Since 9/11, we’ve spent hundreds of billions of dollars defending ourselves from terrorist attacks. Stories about the ineffectiveness of many of these security measures are common, but less so are discussions of why they are so ineffective. In short: Much of our country’s counterterrorism security spending is not designed to protect us from the terrorists, but instead to protect our public officials from criticism when another attack occurs. Boston, Jan. 31: As part of a guerilla marketing campaign, a series of amateur-looking blinking signs depicting characters in Aqua Teen Hunger Force, a show on the Cartoon Network, were placed on bridges, near a medical center, underneath an interstate highway and in other crowded public places. Police mistook these signs for bombs and shut down parts of the city, eventually spending more than $1 million sorting it out. Authorities blasted the stunt as a terrorist hoax, while others ridiculed the Boston authorities for overreacting. Almost no one looked beyond the finger pointing and jeering to discuss exactly why the Boston authorities overreacted so badly. They overreacted because the signs were weird. If someone left a backpack full of explosives in a crowded movie theater, or detonated a truck bomb in the middle of a tunnel, no one would demand to know why the police hadn’t noticed it beforehand. But if a weird device with blinking lights and wires turned out to be a bomb — what every movie bomb looks like — there would be inquiries and demands for resignations. It took the police two weeks to notice the Mooninite blinkies, but once they did, they overreacted because their jobs were at stake. This is Cover Your Ass security, and unfortunately it’s very common. Airplane security seems to forever be looking backward. Pre-9/11, it was bombs, guns and knives. Then it was small blades and box cutters. Richard Reid tried to blow up a plane, and suddenly we all have to take off our shoes. And after last summer’s liquid plot, we’re stuck with a series of nonsensical bans on liquids and gels. Once you think about this in terms of CYA, it starts to make sense. The Transportation Security Administration wants to be sure that if there’s another airplane terrorist attack, it’s not held responsible for letting it slip through. One year ago, no one could blame the TSA for not detecting liquids. But since everything seems obvious in hindsight, it’s basic job preservation to defend against what the terrorists tried last time. We saw this kind of CYA security when Boston and New York randomly checked bags on the subways after the London bombing, and when buildings started sprouting concrete barriers after the Oklahoma City bombing. We also see it in ineffective attempts to detect nuclear bombs; authorities employ CYA security against the media-driven threat so they can say “we tried.” At the same time, we’re ignoring threat possibilities that don’t make the news as much — against chemical plants, for example. But if there were ever an attack, that would change quickly. CYA also explains the TSA’s inability to take anyone off the no-fly list, no matter how innocent. No one is willing to risk his career on removing someone from the no-fly list who might — no matter how remote the possibility — turn out to be the next terrorist mastermind. Another form of CYA security is the overly specific countermeasures we see during big events like the Olympics and the Oscars, or in protecting small towns. In all those cases, those in charge of the specific security don’t dare return the money with a message “use this for more effective general countermeasures.” If they were wrong and something happened, they’d lose their jobs. And finally, we’re seeing CYA security on the national level, from our politicians. We might be better off as a nation funding intelligence gathering and Arabic translators, but it’s a better re-election strategy to fund something visible but ineffective, like a national ID card or a wall between the United States and Mexico. Securing our nation from threats that are weird, threats that either happened before or captured the media’s imagination, and overly specific threats are all examples of CYA security. It happens not because the authorities involved — the Boston police, the TSA and so on — are not competent, or not doing their jobs. It happens because there isn’t sufficient national oversight, planning and coordination. People and organizations respond to incentives. We can’t expect the Boston police, the TSA, the guy who runs security for the Oscars or local public officials to balance their own security needs against the security of the nation. They’re all going to respond to the particular incentives imposed from above. What we need is a coherent antiterrorism policy at the national level: one based on real threat assessments instead of fearmongering, re-election strategies or pork-barrel politics. Sadly, though, there might not be a solution. All the money is in fearmongering, re-election strategies and pork-barrel politics. And, like so many things, security follows the money.
A Hot-Air Balloon Landed in a California Backyard. The Owner Says It's a 'Very Rare' Event
The CEO of Magical Adventures Balloon Rides tells WIRED how the pilot made a safe landing after they got stranded over a neighborhood.
Brian Barrett
Your Vape Wants to Know How Old You Are
Companies hope that biometric age-verification tech in cartridges could put flavored vapes back in business. But it's unlikely to solve the real problems.
Boone Ashworth
Using a VPN May Subject You to NSA Spying
US lawmakers are pressing Tulsi Gabbard to reveal whether using a VPN can strip Americans of their constitutional protections against warrantless surveillance.
Dell Cameron
Politicians Are Spending More Money on Security as They Increasingly Become Targets
Political candidates are purchasing more home alarms, bulletproof vests, and other protections amid rising fears of political violence.
Maddy Varner
They Built a Legendary Privacy Tool. Now They’re Sworn Enemies
There’s a lot of love all over the world for GrapheneOS, the gold standard of mobile security. There’s very little love between the two guys at the center of its history.
Tiffany Ng
The US Military’s GPS Software Is an $8 Billion Mess
The GPS Next-Generation Operational Control System was due for completion in 2016. Ten years later, the software for controlling the military’s GPS satellites still doesn’t work.
Stephen Clark, Ars Technica
MyMove Is the US Government’s Shittiest Website
For more than 30 years, the US Postal Service has sent people who need to change their addresses to MyMove. Experts say the site uses dark patterns to trap visitors in an online purgatory of “deals.”
Todd Feathers
The IRS Wants Smarter Audits. Palantir Could Help Decide Who Gets Flagged
Documents show the tax agency is testing a Palantir tool to surface “highest-value” audit and investigation targets from a maze of legacy systems.
Caroline Haskins
CBP Facility Codes Sure Seem to Have Leaked Via Online Flashcards
The Quizlet flashcards, which WIRED found through basic Google searches, seem to include sensitive information about gate security at Customs and Border Protection locations.
Sammy Sussman
Tech Companies Are Trying to Neuter Colorado’s Landmark Right-to-Repair Law
A bill in Colorado is a glimpse into the future of how corporations are working to limit the freedom people have to make their own fixes and upgrades.
Boone Ashworth
How Trump’s Plot to Grab Iran's Nuclear Fuel Would Actually Work
Experts say that an American ground operation targeting nuclear sites in Iran would be incredibly complicated, put troops’ lives at great risk—and might still fail.
Caroline Haskins
A Year After DOGE Cuts, GSA Now Plans to Hire Hundreds of Employees
The General Services Administration is hiring “approximately 400 positions,” according to an internal email viewed by WIRED. Last year the agency lost thousands of workers as part of DOGE’s rampage.
Zoë Schiffer