Schneier on Security
A blog covering security and security technology.
« Security Trade-Offs and Sacred Values |
| Friday Squid Blogging: Preserving Your Giant Squid »
March 19, 2010
Bringing Lots of Liquids on a Plane at Schiphol
This would worry me, if the liquid ban weren't already useless.
The reporter found the security flaw in the airport's duty-free shopping system. At Schiphol airport, passengers flying to countries outside the Schengan Agreement Area can buy bottles of alcohol at duty-free shops before going through security. They are then permitted to take these bottles onto flights, provided that they have the bottles sealed at the shop.
Mr Stegeman bought a bottle, emptied it and refilled it with another liquid. After that he returned to the same shop and 'bought' the refilled bottle again. The shop sealed the bottle in a bag, allowing him to take it with him through security and onto a London-bound flight. In London, he transferred planes and carried the bottle onto a flight to Washington DC.
The flaw, of course, is the assumption that bottles bought at a duty-free shop actually come from the duty-free shop.
But note that 1) it's the same airport as underwear bomber, 2) reporter is known for trying to defeat airport security, and 3) body scanners would have made no difference.
Watch the TV program here.
Posted on March 19, 2010 at 12:58 PM
• 69 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
"After that he returned to the same shop and 'bought' the refilled bottle again"
How do you re-buy a bottle? Is it a metaphorical buy and the shop just gives you a bag when you ask for it?
I like this part:
"This isn't the first time that Mr Stegeman has found a security flaw in at Schiphol airport. When he went through security, he was recognized and was subject to an extra-thorough check. However, officers failed to check the sealed bag. "
I assume it works this way:
1. Buy a bottle of alcohol from the duty free shop. The shop seals it in a specially-printed duty free bag, e.g. with an impulse sealer.
2. Open the bag and consume the alcohol. Fill the bottle with whatever you want. A person could also attempt to reseal the bottle itself.
3. Stroll back into the duty free shop with the bottle you just refilled. Now "pay" for the bottle again. They will seal YOUR bottle in the duty free bag.
4. Take a flight to Washington, D.C.
5. Department of Homeland Security Theater calls an emergency meeting with the National Security Council, after which it is decided that all bottle-shaped objects (and all Dutch reporters) should be banned from flights.
@Steve Syfuhs: "How do you re-buy a bottle? Is it a metaphorical buy and the shop just gives you a bag when you ask for it?"
To add to what Seiran said, the duty free shop probably didn't realize it wasn't a new item, much less had been refilled. They assumed he took it off the shelf when they rang it up.
Years ago, my wife and I bought duty free booze at an airport. They wouldn't let us go on the plane with it, but they did set it up so it would be wrapped to avoid breaking as a checked item and it arrived at our destination. I don't remember the airport though.
@Steve Syfuhs: it's reverse shoplifting: he sneaked in an item that he had already paid for, snuck it back on the shelf, and purchased it again.
And of course the functions of putting the doctored bottle on the shelf and carrying it through security can be separated, so you need to be vetting all employees and customers of the duty-free shops. (And the usual vettings/security measures, which are designed to protect against "shrinkage", are not the ones needed against a substitution attack.)
In some cases, duty-free shops also sell bottles in opaque presentation containers, which allows threats that go beyond liquids to be used by someone on the flight. As long as you didn't care which flight you attacked...
Returning from Ireland last year, we bought some whiskey in the airport. They didn't give us the bottles, but instead sealed them in a plastic bag with our name and flight on it, then brought them (still sealed) to the departure lounge on the other side of security.
@different phil: that system is implemented in a number of airports in Europe.
Of course, you have to trust the personnel at the airport to give you the correct (sealed) items and not hidden bombs... ;-)
Well airport personnel is a definite security problem. There have been lots of news stories about lack of security for companies that are doing things like stocking the meals on the plane. Meanwhile they make the pilots go through security and continue to confiscate Patrick Smith's fork even though he's flying the plane.
@Eric Thomas Black: "Meanwhile they make the pilots go through security and continue to confiscate Patrick Smith's fork even though he's flying the plane."
For some crazy reason, I doubt the judgment of someone who worries that a fork could be used to hijack a plane... by the pilot. *sigh*
@a different phil: And all the times we're asked whether we packed our luggage ourselves and kept control of it afterwards and whether anybody might have had an opportunity to put something in it....
