Richi Jennings

9/11 made us safer: Bruce Schneier's sign of the Times Square

May 07, 2010 10:01 AM EDT

By Richi Jennings. May 6, 2010.

According to oft-quoted security guru and BT CTO Bruce Schneier, 9/11 actually made us safer from terrorists.

Yes, really. Let's take The Long View...

OK, so strictly-speaking, he doesn't use those exact words, but the implication is certainly clear. In a discussion about why there aren't more terrorist attacks, he argues that 'minor' terrorist plots like the Times Square car bomb are counter-productive for terrorist groups, because "9/11 upped the stakes":

An act of terrorism that doesn't impress the terrorists' allies is not very effective. ... It's no longer enough to blow up something like the Oklahoma City Federal Building. Terrorists need to blow up ... something big to impress the folks back home. Small no-name targets just don't cut it anymore.

This 'explosive' insight [sorry] comes in the context of explaining how difficult it is to plan and implement a major incident without getting caught:

Putting together the people, the plot and the materials is hard. It's hard to sneak terrorists into the U.S. It's hard to grow your own inside the U.S. It's hard to operate. ... It's hard to hold conspiracies together. ... Today, it's much harder to pull something like [9/11] off without slipping up and getting arrested.

So, what I read Bruce as saying is this: 9/11 made us safer. Really? Let's think about this.

While the part about needing to impress terrorist backers is interesting and no-doubt insightful, I'm not sure I buy the premise that 9/11 raised the stakes. It seems to me the stakes had already been raised: in the previous decade, by earlier attacks. Attacks that failed to breed sufficient terror in U.S. citizens; either because they were foiled -- like the 1996 plot to assassinate Bill Clinton in Manila -- or because they didn't kill many U.S. citizens -- like the 1998 embassy bombings in East Africa. 

It was the very fact of these failures-to-terrorize that motivated al-Qa'idah to attempt something far bigger and, well, terrorizing.

[Wait a sec., Richi, where's the computer angle? -Ed.] 

Ah yes; glad you asked.

There is another way it could be said that 9/11 made us safer: it put U.S. authorities on alert for the next possible attack. Yes, 9/11 was a wakeup call; one that has helped prevent other major terrorist plots, TSA imperfections notwithstanding.

As far as the Times Square suspect is concerned, he was caught only after cross-checking the TSA No Fly list against passenger manifests. But just barely the plane had already left the gate and had to be called back for the arrest to be made. Since Wednesday, the TSA now requires airlines to check passenger lists within two hours of being instructed to do so -- previously the rule was 24 hours.

That's nice, two is better than 24; but surely this is a pretty basic distributed database problem. Why is it, in 2010, we're still mucking about with publishing database extracts and waiting hours for them to be searched? How about checking within seconds of an update? Couldn't, say, Google volunteer to show the TSA how to implement a reliable, scalable, NoSQL setup?

Instead, the plan to fix this is a classic 'big government' solution. Instead of having the airlines check their data against the No Fly list, airlines will have to send the passenger lists to the TSA so they can be checked centrally.

So we end up with the same problem; the same blindness to the state-of-the-art. We've simply moved it from one place to another. Bloody ridiculous.

Speaking of the very lovely TSA, did you know that, if you're traveling with a netbook, you no longer need to remove it from your carryon bag? Who knew?

POSTSCRIPT: Bruce Schneier replies.
  

Richi Jennings, blogger at large

 

Richi Jennings is an independent analyst/consultant, specializing in blogging, email, and security. A cross-functional IT geek since 1985, you can follow him as @richi on Twitter, pretend to be richij's friend on Facebook, or just use good old email: TLV@richij.com. You can also read Richi's full profile and disclosure of his industry affiliations.