that represent both biases towards the government and towards commercial companies). Only then can we know if the results are correct and ev
    • Re: (Score:2, Insightful)

      by JackMeyhoff (1070484)
      Airport security done by the government? It's all private companies here.
    • by iknownuttin (1099999) on Sunday September 30, 2007 @09:01AM (#20801085)
      I think it's because there is very little, if any, accountability that the Government employees have to worry about. They can be as rude and obnoxious as they like becuase they know that even if you navigated the bureaucracy to complain, it would just be recorded somewhere and nothing would be done about it. Just look at what the folks who are mistakenly put on the "no-fly" or "extra screening" lists go through. Even a powerful Senator (Kennedy D-MA) had a problem getting off of the list. Or the nun who had to call in a favor with Carl Rove to get off of the list.

      The only time I've heard of a Gov. employee getting fired was because they let someone go through with a weapon.

      Then there are the stewardesses. Since 9/11 you'd think someone anointed them in Flight Goddesses. Complain about something and the next thing you know, you're being taken away in hand cuffs.

      Because of a few jerks in the world, flying has become just one big bullshit hassle. Which, for my own sanity, I refuse all jobs that require travel - bills be damned! Of course now with all the screening software, a bad credit rating will get you a second look by the TSA.

      I may have to move to Vermont.

      • by b0s0z0ku (752509)
        Of course now with all the screening software, a bad credit rating will get you a second look by the TSA.

        I thought that NO credit data would be more worrisome to them -- evidence of a manufactured identity. I suppose bad credit would make you more likely to help terrorists for money, but in the case of suicide attackers, it's pretty doubtful any sane person would.

        -b.

    • by mspohr (589790) on Sunday September 30, 2007 @09:08AM (#20801139)
      Train security??? Where do they have train security? I've traveled on trains in France, Italy, Germany, Switzerland, Czech republic and never had any kind of security inspection.

      I live is Switzerland and we don't have any noticeable train security. They may be some security cameras but the only 'security' I see are the conductors and they are usually friendly and just want to see your ticket. BTW, the trains are very safe, too. No terrorists and very few accidents.

    • by rolfwind (528248) on Sunday September 30, 2007 @09:14AM (#20801177)
      Only GOVERNMENT run security gives me free colonoscopies while I fly. Not only do I save a trip to the doctor, I ensure I stay in good health.
    • by Ambitwistor (1041236) on Sunday September 30, 2007 @10:19AM (#20801593)

      I read a fascinating article in the Freeman comparing train security, mostly privately done, with airports security, done by the government. The key difference was that when it was done commercially the inconvenience to customers was quite minimal. On the other hand when the government runs it, it is very inconvenient for customers. Why do you think this?
      You mean this article [fee.org]?

      It's comparing apples and oranges, as far as I can tell. It describes private security companies and "posses" pursuing known perpetrators in the 19th century. This is essentially police work, and is a quite different issue from preventing unknown threats from boarding in the first place. It claims that going after criminals is better than screening large numbers of non-criminals. Well duh, the problem is to find out who the criminals are, in a way that safely prevents them from carrying out whatever acts they're trying to carry out.

      The article also says the private companies also sent guards on trains to foil robberies and such. Well, that's what federal air marshals are for. We've already got those. The article appears to be arguing that we just need the air marshals, and don't need any airport screening. Well, that's debatable, but as far as I am concerned, it doesn't have much to do with private vs. government security.

      I think the situation with train robbers vs., say, suicide bombers is quite different. The article gives an example of train robbers who threatened to blow up the train if they weren't allowed to escape. Well, that's quite different from a guy who intends to die with everyone else: he's got no reason to negotiate. If you let him on with a bomb, you've already lost, unless you're really, really counting on those air marshals or helpful passengers (a la Richard Reid). It's a harder security problem.

      Finally, the article says that the railroads booted troublemakers off the premises instead of letting them board the trains. It also says that federal law prohibits airlines from doing the same. I don't understand this; I've certainly read news stories about suspicious passengers being removed from planes, and of course TSA can prevent them from boarding in the first place.

      Now, I am not trying to argue in favor of draconian airport screening, but I think the differences between security against train robbers and security against airline terrorists have more to do with the completely different settings and goals, rather than private vs. government administration of the security measures.
    • This has nothing to do with government vs private industry. This is because the "provider" of security is not related to the provider of the actual product. Besides, there are just too many differences, including the perceived threat, to even consider a simple comparison.

