Entries Tagged "air travel"

Page 39 of 46

Smart Profiling from the DHS

About time:

Here’s how it works: Select TSA employees will be trained to identify suspicious individuals who raise red flags by exhibiting unusual or anxious behavior, which can be as simple as changes in mannerisms, excessive sweating on a cool day, or changes in the pitch of a person’s voice. Racial or ethnic factors are not a criterion for singling out people, TSA officials say. Those who are identified as suspicious will be examined more thoroughly; for some, the agency will bring in local police to conduct face-to-face interviews and perhaps run the person’s name against national criminal databases and determine whether any threat exists. If such inquiries turn up other issues countries with terrorist connections, police officers can pursue the questioning or alert Federal counterterrorism agents. And of course the full retinue of baggage x-rays, magnetometers and other checks for weapons will continue.

Posted on May 23, 2006 at 6:20 AMView Comments

Security Risks of Airline Passenger Data

Reporter finds an old British Airways boarding pass, and proceeds to use it to find everything else about the person:

We logged on to the BA website, bought a ticket in Broer’s name and then, using the frequent flyer number on his boarding pass stub, without typing in a password, were given full access to all his personal details – including his passport number, the date it expired, his nationality (he is Dutch, living in the UK) and his date of birth. The system even allowed us to change the information.

Using this information and surfing publicly available databases, we were able – within 15 minutes – to find out where Broer lived, who lived there with him, where he worked, which universities he had attended and even how much his house was worth when he bought it two years ago. (This was particularly easy given his unusual name, but it would have been possible even if his name had been John Smith. We now had his date of birth and passport number, so we would have known exactly which John Smith.)

Notice the economic pressures:

“The problem here is that a commercial organisation is being given the task of collecting data on behalf of a foreign government, for which it gets no financial reward, and which offers no business benefit in return,” says Laurie. “Naturally, in such a case, they will seek to minimise their costs, which they do by handing the problem off to the passengers themselves. This has the neat side-effect of also handing off liability for data errors.”

Posted on May 9, 2006 at 1:17 PMView Comments

The DHS Secretly Shares European Passenger Data in Violation of Agreement

From the ACLU:

In 2003, the United States and the European Union reached an agreement under which the EU would share Passenger Name Record (PNR) data with the U.S., despite the lack of privacy laws in the United States adequate to ensure Europeans’ privacy. In return, DHS agreed that the passenger data would not be used for any purpose other than preventing acts of terrorism or other serious crimes. It is now clear that DHS did not abide by that agreement.

Posted on May 8, 2006 at 6:34 AMView Comments

The Security Risk of Special Cases

In Beyond Fear, I wrote about the inherent security risks of exceptions to a security policy. Here’s an example, from airport security in Ireland.

Police officers are permitted to bypass airport security at the Dublin Airport. They flash their ID, and walk around the checkpoints.

A female member of the airport search unit is undergoing re-training after the incident in which a Department of Transport inspector passed unchecked through security screening.

It is understood that the department official was waved through security checks having flashed an official badge. The inspector immediately notified airport authorities of a failure in vetting procedures. Only gardai are permitted to pass unchecked through security.

There are two ways this failure could have happened. One, security person could have thought that Department of Transportation officials have the same privileges as police officers. And two, the security person could have thought she was being shown a police ID.

This could have just as easily been a bad guy showing a fake police ID. My guess is that the security people don’t check them all that carefully.

The meta-point is that exceptions to security are themselves security vulnerabilities. As soon as you create a system by which some people can bypass airport security checkpoints, you invite the bad guys to try and use that system. There are reasons why you might want to create those alternate paths through security, of course, but the trade-offs should be well thought out.

Posted on April 26, 2006 at 6:05 AMView Comments

Software Failure Causes Airport Evacuation

Last month I wrote about airport passenger screening, and mentioned that the X-ray equipment inserts “test” bags into the stream in order to keep screeners more alert. That system failed pretty badly earlier this week at Atlanta’s Hartsfield-Jackson Airport, when a false alarm resulted in a two-hour evacuation of the entire airport.

The screening system injects test images onto the screen. Normally the software flashes the words “This is a test” on the screen after a brief delay, but this time the software failed to indicate that. The screener noticed the image (of a “suspicious device,” according to CNN) and, per procedure, screeners manually checked the bags on the conveyor belt for it. They couldn’t find it, of course, but they evacuated the airport and spent two hours vainly searching for it.

Hartsfield-Jackson is the country’s busiest passenger airport. It’s Delta’s hub city. The delays were felt across the country for the rest of the day.

