Charges Dropped In Fake Boarding Pass Case

An anonymous reader writes, "Investigators have dropped the criminal case against Christopher Soghoian after satisfying themselves that he acted without criminal intent. The grad student had created a web site capable of printing fake airline boarding passes. Soghoian is quoted: 'If they fix the airport security problems... then this entire process has been worth it. If they don't fix airport security, then... what was the purpose?'" Soghoian's blog has insightful comments about the divide between security researchers and government officials on subjects such as TOR.

Paranoia

[suso]

That's good. I find it interesting though how fast it was dropped. Appearently, the status quo is that its ok to make a boarding pass generator, but its not ok to create DVD decrypting software. Granted, I understand why the latter generates more lawsuits, but still this is pretty much the end result.

Maybe we'll see a boarding pass generator in the next version of RedHat Linux.

If I were Chris, I'd thoroughly check and wipe the disks of the computers that the FBI gave back to him.

Help contribute to the Bloomingpedia article about Christopher

Re:Paranoia

[Himring]

Appearently, the status quo is that its ok to make a boarding pass generator, but its not ok to create DVD decrypting software.

Don't you get it? Real crimes are copyright infringements. Spending money and resources protecting passengers on jet planes is a complete waste of time....

Real criminals are underprivileged 13 year old girls evilly downloading music they have not purchased. May they hang!

Re:Paranoia

[suso]

Ok, then how about this.

Those people using fake board pass generators are not paying anything for their privilege to visit the Cinnabon(TM) that is down by the gates. They must be stopped.

Re:Paranoia

[wiz31337]

If he was truly concerned about the safety of airline security like he claims, why would he sacrifice the safety of others by making a boarding pass generator to make a point?

Writing a research paper is one thing, but posting a boarding pass generator on the internet is pretty serious stuff. I find it very shocking that the FBI dropped the case. I think people have been sent to Guantanamo for much less.

I'm not trying to make anyone angry, but just something I thought after reading the article: Would the results have been different if he wasn't white?

Re:Paranoia

[Aglassis]

I understand what you are trying to say, but US law isn't built in some coordinated fashion. Implying that US laws written for the protection of passengers at airports have had any coordination with US laws written to minimize theft of copyrighted works is silly (before I get flamed note that I have not said that I support the way that either set has been written).

If you want to look for coordination, look towards the lobbyists. The RIAA and MPAA lobbyists who have helped pass the oppressive copyright protection laws don't have anything to do with the airline lobbyists or defense lobbyists who have helped write much of the War on Terror related laws.

Re:Paranoia

[z-kungfu]

Wow, I think this may be the most rascist comment I've ever seen on Slashdot. Someone should put the bigot out of his mosery...

Re:Paranoia

[ray-auch]

100% of the people that have have ever caused harm on an airline have been ragheads.

Bull.

Garland Grant (look it up).

[Only need one counter example to prove your 100% wrong]

Re:Paranoia

[mpe]

I find it interesting though how fast it was dropped. Appearently, the status quo is that its ok to make a boarding pass generator, but its not ok to create DVD decrypting software. Granted, I understand why the latter generates more lawsuits, but still this is pretty much the end result.

Maybe they couldn't manage to convince an judges that there was actually a case to answer.

If I were Chris, I'd thoroughly check and wipe the disks of the computers that the FBI gave back to him.

Being sure to record (and publish) any evidence to tampering.

Re:Paranoia

[eln]

A fake boarding pass generator does not endanger the safety of anyone except for the idiot who tries to actually board a plane with one, because he's likely to end up being interrogated by Homeland Security for hours in a back room of the airport.

All these things can do is maybe get someone into the gate area. But seriously, if a terrorist wanted to blow up an airport, do you honestly think he would spend the hundreds of dollars building a bomb, and then balk at the $80 for a plane ticket? Hell, he could even steal a boarding pass from someone else. Seriously, requiring boarding passes to get into the gate area only serves to give people a false sense of security. It would not be an obstacle for anyone who wants to actually do harm.

I agree that posting the generator on the Internet was foolish, but only in the sense that posting anything that even appears to be able to help terrorists in today's climate is a stupid thing to do, not because it could actually endanger anyone's safety.

Re:Paranoia

[Faylone]

For the lazy or confused, read here http://www.justice.gov/usao/eousa/foia_reading_roo m/usab5201.pdf

Re:Paranoia

[j00r0m4nc3r]

the status quo is that its ok to make a boarding pass generator, but its not ok to create DVD decrypting software

If creating boarding passes required circumventing a digital copyright control, then it would be illegal. It's not illegal to just print some shit out on your printer that happens to look like a boarding pass...

Re:Paranoia

[pegr]

A fake boarding pass generator does not endanger the safety of anyone except for the idiot who tries to actually board a plane with one, because he's likely to end up being interrogated by Homeland Security for hours in a back room of the airport.
 
Don't forget the danger to everyone who ran the boarding pass generator... The Feds have the access logs and I know I'm in them. I didn't change the default name (Osama B.) or anything though. My God help you if you did and then generated a boarding pass... (Excuse me, somebody is knocking on my door...)

Re:Paranoia

"If he was truly concerned about the safety of airline security like he claims, why would he sacrifice the safety of others by making a boarding pass generator to make a point?"

He isn't sacrificing the safety of others. This is the point of the exercise: our government is sacrificing the safety of us, and doing it while wasting (or stealing, depending on the individual politico) huge amounts of our tax money.

"Writing a research paper is one thing, but posting a boarding pass generator on the internet is pretty serious stuff."

Serious how, exactly? Serious in the sense that it actually demonstrates his claims, yes. Do you think anyone would pay attention or even hear if he just stated how poorly designed these procedures are? He would be dismissed as a political critic.

