Entries Tagged "searches"

Page 9 of 16

Web Entrapment

Frightening sting operation by the FBI. They posted links to supposed child porn videos on boards frequented by those types, and obtained search warrants based on access attempts.

This seems like incredibly flimsy evidence. Someone could post the link as an embedded image, or send out e-mail with the link embedded, and completely mess with the FBI’s data—and the poor innocents’ lives. Such are the problems when the mere clicking on a link is justification for a warrant.

See also this Slashdot thread and this article.

Posted on March 27, 2008 at 2:46 PMView Comments

U.S. Customs Seizing Laptops

I’ve heard many anecdotal stories about U.S. Customs and Border Protection seizing, copying data from, or otherwise accessing laptops of people entering the country. But this is very mainstream:

Today, the Electronic Frontier Foundation and Asian Law Caucus, two civil liberties groups in San Francisco, plan to file a lawsuit to force the government to disclose its policies on border searches, including which rules govern the seizing and copying of the contents of electronic devices. They also want to know the boundaries for asking travelers about their political views, religious practices and other activities potentially protected by the First Amendment. The question of whether border agents have a right to search electronic devices at all without suspicion of a crime is already under review in the federal courts.

The lawsuit was inspired by two dozen cases, 15 of which involved searches of cellphones, laptops, MP3 players and other electronics. Almost all involved travelers of Muslim, Middle Eastern or South Asian background, many of whom, including Mango and the tech engineer, said they are concerned they were singled out because of racial or religious profiling.

Some of this seems pretty severe:

“I was assured that my laptop would be given back to me in 10 or 15 days,” said [Maria] Udy, who continues to fly into and out of the United States. She said the federal agent copied her log-on and password, and asked her to show him a recent document and how she gains access to Microsoft Word. She was asked to pull up her e-mail but could not because of lack of Internet access. With ACTE’s help, she pressed for relief. More than a year later, Udy has received neither her laptop nor an explanation.

[…]

Kamran Habib, a software engineer with Cisco Systems, has had his laptop and cellphone searched three times in the past year. Once, in San Francisco, an officer “went through every number and text message on my cellphone and took out my SIM card in the back,” said Habib, a permanent U.S. resident. “So now, every time I travel, I basically clean out my phone. It’s better for me to keep my colleagues and friends safe than to get them on the list as well.”

Privacy? There’s no need to worry:

Hollinger said customs officers “are trained to protect confidential information.”

I know I feel better.

I strongly recommend the two-tier encryption strategy I described here. And I even more strongly recommend cleaning out your laptop and BlackBerry regularly; if you don’t have it on your computer, no one else can get his hands on it. This defense not only works against U.S. customs, but against the much more likely threat of you losing the damn thing.

And the TSA wants you to know that it’s not them.

Posted on February 12, 2008 at 12:23 PMView Comments

Patrick Smith on Aviation Security

Excellent essay from The New York Times:

In the end, I’m not sure which is more troubling, the inanity of the existing regulations, or the average American’s acceptance of them and willingness to be humiliated. These wasteful and tedious protocols have solidified into what appears to be indefinite policy, with little or no opposition. There ought to be a tide of protest rising up against this mania. Where is it? At its loudest, the voice of the traveling public is one of grumbled resignation. The op-ed pages are silent, the pundits have nothing meaningful to say.

The airlines, for their part, are in something of a bind. The willingness of our carriers to allow flying to become an increasingly unpleasant experience suggests a business sense of masochistic capitulation. On the other hand, imagine the outrage among security zealots should airlines be caught lobbying for what is perceived to be a dangerous abrogation of security and responsibility—even if it’s not. Carriers caught plenty of flack, almost all of it unfair, in the aftermath of September 11th. Understandably, they no longer want that liability.

As for Americans themselves, I suppose that it’s less than realistic to expect street protests or airport sit-ins from citizen fliers, and maybe we shouldn’t expect too much from a press and media that have had no trouble letting countless other injustices slip to the wayside. And rather than rethink our policies, the best we’ve come up with is a way to skirt them—for a fee, naturally—via schemes like Registered Traveler. Americans can now pay to have their personal information put on file just to avoid the hassle of airport security. As cynical as George Orwell ever was, I doubt he imagined the idea of citizens offering up money for their own subjugation.

How we got to this point is an interesting study in reactionary politics, fear-mongering and a disconcerting willingness of the American public to accept almost anything in the name of “security.” Conned and frightened, our nation demands not actual security, but security spectacle. And although a reasonable percentage of passengers, along with most security experts, would concur such theater serves no useful purpose, there has been surprisingly little outrage. In that regard, maybe we’ve gotten exactly the system we deserve.

