Detecting almost anything means detecting nothing

From Fan Security Will Be Tight At Super Bowl:

Bomb sniffing dogs and bomb experts will be fanned out around the stadium trained to spot the smallest explosive anywhere. “These K-9’s, they have been trained in over 19,000 explosive components,” said Hugo Barrera of the ATF. “They can detect almost anything.”

If they actually did that the dogs would be worthless for the task at hand. So many ordinary things can be made to explode (matches, powdered sugar, flour, anti-freeze, fertilizer) that dog alerting on “the smallest explosives anywhere” would have so many false positives that probably a quarter of the people coming into the stadium would be searched.

All the bad guys already know the following so I’ll tell you what many people don’t want to know–the truth.

You can’t make a stadium (or airplane) full of people safe from harm in this manner. What security experts call “The Threat Surface” is just too large. And it’s trivial to overload the system with false positives which gives the security guys two options. 1) Shut down operations by investigating each “alarm” by doing a thorough investigation of each “alarm” (do you have a latex allergy sir?) or 2) After the backlog of impatient and irritated customers gets too grumpy they let them bypass the security protocol.

If you want to get something past security in these types of environments you can intentionally create false positives. False positives can bring down almost any security system where there is a modest amount of anonymity and backlog of “angry customers”.

For example: The main ingredients for a common suicide bomb in the mid-east are acetone and hydrogen peroxide (both available at your local drug store in the “beauty” section). Covertly spray one or both of these chemicals in “the smallest” amounts on the ground/floor where people will walk on it prior to being screened. Everyone who walks on it instantly becomes suspected shoe bombers when they are screened. What happens then? Sometime before the 100th false positive in a row the security people ignore that particular “alarm” and let people on through. The 110th person actually does have a bomb in his shoe and walks through security without incident.

Another example: A car alarm that goes off every couple of hours every night without apparent cause will probably have the alarm turned off by the third night.

Super Bowl Security is just Security Theater.


One thought on “Detecting almost anything means detecting nothing

  1. False positives are a huge problem in any detection scheme. I think that this was adequately covered in “Peter & the Wolf.”

Comments are closed.