Identifying terrorists before they strike by using computerized knowledge
assessment (CKA)
Steve Kirsch, [email protected]
Version 2 10/07/2001
8/22/06 Update:
- The current brain scanning technology isn't sufficiently developed to
make this idea practical and probably won't be for at least 5 to 10 years
- If you want to improve airport security, the best way to do that is to
reduce the number of terrorists. To do that, you have to understand why tens
of thousands of people want to kill us. Then, we simply modify our behavior
so that we can all get along. This won't eliminate all terrorism, but it
will eliminate most of it.
- The single most effective decision to reduce terrorism that President
Bush can make would be to resign. The second most effective decision to
reduce terrorism is to withdraw from Iraq. You simply cannot continue to do
things that piss off lots of people and expect that nothing bad will happen.
Even our friends (other nations) think we're nuts; that's why they didn't
join us in invading and occupying Iraq. The more we act like a bully, the
worst terrorism will get. And Bush's "stay the course" policy is insane; you
can't expect to keep doing the same thing over and over and expect a
different result.
Our goal is to eliminate terrorism, but what's the best strategy? One approach
would be to try to secure every individual asset. Unfortunately, this is a
hopeless battle. We can't even secure a single asset. For example, despite years of effort, there isn't an airport in
the country that cannot be easily penetrated, as the FAA's "Red team"
recently discovered. Not one single airport. So what makes us think we can ever
make them all safe?
We need a new approach. The best way to defeat terrorists is to: (a) disallow
them entry into the US, (b) expel foreign nationals in the US who are
terrorists, and (c) restrict the mobility of any terrorists who are US citizens
(e.g., require those with a high risk factor to undergo higher screening
and/or restrict passage to only those flights with sky marshals).
However, to accomplish these objectives, we would need a relatively fast and
reliable method to determine who is a terrorist and who is not. Fortunately,
there is a technology that is applicable to this task. This technique, which has
been known as brain fingerprinting
but we shall refer to as "computerized knowledge
assessment" (CKA), was invented over 10 years ago by Dr. Larry Farwell, a former faculty
member of the Harvard Medical School. It has proven infallible in tests by the
FBI and US Navy. Unlike lie detector tests which can be fooled, brain responses
cannot be faked. For this reason,
brain fingerprint evidence has been ruled admissible in US courts where it has
been used both to exonerate and convict.
CKA is dependent on the P300 complex, a very well studied
series of brainwave components that have been known for over 20 years and have
been repeatedly verified in countless professional, peer reviewed journals. It works by determining whether or not a
stimulus (such as a picture) has been previously seen by a subject. Therefore,
it can be used to determine whether someone is familiar with the inside of a
specific terrorist training camp or the contents of particular terrorist code
book, but you cannot simply ask any yes/no question and determine whether
someone is lying (such as "did you cheat on your taxes?"). Therefore,
with a properly selected set of words and images, we can quickly determine (in
as little as 10 minutes), for
example, whether a person has knowledge of al Qaeda that could only be known by
a member of al Qaeda (or a small handful of FBI specialists assigned to al Qaeda).
(see the CKA FAQ)
CKA can be applied to a wide variety of applications. In general, we can screen
people periodically for any known threats (inside knowledge of al Qaeda, anthrax
handling procedures, etc) and then store the results of that screening and their
biometric information in a government database. We can then use biometric
authentication (i.e., you present your ID card or number and the requested
biometric such as glancing into a camera for 1 second to scan your iris) to
authenticate the person and retrieve their security profile. That security
profile can then determine their privileges such as entry into the US, entry
into a sporting event, or entry onto a plane.
To ease public acceptance, we can start by making CKA totally optional. Here's
why...
Consider the following scenario
You're at an airport. There are two planes waiting to take you to your
destination. Both planes leave at the same time. Both are going to the same
destination.
Plane #1: Everyone on board has passed the CKA test.
Plane #2: Everyone on board has refused to take the CKA, but
has passed a traditional two question security screen about the items that
they are carrying with them.
Assume you have a wife and 3 kids. Which plane do you get on?
The bottom line: We can make this system totally optional for US citizens and
allow airlines to offer secure and non-secure flights. Market forces will take
it from there. America is all about choice. Don't we owe it to our citizens to
offer them the choice? Or shall we limit their choice and not offer them the
option for a safer flight, and force them to take the unsafe alternative?
For passengers who voluntarily choose to be screened by this approach, here's how it might work (this is just one scenario; many different variations
are possible):
- When you enter the airport, you either present your ID card or key in your
ID number, then you glance into an iris scanner for a fraction
of a second (or present some other standard biometric accepted by the
machine). 1 second later, the machine will tell you whether you will need
to be tested or not depending on the national policies in place at the time.
For example, we might require a 10 minute test every 2 years and a 2 minute
"refresh" test every 90 days (or as required in the event of a new
terrorist threat).