Saying that "posting a boarding pass generator on the internet is pretty serious stuff" borders on ludicrous. I can just picture the crowds running for cover, terrified, "Dear God! It's a boarding pass generator! On the INTERNET!"

"I find it very shocking that the FBI dropped the case. I think people have been sent to Guantanamo for much less."

Yes, people have been sent to Guantanamo for much less, but just because a few random peasants who happened to be in the wrong place at the wrong time got locked up for 5 years of their lives, torn from their wives and children, unable to speak even with a lawyer -- let alone protest their innocence -- does not make such pointless attacks on human liberty justifiable. Be surprised that the FBI dropped the case, but only be surprised because of the incongruity of this glimpse of sanity.

Re:Paranoia

[Proud+like+a+god]

Isn't printing money illegal? Don't forget at least some things are.

Re:Paranoia

[James+McGuigan]

The fake boarding pass is not a means to dodge the $80 ticket, you still need a valid ticket to get on the plane.

The trick is to bypass the no fly list without having to have fake ID, the loophole is that the name on your ID and boarding pass are not both checked at the same time and compared.

Re:Paranoia

[Spud+Zeppelin]

Not to mention the privilege of 80% markups for "concession pricing" over a near-identical Cinnabon(TM) three miles up the road at the mall...!

Re:Paranoia

[AGMW]

But seriously, if a terrorist wanted to blow up an airport, do you honestly think he would spend the hundreds of dollars building a bomb, and then balk at the $80 for a plane ticket? Hell, he could even steal a boarding pass from someone else. Seriously, requiring boarding passes to get into the gate area only serves to give people a false sense of security. It would not be an obstacle for anyone who wants to actually do harm.

As with most of the security changes imposed on air travel it is all mostly illusion, or as some other Slashdot poster called it "Security Theatre". If you make life difficult for the average travelor they will assume it makes life equally difficult for terrorists. Unfortunately, this just isn't true!

What I don't understand is if Osama and his cohorts are so dead set against us (ie The West) and he has armies of suicide jockeys all raring to go, then why aren't there 'planes falling out of the sky all around us. Why are shopping centres (malls) not blowing up? Trains, buses, garages, boats, ships. They could be instilling real terror on a daily basis but they're not! Hell, even failed attempts to blow up stuff would instil terror as it would confirm that they are still trying! It doesn't make any sense, unless they're simply not as powerful as we are being led to believe, in which case why are the politicians still trying to take away our freedoms?

Re:Paranoia

[nasor]

"If I were Chris, I'd thoroughly check and wipe the disks of the computers that the FBI gave back to him."

I would just sell them and buy new ones. Even if you carefully inspected all your hardware, would you really be able to tell if anything had been modified/removed/spliced in? It's probably safer to just assume that you won't find it if it's there and ditch everything.

Re:Paranoia

[m3tr1k]

First and foremost, I've been a slashdot lurker, and finally registered for an account because I think I have something of value to say here.

So, I think you guys have totally overlooked the point of all this. The way he talks about fixing the airline boarding pass security issue highlights to me that he is a security minded individual and has taken this step because he's noticed a vulnerability and has generated a proof of concept to illustrate the need for reform. This is often the only way to spark change rapidly in a ginormous looming organization as many of these airlines are. In my opinion, this public disclosure of a vulnerability is no different than the daily postings on SecuriTeam or Remote-Exploit or similar sites.

I see the argument then being "well, he probably said that to get out of a lawsuit". While I'm in no position to agree or disagree, from a larger perspective, even if that was the case, this vulnerability has been address, the ball is in the airlines court to clean up their mess. He knew that was how it would go down, and that makes this guy a whitehat. He convinced the FBI of this, and thats why they dropped the charges. We may not have the most reliable and efficient government in the world, but hey at least they are trying to embrace technology. I'd like to think that our government recognizes the need for public disclosure of *SOME* vulnerabilities to enact change... but that may be too optimistic of me.

Security is never absolute, and I am a firm believer that we cannot enhance our own security without first understanding how to break it. This guy is the bug finder, who will fix the bug? Long story short --> chalk one up for the whitehats!

And if dude wasn't white? Well .. I'm not touching that with a ten foot pole-arm +1 even.

just my .02
peace'n'reallylouddrumandbass ;P

-Mars

Re:Paranoia

[bfields]

All these things can do is maybe get someone into the gate area. But seriously, if a terrorist wanted to blow up an airport, do you honestly think he would spend the hundreds of dollars building a bomb, and then balk at the $80 for a plane ticket?

You missed the point: it's not to save buying a ticket. (They scan the boarding pass at the gate and can detect a fake at that point, so you need to carry a real boarding pass anyway.) One of the goals of the system appears to be to exclude people from certain names from flying, at least without some additional checks. Since they don't scan the boarding pass at security, you can hand them a fake boarding pass (matching your real ID) at security. If that's the only time they check ID, then you can use a real boarding pass (bought under somebody else's name) at the other points. And if I understand right it's only at those other points that they actually check the name against no-fly lists. So the no-fly list doesn't work even given really good unforgeable ID's.

Seems like kind of a crazy system if that's correct--so it's fair game for being made fun of, which is all the fake boarding-pass generator does as far as I can tell.

Re:Paranoia

[tompaulco]

The trick is to bypass the no fly list without having to have fake ID, the loophole is that the name on your ID and boarding pass are not both checked at the same time and compared.
You must go to different airports then I do because all of the airports I go to require a boarding pass AND photo ID that matches the name and the photo looks like the bearer.

