Entries Tagged "air travel"

Page 36 of 46

Heathrow Tests Biometric ID

Heathrow airport is testing an iris scan biometric machine to identify passengers at customs.

I’ve written previously about biometrics: when they work and when they fail:

Biometrics are powerful and useful, but they are not keys. They are useful in situations where there is a trusted path from the reader to the verifier; in those cases all you need is a unique identifier. They are not useful when you need the characteristics of a key: secrecy, randomness, the ability to update or destroy. Biometrics are unique identifiers, but they are not secrets.

The system under trial at Heathrow is a good use of biometrics. There’s a trusted path from the person through the reader to the verifier; attempts to use fake eyeballs will be immediately obvious and suspicious. The verifier is being asked to match a biometric with a specific reference, and not to figure out who the person is from his or her biometric. There’s no need for secrecy or randomness; it’s not being used as a key. And it has the potential to really speed up customs lines.

Posted on October 26, 2006 at 1:04 PMView Comments

Paramedic Stopped at Airport Security for Nitroglycerine Residue

At least we know those chemical-residue detectors are working:

The punch line is that my bag tested positive for nitroglycerine residue. Which is, in hindsight, totally not unexpected, since it has been home to several bottles of nitro spray that at one point or another have found their way into my pockets and then into my bag. (Don’t look at me like that—I’m not stealing the damn drug. It’s just that it’s frequently easier to shove them in a pants pocket rather than keep fishing for one at the bedside or whatever, and besides, we’ve now gone to single-patient use sprays so that once you use one on one patient, it’s fininshed.) Whether one discharged, or leaked, or whatevered in my bag, it somehow got NTG molecules all over the place, and that’s what the detector picked up. The guy said this happens all the time but I’m not so sure, and in any event I’m not even remotely certain how I could go about getting the NTG residue off my bag so this doesn’t happen in the future. NTG spray has a pretty distinctive smell. All I can smell in my bag is consumer electronics, so it must have been some minute amount somewhere.

Posted on October 25, 2006 at 8:59 AMView Comments

Airline Passenger Profiling for Profit

I have previously written and spoken about the privacy threats that come from the confluence of government and corporate interests. It’s not the deliberate police-state privacy invasions from governments that worry me, but the normal-business privacy invasions by corporations—and how corporate privacy invasions pave the way for government privacy invasions and vice versa.

The U.S. government’s airline passenger profiling system was called Secure Flight, and I’ve written about it extensively. At one point, the system was going to perform automatic background checks on all passengers based on both government and commercial databases—credit card databases, phone records, whatever—and assign everyone a “risk score” based on the data. Those with a higher risk score would be searched more thoroughly than those with a lower risk score. It’s a complete waste of time, and a huge invasion of privacy, and the last time I paid attention it had been scrapped.

But the very same system that is useless at picking terrorists out of passenger lists is probably very good at identifying consumers. So what the government rightly decided not to do, the start-up corporation Jetera is doing instead:

Jetera would start with an airline’s information on individual passengers on board a given flight, drawing the name, address, credit card number and loyalty club status from reservations data. Through a process, for which it seeks a patent, the company would match the passenger’s identification data with the mountains of information about him or her available at one of the mammoth credit bureaus, which maintain separately managed marketing as well as credit information. Jetera would tap into the marketing side, showing consumer demographics, purchases, interests, attitudes and the like.

Jetera’s data manipulation would shape the entertainment made available to each passenger during a flight. The passenger who subscribes to a do-it-yourself magazine might be offered a video on woodworking. Catalog purchase records would boost some offerings and downplay others. Sports fans, known through their subscriptions, credit card ticket-buying or booster club memberships, would get “The Natural” instead of “Pretty Woman.”

The article is dated August 21, 2006 and is subscriber-only. Most of it talks about the revenue potential of the model, the funding the company received, and the talks it has had with anonymous airlines. No airline has signed up for the service yet, which would not only include in-flight personalization but pre- and post-flight mailings and other personalized services. Privacy is dealt with at the end of the article:

Jetera sees two legal issues regarding privacy and resolves both in its favor. Nothing Jetera intends to do would violate federal law or airline privacy policies as expressed on their websites. In terms of customer perceptions, Jetera doesn’t intend to abuse anyone’s privacy and will have an “opt-out” opportunity at the point where passengers make inflight entertainment choices.

If an airline wants an opt-out feature at some other point in the process, Jetera will work to provide one, McChesney says. Privacy and customer service will be an issue for each airline, and Jetera will adapt specifically to each.

