Entries Tagged "homeland security"

Page 32 of 37

Flying Without ID

According to the TSA, in the 9th Circuit Case of John Gilmore, you are allowed to fly without showing ID—you’ll just have to submit yourself to secondary screening.

The Identity Project wants you to try it out. If you have time, try to fly without showing ID.

Mr. Gilmore recommends that every traveler who is concerned with privacy or anonymity should opt to become a “selectee” rather than show an ID. We are very likely to lose the right to travel anonymously, if citizens do not exercise it. TSA and the airlines will attempt to make it inconvenient for you, by wasting your time and hassling you, but they can’t do much in that regard without compromising their avowed missions, which are to transport paying passengers, and to keep weapons off planes. If you never served in the armed services, this is a much easier way to spend some time keeping your society free. (Bring a copy of the court decision with you and point out some of the numerous places it says you can fly as a selectee rather than show ID. Paper tickets are also helpful, though not required.)

I’m curious what the results are.

EDITED TO ADD (11/25): Here’s someone who tried, and failed.

Posted on March 10, 2006 at 7:20 AMView Comments

Fighting Misuse of the Patriot Act

I like this idea:

I had to sign a tedious business contract the other day. They wanted my corporation number—fair enough—plus my Social Security number—well, if you insist—and also my driver’s license number—hang on, what’s the deal with that?

Well, we e-mailed over a query and they e-mailed back that it was a requirement of the Patriot Act. So we asked where exactly in the Patriot Act could this particular requirement be found and, after a bit of a delay, we got an answer.

And on discovering that there was no mention of driver’s licenses in that particular subsection, I wrote back that we have a policy of reporting all erroneous invocations of the Patriot Act to the Department of Homeland Security on the grounds that such invocations weaken the rationale for the act, and thereby undermine public support for genuine anti-terrorism measures and thus constitute a threat to America’s national security.

And about 10 minutes after that the guy sent back an e-mail saying he didn’t need the driver’s license number after all.

Posted on March 8, 2006 at 7:17 AMView Comments

The Terrorist Threat of Paying Your Credit Card Balance

This article shows how badly terrorist profiling can go wrong:

They paid down some debt. The balance on their JCPenney Platinum MasterCard had gotten to an unhealthy level. So they sent in a large payment, a check for $6,522.

And an alarm went off. A red flag went up. The Soehnges’ behavior was found questionable.

And all they did was pay down their debt. They didn’t call a suspected terrorist on their cell phone. They didn’t try to sneak a machine gun through customs.

They just paid a hefty chunk of their credit card balance. And they learned how frighteningly wide the net of suspicion has been cast.

After sending in the check, they checked online to see if their account had been duly credited. They learned that the check had arrived, but the amount available for credit on their account hadn’t changed.

So Deana Soehnge called the credit-card company. Then Walter called.

“When you mess with my money, I want to know why,” he said.

They both learned the same astounding piece of information about the little things that can set the threat sensors to beeping and blinking.

They were told, as they moved up the managerial ladder at the call center, that the amount they had sent in was much larger than their normal monthly payment. And if the increase hits a certain percentage higher than that normal payment, Homeland Security has to be notified. And the money doesn’t move until the threat alert is lifted.

The article goes on to blame something called the Bank Privacy Act, but that’s not correct. The culprit here is the amendments made to the Bank Secrecy Act by the USA Patriot Act, Sections 351 and 352. There’s a general discussion here, and the Federal Register here.

There has been some rumbling on the net that this story is badly garbled—or even a hoax—but certainly this kind of thing is what financial institutions are required to report under the Patriot Act.

Remember, all the time spent chasing down silly false alarms is time wasted. Finding terrorist plots is a signal-to-noise problem, and stuff like this substantially decreases that ratio: it adds a lot of noise without adding enough signal. It makes us less safe, because it makes terrorist plots harder to find.

Posted on March 6, 2006 at 10:45 AMView Comments

Secure Flight Suspended

The TSA has announced that Secure Flight, its comprehensive program to match airline passangers against terrorist watch lists, has been suspended:

And because of security concerns, the government is going back to the drawing board with the program called Secure Flight after spending nearly four years and $150 million on it, the Senate Commerce Committee was told.

I have written about this program extensively, most recently here. It’s an absolute mess in every way, and doesn’t make us safer.

But don’t think this is the end. Under Section 4012 of the Intelligence Reform and Terrorism Prevention Act, Congress mandated the TSA put in place a program to screen every domestic passenger against the watch list. Until Congress repeals that mandate, these postponements and suspensions are the best we can hope for. Expect it all to come back under a different name—and a clean record in the eyes of those not paying close attention—soon.