Re:Paranoia

[Maxo-Texas]

It may or may not help...

Part of your purchase of that 80% marked up cinnabon goes to pay for the airport which would otherwise be paid by the airlines and which would be part of your ticket.

Money is so fungible these days.

Pulling example numbers out of my nether regions:
Airline Ticket Sales: 60 million.
Total cost to run Airport a year 10 million.
Airline payments to airport: 6 million.
Very high rent to those restaurants: 4 million.

So tickets would have to cost 64 million a year without them.

So your $200 ticket might be $216 without them.

Re:Paranoia

[j00r0m4nc3r]

Did I say "money" or "a boarding pass"?

Re:Paranoia

This is the whole point. I fly almost every week, and after being singled out with the "SSSS" on my boarding pass on one trip got curious a couple years ago and modified the HTML code behind the online check-in on my airline's web site. It was pretty trivial to use a text editor to change the name, dates, origin, destination, or whatever I wanted. I could then print it and have a boarding pass that looked authentic.

Of course I never would use a fake boarding pass to get through security, but who's to say a terrorist on the no-fly list with a stolen ID wouldn't?

TSA knows about this vulnerability, but doesn't care because their managers don't trust state-issued IDs anyway. The whole thing is nothing but theater.

Re:Paranoia

It's basically one of those situations where no amount of warnings will effect any change whatsoever until somebody important gets hurt. Would you rather it be some kid trying to make a point or 19 more of Osama's friends?

Re:Paranoia

[karnal]

Oh great. Now I'm lazy and confused. And here I thought I was just blissfully ignorant!

Re:Paranoia

[Fallingcow]

They could be instilling real terror on a daily basis but they're not! Hell, even failed attempts to blow up stuff would instil terror as it would confirm that they are still trying! It doesn't make any sense, unless they're simply not as powerful as we are being led to believe, in which case why are the politicians still trying to take away our freedoms?

BINGO.

Been saying this since ~6 months after 9/11.

Rummy also told us that A.Q. had several super-high-tech underground bases in Afghanistan, any one of which would have made Cobra Commander or Dr. Evil proud. Did you see the diagrams of them that the Whitehouse produced? It was some hilarious bullshit.

The lying didn't start with Iraq. A lot of people have forgotten, I think, the degree to which the Bush administration was spewing what should have been easily exposed as lies (I guess a lot of people fell for them; if Bush has achieved nothing else, he's convinced me that people are, on average, way, way dumber than I thought they were) since 9/12/01. They lied to hype up the war in Afghanistan, and they lied to exaggerate Al Qaeda's ability to project meaningful force into the U.S. Remember them saying how there were dozens or hundreds of "sleeper cells" here just waiting to be activated? What happened to that? They certainly haven't found any (thought they did a couple of times, turned out that they were just incompetent as usual) nor have we been attacked again, and they've stopped talking about it.

Remember the short-lived "Total Information Awareness" office whose first public message was to encourage U.S. citizens to spy on their neighbors? Ha!

This administration has been lying to us and manipulating us from the beginning. The willingness of most people here to accept it has convinced me that, excepting the unlikely chance that education will be overhauled, the dream of America is doomed. The country may survive, but our ideals, which began slowly dying as soon as the ink on the Constitution had dried, are dead, and cannot be saved in our lifetimes.

It turned out that We the People were just too dumb (or were made to be too dumb) to handle it. Let it be said that the final blow was struck by mass ignorance and apathy.

Re:Paranoia

[illegalcortex]

Actually, I've heard some commentary that explains that. Al-Qaeda and OBL in particular have a modus operandi of "escalating attacks." In other words, each attack should be bigger and better than the last one. They feel this has more of an effect than the Palestinian-Israel style low-level terrorism that people sort of "get used to." I think it has as much to do with the political/psychological impact as it does with the fact that any terrorist activity has the potential to leak information about the planners, get them arrested and seal off future avenues of attack. You can see that pattern in their attacks. So while they could easily blow up a few dozen people here and there, they hold back their resources and wait for something bigger.

Re:Paranoia

[illegalcortex]

Right, but at that point, they don't actually check the name against any kind of list.

Just to make it clear:

1. John Smith buys ticket. Since he is not on the no-fly list, this is not noticed.
2. John Smith checks in using eticket machine or even online and prints John Smith boarding pass.
3. John Smith gives his boarding pass to Bob Terror.
4. Bob Terror creates fake boarding pass with the name of Bob Terror on it.
5. Bob Terror goes to the airport and goes to the security checkpoint. He gives them his legit Bob Terror ID and fake Bob Terror boarding pass. They check it and see that it matches. They do not have the list with them and unless they happen to recognize the name (yeah, right), they will confirm that the ID matches the boarding pass and allow him through.
6. Bob Terror goes to his plan and presents the John Smith boarding pass to get on it. Since they no longer check ID on boarding, he passes through without a problem (even if they check for John Smith on the no-fly list at this point).

There is no ??? and Profit.

What about baggage check, you ask? That is a tiny bit more complicated, but not really. You just get John Smith to come to the airport with you and he checks in and checks the bags. Then he goes home and Bob Terror takes it from there. It's even easier in some airports where they have skycaps who I don't think do any ID checking, or automated bag checking with the same problem.

As you can see, the no-fly list is useless because of this flaw. It's a waste of time, money and just hassles people who are NOT terrorists and who have somehow got on the no-fly list, via similar names or simple mistake.

They could make one simple change to make this system better - check ID at boarding. Yeah, it adds a little time and wouldn't stop terrorists with forging connections. I don't think it would actually do much to stop terrorists, either. Especially considering terrorists aren't likely to be on the no-fly list until you figure out they are terrorists and by then it's probably too late. But as it is now, what they are doing is 100% useless. At least that way it would be only 99% useless.