Not to mention that there's no sense whatsoever in banning knives from aircraft and allowing glass bottles. Do you realize what you can do to somebody with a broken bottle?
Wouldn't this attack be trivially defeated by wrapping the top of the bottle (the part you unscrew to consume the liquid) in a clear plastic wrap?
"I'm sorry sir, this bottle appears to have been tampered with. Please allow me to retrieve you a new one."
"For some crazy reason, I doubt the judgment of someone who worries that a fork could be used to hijack a plane... by the pilot. *sigh*"
Anyone with an ounce of common sense knows that a pilot wanting to hijack his/her own flight would use a spoon, not a fork!
Dutch hacker(s) 'defaced' the website of the research reporter 'Alberto Stegeman' last Monday. Because his way of revealing, says the left slogan.
I am reminded of an airline pilot, several months after 9-11, who made the comment that he could go through security in his underwear and still be able to bring an aircraft down.
He was arrested and was charged with making a truthful statement, no, I read that wrong, making a terrorist statement.
I don't remember seeing any kind of resolution, but suspect the charges were tossed. Don't these employees have a union? Didn't airline employees used to bypass security?
That method has been well known for years. The reporter has however demonstrated that the measures to detect it are imperfect, in at least one airport.
1) the questionable bottle is discarded. This encourages salespersons to tamper with the bottles so that they can take personal charge of discarding of them
2) the bottle it simple resealed and sold to the next passenger, turning a targeted attack into a random one.
"However, officers failed to check the sealed bag. "
If word gets out that 'duty free' shoppers are getting hassled the duty free shops might loose money.
Can't have that.
@David: when I flew through the UK to the USA a couple of years ago, I was asked "are you carrying anything that could be used as or mistaken for a weapon?" I thought "well, I've got two boot laces, a ballpoint pen, and a glass vase." I answered "no" (which is always the right answer in these cases).
Also, why bother replacing the contents of the bottle? A bottle of duty free booze is a rag and a lighter away from being a Molotov cocktail.
"I'm sorry sir, this bottle appears to have been tampered with. Please allow me to retrieve you a new one."
Just buy a bottle of scotch packed in a cardboard box. No one will open the box and check inside to see if the seal on the screw cap has been damaged.
"For some crazy reason, I doubt the judgment of someone who worries that a fork could be used to hijack a plane... by the pilot. *sigh*"
Now what was it Ali G said in his parody of fight club.
'Da rules is da rules, and you no nuffins had better get wid da program!'
However, silly as this may seam there is always the problem with exceptions.
If you alow a pilot to take a prohibited item aboard then your toe is atop a slippery slope.
As Bruce has pointed out it's "one rule for all" that way people are not tempted to fake being an exception or apply coercion to daddies little blond haired girl to get daddy to carry through.
In many cases it might be on the face of it dumb but there are two issues to this,
The first is the possability you are saving an inocent person from being used as a pawn and thus ending up discarded on a piece of wasteland as an investagatory dead end.
The second is the item has incorectly been prohibited.
@Clive Robinson: "'Da rules is da rules, and you no nuffins had better get wid da program!' However, silly as this may seam there is always the problem with exceptions."
I tend to agree with the statement, but I don't think it applies here. By definition, the pilots do not go by the same rules as other. They are allowed in the cockpit, are allowed to fly the plane, and they are allowed to make decisions passengers couldn't make.
If they were allowing first class passengers to have forks but not second class, I would think of it differently.
Happy Friday. It's almost Beer:30!
@: "By definition, the pilots do not go by the same rules as other. They are allowed in the cockpit, are allowed to fly the plane, and they are allowed to make decisions passengers couldn't make. "
Of course, that is a two way street... passengers are allowed to drink but pilots can't. :)
Offtopic for Moderator to examine for potentially future article here:
www (dot) darkreading.com/vulnerability_management/security/client/showArticle.jhtml?articleID=223200163
Ya gotta love this lovely tidbit of fine print from the SyncMyRide
terms and conditions:
www (dot) syncmyride.com/Own/Modules/PageTools/TermsAndConditions.aspx
Ford's Service provider Tellme Networks, Inc. ("Tellme"), a subsidiary
of Microsoft Corporation, may record and retain user voice utterances
("recorded utterances"), which are recordings of sounds made when the
TDI Service is in listen state and waiting for a user command or
response. These recorded utterances may include all sounds in the
vehicle, including the voice of the user and voices of other vehicle
occupants, while the service is in listen state. Tellme may also, at
Ford's request, randomly record and assemble in sequence, all voice
communications made from the time the Service is connected (by the
user pressing the VOICE button) to the time the Service is
("Whole call recordings (WCRs)"). WCRs will include voice utterances
and may include any other sounds in the vehicle, including the voices
of the user and other vehicle occupants, during the entire time the
Service is connected. Both recorded utterances and WCRs may be
associated with you or the cell phone number assigned to the Service.
