Identifying Terrorists Before They Strike

October 4, 2001 by Steve Kirsch

Brain fingerprinting, a technique proven infallible in FBI tests and US Navy tests and accepted as evidence in US courts, could accurately identify trained terrorists before they strike. Had it been in place on September 11, it would have prevented all of the attackers from boarding the planes, says Infoseek founder Steve Kirsch.

Version 6 Originally Published October 2, 2001. Published on October 4, 2001.

Abstract: Brain fingerprinting, a technique proven infallible in FBI tests and US Navy tests and accepted as evidence in US courts, can be applied to a new problem: the problem of accurately identifying trained terrorists before they strike. Had it been in place on September 11, it would have prevented all of the attackers from boarding the planes. It is the only technology for preventing other terrorist attacks before they are carried out. For example, it is the only system that will allow us to accurately identify all members of al Qaeda so we can keep them off our planes today and prevent them from entering our country.

The “computerized security screen” described in this paper and the calculation of test results are all done totally under computer control; testing requires no human intervention and no human interpretation. In the case of the FBI tests, 100% of the determinations were correct. There were no false positives, no false negatives, and no indeterminates. Eight years later there is still no other technology or manual screening that comes close to these results. Brain fingerprinting has been used to exonerate and well as to convict and it has succeeded in difficult cases where all other methods have failed.

In this document, we describe how, by combining brain fingerprinting technology with iris identification, we can construct a system that combines high security with convenience. It is a system that cannot be fooled, can probe more areas than a typical manual screen, and is dramatically more convenient and more accurate than manual security questioning. The system described here is much more than just a high-tech, more effective version of the security questions that they ask on El Al flights. In addition, it also provides instant positive authentication at very low cost virtually anywhere in the country. So you get the benefits of an in-depth security screen everywhere in the country without cost or inconvenience.

In our system, you are given a 10 minute computerized security screen only once every few years (and when necessary if a new threat is identified), to determine your “security risk profile.” This can be done on the day of travel or anytime in advance, at your convenience. Once your data (your iris data, name (optional), and brain fingerprint security screen test results) are entered into a federal databank, it is inexpensive and quick (under 1 second) to authenticate you at airports, sports arenas, public buildings, etc. In fact, only an Internet connection (which could be wireless) is required for authentication. Where iris scans are cost prohibitive, an ID card used in conjunction with a biometric sensor (such as fingerprints, hand geometry, etc) can be used to achieve nearly equivalent speed, convenience, accuracy, and confidence. Depending on your risk profile and the current entry policy of the place you want to enter, you may or may not be allowed access.

The system does not violate anyone’s civil liberties. Unlike a human screener, it cannot discriminate on the basis of race, creed, color, sex, religion, etc. It is not a psychological profile. The computer cannot determine how you feel about anything. It is best equated to an automated version of the Yes/No security screening questions we have today. Essentially, it is nothing more than a sequence of “Have you seen this item before?” questions. Each test is randomly selected but you may review the types of questions in advance and you may choose to halt the test at any time. Your answers cannot be used to incriminate you.

The association of iris data and your name is strictly optional and at your discretion (unless you have been arrested). You may choose to be tested totally anonymously without having to produce any ID whatsoever. So this is actually more protective of your privacy than many of the existing security screens that we accept today.

In order to account for possible negative public perception caused by a lack of understanding of how the system works, the system should be phased in over at least a year, and a manual screening option should be available during this public phase-in acceptance period. Since all the terrorists in the 9/11 attack arrived from outside the country, we could first require its use on all people seeking entrance into the US from outside the country (regardless of whether they are US citizens or not). The President and members of Congress should also be screened before it is required of the general public. However, for maximum effectiveness, the system should be adopted at all airports world-wide so that we can restrict the movement of terrorists without restricting the movement of the public at large.

Other benefits accrue from this system as well. Iris scanners are already installed and in use today at select airports and sports arenas. By requiring their use at these places, the FBI can not only keep terrorists from entering, but can capture a suspect for arrest or questioning. An iris scanner can tell the operator to have security hold a suspect that the FBI has tagged in the iris database. Alternatively, the FBI can just use this information to track the movements of suspects without arousing suspicion. All of this is impossible to do today. A national iris databank can also be used for many positive things such as uniting parents with children.

It is critical that the US government provide the funds to commercialize the use of brain fingerprinting to identify terrorists, because it is the most cost effective way to combat terrorism in the US. However, without leadership from the FAA to require the use of this system at US airports, this technology will not be commercially developed on its own for this particular use.

