Monday, January 25, 2010

The Abdulmutallab Dots that 'Should Have Been' Connected:

I'm linking to a Bruce Schneier column, because it deserves all the exposure it can get. We've all heard about how it should have been easy to “connect the dots” about the crotch bomber. I've been skeptical of this, because I wondered whether each of the dots that jumps out so nicely in hindsight was obscured by a million other dots. Schneier does a good job of debunking the so-called 'ease' of dot-drawing. His full column is here. Some of his points:
  • Walk-in warnings by family relations are highly unreliable.
  • The bomber had been banned from Britain for claiming coursework he didn't do, not for being a terrorist.
  • British Intelligence had NOT notified the US about him.
  • He paid cash for his ticket, but so does everybody else, where he came from.
  • He checked no luggage. Neither does Bruce Schneier. Neither do most people who fly from third world countries.
  • He bought a round trip ticket, not a one-way.

2 comments:

jgfellow said...

So, I always find Schneier persuasive when he talks about his area of expertise, but not always when he dabbles in mine...

I have 3 observations about "connecting the dots" that I think are worth making:

1) Finding a needle in a haystack is not a challenge that is unique to terrorism. For example, about 1 in 10,000 occupational injuries will result in a costs of over $1m, but often, those high cost accidents go unrecognized for years between first report and when ultimate recognition. Had the insurer known to intervene earlier, it could have saved the employee a large amount of pain and themself a large amount of money. That's a lose-lose scenario. So the insurer employs a predictive model to look at 100,000 claims and indentify the ones most likely to cost big bucks.

2) The output of this model need not be boolean: Logit/Probit models return a probability of the claim going big. Instead of being required to identify the 10 claims that will cost $1m+, the model will identify the 200 most in need of active intervention.

3) Finally, the insurer's response need not be boolean either. A typical response to a high-probability flag could be to take the claim from an entry-level handler and give it to a more experienced, complex-claim handler.

Putting this back in the terrorism scenario, much has been made about the fact that the average TSA worker has less training than her, say, El Al counterpart. But what if every airline had one high-risk security person at each gate. This person could wait for a high probability candidate to walk through and then proceed to perform a few more significant checks.

Would this prevent all terrorism events? Probably not, but it might create a more efficient use of resources.

For all I know, the airline industry already does this, but it sure doesn't feel like it...

Cheers!

tobyr21@gmail.com said...

Those are good points. As Schneier has previously observed, detailed studies have failed to find a 'terrorist profile', so it is much, much harder to write a computer program to 'connect dots' among terrorists. I agree that it would help to sprinkle some senior risk-analysts among the TSA personnel at airports. But the challenge is to make sure that they might be anywhere. A terrorist can enter our system at the smallest airport, to get to a big jet at a large airport. The TSA needs a great training program, not what they seem to have now.
- PB