Okay, so what went wrong here? Clearly the software failed. Just as clearly the screener procedures didn’t fail—everyone did what they were supposed to do.

What is less obvious is that the system failed. It failed, because it was not designed to fail well. A small failure—in this case, a software glitch in a single X-ray machine—cascaded in such a way as to shut down the entire airport. This kind of failure magnification is common in poorly designed security systems. Better would be for there to be individual X-ray machines at the gates—I’ve seen this design at several European airports—so that when there’s a problem the effects are restricted to that gate.

Of course, this distributed security solution would be more expensive. But I’m willing to bet it would be cheaper overall, taking into account the cost of occasionally clearing out an airport.

Posted on April 21, 2006 at 12:49 PMView Comments

Graffiti on Air Force One?

Here’s a video of a bunch of graffiti artists breaching security at Andrew’s Air Force Base, and tagging an Air Force One plane.

I know there are multiple planes—four, I think—and that they are in different states of active service at any one time. And, presumably, the different planes have different security levels depending on their status. Still, part of me thinks this is a hoax.

One, this is the sort of stunt that can get you shot at. And two, posting a video of this can get you arrested.

Anyone know anything about this?

EDITED TO ADD (4/21): It’s a hoax.

Posted on April 18, 2006 at 1:10 PMView Comments

Air Force One Security Leak

Last week the San Francisco Chronicle broke the story that Air Force One’s defenses were exposed on a public Internet site:

Thus, the Air Force reacted with alarm last week after The Chronicle told the Secret Service that a government document containing specific information about the anti-missile defenses on Air Force One and detailed interior maps of the two planes—including the location of Secret Service agents within the planes—was posted on the Web site of an Air Force base.

The document also shows the location where a terrorist armed with a high-caliber sniper rifle could detonate the tanks that supply oxygen to Air Force One’s medical facility.

And a few days later:

Air Force and Pentagon officials scrambled Monday to remove highly sensitive security details about the two Air Force One jetliners after The Chronicle reported that the information had been posted on a public Web site.

The security information—contained in a “technical order”—is used by rescue crews in the event of an emergency aboard various Air Force planes. But this order included details about Air Force One’s anti-missile systems, the location of Secret Service personnel within the aircraft and information on other vulnerabilities that terrorists or a hostile military force could exploit to try to damage or destroy Air Force One, the president’s air carrier.

“We are dealing with literally hundreds of thousands of Web pages, and Web pages are reviewed on a regular basis, but every once in a while something falls through the cracks,” Air Force spokeswoman Lt. Col. Catherine Reardon told The Chronicle.

“We can’t even justify how (the technical order) got out there. It should have been password-protected. We regret it happened. We removed it, and we will look more closely in the future.”

Turns out that this story involves a whole lot more hype than actual security.

The document Caffera found is part of the Air Force’s Technical Order 00-105E-9 – Aerospace Emergency Rescue and Mishap Response Information (Emergency Services) Revision 11. It resided, until recently, on the web site of the Air Logistics Center at Warner Robins Air Force Base. The purpose is pretty straight-ahead: “Recent technological advances in aviation have caused concern for the modern firefighter.” So the document gives “aircraft hazards, cabin configurations, airframe materials, and any other information that would be helpful in fighting fires.”

As a February 2006 briefing from the Air Force Civil Engineer Support Agency, explains that the document is “used by foreign governments or international organizations and is cleared to share this information with the general global public…distribution is unlimited.” The Technical Order existed solely on paper from 1970 to mid-1996, when the Secretary of the Air Force directed that henceforth all technical orders be distributed electronically (for a savings of $270,000 a year). The first CD-ROMs were distributed in January 1999 and the web site at Warner Robins was set up 10 months later. A month after that, the web site became the only place to access the documents, which are routinely updated to reflect changes in aircraft or new regulations.

But back to the document Caffera found. It’s hardly a secret that Air Force One has defenses against surface-to-air missiles. The page that so troubled Caffera indicates that the plane employs infrared countermeasures, with radiating units positioned on the tail and next to or on all four engine pylons. Why does the document provide that level of detail? Because emergency responders could be injured if they walk within a certain radius of one of the IR units while it is operating.

Nor is it remarkable that Secret Service agents would sit in areas on the plane that are close to the President’s suite, as well as between reporters, who are known to sit in the back of the plane, and everyone else. Exactly how this information endangers anyone is unclear. But it would help emergency responders in figuring out where to look for people in the event of an accident. (Interestingly, conjectural drawings of the layout of Air Force One like this one are pretty close to the real deal.)