The other thing they could do is just stop the no-fly list and stop checking ID, as both are useless at this point and may never be effective at stopping terrorism. As long as ID is forgable and the method is to check ID, these systems are all just false hope. Unfortunately, it's false hope combined with hassling everyone else that flies.

Re:Paranoia

[TheJorge]

Man, this gives me a great idea! I fly a pretty good amount, but my girlfriend does not. She always complains that I get to use the short line, get free upgrades, etc. I was blessed with a gender-neutral name, so when she's flying alone, I could print out a fake boarding pass with her name on it, and buy a ticket with my name on it. She gets the upgrades, and I get the miles.

Thanks, terrorists!

Re:Paranoia

[m3tr1k]

I see what you are saying and I agree to an extent, but really if someone important is affected by this then the need for reform wasn't communicated efficiently or thoroughly enough. What I mean is that if a bug is found and appropriately disclosed, and one can PROVE that risk can be mitigated by taking certain measures, then [I assume] an organization would take those precautions.

Perhaps again, I am being too optimistic?
I guess it depends on who is making the call ... I'm sure there are people who, even if it made sense to them, would succumb to the call of the dollar.

Crazy talk I tell ye' -Mars

Re:Paranoia

[MadMidnightBomber]

Ooh, I know, I know. The US Navy.

Or if you didn't mean that, try this quiz:

"#In 1985, Air India Flight 182 was blown up over the Atlantic by:
a. Muslim male extremists mostly between the ages of 17 and 40
b. Bill O'Reilly
c. The Mormon Tabernacle Choir
d. Indian Sikh extremists, in retaliation for the Indian Army's attack on the Golden Temple shrine in Amritsar

# In 1986, who attempted to smuggle three pounds of explosives onto an El Al jetliner bound from London to Tel Aviv?
a. Muslim male extremists mostly between the ages of 17 and 40
b. Michael Smerconish
c. Bob Mould
d. A pregnant Irishwoman named Anne Murphy

# In 1962, in the first-ever successful sabotage of a commercial jet, a Continental Airlines 707 was blown up with dynamite over Missouri by:
a. Muslim male extremists mostly between the ages of 17 and 40
b. Ann Coulter
c. Henry Rollins
d. Thomas Doty, a 34-year-old American passenger, as part of an insurance scam

# In 1994, who nearly succeeding in skyjacking a DC-10 and crashing it into the Federal Express Corp. headquarters?
a. Muslim male extremists mostly between the ages of 17 and 40
b. Michelle Malkin
c. Charlie Rose
d. Auburn Calloway, an off-duty FedEx employee and resident of Memphis, Tenn.

# In 1974, who stormed a Delta Air Lines DC-9 at Baltimore-Washington Airport, intending to crash it into the White House, and shot both pilots?
a. Muslim male extremists mostly between the ages of 17 and 40
b. Joe Scarborough
c. Spalding Gray
d. Samuel Byck, an unemployed tire salesman from Philadelphia

The answer, in all cases, is D."

Re:Paranoia

[g1gg13r]

I have heard so many people say that somebody might be able to sneak across security with a bomb and blow up the gate area with a fake boarding pass. This is ridiculous. The purpose of the boarding pass + ID check by the TSA is to minimize the number of people they have to screen. It has no real security implication. If you could get a bomb past the TSA checkpoint, who cares about a fake boarding pass? Soembody intent on bombing an airport could just use a real boarding pass then.

The purpose of the boarding pass + ID check by the TSA is to ensure that they don't have to screen everybody who wants to meet somebody at their gate, or wants to accompany somebody to their gate. The purpose is to focus the limited resources (the TSA screeners) on actual passengers.

So, what does a fake boarding pass get you? Well, you can meet your relatives at the gate when they fly in, or you can accompany your relatives to their gate when they are departing. So, you get to spend an extra 30 minutes with them while risking ending up in jail.

Re:Paranoia

[Obfuscant]

Don't you get it? Real crimes are copyright infringements.

Came back from Europe recently. Picked up bag at destination. TSA lock had been ripped off the bag, taking two zipper pulls with it. (Bag is now unlockable.)

Looked inside. Contents rearranged, but on the top of the pile were ... the two DVDs and a CD I bought in Amsterdam. No TSA notice that they'd vandalized my bag. No apology. No lock. Nothing missing, so it wasn't a thief who did it.

From all appearances, they pried open my bag in a desperate rush to check that the DVDs and CD were not pirated material. I know of no current danger to aircraft from DVD or CD shaped objects that would have justified the deliberate vandalism of my property.

On a side note, Minnesota bomb squad blows up scientific instruments. A scientist returning from MN left her stream-bed temperature sensors in the trunk of the rental car. Instead of paging her while she was still in the airport, the rental company called the police, the police called the FBI, the FBI called the bomb squad, and the bomb squad destroyed all of her data. PVC pipes with holes drilled in them, end caps, and gravel inside. Boom!

Re:Paranoia

[Obfuscant]

If your girlfriend doesn't fly, why does she care if you get upgrades or not?

You do know that you can apply your miles to her ticket if you buy them together, don't you? I wound up paying for a co-worker's upgrade because I DIDN'T know that. I asked for an upgrade, and they upgraded her too, because our tickets were tied together in the system. I though they were being nice to her -- until I saw my milage statement a month later.

Re:Paranoia

[kokojie]

Then $216 it should be. I never bought anything inside the airport, so why should I get to enjoy lower ticket price? It would be more fair if everyone paid $216 and buy stuff at normal price in the airport.