I passed through Schiphol a few days ago. I picked up a bottle in the duty free shop. While I was standing in line for the cashier, a security guard approached me and told me that a new security policy was in effect, and that he had to take my bottle and replace it with a fresh one from the shelf before I could pay. He did this for everyone in the line. Now I know why, I guess...
"he had to take my bottle and replace it with a fresh one from the shelf"
Szcchou zwatt (hic!) didz he zsssdo weetz zte bottzlel (hic!) zzhe stook?
"I tend to agree with the statement, but I don't think it applies here. By definition, the pilots do not go by the same rules as other. They are allowed in the cockpit, are allowed to fly the plane, and they are allowed to make decisions passengers couldn't make."
I would agree they are different when in the cockpit or carrying out other duties such as preping the aircraft for flight.
But... when they walk through security they are not pilots they are no different to any other person walking through.
And the point is important.
Any "equipment" they might need "to be a pilot" does not need to go through security with them. In most cases it need never leave "air side".
I know on the face of it I appear to be splitting hairs, but from a security point of view it is a major point of control and a pilot is no different from any person entering or exiting a secure area.
Another valuable public service vulnerability advertisement
brought to you by a non-government-and-sworn-to-secrecy hacker.
Also, customer initiated object buying
is well known in guerrilla marketing:
An author wants his or her book sales,
B&N doesn't carry the book,
but it's printed with an ISBN number,
so Author takes it to the cash register,
and they [B&N] enter it in to inventory to sell it.
The same is true for othwer copies left on the shelf.
Voila! What they didn't carry, they are now selling!
Re-buying a bottle?
Pour out and refill.
Take it back through ring up.
The same glass bottle is now resealed.
These clowns really don't seem to have any idea of the difference between actual security and pretend security. :/
Stores are meant to guard against shop-lifting, not against buying items you already own. That's what the customer is presumed to take care of, in their own interest. But one can't magically generate trust out of the axiomatic belief that a terrorist would not pay twice for a small bottle of duty-free alcohol.
Banning liquids is already a stupid measure - but introducing stupid measures and then failing to enforce them is just doubly ridiculous.
I fly in and out of Schipol every week, it's very slack in a lot of security matters
Where did he get the stuff to "refill" the bottle from? Isn't that the whole point to the "sterile area", which is Act 2 of Security Theater 3000
"If you alow a pilot to take a prohibited item aboard then your toe is atop a slippery slope."
I am truly surprised at your blindness.
The tool of destruction is the hands and feet of the pilot, as demonstrated on the Egypt Air flight several years before 9-11. Your security protects no one. As the pilot said, you can run me through security in my underwear, and I can still bring an aircraft down.
So, what is the point of airport security for verified crew-members?
Heck, I wonder if I go through naked, could I then bring an aircraft down? I bet I could.
The Duty Free shop is before the 'sterile area' before terminal security. The answer is he stuck it in his carry on, walked into the airport w/ his pre-printed e-ticket, directly to the duty free shop. Bought the bottle. Went into the men's room, flushing the alcohol, and filling the bottle from his own. Tosses the now empty original bottle in the trash. Walks back to the duty free shop and pays for the bottle again, and then goes through security into the 'sterile area'.
With a bit more planning he could have purchased the identical item outside the airport, filled it with whatever there, and then walked in and paid for it. Even simpler, but requires some additional planning.
With regards your two points.
I'll start with your first point,
"So, what is the point of airport security for verified crew-members?"
You appear to have missed the obvious,
'Because what they may carry through "security" may not be for the flight they fly on.'
