Page 17 of 21
Good article on airport security and the TSA. Matt Blaze and I got some really good quotes.
BTW, regularly people chastise me for complaining about airline security but not offering any solutions. I generally send those people to the last two paragraphs of this article.
Innocent passenger arrested for trying to bring a rubber-band ball onto an airplane.
Woman passes out on plane after her drugs are confiscated.
San Francisco International Airport screeners were warned in advance of undercover test.
And a cartoon.
We have a serious problem in this country. The TSA operates above, and outside, the law. There’s no due process, no judicial review, no appeal.
EDITED TO ADD (11/21): And six Muslim imams removed from a plane by US Airways because…well because they’re Muslim and that scares people. After they were cleared by the authorities, US Airways refused to sell them a ticket. Refuse to be terrorized, people!
Note that US Airways is the culprit here, not the TSA.
EDITED TO ADD (11/22): Frozen spaghetti sauce confiscated:
You think this is silly, and it is, but a week ago my mother caused a small commotion at a checkpoint at Boston-Logan after screeners discovered a large container of homemade tomato sauce in her bag. What with the preponderance of spaghetti grenades and lasagna bombs, we can all be proud of their vigilance. And, as a liquid, tomato sauce is in clear violation of the Transportation Security Administration’s carry-on statutes. But this time, there was a wrinkle: The sauce was frozen.
No longer in its liquid state, the sauce had the guards in a scramble. According to my mother’s account, a supervisor was called over to help assess the situation. He spent several moments stroking his chin. “He struck me as the type of person who spent most of his life traveling with the circus,” says Mom, who never pulls a punch, “and was only vaguely familiar with the concept of refrigeration.” Nonetheless, drawing from his experiences in grade-school chemistry and at the TSA academy, he sized things up. “It’s not a liquid right now,” he observantly noted. “But it will be soon.”
In the end, the TSA did the right thing and let the woman on with her frozen food.
You can’t make this stuff up:
A retired veteran and candidate for Oklahoma State School Superintendent says he wants to make schools safer by creating bulletproof textbooks.
Bill Crozier says the books could give students and teachers a fighting chance if there’s a shooting at their school.
Can you just imagine the movie-plot scenarios going through his head? Does he really think this is a smart way to spend security dollars?
I just shake my head in wonder….
Last week Christopher Soghoian created a Fake Boarding Pass Generator website, allowing anyone to create a fake Northwest Airlines boarding pass: any name, airport, date, flight. This action got him visited by the FBI, who later came back, smashed open his front door, and seized his computers and other belongings. It resulted in calls for his arrest—the most visible by Rep. Edward Markey (D-Massachusetts)—who has since recanted. And it’s gotten him more publicity than he ever dreamed of.
All for demonstrating a known and obvious vulnerability in airport security involving boarding passes and IDs.
This vulnerability is nothing new. There was an article on CSOonline from February 2006. There was an article on Slate from February 2005. Sen. Chuck Schumer spoke about it as well. I wrote about it in the August 2003 issue of Crypto-Gram. It’s possible I was the first person to publish it, but I certainly wasn’t the first person to think of it.
It’s kind of obvious, really. If you can make a fake boarding pass, you can get through airport security with it. Big deal; we know.
You can also use a fake boarding pass to fly on someone else’s ticket. The trick is to have two boarding passes: one legitimate, in the name the reservation is under, and another phony one that matches the name on your photo ID. Use the fake boarding pass in your name to get through airport security, and the real ticket in someone else’s name to board the plane.
This means that a terrorist on the no-fly list can get on a plane: He buys a ticket in someone else’s name, perhaps using a stolen credit card, and uses his own photo ID and a fake ticket to get through airport security. Since the ticket is in an innocent’s name, it won’t raise a flag on the no-fly list.
You can also use a fake boarding pass instead of your real one if you have the “SSSS” mark and want to avoid secondary screening, or if you don’t have a ticket but want to get into the gate area.
Historically, forging a boarding pass was difficult. It required special paper and equipment. But since Alaska Airlines started the trend in 1999, most airlines now allow you to print your boarding pass using your home computer and bring it with you to the airport. This program was temporarily suspended after 9/11, but was quickly brought back because of pressure from the airlines. People who print the boarding passes at home can go directly to airport security, and that means fewer airline agents are required.
Airline websites generate boarding passes as graphics files, which means anyone with a little bit of skill can modify them in a program like Photoshop. All Soghoian’s website did was automate the process with a single airline’s boarding passes.
Soghoian claims that he wanted to demonstrate the vulnerability. You could argue that he went about it in a stupid way, but I don’t think what he did is substantively worse than what I wrote in 2003. Or what Schumer described in 2005. Why is it that the person who demonstrates the vulnerability is vilified while the person who describes it is ignored? Or, even worse, the organization that causes it is ignored? Why are we shooting the messenger instead of discussing the problem?