Re:Paranoia

[Peeteriz]

I had a few flights a month ago in Europe (Denmark and Poland), and at these airports the ID was required at boarding as well.

Re:Paranoia

[Inda]

Turbans are worn by Sikhs. Idiot.

Re:Paranoia

[itsdapead]

I had a few flights a month ago in Europe (Denmark and Poland), and at these airports the ID was required at boarding as well.

Bear in mind that airports in Europe (especially UK) are used predominantly for international travel c.f. the large proportion of domestic travel in the USA. Plus, we had terrorists before you, nyah! Checking passports has always been important, and the airports have often been built with this in mind - E.g. at Heathrow, the main security check only gets you as far as the shopping mall - after that, each international gate has its own secondary checkpoint and "closed" waiting area. The boarding pass switcheroo would be much harder to pull off there.

Re:Paranoia

They don't have to do anything else to create terror. Just sit back and let the government do it for them. All the airport security theater, Superbowl security theater, ID checks at arbitrary buildings, backpack checks on subways, constant stream of propaganda from the White House, all add to remind Americans they must continue to be afraid, be very very afraid. Cost of a few domestic airline tickets five years ago: money Osama will never miss. Cost of the US government continuing to keep the sheep terrorized by constantly reminding them to be afraid: priceless.

More detail

[krell]

Unfortunately, the investigators who dropped the charges were unable to be reached as they were enjoying their cushy first-class-flight South Pacific vacations.

Re:More detail

I'm sorry, why is this funny? Lame, yes...

Eh?

[voice_of_all_reason]

his life got turned upside down

Yes, but was it "flipped" as well?

Perhaps, while we sit here, he would like to take a minute and tell us.

Re:Eh?

[spellraiser]

As I understand it, he used a fake boarding pass to fly to Bel Air, where he whistled for a cab and when it came near, the license plate said "FRESH" and it had dice in the mirror.

Re:Eh?

[operagost]

Smell you later!

Re:Eh?

"Yes, but was it "flipped" as well?

Perhaps, while we sit here, he would like to take a minute and tell us."

As I recall, this is a continuation of earlier coverage summarized on /. And yes, it was flipped. And yes, he told us. His place was tossed during the search warrant.

I've always wondered why you could not sue the government for the time and pain of putting your place back together.

Alternative boarding pass

[4solarisinfo]

If you can't print a fake boarding pass, you can always scribble something illegible on an old ticket with a magic marker. Ever had that happen? "Sorry your flight is delayed, we're transfering you to another airline, just show them this.." and you're thinking, wonder if this scribble will get me to Hawaii?

Re:Alternative boarding pass

True. I took a flight recently (from the middle east to the UK), and they screwed up and put the wrong name on the ticket. The travel agent insisted everything would be fine at the airport, but I wasn't so sure. Upon reaching the airport, I checked with the help desk. You know what they did? They took my ticket, grabbed a pen, crossed out the wrong name and wrote in the right one. Nobody batted an eyelid when I checked in or boarded.

Re:Alternative boarding pass

[AGMW]

Nobody batted an eyelid when I checked in or boarded.

I'm laughing about this, but I'm crying inside! If enough "terrorists" just tried to scam their way onto flights _some_ of them would make it regardless of what Security Theatre measures were in place, which just makes the whole exercise a waste of time and money!

... and why have we been saddled with all these illusions of security? Because we (the public) think the Government ought to "do something about it", and the Gov, with one eye on getting re-elected, are more than happy to oblige, especially as it allows them to increase their powers over us.

So the saddest thing of all is that we asked them to do it!

Golly.

[Black+Parrot]

Don't the morons running this place realize that it isn't safe to forego shooting the messenger?

Strange laws?

[jopet]

Can somebody explain US laws to me here? Is it or is it not legal to put up a website that helps to print fake boarding passes? If it is not legal, why was the case dropped? If it is legal, would it be ok to put the website online again?

I have a hard time to imagine what law could be violated by this unless somebody tried to actually use such a fake boarding pass to get on a plane or into a restricted area.

I could imagine that the mere act of printing a fake boarding pass *could* (depending on how it is done) violate the copyrights of the company. Anything else?

Re:Strange laws?

[Vengeance]

I hate to tell you this, but our legislators couldn't explain US laws to you.

Hell, many of 'em freely admit to not reading the legislation they vote upon. Asking 'em to actually understand it is obviously going way too far.

Re:Strange laws?

[will_die]

First off the title is really off, he was never charged so thier are no charges to be dropped. What happened is that they got a criminal complaint from a congressman against this guy, they filed paper and started investigating; also the airline company complained about it. With a congressman breathing down thier necks they decided to confiscate his equipment from the site. The decision today is that they would no be going forward with the procecution by filing charges.
There is currently now federal law preventing making boarding passes however Charles Schumer is attempting to get one passed.
While he could probably get away putting it up again he is breaking the copywrite law because of putting the symbols and name of the airline; and the copywrite is probably the original way the FBI was able to confiscate his property. Make up his own airline names and symbols and he would be ok.

Re:Strange laws?

[damsa]

Putting symbols on the ticket is not a copyright offense, it is a trademark offense. If he was charged, he would probably be charged with counterfeiting airline tickets. People should be glad that there is a law like that, otherwise people can sell counterfeit concert tickets etc... without any criminal consequences. Of course in this case, the charges were rightfully dropped.

Re:Strange laws?

[Kiaser+Wilhelm+II]

You just made all of that up, because its totally wrong.

Re:Strange laws?

[CrazyTalk]

You obviously haven't been to the US lately - laws are apparently now irrelevant, and we live in boarderline if not actual police state.

Re:Strange laws?

