I was sixteen, flying from London to Cork — probably Heathrow, maybe Gatwick. I'd spent the afternoon at Camden Market, which if you've never been is basically a bazaar where you can buy anything from a vintage leather jacket to something that definitely violates several international treaties. I'd picked up one of those little pocket flamethrowers, the kind you use to light hookah coals. Tiny thing, fit right in my jacket. Didn't think about it again.
You forgot you had a flamethrower in your pocket.
Boarded the plane, settled into my seat, and it was only when the cabin crew started the safety demonstration — you know, exits here and here, life vest under your seat — that my hand drifted to my jacket pocket and I felt it. This little metal tube full of butane, sitting in my pocket, thirty thousand feet over the Irish Sea. And I realized: I had walked right through airport security without anyone noticing a thing.
I mean, that's a flamethrower.
A small one. An object whose entire purpose is to produce fire, and I'd carried it through a checkpoint designed to stop exactly that kind of thing. I spent the rest of the flight in a cold sweat — not because I was worried about getting caught, but because I suddenly understood that if a distracted sixteen-year-old could do it by accident, someone who actually meant harm could do it on purpose without breaking a sweat.
This was what, late nineties, early two thousands?
Early two thousands. Here's the thing though — you'd think the system would have gotten better since then. It hasn't. In twenty fifteen, the DHS Inspector General ran a series of undercover tests at American airports. TSA agents posing as passengers tried to smuggle weapons through checkpoints. They got through ninety-five percent of the time. Fake guns, knives, mock explosives — right past the screeners.
They ran it again in twenty seventeen. Ninety-five percent failure rate. ABC News got hold of the internal memos — the acting TSA administrator at the time was replaced within weeks.
Here's the question Daniel's getting at. You've got a system that fails nineteen times out of twenty when you test it. Everyone knows this — the numbers are public, the reports are online, any motivated person can read them. And yet we all keep taking off our shoes and putting our liquids in little baggies like it's doing something. Are we paying for protection, or are we paying for the feeling of protection? And if it's theater that everybody knows is theater — what's the point of the performance?
The tension's baked into the mandate itself. The TSA has two jobs that pull in opposite directions. One: stop weapons and explosives from getting on planes. Two: process two million passengers a day without grinding the entire aviation system to a halt. Those two goals don't coexist peacefully — they're in a knife fight, and throughput usually wins.
Because throughput is measurable. You can put a number on how many passengers you moved through in an hour. "How many attacks did we prevent" is a lot harder to quantify, especially when the answer is zero on an average Tuesday.
And the ninety-five percent failure rate makes a lot more sense when you look at it through that lens. The screeners aren't incompetent — or at least, incompetence isn't the whole story. They're operating a system optimized for speed, not scrutiny. The red team tests in twenty fifteen and twenty seventeen didn't just show that weapons got through. The DHS Inspector General report documented that screeners missed guns, knives, and mock explosives at what they called, quote, "alarming rates." But here's what stuck with me from the ABC News coverage: the testers weren't using elaborate concealment techniques. They were just... putting things in their bags.
Like a sixteen-year-old with a pocket flamethrower.
No spycraft required. And the TSA's own internal response to the twenty fifteen report was telling. They reassigned the acting administrator, brought in new leadership, promised reform. Then the twenty seventeen tests showed the exact same results. The reform didn't take because the underlying incentives didn't change.
What are those incentives? Because if you're running an agency with an eight billion dollar budget and you know your own tests show a ninety-five percent miss rate, that's not a failure you just shrug off. Something else has to be keeping the whole thing in place.
Three constituencies, none of whom are primarily motivated by actual threat detection. We want to feel safe, and visible rituals — uniformed officers, conveyor belts, body scanners — deliver that feeling. Second, airlines and airports. They need liability cover. If something happens, they can point at the TSA and say "we followed the federally mandated process.They need to be seen doing something after every incident. The liquids ban in two thousand six? That was a direct response to the transatlantic liquid bomb plot. Whether the ban actually prevents a repeat is secondary to the fact that it lets lawmakers say "we took action.
Twenty years later, we're still putting our shampoo in tiny bottles.
Twenty years later, exactly. The rule outlasted the threat profile because the rule serves a political function that has nothing to do with whether it works.
The system isn't failing at its real job. Its real job is reassurance, and it does that pretty well. The weapons detection part is almost incidental.
I'd put it this way. Airport security operates on two tracks simultaneously. Track one is actual threat detection — catching guns, knives, explosives. Track two is public reassurance — making passengers believe the system is working. When those tracks align, great. But when they conflict, Track Two wins every time. Because Track Two has customers. Airlines want calm passengers. Airports want smooth operations. Politicians want visible proof of action. Nobody's constituency is "rigorous, time-consuming security protocols that make everyone late and anxious.