That is it may be for terrorists or drug smuglers on a different flight. It is by no means a stretch of the imagination to see a "terrorist sympathiser" working for one airline carrying through "parts" that are needed to attack another flight. Afterall it is known in the past for aircrew to carry drugs on one leg of a long journy and pass them airside to another person for the next leg of the journy (and we have reason to think it is still happening).
Which brings up,
'Because what they may carry through "security" may not be what they think they are carrying through'
In the UK we recently saw a member of aircrew get convicted for amongst other things being involved in drug smuggling. For obvious reasons they don't open the packages and 'check the contents' so they actualy have no idea what they are carrying, nor do I susspect they actually care as long as the money is right.
Which leads us onto the question of,
'How do security actually know they are "verified air crew'?
Again in the UK it was not so long ago we had a member of air crew pulled out as not being who they said they where. They had got the job on false documentation and they where flying and living on false documentation.
Oh and we have recently seen between 20 and 30 people kill somebody in a hotel room and then disapear of the "face of the world" through an airport by the use of fake passports etc.
Thus if you are implementing a secure area you should know all of this and thus not put any kind of faith in people because of their supposed job or identification...
Security without proper verification of exceptions is not security as anybody who has to implement the various forms of security for real will tell you.
Oh and has often been observed potentialy an insider is more of security risk than an outsider because they know more about how security does and does not work on a day to day basis.
As the rider on the CIA moto has it,
'In God we trust, all others we check".
And that's the way it should be if you want security not "Boys and Girls today we are going to play at being security staff"
Which brings me back to the point I made originaly about if a prohibited item (ie a fork) should actualy be prohibited or not.
So please don't make the mistake of confusing an object with a process and arguing the process is obviously stupid because of one prohibited object in one particular persons hand.
I don't think we would be having this conversation about other prohibited items.
With regards your second point,
"Heck, I wonder if I go through naked, could I then bring an aircraft down? I bet I could."
There is no betting about it as you would know with a little study on the subject (air accident reports are a dry read but the have their WTF! moments).
There are a whole bunch of people who know exactly how to do this way way better than "air crew" and some don't even need to pick up anything on the airside on the way to the plane to do it.
Ask any aircraft systems engineer or air flight accident investigator, or even a "know nothing" person tasked with washing the exterior of an aircraft or "numb nuts" TSA person who has put aircraft out of action by doing the wrong thing...
There is a significant written record of all of the above putting aircraft in danger without the pilot being aware of it and in some cases causing the aircraft to have an air accident.
For many working in the air industry it is a constant amazment why we don't see more aircraft droping out of the sky...
Especialy with deregulation in the last century lifting a number of constraints on airlines over maintanence and the personnel involved.
In the modern aviation industry to break even the majority of aircraft have to be in the air for 17 out of every 24 hours at 50% or above capacity, within their design lifetime.
This obviously puts the squease on maintanence, or flying an airframe beyond it's designed lifetime (which also means further increased maintanence).
Quite a few 747's are on their fifth or sixth time "round the clock" I belive line number's 24 and 52 built in 1970 are still flying comercialy and a couple of others of the same vintage are still flying for other reasons.
UPS have some 747's that have over 125000 flight hours logged which puts them up around 30 million airmiles (equivalent of flying round the equator 1200 times). Oh and speaking of UPS anybody know if their pilots are still earning less than airport cleaning/security staff?
Further due to the high value of fully certified aircraft parts they may not get replaced when they are supposed to on preventative maintanence turn around. Likewise the high value is an obvious draw for counterfit parts...
As noted by one air industry pundit "The cost of budget flights may not be one people would knowingly want to pay".
It is as somebody once remarked about football "A funny old game"...
I tried whether I could open and re-seal one of these bags the bottles are sometimes sealed into. Bought at some European airport (don't remember which one) on an international with the duty free before security. Turned out that if you pulled with the right amount of force you could open the seal without a problem in about 5-10 minutes. No traces on the bag that I could detect and the glue was intact and did re-seal nicely.
Conclusion: Theater all around.
Sorry to go way off topic. Feel free to skip this comment.
@Clive: I've noticed that we have a lot of interests in common (in addition to security), and you seem like you would be an interesting person to correspond with. If you'd be interested in writing to me, you can reach me at 8xgrxr602 (at) sneakemail (dot) com.
Taking peoples bottles and swapping them with fresh ones in the shop is really going to help..
