Do you insist on flying risk-free, at all costs? Satirist/​animator Mark Fiore has just the airline for you.

The Washington Post writes, “There’s nothing to fear from the use of full-body scanners at airports.”

That’s a little too dismissive. While it’s true that TSA has done much to limit the privacy threats, this is a fundamentally invasive technology.

I was particularly struck by this doe-eyed argument: “Officers in [the] remote screening room are prohibited from bringing in cellphones, cameras or any device with a camera.”

Here’s how I wrote about the fate of that rule in an earlier post:

Rules, of course, were made to be broken, and it’s only a matter of time — federal law or not — before TSA agents without proper supervision find a way to capture images contrary to policy. (Agent in secure area guides Hollywood starlet to strip search machine, sends SMS message to image reviewer, who takes camera-phone snap. TMZ devotes a week to the story, and the ensuing investigation reveals that this has been happening at airports throughout the country to hundreds of women travelers.)

My error was to say it would be SMS. In the Washington Post’s account, TSA screeners communicate by wireless headset. (I don’t remember how they communicated in the demonstration I saw in Detroit.)

In college, I worked at a bar, and at the door of this bar it was customary to say at appropriate moments, “Did you get those books?” or “Did you get that book?” Everyone knew what these phrases meant and trained their eyes accordingly. I’m sorry if that was crude.

I’m more sorry if nobody on the editorial board at the Post recalls the vigor and ingenuity of youth. There is not “nothing to fear” from the use of full-body scanners.

I was dismayed today to listen to a recorded radio program in which James Carafano of the Heritage Foundation debated Michael German of the ACLU about the whole-body imaging systems being considered for airports after the Christmas attempt to light a bomb on a flight into Detroit.

Carafano, who I like personally, is a careless debater. He misstated the law, insulted a caller to the radio program, and misstated people’s names as he mischaracterized their views—in particular, my name and my views.

The segment was recorded, so we can capture exactly what Carafano said:

When the Transportation Security Administration rolled out this technology, they went through a very long and detailed consultation period with privacy and civil liberties groups including Jim Lindsey at Cato. I remember Jim Lindsey, when we had a session on privacy and civil liberties, stood up and complimented Secretary Chertoff, and said, “Look, this is something that you’ve actually done right. You’ve gone out to the stakeholder community, and you’ve gone over the procedures with us and we’ve come up with procedures that we’re very, very comfortable with.” So I think the privacy issue is really a non-issue.

At a Heritage event in June, 2008, I rose to rebut how Secretary Chertoff dismissed privacy advocates. He said privacy advocates prefer “no-security” airlines and that they want people to use fraudulent documents. As I gently chastised him for that, I did compliment the work of one TSA official to minimize privacy consequences of millimeter wave, which does provide a margin of security.

The event was recorded, so we can capture exactly what I said: “Frankly, I think millimeter wave is not a bad technology. Peter Pietra at TSA has done a good job, I think, of getting the agency to design the system well.”

That’s it. I made no reference to a “long and detailed consultation period,” and I don’t know of any such thing happening. I didn’t compliment Secretary Chertoff, but a deputy who—despite Chertoff, most likely—managed to instill some privacy protections in TSA’s use of whole-body imaging systems. As to my comfort, I’ll take “less uncomfortable than I would have been” over “very, very comfortable,” which is inaccurate.

As I’ve written elsewhere, “I think [TSA privacy officer Peter Pietra has] done a creditable job of trying to build privacy protections into this system.… But maybe it’s not enough. We’re talking about trying to maintain privacy with a technology that’s fundamentally intrusive.”

Perhaps I’ve taken too subtle a position on millimeter wave: It provides a small margin of security at a high cost to privacy. With that, I’ll let the country make its decision, while I seek to moot this as a public policy issue: Airline security should be provided by airlines and airports, not the government.

I don’t think it’s appropriate to speak of me—by any name—as an endorser of this technology or the process of its adoption. Thanks to sound and video recording technology, the record can be clear.

That is the question posed at the National Journal’s National Security experts blog.

