Teetering on the Edge of Isolationism / Nonrepudiable Security Technology

This news isn’t going to make very many people very happy at all:

U.S. to Contract Foreign Co. to Scan Cargo – Yahoo! News

One of Americans’ favorite beach destinations, the Bahamas, is getting a new U.S. arrival ? sophisticated equipment to detect radioactive materials in shipping cargo. But U.S. customs agents won’t be on site to supervise the machine’s use as a nuclear safeguard for the American shoreline that is just 65 miles away from Freeport. Under an unusual arrangement, a Hong Kong company will help operate the detector.

But at what point are we becoming isolationist and even naive about the ways of the world? There are so many ways of looking at this issue. . .

A couple of quick points before the meat of this post:

  1. The Bahamas are not the first place you think of when you think security.
  2. Hong Kong is at least as untrustworthy as the Bahamas
  3. We’re getting shipments from these places, anyway

The trouble with this whole deal is the problem with anything that the Bush Administration does, which is that they are so careless, corrupt, incompetent and at times all three.  We simply cannot trust them to get things right.

In truth, we have always been and always will be forced to trust other nations to handle security in thier own nations.  We always have been and always will be to some extent dependent on our neighbors for shipping security.  The fact that we’re looking into installing things like radiation scanners in other nations to see to it that cargo gets checked for this type of hazard is actually a step in the right direction, we just cannot trust the Bush Administration to do it right.  Sadly, this whole process is starting to look more like isolationism ~ especially with Republicans raising objections ~ than is really warranted. 

On the other hand, the fact that we do not seem to be doing anything here at home to verify shipments is a bigger problem.  Administration officials and appologists diffuse the port security thing like it’s such a big deal: “how can we possibly check every container coming in and out of the US.  Do you know how much stuff that is?”

Answer: “Well, you had to pick it up off the boat and set it somewhere, didn’t you?”  Radiation scans, explosives scans and many other types of checks can simply be incorporated into the infrastructure of our ports to passively and constantly scan shipments for objectionable things.  We don’t need to hire Johnny Porter to walk around with a Geiger counter all day long testing every object that comes through our ports.

The thing is: what we need, to some extent, is a genuine engineering working group like the IEEE to come up with some actual technically savvy solutions to the problem.  We don’t need governments we can trust, we need standardized inspection technology that is verifiable and nonrepudiable.  Think Digital Certificates for cargo: each peice of cargo undergoes specific security checks (local governments can decide what those will be), and when they’ve been passed that information is added to the Certificate.

Let’s take radiological scans for an example.  Everything in the universe is radioactive at some level, and the radioactivity is measured in Ci (Curies, after the Madame of the same name).  So at the original port, a scanner measures the radioactivity, obtains a rating in Ci, then uses that number along with the make and manufacture of the scanner, time and date, etc, to create a digital hash.  That hash, along with all the information except the radiation level is added to the Digital Signature-type device  When the same parcel is recieved at the next port, another scanner checks the radiation level and then uses the same hashing algorithm to convert the results and the other information included in the Digital Signature into another hash. 

If the results don’t match, there is a problem.  Either the Digital Signature has been tampered with or the radiation level has changed, suggesting that somewhere in transit something may have been added.  So the parcel gets inspected.  Thus only those suspect parcels need to be checked.

Anyone who has done anything with Network or PC Security can tell you that there are a myriad of ways in which to make this scheme work with a high level of reliability.  All the tools are in place to make it happen, it’s just a matter of some intelligent person putting it all together.  Moreover, since most things don’t go straight from one port to another, there is a fail-over threshold that eliminates a lot of ambiguity.

I’m sure I’ve probably given away a multi-billion dollar idea, but what the hell?  I’m printing this out and sending it to myself in the mail, just in case. . .