1) Buy bottle, put something dangerous in (make sure you buy dark glass to avoid suspicion)
2) It gets confiscated, you get new bottle
3) It gets put back in the store after a short check (I dont think they will discard the bottle, and I dont think they will hire the manpower to check them properly)
4) The previously confiscated bottle gets on a plane after being swapped with the bought bottle of another customer.
4) The plane gets blown up and the terrorists walk away with life + booze!
The only thing that swapping does is protect Schiphol from being embarrassed by journalists, because they can no longer show how their bottle gets on a plane.
Besides the other issues...
Is everyone comfortable that "duty free shops" screen potential employees sufficiently strictly?
If I were in the terrorism business I would certainly test the potential to get one (or more) of my accomplices employed at such a dfs. From there it's an easy shot!
There is an axe in the cockpit of every airliner. Its for escape. For example to enable the pilots the chop out the thick windscreen. There is often one in the passenger cabin. I won't tell you where.
Using the disposable emails are you? I wish you luck on setting up email correspondence with him. He can be hard to get a hold of that way.
"they discharged me for good behavior" (Clive Robinson, paraphrased)
Oh, sure they did... Maybe the email thing will be easier now that you're not sneaking around a hospital in the middle of the night with a smartphone. :P
Oh, you mean in the emergency bin right where it's labeled with a green day-glo sticker? (With a picture of an axe)
Along with the (flammable) supplemental oxygen bottles, labelled O2. Many times, the child-sized flotation devices and extinguisher will be in the same place.
But don't fret! This location is most often located next the jumpseats, galleys and side doors, affording convenient access and visibility to the FAs. Who will smack you down for trying to use a Kindle in the landing phase. I wouldn't try *anything* on the plane with those creepy FAs on board ;D.
Well, oxygen is not fuel, but the one single ingredient very much necessary for any combustion. Given sufficient oxygen most stuff burns.
You probably want to recheck and take a look at the Apollo 1. Not much aside some oxygen and a spark.
Interesting and I am gutted I missed out on this when it was first mentioned. However, I am not the sort of person who will let a trivial fact like that stop me ranting on the internet :-)
1 - I am intrigued as to how little coverage this has had. The article Bruce has linked to is from 14 days ago (today) and I still havent seen this item on any offline news bulletins. (The conspiracy theorist in me is making a big deal of this, but I try to keep that voice quiet so all the others in my head can talk).
2 - unfortunately, as described, this attack wouldnt work in UK airports because Duty Free is in the airside zone after checks to ensure no liquids are carried. I say unfortunately because it means this will just re-inforce the security theatre rather than give decision makers an understanding of the various threats they face and the problem with trying to treat the last known attack.
On the subject of pilots - the idea that any of their items are prohibited only makes sense if you are trying to reduce the ability of an attacker to use a false identity. But then, if they can bluff their way through as a pilot there are lots of other attacks they can mount rather than trying to hijack a plane in the air.
For all those who think switching bottles on the shelf will blow up a plane by a random passenger who buys the bottle.
The bottle ban was for preventing attackers from taking liquids on board that could be used to BUILD a bomb.
The bottle will not explode on itself. You really need to a detonator+timing mechanism.
Now you might be able to add that in the neck/cap of the bottle. But then you are putting a bomb on the shelves. Not quite the same as a liquid ban.
Used Shipol recently and was surprised by the security arrangements - scanning done at the gates rather than before you get to Duty Free - pretty obvious flaw really
@Nick P: "Using the disposable emails are you?"
What can I say? I really hate spam. Since I started using disposable e-mail addresses for anything but humans I know and trust, I've gotten almost zero spam at my real e-mail address.
"I wish you luck on setting up email correspondence with him. He can be hard to get a hold of that way."
I figure it's a long shot, but it can't hurt to ask.
"The conspiracy theorist in me is making a big deal of this, but I try to keep that voice quiet so all the others in my head can talk"
Sorry with your "nom de plum" and a comment like that it just begs the questions,
1,What colour are your nuts? And,
2, Can you remember where you hid them?
Right that's out of the way, now onto more serious stuff,
"On the subject of pilots -"
That's the problem it's not just "pilots" it's anybody entering a "secure area" with a "prohibited item", LEO's paramedics, maintanence personnel etc etc etc (ad nausium).
The "actor" is actualy irrelevant, it is all about,
1, What purpose does the secure area serve?