I have a hard time to imagine what law

Easy, this is a textbook example of the Law of Self-Interest. The more business for government, the more profit (both direct and indirect) for those who control government.

How much do you think it costs for administration of these little demonstrations of power? How many gigs do they do a year? How much is gained indirectly by precedent, and how much easier will it be to take an even bigger slice of the pie in the future?

What benefits the power elite, spending the taxpayer's money or not spending the taxpayer's money?

Re:Strange laws?

[illegalcortex]

Except these wouldn't be plane tickets. They won't get you on a plane. In that sense, they are about as much "plane tickets" as me scrawling "free trip to hawaii" on a sheet of paper.

Re:Strange laws?

[damsa]

Boarding passes, not plane tickets. I stand corrected. However, boarding passes is what gets you on the plane, not plane tickets. Nobody at the airport will ask for your ticket because a quite a few people do not carry one. People use e-tickets and print out a boarding pass at home or at the airport.

Re:Strange laws?

[illegalcortex]

But there's no way you could sell a "counterfeit boarding pass", as the person BUYING it would already know something is wrong. You can't buy a boarding pass, as the ticket has to be in your name to begin with. So I would actually kind of doubt there is even a law regarding them since the buyer would already know there's a problem. Doesn't seem parallel to counterfeit concert tickets at all, because there is no way the buyer wouldn't know they are counterfeit.

Re:Strange laws?

[damsa]

How would a buyer know that a boarding pass is not legit if it looks exactly like a regular boarding pass? I am such and such internet discount travel agency. Here is your boarding pass and here is your e-ticket and confirmation number. No check in required. Just present boarding pass at the gate. When you buy a ticket online, all you get is a confirmation number and then print your boarding pass before your flight. Unless you call and get confirmation, you wouldn't know whether your pass was good or not.

Re:Strange laws?

[illegalcortex]

First off, you would know because no one else ever gives you boarding passes. Travel agents give you tickets and you print off your OWN boarding passes. Your travel agent does not. If you buy an eticket through a travel agent, you still have to print off your own boarding pass. Having someone give you boarding passes would be as normal as buying a movie ticket and being given a torn stub.

Secondly, without some actual citation of law, I still believe this would fall under general fraud laws, not some special law concerning counterfeiting of tickets or whatever. I do not believe it's the DOCUMENT that is covered by the law, but the actual sale. Can you actually cite a law saying the selling of counterfeiting of boarding passes is illegal?

Re:Strange laws?

[damsa]

Some people don't know you are supposed to print your own boarding passes, I would venture that number of people to be a sizable amount. Here is is the relevant statutes pertaining to counterfeiting. http://www.usdoj.gov/usao/eousa/foia_reading_room/ usam/title9/68mcrm.htm/ My point to the OP was that use of the logos and such on the boarding pass would constitute trademark infringement and may be in fact criminal counterfeiting.

Re:Strange laws?

[illegalcortex]

Kudos to you for finding this information, but I still do not think it is applicable to this case or the ones you brought up. Reading all the various parts of the law, it seems the law is intended to apply to real goods and services. In other words, selling a fake Mickey Mouse doll or an unauthorized Brittney Spears Makeover. It does not appear to be directed towards fraud, where no goods or services are actually delivered. This is what I'm talking about when I think selling fake boarding passes would be considered fraud. I think even selling fake concert tickets would be considered fraud, unless those tickets could actually get you in the door.

Re:Strange laws?

[damsa]

I don't think it's applicable to this case either, I was just correcting the original poster that if there was a prosecution based on intellectual property it would be based on trademark law, not copyright law and trademark law is created to protect consumers.

Re:Strange laws?

[illegalcortex]

Well, hopefully you can understand my confusion in that you said "People should be glad that there is a law like that, otherwise people can sell counterfeit concert tickets etc... without any criminal consequences", while it would appear that said law wouldn't apply to counterfeit boarding passes or counterfeit concert tickets, and pre-existing law that had nothing to do with copyright or trademarks would come into play to bring in the criminal consequences. So just take this as a correction to your correction. ;)

Yeah but...

I bet he doesn't have all his computer equipment back that was confiscated from him during the investigation. Who needs a guilty verdict to punish him? Due process is dead.

Re:Yeah but...

[borroff]

I bet he has a number of speaking engagements and (maybe) a book deal. Knowing this was a possible outcome (and he certainly seems astute enough to know that might be the case), he seems to have done quite well. He could have done worse as a grad student writing a thesis.

Re:Yeah but...

[fotbr]

He says he's got his computer back, and will be getting the rest of his stuff back very soon.

But this is slashdot, where reading isn't a prerequisite to posting.

Re:Yeah but...

[finkployd]

I bet you didn't read any of the links in the story before commenting :)

He is getting his stuff back.

Finkployd

Is security worth the inconvenience?

[BadAnalogyGuy]

I don't have a problem with ID checks, though the USCOA does. When I fly internationally, I am subject to ID checks at almost every port of call. That's just the way things are when you enter and leave countries. However within the U.S. there is no requirement that you submit to an ID check. It is your right to refuse this check. So anyone can claim to be anyone and get past the TSA checkpoint with nothing but a boarding pass. The No-Fly list is made useless by this simple loophole.

So what then? Change the Constitution so that we lose the right to security in our papers? I dunno.

But what I do know is that a not-really determined terrorist can plant a bomb anywhere outside the TSA security perimeter with impunity. In fact, a bomb can be placed anywhere in any city at any time and cause the type of destruction that generates terror.

Is the solution to negotiate with the terrorists? I dunno.

I don't like to give these crackpots any more legitimacy than they deserve, but if we are truly afraid of them wouldn't it help to find out what they want and then find a way to come to a mutual agreement?

