Page 26 of 39
I’m not going to quote from this, because you should read it in its entirety. It’s by Dave Mackett, the president of the Airline Pilots Security Alliance, talking about airplane security and terrorism.
Lots of good stuff in there.
A TSA screener doesn’t like the look of a homemade battery charger, and refuses to let it on an airplane. Interesting story, both for the escalation procedure the TSA screener followed, and this final observation:
But these are the times we live in. A handful of people with no knowledge of physics, engineering, or pyrotechnics are responsible for determining what is and what is not safe to bring on a plane. They’re paid minimum wage and told to panic if they see something they don’t recognize. Does this make me feel safer? It doesn’t really matter. Implementing real security would bring the cost of flying up, which would likely cause a collapse of the airborne transportation network this country has worked so hard to build up.
The UK banned laptop computers in carry-on luggage for a few days and quickly reversed the idea. The lack of laptops would make the option unattractive to business professionals. Security would cost more than money and many passengers wouldn’t have accepted it.
So the TSA finally let me onto my flight with the two devices they told me they weren’t going to let me take on my flight. They told me the device looked like an I.E.D., then let me on the plane with it.
Does that mean I can bring them on my flight next week?
And that’s the problem: the TSA is both arbitrary and capricious, and it’s impossible to follow the rules because no one knows how they will be applied.
This guy has a bottle taken away from him, then he picks it out of the trash and takes it on the plane anyway.
I’m not sure whether this is more gutsy or stupid. If he had been caught, the TSA would have made his day pretty damn miserable.
I’m not even sure bragging about it online is a good idea. Too many idiots in the FBI.
Does this make sense to anyone?
TSA said Boeing would use its Monte Carlo simulation model “to identify U.S. commercial aviation system vulnerabilities against a wide variety of attack scenarios.”
The Monte Carlo method refers to several ways of using randomly generated numbers fed into a computer simulation many times to estimate the likelihood of an event, specialists in the field say.
The Monte Carlo method plays an important role in many statistical techniques used to characterize risks, such as the probabilistic risk analysis approach used to evaluate possible problems at a nuclear power plant and their consequences.
Boeing engineers have pushed the mathematical usefulness of the Monte Carlo method forward largely by applying the technique to evaluating the risks and consequences of aircraft component failures.
A DHS source said the work of the U.S. Commercial Aviation Partnership, a group of government and industry organizations, had made TSA officials aware of the potential applicability of the Monte Carlo method to building an RMAT for the air travel system.
A paper by four Boeing technologists and a TSA official describing the RMAT model appeared recently in Interfaces, a scholarly journal covering operations research.
I can’t imagine how random simulations are going to be all that useful in evaluating airplane threats, as the adversary we’re worried about isn’t particularly random—and, in fact, is motivated to target his attacks directly at the weak points in any security measures.
Maybe “chatter” has tipped the TSA off to a Muta al-Stochastic.
Wired.com has the story:
Congress asked Homeland Security’s chief information officer, Scott Charbo, who has a Masters in plant science, to account for more than 800 self-reported vulnerabilities over the last two years and for recently uncovered systemic security problems in US-VISIT, the massive computer network intended to screen and collect the fingerprints and photos of visitors to the United States.
Charbo’s main tactic before the House Homeland Security subcommittee Wednesday was to downplay the seriousness of the threats and to characterize the security investigation of US-VISIT as simultaneously old news and news so new he hasn’t had time to meet with the investigators.
“Key systems operated by Customs and Border Patrol were riddled by control weaknesses,” the Government Accountability Office’s director of Information Security issues Gregory Wilshusen told the committee. Poor security practices and a lack of an authoritative internal map of how various systems interconnect increases the risk that contractors, employees or would-be hackers can or have penetrated and disrupted key DHS computer systems, Wilshusen and Keith Rhodes Director, the GAO’s director of the Center for Technology and Engineering told the committee.
This story is pretty disgusting:
“I demanded to speak to a TSA [Transportation Security Administration] supervisor who asked me if the water in the sippy cup was ‘nursery water or other bottled water.’ I explained that the sippy cup water was filtered tap water. The sippy cup was seized as my son was pointing and crying for his cup. I asked if I could drink the water to get the cup back, and was advised that I would have to leave security and come back through with an empty cup in order to retain the cup. As I was escorted out of security by TSA and a police officer, I unscrewed the cup to drink the water, which accidentally spilled because I was so upset with the situation.
“At this point, I was detained against my will by the police officer and threatened to be arrested for endangering other passengers with the spilled 3 to 4 ounces of water. I was ordered to clean the water, so I got on my hands and knees while my son sat in his stroller with no shoes on since they were also screened and I had no time to put them back on his feet. I asked to call back my fiancé, who I could still see from afar, waiting for us to clear security, to watch my son while I was being detained, and the officer threatened to arrest me if I moved. So I yelled past security to get the attention of my fiancé.
