Homeland Insecurity by Charles C. Mann in The Atlantic, September 2002:
Indeed, Schneier says, Kerckhoffs’s principle applies beyond codes and ciphers to security systems in general: every secret creates a potential failure point. Secrecy, in other words, is a prime cause of brittleness – and therefore something likely to make a system prone to catastrophic collapse. Conversely, openness provides ductility.
From this can be drawn several corollaries. One is that plans to add new layers of secrecy to security systems should automatically be viewed with suspicion. Another is that security systems that utterly depend on keeping secrets tend not to work very well. Alas, airport security is among these. Procedures for screening passengers, for examining luggage, for allowing people on the tarmac, for entering the cockpit, for running the autopilot software – all must be concealed, and all seriously compromise the system if they become known. As a result, Schneier wrote in the May issue of Crypto-Gram, brittleness “is an inherent property of airline security.”
Secrets are not the only thing that makes the system brittle; as the passengers are made more helpless, any sharp object smuggled in is made more powerful. Schneier goes on:
“The only ideas I’ve heard that make any sense are reinforcing the cockpit door and getting the passengers to fight back.” Both measures test well against Kerckhoffs’s principle: knowing ahead of time that law-abiding passengers may forcefully resist a hijacking en masse, for example, doesn’t help hijackers to fend off their assault. Both are small-scale, compartmentalized measures that make the system more ductile, because no matter how hijackers get aboard, beefed-up doors and resistant passengers will make it harder for them to fly into a nuclear plant. And neither measure has any adverse effect on civil liberties.