Entries Tagged "homeland security"

Page 36 of 37

Banning Matches and Lighters on Airplanes

According to the Washington Post:

When Congress voted last year to prohibit passengers from bringing lighters and matches aboard commercial airplanes, it sounded like a reasonable idea for improving airline security.

But as airports and government leaders began discussing how to create flame-free airport terminals, the task became more complicated. Would newsstands and other small airport stores located beyond the security checkpoint have to stop selling lighters? Would airports have to ban smoking and close smoking lounges? How would security screeners detect matches in passengers’ pockets or carry-on bags when they don’t contain metal to set off the magnetometers? And what about arriving international travelers, who might have matches and lighters with them as they walk through the terminal?

It’s the silly security season out there. Given all of the things to spend money on to improve security, how this got to the top of anyone’s list is beyond me.

Posted on March 4, 2005 at 3:00 PMView Comments

Sneaking Items Aboard Aircraft

A Pennsylvania Supreme Court Justice faces a fine—although no criminal charges at the moment—for trying to sneak a knife aboard an aircraft.

Saylor, 58, and his wife entered a security checkpoint Feb. 4 on a trip to Philadelphia when screeners found a small Swiss Army-style knife attached to his key chain.

A police report said he was told the item could not be carried onto a plane and that he needed to place the knife into checked luggage or make other arrangements.

When Saylor returned a short time later to be screened a second time, an X-ray machine detected a knife inside his carry-on luggage, police said.

There are two points worth making here. One: ridiculous rules have a way of turning people into criminals. And two: this is an example of a security failure, not a security success.

Security systems fail in one of two ways. They can fail to stop the bad guy, and they can mistakenly stop the good guy. The TSA likes to measure its success by looking at the forbidden items they have prevented from being carried onto aircraft, but that’s wrong. Every time the TSA takes a pocketknife from an innocent person, that’s a security failure. It’s a false alarm. The system has prevented access where no prevention was required. This, coupled with the widespread belief that the bad guys will find a way around the system, demonstrates what a colossal waste of money it is.

Posted on February 28, 2005 at 8:00 AMView Comments

Airport Screeners Cheat to Pass Tests

According to the San Franciso Chronicle:

The private firm in charge of security at San Francisco International Airport cheated to pass tests aimed at ensuring it could stop terrorists from smuggling weapons onto flights, a former employee contends.

All security systems require trusted people: people that must be trusted in order for the security to work. If the trusted people turn out not to be trustworthy, security fails.

Posted on February 24, 2005 at 8:00 AMView Comments

TSA's Secure Flight

As I wrote previously, I am participating in a working group to study the security and privacy of Secure Flight, the U.S. government’s program to match airline passengers with a terrorist watch list. In the end, I signed the NDA allowing me access to SSI (Sensitive Security Information) documents, but managed to avoid filling out the paperwork for a SECRET security clearance.

Last week the group had its second meeting.

So far, I have four general conclusions. One, assuming that we need to implement a program of matching airline passengers with names on terrorism watch lists, Secure Flight is a major improvement—in almost every way—over what is currently in place. (And by this I mean the matching program, not any potential uses of commercial or other third-party data.)

Two, the security system surrounding Secure Flight is riddled with security holes. There are security problems with false IDs, ID verification, the ability to fly on someone else’s ticket, airline procedures, etc.

Three, the urge to use this system for other things will be irresistible. It’s just too easy to say: “As long as you’ve got this system that watches out for terrorists, how about also looking for this list of drug dealers…and by the way, we’ve got the Super Bowl to worry about too.” Once Secure Flight gets built, all it’ll take is a new law and we’ll have a nationwide security checkpoint system.

And four, a program of matching airline passengers with names on terrorism watch lists is not making us appreciably safer, and is a lousy way to spend our security dollars.

Unfortunately, Congress has mandated that Secure Flight be implemented, so it is unlikely that the program will be killed. And analyzing the effectiveness of the program in general, potential mission creep, and whether the general idea is a worthwhile one, is beyond the scope of our little group. In other words, my first conclusion is basically all that they’re interested in hearing.

But that means I can write about everything else.

