White Hats


Tom Bell has an ingenious proposal for improving airline security.

NEXT: Philosophical Cage Match

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. Here kitty, kitty, kitty . . .here kitty, kitty, kitty

  2. I didn’t find it very ingenious.

    But then again I’m not that concerned about airline security. At this anyone who hijacks a plane is likely to be killed by the passengers in a fit of rage.

  3. Lame idea. The first and iron-clad rule about real security is: don’t involve untrained civilians, no matter how well-intentioned they might be.

    Mr.Bell also mis-uses the term that should be applied to good guys who test the system — black hats. It does not apply to actual bad guys.

    It is certain that airline security needs to be improved, and black-hatting is essential. I.e. aggressive testing of the system by authorized professionals. The last thing we need is a bunch of amateurs running around with faux weapons, looking to score.

    Finally, wouldn’t we all like to think that the security system is somewhat effective? Put another way — the “white hat” might get caught 3 out of 4 times. I wish the effectiveness were higher, but let’s hope it’s at least that high.

    So, how many private citizens are out there, so concerned about security, that they’d be willing to donate $4k and get $1k back?

    Bad idea; drop it is my advice.

  4. That is barely even an idea. Aren’t the folks at NTSB already doing this for use, conducting random spot-checks of airport security? Does anybody really think that it’s helping the situation? Unlikely.

  5. Randall and Jack: The idea is to have it done by people who aren’t on the payroll, who are devising their own approaches, and whose incentive to beat the system is greater than any incentive to overlook its deficiencies.

    In other words, it’s very different from having the NTSB do spot checks. And the fact that it involves people not trained by the U.S. government — a description shared, after all, by most terrorists — is a strength, not a weakness. You might even say it’s the whole point.

  6. It’s a bad idea because it’s a bad gamble for the white-hatted tester. But the whole point is that you won’t be as effective as you wish by having a bureaucracy tested by the same bureacracy.

  7. Gosh…as much as I like the idea of this in the abstract, it’s all fun and games until a white (or black, whatever) hat gets shot by accident or a real bad guy buys just enough time by painting a stripe on his real gun to kill some civilians.

    Maybe this is on the right track, and it just needs tweeking…

  8. It obviously needs some tweaks — as Russ notes, for example, the risks and rewards may be out of whack — but I think the essential idea has a lot of merit.

  9. As previously noted, the problem with this proposal is the same one as the terrorism futures market suggested earlier this year: the players can’t possibly hope to make money on it, so why would they take the time and effort to play? A better idea might be to charge a $1000 fee (it needs to be substantial enough to discourage casual players) for a “testing permit” that would be valid for, say, one month.

  10. Also consider the costs of excessive testing. Catching more people trying to sneak orange knives onto airplanes sap resources that might catch real knives. The TSA doesn’t seem to be doing so well without the additional workload.

    My sense of security doesn’t go up either, when more rigorous screening is the result of finding an orange knife. I have been conditioned to correlate the level of threat with the level of scrutiny. If they just let me walk on board, without a glance, I will like assume the flight is safe(r).

  11. Jack Rich: The last thing we need is a bunch of amateurs running around with faux weapons, looking to score.

    That’s why there’d be a substantial cost for losing–it discourages amateurs. Also, the proposal included a permit requirement, which could be used to filter out bozos, especially if there is also a permit fee as Jack (not Rich) suggests.

    Hmm. I think there might be a problem with collaboration. A tester could try to bribe a security screener. This would, of course, encourage the security folks to add protections against guards who collaborate with the enemy. However, collaboration is more likely with a tester than with a real terrorist, so there might be an overemphasis on collaboration, with less security somewhere else.

  12. I just realized the best way to explain why this is a bad idea, beyond the cost-benefit problems.

    In the computer world, developers always use a staging environment to test software; you never never do your QA on a live system because of the havoc you could cause to paying customers that way.

    Similarly, anything like this proposal has unacceptable fustercluck potential given its effect on real live travelers. Obviously it’s a lot harder to produce a realistic “staging environment” for air security, since a system with so many humans in it is vastly different from a software product, but I think the same principle still applies.

  13. Allen,

    Good question. My reactionary guess is that passengers forsake their rights and liberty for the privilege of flying more safely. If we can learn something, great, but I hope we don’t decide to draw the line so far from freedom.

  14. What is El Al doing? And what are the Israelis doing at Ben Gurion? Whatever it is, it’s working. Perhaps we should pay attention thereto…

  15. It would be cheaper and much more effective to offer naked flights. (Slightly more dangerous, let passengers wear bathing suits.) Not even the most rabid terrorist would try to keep a boxcutter up his… well, you know.

  16. I got caught up in a random spot check. I said, look asshole, those are freckles, not spots.

  17. “Not even the most rabid terrorist would try to keep a boxcutter up his… well, you know.” Sure he would, people who are merely headed for prison do it all the time.

    This “white-hat” squad is not exactly a new idea. It’s typical in the private sector – one security vendor who wants to prove it’s superior to the current contractor might suggest to the client that they can prove, by getting a package inside the house or giving a lollypop to the kid, that the client doesn’t currently have adequate security.

  18. Thanks for the comments. Jesse pute me on notice that I might want to check them out. I’ll limit myself to responding to Jack Rich, who claimed I misused “what hat.” I think he errs on that count. Please see, e.g., the definition offered at SearchSecurity.com: “White hat describes a hacker (or, if you prefer, cracker) who identifies a security weakness . . . but, instead of taking malicious advantage of it, exposes the weakness in a way that will allow the system’s owners to fix the breach before it is can be taken advantage by others (such as black hat hackers.)”

  19. EMAIL: pamela_woodlake@yahoo.com
    URL: http://hosting.1st-host.org
    DATE: 01/19/2004 08:15:41
    For every action there is an equal and opposite government program.

  20. EMAIL: nospam@nospampreteen-sex.info
    URL: http://preteen-sex.info
    DATE: 05/20/2004 03:19:02
    He who wishes to secure the good of others has already secured his own.

Please to post comments

Comments are closed.