“I was ordered to apologize for the spilled water, and again threatened arrest. I was threatened several times with arrest while detained, and while three other police officers were called to the scene of the mother with the 19 month old. A total of four police officers and three TSA officers reported to the scene where I was being held against my will. I was also told that I should not disrespect the officer and could be arrested for this too. I apologized to the officer and she continued to detain me despite me telling her that I would miss my flight. The officer advised me that I should have thought about this before I ‘intentionally spilled the water!'”
This story portrays the TSA as jack-booted thugs. The story hit the Internet last Thursday, and quickly made the rounds. I saw it on BoingBoing. But, as it turns out, it’s not entirely true.
The TSA has a webpage up, with both the incident report and video.
TSO [REDACTED] took the female to the exit lane with the stroller and her bag. When she got past the exit lane podium she opened the child’s drink container and held her arm out and poured the contents (approx. 6 to 8 ounces) on the floor. MWAA Officer [REDACTED] was manning the exit lane at the time and observed the entire scene and approached the female passenger after observing this and stopped her when she tried to re-enter the sterile area after trying to come back through after spilling the fluids on the floor. The female passenger flashed her badge and credentials and told the MWAA officer “Do you know who I am?” An argument then ensued between the officer and the passenger of whether the spilling of the fluid was intentional or accidental. Officer [REDACTED] asked the passenger to clean up the spill and she did.
Watch the second video. TSO [REDACTED] is partially blocking the scene, but at 2:01:00 PM it’s pretty clear that Monica Emmerson—that’s the female passenger—spills the liquid on the floor on purpose, as a deliberate act of defiance. What happens next is more complicated; you can watch it for yourself, or you can read BoingBoing’s somewhat sarcastic summary.
In this instance, the TSA is clearly in the right.
But there’s a larger lesson here. Remember the Princeton professor who was put on the watch list for criticizing Bush? That was also untrue. Why is it that we all—myself included—believe these stories? Why are we so quick to assume that the TSA is a bunch of jack-booted thugs, officious and arbitrary and drunk with power?
It’s because everything seems so arbitrary, because there’s no accountability or transparency in the DHS. Rules and regulations change all the time, without any explanation or justification. Of course this kind of thing induces paranoia. It’s the sort of thing you read about in history books about East Germany and other police states. It’s not what we expect out of 21st century America.
The problem is larger than the TSA, but the TSA is the part of “homeland security” that the public comes into contact with most often—at least the part of the public that writes about these things most. They’re the public face of the problem, so of course they’re going to get the lion’s share of the finger pointing.
It was smart public relations on the TSA’s part to get the video of the incident on the Internet quickly, but it would be even smarter for the government to restore basic constitutional liberties to our nation’s counterterrorism policy. Accountability and transparency are basic building blocks of any democracy; and the more we lose sight of them, the more we lose our way as a nation.
The DHS wants universities to inventory a long list of chemicals:
Unusual paranoia over chemical attack in the US takes many forms. It can be seen in a recent piece of trouble from the Department of Homeland Security, a long list of “chemicals of interest” it wishes to require all university settings to inventory.
“Academic institutions across the country claim they will have to spend countless hours and scarce resources on documenting very small amounts of chemicals in many different labs that are scattered across sometimes sprawling campuses,” reported a recent Chemical & Engineering News, the publication of the American Chemical Society.
“For 104 chemicals on the list, the threshold is ‘any amount.'”
[…]
If one has a little bit of background in chemical weapons synthesis, one can see DHS is possessed by the idea that terrorists might storm into universities and plunder chem labs for precursors to nerve gases.
Interesting stuff about specific chemicals in the article.
The Data Privacy and Integrity Advisory Committee of the Department of Homeland Security has issued an excellent report on REAL ID:
The REAL ID Act is one of the largest identity management undertakings in history. It would bring more than 200 million people from a large, diverse, and mobile country within a uniformly defined identity system, jointly operated by state governments. This has never been done before in the USA, and it raises numerous policy, privacy, and data security issues that have had only brief scrutiny, particularly given the scope and scale of the undertaking.
It is critical that specific issues be carefully considered before developing and deploying a uniform identity management system in the 21st century. These include, but are not limited to, the implementation costs, the privacy consequences, the security of stored identity documents and personal information, redress and fairness, “mission creep”, and, perhaps most importantly, provisions for national security protections.
The Department of Homeland Security’s Notice of Proposed Rulemaking touched on some of these issues, though it did not explore them in the depth necessary for a system of such magnitude and such consequence. Given that these issues have not received adequate consideration, the Committee feels it is important that the following comments do not constitute an endorsement of REAL ID or the regulations as workable or appropriate.
I’ve written about REAL ID here.
Interesting document.
Lots of good stuff. The nine research areas:
And this implies they’ve accepted the problem:
Cyber attacks are increasing in frequency and impact. Even though these attacks have not yet had a significant impact on our Nation’s critical infrastructures, they have demonstrated that extensive vulnerabilities exist in information systems and networks, with the potential for serious damage. The effects of a successful cyber attack might include: serious consequences for major economic and industrial sectors, threats to infrastructure elements such as electric power, and disruption of the response and communications capabilities of first responders.
It’s good to see research money going to this stuff.
Sidebar photo of Bruce Schneier by Joe MacInnis.