Entries Tagged "public transit"

Page 6 of 7

Police Department Privilege Escalation

It’s easier than you think to create your own police department in the United States.

Yosef Maiwandi formed the San Gabriel Valley Transit Authority—a tiny, privately run nonprofit organization that provides bus rides to disabled people and senior citizens. It operates out of an auto repair shop. Then, because the law seems to allow transit companies to form their own police departments, he formed the San Gabriel Valley Transit Authority Police Department. As a thank you, he made Stefan Eriksson a deputy police commissioner of the San Gabriel Transit Authority Police’s anti-terrorism division, and gave him business cards.

Police departments like this don’t have much legal authority, they don’t really need to. My guess is that the name alone is impressive enough.

In the computer security world, privilege escalation means using some legitimately granted authority to secure extra authority that was not intended. This is a real-world counterpart. Even though transit police departments are meant to police their vehicles only, the title—and the ostensible authority that comes along with it—is useful elsewhere. Someone with criminal intent could easily use this authority to evade scrutiny or commit fraud.

Deal said that his agency has discovered that several railroad agencies around California have created police departments—even though the companies have no rail lines in California to patrol. The police certification agency is seeking to decertify those agencies because it sees no reason for them to exist in California.

The issue of private transit firms creating police agencies has in recent years been a concern in Illinois, where several individuals with criminal histories created railroads as a means of forming a police agency.

The real problem is that we’re too deferential to police power. We don’t know the limits of police authority, whether it be an airport policeman or someone with a business card from the “San Gabriel Valley Transit Authority Police Department.”

Posted on March 15, 2006 at 7:47 AMView Comments

Bomb-Sniffing Wasps

No, this isn’t from The Onion. Trained wasps:

The tiny, non-stinging wasps can check for hidden explosives at airports and monitor for toxins in subway tunnels.

“You can rear them by the thousands, and you can train them within a matter of minutes,” says Joe Lewis, a U.S. Agriculture Department entomologist. “This is just the very tip of the iceberg of a very new resource.”

Sounds like it will be cheap enough….

EDITED TO ADD (12/29): Bomb-sniffing bees are old news.

Posted on December 28, 2005 at 12:47 PMView Comments

Richard Clarke Advised New York City Subway Searches

Now this is a surprise. Richard Clarke advised New York City to perform those pointless subway searches:

Mr. Clarke, a former counterterrorism adviser to two presidents, received widespread attention last year for his criticism of President Bush’s response to the Sept. 11 attacks, detailed in a searing memoir and in security testimony before the 9/11 Commission.

Unknown to the public, until recently, was Mr. Clarke’s role in advising New York City officials in helping to devise the “container inspection program” that the Police Department began in July after two attacks on the transit system in London.

Seems that his goal wasn’t to deter terrorism, but simply to move it from the New York City subways to another target; perhaps the Boston subways?

“Obviously you want to catch people with bombs on their back, but there is a value to a program that doesn’t stop everyone and isn’t compulsory,” he said in a deposition.

Mr. Clarke later added, “The goal here is to impart to the terrorists a sense that there is an enhanced security program, to deter them from going into the New York subway and choosing that as a target.”

Posted on November 8, 2005 at 12:49 PMView Comments

A "Typical" Terrorist

A simply horrible lead sentence in a Manila Times story:

If you see a man aged 17 to 35, wearing a ball cap, carrying a backpack, clutching a cellular phone and acting uneasily, chances are he is a terrorist.

Let’s see: Approximately 4.5 million people use the New York City subway every day. Assume that the above profile fits 1% of them. Does that mean that there are 25,000 terrorists riding the New York City subways every single day? Seems unlikely.

The rest of the article gets better, but still….

At least that is how the National Capital Regional Police Office (NCRPO) has “profiled” a terrorist.

Sr. Supt. Felipe Rojas Jr., chief of the NCRPO Regional Intelligence and Investigation Division (RIID), said Friday that his group came up with the profile based on the descriptions of witnesses in previous bombings.

Rojas said the US Federal Bureau of Investigation has a similar terrorist profile.

But a source in the intelligence community derided the profile, calling it stereotyped and inaccurate.

The police profile does not apply to the female bombers who the military said were being trained for suicide missions in Metro Manila.

Posted on October 20, 2005 at 11:47 AMView Comments

Exploding Baby Carriages in Subways

This is a great example of a movie-plot threat.

A terrorist plot to attack the subways with bomb-laden baby carriages and briefcases—the most specific threat ever made against the city—triggered a massive security crackdown yesterday.

This is not to say that there isn’t a real plot that was uncovered, but the specificity of the threat seems a bit ridiculous.

And if we ban baby carriages from the subways, and the terrorists put their bombs in duffel bags instead, have we really won anything?

EDITED TO ADD: The threat was a hoax.