Which is why the ninety-five percent number is so damning but also so durable. It's not a bug that needs fixing. It's the price of doing business the way we've chosen to do it.
The uncomfortable follow-up question is: if the system fails nineteen out of twenty tests, is it security at all? Or have we just built an elaborate ritual that happens to take place in an airport?
Dressed up in uniforms and plastic bins.
Dressed up in uniforms and bins, right. The question Daniel's asking — what's the point of a performance everyone knows is a performance — that's the question the TSA has never had to answer, because answering it honestly would mean admitting the performance is the product.
This is where Bruce Schneier's concept of security theater becomes the essential framework for understanding what's actually happening. Schneier's a cryptographer and security technologist — he coined the term in a two thousand three essay, then expanded it in his two thousand nine book "Beyond Fear." His argument was that airport screening had become the textbook example of measures that make people feel safer without making them actually safer.
The TSA red team data is the empirical proof of concept.
Schneier wrote that essay years before the twenty fifteen Inspector General report, but he could have written it the day after. The mechanism he described is this: security theater works on passengers, not on attackers. The visible rituals — the shoe removal, the liquids in baggies, the body scanners, the uniformed officers — they create a powerful sense of surveillance and control. And that sense of surveillance does deter casual opportunists. Someone who's mildly unstable and hasn't planned anything might see all that and think twice.
Anyone who's studied the system knows exactly where the gaps are.
That's the asymmetry. A motivated attacker does reconnaissance. They read the public reports. They know the ninety-five percent number as well as we do. They know which checkpoints are understaffed at which hours. The theater doesn't deter them because they understand it's theater.
My flamethrower story is a perfect case study in how this actually fails in practice. I wasn't trying to beat the system. I wasn't an attacker doing reconnaissance. I was just a distracted teenager who forgot what was in his pocket. And the system didn't catch it. Which means it can't even catch accidental violations — the easiest possible case — let alone someone who's deliberately trying.
That's the part that should keep people up at night. If the baseline detection rate for unsophisticated, unplanned violations is essentially zero, then the system's actual security contribution is indistinguishable from noise.
Walk me through the trade-off. Why is throughput so dominant over detection?
Every security measure is a negotiation between speed and scrutiny. You can catch more threats if you spend more time per passenger — longer interviews, more thorough bag checks, more secondary screening. But the TSA processes over two million passengers a day. If you add sixty seconds per passenger, you've just added over thirty thousand hours of processing time daily. The system would collapse.
The ninety-five percent failure rate isn't a bug — it's the inevitable output of a system optimized for moving people.
Here's the math that nobody wants to sit with. Even a five percent detection rate means you're catching something. But it also means, statistically, you're missing a hundred thousand potential threats a day. Obviously most of those aren't actual threats — most passengers are harmless. But the system can't tell the difference between a harmless passenger and a threat, which is the whole point of having the system in the first place.
Because someone's getting what they want out of this arrangement.
Three groups, and none of them are the traveling public in terms of actual safety. First, the passengers themselves — but only in the psychological sense. You walk through the checkpoint, you see the rituals, your anxiety drops. Whether that drop in anxiety corresponds to any actual reduction in risk is irrelevant to the feeling. Second, the airlines and airports. They get liability insulation. If something goes wrong, they can point to TSA compliance. Third, and this is the one that keeps the whole thing locked in place — politicians get to say they did something. After every incident, there's a new rule, a new procedure, a new piece of equipment. Whether it works is secondary to whether it's visible.
The liquids ban is the perfect fossil of this dynamic. Twenty years old now. Implemented in two thousand six after the transatlantic liquid bomb plot was disrupted in London. And it's still with us, long after the specific threat profile has evolved, because removing it would require a politician to stand up and say "we've decided this security measure isn't necessary anymore." Which is political suicide if anything happens afterward.
Even if the thing that happened had nothing to do with liquids.
Because the headline wouldn't be "new attack method used." It would be "attack occurs after government rolls back security." The political incentive is to never remove anything, only add.
Which is how you end up with a system that's accumulated decades of ritual layers, each one added in response to a specific incident, none of them ever evaluated for whether they actually work, all of them persisting because removing them carries more political risk than keeping them.
The performance isn't for the attackers. It's for the passengers, the airlines, and the voters. The actual security outcome is almost a byproduct.
That's the uncomfortable answer to Daniel's question. What's the point of a performance everyone knows is a performance? The point is that "everyone" doesn't include most passengers. The security studies community knows. The red team testers know. Anyone who reads DHS reports knows. But the average traveler going through the checkpoint doesn't know about the ninety-five percent failure rate. They see uniforms and scanners and stern faces, and they feel protected. The performance works on its intended audience.
Which means the real question isn't whether the theater is effective security. It clearly isn't. The question is whether the psychological benefit — calmer passengers, operational smoothness, political cover — justifies an eight billion dollar annual budget and a ninety-five percent miss rate. And whether there's a version of this that does better without breaking the system entirely.