My response:

We shouldn’t even be contemplating war in Yemen, but we should also understand that the proposed expansion of security assistance to the government there is likely to pay only meager dividends.

Steven Metz gets at the nub of this problem in his two thoughtful posts (here and here). We have an unreliable ally. We have minimal capacity for making them more reliable. Neither of these observations are unique to Yemen. The same could be said of many other countries. Accordingly, we should concentrate our limited resources in a proactive and strategic — as opposed to a reactive and haphazard — way. 

Contrast that with Jim Carafano’s invocation of a new “axis of evil” and the implication that we have no choice but to deepen our involvement in Yemen (and Saudi Arabia and Somalia) while continuing to fight in Afghanistan and Pakistan. Oh, and let’s not forget that there are still about 110,000 U.S. troops in Iraq.

To wit: “Sorry we have to fight on so many fronts….but it beats battling them on the Tarmac in Detroit.”

Sorry, but that just doesn’t fly. 

While impeding al Qaeda’s ability to carry out major terrorist attacks has and will entail multiple fronts in many countries, it is not obvious how this fight should be conducted, nor is it obvious that the fronts in Yemen and Somalia and Saudi Arabia (or Afghanistan and Pakistan, even) are instrumental to success or failure. Safe havens exist in many places, including stable democratic countries. Are we really committed to preventing any country from providing a safe haven? Does the concept of a physical safe haven even make sense in the virtual world of globalized communications and the Internet?

Leaving aside the dubious safe haven argument, Carfano’s either/​or proposition (fight them there or fight them here) is equally flawed. We should think of security in layers. A man from Nigeria who trained in Yemen and attempted to detonate his underwear bomb in Detroit was thwarted by his own incompetence and the alertness of the airliner’s passengers. Too close for comfort, to be sure, and we have since learned of numerous points along the way where his travels could have been interdicted. But what we’ve learned about this failed attack doesn’t confirm that our only option is to focus on the one layer (Yemen = terrorist training ground) at the expense of the other layers. An equally compelling case could be made for ignoring Yemen, per se, and focusing on other means of interdicting terrorists that are not so heavily dependent upon unwilling and duplicitous allies, or that burden our overtaxed military with an open-ended mission in yet another failed state.

I probably should’ve predicted that a huge story implicating national security surveillance policy would break just as I was boarding a flight to Madrid for the holidays. Jim Harper & c. have by now covered most of the bases admirably, but there are one or two points I feel it can’t hurt to emphasize.

First, there’s been a lot of talk about millimeter wave body imaging scanners in the wake of the attempted Christmas bombing; the New York Times headlined a story about the machines “Technology that Might Have Helped.” Really, that should read “Might Have Helped Had It Been Installed in Lagos,” which might have underscored the weirdness of some of the ensuing discussion. Because the awesome next-gen spytech you’ve got at the most advanced 20% or 50% or 90% of airports matters a lot less than the situation in the bottom 1%, where a global adversary is going to focus their efforts. At a couple hundred thou each, we’re talking about a pretty pricey solution if they’ve got to be near-ubiquitous to work.

The press have set up a familiar security/​privacy debate over body imaging, but this strikes me largely as a sideshow. If no records of the scans are kept, and software is used to obscure body contour details while preserving resolution for objects concealed on the person, and the scans are reviewed by analysts in another room who don’t simultaneously see the subject, then it’s hard to see how they’re substantially more intrusive than x‑rays of carry-on baggage. (Though I would, of course, want to insist on those three privacy measures.) The real questions to raise about the tech are entirely on the security side.

First, experts have raised serious doubt about the assertion that millimeter wave scanners would have detected the device involved in the Christmas attempt. It’s hard to imagine a dumber way to blow a few hundred million bucks than on high-tech measures that wouldn’t even work against current terrorist methods, especially when alternative measures like chemical swabs—far cheaper, though without the gee-golly Total Recall factor—are on the menu. But you also have to assume that if it were effective against current methods, terrorists would switch methods—either by selecting different targets or looking for other means of hitting the same targets. Now, forcing that kind of shift can clearly be a benefit: As Jim has noted, the kind of device they had to use to circumvent metal detectors and baggage x‑rays was clearly less reliable than a bomb in a suitcase could’ve been, making it possible for passengers to foil the attempt. The question is whether the countermeasures they take in response to the body scanners require them to incur marginal liabilities that justify the cost. It seems awfully doubtful, frankly.