To speak to my fourth conclusion: Imagine for a minute that Secure Flight is perfect. That is, we can ensure that no one can fly under a false identity, that the watch lists have perfect identity information, and that Secure Flight can perfectly determine if a passenger is on the watch list: no false positives and no false negatives. Even if we could do all that, Secure Flight wouldn’t be worth it.

Secure Flight is a passive system. It waits for the bad guys to buy an airplane ticket and try to board. If the bad guys don’t fly, it’s a waste of money. If the bad guys try to blow up shopping malls instead of airplanes, it’s a waste of money.

If I had some millions of dollars to spend on terrorism security, and I had a watch list of potential terrorists, I would spend that money investigating those people. I would try to determine whether or not they were a terrorism threat before they got to the airport, or even if they had no intention of visiting an airport. I would try to prevent their plot regardless of whether it involved airplanes. I would clear the innocent people, and I would go after the guilty. I wouldn’t build a complex computerized infrastructure and wait until one of them happened to wander into an airport. It just doesn’t make security sense.

That’s my usual metric when I think about a terrorism security measure: Would it be more effective than taking that money and funding intelligence, investigation, or emergency response—things that protect us regardless of what the terrorists are planning next. Money spent on security measures that only work against a particular terrorist tactic, forgetting that terrorists are adaptable, is largely wasted.

Posted on January 31, 2005 at 9:26 AMView Comments

American Airlines Data Collection

From BoingBoing:

Last week on a trip from London to the US, American Airlines demanded that I write out a list of the names and addresses of all the friends I would be staying with in the USA. They claimed that this was due to a TSA regulation, but refused to state which regulation required them to gather this information, nor what they would do with it once they’d gathered it. I raised a stink, and was eventually told that I wouldn’t have to give them the requested dossier because I was a Platinum AAdvantage Card holder (i.e., because I fly frequently with AA).

The whole story is worth reading. It’s hard to know what’s really going on, because there’s so much information I don’t have. But it’s chilling nonetheless.

Posted on January 20, 2005 at 9:28 AMView Comments

Secure Flight Privacy/IT Working Group

I am participating in a working group to help evaluate the effectiveness and privacy implications of the TSA’s Secure Flight program. We’ve had one meeting so far, and it looks like it will be an interesting exercise.

For those who have not been following along, Secure Flight is the follow-on to CAPPS-I. (CAPPS stands for Computer Assisted Passenger Pre-Screening.) CAPPS-I has been in place since 1997, and is a simple system to match airplane passengers to a terrorist watch list. A follow-on system, CAPPS-II, was proposed last year. That complicated system would have given every traveler a risk score based on information in government and commercial databases. There was a huge public outcry over the invasiveness of the system, and it was cancelled over the summer. Secure Flight is the new follow-on system to CAPPS-I.

Many of us believe that Secure Flight is just CAPPS-II with a new name. I hope to learn whether or not that is true.

I hope to learn a lot of things about Secure Flight and airline passenger profiling in general, but I probably won’t be able to write about it. In order to be a member of this working group, I was required to apply for a U.S. government SECRET security clearance and sign an NDA, promising that I would not disclose something called “Sensitive Security Information.”

SSI is one of three new categories of secret information, all of I think have no reason to exist. There is already a classification scheme—CONFIDENTIAL, SECRET, TOP SECRET, etc.—and information should either fit into that scheme or be public. A new scheme is just confusing. The NDA we were supposed to sign was very general, and included such provisions as allowing the government to conduct warrantless searches of our residences. (Two federal unions have threatened to sue the government over several provisions in that NDA, which applies to many DHS employees. And just recently, the DHS backed down.)

After push-back by myself and several others, we were given a much less onerous NDA to sign.

I am not happy about the secrecy surrounding the working group. NDAs and classified briefings raise serious ethical issues for government oversight committees. My suspicion is that I will be wowed with secret, unverifiable assertions that I will either have to accept or (more likely) question, but not be able to discuss with others. In general, secret deliberations favor the interests of those who impose the rules. They really run against the spirit of the Federal Advisory Committee Act (FACA).