Unlike most other approaches, the approach described here provides a potent weapon on the war against terrorism while actually increasing customer convenience and enhancing security against a wide range of attacks making it at least 1,000 times more difficult for a terrorist to escape detection . At worst it adds only 1 second per authenticated entry and typically only 10 minutes for a re-screening once every few years.

All the underlying technology necessary to implement the system described in this document exists today; it just needs to be packaged for this new application and installed in airports. In less than 90 days from receipt of a request from the FAA, FBI, or Department of Transportation, we can prove the concept is effective at identifying terrorists with over 90% certainty for $100K (99.9% confidence is possible but will take more than 90 days). We can construct a prototype “airport scenario” (construction of security screening booths, creation of all security checkpoint types, and creation of software needed to run a large airport) for less than $50M in less than 24 months. All the technology is off-the-shelf and it’s just a packaging, programming, and system integration problem. By capitalizing on new technologies, a system using the approach described here could be put in place at all airports in the US in less than 4 years at a total one-time capital equipment cost of under $1B, the majority of which can be funded by private industry (the federal government would set the standards and certify the manufacturers and periodically test and certify the machines themselves).

Once the system is in place, the cost to install additional authentication security checkpoints can be as low as $300 per station. Since the system does not require labor beyond the personnel who are already manning security checkpoints, check-in desks and boarding gates, and because Internet connectivity is so inexpensive ($1K per month for a high traffic airport), the system described here does not appreciably increase annual operating costs to run an airport.

This system isn’t perfect. It might allow 1 terrorist in 100 through. Is there any other system that can determine an exact count of the number of terrorists on a plane? Brain fingerprinting may sound silly, but consider the alternative. Our next attack could be far worse. How many more people will lose their lives before we take action? A million?

Is there a better alternative for protecting innocent lives?


Suppose you are in charge of security at the Super Bowl.

You’ve just received a call from the FBI that US intelligence has determined that 10 terrorist members of al Qaeda are among the 50,000 people who will be going into the stadium on game day.

Your job is to keep only those 10 people from entering the stadium while letting everyone else in.

You must make a determination on each person in 1 second in order to accommodate and seat the crowd in time.

How do you do it with 100% accuracy?

Surprisingly, this seemingly impossible task can be done! And it can be done even if we don’t know the exact number of terrorists and if we don’t even know what organization they are from! In fact, it can be done without a call from the FBI at all! This document explains the basic concepts of the approach and in the Appendix is the detailed answer for this particular case. Of course, many other scenarios are possible. This is only a very simple example of how the technology can be applied in all sorts of situations where we have no advance warning of a threat, but just want to make sure that we can exclude terrorists from admission.

The problem is bigger than just airport security

Our war is on terrorism. But we can’t guard every vulnerability against terrorists. That’s too expensive, too impractical, and too inconvenient. Despite all our high tech gizmos and security personnel, we can’t even guard a single airport effectively. For example, there was not a single airport in the country that the special FAA “red team” (featured on 9/16/2001 on 60 Minutes) couldn’t easily penetrate.In addition, they were able to sneak a typical terrorist weapon (a modular bomb unit) past security in 60 tests (they were stopped once, but talked their way out of it). So we inconvenience everyone while the terrorist waltzes right on through with a common bomb. Not only that, but we’re making it even easier for a terrorist to control a cabin by completely “disarming” the passengers; we’re removing any “weapons” that passengers could use to retaliate against terrorists!

Even if our airport security was 100% perfect, it could not defend against a terrorist who could rent a small plane, land at a secret location, load up the plane with explosives, approach a major airport, and then at the last minute on the final approach, swerve into a parked jetliner loaded with fuel, and blow up an entire terminal.

We can incur a major expense guarding against a 9/11 style attack, only to find that while we were diverting resources and attention to one security hole, the terrorists just exploited another. A trained hijacker can slit your throat with a credit card. We can never close even a small fraction of the holes without severely impacting the freedom of all honest people and without severely impacting our economy.

We need a system that, at a minimum, would have thwarted the 9/11 attack

Unlike most systems, the system described in this paper, if it had been in place in September, would have likely thwarted the 9/11 attack. It would also have likely thwarted the more difficult to defend against scenario described above. And it would thwart any attempts to repeat the 9/11 attack. It does so very simply: it identifies anyone with terrorist training and prohibits them from boarding, renting, or buying an aircraft or receiving flight instruction.

