Entries Tagged "security theater"

Page 10 of 20

TSA Employees Bypassing Airport Screening

Airport screeners are now able to bypass airport screening:

The Transportation Security Administration (TSA) rolled out the new uniforms and new screening policy at airports nationwide on Sept. 11.

The new policy says screeners can arrive for work and walk behind security lines without any of their belongings examined or X-rayed.

“Lunch or a bomb, you can walk right through with it,” said Mike Boyd, an aviation consultant in Evergreen. “This is a major security issue.”

Actually, it’s not. Screeners have to go in and out of security all the time as they work. Yes, they can smuggle things in and out of the airport. But you have to remember that the airport screeners are trusted insiders for the system: there are a zillion ways they could break airport security.

On the other hand, it’s probably a smart idea to screen screeners when they walk through airport security when they aren’t working at that checkpoint at that time. The reason is the same reason you should screen everyone, including pilots who can crash their plane: you’re not screening screeners (or pilots), you’re screening people wearing screener (or pilot) uniforms and carrying screener (or pilot) IDs. You can either train your screeners to recognize authentic uniforms and IDs, or you can just screen everybody. The latter is just easier.

But this isn’t a big deal.

Posted on September 19, 2008 at 8:01 AMView Comments

Change Your Name and Avoid the TSA Watchlist

Shhhh. Don’t tell the terrorists:

The U.S. Department of Homeland Security wrote a letter to Labb&eacute in 2004, saying he had been placed on their watch list after falling victim to identity theft. At the time, the department said there was no way for his name to be removed.

Although Labbé wrote letters to the U.S. department, his efforts were in vain, prompting him to legally change his name.

“So now, my official name is François Mario Labbé,” he said.

“Then you have to change everything: driver’s license, social insurance, medicare, credit card—everything.”

Although it’s not a big change from Mario Labbé, he said it’s been enough to foil the U.S. customs computers.

Posted on September 15, 2008 at 1:25 PMView Comments

My LA Times Op Ed on Photo ID Checks at Airport

Opinion

The TSA’s useless photo ID rules

No-fly lists and photo IDs are supposed to help protect the flying public from terrorists. Except that they don’t work.

By Bruce Schneier

August 28, 2008

The TSA is tightening its photo ID rules at airport security. Previously, people with expired IDs or who claimed to have lost their IDs were subjected to secondary screening. Then the Transportation Security Administration realized that meant someone on the government’s no-fly list—the list that is supposed to keep our planes safe from terrorists—could just fly with no ID.

Now, people without ID must also answer personal questions from their credit history to ascertain their identity. The TSA will keep records of who those ID-less people are, too, in case they’re trying to probe the system.

This may seem like an improvement, except that the photo ID requirement is a joke. Anyone on the no-fly list can easily fly whenever he wants. Even worse, the whole concept of matching passenger names against a list of bad guys has negligible security value.

How to fly, even if you are on the no-fly list: Buy a ticket in some innocent person’s name. At home, before your flight, check in online and print out your boarding pass. Then, save that web page as a PDF and use Adobe Acrobat to change the name on the boarding pass to your own. Print it again. At the airport, use the fake boarding pass and your valid ID to get through security. At the gate, use the real boarding pass in the fake name to board your flight.

The problem is that it is unverified passenger names that get checked against the no-fly list. At security checkpoints, the TSA just matches IDs to whatever is printed on the boarding passes. The airline checks boarding passes against tickets when people board the plane. But because no one checks ticketed names against IDs, the security breaks down.

This vulnerability isn’t new. It isn’t even subtle. I wrote about it in 2003, and again in 2006. I asked Kip Hawley, who runs the TSA, about it in 2007. Today, any terrorist smart enough to Google “print your own boarding pass” can bypass the no-fly list.

This gaping security hole would bother me more if the very idea of a no-fly list weren’t so ineffective. The system is based on the faulty notion that the feds have this master list of terrorists, and all we have to do is keep the people on the list off the planes.

That’s just not true. The no-fly list—a list of people so dangerous they are not allowed to fly yet so innocent we can’t arrest them—and the less dangerous “watch list” contain a combined 1 million names representing the identities and aliases of an estimated 400,000 people. There aren’t that many terrorists out there; if there were, we would be feeling their effects.

Almost all of the people stopped by the no-fly list are false positives. It catches innocents such as Ted Kennedy, whose name is similar to someone’s on the list, and Yusuf Islam (formerly Cat Stevens), who was on the list but no one knew why.