1A, What are the consiquences of the secure area?
2, What purpose does the prohibition of an item serve?
2A, What are the consiquences of the prohibition?
3, Are there valid reasons for exceptions?
3A, What are the consiquences of an exception?
From this you go onto policy,
3B, If there are valid exceptions what is the policy in controling them?
3C, If a prohibited item is presented what is the policy for dealing with non exception cases?
3D, What processes are needed to be inplace to ensure policy is implemented correctly?
3E, What aditional processess are required to audit effectivness of a policy being applied?
Then you go from polict to processess you can go onto the actual systems and their procedures.
At no point in this does (should) the question of "Hey the pilot can kill them all anyway so why bother with him?" arise...
Bruce has quite rightly pointed out that exceptions should as a rule not be granted because they can become very dangerous. Thus the "One Rule for All" mantra.
However Bruce also quite rightly attacks the reasoning behind the secure area in the first place (1) and more importantly the consiquences (1A) that occure becuase of it.
Thus there is the issue of there being no point in having a secure area if it cannot either be made secure or the security maintained at all times (ie don't attempt the impossible or even the improbable because you will almost certainly fail and thus waste valueable resources).
And as we know the current airport secure areas fail on both counts so either the secure area is pointless (Security Theater) or it needs to be re-thought out.
Thus the difference you note with the way Duty Free is handled in diferent ways in different places (some considerably better than others).
Likewise Bruce quite rightly questions the effectivness of "arbitary prohibition of items" and the policy, processes systems and procedures surounding them.
Either an item is safe for all to have or it's NOT safe for any to have.
Importantly if there is a requirment for some to have a prohibited item it is not the "Actor" but the "role/part" they play that should decide if there is an exception rule in that (not their) case.
That is the role of a pilot does not require a fork, therefore no exception for the role of "pilots" with regards to forks.
However even more importantly if a role does have a valid exception it should still be considered "not met" unless there is a specific "event" and it should be sufficiently audited (that is valid record keeping/checking and no blanket waivers for anyone).
That is there may be a maintanence role that requires the use of a large knife or other sharp edged tool. Before the item is alowed in the secure area there should be an "event" that mandates it's reason to be brought into the secure area and once checked in it should be checked out of the secure area within a given time period or re-checked it is in a known and valid place (ie not just lying around to be picked up or given to anothor actor etc).
And finaly probably more importantly is, "is the actor authorised" for both the "role" and this particular "event" and are they being "audited sufficiently".
That is can the persons ID be verified, can that verification be directly linked to a "role" and is it "valid" for them to be acting the role at this time and place.
This helps avoid the "twin issue". That is two or more people might fit a particular persons "ID" sufficiently to pass verification. However they still have to have the ID linked to a role by a seperate system (no it should never be part of the ID). But other systems should also show that the person is both asigned to the "event" and at this "time". That is they are actualy on duty and their name is on a work order both of which are independantly verified by systems not controled by the person being verified (ie no reliance on bits of paper the person being verified presents).
Such systems exist for various reasons, they are not impossible to get around but if done correctly raise the bar a long long way.
@Clive: "I know on the face of it I appear to be splitting hairs, but from a security point of view it is a major point of control and a pilot is no different from any person entering or exiting a secure area."
I think that's a fair statement.
"1,What colour are your nuts? And,
2, Can you remember where you hid them?"
Well once upon a time they were green and grey with a hint of scarlet but they have changed now. And no, I rarely remember where I have put them.
On to the more sensible, if not serious, topics:
"That's the problem it's not just "pilots" it's anybody entering a "secure area" with a "prohibited item", LEO's paramedics, maintanence personnel etc etc etc (ad nausium)."
I agree. I also agree with your risk assessment methodology, however there are always exceptions depending on circumstances. This does not dismantle the security an area provides it just has exceptions. Every secure area in the world that I have ever seen, visited, read about or heard about has sets of circumstances where different rules apply to different people. This is not an intrinsically bad thing but it does need to be risk managed (like everything else).
There are countless examples and some are better than others (air marshals and insulin dependent diabetics spring to mind) but sticking with the pilot:
"one rule for all" quite reasonably states the pilot cant bring something onto the plane which he could, with minimal training use to take control of the plane, crash it or otherwise intimidate the passengers.
Does that really make sense?
Are we saying that there is the same risk to overall passenger safety if the pilot has a gun than if random passengers have one?
