Security theater
Encyclopedia
Security theater is a term that describes security
countermeasures intended to provide the feeling of improved security while doing little or nothing to actually improve security. The term was coined by computer security specialist and writer Bruce Schneier
for his book Beyond Fear
, but has gained currency in security circles, particularly for describing airport security measures. It is also used by some experts such as Edward Felten
to describe the airport security repercussions due to the September 11 attacks. Security theater gains importance both by satisfying and exploiting the gap between perceived risk and actual risk
.
The direct costs of security theater may be lower than that of more elaborate security measures. However, it may divert portions of the budget for effective security measures without resulting in an adequate, measurable gain in security. In many cases, intrusive security theater measures also create secondary negative effects whose real cost is hard to quantify and likely to dwarf the direct expenses.
Such ripple effects are often connected to fear; visible measures such as armed guards and highly intrusive security measures may lead people to believe that there must be a real risk associated with their activity. Other reasons for ripple effects may be that people are simply unwilling to undergo such intrusions as would be required for some activity by the security measures imposed on it.
An example for both issues is that after a recent increase in restrictions in air travel, many frequent air travellers have expressed that they will try to avoid flying in the future. Incongruously, car travel, which is often considered as the alternative, is in fact riskier than air travel.
Security theater encourages people to make uninformed, counterproductive political decisions. The feeling of (and wished for) safety can actually increase the real risk.
The disruption, cost, and fear caused by security theater acts as positive feedback for those who wish to exploit it: even if they fail to take lives, they can cause large economic costs.
Critics such as the American Civil Liberties Union
have argued that the benefits of security theater are temporary and illusory since after such security measures inevitably fail, not only is the feeling of insecurity increased, but there is also loss of belief in the competence of those responsible for security.
Security theater may also be useful where a threat is perceived to be more likely than it really is; in these cases, it can bring the risk's perception in line with its reality. For example, a gated community
might have weak enough security that the gates don't really reduce the risk of crime, but if it is in a low-crime area anyway the gates can help ensure that people feel as safe as they ought to.
Security theater has also proven itself effective in reducing shoplifting
, particularly for businesses too small or otherwise unwilling to spend money on actual security measures. Examples of this include the use of mock surveillance cameras and empty camera housings; attachment of devices with blinking indicator lamps (and no other function) to high theft goods; and placing periodic make-believe security-related announcements on the store's public address system such as, "Inventory control...Please zoom cameras, focus and record zones 5, 8, and 9."
Security
Security is the degree of protection against danger, damage, loss, and crime. Security as a form of protection are structures and processes that provide or improve security as a condition. The Institute for Security and Open Methodologies in the OSSTMM 3 defines security as "a form of protection...
countermeasures intended to provide the feeling of improved security while doing little or nothing to actually improve security. The term was coined by computer security specialist and writer Bruce Schneier
Bruce Schneier
Bruce Schneier is an American cryptographer, computer security specialist, and writer. He is the author of several books on general security topics, computer security and cryptography, and is the founder and chief technology officer of BT Managed Security Solutions, formerly Counterpane Internet...
for his book Beyond Fear
Beyond Fear: Thinking Sensibly about Security in an Uncertain World
Beyond Fear: Thinking Sensibly about Security in an Uncertain World is a non-fiction book by Bruce Schneier, published in 2003. The book grew out of an Atlantic Monthly article by Charles Mann. Beyond Fear presents a five-step process for evaluating the value of a countermeasure against security...
, but has gained currency in security circles, particularly for describing airport security measures. It is also used by some experts such as Edward Felten
Edward Felten
Edward William Felten is a professor of computer science and public affairs at Princeton University. On November 4, 2010 he was named the Chief Technologist for the United States Federal Trade Commission, a position he officially assumed January 3, 2011.Felten has done a variety of computer...
to describe the airport security repercussions due to the September 11 attacks. Security theater gains importance both by satisfying and exploiting the gap between perceived risk and actual risk
Risk
Risk is the potential that a chosen action or activity will lead to a loss . The notion implies that a choice having an influence on the outcome exists . Potential losses themselves may also be called "risks"...
