If not literally, then essentially, as your credit card gets tied to that shirt you bought, or the car you drive/rent, or it’s tires, etc.. etc… etc… Bloody nightmare technology.

Fred

RFID is brilliant. It works well at Wal-Mart and has a bright future ahead of it. But it doesn’t mean it can solve national security issues. At least, not yet.

Besides, the guy sitting in the container – like that dude they got in Canada – does not wear an RFID tag on his ass, does he ?

Not foolproof, but it could do two things: first, create much more of a trail back to the origin of any threatening cargo and second, make it much harder for nasty stuff to be send from small and less stable countries with Islamacist camps.

The weakness inevitably is that we would end up paying some of those countries to set this up and that corruption would weaken the whole system.

Obviously you can’t count on the chip telling you the truth about the contents, any more than you rely on the current paperwork. Counterfeit cargo declarations will be possible.

The security pay off comes from tracking and tracing. A forty-foot box doesn’t move easily, or invisibly (not to spy satellites, anyhow.) It becomes feasible to know _where_ in the world all equipped sea-containers are at any moment. Just as it is now — and has been, the past decade — possible to know where in the U.S. any bar-coded railcar is. Boxes that “disappear”, or are “duplicated”, or “teleport” from one documented place to another can be identified by idiot-computer analysis. Then, human investigators can look into the problem. This should make it a lot less likely that a rogue state can maintain plausible deniability if a container should turn out to have been loaded with WMD, or even mis-documented and incompatibly loaded hazmat.

And, in fact, the ability for a container’s RFID chip to squawk an alert when an RFID-pallet’s load of oxidizing pool chemicals is loaded in next to another, similarly equipped, pallet-load of flammable cosmetics will heighten our security against the “normal” disasters to which the technological world is prone. Securing against a dozen “little” accidents may pay off quicker than securing against deliberate, major, terror.

So, is it worth doing? If the chips come down in price as projected, they’ll be selling at under a dime (U.S.D $0.10) by the 2005 “sunrise” date.
As always, economics rules. But I think it will pay off.

Well, it’s not QUITE that bad.

But.

Radio Frequency Interactive Documentation (RFID)and the Electronic Product Code (EPC) have unavoidable commericial appeal. Rather than crack open a sea-container to pull a paper manifest, you “ping” a chip and — lo! — the data appears on your handheld screen. How many rolls of toilet paper, how many cans of baked beans, how many rounds of 5.56 mm ammunition. The U.S. military AND WalMart are insisting that pallet loads of cargo shipped to their major distribution hubs be enabled for RFID by January 2005. Putting the chips on truck-trailers and sea containers is the next logical step. And putting readers around ports and load points, feeding the data via satellite to a central database, will be GOOD for transporters — in the same way that putting barcodes on boxcars has been good for railroads tracking their rolling stock.

The security payoff is gravy compared to the logistics R.O.I. — the meat and potatoes.

The terrorists know that false alarms cost us lots of money. The recent increase in “chatter” that caused our alert level to be raised was probably just that…chatter and nothing else.

I suspect that in practice, in order to be effective, it will be necessary to use humint and rational guessing (“profiling”) to reduce the suspect population to manageable size.

Maybe the detection technology for bombs is good enough to obviate the need for profiling, but I doubt it. It gives me the willies to realize that our political leaders would rather risk people’s lives than acknowledge that profiling, of the kind that is done at Israeli airports, would be immediately effective in preventing terror attacks.

If the test is 99.9% accurate, then out of 10,000,000 containers shipped, there will be 10,000 false alarms. The next level investigation team will get stressed out, bored, and superficial by the time the one real threat appears.

Lots and lots of containers are shipped in any given year.

And most of these tests will be far less than 99.9% accurate.

I don’t think we have any idea what some people in Israel go through in their daily lives. Like putting each child on a different school bus to limit family casualties if it blows up or is attacked. I know folks here who say the color-coded alert levels stress them. I can only wish it’s the most stressful thing we’ll have to deal with.

We’re vulnerable all right. Airport security and screening luggage is the easy stuff. Even containers. We’ll get that right eventually. It’s the nasty, vicious, “traditional” low-tech attack that worry me most. It just seems easier for the attacker, and likelier to succeed.

As for why it hasn’t been done so far, well, look at 9/11. Why didn’t they try that in 1993 ? Or before ? Both the technology and the target had been around for 30 years. Matter of time…

One reaction that was symptomatic of this attitude occurred immediately after 9/11. Curb-size baggage check-in was suspended. Why ? How did that relate to 9/11, and how would it help prevent another one ? Baggage checked in that way ends up on the plane the same way as any other, and those passengers still have to get boarding passes and get through security. No explanation was given but somehow, it looked serious, since it was restrictive. We were giving up a little convenience, so it had to be making us safer, right ?

In this case, there is a very real risk. Which makes it all the more important to get it right.

The interesting thing about that is they could cause huge problems for years, and then by the time they have a good bomb, everyone is ignoring the system.

But that sounds like an argument for never having tracking. (sigh) So I don’t know. Tightly controlled alert thresholds?

Aside from which, if your’re smart enough to build a (dirty) bomb that’s any use, you are MORE than smart enough to spoof any sensor cheap enough to be installed.

That being said, inspection ports in containers, and better tracking, etc… Could go a long way to help.

Although he might still have a valid point, and one that has been made by Bruce Schneier about other systems. Repeated, frequent false alerts invariably lead to their being ignored. So you eventually bear the cost and no benefit.

Note that I am assuming here the occurrences would be frequent. Still, the odds are that after a while, a container sensor-alert occurring soon after a false positive at the same location could be ignored. Specially if the previous error was attributed to some generic malfunction. Or if eight containers in a row proved to be false positives, employees under pressure might not check the ninth.