      This is also used by the government to keep you in fear of a terrorist attack.

  • by StandardCell (589682) on Sunday September 30, 2007 @08:31AM (#20800865)
    [Tour of Accounting] Accounting Troll: "Over here we have our random number generator" Number Generator Troll: "Nine Nine Nine Nine Nine Nine" Dilbert: "Are you sure that's random?" Accounting Troll: "That's the problem with randomness: you can never be sure"
  • by jkrise (535370) on Sunday September 30, 2007 @08:32AM (#20800869) Journal
    They've been using that technique to identify and fix bugs in Windows... even incorporated that into Excel 2007 multiplication recently.
  • by sentientbeing (688713) on Sunday September 30, 2007 @08:37AM (#20800913)
    wily terrorists can easily defeat this lame attempt at security.
     
    All they have to do is predict these random numbers ahead of time... Using a dice.
  • by 140Mandak262Jamuna (970587) on Sunday September 30, 2007 @08:38AM (#20800923) Journal
    They are going to create a huge grassroots information and education campaign against this. They believe the security should intelligently designed and should not depend on random chance of security people and the bad guys coming together.
    • by Tuoqui (1091447)
      I think this is just for the patrols not for the important things like checkpoints and such. Could you imagine... 'X-Ray Machine: Nobody manning it between 2pm and 2:15pm' NOW's our chance!
  • Elementary (Score:3, Insightful)

    by RAMMS+EIN (578166) on Sunday September 30, 2007 @08:39AM (#20800929) Homepage Journal
    Randomize checking so that an attacker can't predict the next check and avoid it? That's what I would do, too. Can I be a high-paid security consultant now?

    Probably not. It probably takes more nerve and marketing skills than I have to stand up and demand the world for what is essentially an elementary idea that anybody who thinks about the issue should come up with.
    • Not elementary! (Score:5, Informative)

      by Ambitwistor (1041236) on Sunday September 30, 2007 @09:53AM (#20801433)

      Randomize checking so that an attacker can't predict the next check and avoid it? That's what I would do, too. Can I be a high-paid security consultant now?
      The point is not that the strategy is random, but that the randomization is optimized to be robust against an adversary who knows what your randomization scheme is. That's what the game theory [wikipedia.org] is for: it's a classic mixed strategy [wikipedia.org].

      Remember, there are many ways to be random: check area X Y% of the time; perform check W Z% of the time, etc. What should Y and Z be? How do you balance the occurrence of Type I and Type II errors? [wikipedia.org] Some strategies are better than others: there's a reason why game theory was invented.

      Try reading the study [usc.edu]; the results are not trivial.
  • by XxtraLarGe (551297) on Sunday September 30, 2007 @08:39AM (#20800931) Journal
    The terrorists start using a random number generator too?!?
  • set of locations? (Score:4, Interesting)

    by nathan.fulton (1160807) on Sunday September 30, 2007 @08:39AM (#20800937) Journal
    "Part of it is to look for patterns in the deployment of assets. We're trying to block the surveillance cycle by making the security patrols appear in unpredictable places at unpredictable times."

    If you figure this is a sizable force, and that all of them use the randomization software, four years worth of recon (TFA gave that as a time period for pre-strike operations) ought to give the terrorist enough information to know where these "random points" are. I mean, there has to be a defined set of locations somewhere in the program, they can't just be using coordinates. Imagine, a security guard climbing into an oven at the pizza place at the airport because "a computer told him to" (and the following lawsuits.)

    How do they account for the fact that there will always be an area that these security forces don't patrol because no one told the computer that the place exists.

    Anyone know how they manage telling the computer which places exist?
    • Re: (Score:3, Insightful)

      by Hangtime (19526)
      If you have done it right you may give your security a general location and each patrol has an area within the airport so that they are all covered. Individuals have different patterns for searching. So if I have to watch 12 different teams that are all different in terms of who makes up those teams its going to make my job a lot tougher in pentrating. Maybe one person looks at this area, but another doesn't. If I can't bank on that person who does a crappy job being there when I want them to be there well
      • by tomhudson (43916)

        "..oops canine unit came today, Abort."

        And there's your weakness exposed. To penetrate, just keep trying until conditions are right, because you know eventually you'll "get lucky."