Moreover, I’m not sure why this working group is not in violation of FACA. FACA is a 1972 law intended to govern how the Executive branch uses groups of advisors outside the federal government. Among other rules, it requires that advisory committees announce their meetings, hold them in public, and take minutes that are available to the public. The DHS was given a specific exemption from FACA when it was established: the Secretary of Homeland Security has the authority to exempt any advisory committee from FACA; the only requirement is that the Secretary publish notice of the committee in the Federal Register. I looked, and have not seen any such announcement.

Because of the NDA and the failure to follow FACA, I will not be able to fully exercise my First Amendment rights. That means that the government can stop me from saying things that may be important for the public to know. For example, if I learn that the old CAPPS program failed to identify actual terrorists, or that a lot of people who were not terrorists were wrongfully pulled off planes and the government has tried to keep this quiet—I’m just making these up—I can’t tell you. The government could prosecute me under the NDA because they might claim these facts are SSI and the public would never know this information, because there would be no open meeting obligations as there are for FACA committees.

In other words, the secrecy of this committee could have a real impact on the public understanding of whether or not air passenger screening really works.

In any case, I hope I can help make Secure Flight an effective security tool. I hope I can help minimize the privacy invasions on the program if it continues, and help kill it if it is ineffective. I’m not optimistic, but I’m hopeful.

I’m not hopeful that you will ever learn the results of this working group. We’re preparing our report for the Aviation Security Advisory Committee, and I very much doubt that they will release the report to the public.

Original NDA

Story about unions objecting to the NDA

And a recent development that may or may not affect this group

Posted on January 13, 2005 at 9:08 AMView Comments

Altimeter Watches Now a Terrorism Threat

This story is so idiotic that I have trouble believing it’s true. According to MSNBC:

An advisory issued Monday by the Department of Homeland Security and the FBI urges the Transportation Security Administration to have airport screeners keep an eye out for wristwatches containing cigarette lighters or altimeters.

The notice says “recent intelligence suggests al-Qaida has expressed interest in obtaining wristwatches with a hidden butane-lighter function and Casio watches with an altimeter function. Casio watches have been extensively used by al-Qaida and associated organizations as timers for improvised explosive devices. The Casio brand is likely chosen due to its worldwide availability and inexpensive price.”

Clocks and watches definitely make good device timers for remotely triggered bombs. In this scenario, the person carrying the watch is an innocent. (Otherwise he wouldn’t need a remote triggering device; he could set the bomb off himself.) This implies that the bomb is stuffed inside the functional watch. But if you assume a bomb as small as the non-functioning space in a wristwatch can blow up an airplane, you’ve got problems far bigger than one particular brand of wristwatch. This story simply makes no sense.

And, like most of the random “alerts” from the DHS, it’s not based on any real facts:

The advisory notes that there is no specific information indicating any terrorist plans to use the devices, but it urges screeners to watch for them.

I wish the DHS were half as good at keeping people safe as they are at scaring people. (I’ve written more about that here.)

Posted on January 5, 2005 at 12:34 PMView Comments

Airline Passenger Profiling

From an anonymous reader who works for the airline industry in the United States:

There are two initiatives in the works, neither of which leaves me feeling very good about privacy rights.

The first is being put together by the TSA and is called the “Secure Flight Initiative.” An initial test of this program was performed recently and involved each airline listed in the document having to send in passenger information (aka PNR data) for every passenger that “completed a successful domestic trip” during June 2004. A sample of some of the fields that were required to be sent: name, address, phone (if available), itinerary, any comments in the PNR record made by airline personnel, credit card number and expiration date, and any changes made to the booking before the actual flight.

This test data was transmitted to the TSA via physical CD. The requirement was that we “encrypt” it using pkzip (or equivalent) before putting it on the CD. We were to then e-mail the password to the Secure Flight Initiative e-mail address. Although this is far from ideal, it is in fact a big step up. The original process was going to have people simply e-mail the above data to the TSA. They claim to have a secure facility where the data is stored.

As far as the TSA’s retention of the data, the only information we have been given is that as soon as the test phase is over, they will securely delete the data. We were given no choice but had to simply take their word for it.

Rollout of the Secure Flight initiative is scheduled for “next year” sometime. They’re going to start with larger carriers and work their way down to the smaller carriers. It hasn’t been formalized (as far as I know) yet as to what data will be required to be transmitted when. My suspicion is that upon flight takeoff, all PNR data for all passengers on board will be required to be sent. At this point, I still have not heard as to what method will be used for data transmission.