EDITED TO ADD (2/15): Ed Felton has some good commentary:

Instead of sticking to this more modest plan, Secure Flight became a vehicle for pie-in-the-sky plans about data mining and automatic identification of terrorists from consumer databases. As the program’s goals grew more ambitious and collided with practical design and deployment challenges, the program lost focus and seemed to have a different rationale and plan from one month to the next.

Posted on February 13, 2006 at 6:09 AMView Comments

DHS Funding Open Source Security

From eWeek:

The U.S. government’s Department of Homeland Security plans to spend $1.24 million over three years to fund an ambitious software auditing project aimed at beefing up the security and reliability of several widely deployed open-source products.

The grant, called the “Vulnerability Discovery and Remediation Open Source Hardening Project,” is part of a broad federal initiative to perform daily security audits of approximately 40 open-source software packages, including Linux, Apache, MySQL and Sendmail.

The plan is to use source code analysis technology from San Francisco-based Coverity Inc. to pinpoint and correct security vulnerabilities and other potentially dangerous defects in key open-source packages.

Software engineers at Stanford University will manage the project and maintain a publicly available database of bugs and defects.

Anti-virus vendor Symantec Corp. is providing guidance as to where security gaps might be in certain open-source projects.

I think this is a great use of public funds. One of the limitations of open-source development is that it’s hard to fund tools like Coverity. And this kind of thing improves security for a lot of different organizations against a wide variety of threats. And it increases competition with Microsoft, which will force them to improve their OS as well. Everybody wins.

What’s affected?

In addition to Linux, Apache, MySQL and Sendmail, the project will also pore over the code bases for FreeBSD, Mozilla, PostgreSQL and the GTK (GIMP Tool Kit) library.

And from ZDNet:

The list of open-source projects that Stanford and Coverity plan to check for security bugs includes Apache, BIND, Ethereal, KDE, Linux, Firefox, FreeBSD, OpenBSD, OpenSSL and MySQL, Coverity said.

Posted on January 17, 2006 at 1:04 PMView Comments

Story About "Little Red Book" and Federal Agents a Hoax

This is important news:

The UMass Dartmouth student who claimed to have been visited by Homeland Security agents over his request for “The Little Red Book” by Mao Zedong has admitted to making up the entire story.

The 22-year-old student tearfully admitted he made the story up to his history professor, Dr. Brian Glyn Williams, and his parents, after being confronted with the inconsistencies in his account.

Had the student stuck to his original story, it might never have been proved false.

But on Thursday, when the student told his tale in the office of UMass Dartmouth professor Dr. Robert Pontbriand to Dr. Williams, Dr. Pontbriand, university spokesman John Hoey and The Standard-Times, the student added new details.

The agents had returned, the student said, just last night. The two agents, the student, his parents and the student’s uncle all signed confidentiality agreements, he claimed, to put an end to the matter.

But when Dr. Williams went to the student’s home yesterday and relayed that part of the story to his parents, it was the first time they had heard it. The story began to unravel, and the student, faced with the truth, broke down and cried.

I don’t know what the moral is, here. 1) He’s an idiot. 2) Don’t believe everything you read. 3) We live in such an invasive political climate that such stories are easily believable. 4) He’s definitely an idiot.

Posted on December 24, 2005 at 8:53 AMView Comments

A Pilot on Airline Security

Good comments from Salon’s pilot-in-residence on airline security:

In the days ahead, you can expect sharp debate on whether the killing was justified, and whether the nation’s several thousand air marshals—their exact number is a tightly guarded secret—undergo sufficient training. How are they taught to deal with mentally ill individuals who might be unpredictable and unstable, but not necessarily dangerous? Are the rules of engagement overly aggressive?

Those are fair questions, but not the most important ones.

Wednesday’s incident fulfills what many of us predicted ever since the Federal Air Marshals Service was widely expanded following the 2001 terror attacks in New York, Pennsylvania and Washington: The first person killed by a sky marshal, whether through accident or misunderstanding, would not be a terrorist. In a lot of ways, Alpizar is the latest casualty of Sept. 11. He is not the victim of a trigger-happy federal marshal but of our own, now fully metastasized security mania.

And:

Terrorists, meanwhile, won’t waste their time on schemes with such an extreme likelihood of failure.

Unfortunately, the same cannot be said for us. In America, reasoned debate and clear thinking aren’t the useful currencies they once were, and backlash to the TSA’s announcement has come from a host of unexpected sources—members of Congress, flight attendants unions and families of Sept. 11 victims.

“The Bush administration proposal is just asking the next Mohammed Atta to move from box cutters to scissors,” said Rep. Markey.