- If the machine says you are cleared (because it already has your test data
on file), you'd proceed to a special "fast pass" security checkpoint
with shorter lines to be scanned using the normal x-ray scanners/metal
detectors.
- If you need to be tested, if this is your very first time, you'd be directed
to a special bank of enrollment/testing machines. The enrollment station would record the various
official US-standard biometrics that are used for authentication (e.g., iris, palm,
face, voice, etc.). This process (of recording additional biometrics) would
take just a few seconds and need only be done once every few years to make
sure the data is current (iris data is invariant and need not be re-acquired). You would
then be directed to a numbered testing station where you'd again present one of your
biometrics during the entire test, and put on a headset (containing industry standard EEG sensors that record
brainwaves) and watch video images on a standard computer monitor for 4 to 10
minutes (depending on whether this is your first time or whether this is a
re-test for a new threat).
- The images are in essence "Have you seen this before? Yes or no?"
questions. If you are uncomfortable viewing any image, you may stop the
test at any time by either removing the headset or pressing a stop button.
- Only images and words related to security are allowed. These would be similar to
questions an El Al security screener might ask you. You will not be asked
personal questions, such as "Have you cheated on your spouse?" As
previously mentioned, these questions are impossible for the computer to
"ask."
- Although people lie--which is why "lie detector tests" remain so controversial--brainwaves don't.
Your brain reacts to the image (either you recognize it or you don't) regardless of the answer you verbalize. You
cannot fake out the machine because by the time you recognize the image and
realize that you know it, you are too late.
- The testing is completely automated and is not subject to human
interpretation. It is completely blind to race, creed, color, sex, religion, etc. Your
"computerized security risk factor profile" is linked to your biometric data,
but not to your identity.
- You do not need to enter your name in the system. You can take the test
completely anonymously if you like. In this way, your privacy is ensured since the
government would have no way to associate the biometric and security profile
data with a name. The data would be associated with a number recorded on a
card or that you would remember (like your social security number) since this
is required to achieve accurate biometric authentication (this number might
also be your National ID card number). The association of your test data with
your name would only happen if you are arrested (in
much the same way we associate fingerprint data with your name if you are
arrested) or if you voluntarily gave someone this information (e.g., you make
your airline reservation and give them your ID number instead of your name so
that nobody else could show up at the airport and claim your seat).
- Properly done--and this can be a very public process including the
preparation of CKA testing materials and a clear manual appeals process--there would be
no false positives and no false negatives after the final screen. For example,
some people, such as Navy Seals or FBI agents, might
test positive for specialized terrorist knowledge in the initial 10 minute
screen, but adding additional questions and/or manual checking done by
specially trained federal agents would quickly clear them. So any false
positives can be cleared up with subsequent testing. And false negatives would
be possible but extremely unlikely (only 1 terrorist in 10,000 might slip
through).
- Having passed the test, you'd proceed to a "fast pass" security
checkpoint line. Again, you'd merely glance at a video monitor. This monitor
would use your iris data to locate your security profile in the federal
database, and then clear you to proceed. The lookup and authentication can be done in
well under 1 second by a commodity laptop computer.
- Iris scans are preferred since,
unlike other biometrics, there have never been false positives or false
negatives on iris scans and because iris data alone is sufficient for a
positive ID. Iris scans are the most secure and quickest form of
identification. Other biometrics may also be used (for cost and/or space
reasons). In all cases, an ID card
(or your remembering a number) would be necessary
(you'd have the choice as to whether your name appeared on the card),
although, as noted below, if you use iris ID, you'd only have to present the
ID card/number just once at your initial check-in at the airport.
- At the boarding gate, you'd present one of your biometrics (and an ID card
or number if not iris data) as you pass through the gate. So as you pass
through the gate, it verifies that you passed through all the required
security checkpoints and that you have a ticket for this plane. This is FAR
simpler than the current process since there is no plane ticket to lose and
the gate agent doesn't have to check you are on the right flight. It will also
speed up the boarding process.
- As new threats are discovered, they can be added to the CKA screening images.
If the threat is significant, you might be required to have a screening before
you can take your next plane trip. If it isn't an urgent threat, you'd just
see the new material at your next annual CKA exam.
All gates at an airport would have the equipment available for
authentication before boarding, since this equipment is useful whether you have
a CKA test or not, i.e., we should be implementing the system above (minus
the CKA screening) right now since it is the only way to ensure passengers are
who they say they are and haven't bypassed any security checkpoint. Some
flights, the exact number would depend upon demand, would be designated as 100%
computer screened. So if safety is your concern, you can choose one of these
flights in much the same way that you choose a "smoking" or
"non-smoking" room in a hotel. You'd choose to fly on a
"mixed" flight which is not 100% computer screened for one or more of
the following reasons: (a) privacy and distrust of the government is more
important to you than your personal safety (b) you think the computer screening
doesn't work or is too invasive, (c) if the screened flight was at an
inconvenient time, and you are willing to take the risk for convenience, (d) if
the computer made a mistake and you didn't have time to go through a special
sequence with a specialist to clear you (e.g., you are an FBI agent specialist
on al Qaeda).