I am not for one second arguing that all the prohibitions over what can, and cant, go onto the passenger area of a plane make sense but I do see the logic in having a different set of requirements for the pilots. In fact I see the sense in different rules for each category of person who will be airside but this doesnt mean the most scruitinised should be the passengers....
The "one rule" approach IMHO risks a lazy attitude towards security in which blanket decisions are made rather than accurately assessing risks and determining appropriate counter measures.
Going back to the ID point, yes an attacker could spoof the ID of a pilot to gain access to the aircraft but in that case, as I said, there are a multitude of attacks he can carry out that wouldnt be available to other categories of worker. Do we institute a rule that prevents anyone from this (no matter how disruptive or not cost effective it might be) or do we have a role based set of controls and put more effort into verifying role/ID match?
From a security point of view, I would say that there *are* differences between the classes of people who pass control points and this is something that has to be based on the nature and purpose of the control point.
A pilot entering an airport secure area *should* be given different security treatment than a normal passenger. If he is a fake the damage he can cause is significantly greater so, for example, much greater effort should be made to match ID (fortunately there are about 300 times less pilots than normal passengers so this extra security shouldnt become impossible).
@GreenSquirrel: You probably are not as nut as you stated. At least your comment somehow hit quite good.
There is indeed a difference between pilots and passengers. Concerning security passengers are generally not trusted, thus it is comparable uninteresting who they are. The pilot on the other hand has to be trusted (because some time after passing the gate he is without any tools, except those available in the secure area, able to drop a plane). Thusly it is very much important to authenticate the pilot, because trust is connected to the person.
On the other hand it is not that important what the pilot carries, because he will be able to crash the plane with or without tools. The (untrusted) passengers, on the other hand, would need additional tools to inflict damage on the plane. Thus it is not completely uninteresting what they bring on board.
Having said this, it probably is not a bad idea to check pilots for contraband like any normal passenger to avoid any problems. But additionally the identity of the pilots should be verified very throughout.
Again, having said this, we may return to the usual discussion of whether bottled water poses a threat to airplanes.
I agree with you and not just because you were kind enough to say I am not mad :-)
"Again, having said this, we may return to the usual discussion of whether bottled water poses a threat to airplanes."
I concur that we (or at least I) have allowed the debate to slide.
Part of me hopes that this is because the idea that bottle water poses a real and present danger to planes is basically insane.
Yes there may have been an aspriational plot to use this as the basis for an attack vector and it may even be theoretically possible, but seriously.....
@GreenSquirrel: "I concur that we (or at least I) have allowed the debate to slide.
Part of me hopes that this is because the idea that bottle water poses a real and present danger to planes is basically insane."
The debate did slide a bit from bottles, but I don't think it's gone off topic. The liquid ban is a sub topic of airport security, not dissimiliar from a spoon and fork ban or shoe screening. So we are talking about bans and screening, and defeating security measures, which is valid in relation to the original post.
And on the subtopic, I am constantly amazed that people providing security advice to aviation assets seem to be able to avoid the "cost effectiveness" doctrine everyone else has to follow.
I can only put it down to the fact that for some reason air passengers are monumentally tolerant of delays and increased costs.
Can you imagine any form of screening on the rail or underground networks, (which are just as vulnerable)?
Can you imagine the response to making every commuter on the New York Subway, Washington Metro and London Underground go through even a 60 second screening process....? Can you imagine the resources required to carry out such an operations?
This would save lives in the same way doing at airports saves lives, but passengers would *never* tolerate this. So this risk is just quitely ignored....
"he had to take my bottle and replace it with a fresh one from the shelf"
And whoever buys the last bottle is just out of luck, right?
Operative motto of organizations that implement airport security: "Nothing improves on stupidity better than more stupidity! And the more stupidity the better!"
Some airports make you go back through security when you fly internationally. My boyfriend tried to bring me Irn Bru from Scotland and could take it in his carryon to Amsterdam just fine, but when he got there and was going to transfer to his flight to the US, he had to go back through security, and this time it was taken away (because he was going to the US).
I'm surprised by this. As a regular Schiphol traveller, I must say that you get scanned *before* you hit the duty free area - including for any liquids.
That means the ominous sounding 'other liquid' could only have been been water from the bathroom, or a drink he bought in another duty free shop.