        • by FLEB (312391)
          Still, though, you have to throw more resources at it, and/or risk getting found out when an attempt fails or when the guards get suspicious about the same people showing up at the same places a number of times.
          • by tomhudson (43916)

            ... or make the guards the targets ...

            Look at the tactical advantages from a outsider's point of view:

            1. since they're being deployed randomly, they're LESS likely to notice "the same people" every day, not more ..
            2. since the guards are being deployed randomly, its a lot harder to protect them, or have a working plan to respond to attacks on them that isn't overly complicated
            3. breaking their morale will make them even less vigilant
            4. nobody will want to be near a rent-a-cop; thus everyone, even "those with no
    • It's up to the security forces to determine which points need to be visited, not the computer. The computer only schedules the time to visit the predefined points. The patrols either go to their patrol points on a regular schedule or they go on this new random schedule. In both cases, the places covered are the same--the new method is neither better nor worse than the current method.

    • Re: (Score:3, Informative)

      by Ambitwistor (1041236)

      If you figure this is a sizable force, and that all of them use the randomization software, four years worth of recon (TFA gave that as a time period for pre-strike operations) ought to give the terrorist enough information to know where these "random points" are.

      You're missing the point. The analysis assumes that the terrorist already knows that information anyway. The adversary is assumed to have perfect information about the randomization strategy, where the checkpoints are, etc. Then a randomization strategy is designed to minimize failures even in light of this information.

      How do they account for the fact that there will always be an area that these security forces don't patrol because no one told the computer that the place exists.

      That is a better point, but we don't know whether there have been lapses in specifying the layout of the airport. (Of course, there will always be security holes that nobody has thought

    • by timeOday (582209)

      four years worth of recon (TFA gave that as a time period for pre-strike operations) ought to give the terrorist enough information to know where these "random points" are.

      If you haven't identified your vulnerabilities, randomization will not solve that problem for you, and nobody is saying it will. If that were true, randomization would be the silver bullet, which it is not. Does setting a strong password on your computer mean you're safe from all attacks? Of course not. Does that mean weak (non-rand

  • by Sycraft-fu (314770) on Sunday September 30, 2007 @08:40AM (#20800941)
    While you certainly want to have some things that are purely consistent (for example all bags being X-rayed, all passengers having to pass through a checkpoint) randomness to additional security can work quite well. There are some things that are either too expensive (like additional patrols) or too time consuming (like manual bag searches) to conduct all the time, every where. Well, if you make it truly random when and where they happen, it makes it the kind of thing that is impossible to get around. While there's no guarantee it catches something, it just generally increases the risk to those who want to do mischief. They can't wait and watch and figure out how to beat your system as there just isn't any way. All they can do is hope that they aren't in the wrong place at the wrong time.

    As it is DHS involved, I fully expect them to fuck it up and apply it wrong, but having some truly random security is a good way to make things generally more difficult, even to an adversary with a lot of resources to try and find a weakness.
    • by PaddyM (45763)
      Yeah, hopefully the terrorists haven't been planning to attack something other than planes like they did in 1993. The only way this would work is if the TSA showed up anywhere. As in one day they were in my neighborhood. The next day they were watching a football game.
  • by Z00L00K (682162) on Sunday September 30, 2007 @08:44AM (#20800969) Homepage
    is only one component that can be used. A perfectly regular timing is never good when doing security checks. But then - it may be even better if the security checks appears to be regular done by uniformed personnel and then random by plain clothed personnel.

    However - security checks are still only one component. For example today's airport buildings are largely a huge open place which means that maximum effect may be obtained outside any security checkpoints today. By reducing the queues to check-ins and building compartments the effective radius of an attack will be contained to a much smaller area.

    A theoretical method would be to do image analysis and pattern analysis of behavior, but since the behavior pattern varies much from person to person it will create a large number of false alarms.

  • So.. (Score:3, Insightful)

    by madsheep (984404) on Sunday September 30, 2007 @08:58AM (#20801057) Homepage
    Yea, hate to say it, but does this randomize button.. randomly put these checkpoints near a group of middle eastern people? :D
  • Why does this need special (and I'm guessing incredibly expensive) software?

    They could even throw them publicly so the naughty people can see them doing it. It'd be fun to watch.