Posted on October 11, 2005 at 8:12 AMView Comments

The Keys to the Sydney Subway

Global secrets are generally considered poor security. The problems are twofold. One, you cannot apply any granularity to the security system; someone either knows the secret or does not. And two, global secrets are brittle. They fail badly; if the secret gets out, then the bad guys have a pretty powerful secret.

This is the situation right now in Sydney, where someone stole the master key that gives access to every train in the metropolitan area, and also starts them.

Unfortunately, this isn’t a thief who got lucky. It happened twice, and it’s possible that the keys were the target:

The keys, each of which could start every train, were taken in separate robberies within hours of each other from the North Shore Line although police believed the thefts were unrelated, a RailCorp spokeswoman said.

The first incident occurred at Gordon station when the driver of an empty train was robbed of the keys by two balaclava-clad men shortly after midnight on Sunday morning.

The second theft took place at Waverton Station on Sunday night when a driver was robbed of a bag, which contained the keys, she said.

So, what can someone do with the master key to the Sydney subway? It’s more likely a criminal than a terrorist, but even so it’s definitely a serious issue:

A spokesman for RailCorp told the paper it was taking the matter “very seriously,” but would not change the locks on its trains.

Instead, as of Sunday night, it had increased security around its sidings, with more patrols by private security guards and transit officers.

The spokesman said a “range of security measures” meant a train could not be stolen, even with the keys.

I don’t know if RailCorp should change the locks. I don’t know the risk: whether that “range of security measures” only protects against train theft—an unlikely scenario, if you ask me—or other potential scenarios as well. And I don’t know how expensive it would be to change the locks.

Another problem with global secrets is that it’s expensive to recover from a security failure.

And this certainly isn’t the first time a master key fell into the wrong hands:

Mr Graham said there was no point changing any of the metropolitan railway key locks.

“We could change locks once a week but I don’t think it reduces in any way the security threat as such because there are 2000 of these particular keys on issue to operational staff across the network and that is always going to be, I think, an issue.”

A final problem with global secrets is that it’s simply too easy to lose control of them.

Moral: Don’t rely on global secrets.

Posted on September 1, 2005 at 8:06 AMView Comments

Actors Playing New York City Policemen

Did you know you could be arrested for carrying a police uniform in New York City?

With security tighter in the Big Apple since Sept. 11, 2001, the union that represents TV and film actors has begun advising its New York-area members to stop buying police costumes or carrying them to gigs, even if their performances require them.

The Screen Actors Guild said in a statement posted on its Web site on Friday that “an apparent shift in city policy” may put actors at risk of arrest if they are stopped while carrying anything that looks too much like a real police uniform.

The odds that an actor might be stopped and questioned on his or her way to work went up this month when police began conducting random searches of passengers’ bags in New York’s subway system. The guild said two of its members had been detained by security personnel at an airport and a courthouse in recent months for possessing police costumes.

This seems like overkill to me. I understand that a police uniform is an authentication device—not a very good one, but one nonetheless—and we want to make it harder for the bad guys to get one. But there’s no reason to prohibit screen or stage actors from having police uniforms if it’s part of their job. This seems similar to the laws surrounding lockpicks: you can be arrested for carrying them without a good reason, but locksmiths are allowed to own the tools of their trade.

Here’s another bit from the article:

Under police department rules, real officers must be on hand any time an actor dons a police costume during a TV or film production.

I guess that’s to prevent the actor from actually impersonating a policeman. But how often does that actually happen? Is this a good use of police manpower?

Does anyone know how other cities and countries handle this?

Posted on August 25, 2005 at 12:52 PMView Comments

Cameras in the New York City Subways

New York City is spending $212 million on surveillance technology: 1,000 video cameras and 3,000 motion sensors for the city’s subways, bridges, and tunnels.

Why? Why, given that cameras didn’t stop the London train bombings? Why, when there is no evidence that cameras are effectice at reducing either terrorism and crime, and every reason to believe that they are ineffective?

One reason is that it’s the “movie plot threat” of the moment. (You can hear the echos of the movie plots when you read the various quotes in the news stories.) The terrorists bombed a subway in London, so we need to defend our subways. The other reason is that New York City officials are erring on the side of caution. If nothing happens, then it was only money. But if something does happen, they won’t keep their jobs unless they can show they did everything possible. And technological solutions just make everyone feel better.

If I had $212 million to spend to defend against terrorism in the U.S., I would not spend it on cameras in the New York City subways. If I had $212 million to defend New York City against terrorism, I would not spend it on cameras in the subways. This is nothing more than security theater against a movie plot threat.

On the plus side, the money will also go for a new radio communications system for subway police, and will enable cell phone service in underground stations, but not tunnels.

Posted on August 24, 2005 at 1:10 PMView Comments

1 4 5 6 7

Sidebar photo of Bruce Schneier by Joe MacInnis.