As for hitting the medical oxygen tanks to destroy the plane, you’d have to be really, really lucky to do that while the plane is moving at any significant speed. And if it’s standing still and you are after the President and armed with a high-caliber sniper rifle, why wouldn’t you target him directly? Besides, if you wanted to make the plane explode, it would be much easier to aim for the fuel tanks in the wings (which when fully-loaded hold 53,611 gallons). Terrorists don’t need a diagram to figure that out. But a rescuer would want this information so that the oxygen valves could be turned off to mitigate the risk of a fire or explosion.

[…]

An Air Force source familiar with the history and purpose of the documents who asked not to be identified laughed when told of the above quote, reiterated that the Technical Order is and always has been unclassified, and said it is unclear how the document can be distributed now, adding that firefighters in particular won’t like any changes that make their jobs more difficult or dangerous.

“The order came down this afternoon [Monday] to remove this particular technical order from the public Web site,’ said John Birdsong, chief of media relations at Warner Robins Air Logistics Center, the air base in Georgia that had originally posted the order on its publicly accessible Web site.

According to Birdsong, the directive to remove the document came from a number of officials, including Dan McGarvey, the chief of information security for the Air Force at the Pentagon.”

Muddying things still further are comments from Jean Schaefer, deputy chief of public affairs for the Secretary of the Air Force. “We have very clear policies of what should be on the Web,” she said. “We need to emphasize the policy to the field. It appears that this document shouldn’t have been on the Web, and we have pulled the document in question. Our policy is clear in that documents that could make our operations vulnerable or threaten the safety of our people should not be available on the Web.”

And now, apparently, neither should documents that help ensure the safety of our pilots, aircrews, firefighters and emergency responders.

Another news report.

Some blogs criticized the San Francisco Chronicle for publishing this, because it gives the terrorists more information. I think they should be criticized for publishing this, because there’s no story here.

EDITED TO ADD (4/11): Much of the document is here.

Posted on April 11, 2006 at 2:40 PMView Comments

Security Screening for New York Helicopters

There’s a helicopter shuttle that runs from Lower Manhattan to Kennedy Airport. It’s basically a luxury item: for $139 you can avoid the drive to the airport. But, of course, security screeners are required for passengers, and that’s causing some concern:

At the request of U.S. Helicopter’s executives, the federal Transportation Security Administration set up a checkpoint, with X-ray and bomb-detection machines, to screen passengers and their luggage at the heliport.

The security agency is spending $560,000 this year to operate the checkpoint with a staff of eight screeners and is considering adding a checkpoint at the heliport at the east end of 34th Street. The agency’s involvement has drawn criticism from some elected officials.

“The bottom line here is that there are not enough screeners to go around,” said Senator Charles E. Schumer, Democrat of New York. “The fact that we are taking screeners that are needed at airports to satisfy a luxury market on the government’s dime is a problem.”

This is not a security problem; it’s an economics problem. And it’s a good illustration of the concept of “externalities.” An externality is an effect of a decision not borne by the decision-maker. In this example, U.S. Helicopter made a business decision to offer this service at a certain price. And customers will make a decision about whether or not the service is worth the money. But there is more to the cost than the $139. The cost of that checkpoint is an externality to both U.S. Helicopter and its customers, because the $560,000 spent on the security checkpoint is paid for by taxpayers. Taxpayers are effectively subsidizing the true cost of the helicopter trip.

The only way to solve this is for the government to bill the airline passengers for the cost of security screening. It wouldn’t be much per ticket, maybe $15. And it would be much less at major airports, because the economies of scale are so much greater.

The article even points out that customers would gladly pay the extra $15 because of another externality: the people who decide whether or not to take the helicopter trip are not the people actually paying for it.

Bobby Weiss, a self-employed stock trader and real estate broker who was U.S. Helicopter’s first paying customer yesterday, said he would pay $300 for a round trip to Kennedy, and he expected most corporate executives would, too.

“It’s $300, but so what? It goes on the expense account,” said Mr. Weiss, adding that he had no qualms about the diversion of federal resources to smooth the path of highfliers. “Maybe a richer guy may save a little time at the expense of a poorer guy who spends a little more time in line.”

What Mr. Weiss is saying is that the costs—both the direct cost and the cost of the security checkpoint—are externalities to him, so he really doesn’t care. Exactly.

Posted on April 4, 2006 at 7:51 AMView Comments

1 37 38 39 40 41 46

Sidebar photo of Bruce Schneier by Joe MacInnis.