Import News: When Security Makes Us Less Safe
Import News from the Importers Institute of New Zealand
28 March 2003
When Security Makes Us Less Safe
Are the new US Customs security initiatives making Americans less safe, at a huge cost to the rest of the world? Read our presentation to the 3rd Annual Ports and Shipping Forum in Auckland, 28 March 2003.
Ladies and gentlemen, have you seen this card? It is in the pocket of the seat in front of you. Please read it. In the unlikely event of an emergency at sea, you will find a bathing suit in the pocket under your seat.
Actually, the last time I heard this announcement it was something to do with life-jackets, not bathing suits. But, for all the good it does, it may as well have been. Do you know how many people have survived a crash at sea of a large commercial airliner in the last six decades of commercial aviation? Zero. Not one.
According to Bruce Schneier, an American cryptography expert and author of the book Secrets and Lies (2000), the way people think about security is almost always wrong.
Schneier believes that most of the security measures envisioned after September 11 will be ineffective, and will actually reduce safety. In this address, I will concentrate on those measures that are now beginning to have a significant impact on our exporters.
When it comes to designing a security system, the most important (but often overlooked) part is to consider the consequences of the system going wrong - and all security systems go wrong sometimes.
Systems that fail gracefully are known as "ductile". A failure of one component of a ductile system does not bring the whole system down. By contrast, "brittle" systems fail catastrophically. In some cases, failures can be subtractive, that is they actually make people less secure than they were before.
Systems that rely on secrecy are inherently brittle. For example, measures designed to screen passengers and luggage or to restrict entry to the tarmac must be concealed and will seriously compromise the system if they become known.
Likewise with most computer networks, which are becoming increasingly easy to crack. Yet, the merger of different databases is often seen as a security solution. Large databases will simply create bigger risks, when they are hacked - as they inevitably will.
Schneier gives examples of effective measures: reinforcing cockpit doors, getting passengers to fight back and including armed uniformed - not plainclothes - guards in selected flights. Human beings, not computers, are still the most effective security devices at our disposal.
Let me give you an example of non-effective measures. My mother in law, a lady in her eighties with a blue rinse, had her nail scissors seized by an airport security official. It seems to me that the official should have been looking closer at younger males with brown eyes and swarthy complexions. Like me, for example.
A few weeks ago, U.S. Customs implemented a hastily designed new security system, known as the 24-hour rule. This requires foreign shipping agents to declare their container manifests to U.S. Customs, 24 hours before the ship departs for the U.S. The shipping agents decided to give themselves a bit of leeway and the 24-hour rule in effect became the one-week rule.
You can see the immediate results in most New Zealand ports, which are getting clogged with export containers parked there several days before the ship departs. What you may not be able to see just yet is the enormous costs that will result from slowing the supply chain.
What are these measures designed to achieve? The idea is that U.S. Customs will be able to receive information about who is shipping what to whom and decide whether they want to inspect the container, before it is loaded on board a U.S. bound ship. In reality, the names of the exporters, importers and commodities are not coded. That means that they are not normalised data elements and cannot therefore be analysed automatically.
At best, a human being will read through a tiny percentage of the millions of free text messages flowing into the U.S. Customs computers from all over the world.
The longer U.S. Customs officials spend sifting this haystack, the more needles they will miss. The idea that a terrorist smart enough to ship a dirty bomb to the U.S. will be stupid enough to get caught by the 24-hour rule defies belief. After all, each and every one of the highjackers of September 11 entered the U.S. with a valid visa and they all had a valid photo ID with their real names.
In my view, the 24-hour rule is about as useful as the life-jacket under your seat. It is unlikely to be of any real use and it may make you feel a bit better - but only if you don't actually think about it.
Does this mean that we can ignore it? Not at all. The Americans are quite serious about it (for now) and failure to comply would have serious consequences for exporters and shipping companies. At worst, we could find ourselves having to hub our cargo through more secure ports, for example Singapore or Hong Kong, where U.S. Customs will be placing their own staff. To avoid this, New Zealand Customs is working on a strategy of securing our export containers.
Flush with success, U.S. Customs bureaucrats are already working on enlarging their empire. They are now proposing a similar rule for airfreight which, if implemented, will destroy the express freight industry and will impose enormous costs on traders.
Not to be outdone, their colleagues at the Food and Drug Administration (FDA) have come up with yet another, separate, advance reporting scheme of their own. The Public Health Security and Bioterrorism Preparedness and Response Act of 2002 will require all U.S. and foreign facilities that manufacture, process, pack, or hold human or animal food for consumption in the U.S. to register with the FDA.
From December 12, notice of importation, prior to arrival, must be submitted for all imported food products, human and animal, regardless of whether those products are intended for consumption in the U.S.
Mandatory registration information includes the full name and address of the facility, phone and fax number and e-mail address, emergency contact information, trade name(s) used by the facility, name and address of U.S. agent, information about food categories processed, packed or stored at the facility. Just to be on the safe side, any terrorist poisoners will be required to make a statement that the information they submit is truthful.
What will the FDA actually do with all this information? You guessed it; the FDA is creating a new computer system. Well, someone has to pay for Larry Ellison's yachts.
The obscenity of bureaucrats building their empires on the back of gullible politicians pandering to public insecurity is not restricted to the U.S. Here in New Zealand, a new species of horrible spider, moth or mosquito is 'discovered' on a wharf almost every week. Some of them - like the painted apple moth - are endemic in countries with very healthy forests and apple trees, but they are said to irritate the skins of some people, if they touch them - like all moths.
To rid ourselves of these potential 'ecological disasters,' we do not hesitate to spend tens of millions of dollars drenching the people of Auckland with insecticides. This is welcomed by those who would have us living in a bubble society, like those babies born without an immune system. These people would think nothing of drastically reducing our trade, as part of an agenda to return us to a simpler life in communion with nature, in a caring and sharing way, of course.
There is no argument that we need to increase security. To do this, we need to improve intelligence and train people to keep an eye out for the bad guys. Schneier says this is what sentries around stone-age campfires did, thousands of years ago. Nothing better has been discovered since.
Previous Import News items are published on our Internet site http://www.importers.org.nz. If you do not wish to be included in this mailing list, please reply to this message with the word REMOVE in the subject line. If you would like us to send Import News to friends or associates, please ask them to email email@example.com with the word SUBSCRIBE in the subject line.