Actually, that Atta and his henchmen used box cutters to commandeer four aircraft means very little. Just as effectively, they could have employed snapped-off pieces of plastic, shattered bottles or, for that matter, their own bare fists and some clever wile. Sept. 11 had nothing to do with exploiting airport security and everything to do with exploiting our mindset at the time. What weapons the terrorists had or didn’t have is essentially irrelevant. Hijackings, to that point in history, were perpetrated mainly through bluff, and while occasionally deadly, they seldom resulted in more than a temporary inconvenience—diversions to Cuba or cities in the Middle East. The moment American flight 11 collided with the north tower of the World Trade Center, everything changed; good luck to the next skyjacker stupid enough to attempt the same stunt with anything less than a flamethrower in his hand.

And finally:

This is almost acceptable, if only there weren’t so many hours of squandered time and manpower in the balance. Nobody wants weapons on a jetliner. But, more critical, neither do we want to bog down the system. The longer we fuss at the metal detectors over low-threat objects, the greater we expose ourselves to the very serious dangers of bombs and explosives. TSA is not in need of more screeners; it’s in need of reallocation of personnel and resources.

It was, we shouldn’t forget, 17 years ago this month that Pan Am flight 103 was destroyed over Lockerbie, Scotland by a stash of Semtex hidden inside a Toshiba radio in a piece of checked luggage. Then as now, and perhaps for years to come, explosives were the most serious high-level threat facing commercial aviation. European authorities were quick to implement a sweeping revision of luggage-screening protocols designed to thwart another Lockerbie. It took almost 15 years, and the catastrophe of Sept. 11, before America began to do the same—and a comprehensive system still isn’t fully in place.

Flying was and remains exceptionally safe, but whether that’s because or in spite of the system is tough to tell. The “war on terror” has left us fighting many enemies—some real, many imagined. We’ll figure things out at some point, maybe. Until then, dead in Miami, Rigoberto Alpizar is yet more collateral damage.

Posted on December 12, 2005 at 1:21 PMView Comments

Truckers Watching the Highways

Highway Watch is yet another civilian distributed counterterrorism program. Basically, truckers are trained to look out for suspicious activities on the highways. Despite its similarities to such ill-conceived still-born programs like TIPS, I think this one has some merit.

Why? Two things: training, and a broader focus than terrorism. This is from their overview:

Highway Watch® training provides Highway Watch® participants with the observational tools and the opportunity to exercise their expert understand of the transportation environment to report safety and security concerns rapidly and accurately to the authorities. In addition to matters of homeland security – stranded vehicles or accidents, unsafe road conditions, and other safety related situations are reported eliciting the appropriate emergence responders. Highway Watch® reports are combined with other information sources and shared both with federal agencies and the roadway transportation sector by the Highway ISAC.

Sure, the “matters of homeland security” is the sexy application that gets the press and the funding, but “stranded vehicles or accidents, unsafe road conditions, and other safety related situations” are likely to be the bread and butter of this kind of program. And interstate truckers are likely to be in a good position to report these things, assuming there’s a good mechanism for it.

About the training:

Highway Watch® participants attend a comprehensive training session before they become certified Highway Watch® members. This training incorporates both safety and security issues. Participants are instructed on what to look for when witnessing traffic accidents and other safety-related situations and how to make a proper emergency report. Highway Watch® curriculum also provides anti-terrorism information, such as: a brief account of modern terrorist attacks from around the world, an outline explaining how terrorist acts are usually carried out, and tips on preventing terrorism. From this solid baseline curriculum, different segments of the highway sector have or are developing unique modules attuned to their specific security related situation.

Okay, okay, it does sound a bit hokey. “…tips on preventing terrorism” indeed. (Tip #7: When transporting nuclear wastes, always be sure to padlock your truck. Tip #12: If someone asks you to deliver a trailer to the parking lot underneath a large office building and run away very fast, always check with your supervisor first.) But again, I like the inclusion of the mundane “what to look for when witnessing traffic accidents and other safety-related situations and how to make a proper emergency report.”

This program has a lot of features I like in security systems: it’s dynamic, it’s distributed, it relies on trained people paying attention, and it’s not focused on a specific threat.

Usually we see terrorism as the justification for something that is ineffective and wasteful. Done right, this could be an example of terrorism being used as the justification for something that is smart and effective.

Posted on December 8, 2005 at 12:12 PMView Comments

30,000 People Mistakenly Put on Terrorist Watch List

This is incredible:

Nearly 30,000 airline passengers discovered in the past year that they were mistakenly placed on federal “terrorist” watch lists, a transportation security official said Tuesday.

When are we finally going to admit that the DHS is incompetent at this?

EDITED TO ADD (12/7): At least they weren’t kidnapped and imprisoned for five months, and “shackled, beaten, photographed nude and injected with drugs by interrogators.”

Posted on December 7, 2005 at 10:26 AMView Comments

1 30 31 32 33 34 37

Sidebar photo of Bruce Schneier by Joe MacInnis.