Of course, no single technique is perfect. But the cost effectiveness of the technique described here dwarfs all other approaches because it is both low cost, minimally disruptive (it would add a second to the ritual you currently have to go through when you check in and in many ways it will be more convenient), and is applicable to a wide variety of threats, making it at least 1,000 times more difficult for a terrorist to succeed in most cases (a typical brain fingerprint is 99.9% accurate in each area probed).

The approach we take is to use high technology to identify which people are “security risks”

Fighting terrorists by trying to secure each possible threat is a losing battle. It’s a lot like trying to get rid of ants in your home by sealing up all the cracks. You’ll never succeed. However, the same technique that is the most effective in eradicating ants in your home can be used to eradicate the threat of terrorism in the US.

In general, the most cost effective way to combat terrorism is to do three things:

1. Deny entrance to our country to people with a high security risk profile

2. Determine which foreign nationals currently in the US have an unacceptably high security risk profile (e.g., members of al Qaeda) and expel them

3. Determine which US citizens have a high “security risk profile” and, if they are unable to lower their risk profile using one of the methods described below, restrict their privileges based on their risk profile (e.g., we might only allow air passengers who are trained to fly a commercial jet if there are no other “risky” profiles on the same flight; and we might deny flight training, airplane rental or purchase, to anyone with a “risky” profile or we might require the presence of a sufficient number of air marshals to counter the risk profile of a given flight).

“Security risk profile” is just a fancy term for the results of a security screen that El Al puts all their passengers through and that we should be putting all our passengers through.

Unfortunately, currently deployed methods for determining whether someone is likely to be a terrorist are ineffective and expensive. It would require an army of trained interrogators, would be subject to human error on the part of the examiner, could be fooled by a well trained terrorist, would be very expensive, would not work well on people who do not speak the language of the interrogator, and would be a major passenger inconvenience. So we like the benefit, but we just can’t afford the cost.In addition, the Bush administration wants federal agents to be able to detain immigrants indefinitely if they are suspected of “lending support” to terrorist organizations but critics say the standard is disturbingly vague. Our system addresses all of these problems.

The system described here is much more than a highly automated and incredibly more accurate version of the “manual security” screen that El Al does. Unlike the El Al procedure, it can be done in a fraction of the time and expense of the manual procedure. It has all the benefits we need and more: it cannot be fooled, it can test all known terrorist risk items accurately, it does not get fatigued, it does not require human interpretation, intervention or monitoring. All this is available to us at a price far less than the costs we are now paying to provide today’s (minimal) security. And because it’s objective and quantitative (rather than just qualitative), the federal government can set a specific number in legislation and remove the ambiguity we just described, e.g., we can detain indefinitely any immigrant who scores 90% or better on 2 or more terrorist risk factors. Furthermore, the security profile can be easily shared to enable authentication at other sensitive locations at minimal cost with very high accuracy.

Brain fingerprinting is the only technology available today capableof accurately screening people against known terrorist risk factorsWe can apply a technique known as “brain fingerprinting” that has already proven by the FBI to be 100% accurate in related applications to our new application: determining the “security risk profile” of any person in the country. That doesn’t require a large leap of faith since a terrorist is part “agent” and part “murderer” and brain fingerprinting has already proven effective at detecting both areas (distinguishing FBI agents from non-agents and murders from innocent people). The inventor of brain fingerprinting, former Harvard Medical School faculty member Dr. Lawrence Farwell, has verified that we can screen a person against “known terrorist threats” in as little as 10 minutes using this technique. Of course, the 10 minute screen would be a fairly basic level screen to uncover any obvious “risk factors” such as knowledge of certain basic terrorist techniques. Depending on the public tolerance for such screening, the length of the screen can adjusted in either direction, although 10 minutes is probably the minimum.

How it works

The key elements of our terrorist risk identification system are:

  • Once every few years, each person who wishes to travel puts on a headset and watches video images for 10 minutes. This action allows us to establish a “security risk profile” and tie that profile to his iris data. We also scan other biometric data for use in authentication at gates and ticket counters. Optionally an ID card is produced by the system to aid in identification. There are banks of these machines set up in airports, just like telephone booths. They can be used at any time to enroll people (not just day of flight). A single enrollment is like a driver’s license; it is good for several years. However, in the event of a new threat, you must come back to the machine and get an “incremental scan” to update your risk profile to cover the latest threat (it may be required immediately or there may be a grace period, depending on the urgency of the new threat).
  • On each trip, a person presents his ID number so that the agent (ticket counter, gate, etc.) can do a human “facial recognition” against the data stored in the federal computer. Or, more likely, a person scans his ID card in a magnetic scanner, presents the requested biometric data (e.g., hand geometry), and if they match, he’s the person who he claims to be.
  • The main security gate at the airport (where the metal detectors are now) is augmented with an iris scan device. A traveler glances into the unit and in less than 1 second, the unit scans his iris and looks up his security risk profile in the federal database. If the government determines that his profile is allowed to fly, he is granted access to the terminal and his biometric data is enabled to board a plane (assuming the airline has also enabled him for that flight). The government may also determine that for this risk profile, rather than denying boarding altogether, that a special manual screen or special restrictions is required for this person to fly (e.g., no carry on permitted, etc.).
  • The airlines may also determine that there are too many risky profiles on a given flight and be allowed to either a) bump the passenger or b) require one or more air marshals to be on board. Hence, we can just adjust our defensive arsenal to match the security risk profile of the passenger base on each flight. So we might have no air marshals if everyone has a clean profile (which is the normal case).
  • By optionally adding smart cards, public key encryption technology and/or time-varying passwords, we can ensure that individuals control who can access their security risk profile. Or we can be fairly low tech with a system like PIN codes do now on ATM machines in order to release our data for a comparison. Furthermore, we can set up the system so that rather than an airport “reading” your entire security profile from the government, we can just allow them to present their security profile and ask the federal computer whether you “pass” or not. In that way, your specific profile information is never released to the airport. You have only authorized the airport to compare their security standards to your profile. This minimizes privacy concerns since only a “go/no go” information is released by the government to the airport, and only with your consent. For iris scans, your “permission” to release data is implicitly granted since you stared into the camera which is your implicit granting of consent to retrieve your record. For other biometric data, the your insertion of your ID card into a reader could constitute your consent for one release of your data from the national database; to do this right would require a smart chip and public key encryption, a might add a few seconds to the process. Entering a PIN code would make it even more secure but is probably overkill in this case (there would be no value to anyone of this information).
  • Since your photo and biometric data was entered into the federal computer, you can be authenticated anywhere in the world where there is Internet access (wired or wireless). If the agent doing the verification has an iris scanner, he’d authenticate you in 1 second. If the agent has a biometric scanner, he’d ask you for your ID card (or number if you forgot your card) and ask you to present the biometric data requested by his scanner, e.g., your palm. Or he could simply ask for your ID number and verify that the picture in the computer matches your face. The possibilities are endless. A $300 wireless PalmPilot could be used for this authentication for example. Biometric sensors cost as little as $60. This makes it possible to do authentication virtually everywhere at low cost. Again, if privacy is a concern, presence of the card or your iris data could be required to perform the lookup.
  • Lastly, for odd cases where the system mistakenly classifies you as a terrorist (e.g., you are an FBI agent specializing in terrorism), there is a way to have your profile reset correctly (see below for details).
  • The above is one possible configuration. Many other configurations and designs are possible.
  • Detailed information on this design is covered in the Appendix of this document.

Key benefits

Here are some key benefits relative to the alternatives (manual security questioning like El Al):