.
Disadvantages
Security theater has real monetary costs but does not necessarily provide tangible security benefits. Security theater typically involves restricting certain aspects of people's behaviour in very visible ways, that could involve potential restrictions of personal liberty and privacy, ranging from negligible (where bottled water can be purchased) to significant (prolonged screening of individuals to the point of harassment).The direct costs of security theater may be lower than that of more elaborate security measures. However, it may divert portions of the budget for effective security measures without resulting in an adequate, measurable gain in security. In many cases, intrusive security theater measures also create secondary negative effects whose real cost is hard to quantify and likely to dwarf the direct expenses.
Such ripple effects are often connected to fear; visible measures such as armed guards and highly intrusive security measures may lead people to believe that there must be a real risk associated with their activity. Other reasons for ripple effects may be that people are simply unwilling to undergo such intrusions as would be required for some activity by the security measures imposed on it.
An example for both issues is that after a recent increase in restrictions in air travel, many frequent air travellers have expressed that they will try to avoid flying in the future. Incongruously, car travel, which is often considered as the alternative, is in fact riskier than air travel.
Security theater encourages people to make uninformed, counterproductive political decisions. The feeling of (and wished for) safety can actually increase the real risk.
The disruption, cost, and fear caused by security theater acts as positive feedback for those who wish to exploit it: even if they fail to take lives, they can cause large economic costs.
Critics such as the American Civil Liberties Union
American Civil Liberties Union
The American Civil Liberties Union is a U.S. non-profit organization whose stated mission is "to defend and preserve the individual rights and liberties guaranteed to every person in this country by the Constitution and laws of the United States." It works through litigation, legislation, and...
have argued that the benefits of security theater are temporary and illusory since after such security measures inevitably fail, not only is the feeling of insecurity increased, but there is also loss of belief in the competence of those responsible for security.
Benefits
While it may seem that security theater must always cause loss, it may actually be beneficial, at least in a localised situation. This is because perception of security is sometimes more important than security itself. If the potential victims of an attack feel more protected and safer as a result of the measures, then they may carry on activities they would have otherwise avoided. In addition, if the security measures in place appear effective, potential attackers may be dissuaded from proceeding or may direct their attention to a target perceived as less secure. Unsophisticated adversaries in particular may be frightened by superficial impressions of security (such as seeing multiple people in uniform or observing cameras) and not even attempt to find weaknesses or determine effect.Security theater may also be useful where a threat is perceived to be more likely than it really is; in these cases, it can bring the risk's perception in line with its reality. For example, a gated community
Gated community
In its modern form, a gated community is a form of residential community or housing estate containing strictly-controlled entrances for pedestrians, bicycles, and automobiles, and often characterized by a closed perimeter of walls and fences. Gated communities usually consist of small residential...
might have weak enough security that the gates don't really reduce the risk of crime, but if it is in a low-crime area anyway the gates can help ensure that people feel as safe as they ought to.
Security theater has also proven itself effective in reducing shoplifting
Shoplifting
Shoplifting is theft of goods from a retail establishment. It is one of the most common property crimes dealt with by police and courts....
, particularly for businesses too small or otherwise unwilling to spend money on actual security measures. Examples of this include the use of mock surveillance cameras and empty camera housings; attachment of devices with blinking indicator lamps (and no other function) to high theft goods; and placing periodic make-believe security-related announcements on the store's public address system such as, "Inventory control...Please zoom cameras, focus and record zones 5, 8, and 9."
Examples
It is inherently difficult to give examples of security theater that are clear and uncontroversial, because once it is agreed by all that a measure is ineffective, the measure seldom has any noticeable influence on perceived risk. As such the following are examples of alleged security theater.- National Guardsmen carrying automatic weapons in airport lobbies in the months following the September 11 attacks. Reports varied on whether the weapons were loaded or unloaded; loaded weapons would apparently pose an extreme danger to the dense crowds found at an airport in the case of an actual incident.