The no-fly list is a Kafkaesque nightmare for the thousands of innocent Americans who are harassed and detained every time they fly. Put on the list by unidentified government officials, they can’t get off. They can’t challenge the TSA about their status or prove their innocence. (The U.S. 9th Circuit Court of Appeals decided this month that no-fly passengers can sue the FBI, but that strategy hasn’t been tried yet.)

But even if these lists were complete and accurate, they wouldn’t work. Timothy McVeigh, the Unabomber, the D.C. snipers, the London subway bombers and most of the 9/11 terrorists weren’t on any list before they committed their terrorist acts. And if a terrorist wants to know if he’s on a list, the TSA has approved a convenient, $100 service that allows him to figure it out: the Clear program, which issues IDs to “trusted travelers” to speed them through security lines. Just apply for a Clear card; if you get one, you’re not on the list.

In the end, the photo ID requirement is based on the myth that we can somehow correlate identity with intent. We can’t. And instead of wasting money trying, we would be far safer as a nation if we invested in intelligence, investigation and emergency response—security measures that aren’t based on a guess about a terrorist target or tactic.

That’s the TSA: Not doing the right things. Not even doing right the things it does.

Posted on September 1, 2008 at 5:15 AMView Comments

TSA Follies

They break planes:

Citing sources within the aviation industry, ABC News reports an overzealous TSA employee attempted to gain access to the parked aircraft by climbing up the fuselage… reportedly using the Total Air Temperature (TAT) probes mounted to the planes’ noses as handholds.

“The brilliant employees used an instrument located just below the cockpit window that is critical to the operation of the onboard computers,” one pilot wrote on an American Eagle internet forum. “They decided this instrument, the TAT probe, would be adequate to use as a ladder.”

They harass innocents:

James Robinson is a retired Air National Guard brigadier general and a commercial pilot for a major airline who flies passenger planes around the country.

He has even been certified by the Transportation Security Administration to carry a weapon into the cockpit as part of the government’s defense program should a terrorist try to commandeer a plane.

But there’s one problem: James Robinson, the pilot, has difficulty even getting to his plane because his name is on the government’s terrorist “watch list.”

It’s easy to sneak by them:

The third-grader has been on the watch list since he was 5 years old. Asked whether he is a terrorist, he said, “I don’t know.”

Though he doesn’t even know what a terrorist is, he is embarrassed that trips to the airport cause a ruckus, said his mother, Denise Robinson.

[…]

Denise Robinson says she tells the skycaps her son is on the list, tips heavily and is given boarding passes. And booking her son as “J. Pierce Robinson” also has let the family bypass the watch list hassle.

And here’s how to sneak lockpicks past them.

EDITED TO ADD (8/21): Ha ha ha ha:

Even though its inspector’s actions caused nine American Eagle planes
to be grounded in Chicago this week, the Transporatation Security
Administration says it may pursue action against the airline for
security lapses.

And a step in the right direction:

A federal appeals court ruled this week that individuals who are blocked from commercial flights by the federal no-fly list can challenge their detention in federal court.

Posted on August 21, 2008 at 9:12 AMView Comments

Security Idiocy Story

From the Dilbert blog:

They then said that I could not fill it out—my manager had to. I told them that my manager doesn’t work in the building, nor does anyone in my management chain. This posed a problem for the crack security team. At last, they formulated a brilliant solution to the problem. They told me that if I had grocery bag in my office I could put the laptop in it and everything would be okay . Of course, I don’t have grocery bags in my office. Who would? I did have a windbreaker, however. So I went up to my office, wrapped up the laptop in my windbreaker, and went back down.

People put in charge of implementing a security policy are more concerned with following the letter of the policy than they are about improving security. So even if what they do makes no sense—and they know it makes no sense—they have to do it in order to follow “policy.”

Posted on August 6, 2008 at 1:52 PMView Comments

Laptop with Trusted Traveler Identities Stolen

Oops. A laptop with the names of 33,000 people enrolled in the Clear program—the most popular airport “trusted traveler” program—has been stolen at SFO. The TSA is unhappy.

Stealing databases of personal information is never good, but this doesn’t make a bit of difference to airport security. I’ve already written about the Clear program: it’s a $100-a-year program that lets you cut the security line, and nothing more. Clear members are no more trusted than anyone else.

Anyway, it’s easy to fly without an ID, as long as you claim to have lost it. And it’s also easy to get through airport security without being an actual airplane passenger.

None of this is security. Absolutely none of it.

