Theater of the Absurd

Such idiots. The airlines really should lobby to reconfigure the airline security configurations - there are reasons people don't want to fly as frequently as they once did.

Theater of the Absurd at the T.S.A. - New York Times :

FOR theater on a grand scale, you can’t do better than the audience-participation dramas performed at airports, under the direction of the Transportation Security Administration.

...
Of course, we never see the actual heart of the security system: the government’s computerized no-fly list, to which our names are compared when we check in for departure. The T.S.A. is much more talented, however, in the theater arts than in the design of secure systems. This becomes all too clear when we see that the agency’s security procedures are unable to withstand the playful testing of a bored computer-science student.

In late October, Christopher Soghoian, a Ph.D. student in the School of Informatics at Indiana University, found his attention wandering during a lecture in his Cryptographic Protocols class. While sitting in class, he created a Web site he called “Chris’s Northwest Airlines Boarding Pass Generator.”

A visitor to the site could plug in any name, and Mr. Soghoian’s software would create a page suitable for printing with a facsimile of a boarding pass, identical in appearance to one a passenger who had bought a Northwest Airlines ticket would generate when using the airline’s at-home check-in option.

The fake pass could not be used to actually board a plane — boarding passes are checked at the gate against the roster of ticket buyers in the airline’s database — but it could come in handy for several other purposes, Mr. Soghoian suggested, such as passing through airport security so you could meet your elderly grandparents at the gate.

Or, as he told his site’s visitors, it could “demonstrate that the T.S.A. Boarding Pass/ID check is useless.” It worked well, indeed.

No cryptographic recipe was cracked; no airline computer system was compromised. Without visiting an airport, Mr. Soghoian needed access to nothing other than a public Web site to embarrass those responsible for airport security.

To thank Mr. Soghoian for helping the government identify security weaknesses, the T.S.A. sent him a letter warning of possible felony criminal charges and fines, and ordered him to cease operations, which he promptly did. It was too late, however, to spare his apartment from an F.B.I. raid.

Richard L. Adams, the T.S.A.’s acting federal security director, said Mr. Soghoian’s generator “could pose a threat to aviation security.”



Oh yeah, right. Threat to TSA job security, perhaps.

The root problem, as some experts see it, is the T.S.A.’s reliance on IDs that are so easily obtained under false pretenses. “It would be wonderful if Osama bin Laden carried a photo ID that listed his occupation of ‘Evildoer,’ ” permitting the authorities to pluck him from a line, Mr. Schneier said. “The problem is, we try to pretend that identity maps to intentionality. But it doesn’t.”

Technorati Tags: ,

About this Entry

This page contains a single entry by swanksalot published on December 18, 2006 4:50 PM.

Skeptical was the previous entry in this blog.

Priorities and protocols is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Pages

Powered by Movable Type 4.37