The U.S. government already collects data from the phone company, from hotels and rental-car companies, and from airlines. How long before it piggy backs onto this system?

The other side to this is in the news, too: commercial databases using government data:

Records once held only in paper form by law enforcement agencies, courts and corrections departments are now routinely digitized and sold in bulk to the private sector. Some commercial databases now contain more than 100 million criminal records. They are updated only fitfully, and expunged records now often turn up in criminal background checks ordered by employers and landlords.

Posted on October 24, 2006 at 11:00 AMView Comments

Air Cargo Security

BBC is reporting a “major” hole in air cargo security. Basically, cargo is being flown on passenger planes without being screened. A would-be terrorist could therefore blow up a passenger plane by shipping a bomb via FedEx.

In general, cargo deserves much less security scrutiny than passengers. Here’s the reasoning:

Cargo planes are much less of a terrorist risk than passenger planes, because terrorism is about innocents dying. Blowing up a planeload of FedEx packages is annoying, but not nearly as terrorizing as blowing up a planeload of tourists. Hence, the security around air cargo doesn’t have to be as strict.

Given that, if most air cargo flies around on cargo planes, then it’s okay for some small amount—assuming it’s random and assuming the shipper doesn’t know which packages beforehand—of cargo to fly as baggage on passenger planes. A would-be terrorist would be better off taking his bomb and blowing up a bus than shipping it and hoping it might possibly be put on a passenger plane.

At least, that’s the theory. But theory and practice are different.

The British system involves “known shippers”:

Under a system called “known shipper” or “known consignor” companies which have been security vetted by government appointed agents can send parcels by air, which do not have to be subjected to any further security checks.

Unless a package from a known shipper arouses suspicion or is subject to a random search it is taken on trust that its contents are safe.

But:

Captain Gary Boettcher, president of the US Coalition Of Airline Pilots Associations, says the “known shipper” system “is probably the weakest part of the cargo security today”.

“There are approx 1.5 million known shippers in the US. There are thousands of freight forwarders. Anywhere down the line packages can be intercepted at these organisations,” he said.

“Even reliable respectable organisations, you really don’t know who is in the warehouse, who is tampering with packages, putting parcels together.”

This system has already been exploited by drug smugglers:

Mr Adeyemi brought pounds of cocaine into Britain unchecked by air cargo, transported from the US by the Federal Express courier company. He did not have to pay the postage.

This was made possible because he managed to illegally buy the confidential Fed Ex account numbers of reputable and security cleared companies from a former employee.

An accomplice in the US was able to put the account numbers on drugs parcels which, as they appeared to have been sent by known shippers, arrived unchecked at Stansted Airport.

When police later contacted the companies whose accounts and security clearance had been so abused they discovered they had suspected nothing.

And it’s not clear that a terrorist can’t figure out which shipments are likely to be put on passenger aircraft:

However several large companies such as FedEx and UPS offer clients the chance to follow the progress of their parcels online.

This is a facility that Chris Yates, an expert on airline security for Jane’s Transport, says could be exploited by terrorists.

“From these you can get a fair indication when that package is in the air, if you are looking to get a package into New York from Heathrow at a given time of day.

And BBC reports that 70% of cargo is shipped on passenger planes. That seems like too high a number.

If we had infinite budget, of course we’d screen all air cargo. But we don’t, and it’s a reasonable trade-off to ignore cargo planes and concentrate on passenger planes. But there are some awfully big holes in this system.

Posted on October 24, 2006 at 6:11 AMView Comments

Perceived Risk vs. Actual Risk

Good essay on perceived vs. actual risk. The hook is Mayor Daley of Chicago demanding a no-fly-zone over Chicago in the wake of the New York City airplane crash.

Other politicians (with the spectacular and notable exception of New York City Mayor Michael Bloomberg) and self-appointed “experts” are jumping on the tragic accident—repeat, accident—in New York to sound off again about the “danger” of light aircraft, and how they must be regulated, restricted, banned.