  • It’s more secure because 100% of passengers on the plane are screened by a machine and 100% were biometrically screened before boarding. It’s also more secure since any currently known intelligence risks can be factored into who gets to board the plane and the number of sky marshals on the plane can be adjusted to the risk level of the plane. Lastly, it’s much more secure since the computerized security screening is much more accurate than a human asking the same questions: the computer simply cannot be fooled. We’d never catch a terrorist with manual screening or by trying to detect the objects they are carrying. A terrorist’s most dangerous weapon is what’s in his head and this system disarms that.
  • It’s more accurate because everything is done by machine. There is no possibility of human error. The machines are self-testing as well as periodically inspected by federal agents. Any tampering would be detected by the machine and would place the machine offline until a federal agent could re-certify it (including check-summing the code, etc.)
  • It’s more convenient because it adds only 1 second to the air travel process and the 10 minute security screen was done only once every few years. Most people will be in the no-risk category, they can enter through the minimum security entrance, while others might have to enter through a high security entrance (e.g., having their items hand searched, being prohibited carry-ons, or being denied boarding altogether if the appropriate number of sky marshals are unavailable). The passenger can be “checked in” at the gate with an inexpensive biometric sensor so long lines should be a thing of the past. And there is no more problem with “I forgot my ID” or “I lost my ticket” because everything is tied to your biometrics. Lastly, those “arrive at the airport 3 hours early to check-in” can be avoided since most passengers will be pre-screened (they can do the 10 minute pre-screen at any time it’s convenient).
  • It’s less expensive because if everyone on the plane is a no-risk, there is no need for a sky marshal. Also, we’d save the huge cost of training people to do security screening questions (assuming we were to implement an El Al-style security screening policy in which each passenger is individually interrogated). We’d get the equivalent benefit of a 10 hour FBI grilling with a lie detector on every passenger for a fraction of the inconvenience and expense. The total system cost for everything is less than $1B, much of which can be privately financed. Authentication stations can be set up anywhere at low-cost. Using a wireless PalmPilot, an agent could key in your ID number, bring up your photo and perform an authentication by looking at you. In this case, it’s done without any biometric sensor at all. All that is required is an Internet connection. The biometrics are purely optional for additional speed and accuracy (less likely to make a mistake than a person doing a visual match).
  • It’s less intrusive because you don’t have to answer any security questions. You just put on a cap and watch TV for 10 minutes. The profiling is just a yes/no profile of certain knowledge you have. It is not a psychological profile and the data gathered cannot be used for psychological profiling (see more information below).
  • It’s more private because you can control who accesses your data and your data is not released to anyone. You just permit your knowledge area to be judged against the profile of the place you wish to enter. You get to choose whether or not you want to associate your security screening with your name, i.e., you can take the test anonymously without providing any identification. If you are arrested and charged with a crime, the police and FBI will be allowed to associate a name with your profile (which is not much different than the fingerprinting they do now when you are arrested). There are certain benefits to voluntarily associating your name with a profile; for example, at airport check-in, you wouldn’t need to present ID anymore; you wouldn’t need to carry any ID or even remember your ID number. But the tradeoff of convenience vs. privacy is totally under your control. If you don’t trust the government, don’t provide your name when you take the test.
  • It’s publicly acceptable because the alternative, a 1 hour manual security screening with an FBI agent with a 2 hour wait is a lot less palatable than watching TV for 10 minutes, especially if the public has been educated that it is nothing more than a sequence of “Have you seen this item before?” questions. Over time, it will become second nature. The public should love it because most people are legal and would want to be protected against threats. There is simply no downside to this testing if you are not a terrorist. You know exactly what questions are being asked because they are shown to you on the screen. If you don’t want to answer, you can remove the headband. You’d want the government to do this for your own protection.
  • It could increase your freedom. Today, you cannot carry a pocket knife on a plane. You can’t even carry nail clippers. Even the pilot isn’t trusted with a nail clipper (funny, we let him fly the plane, but we don’t trust him with a nail clipper, isn’t is?). Once the FAA is satisfied that the security screen works, if you have a “no risk” profile (as most of us will have), we can let you carry the items you used to be able to carry before 9/11. So your freedoms just got expanded in return for answering a few questions.
  • It’s more fair because unlike a human screener, the computer is completely blind to race, creed, color, sex, religion, etc. The test is completely objective. There is no human intervention or interpretation. It is not a psychological profile. The computer cannot determine how you feel about anything. It is best equated to an automated version of the Yes/No security screening questions we have today. Essentially, it is nothing more than a sequence of “Have you seen this item before?” questions. You may review the questions in advance and you may choose to halt the test at any time. Your answers cannot be used to incriminate you.
