Bruce Schneier
Schneier on Security
A blog covering security and security technology.
« Privacy and Power | Main | Searching for Terrorists in World of Warcraft »
March 11, 2008
FAA Badges Missing
I don't know how big a deal this really is, but it is amusing nonetheless:
According to the investigation, 122 Federal Aviation Administration safety inspector badges have been stolen or lost in the past five years. The credentials are one of the few forms of identification that give complete and unfettered access to airport facilities, including the cockpits of planes in flight."The FAA badge is probably of all the badges just as dangerous if not more so than any other," aviation expert Denny Kelly said.
Kelly, a former commercial pilot and a private investigator, said the badge can give a person free access to nearly every secure area of an airport.
"The FAA badge allows you not only on one airline, plus getting through security, it allows you to get on any airline, any airplane, anyplace," he said.
Posted on March 11, 2008 at 11:14 AM • 30 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Dscho • March 11, 2008 11:47 AM
This makes me wonder: when will people actually stop making such a big fuss about identification?
I mean, I heard of a barbecue (on a military base, but still, just a friggin' barbecue!) where you had to show your ID to get your steak.
Identification will not help us, but only make (some of) us feel more secure. Just another security theater.
In this case, however, it shows just how dangerous it is to not give a darn about how much sense it makes: it is actively hurting that people will not question the wearer of an FAA badge.
moo • March 11, 2008 11:52 AM
We should spread the notion that anyone with an FAA badge might be a terrorist. Station a TSA employee outside the cockpit door on every flight, with instructions to strip-search anyone who approaches the cockpit wearing an FAA badge. Then we will all be *safe* from the terrarists !!1
Maurice • March 11, 2008 12:09 PM
hmm they dont change the look of teh badges every 18 months or so.
derf • March 11, 2008 12:18 PM
The TSA should make FAA badges "contraband", confiscate them, and sell them on eBay too.
grayputer • March 11, 2008 12:20 PM
OK, someone has to say it.
Badges, we don't need no stinking badges.
Photograph • March 11, 2008 12:29 PM
What's wrong with linking the badge number with the FAA employee's photograph? How about putting the FAA employee's photograph on the FAA badge, like a driver's license?
You say the perp can just forge an entire badge beforehand, like a forged driver's license? There are anti-forgery technologies used for preventing driver's licence forgery. Use those technologies when creating FAA badges.
How is the perp going to get through when his face doesn't match the face linked to that particular FAA badge # in the database? He'll have to forge a badge AND hack the db.
Patrick Cahalan • March 11, 2008 12:31 PM
Badges... we
Oh, grayputer scooped. Oh well, it's tired anyway.
@photograph
You're joking right? You're just being facetious?
You really thing anyone cares to look at those badges? Really? Esp. the FAA badges. "It says FAA, they gotta be a good guy"
I think this is brilliant though, all the reliance on identity cards - this could turn around nicely on them. But we know it won't.
Alan • March 11, 2008 12:52 PM
It just goes to show that nobody should mindlessly accept identification outside of proper context - trust, but verify. For example, at a TSA Security Checkpoint you expect to have TSA screeners; if a TSA screener approached you elsewhere and wanted to check your luggage or person, the appropriate thing to do would be to return to the nearest security checkpoint. That's verification, and nobody in authority who is worthy of their position should object. It is part of the balance of privacy and power.
In this case, if someone shows you FAA ID "out of context" (where or when they weren't expected), verify them by telephone etc. That should be de rigeur, standard procedure for both parties.
As a different kind of example, I always thank TSA screeners for the work they do once they have cleared me. I don't like having to go through it, but I appreciate that someone is at least trying to generally do the right thing in protecting air travel. The response I get is always surprise and genuine appreciation: "I don't hear that very often!"
By the same token, an FAA inspector (in this example) should appreciate that he gets verified as evidence of good security practices -- and should even demand it.
Roy • March 11, 2008 12:52 PM
We all know what happens to people who challenge badgeholders. Los Desaparecidos.
Mirar • March 11, 2008 1:27 PM
"...any airline, any airplane, anyplace..."
Is the FAA badge useful outside the US?
Official FAA use of badges and required forms is here:
http://rgl.faa.gov/...
There are additional documents and processes that must be followed. Someone can't simply flash a badge and be allowed full, unrestricted, escorted acess to the AOA and SIDAs.
Photograph • March 11, 2008 1:35 PM
@jk
"You really thing anyone cares to look at those badges? Really? Esp. the FAA badges. "It says FAA, they gotta be a good guy" "
Are you kidding? You can't swing a dead cat without hitting some minimum wage airport employee who would absolutely LOVE to get yet one more bit drunker on his 'five-dollar-an-hour-power' by being charged with the responsibility to check, and spot-check, these guys' badges, with impunity.
They would PAY to have a job like that. "Excuse me, sir! Sir! SIR! You must obay my awthoritay! Show me your ID!"
Anonymous • March 11, 2008 1:40 PM
> I mean, I heard of a barbecue (on a military base, but still, just a friggin' barbecue!) where you had to show your ID to get your steak.
That doesn't strike me as silly at all. Seriously. That's a nice convenient way of making sure nobody shows up ripping off your good steaks.