If the current system is theater optimized for throughput, what's the alternative? Israel's been running a fundamentally different model for decades. And it starts from the opposite assumption.
We've talked about their security architecture before, but the core difference is philosophical. The TSA assumes everyone's benign until a machine flags something. Israel assumes every passenger is a potential threat until proven otherwise.
The mechanism is behavioral profiling — but not the hollowed-out version the TSA tried and failed at. El Al security officers engage every single passenger in a thirty to ninety second conversation before check-in. They're not just asking "did you pack your own bag." They're looking for anomalies in your story, your body language, your response patterns. Where did you stay? Who did you visit? Why that hotel? The screening technology is secondary to the human interview.
It works because the threat environment is fundamentally different. Israel faces a persistent, high-probability threat — not the one-in-a-million lottery of a terrorist boarding a US domestic flight. When the baseline threat is high enough, the math on intensive screening flips.
Here's where the scalability argument hits a wall. Ben Gurion processes roughly five million passengers a year. The TSA processes over eight hundred million. Behavioral profiling requires highly trained personnel, low passenger-to-officer ratios, and time per interaction that simply doesn't scale to US volumes. You'd need an army of interviewers.
Even if you could scale it, there's the political correctness problem. Israel's model explicitly profiles based on threat demographics — ethnic, religious, national-origin heuristics. It's effective precisely because it's willing to make those distinctions. But that approach is legally and ethically incompatible with Western anti-discrimination frameworks.
The US actually tried a watered-down version — the SPOT program, Screening of Passengers by Observation Techniques. DHS spent nine hundred million dollars on it. Behavior detection officers at checkpoints looking for micro-expressions, stress indicators, suspicious body language. The twenty fifteen Government Accountability Office report found the program had no measurable effect on catching terrorists. Nine hundred million dollars for zero demonstrable results.
The American attempt at behavioral profiling was both ineffective and, according to civil liberties groups, still discriminatory in practice. Worst of both worlds.
Which brings us to the deterrence question Daniel raised. Even theater might have value if attackers believe the system works. But the TSA's red team results are public. Any motivated attacker can read the DHS Inspector General reports and know the failure rate. The deterrence evaporates when the target knows the odds.
The deterrence only works on people who don't know it's theater. And the people you most want to deter are exactly the ones who've done the reading.
We're stuck. Israel's model works but can't scale and isn't politically acceptable here. The TSA model scales but fails nineteen times out of twenty. And the one attempt at a middle ground — SPOT — burned through nine hundred million dollars for nothing.
Which forces an uncomfortable conclusion. We may be stuck with theater because the alternatives are either politically unacceptable or logistically impossible. The question becomes: what's the least bad version of theater that still catches the five percent?
Ben Gurion's approach is instructive here even if we can't copy it wholesale. It's not just the interview — it's layered security. Behavioral profiling plus explosive trace detection plus reinforced cockpit doors plus armed air marshals. Multiple imperfect systems that together create a harder target than any single measure.
That might be the actual path forward. Not replacing theater with something else, but stacking enough imperfect layers that the gaps in one are covered by another. It's not elegant, but it might be the only thing that works at scale.
What does all this mean for someone who's actually standing in a security line at six in the morning, holding a plastic bin, trying to remember if they took their laptop out? Because that's where the rubber meets the runway.
First thing: understand what the checkpoint is and isn't. It's a deterrent theater, not a barrier. Your actual safety on that flight depends far more on the reinforced cockpit door — which is probably the single most effective measure implemented after nine eleven — plus whatever air marshals might be aboard, plus the basic reality that every passenger now knows the cockpit isn't accessible. The screening line is one layer, and not the strongest one.
That's not to say it does nothing. It catches the five percent. The completely unprepared, the wildly obvious. But if you're a frequent flyer, the mental model shouldn't be "this checkpoint is protecting me." It should be "this checkpoint is filtering out the lowest-hanging fruit while I wait in line.
For policymakers, the uncomfortable truth is that the ninety-five percent failure rate isn't acceptable, but neither is the Israeli model wholesale. The path forward is probably what Ben Gurion demonstrates without the parts we can't import — layered security. Multiple imperfect systems stacked together. Explosive trace detection, behavioral observation that's actually trained and not the SPOT disaster, reinforced doors, air marshals, passenger vigilance. No single layer has to be perfect if the layers cover each other's gaps.
It's the Swiss cheese model, basically. Each slice has holes, but you stack enough slices and the holes don't line up.
And that's a more honest framework than pretending any single checkpoint procedure is going to stop a determined attacker.