  • It would have prevented 9/11 and future 9/11 style incidents. We knew about bin Laden before the attacks. Had the system been in place, we could have done a security screen for bin Laden and not allowed more than one bin Laden knowledgeable person on any flight. Today, we can prohibit anyone from flying who has any inside knowledge of al Qaeda and specialized terrorist knowledge.
  • It aids law enforcement by allowing us to easily capture anyone we want to talk with or arrest, i.e., it creates a convenient and precise dragnet for capturing criminals. Suppose the FBI wants to contact someone for questioning. Or has found a suspect and wants to arrest them. Or maybe they want to just monitor their movements. Or maybe they have determined that that person should no longer be allowed to fly or be admitted to sporting events. This system allows the FBI to do all of this at any place where any biometric information is used for authentication. Immigration authorities can use the system to instantly ID whether an individual is a legal immigrant or not. If all citizens are entered into the database at birth, proof of US citizenship is no longer subject to fraud. While civil liberties advocates would argue that this particular application of the system could be abused by the government, the facts are quite the opposite since the effectiveness of the system depends upon the cooperation of the organizations with the scanners, e.g., the ballpark attendant could just ignore the signal to detain a person. So as long as our society feels that the balance should be in favor of protecting millions of lives, this will be an acceptable tradeoff. The system still leaves us in control, not the government.
  • Expanding the use of iris identification can accomplish good things for good people. The federal iris databank can be used for positive deeds as well as stamping out terrorism. We could iris scan all infants and parents at birth making abandoned babies a thing of the past. We could find out of Chandra Levy really did take a train or a plane from Washington before she vanished (saving a huge amount of police time spent searching Washington DC). We could use it to unite children with parents.
  • It makes it easier for you to buy tickets to anything. You can buy tickets to an event at the sports arena over the phone or over the Internet using your ID number. There is nothing to mail and no ticket to lose. You then just show up at the “FastPass admission gate,” glance into the lens (or present a biometric associated with your ID) and you’re in (it might then print a ticket for you to show you your seat). Super convenient and super secure.
  • It’s extraordinarily difficult for a terrorist organization to “train around” the test to avoid it. If the test was static, a terrorist group could avoid detection by ensuring that all of its members had no knowledge of what was on the test, e.g., if composite weapons were on the test, the terrorists would just avoid that and teach automatic weapons or bombs. However, because the content of the video is set by the federal government and because the specific test given to a person is randomly selected from a huge list of authorized images, it’s impossible for terrorists to “train around” the test because it keeps changing and is random and different for each person. In addition, the test can be adaptive, drilling down in an area that looks questionable. This is exactly like the El Al security questions (which start general and drill down randomly into an area). So in order to avoid detection, a terrorist group would have to avoid teaching any terrorist techniques. And without any training or knowledge, they won’t be very effective.
  • It will rarely keep even borderline people from flying if they are truly innocent. At first, we may end up giving a high risk profile to people who don’t really deserve it, e.g., an FBI agent or SEAL might know many of the same techniques as a terrorist as well as knowledge of specific terrorist groups, e.g., training camps, the al Queda motto, the leadership of al Queda. In these cases, where there might be ambiguity on the standard screen and where the programmed secondary screen still fails, these people can go through special screening terminals at the airport that would provide a different and extensive test so that their profiles would reflect their unique circumstances and backgrounds. The same would be true of former FBI agents, etc. Still there may be a few cases where people are given “unfair” security profiles. In this case, they can be scanned using special programs under selection by specializts. Another available alternative is that the airline just adjusts the number of sky marshals that they place on the plane to over power the security risk profile of the plane. In this way, we minimize the inconvenience of otherwise innocent travelers while only incurring additional expense when absolutely necessary.
  • It’s adaptable to new threats. As new threats are discovered, we can modify our screening thresholds and/or require people to “re-certify” on the incremental material. Depending on the severity of the threat, the re-certification can be required immediately, or within a 2 month grace window. So any threat, of any level of urgency can be accommodated using the existing testing infrastructure.
  • The timing is good. It will take a couple of years to put all the pieces in place so that this can be installed in airports. The government has a wide window in which to “time” the announcement to the public. In addition, a gradual phase-in period or “test period” at a single airport will help tremendously. Making travel more convenient with the new technology should be a major selling point to the public.
  • It doesn’t have to work perfectly…in fact, may not have to work at all! Deterrence is based on perception, not reality. It has only to work well enough to discourage any terrorist from trying to take the test and be identified. So if the technology doesn’t even work at all initially, but there are “changes” being made “daily” to improve the system, then how many trained individuals will a terrorist sacrifice to probe the efficacy of the system? If they get caught a few times, they will decide to go elsewhere.
  • Important Note: Instead of just fingerprinting and photographing people who are arrested, the FBI and local police should also start iris scan them for rapid identification at airports, etc. Anyone entering the country or traveling by air would also be entered.