If we're not afraid of them, then stop all this nonsense about making our country safer by strip searching grandma. The initial price of freedom is blood, but the recurring cost of freedom is risk. You can't have freedom without risk. You can reduce risk by reducing freedom and that's what the current tack is, but it's a mistake to assume that we have all agreed to this level of reduced freedom because a few fraidycats are unwilling to live in a risk-filled world.

Re:Is security worth the inconvenience?

[killercoder]

Lets start counting up the ID checks from my last visit to the US: 1) Checkin counter, including where I'm staying info, with passport check. 2) Customs Counter in Canada, with passport check, included info on where I'm staying. US Customs in less than 20 feet from the checkin counter. 3) Security Desk, with passport and boarding card check, 20 feet further. 4) Passport check to get on the plane The return trip: 1) Checkin counter, with passport check 2) TSA Security checkpoint, with passport check (10 feet from checkin counter) 3) Customs Check in Canada Now it strikes me that the US has lost its freedom, it just didn't realize it. If the goal of Bin Laden was to take away America's Freedom, he won. Security can be performed WITHOUT loss of freedom. Suggestions: 1) Do the ID check at the check in counters, let the TSA perform the *safety* checks. (Searches, pat downs, puffers etc). 2) Let Customs do its ID checks. If someone is dedicated enough to perform a terrorist act in the US, no amount of checks will stop them. Focus on the security, focus on the screenings, focus on looking for suspicious behaviour - this will have the most bang for the buck without turning the US into a communist state (no papers - no travel). How many terrorists have been caught in the last 6 years by TSA personnel?

Re:Is security worth the inconvenience?

If the goal of Bin Laden was to take away America's Freedom, he won.

Don't be silly. People say this all the time. Bin Laden told us what his goals were in 1998 (and repeatedly afterwards): 1) remove US troops from the Middle East, 2) eliminate US military aid to Israel, and 3) establish a Caliphate based upon the Wahabbist cult of Islam. He isn't attacking the US because of freedom any more than the US was attacking Nazi Germany or Imperial Japan because of freedom.

Re:Is security worth the inconvenience?

The very point is that the TSA no fly list is useless. It inconviences some that are no threat, have people on the list that are dissenters but not terrorists thus allowing political discrimination, and have demonstrably stupid things going on (like dead people's names on, heavily susepcted terrorists not on it).

ID checks have nothing to do with security. Neither does being a political ass, shouting "bomb" before you board, or being Muslim or a young white Caucasian male.

Security should be such that (a) even if a terrorist wanted to board without ill intent, they could (yes, could), and (b) if an unknown 90yo great-grandma was carrying C4 in her ipod gift for her grandson, she'd be caught (prevents mules (knowing and unknowing aka the reason why you must watch your bag and not leave it unattended in an airport) and (c) a person who professionally works with explosives could board as long as there was no explosives on him.

They already nearly demand you show up hours before your flight. Fine. If you don't, you don't board with luggage. If you do, you are allowed luggage. All checked luggage is loaded into one big bay, can have no electronics, is X-rayed, sniffed with a mass spec, and decompressed and compressed multiple times. Walmart, CVS, Walgreens would all be happy to provide 24 hour shops at all airports for your end of travel needs. All people undergo rapid low res MRI scans clothed, results reviewed prior to flight by a professional trained and also subject to non-disclosure rules, all data not subject to review after the flight and disposed of after 14 days if no incident occurs with *very* heavy penalties if they do not. Don't meet these simple rules? You don't fly so buy yourself a Greyhound or train ticket.

Come up with a solution, not some half-assed abused system that discriminates, is ineffective, and utterly stupid. This is clearly one of those areas where an intelligent monarchy easily overrules a deliberate democracy. Allow privacy to be invaded *completely* for a singular purpose (only and very) yet still be fully protected (data disposed of).

Re:Is security worth the inconvenience?

[goosman]

How many terrorists have been caught in the last 6 years by TSA personnel?

That's classified of course! (mostly so they don't have to tell you that it's zero!)

Re:Is security worth the inconvenience?

[Hatta]

However within the U.S. there is no requirement that you submit to an ID check. It is your right to refuse this check.

Good luck with that one! Seriously, have you tried it?

Re:Is security worth the inconvenience?

[planetmn]

The article: http://www.wired.com/news/technology/0,71115-0.htm l?tw=rss.index

The Slashdot discussion: http://politics.slashdot.org/article.pl?sid=06/06/ 09/1731249

-dave

Re:Is security worth the inconvenience?

If you don't show ID, you can be refused entry. You're depending on the incompetence of the particular person who is checking.

Re:Is security worth the inconvenience?

[christo]

Yes, I have, 4 times. So has Jim Harper from the CATO Institute.

It's easy, and the US appeals court has recognized this right.

See: this story

Re:Is security worth the inconvenience?

I don't like to give these crackpots any more legitimacy than they deserve, but if we are truly afraid of them wouldn't it help to find out what they want and then find a way to come to a mutual agreement?

Assuming you're referring to "terrorists", it's pretty clear what they want: to kill anyone that is not a muslim.

You can reduce risk by reducing freedom and that's what the current tack is, but it's a mistake to assume that we have all agreed to this level of reduced freedom because a few fraidycats are unwilling to live in a risk-filled world.

I'm sorry, could you please elaborate exactly where my freedom has been taken away due to terrorism? Last time I checked, I am still free to do any damn thing I want.

Re:Is security worth the inconvenience?