If you’ll forgive a bit of frank cynicism, I predict we’ll end up debating body imagers because they’re big, flashy, sexy tech with lots of cool scifi visuals for the weekly newsmags and cable news shows to use. The anchors get to say “naked” a lot, and air travelers get to feel like they’re being protected by cyborgs from the future. Meanwhile, measures that actually enhance security, like reinforced cockpit doors, tend to be rather more boring and invisible to the average person. So, for instance, probably Umar Farouk Abdulmutallab should have at least been pulled aside for additional screening. It’s not that it should have been enough, in isolation, that his father had contacted the American embassy with concerns about his son (intel agencies are drowning in vague tips, which is one reason there are half a million people on the terror watchlist, only a handful of whom are actually a threat; you can’t feasibly ground all of them) or that he bought a one-way ticket with cash or that he was traveling without baggage, or that there was chatter about a potential bombing attempt by a Nigerian. Rather, you’d think the combination of those things would have triggered a closer look at the airport. But that’s a question of abstruse and partly classified back-end data sharing procedures, which aren’t nearly as fun to talk about on Meet the Press.

Today Politico Arena asks:

What’s in a name? Does it matter whether or not it’s called “war on terror? Is Obama’s approach any better or worse than Bush’s?

My response:

It matters whether or not it’s called “war on terror,” because war, whether declared or not, changes the legal regime — from law enforcement, aimed primarily at investigating and prosecuting domestic crimes after the fact, to protecting a people from acts of war before they happen by means unavailable outside of war. In discharging his duty to protect the nation, President Obama has moved slowly, inconsistently, and often begrudgingly from the law-enforcement to the war paradigm. Al-Qaeda has shown no such confusion or irresolution. Just this morning, for example, the Washington Post reports that at its web site yesterday, al-Qaeda in the Arabian Peninsula “called for ‘every Muslim’ to kill ‘every cross-worshiper who works at the [British and American] embassies.’ ”

So how did Obama treat the Christmas Day bomber al-Qaeda sent us? The way his mentor, Franklin Roosevelt, treated the German saboteurs who landed on our shores? No — Abdulmutallab was “lawyered up,” read his Miranda rights, and encouraged to talk through his lawyer, like any common criminal. Some say that approach — like calling him “the underwear bomber” — reduces a terrorist’s stature. That’s fine for the playground (as if the terrorists were seeking simply to join the community of nations). This is the real world.

And in the real world you don’t make excuses for why the dots weren’t connected, as Obama’s homeland security adviser, John O. Brennan, did yesterday on the talk shows. You find out why they weren’t. And a good place to start this morning is with Gordon Crovitz’s piece in the Wall Street Journal. Rarely, he writes, does intelligence come to us “on such a silver platter.” Abdulmutallab’s father, a respected banker, reported his concerns to the American Embassy not once but three times, twice in person. And the son had a U.S. visa, which could easily have been discovered. He paid for his ticket in cash, and had no luggage. But the criteria U.S. intelligence agencies use for determining when to put a suspected terrorist on a watch list or a no-fly list, Crovitz shows, are adapted from a landmark law-enforcement case, Terry v. Ohio, concerning local traffic stops: “Mere guesses or inarticulate ‘hunches,’ ” the standard concludes, “are not enough to constitute reasonable suspicion.” Is it any wonder that the dots were not connected. They won’t be until we start taking this war seriously.

John Brennan, assistant to the president for homeland security and counterterrorism, made the rounds of the Sunday political shows this weekend. He’ll be reviewing the attempted bombing of Northwest flight 253 for the president. 

His appearance on ABC’s This Week program revealed his struggle with the limitations on data mining for counterterrorism purposes. His interviewer, Terry Moran, betrayed even less awareness of the challenge. Their conversation is revealing:

Moran: Who dropped the ball here? Where did the system fail?