EDITED TO ADD (8/7): The laptop has been found. Turns out it was never stolen:

The laptop was found Tuesday morning in the same company office where it supposedly had gone missing, said spokeswoman Allison Beer.

“It was not in an obvious location,” said Beer, who said an investigation was under way to determine whether the computer was actually stolen or had just been misplaced.

Why in the world do these people not use full-disk encryption?

Posted on August 5, 2008 at 12:09 PMView Comments

Random Killing on a Canadian Greyhound Bus

After a random and horrific knife decapitation on a Greyhound bus last week, does this surprise anyone:

A grisly slaying on a Greyhound bus has prompted calls for tighter security on Canadian bus lines, despite the company and Canada’s transport agency calling the stabbing death a tragic but isolated incident.

Greyhound spokeswoman Abby Wambaugh said bus travel is the safest mode of transportation, even though bus stations do not have metal detectors and other security measures used at airports.

Despite editorials telling people not to overreact, it’s easy to:

“Hearing about this incident really worries me,” said Donna Ryder, 56, who was waiting Thursday at the bus depot in Toronto.

“I’m in a wheelchair and what would I be able to do to defend myself? Probably nothing. So that’s really scary.”

Ryder, who was heading to Kitchener, Ont., said buses are essentially the only way she can get around the province, as her wheelchair won’t fit on Via Rail trains. As it is her main option for travel, a lack of security is troubling, she said.

“I guess we’re going to have to go the airline way, maybe have a search and baggage check, X-ray maybe,” she said.

“Really, I don’t know what you can do about security anymore.”

Of course, airplane security won’t work on buses.

But—more to the point—this essay I wrote on overreacting to rare risks applies here:

People tend to base risk analysis more on personal story than on data, despite the old joke that “the plural of anecdote is not data.” If a friend gets mugged in a foreign country, that story is more likely to affect how safe you feel traveling to that country than abstract crime statistics.

We give storytellers we have a relationship with more credibility than strangers, and stories that are close to us more weight than stories from foreign lands. In other words, proximity of relationship affects our risk assessment. And who is everyone’s major storyteller these days? Television.

Which is why Canadians are talking about increasing security on long-haul busses, and not Americans.

EDITED TO ADD (8/4): Look at this headline: “Man beheads girlfriend on Santorini island.” Do we need airport-style security measures for Greek islands, too?

EDITED TO ADD (8/5): A surprisingly refreshing editorial:

Here is our suggestion for what ought to be done to upgrade the security of bus transportation after the knife killing of Tim McLean by a fellow Greyhound bus passenger: nothing. Leave the system alone. Mr. McLean could have been murdered equally easily by a random psychopath in a movie theatre or a classroom or a wine bar or a shopping mall—or on his front lawn, for that matter. Unless all of those venues, too, are to be included in the new post-Portage la Prairie security crackdown, singling out buses makes no sense.

Posted on August 4, 2008 at 6:19 AMView Comments

TSA Proud of Confiscating Non-Dangerous Item

This is just sad. The TSA confiscated a battery pack not because it’s dangerous, but because other passengers might think it’s dangerous. And they’re proud of the fact.

“We must treat every suspicious item the same and utilize the tools we have available to make a final determination,” said Federal Security Director David Wynn. “Procedures are in place for a reason and this is a clear indication our workforce is doing a great job.”

My guess is that if Kip Hawley were allowed to comment on my blog, he would say something like this: “It’s not just bombs that are prohibited; it’s things that look like bombs. This looks enough like a bomb to fool the other passengers, and that in itself is a threat.”

Okay, that’s fair. But the average person doesn’t know what a bomb looks like; all he knows is what he sees on television and the movies. And this rule means that all homemade electronics are confiscated, because anything homemade with wires can look like a bomb to someone who doesn’t know better. The rule just doesn’t work.

And in today’s passengers-fight-back world, do you think anyone is going to successfully do anything with a fake bomb?

Posted on July 30, 2008 at 6:11 AMView Comments

Good Essay on TSA Stupidity

From Salon:

“You ain’t takin’ this through,” she says. “No knives. You can’t bring a knife through here.”

It takes a moment for me to realize that she’s serious. “I’m … but … it’s …”

“Sorry.” She throws it into a bin and starts to walk away.

“Wait a minute,” I say. “That’s airline silverware.”

“Don’t matter what it is. You can’t bring knives through here.”

“Ma’am, that’s an airline knife. It’s the knife they give you on the plane.”

Posted on July 11, 2008 at 10:34 AMView Comments

1 8 9 10 11 12 20

Sidebar photo of Bruce Schneier by Joe MacInnis.