Unless it's Area-51 or something like it I doubt nobody non-personnel could be there.
The article implies, but does not directly say, that this came to light because of the NBC5 investigation, and the FAA's new measures are in response to that. Do you know if that's the case? Or had the FAA already found the problem and put those measures in place before the media outed them?
Kevin D. S. • March 11, 2008 2:02 PM
> I mean, I heard of a barbecue (on a military base, but still, just a friggin' barbecue!) where you had to show your ID to get your steak.
Its more likely an accounting for meal card holders. Not unusual at all. Meal card holders don't pay but all others do.
> That doesn't strike me as silly at all. Seriously. That's a nice convenient way of making sure nobody shows up ripping off your good steaks.
Impossible, the military doesn't BUY good steaks. Just ask anyone on the meal card! ;)
Rentacop badges have rounded edges • March 11, 2008 4:32 PM
Hey, you can cut yourself on one of those FAA badges!
Infosponge • March 11, 2008 9:53 PM
FAA badges carry the employee's photo.
Determining how closely badges and badge holders will be inspected for photo-face mismatches is left as an exercise for the reader.
Andrew • March 12, 2008 1:18 AM
Vastly amused by this from the link. Apparently FAA has been having trouble with our buds at TSA too:
c. Encountering Security Personnel. Use of the following procedures will assist an ASI in resolving issues which might otherwise prohibit or delay performing official duties. These procedures will also help depersonalize the dialogue between the ASI and the airline or the ASI and security personnel. By following this guidance, an ASI will demonstrate adherence to established procedures and will avoid having to interact with the airline and security personnel on a subjective and sometimes adversarial level.
(1) When entering a SIDA, an ASI must adhere to the following general procedures:
· An ASI should properly identify themselves to the questioning airline or security person by presenting the FAA credential (Form 110A).
· If further resolution is necessary, an ASI should request that the airline’s and/or TSA security employee’s supervisor be contacted. Once the supervisor arrives, the ASI should present the FAA credential.
· If the issue is not resolved at the supervisor level, request that the TSA Assistant Federal Security Director (AFSD) (for checkpoint screening issues) or Ground Security Coordinator (GSC) (for all other issues) for that particular concourse be contacted. The GSC or AFSD should be intimately familiar with the [Plan] and the [Program] and should recognize the authority signified by the inspector’s FAA credential.
· If the issue is not resolved at the GSC/AFSD level, the ASI should contact the TSA Federal Security Director (FSD) assigned to that airport. Explain the situation to the FSD and ask for assistance in gaining access to the sterile/secure area.
· If the issue cannot be resolved by the FSD, the ASI should call the FAA Regional Operations Center (Table 1) for the region of their assigned office and ask for specific guidance.
Sparky • March 12, 2008 3:36 AM
@Andrew: I doubt this procedure would solve anything, unless the person checking personally knows the TSA AFSD on duty. Otherwise anyone wanting to gain access would only need an accomplice who impersonates the TSA AFSD (which, granted, might be slightly more difficult).
greg • March 12, 2008 5:37 AM
So to those who ID's do us no good. How exactly do we identify personal? Just let anyone who claims to be an engineer work on the engines? Anyone who claims that they are a inspector inspect?
There must be some form of identification.
@alan
I can see the movie title now, Badgers on planes
bob • March 12, 2008 8:44 AM
Holy crap, this means there are hundreds of people out there who, without any warning to the rest of us, could eat bad food (for a nominal $12 fee), be delayed, treated like dirt and have their luggage lost - and not even have to pay a cover charge for it!!! Positively unamerican!
Photograph • March 12, 2008 11:28 AM
@Infosponge
"FAA badges carry the employee's photo."
If this is true, then "122 stolen or lost badges" is nearly a non-issue.
The only vulnerability is the incompetence of the government agency employees in not recognizing that a 5'9" white male proferring a badge with a photo of a 5'2" black female, is a problem.
Yet another problem that could be solved much better by the free market. What a surprise.
Keith • March 12, 2008 1:43 PM
For a long time running errands to court I wore an ID badge that had a picture of my dog on it. Her coloration, if you didn't look too closely, was similar to mine, so it worked. The one time it didn't was when I had to wait at a clerk's window next to a bored security guard who, after a few minutes of staring at it, started to realize something was wrong. The clerk showed up just then to let me into their area and by the time I came back out I had taken the dog's photo off.
I did have my ID checked the next day though.
averros • March 13, 2008 4:20 AM
Of course, somehow nobody is bothered by the fact that authorized holders of perfectly valid FAA badges could easily be The Bad Guys.
Mmm... in fact, judging by the results of their decades-long sabotage inflicted on the American aviation, they very likely are.
greg • March 13, 2008 6:27 AM
@averros
Having heard engineer's stories of FAA inspections, I would tend to agree.
But then again, flying in very safe.
Sukopi • March 14, 2008 11:59 AM
I wish I had one.
I fly pretty regularly and going through security is such a pain in the neck.
Subscribe to comments on this entry
Post a comment
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.
|
| Subscribe |
Subscribe via Kindle |
| Blog Menu |
SearchPowered by DuckDuckGoBlog Home Page
Archives by Date2013 J F M A M J
Tags  |
| Latest Book |
more books by Bruce Schneier |
Comments