- The announcement after the September 11th suicide attacks that airports would be discontinuing curbside check-in, which had no relationship to the tactics Al Qaeda employed in hijacking the aircraft and would pose no barrier to a suicide bomber who fully intended to board the aircraft with a bomb bag anyway.
- The air travel industry uses a screening system called Computer Assisted Passenger Prescreening SystemComputer Assisted Passenger Prescreening SystemThe Computer Assisted Passenger Prescreening System is a counter-terrorism system in place in the United States air travel industry...
. This system relies on static screening of passenger profiles to choose which people should be searched. Systems of this nature have been demonstrated to reduce the effectiveness of searching below that of random searches since terrorists can test the system and use those who are searched least often for their operations. - With the aim of preventing individuals on a No Fly ListNo Fly ListThe No Fly List is a list, created and maintained by the United States government's Terrorist Screening Center , of people who are not permitted to board a commercial aircraft for travel in or out of the United States. The list has also been used to divert away from U.S. airspace aircraft not...
from flying in commercial airliners, U.S. airports require all passengers to show valid picture ID (e.g. a passport or driver's license) along with their boarding pass before entering the boarding terminal. At this checkpoint, the name on the ID is matched to that on the boarding pass, but is not recorded. In order to be effective, this practice must assume that 1) the ticket was bought under the passenger's real name (at which point the name was recorded and checked against the No Fly ListNo Fly ListThe No Fly List is a list, created and maintained by the United States government's Terrorist Screening Center , of people who are not permitted to board a commercial aircraft for travel in or out of the United States. The list has also been used to divert away from U.S. airspace aircraft not...
), 2) the boarding pass shown is real, and 3) the ID shown is real. However, the rise of print-at-home boarding passes, which can be easily forged, allows a potential attacker to buy a ticket under someone else's name, to go into the boarding terminal using a real ID and a fake boarding pass, and then to fly on the ticket that has someone else's name on it. Additionally, recent investigations show that obviously false IDs can be used when claiming a boarding pass and entering the departures terminal, so a person on the No Fly List can simply travel under a different name. - Random searches on subway systems, such as those taking place on the New York City SubwayNew York City SubwayThe New York City Subway is a rapid transit system owned by the City of New York and leased to the New York City Transit Authority, a subsidiary agency of the Metropolitan Transportation Authority and also known as MTA New York City Transit...
system, have been criticized by the American Civil Liberties UnionAmerican Civil Liberties UnionThe American Civil Liberties Union is a U.S. non-profit organization whose stated mission is "to defend and preserve the individual rights and liberties guaranteed to every person in this country by the Constitution and laws of the United States." It works through litigation, legislation, and...
and others as security theater. They allege that since such searches are only at some stations and that people may decline such a search and simply leave that station, a terrorist could simply find a station where no searches were occurring and board there. - The 1950s "duck and coverDuck and coverDuck and Cover was a suggested method of personal protection against the effects of a nuclear weapon which the United States government taught to generations of United States school children from the early 1950s into the 1980s. This was supposed to protect them in the event of an unexpected nuclear...
" drills in U.S. public schools – which suggested that ducking under a desk is a reasonable way to protect oneself from the detonation of an atomic bomb. - Facial recognitionFacial recognition systemA facial recognition system is a computer application for automatically identifying or verifying a person from a digital image or a video frame from a video source...
technology was introduced at Manchester Airport in August 2008. A journalist for The RegisterThe RegisterThe Register is a British technology news and opinion website. It was founded by John Lettice, Mike Magee and Ross Alderson in 1994 as a newsletter called "Chip Connection", initially as an email service...
claimed that "the gates in Manchester were throwing up so many false results that staff effectively turned them off. Previously matches had to be 80% the same – this was quickly changed to 30%. Author John Oates wrote that the machines were unable to distinguish between the faces of Winona RyderWinona RyderWinona Ryder is an American actress. She made her film debut in the 1986 film Lucas. Ryder's first significant role came in Tim Burton's Beetlejuice as a goth teenager, which won her critical and commercial recognition...
and Osama bin LadenOsama bin LadenOsama bin Mohammed bin Awad bin Laden was the founder of the militant Islamist organization Al-Qaeda, the jihadist organization responsible for the September 11 attacks on the United States and numerous other mass-casualty attacks against civilian and military targets...