Is this a perfect solution?

Of course, no single technique will solve the problem. For example, this technique does not work on blind terrorists who would need to be screened using other techniques (typically verbal interrogation) or exempted entirely from the system. We would want to exempt children from the system (if that creates a loophole that the terrorists try to exploit, we can lower the threshold as indicated by our intelligence gathering). We’d also want to make sure to provide all other countries this technology and training, especially our nearest neighbors, Canada and Mexico. Lastly, a typical brain fingerprint is only 99.9% confidence, so 1 out of 1000 terrorists might fool the system. Still, catching 999 out of 1,000 terrorists is way better than catching 1 out of 1,000.

What happens if it makes a mistake?

Is it possible for us to incorrectly identify someone as a terrorist who is not? Yes, it’s possible. But the worst that can happen is that he’s denied boarding until the problem can be straightened out by a federal agent at the airport. Not much different that how we handle “exception cases” today. And the more likely scenario is just that we increase security on the flight to match the perceived threat. So that even if the system makes a mistake, passengers are not inconvenienced. Is it possible for a terrorist to slip through? Yes, but we’ve made it several orders of magnitude harder.

The other factor is that if an error is made, it is done during the enrollment process which is normally done at a time convenient for the passenger. So if there is a problem with the scan, there is plenty of time to correct it…there is no flight to miss.

In summary, based on virtually any reasonable mix of criteria for deciding on a solution, this technique wins hands down: price, performance, accuracy, speed of deployment, effectiveness, minimum honest passenger hassle, privacy, etc.

Is this George Orwell’s “Big Brother”? A violation of civil liberties? Mind control? Nazi thought police?

Once we get over the weirdness factor and look at this logically and scientifically, this is really not that much different than taking the SAT. We were profiled about our knowledge (or lack thereof!) on verbal and math areas, we willingly submitted our test data only to the colleges we wanted to enter, and the colleges themselves determined what their cutoff profile was each year. We knew what was on the SAT test and we could stop taking the test at any time if we thought any of the SAT questions were getting too personal. We’re doing exactly the same thing here for air travel by probing, with yes/no questions, familiarity with techniques used by terrorists. You have all the same options you did when taking the SAT (quit at any time and advance knowledge of the questions). About the only difference is that you used a Number 2 pencil when you took the SAT, whereas in the 21st century, we can now bypass that step by recording your responses directly from your brain which saves your time (and eliminates mistakes). So in reality, it’s your mind controlling the equipment instructing it what answers to record on your behalf.

The questions we ask (by computer) are objective questions, probing whether the individual has specific knowledge in the area being tested (in this case, knowledge of terrorism techniques). It is nothing more than a sequence of “Have you seen this before?” questions. That means, for example, that:

If you don’t want to answer the question, you can simply press a button or remove the headband at any time you see a question you judge is too personal. So there is no risk that this data can be used for psychological profiling. We don’t even know who you are since your name is not required. If you don’t like the questions, you can press a button to halt the exam. You can even review all the material before putting on the headset. If you don’t like the questions, don’t take the exam. There is no possibility of “mind control” because the sensors used are passive EEG sensors that have been in use in the medical community for decades. In fact, your cell phone has far more potential to control your mind than this device does. It’s really the opposite here… it’s your mind controlling the equipment.

Some people may object that donning a device with brain-wave sensors is a personal privacy violation since they might fear it can be used by the government to probe things other than the “security questions” claimed by the government. It’s important to accommodate these objections by explaining how the system works and during the initial year of implementation (until the general public is comfortable with the procedure) by offering an alternative: you can wait in line to be screened by a professional screener. If you opt out of the computerized testing, you will still be iris screened (this is equivalent to taking your picture). The personal security screen will be similar to that done by El Al and take 30 minutes or more but you may have to wait 2 hours before you are seen. Given the choice, most honest people will use the machine, especially as we educate the public that it’s basically a fast way to take a Yes/No test of about 30 questions and that their test scores will not be released but only used as a comparison against the airline’s profile for the flight.

Can’t the government abuse this system?

No. To protect people’s privacy, we can let each individual choose whether or not to associate your security profile with your name. If you choose to remain anonymous, the system still works just fine (you’ll just lose a few conveniences like airport check-in without having to remember your ID). So unless you were arrested or you actively chose to make the connection with an identity, nobody can lookup your security information without your explicit consent (which you explicitly are giving when you agree to look into the iris scanner lens). The government is interested in protecting the lives of its citizens. Individual profiles don’t matter. All that matters is that we don’t let anyone with a terrorist profile on the plane. We don’t have to know who they are. We just need to disallow them from boarding.

So in fact, using this system protects your privacy more than all current screening methods! The reason is that the security officer looks at your photoID (or ticket) and asks you questions. He’s associated a name with your information. In contrast, the system described here can work without the association. It can be 100% effective without your entering a name into the system at all. It will just keep anyone with a terrorist profile from boarding a plane. It need not have any knowledge of a name. The only exception is that if you are arrested, local law enforcement and the government will have the right to associate your name with your iris data, in much the same way they currently have a right to associate your name with your fingerprint data.


