[This is a piece I wrote in 2007 following a trip to New York to publicize the AVIEN book at Infosec, courtesy of ESET. I can’t remember who I wrote it for, but they didn’t use it. When I found it lurking on my laptop, I figured I might as well put it up on my Dataholics blog before I lost it again. This version, obviously, has been updated slightly. I will be attempting to gather more of my miscellaneous prose here in due course: only if copyright and other considerations permit, of course.]
In 2007 I took my first flight to the USA since before 9/11 (unless you count looking across at the American Falls from the Canadian side of Niagara). It was a much edgier experience than I remembered. The restrictions had tightened (again) since my last foreign jaunt in 2006. At check-in, my somewhat oversized camera (listen who’s talking about being oversized!) had to go into my suitcase, since I could only take one item of hand luggage, and I’d rather my camera was mislaid than my laptop. I had to tell the airline at check-in where I was going to be staying, too. It’s as well that they asked, since it turned out that the folder of travel information that normally sits in my hand luggage was lurking in my suitcase. I was going to need it at the other end of the flight, for the immigration form, so it was just as well that I was able to retrieve it.
The long, long queue to go through security at Gatwick didn’t help, snaking through the entire terminal. I found myself in conversation with another middle-aged Limey who was, he told me, in New York on that very day – 11th of September – in 2001. It turns out he was also in Paris when Princess Diana was killed and geographically close to several other history-defining tragedies of the past 20 years, so I was secretly slightly relieved (pleasant chap though he was) that he was going to Las Vegas, since I was going to New York.
Still, the length of the queue gave me plenty of time to transfer everything that might upset the metal detector to my fleece pocket or laptop bag. Possibly for the first time ever, nothing sounded an alarm, and I reassembled my worldly goods: pens, coins, belt, shoes, cell phone, keyring: all present and correct. Even my camphor stick passed without comment. However, my laptop was randomly selected to have its DNA tested. The swab revealed no toxic or explosive substances, and I passed on to Departures, fully metalled once more.
But did I feel safer for it all? Cryptographer and security guru Bruce Schneier coined the phrase “security theater” (well, he is American), and many people apply the phrase to airport security. I think he means by that term security measures that don’t actually add significant security (and may even reduce it), but make us feel safer. Or perhaps make the authorities feel as if they’ve performed a useful PR exercise.
To put it crudely, we may feel that since airport security restrictions are so inconvenient to us, they must be inconveniencing terrorists and criminals too. I suppose some of the precautions I’ve observed over the years may reduce the risks from shoe bombs, for instance, but even I can think of ways to smuggle a significant threat onto a plane in less than 100 ml of liquid, and I’m fairly sure it’s possible to turn a laptop into a weapon without leaving traces that can be picked up by a cotton bud. No, I’m not going to offer suggestions.
We could, of course, draw some parallels with some of the lockdown measures imposed in various countries during the COVID-19 pandemic, but I’ll leave that for another time…
What I will do, though, is leave you with a classic example of security theatre from 2001: just after the attack on the Twin Towers, the UK government forbade aircraft to fly directly over London. Obviously, air controllers and pilots did as they were told. However, would that instruction have deterred a modern-day Guy Fawkes from making a kamikaze attack on the Houses of Parliament or the City of London? Of course it would. Just as surely as sheep are deterred from grazing by “Keep off the grass” signs.