As I wrote in 2005: “The vulnerability is obvious, but the general concepts are subtle. There are three things to authenticate: the identity of the traveler, the boarding pass and the computer record. Think of them as three points on the triangle. Under the current system, the boarding pass is compared to the traveler’s identity document, and then the boarding pass is compared with the computer record. But because the identity document is never compared with the computer record—the third leg of the triangle—it’s possible to create two different boarding passes and have no one notice. That’s why the attack works.”
The way to fix it is equally obvious: Verify the accuracy of the boarding passes at the security checkpoints. If passengers had to scan their boarding passes as they went through screening, the computer could verify that the boarding pass already matched to the photo ID also matched the data in the computer. Close the authentication triangle and the vulnerability disappears.
But before we start spending time and money and Transportation Security Administration agents, let’s be honest with ourselves: The photo ID requirement is no more than security theater. Its only security purpose is to check names against the no-fly list, which would still be a joke even if it weren’t so easy to circumvent. Identification is not a useful security measure here.
Interestingly enough, while the photo ID requirement is presented as an antiterrorism security measure, it is really an airline-business security measure. It was first implemented after the explosion of TWA Flight 800 over the Atlantic in 1996. The government originally thought a terrorist bomb was responsible, but the explosion was later shown to be an accident.
Unlike every other airplane security measure—including reinforcing cockpit doors, which could have prevented 9/11—the airlines didn’t resist this one, because it solved a business problem: the resale of non-refundable tickets. Before the photo ID requirement, these tickets were regularly advertised in classified pages: “Round trip, New York to Los Angeles, 11/21-30, male, $100.” Since the airlines never checked IDs, anyone of the correct gender could use the ticket. Airlines hated that, and tried repeatedly to shut that market down. In 1996, the airlines were finally able to solve that problem and blame it on the FAA and terrorism.
So business is why we have the photo ID requirement in the first place, and business is why it’s so easy to circumvent it. Instead of going after someone who demonstrates an obvious flaw that is already public, let’s focus on the organizations that are actually responsible for this security failure and have failed to do anything about it for all these years. Where’s the TSA’s response to all this?
The problem is real, and the Department of Homeland Security and TSA should either fix the security or scrap the system. What we’ve got now is the worst security system of all: one that annoys everyone who is innocent while failing to catch the guilty.
This essay—my 30th for Wired.com—appeared today.
EDITED TO ADD (11/4): More news and commentary.
EDITED TO ADD (1/10): Great essay by Matt Blaze.
They may be great at keeping you from taking your bottle of water onto the plane, but when it comes to catching actual bombs and guns they’re not very good:
Screeners at Newark Liberty International Airport, one of the starting points for the Sept. 11 hijackers, failed 20 of 22 security tests conducted by undercover U.S. agents last week, missing concealed bombs and guns at checkpoints throughout the major air hub’s three terminals, according to federal security officials.
[…]
One of the security officials familiar with last week’s tests said Newark screeners missed fake explosive devices hidden under bottles of water in carry-on luggage, taped beneath an agent’s clothing and concealed under a leg bandage another tester wore.
The official said screeners also failed to use handheld metal-detector wands when required, missed an explosive device during a pat-down and failed to properly hand-check suspicious carry-on bags. Supervisors also were cited for failing to properly monitor checkpoint screeners, the official said. “We just totally missed everything,” the official said.
As I’ve written before, this is actually a very hard problem to solve:
Airport screeners have a difficult job, primarily because the human brain isn’t naturally adapted to the task. We’re wired for visual pattern matching, and are great at picking out something we know to look for—for example, a lion in a sea of tall grass.
But we’re much less adept at detecting random exceptions in uniform data. Faced with an endless stream of identical objects, the brain quickly concludes that everything is identical and there’s no point in paying attention. By the time the exception comes around, the brain simply doesn’t notice it. This psychological phenomenon isn’t just a problem in airport screening: It’s been identified in inspections of all kinds, and is why casinos move their dealers around so often. The tasks are simply mind-numbing.
To make matters worse, the smuggler can try to exploit the system. He can position the weapons in his baggage just so. He can try to disguise them by adding other metal items to distract the screeners. He can disassemble bomb parts so they look nothing like bombs. Against a bored screener, he has the upper hand.
But perversely, even a mediocre success rate here is probably good enough:
Remember the point of passenger screening. We’re not trying to catch the clever, organized, well-funded terrorists. We’re trying to catch the amateurs and the incompetent. We’re trying to catch the unstable. We’re trying to catch the copycats. These are all legitimate threats, and we’re smart to defend against them. Against the professionals, we’re just trying to add enough uncertainty into the system that they’ll choose other targets instead.
[…]
What that means is that a basic cursory screening is good enough. If I were investing in security, I would fund significant research into computer-assisted screening equipment for both checked and carry-on bags, but wouldn’t spend a lot of money on invasive screening procedures and secondary screening. I would much rather have well-trained security personnel wandering around the airport, both in and out of uniform, looking for suspicious actions.
Remember this truism: We can’t keep weapons out of prisons. We can’t possibly keep them out of airports.
Use this handy boarding-pass generator to: 1) get through airport security without a ticket, 2) bypass the “extra screening” if you have “SSSS” printed on your ticket, or 3)—and this is harder—snag yourself a Business Class seat with a Coach ticket.