The prime directive of any government worthy of the name is the physical protection of its citizens. To this end, government is obligated to develop and implement any and all measures that ensure safety from all internal and external threats. This system accomplishes that while simultaneously protecting privacy and increasing convenience.

Whatever our government decides the tradeoff should be between cost, accuracy, and convenience, we can design a system to meet those parameters using the basic system design outlined above. The advantage of our system is that it both increases security and increases passenger convenience at the same time (only the terrorists are inconvenienced). The system can be programmed as we learn about additional terrorist threats, so it is adaptive to our latest intelligence. If our intelligence indicates a certain operation is imminent, we can deny or restrict access of those with a high risk profile that matches the threat rather than doing complete shutdowns as we do now. While this is the most most cost-effective way to combat a wide range of future terrorist threats, like any other system, it is not 100% foolproof. It is, however, a giant step in the right direction because it makes it at a minimum 1,000 times harder (and more typically over a billion times harder as shown in the Appendix)for a terrorist to operate undetected.

We knew about bin Laden and his threats to do something really big for months before the disaster; we could have used this technique to identify people with an association with bin Laden and prohibited more than two people with the association to be on the same plane. After the fact, we can do screens for al Qaeda network members, people with commercial jet piloting expertise, people with knowledge of composite weapons, etc. so we can do an even more thorough job of preventing a 9/11 attack. There is no other technology alone or in combination that could have prevented the 9/11 attack or prevent its reoccurrence using exactly the same modis operandi.

A pilot demonstration showing how well the system can discriminate between terrorists and normal passengers can be assembled for less than $100K and accomplished in less than 3 months. We can then compare the results the machine can accomplish in 10 minutes to a 10-minute interrogation by a trained FBI agent to see which system performs better. A prototype of a fully automated booth for doing automated passenger screening could be built by a variety of defense contractors for well under $10M. A whole “prototype airport system” (iris scanners, biometric sensors, passenger security screening booth, federal database software, etc.) could be put together for well under $50M or less (many participating companies may even donate their services) in about 12 months time. What specific additional information do we need to allocate the funds?

Brain fingerprinting may sound weird to people at first, especially before the science is explained to them. However, we must consider the ramifications of not pursuing this option. The computerized security screening described here may save thousands or potentially millions of American lives. It may save your own life. Is a little weirdness too high a price to pay for that benefit?

Detractors might argue that this system isn’t perfect, but perfection is not the issue. The issue is, if you don’t like this system, then what system do you propose that can identify terrorists more accurately than the system described here? Is there a better system for determining an exact count of how many terrorists we are putting on each plane? Why not do an objective test? Implement this system (total cost $100K; ready in 90 days) and the next best alternative and see which system performs better. What’s to lose? How many more Americans must die before we take action?

The decision of whether or not to deploy this system in practice does not need to be made now. In fact, in a couple of years from now, there may be so many terrorist incidents that the public may demand such a system. But in order to have that option, we must decide today whether we want to have that choice. Why not give ourselves the option? It will cost us less than $50M over the next 2 years and has the potential to save millions of American lives and millions of American jobs. Is that too high a price to pay?

The most recent version of this document can be found here.


See Appendix- Identifying terrorists before they strike, which contains additional information including:

  • The answer to how to solve the Super Bowl scenario posed at the beginning of this document
  • System configuration details (many configurations are possible)
  • Why this isn’t a violation of civil liberties
  • Why this isn’t psychological profiling
  • Cost estimates for prototypes and deployment for each system component
  • Brain fingerprinting advantages
  • Why in the typical case, this will make it a billion times harder for a terrorist to escape detection
  • Iris scan advantages (and why the iris is the ideal biometric identifier)
  • Details on how brain fingerprinting would work in this situation (beyond the info on Farwell’s site)
  • Why the FBI isn’t pursuing this now (and why the leadership of the FBI or FAA must be involved for this to go anywhere)
  • The potential for additional technological breakthroughs in brain fingerprinting
  • A much shorter write-up of this concept may also be found here; however, this article contains a number of things I don’t agree with such as requiring it of foreigners but not our own citizens; that won’t work because a) terrorists can easily fake US passports and b) it’s somewhat counter to American values of treating all people equally. Instead, if we phase it in, we’d do so by requiring it of anyone entering the country, US or foreign national, which is especially important due to reason (a).

  • Subject reveals covert knowledge by brain responses to probe phrases


Subject reveals covert knowledge by brain responses to probe phrases