For everyone listening, here's the thing I want you to do next time you're in that line. Pay attention to what's actually being checked versus what's being performed. The shoe removal — we've been doing this for over two decades now, ever since Richard Reid tried to light his sneakers on fire in two thousand one. There's no evidence the ritual prevents attacks. It persists because removing it would require an administrator to take a risk, and nobody in that position takes risks.
The liquids rule — three point four ounces or less, all in one quart-sized bag. Implemented in two thousand six. That's twenty years old now. Twenty years of tiny shampoo bottles because of a plot that was disrupted in London before anyone got on a plane. Is it making you safer, or is it just making you feel safer?
The thing is, those aren't always easy to separate. The feeling of safety has real value. Panicked passengers don't fly, airlines lose money, the whole system seizes up. I'm not saying the rituals are pointless. I'm saying we should be honest about what they're actually doing.
The acid test is this: ask yourself, for any given security procedure, "would a motivated attacker who's read the public reports be stopped by this?" If the answer is no — and for most of the rituals, it is — then you're looking at theater. That doesn't mean it's worthless. It means its value is psychological and political, not operational.
Once you see it that way, you can't unsee it. Every time you take off your belt, every time you pull out your liquids bag, you notice that you're participating in a ritual that's primarily for you, the passenger, not for the attacker. The attacker already knows it doesn't work.
Which brings us back to the question that reframes the whole experience. Next time you're standing in that line, ask yourself: is this making me safer, or is this making me feel safer? They're not the same thing. And the difference between them is the entire history of airport security in one question.
If we accept that some level of theater is inevitable — and I think the evidence forces us there — the question shifts. It's no longer "how do we eliminate theater." It's "what's the minimum effective dose." How much performance do we actually need to maintain whatever deterrence value still exists, without burning eight billion dollars a year on rituals that everyone in the security studies community knows are hollow?
That's the optimization problem nobody's running. We keep adding layers without ever asking whether existing layers are pulling their weight. The shoe thing, the liquids thing, the belt thing — each one has a cost in time and attention and public patience. But nobody's measured whether removing one would actually change the threat surface.
Here's where the future gets interesting. AI behavioral analysis and biometric screening are maturing fast. We're approaching a point where automated profiling might offer a third option — something that's scalable like the TSA model but more targeted, and arguably less biased than human judgment.
Arguably being the operative word.
The pitch is that an algorithm doesn't get tired, doesn't have a bad day, doesn't profile based on skin color unless it's been trained on biased data. And even if you solve the bias problem, you've just created a system that watches every passenger's micro-expressions, gait, pupil dilation, heart rate — and makes a threat assessment before you reach the metal detector. The privacy and civil liberties questions that raises are enormous.
It's the panopticon with a boarding pass. And we'd be trading one set of problems — human screeners who miss ninety-five percent — for another set — a surveillance architecture that never blinks and never forgets. Whether that's a better trade depends on how much you trust the people building the algorithms.
How much you trust the people regulating them. Which, given the track record of congressional oversight on TSA programs — SPOT being the nine hundred million dollar cautionary tale — doesn't exactly inspire confidence.
The third option might be coming, but it's not here yet, and it brings its own baggage. Which leaves us, for now, with the tension we've been sitting in this whole conversation. Theater that we know is theater, but that we keep performing anyway.
That brings me back to your flamethrower story. You said something earlier that I haven't stopped thinking about. You spent that flight terrified — not of getting caught, but of what could have happened if someone else had done it intentionally.
That's the part that stayed with me. I wasn't scared of the consequences for me. I was scared because I'd just demonstrated, completely by accident, that the system had a hole in it big enough to walk a weapon through. And if I could do it without trying, someone who was trying could do far worse.
That fear is real. It's not irrational. The threat exists. The question is whether we're spending eight billion dollars a year to address the fear or to address the threat. Because those are different things, and they require different solutions.
The fear wants rituals. The threat wants detection. And right now, we're mostly paying for rituals and calling it detection.
That's the uncomfortable place to land. Not a resolution — I don't think there is one — but a clearer picture of what we're actually buying when we fund airport security. The picture includes some real protection. The reinforced cockpit doors, the air marshals, the occasional five percent catch. But mostly it includes a performance that keeps the flying public calm enough to keep flying.
If this episode made you think differently about something you experience every time you fly — and I suspect it might have — share it with someone who needs to hear it. Leave us a review wherever you get your podcasts, or send us your own airport security story. We're at show at my weird prompts dot com.
Now: Hilbert's daily fun fact.
Hilbert: In the nineteen twenties, researchers studying orb-weaver spiders in Belize discovered that their silk produces ultrasonic acoustic emissions when stretched — effectively turning the web into a sound-producing instrument that vibrates at frequencies far beyond human hearing. The tighter the strand, the higher the pitch.
A web that sings to itself.
In frequencies we can't even hear. unsettling and beautiful in equal measure.
This has been My Weird Prompts. I'm Corn.
I'm Herman Poppleberry. We'll catch you next time.