Good publicity for him, bad example of a security flaw.
For YEARS now, when a traveler buys a duty-free item at San Francisco airport, it gets delivered to them AFTER going through airplane boarding (after the gate agent checks in your ticket and you are about to enter the airplane). That would thwart the switcheroo proposed above. It's a shame that many airport agencies do not actually plan for what you guys came up with in 30 seconds!
I once accidentally carried a rather large can of sauerkraut in my carry-on luggage in Germany and the security agent felt kinda' proud and flattered and let me board the plane with it without X-ray scanning it. It had lots of liquid inside :-(
Regarding pilots being armed and dangerous with their bare hands: doesn't anybody remember FedEx Flight 705 ?
E.g., a pilot planning to crash his or her flight may want to lower the risk of interference from the other pilot through the use of a weapon.
@Werner at March 24, 2010 6:34 AM
Would that be an argument for, or against, allowing the pilots to have guns?
In the case of 705, would the other crew being armed have helped? Would allowing the suicidal pilot to take guns on board have helped his cause?
@GreenSquirrel: Would that be an argument for, or against, allowing the pilots to have guns?
I'd say against. The attacker would still have the moment of overwhelming surprise. Unless, of course, the regular pilots are so on edge and trigger-happy that they pounce on even the slightest anomaly, which would allow an entirely new class of highly entertaining movie plots to come true. Co-pilot shoots pilot after engine failure ? Mexican standoff after the plane passes through a mild turbulence ?
Arguably, it may help to settle disagreements like the one occurring on Hapag-Lloyd flight 3378. (You have to read the full report in German to appreciate the insanity of what happened.)
> Would allowing the suicidal pilot to take guns on board have helped his cause?
In this specific case, no. He wanted to make it look like a "regular" accident. However, anyone planning on a 9/11 reenactment or similar would have no such constraints.
I love the movie plot imagery! Bravo!
I concur with you that, on balance, banning guns makes sense. However I also think this argument transfers to the wider world. Firearms are only useful for defence if you have them ready.
That said, in the case of 705, if the crew were armed, then after the nutter sledgehammered the first person they could have shot him.... :-)
@GreenSquirrel: [...] if the crew were armed, [...]
..., and everyone - including the attacker - knew they were armed, the attacker's strategy would most likely have been different.
The idea of gaining the element of surprise is a good one, but you don't get this by instituting a general policy.
Schiphols issue is that they have security at every gate so all of the terminal is non-secure/non-sterile. If any terrorist wanted to, a bomb could be set off anywhere in the terminal which would obviously be almost as big a failure of security as on the plane. And all it means is that there is no way of bringing a bottle of water onto the plane (apart from using the above method)
I had the goofball Americans confiscate a plastic jar of Nutella chocolate spread. Yeah, as if that's going to bring down a plane.
"I had the goofball Americans confiscate a plastic jar of Nutella chocolate spread. Yeah, as if that's going to bring down a plane."
I guess it depends on two things,
The first how long the flight is.
The second is what effect Nuttella has, if it gives you bad gas...
Seriously a director of a company I once worked for had intestinal issues and consumed copious quantities of "Chinese Medicine"
Unfortunately when he broke wind it would clear a large meeting hall quite quickly.
Well according to another director they were on a flight which had just landed and in trying to get his bag out of the overhead he let rip, after having managed to sit on it for two hours. Apparently the vial smell caused somebody to panic and use the WMD phrase which caused others to panic on the aircraft. As people rushed blindly for the exit, at least one person was knocked over and suffered a quite visible broken arm.
You can do exactly the same at Vienna airport....... Or at least you could a couple of years ago.
I noticed that same thing, and thought it rather silly. I was flying from Thailand to NY, with a layover in Dubai. At the dubai duty-free shops, I bought a liter of Scotch. Upon boarding my flight, I offered my dutyfree back to the stewardess', but they just waved me down to my seat...
Forget hazardous materials, i had a bottle of 40% alcohol with me. I'm sure that could have caused some chaos if it was in the hands of someone bent on that course of action, and all of a sudden made the "liquid ban" that much more silly, that I can't bring a bottle of OJ from home, but the airport will sell me something much worse?
Perhaps we're overlooking the obvious. Don't ban liquids, ban solids. Very difficult to transport liquids unless they're contained in something solid.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.