Tuesday, December 27, 2005

How Security Works 

I'm not a larcenous person -- but if I were, I could rob my local supermarket blind, based on one simple assumption. Honest people obey the rules and criminals don't. And I wonder how many criminals have figured that one out and broken the system anyway.

I probably don't have to explain it if you shop in supermarkets with those theft detection sensors at the exits, but I will anyway. The concept is that high-ticket items, particularly small ones, are tagged with RFID tags. This usually means that liquor, DVDs, Nicotine gum, razor blades, and other over-priced but small things are marked to set off the alarms if you try to exit with them having not been passed over the de-mag sensors at the check-out. All well and good, with the further assumption that honest customers will stop and give that "What now?" look, while criminals will run.

The problem is, at the several branches of the same name brand market I regularly go to, the clerks are too lazy to de-mag marked products. The end result is this: whenever I go to any of these markets, the alarms are going off every minute. And, I see the same thing happen every time: honest shopper goes past sensor. Alarm sounds. Honest shopper stops, looks back at clerk. Clerks wave at them, "No problem." Honest shopper continues onward.

And a dishonest shopper could walk out the door with a couple hundred dollars worth of stuff in their underwear by doing one simple thing. That's right -- alarm goes off. Stop, look dumbfounded, get waved on. All you've really got to do is buy one known-to-be tagged product. If even that.

Because... any security system comes down to its weakest link, and the weakest link is always the human element. Granted, grocery store theft is small beans compared to terrorism. But it's the same idea. If anything is getting past airport screening, for example, it isn't because the machinery is screwing up.

The solution to this is to improve the technology. Use science. And, as our current Administration has shown, they seem to hate science. Which, given the War on (Some) Terror, is a paradox. The grocery sensor example shows that we really can't trust our fellow humans to protect us. Put the money in the right place -- in the hands of private researchers -- and we could have working, fool-proof bomb and weapon detectors that would create no delays in lines within a year.

Put the money in the wrong place, and, well -- you get people that make less than your typical grocery checker and, no doubt, acting in similar fashion when an "honest" person (read: old or white) trips the system.

It's a paradigm based on a fallacy: criminals will run when attention is drawn to them. However, smart and determined criminals will not. And, like any con game, the strongest weapon and weakest link is psychology.

Going back to the grocery store sensor question, I've seen a partial solution. A local home improvement store has a self-checkout option, where you scan your own items and pay with cash or ATM card, no clerk involved. Now, you'd think this system would be rife for fraud, but it seems pretty secure, because you have to place scanned items on a scale, and the whole thing is set up to crosscheck weight against UPC code and prices. It's also pretty picky -- set an item at the wrong angle so its full weight isn't on the scale, and you'll get a warning.

I'm sure there's a way to adapt that to grocery stores, although it would require putting RFID chips on everything. And before you bitch about your loss of privacy there, remember this: every item scanned at the checkout is identified on the receipt and in the store records. Use a store discount card, and you've just given them a record of your shopping habits. Contrary to popular belief, product RFIDs aren't really useful once they've left the store and, if you're that paranoid about the Feds figuring out how much Ramen you have on hand, you can always get rid of them.

But, it's the typical spiral. New anti-crime system invented, criminals figure out a way around it. Trouble is, in the case of both store sensors and metal detectors, the basic technology hasn't changed in a long time. It didn't take long after the store sensors, for example, for shoplifters to figure out that foil-lined bags would defeat them. And, again, it comes back to psychology: if you don't fit the criminal profile, you're more likely to be able to get around it.

Literary example, from Robert Anton Wilson and Robert Shea's must-read The Illuminatus! Trilogy: a rich, middle-aged man talks to a hippy. The hippy drives a day-glo painted VW mini-bus, but isn't into drugs. The rich man drives a Mercedes limo with gold-plated hubcaps. The rich man asks the hippy how many times a week he gets pulled over in his mini-bus (answer: a lot), then reveals that he smuggles large amounts of heroin and pot in the hubcaps on his car, and never gets pulled over. It's all in appearances.

Humans are fooled by appearances. Machines are not.

Feel more secure now? fnord

Comments: Post a Comment

This page is powered by Blogger. Isn't yours?