Firstly to your point about detection thresholds and false positives, specifically thinking about airport security and terrorism: the trouble here is that terrorists are *incredibly* rare compared with the population of legitimate travellers. 99% of security guards manning airport x-ray machines will never come across one. Virtually every positive indication from the system (of machines and guards) will be a false positive, even if the false positive rate is vanishingly small.

Secondly, watching bags go through x-ray machines (or shoppers go through tag readers at shop exits) is a mind-numbingly boring job. After a while the brain starts to make efficiencies and basically stops paying attention – we subconsciously assume that the results will be constant, making false-negatives more likely.

So to summarise, minimum wage security guards watching something very dull, looking for something incredibly rare, are unlikely to succeed.

Now, as you rightly point out, a small degree of blanket screening is important. It helps to catch the “idiot terrorists”, and means that even smarter terrorists cannot *guarantee* they won’t be detected. But pouring vast resources into the screening effort isn’t smart – the limit of diminishing returns is rapidly met.

So what’s the alternative? Well, I like Bruce Schneier’s suggestion: take that extra money and invest it in training security officers to be extremely good at spotting “out of the ordinary” behaviour: nervousness, sweating, unusual interest in airport security aparatus. The training has to be good enough to eliminate profiling for race, gender and other stereotypes, but basically I think airports should employ experienced officers who can ‘just tell’ when something doesn’t add up.

The problem with this is, of course, cost. That’s why the foreseeable future has us removing our shoes and slowly filing past bored-looking guards

Unfortunately (or fortunately, I’ll come back to that later), people will always be a key link in any security system. Security systems vary in form and technology but they more or less always come back to comparing something to a threshold. Comparing a measure to a threshold induces, among other things, a probability of detection (i.e. true positive) as well as a probability of false alarm (i.e. false positive). Amazingly both physics and maths agree on the fact that the two are linked and that you can’t increase one without increasing the other.

That’s where the human factor comes in the play: it’s up to people to ultimately make the distinction between a correct detection and a false alarm. And one you think that what’s at the end of the detection chain could be a weapon system, I am glad a person, as imperfect as we all are, has the final call before triggering any decision.

No doubt people are the weakest link in security but what’s the alternative? No security system? We live in a society where unfortunately it’s not an option. I am not naive enough to think any security system will deliver absolute security but for one, I don’t mind wasting a little time going through security checks at an airport knowing that, although it doesn’t guarantee a terrorist free flight, it might deter some would be terrorists of trying to get on my flight.