OK, for all of those ranting about “threats” from GA aircraft, we’ll believe that you’re really serious about controlling “threats” when you call for:

  • Banning all vans within cities. A small panel van was used in the first World Trade Center attack. The bomb, which weighed 1,500 pounds, killed six and injured 1,042.
  • Banning all box trucks from cities. Timothy McVeigh’s rented Ryder truck carried a 5,000-pound bomb that killed 168 in Oklahoma City.
  • Banning all semi-trailer trucks. They can carry bombs weighing more than 50,000 pounds.
  • Banning newspapers on subways. That’s how the terrorists hid packages of sarin nerve gas in the Tokyo subway system. They killed 12.
  • Banning backpacks on all buses and subways. That’s how the terrorists got the bombs into the London subway system. They killed 52.
  • Banning all cell phones on trains. That’s how they detonated the bombs in backpacks placed on commuter trains in Madrid. They killed 191.
  • Banning all small pleasure boats on public waterways. That’s how terrorists attacked the USS Cole, killing 17.
  • Banning all heavy or bulky clothing in all public places. That’s how suicide bombers hide their murderous charges. Thousands killed.

Number of people killed by a terrorist attack using a GA aircraft? Zero.

Number of people injured by a terrorist attack using a GA aircraft? Zero.

Property damage from a terrorist attack using a GA aircraft? None.

So Mr. Mayor (and Mr. Governor, Ms. Senator, Mr. Congressman, and Mr. “Expert”), if you’re truly serious about “protecting” the public, advocate all of the bans I’ve listed above. Using the “logic” you apply to general aviation aircraft, you’re forced to conclude that newspapers, winter coats, cell phones, backpacks, trucks, and boats all pose much greater risks to the public.

So be consistent in your logic. If you are dead set on restricting a personal transportation system that carries more passengers than any single airline, reaches more American cities than all the airlines combined, provides employment for 1.3 million American citizens and $160 billion in business “to protect the public,” then restrict or control every other transportation system that the terrorists have demonstrated they can use to kill.

And, on the same topic, why it doesn’t make sense to ban small aircraft from cities as a terrorism defense.

Posted on October 23, 2006 at 10:01 AMView Comments

Airport Security Confiscates Rock

They already take away scissors. Can paper be far behind?

Here’s the story:

In retrospect, I suppose I could have put the grapefruit-sized specimen inside my sock, swung it around my head like a mace, charged the cabin and attempted to hijack the flight. This, of course, never occurred to me until the zealous inspector declared my rock a “dual-use” item.

“What, pray tell, is a dual-use item?” I asked. I’m afraid I chuckled just a little, causing her to glare, withhold a satisfactory answer and call her supervisor. He hefted my rock, scrutinized it for a moment, and agreed that my specimen was indeed a dual-use item, meaning a potential low-tech weapon. During those uneasy moments when I thought I would be detained, I wondered if a doctor’s stethoscope would also be declared a dual-use item, since it could be used to strangle a pilot.

We can’t keep weapons out of prisons. We can’t possibly keep them out of airports.

Posted on October 10, 2006 at 11:53 AMView Comments

No-Fly List

60 Minutes has a copy:

60 Minutes, in collaboration with the National Security News Service, has obtained the secret list used to screen airline passengers for terrorists and discovered it includes names of people not likely to cause terror, including the president of Bolivia, people who are dead and names so common, they are shared by thousands of innocent fliers.

[…]

The “data dump” of names from the files of several government agencies, including the CIA, fed into the computer compiling the list contained many unlikely terrorists. These include Saddam Hussein, who is under arrest, Nabih Berri, Lebanon’s parliamentary speaker, and Evo Morales, the president of Bolivia. It also includes the names of 14 of the 19 dead 9/11 hijackers.

But the names of some of the most dangerous living terrorists or suspects are kept off the list.

The 11 British suspects recently charged with plotting to blow up airliners with liquid explosives were not on it, despite the fact they were under surveillance for more than a year.

The name of David Belfield who now goes by Dawud Sallahuddin, is not on the list, even though he assassinated someone in Washington, D.C., for former Iranian leader Ayatollah Khomeini. This is because the accuracy of the list meant to uphold security takes a back seat to overarching security needs: it could get into the wrong hands. “The government doesn’t want that information outside the government,” says Cathy Berrick, director of Homeland Security investigations for the General Accounting Office.

When are we going to realize that this list simply isn’t effective?

Posted on October 6, 2006 at 6:07 AMView Comments

Screening People with Clearances

Why should we waste time at airport security, screening people with U.S. government security clearances? This perfectly reasonable question was asked recently by Robert Poole, director of transportation studies at The Reason Foundation, as he and I were interviewed by WOSU Radio in Ohio.

Poole argued that people with government security clearances, people who are entrusted with U.S. national security secrets, are trusted enough to be allowed through airport security with only a cursory screening. They’ve already gone through background checks, he said, and it would be more efficient to concentrate screening resources on everyone else.

To someone not steeped in security, it makes perfect sense. But it’s a terrible idea, and understanding why teaches us some important security lessons.