Posted on January 11, 2008 at 1:47 PMView Comments

Consumer Reports on Aviation Security and the TSA

It’s not on their website yet, and you’d have to pay to read it in any case, but the February 2008 issue of Consumer Reports has an article on aviation security. Much of it you’ve all heard before, but there are some new bits:

Larry Tortorich, a TSA training officer and former representative to the Joint Terrorism Task Force who retired in 2006, also says he saw problems from the inside. “There was a facade of security. There were numerous security flaws and vulnerabilities I identified. The response was, it wasn’t apparent to the public, so there would not be any corrective action.”

I’ve regularly pointed to reinforcing the cockpit doors as something that was a good idea, and should have been done years earlier.

Critics, however, say a stronger door is only half of the solution. “People have this illusion that hardened cockpit doors work, and they don’t,” Dzakovic says. “If you want to have a secure door, you need to have a double hulled door.”

Consumer Reports searched NAS, the Aviation Safety Reporting System, and found 51 incidents since April 2002 in which flight crews reported problems with the hardened doors.

Most of them weren’t really security issues: locking mechanisms failing, doors popping open in flight, and so on. But this was more interesting:

A 2006 study of aviation security by DFI International, a Washington, D.C. security consultancy, found that a drunken passenger kicked a hole in a door panel and that aircraft cleaners “broke a fortified door off its hinges by running a heavy snack cart into it on a bet.”

El Al, of course, has double doors. But since the cost is between $5K and $10K per aircraft, the airline industry has fought the measure in the U.S.

The article also talks about how poor the screeners actually are, but I’ve covered all that already.

Posted on January 10, 2008 at 1:58 PMView Comments

Airport Security Study

Surprising nobody, a new study concludes that airport security isn’t helping:

A team at the Harvard School of Public Health could not find any studies showing whether the time-consuming process of X-raying carry-on luggage prevents hijackings or attacks.

They also found no evidence to suggest that making passengers take off their shoes and confiscating small items prevented any incidents.

[…]

The researchers said it would be interesting to apply medical standards to airport security. Screening programs for illnesses like cancer are usually not broadly instituted unless they have been shown to work.

Note the defense by the TSA:

“Even without clear evidence of the accuracy of testing, the Transportation Security Administration defended its measures by reporting that more than 13 million prohibited items were intercepted in one year,” the researchers added. “Most of these illegal items were lighters.”

This is where the TSA has it completely backwards. The goal isn’t to confiscate prohibited items. The goal is to prevent terrorism on airplanes. When the TSA confiscates millions of lighters from innocent people, that’s a security failure. The TSA is reacting to non-threats. The TSA is reacting to false alarms. Now you can argue that this level of failures is necessary to make people safer, but it’s certainly not evidence that people are safer.

For example, does anyone think that the TSA’s vigilance regarding pies is anything other than a joke?

Here’s the actual paper from the British Medical Journal:

Of course, we are not proposing that money spent on unconfirmed but politically comforting efforts to identify and seize water bottles and skin moisturisers should be diverted to research on cancer or malaria vaccines. But what would the National Screening Committee recommend on airport screening? Like mammography in the 1980s, or prostate specific antigen testing and computer tomography for detecting lung cancer more recently, we would like to open airport security screening to public and academic debate. Rigorously evaluating the current system is just the first step to building a future airport security programme that is more user friendly and cost effective, and that ultimately protects passengers from realistic threats.

I talked about airport security at length with Kip Hawley, the head of the TSA, here.

Posted on December 27, 2007 at 6:28 AMView Comments

Defeating the Shoe Scanning Machine at Heathrow Airport

For a while now, Heathrow Airport has had a unique setup for scanning shoes. Instead of taking your shoes off during the normal screening process, as you do in U.S. airports, you go through the metal detector with your shoes on. Then, later, there is a special shoe scanning X-ray machine. You take your shoes off, send them through the machine, and put them on at the other end.

It’s definitely faster, but it’s an easy system to defeat. The vulnerability is that no one verifies that the shoes you walked through the metal detector with are the same shoes you put on the scanning machine.

Here’s how the attack works. Assume that you have two pairs of shoes: a clean pair that passes all levels of screening, and a dangerous pair that doesn’t. (Ignore for a moment the ridiculousness of screening shoes in the first place, and assume that an X-ray machine can detect the dangerous pair.) Put the dangerous shoes on your feet and the clean shoes in your carry-on bag. Walk through the metal detector. Then, at the shoe X-ray machine, take the dangerous shoes off and put them in your bag, and take the clean shoes out of your bag and place them on the X-ray machine. You’ve now managed to get through security without having your shoes screened.

This works because the two security systems are decoupled. And the shoe screening machine is so crowded and chaotic, and so poorly manned, that no one notices the switch.

U.S. airports force people to put their shoes through the X-ray machine and walk through the metal detector shoeless, ensuring that all shoes get screened. That might be slower, but it works.

EDITED TO ADD (12/14): Heathrow Terminal 3, that is. The system wasn’t in place in Terminal 4, and I don’t know about Terminals 1 and 2.

Posted on December 14, 2007 at 5:43 AMView Comments

1 7 8 9 10 11 16

Sidebar photo of Bruce Schneier by Joe MacInnis.