. - Australian airline authorities now prohibit any liquids, aerosols, and gels in a container larger than 100 ml in luggage hand carried onto international flights. They would prohibit a tube of toothpaste labelled able to contain more than 100 ml, even if it were squeezed empty. They would, however, allow the carrying on of 2 or 3 tubes of paste provided each is labelled to carry less than 100 ml.
- As demonstrated on the Discovery ChannelDiscovery ChannelDiscovery Channel is an American satellite and cable specialty channel , founded by John Hendricks and distributed by Discovery Communications. It is a publicly traded company run by CEO David Zaslav...
show It Takes a ThiefIt Takes a Thief (2005 TV series)It Takes a Thief is an American reality television series that originally aired on the Discovery Channel from February 2, 2005 to April 13, 2007...
, most low-end locks and security systems provide very minimal actual protection against an experienced burglar. Commercially constructed doors without deadboltDeadboltA dead bolt or dead lock , is a locking mechanism distinct from a spring bolt lock because a deadbolt cannot be moved to the open position except by rotating the lock cylinder. The more common spring bolt lock uses a spring to hold the bolt in place, allowing retraction by applying force to the...
s can be simply overpowered by human kicks, and police response times to security alarms are frequently far too slow to catch a thief before he is finished ransacking the house and in flight. - The use of virus scanners to detect malwareMalwareMalware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
on computer systems. In order to be "scanned", a piece of malware (be it a virusComputer virusA computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability...
, trojan horseTrojan horse (computing)A Trojan horse, or Trojan, is software that appears to perform a desirable function for the user prior to run or install, but steals information or harms the system. The term is derived from the Trojan Horse story in Greek mythology.-Malware:A destructive program that masquerades as a benign...
, spywareSpywareSpyware is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's...
, rootkitRootkitA rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications...
, etc.) needs to be identified and recognized by the company developing the software to create a "signature" for it and deploy this to machines running its software. This reveals some considerable doubts about the approach in general in that:- First, if a virus or piece of malware is not identified, it will not be detected in time to prevent it from delivering its payload. In the case of a rootkit it is usually insufficient to simply "scan and remove" it, requiring a restore or reinstall to guarantee a clean system.
- Second, if the antivirus company refuses to identify a virus or other piece of malware or acknowledge it, the malware gets a free pass, regardless of damage caused or data compromised. This was the case in the Sony rootkit fiasco.
- Third, a computer system which can be compromised via an automated method such as viruses or malware has inherent security flaws which could just as easily be exploited by an individual looking to exploit the flaw.
Usage
See also
- Christopher SoghoianChristopher SoghoianChristopher Soghoian is a Washington, DC based researcher, activist, blogger, and Ph.D. Candidate at Indiana University. He first gained notoriety in 2006 as the creator of a website that generated fake airline boarding passes. Since that incident, he has continued to engage in high-profile...
, creator of a website that generated fake airline boarding passes - Placebo effectPlacebo effectPlacebo effect may refer to:* Placebo effect, the tendency of any medication or treatment, even an inert or ineffective one, to exhibit results simply because the recipient believes that it will work...
External links
- Crypto-Gram, Bruce Schneier's newsletter
- stupidsecurity.com a site highlighting inefficient security measures
- Sometimes, Security Theater Really Works experts Gadi Evron and Imri Goldberg show how security theater saves lives in Israel by stopping suicide bombings