What does a dangerous suitcase look like?

Quick quiz, which one of these suitcases looks more dangerous to you? The suitcase on the left is a hard-shell "Pelican" style case with bulky latches on it, while the suitcase on the right is a well-worn traditional large suitcase.

I was recently waiting in the lobby of a hotel in Las Vegas, standing by these two suitcases. I noticed the hotel security guy was observing me closely, but I had no idea why. The security person was in a suit (noticeable as security by his ear piece) and in the span of about ten minutes he just frequently looked in my direction in a way that was unmistakable, but he never came over to talk to me. I assumed he was more of a permanent observer, and I was probably correct because around this time a more "tactical" security guy (boots, cargo pants, polo shirt, etc.) approached me and asked me if he could look into the suitcase on the left. He mumbled something about "heavy duty" suitcases requiring inspection.

I assumed this part was probably not negotiable, so I agreed to let him search this suitcase (full of Blink Identity demo equipment). But I was curious, so I told him I worked in the security industry, and asked why he wanted to search the left suitcase, but not the right. He was clearly embarrassed and said that it didn't make sense to him, but was a directive "from management." He said he thought that random bag checks would be more effective.

I've seen this kind of thing happen a lot in physical security, and it comes under the general expression "security theater." The basic concept is emphasizing things that look like security over things that may actually enhance security. The suitcase on the left looks like something that would be used by a villain in a cheesy movie to bring in all of his evil equipment. But as you can see from the picture, both of these suitcases could hold equal amounts of *anything.* Why would a bad guy with even a bit of foresight use a suitcase that looks like it came from a bad guy movie?

Sometimes security theater is intentional. It may be that this hotel knows this step is pointless, but they like to do it anyway because it is in public view and it reassures people that the hotel is taking security seriously. More likely, the hotel feels like it has to do something, and this feels like something that is worthwhile. But security theater is dangerous no matter the motivation. There are a limited number of resources available for security, and any action we do that is wasteful is taking away resources that could be applied to security actions that are productive. We need a more rational, scientific way to think about security or we will just continue to do things that feel right, or we will do the things that "everyone does" without thought.

Treating security as something with a scientific basis is challenging - we don't like to think about running "experiments" when people's lives are on the line. It isn't a pure scientific problem, but that doesn't mean science can't help. In my suitcase hotel example, the hotel could have simply kept metrics: what percentage of hard suitcases inspected had dangerous items in them? If it is 0, maybe they could try random bag checks and see what happens. Or they could study recent mass shooting events to determine if any bag check would have helped.

In the coming months I will be taking a look at the scientific basis (or lack) in common security scenarios. As a scientist and not a security professional, I am not trying to be the authority on how physical security should be implemented. My goal instead is to foster more open dialogue about how some physical security measures/procedures work and how we should be measuring effectiveness or thinking about the problems.