The first lesson is that security is a system. Identifying someone’s security clearance is a complicated process. People with clearances don’t have special ID cards, and they can’t just walk into any secured facility. A clearance is held by a particular organization—usually the organization the person works for—and is transferred by a classified message to other organizations when that person travels on official business.

Airport security checkpoints are not set up to receive these clearance messages, so some other system would have to be developed.

Of course, it makes no sense for the cleared person to have his office send a message to every airport he’s visiting, at the time of travel. Far easier is to have a centralized database of people who are cleared. But now you have to build this database. And secure it. And ensure that it’s kept up to date.

Or maybe we can create a new type of ID card: one that identifies people with security clearances. But that also requires a backend database and a card that can’t be forged. And clearances can be revoked at any time, so there needs to be some way of invalidating cards automatically and remotely.

Whatever you do, you need to implement a new set of security procedures at airport security checkpoints to deal with these people. The procedures need to be good enough that people can’t spoof it. Screeners need to be trained. The system needs to be tested.

What starts out as a simple idea—don’t waste time searching people with government security clearances—rapidly becomes a complicated security system with all sorts of new vulnerabilities.

The second lesson is that security is a trade-off. We don’t have infinite dollars to spend on security. We need to choose where to spend our money, and we’re best off if we spend it in ways that give us the most security for our dollar.

Given that very few Americans have security clearances, and that speeding them through security wouldn’t make much of a difference to anyone else standing in line, wouldn’t it be smarter to spend the money elsewhere? Even if you’re just making trade-offs about airport security checkpoints, I would rather take the hundreds of millions of dollars this kind of system could cost and spend it on more security screeners and better training for existing security screeners. We could both speed up the lines and make them more effective.

The third lesson is that security decisions are often based on subjective agenda. My guess is that Poole has a security clearance—he was a member of the Bush-Cheney transition team in 2000—and is annoyed that he is being subjected to the same screening procedures as the other (clearly less trusted) people he is forced to stand in line with. From his perspective, not screening people like him is obvious. But objectively it’s not.

This issue is no different than searching airplane pilots, something that regularly elicits howls of laughter among amateur security watchers. What they don’t realize is that the issue is not whether we should trust pilots, airplane maintenance technicians or people with clearances. The issue is whether we should trust people who are dressed as pilots, wear airplane-maintenance-tech IDs or claim to have clearances.

We have two choices: Either build an infrastructure to verify their claims, or assume that they’re false. And with apologies to pilots, maintenance techs and people with clearances, it’s cheaper, easier and more secure to search you all.

This is my twenty-eighth essay for Wired.com.

Posted on October 5, 2006 at 8:27 AMView Comments

This Is What Vigilantism Looks Like

Another airplane passenger false alarm:

Seth Stein is used to jetting around the world to create stylish holiday homes for wealthy clients. This means the hip architect is familiar with the irritations of heightened airline security post-9/11. But not even he could have imagined being mistaken for an Islamist terrorist and physically pinned to his seat while aboard an American Airlines flight—especially as he has Jewish origins.

Turns out that one of the other passengers decided to take matters into his own hands.

In Mr Stein’s case, he was pounced on as the crew and other travellers looked on. The drama unfolded less than an hour into the flight. As he settled down with a book and a ginger ale, the father-of-three was grabbed from behind and held in a head-lock.

“This guy just told me his name was Michael Wilk, that he was with the New York Police Department, that I’d been acting suspiciously and should stay calm. I could barely find my voice and couldn’t believe it was happening,” said Mr Stein.

“He went into my pocket and took out my passport and my iPod. All the other passengers were looking concerned.” Eventually, cabin crew explained that the captain had run a security check on Mr Stein after being alerted by the policeman and that this had cleared him. The passenger had been asked to go back to his seat before he had restrained Mr Stein. When the plane arrived in New York, Mr Stein was met by apologetic police officers who offered to fast-track him out of the airport.

Even stranger:

In a twist to the story, Mr Stein has since discovered that there is only one Michael Wilk on the NYPD’s official register of officers, but the man retired 25 years ago. Officials have told the architect that his assailant may work for another law enforcement agency but have refused to say which one.

I’ve written about this kind of thing before.

EDITED TO ADD (10/3): Here’s a man booted off a plane for speaking Tamil into his cellphone.

Posted on October 3, 2006 at 12:42 PMView Comments

1 34 35 36 37 38 46

Sidebar photo of Bruce Schneier by Joe MacInnis.