We can
also make the CKA test mandatory for foreign nationals who want to enter the US or,
if we don't want to discriminate, for anyone entering the US from abroad. This
is particularly important because all of the 9/11 hijackers were foreign
nationals.
The Appendix
contains more information on the technologies, costs, and a discussion of objections that
have been raised including most of the privacy and "Big Brother" issues that immediately come to
mind
Unlike most other approaches, the approach described here provides a
comprehensive and potent weapon on the war against terrorism while actually increasing
customer convenience and enhancing security against a wide range of
attacks making it at least 1,000 times more difficult for a terrorist
to escape detection. At worst it adds only 1 second per authenticated
entry and typically only 10 minutes for a re-screening once every few
years. It's use is not limited to air travel, but can apply to entry
into any secure area, such as entry into the country or entry into sports arenas.
In less than 90 days
from a government request, we can
prove the concept is effective at identifying any al Qaeda terrorist with over 90%
certainty for less than $50K (99.999% confidence would take more than 90
days). A system using the approach described here
could be put in place at all airports in the US in less than 4 years at a
total one-time capital equipment cost of under $1B. Annual
operating costs to run an airport are not significantly impacted. The cost
to run this system for 100 years is probably less than the cost of this one
single incident.
This system isn't perfect. It might allow 1 terrorist in 1,000 through.
It might temporarily inconvenience 1 honest person in 10,000 (who can be
quickly "cleared" through additional tests or alternate means). Is there any other system that can determine an exact count of the number of
terrorists on each plane? Or even an approximate number?
Bush said we'd do "whatever it takes" to defeat terrorism.
This is the first step towards that end. Will we do it? Is there a better alternative for protecting innocent lives?
If so, let's pursue that. If not, what are we waiting for?
The Proposal
Ask (through request from the administration or legislation) the FBI to work with Farwell to create a demonstration that the system can accurately and automatically pick out each
and every terrorist placed in a test group of 100 or more people. If this can be
done repeatedly without error, then authorize a prototype testing station to
be built with a goal of a trial deployment in one airport where passengers
are allowed to choose between boarding "computer screened" or
"human screened" flights.
Unfortunately, it could take years before the government acts on this
suggestion. The Tech Museum of San Jose is in the process of putting together an exhibit
(ideally for display at the San Jose
airport) entitled "Does computerized lie detection work?" It will test
an area of knowledge that most people have, and "reward" people (e.g.,
by giving them a pass to cut to the front of the security line) if they do not
have the knowledge. Therefore, everyone will have a major incentive to try to
"cheat" the system. The fact that they will not be able to cheat the
system (and only those without the knowledge will be able to pass) will provide
an impressive public demonstration of how the technology might be applied and
ease public acceptance of the technique.
Conclusion
I have a wife and 2 kids. I need to fly as part of my job. I want to do so
safely. I want my family members to be able to travel securely. I want my
employees to have the freedom to travel securely. The computerized security
screening is orders of magnitude more effective than anything else we have
available in ensuring our safety. Will the government allow the airlines to
offer this alternative screening to passengers as an option? Or will it repress
the option and give us no choice but to play Russian roulette every time we need
to fly?
The government could use this technology exclusively on all people entering
the country. By requiring this, virtually no one in America needs to be scanned
and no American citizen would need to undergo CKA (because we'd enter in
any American citizen with a valid passport who is already in the country so that
they can re-enter within 12 months without having to be scanned). If we scanned
everyone, we can avoid the search and
seizure operations that are now taking place daily in airports, sports arenas,
etc. We can also greatly reduce the threat and fear of bio-terrorism and the
need to be vaccinated against every possible biological agent. In short, introducing
this program for all people entering the country means our freedom and way of
life will be restored without inconveniencing a single American. Border
screening using this approach benefits everyone.
Public acceptance and a phase-in period is easy. Create a single simple benefit: If
you get computer screened, you get to cut to the front of the security screening
line (this would work just like the special "ski school/ski patrol"
lines at ski resorts). People will be clamoring to get tested.
Other resources
If you are reading a hard copy, the most recent version is at: http://www.skirsch.com/politics/plane/ultimate.htm
Appendix: (costs, configuration, list of
objections)
Reader comments
FAQ on CKA (written by a PhD student at UCSD)
List of endorsers Other techniques to prevent air hijackings
Press articles
ZDNet
article
ZDNet
article#2
Response to article
in The
Register
Notes:
- If we do issue an ID card, the card should also record your biometrics and
this data should be digitially signed by the US government. In the event
that the national database cannot be contacted, you can still be
authenticated.
- Iris biometrics are absolutely required as they eliminate the possibility
of aliases/fraud. No other biometric can do this. Using a new search
technique, you can perform thousands of iris lookups per second on a billion
record database on a single CPU.
|