Brennan: Well, first of all, there was no single piece of intelligence or “smoking gun,” if you will, that said that Mr. Abdulmutallab was going to carry out this attack against that aircraft. What we had, looking back on it now, were a number of streams of information. We had the information that came from his father, where he was concerned about his son going to Yemen, consorting with extremists, and that he was not going to go back.

We also, though, had other streams of information, coming from intelligence channels that were little snippets. We might have had a partial name, we might have had indication of a Nigerian, but there was nothing that brought it all together.

What we need to do as a government and as a system is to bring that information together so when a father comes in with information and we have intelligence, we can map that up so that we can stop individuals like Abdulmutallab from getting on a plane.

Moran: But that is exactly the conversation we had after 9/11, about connecting these disparate dots. You were one of the architects of the system put in place after that, the National Counterterrorism Center. That’s where the failure occured, right? The dots weren’t connected.

Brennan: Well, in fact, prior to 9/11, I think there was reluctance on the part of a lot of agencies and departments to share information. There is no evidence whatsoever that any agency or department was reluctant to share.

Moran: Including the NSA? Were the NSA intercepts shared with the National Counterterrorism Center?

Brennan: Absolutely. All the information was shared. Except that there are millions upon millions of bits of data that come in on a regular basis. What we need to do is make sure the system is robust enough that we can bring that information to the surface that really is a threat concern. We need to make the system stronger. That’s what the president is determined to do.

Moran: You see millions upon millions of bits of data that—Facebook has 350 million users who put out 3.5 billion pieces of content a week, and it’s always drawing connections. In the era of Google, why does [the] U.S. intelligence community not have the sophistication and power of Facebook?

Brennan: Well, in fact, we do have the sophistication and power of Facebook, and well beyond that. That’s why we were able to stop Mr. Najibullah Zazi, David Headley, [and] other individuals from carrying out attacks, because we were able to do that on a regular basis. In this one instance, the system didn’t work. There were some human errors. There were some lapses. We need to strengthen it.

In our paper, Effective Counterterrorism and the Limited Role of Predictive Data Mining, distinguished engineer and chief scientist with IBM’s Entity Analytic Solutions Group Jeff Jonas and I distinguished between what we called subject-based data analysis and pattern-based analysis.

Subject-based data analysis seeks to trace links from known individuals or things to others.… In pattern-based analysis, investigators use statistical probabilities to seek predicates in large data sets. This type of analysis seeks to find new knowledge, not from the investigative and deductive process of following specific leads, but from statistical, inductive processes. Because it is more characterized by prediction than by the traditional notion of suspicion, we refer to it as “predictive data mining.”

The “power” that Facebook has is largely subject-based. People connect themselves to other people and things in Facebook’s data through “friending,” posting of pictures, and other uses of the site. Given a reason to suspect someone, Facebook data could reveal some of his or her friends, compatriots, and communications.

That’s a lot compared to what existed in the recent past, but it’s nothing special, and its nothing like what Brennan wants from the data collection done by our intelligence services. He appears to want data analysis that can produce suspicion in the absence of good intelligence—without the “smoking gun” he says we lacked here.

Unfortunately, the dearth of patterns indicative of terrorism planning will deny success to that project. There isn’t a system “robust” enough to identify current attacks or attempts in data when we have seen examples of them only a few times before. Pattern-based data mining works when there are thousands and thousands of examples from which to build a model of what certain behavior looks like in data.

If Brennan causes the country to double down on data collection and pattern-based data mining, plan on having more conversations about failures to “connect the dots” in the future.

As George Will said on the same show, “When you have millions of dots, you cannot define as systemic failure—catastrophic failure—anything short of perfection. Our various intelligence agencies suggest 1,600 names a day to be put on the terrorist watch list. He is a known extremist, as the president said. There are millions of them out there. We can’t have perfection here.”

We’ll have far less than perfection—more like wasted intelligence efforts—if we rely on pattern-based or predictive data mining to generate suspicions about terrorism.