Essays in the Category "Airline Travel"

Page 4 of 4

An Easy Path for Terrorists

  • Bruce Schneier
  • Boston Globe
  • August 24, 2004

If you fly out of Logan Airport and don’t want to take off your shoes for the security screeners and get your bags opened up, pay attention. The US government is testing its “Trusted Traveler” program, and Logan is the fourth test airport. Currently, only American Airlines frequent fliers are eligible, but if all goes well the program will be opened up to more people and more airports.

Participants provide their name, address, phone number, and birth date, a set of fingerprints, and a retinal scan. That information is matched against law enforcement and intelligence databases. If the applicant is not on any terrorist watch list and is otherwise an upstanding citizen, he gets a card that allows him access to a special security lane. The lane doesn’t bypass the metal detector or X-ray machine for carry-on bags, but it bypasses more intensive secondary screening unless there’s an alarm of some kind…

BOB on Board

  • Bruce Schneier
  • The Sydney Morning Herald
  • August 2, 2004

Last Tuesday’s bomb scare contains valuable security lessons, both good and bad, about how to achieve security in these dangerous times.

Ninety minutes after taking off from Sydney Airport, a flight attendant on a United Airlines flight bound for Los Angeles found an airsickness bag — presumably unused — in a lavatory with the letters “BOB” written on it.

The flight attendant decided that the letters stood for “Bomb On Board” and immediately alerted the captain, who decided the risk was serious enough to turn the plane around and land back in Sydney…

We Are All Security Customers

  • Bruce Schneier
  • CNET News.com
  • May 4, 2004

National security is a hot political topic right now, as both presidential candidates are asking us to decide which one of them is better fit to secure the country.

Many large and expensive government programs–the CAPPS II airline profiling system, the US-VISIT program that fingerprints foreigners entering our country, and the various data-mining programs in research and development–take as a given the need for more security.

At the end of 2005, when many provisions of the controversial Patriot Act expire, we will again be asked to sacrifice certain liberties for security, as many legislators seek to make those provisions permanent…

America's Flimsy Fortress

  • Bruce Schneier
  • Wired
  • March 2004

Every day, some 82,000 foreign visitors set foot in the US with a visa, and since early this year, most of them have been fingerprinted and photographed in the name of security. But despite the money spent, the inconveniences suffered, and the international ill will caused, these new measures, like most instituted in the wake of September 11, are mostly ineffectual.

Terrorist attacks are very rare. So rare, in fact, that the odds of being the victim of one in an industrialized country are almost nonexistent. And most attacks affect only a few people. The events of September 11 were a statistical anomaly. Even counting the toll they took, 2,978 people in the US died from terrorism in 2001. That same year, 157,400 Americans died of lung cancer, 42,116 in road accidents, and 3,454 from malnutrition…

Homeland Insecurity

The fact that U.S. intelligence agencies can't tell terrorists from children on passenger jets does little to inspire confidence.

  • Bruce Schneier
  • Salon
  • January 9, 2004

Security can fail in two different ways. It can fail to work in the presence of an attack: a burglar alarm that a burglar successfully defeats. But security can also fail to work correctly when there’s no attack: a burglar alarm that goes off even if no one is there.

Citing “very credible” intelligence regarding terrorism threats, U.S. intelligence canceled 15 international flights in the last couple of weeks, diverted at least one more flight to Canada, and had F-16s shadow others as they approached their final destinations.

These seem to have been a bunch of false alarms. Sometimes it was a case of mistaken identity. For example, one of the “terrorists” on an Air France flight was a child whose name matched that of a terrorist leader; another was a Welsh insurance agent. Sometimes it was a case of assuming too much; British Airways Flight 223 was detained once and canceled twice, on three consecutive days, presumably because that flight number turned up on some communications intercept somewhere. In response to the public embarrassment from these false alarms, the government is slowly leaking information about a particular person who didn’t show up for his flight, and two non-Arab-looking men who may or may not have had bombs. But these seem more like efforts to save face than the very credible evidence that the government promised…

Airplane Hackers

  • Bruce Schneier
  • IEEE Security & Privacy
  • November/December 2003

Nathaniel Heatwole is a student at Guilford College. Several times between 7 February and 15 September 2003, he tested airline security. First, he smuggled in box cutters, clay resembling plastic explosives, and bleach simulating bomb-making chemicals through security. Then he hid these things in airplane lavatories, along with notes. Finally, he sent an email to the US Transportation Security Administration (TSA) titled “Information Regarding Six Recent Security Breaches.”

The problem is that the TSA never asked him to test its security. In this same vein, computer networks have been plagued for years by hackers breaking into them. But these people aren’t breaking into systems for profit; they don’t commit fraud or theft. They’re breaking into systems to satisfy their intellectual curiosity, for the thrill, and just to see if they can…

Terror Profiles by Computers Are Ineffective

  • Bruce Schneier
  • Newsday
  • October 21, 2003

In September 2002, JetBlue Airways secretly turned over data about 1.5 million of its passengers to a company called Torch Concepts, under contract with the Department of Defense.

Torch Concepts merged this data with Social Security numbers, home addresses, income levels and automobile records that it purchased from another company, Acxiom Corp. All this was to test an automatic profiling system to automatically give each person a terrorist threat ranking.

Many JetBlue customers feel angry and betrayed that their data was shared without their consent. JetBlue’s privacy policy clearly states that “the financial and personal information collected on this site is not shared with any third parties.” Several lawsuits against JetBlue are pending. CAPPS II is the new system designed to profile air passengers — a system that would eventually single out certain passengers for extra screening and other passengers who would not be permitted to fly. After this incident, Congress has delayed the entire CAPPS II air passenger profiling system pending further review…

Sidebar photo of Bruce Schneier by Joe MacInnis.