    • by afabbro (33948)
      Exactly. The U.S. border patrol has been using this method to determine which cars to inspect since the 40s, long before there were big expensive software packages to roll dice. You don't need "game theory" when "common sense" and "obvious approach" suffice.
      • I know that port security has been looking into these same game theory approaches for inspecting shipping containers. "Common sense" may get some results, but with some actual analysis, you can do even better in a mathematically demonstrable way.
  • Pretty Useless ... (Score:3, Insightful)

    by butlerdi (705651) on Sunday September 30, 2007 @09:07AM (#20801119)

    You can not fight someone who is going to blow themselves up. I would think that airplanes probably no longer matter. If you get through fine, if not blow yourself up in a crowded terminal. Probably get more folks that was as well.Especially when so many virgins and good shit is at stake.

    The chance of getting blown up (even if you believe the shit ol w and the ol boys say about all the foiled plots) is still less than traveling by car.

  • by sumnerp (1017130) on Sunday September 30, 2007 @09:15AM (#20801181)
    So, in order to improve airport security you give "vast amounts" of classified data about airport security to a collection of grad students to input into a program that produces allegedly randomized output. Yes, I see nothing wrong with that; I'd never have thought to do it that way, smart really smart
    • Re: (Score:3, Informative)

      by Ambitwistor (1041236)

      So, in order to improve airport security you give "vast amounts" of classified data about airport security to a collection of grad students to input into a program that produces allegedly randomized output.

      Uh, there are plenty of grad students with security clearances: they work on classified research projects, like this one. You think you can't have a clearance if you are a student or something?

      Or do you think there's something wrong with giving classified data to people with security clearances, just because they're also grad students?

  • Randomness is often used in statistical process control along with probability theory in the manufacturing industry to determine when a produce is going out of tolerance. Random sampling is just one of a half dozen or so methods currently in use [wikipedia.org] in SPC.

    However, only time will tell is this will work or if the TSA has the discipline to use it correctly or if it is even suited for the task.

  • initially developed to solve a problem in game theory

    Yeah, I played "Paranoia" back in the pen-and-paper RPG days too.

    Help Homeland Security! Homeland Security is your friend!
  • It doesnt address the biggest threats -

    1. MANPAD attack on a plane from outside the airport.

    2. Suicide bomber in a nice big truck full of explosives running into the terminal.

    3. Suicide bomber with implanted bomb blowing up a plane.

    So it is solving the wrong problem, it's like solving the occupation of Iraq by escalating the troop numbers.
    • by Archon-X (264195)
      WTF is the obsession with planes and airports? That's old hat, it won't happen again.
    • It's not intended to solve any problems, just make you more aware of security, keep you afraid.
  • Why not? (Score:4, Funny)

    by mmell (832646) <mike.mell@gmail.com> on Sunday September 30, 2007 @09:44AM (#20801365)
    They apparently already use a random number generator to determine when flights will leave.
  • by Ambitwistor (1041236) on Sunday September 30, 2007 @09:56AM (#20801447)
    I believe this [usc.edu] (PDF file) is a draft of the study being discussed in TFA, or at least is closely related research.
  • They treat terrorists as if they were highly skilled and intent for one target only. They are not. They go in with a desired target but will take any target they can get. Cant get on your plane to blow up? fine blow the hell out of the low end security rent a cops that stopped you, you'll take them out as well as a good chunk of the win and cause as much panic as the plane exploding.

    want to make it more effective? instead of being cheap bastards hire 30X the forced you need, if you see tons of patrols
  • You can play that game randomly. If you do that, then you cannot be beaten but on average you won't beat your opponent either. If you don't, then if your strategy is known you can be beaten, if its not you may have an edge. It seems they went with the first strategy. I think overall it is wise but theoretically they could have a superior secret deterministic strategy.
  • Great! They've got an all too clever way to catch terrorists!

    Now... if only there were some terrorists around.
    (Hey you! What are those wires? Stop now or I'll blow your brains out!)
  • It used to be that they would tell you at the ticket counter that you've been selected for extra screening at the security checkpoint.

    First time they told me that I couldn't believe it. I told the lady that she just turned potential security measure into a total waste of my time, because any potential bad guys would be warned well in advanced. She honestly looked surprised - she never thought about that. So I say even the mere fact that they're thinking about making their actions less predictable is alre
  • by Opportunist (166417) on Sunday September 30, 2007 @11:37AM (#20802119)
    They've been using randomization at identifying terrorists for a while now.

Promising costs nothing, it's the delivering that kills you.

Working...