There is another initiative being implemented by the Customs and Border Protection, which is part of the Department of Homeland Security. This (unnamed) initiative is essentially the same thing as the Secure Flight program. That’s right—two government agencies are requiring us to transmit the information separately to each of them. So much for information sharing within the government.

Most larger carriers are complying with this directive by simply allowing the CBP access to their records directly within their
reservation systems (often hosted by folks like Sabre, Worldspan, Galileo, etc). Others (such as the airline I work for) are opting to
only transmit the bare requirements without giving direct access to our system. The data is transmitted over a proprietary data network that is used by the airline industry.

There are a couple of differences between the Secure Flight program and the one being instituted by the CBP. The CBP’s program requires that PNR data for all booked passengers be transmitted:

  • 72 hours before flight time
  • 24 hours before flight time
  • 8 hours before flight time
  • and then again immediately after flight departure

The other major difference is that it looks as though there will be a requirement that we operate in a way that allows them to send a request for data for any flight at any time which we must send back in an automated fashion.

Oh, and just as a kick in the pants, the airlines are expected to pay the costs for all these data transmissions (to the tune of several thousand dollars a month).

Posted on December 22, 2004 at 10:06 AMView Comments

Airline Security and the TSA

Recently I received this e-mail from an anonymous Transportation Security Association employee—those are the guys that screen you at airports—about something I wrote about airline security:

I was going through my email archives and found a link to a story. Apparently you enjoy attacking TSA, and relish in stories where others will do it for you. I work for TSA, and understand that a lot of what they do is little more than “window dressing” (your words). However, very few can argue that they are a lot more effective than the rent-a-cop agencies that were supposed to be securing the airports pre-9/11.

Specifically to the story, it has all the overtones of Urban Legend: overly emotional, details about the event but only giving names of self and “pet,” overly verbose, etc. Bottom line, that the TSA screener and supervisor told our storyteller that the fish was “in no way… allowed to pass through security” is in direct violation of publicly accessible TSA policy. Fish may be unusual, but they’re certainly not forbidden.

I’m disappointed, Bruce. Usually you’re well researched. Your articles and books are very well documented and cross-referenced. However, when it comes to attacking TSA, you seem to take some stories at face value without verifying the facts and TSA policies. I’m also disappointed that you would popularize a story that implicitly tells people to hide their “prohibited items” from security. I have personally witnessed people get arrested for thinking they were clever in hiding something they shouldn’t be carrying anyway.

For those who don’t want to follow the story, it’s about a college student who was told by TSA employees that she could not take her fish on the airplane for security reasons. She then smuggled the fish aboard by hiding it in her carry-on luggage. Final score: fish 1, TSA 0.

To the points in the letter:

  1. You may be right that the story is an urban legend. But it did appear in a respectable newspaper, and I hope the newspaper did at least some fact-checking. I may have been overly optimistic.

  2. You are certainly right that pets are allowed on board airplanes. But just because something is official TSA policy doesn’t mean it’s necessarily followed in the field. There have been many instances of TSA employees inventing rules. It doesn’t surprise me in the least that one of them refused to allow a fish on an airplane.

  3. I am happy to popularize a story that implicitly tells people to hide prohibited items from airline security. I’m even happy to explicitly tell people to hide prohibited items from airline security. A friend of mine recently figured out how to reliably sneak her needlepoint scissors through security—they’re the foldable kind, and she slips them against a loose leaf binder—and I am pleased to publicize that. Hell, I’ve even explained how to fly on someone else’s airline ticket and make your own knife on board an airplane [Beyond Fear, page 85].

  4. I think airline passenger screening is inane. It’s invasive, expensive, time-consuming, and doesn’t make us safer. I think that civil disobedience is a perfectly reasonable reaction.

  5. Honestly, you won’t get arrested if you simply play dumb when caught. Unless, that is, you’re smuggling an actual gun or bomb aboard an aircraft, in which case you probably deserve to get arrested.

Posted on December 6, 2004 at 9:15 AMView Comments

1 34 35 36 37

Sidebar photo of Bruce Schneier by Joe MacInnis.