EDITED TO ADD (10/28): Lots of news on this item: the page is down, and he was visited by the FBI.
Good essay on perceived vs. actual risk. The hook is Mayor Daley of Chicago demanding a no-fly-zone over Chicago in the wake of the New York City airplane crash.
Other politicians (with the spectacular and notable exception of New York City Mayor Michael Bloomberg) and self-appointed “experts” are jumping on the tragic accident—repeat, accident—in New York to sound off again about the “danger” of light aircraft, and how they must be regulated, restricted, banned.
OK, for all of those ranting about “threats” from GA aircraft, we’ll believe that you’re really serious about controlling “threats” when you call for:
- Banning all vans within cities. A small panel van was used in the first World Trade Center attack. The bomb, which weighed 1,500 pounds, killed six and injured 1,042.
- Banning all box trucks from cities. Timothy McVeigh’s rented Ryder truck carried a 5,000-pound bomb that killed 168 in Oklahoma City.
- Banning all semi-trailer trucks. They can carry bombs weighing more than 50,000 pounds.
- Banning newspapers on subways. That’s how the terrorists hid packages of sarin nerve gas in the Tokyo subway system. They killed 12.
- Banning backpacks on all buses and subways. That’s how the terrorists got the bombs into the London subway system. They killed 52.
- Banning all cell phones on trains. That’s how they detonated the bombs in backpacks placed on commuter trains in Madrid. They killed 191.
- Banning all small pleasure boats on public waterways. That’s how terrorists attacked the USS Cole, killing 17.
- Banning all heavy or bulky clothing in all public places. That’s how suicide bombers hide their murderous charges. Thousands killed.
Number of people killed by a terrorist attack using a GA aircraft? Zero.
Number of people injured by a terrorist attack using a GA aircraft? Zero.
Property damage from a terrorist attack using a GA aircraft? None.
So Mr. Mayor (and Mr. Governor, Ms. Senator, Mr. Congressman, and Mr. “Expert”), if you’re truly serious about “protecting” the public, advocate all of the bans I’ve listed above. Using the “logic” you apply to general aviation aircraft, you’re forced to conclude that newspapers, winter coats, cell phones, backpacks, trucks, and boats all pose much greater risks to the public.
So be consistent in your logic. If you are dead set on restricting a personal transportation system that carries more passengers than any single airline, reaches more American cities than all the airlines combined, provides employment for 1.3 million American citizens and $160 billion in business “to protect the public,” then restrict or control every other transportation system that the terrorists have demonstrated they can use to kill.
And, on the same topic, why it doesn’t make sense to ban small aircraft from cities as a terrorism defense.
They already take away scissors. Can paper be far behind?
Here’s the story:
In retrospect, I suppose I could have put the grapefruit-sized specimen inside my sock, swung it around my head like a mace, charged the cabin and attempted to hijack the flight. This, of course, never occurred to me until the zealous inspector declared my rock a “dual-use” item.
“What, pray tell, is a dual-use item?” I asked. I’m afraid I chuckled just a little, causing her to glare, withhold a satisfactory answer and call her supervisor. He hefted my rock, scrutinized it for a moment, and agreed that my specimen was indeed a dual-use item, meaning a potential low-tech weapon. During those uneasy moments when I thought I would be detained, I wondered if a doctor’s stethoscope would also be declared a dual-use item, since it could be used to strangle a pilot.
We can’t keep weapons out of prisons. We can’t possibly keep them out of airports.
Elaine Siegel, Sales Representative
“Thank God. I don’t think I’d be able to make one more flight from New York to Chicago with a mouthful of shampoo.”Alex Hunter, Surveyor
“The ban was a necessary precaution. We have to be willing to make these kinds of sacrifices if we’re going to prevent scientifically impossible terrorist attacks.”Ed Johansen, Systems Analyst
“By giving passengers renewed access to these gels, lotions, and shampoos, we run the risk of creating a very dangerous and highly evasive super-slippery terrorist able to avoid all manners of restraint.”
People applying for a visa to enter the United States have to answer these questions (among others):
Have you ever been arrested of convicted for any offense or crime, even through subject of a pardon, amnesty or other similar legal action? Have you ever unlawfully distributed or sold a controlled substance (drug), or been a prostitute or procurer for prostitutes?
[…]
Did you seek to enter the United States to engage in export control violations, subversive or terrorist activities, or any other unlawful purpose? Are you a member or representative of a terrorist organization as currently designated by the U.S. Secretary of State? Have you ever participated in persecutions directed by the Nazi government or Germany; or have you ever participated in genocide?
Certainly, anyone who is a terrorist or drug dealer wouldn’t worry about lying on his visa application. So, what’s the point of these questions? I used to think it was so that if someone is convicted of one of these activities he can also be convicted of visa-application fraud…but I’m not sure that explanation makes any sense.
Anyone have any better ideas? What is the security benefit of asking these questions?
Sidebar photo of Bruce Schneier by Joe MacInnis.