[argStyopa]

I really liked your post. I thought it was absolutely spot on until I got to this:
"I don't like to give these crackpots any more legitimacy than they deserve, but if we are truly afraid of them wouldn't it help to find out what they want and then find a way to come to a mutual agreement?"

What if what they want is a Global Islamic State, ruled by the Koran and anyone resisting put to the sword?

I'm all for pragmatic compromise, but at a certain point it's time to simply kill the psychos.*

* yes, I'm FULLY aware that they can use the same rationale; in fact, they probably are. To me, that doesn't really matter. I *know* western secular Humanism is an inherently morally better philosophy than Islam. I also know that in the real world, "moral value" is worth intrinsically nothing, so if we genuinely believe our system is better than theirs, and they believe the opposite, the only way it gets resolved is by beating the other guy into submission. We need to begin.

Sorry if that's too Hobbesian for the intarweb theoretician/moralists out there. But not everyone is interested in negotiation and compromise. And if they aren't, your willingness to compromise simply makes you their next victim. Your philosophy only survives if you do.

Re:Is security worth the inconvenience?

[Justtaint]

I don't like to give these crackpots any more legitimacy than they deserve, but if we are truly afraid of them wouldn't it help to find out what they want and then find a way to come to a mutual agreement?They want you dead. Its truly as simple as that. They want all "infidels" wiped from the face of the planet. There is no way to come to a mutual agreement, so long as there is no way to half-kill you.

Re:Is security worth the inconvenience?

[JimBobJoe]

How many terrorists have been caught in the last 6 years by TSA personnel?

None. In fact, I don't believe there has been a single instance of a terrorist or a hijacker caught by airport security worldwide. We've got nearly 40 years of airline security history too.

Since the experience is if a terrorist or hijacker get to the airport they will get on the plane, then the lesson should be more resources need to be spent preventing them from getting to the airport in the first place. Once they get to the airport, it's too late.

Re:Is security worth the inconvenience?

They already nearly demand you show up hours before your flight. Fine. If you don't, you don't board with luggage. If you do, you are allowed luggage.

One of the advantages of air travel is purportedly that it is fast.

All checked luggage is loaded into one big bay,
Okay so far...

can have no electronics
This eliminates laptops for business workers flying to a client site. It also rules out digital cameras, iPods, radios, portable TVs, and PDAs. In other words, most modern conveniences.

is X-rayed

No regular cameras allowed, either? So much for holidays.

sniffed with a mass spec

A mass spectrometer? How? To determine what, exactly?

and decompressed and compressed multiple times.

If you compress my luggage, there's no guarantee that it will decompress again. That rules out travelling with just about any solid goods.

Liquids on planes are already banned. You can't transport gasses without a container. Why not just ban luggage altogether?

All people undergo rapid low res MRI scans clothed

MRIs aren't good for large classes of people. Anyone who's worked with metal, or has metal implanted inside them has to worry about the magnetic effects of the device.

I don't know about the speed of a low res-scan, but my MRI scan took a full 40 minutes, with me lying down and loaded on a conveyor into the machine. 40 minutes/person is too long to be feasible for airline travel, and MRI machines aren't cheap.

Don't meet these simple rules?

Your rules seem to boil down to: "show up hours in advance, don't bring any luggage, don't have ever worked with metal, don't have metal implants, don't be claustraphobic, be very comfortable with full body scans, and preferably, don't fly at all". Any system requiring nuclear magnetic resonance imaging generators doesn't really qualify as "simple" in my books.

You don't fly so buy yourself a Greyhound or train ticket.

What do I do if I want to go to Hawaii? Swim?

Re:Is security worth the inconvenience?

[myth_of_sisyphus]

The No-Fly List is a joke anyways.

I read that they don't put REAL wanted terrorists on it because the list is too widely circulated and might tip off the suspect.

Re:Is security worth the inconvenience?

[BadAnalogyGuy]

I gave two possible scenarios, actually.

The first is where we live in fear. That fear requires us to cooperate with the terrorists until we reach a mutual agreement and ceasefire. (this is the one you are objecting to).

The second is where we live with the risks. Since we realize there are risks inherent in living freely, we ignore the terrorists.

The real solution is somewhere in the middle, but the current solution is the first one above. We give up the right to see our family off at the gate. We give up the right to locked baggage. We give up the right to enjoy our choice of beverage in the terminal. We give up all these rights because we live in fear and because we are unwilling to cooperate with the terrorists. If you're living in fear your two alternatives are either to restrict freedom until everyone can be watched or to capitulate to the demands of the terrorizers.

I'm not advocating that stance; just presenting it. I'd rather live with the risks.

Re:Is security worth the inconvenience?

[argStyopa]

And, to be fair, I agree with you.

But it's stupid to allow risk where it's not necessary. I think a responsible government would sweep aside concerns about political correctness and simply deal with the problem, without the window dressing. Stringent screening of visitors? Unapologetic surveillance of middle-eastern men aged 14-50? Making everyone touch a piece of raw pork before boarding (sorry, no heavenly martyrdom for you if you die before you get cleansed!)?

I don't mind living with risks as a price of being a member of a free society. I do mind if those risks are greater JUST because someone's afraid of being called a racist for stopping a suspicious person who fits a terrorist profile.

Re:Here

Because obviously, anyone trying to publicise flaws in the system before anyone gets hurt is just as bad as a terrorist. Idiot.

Organization's procedures are SOFTWARE

[mi]

The actions by any organization larger than, uhm, 200 people, are controlled by written procedures and norms, which are software. You'd, probably, learn this much in a management course (not that I tried).

The bigger the organization, the more likely you are to deal with someone who is merely executing the instructions — unable of, and unthinking about changing them. An organization like government, or a huge department like Homeland Security is all about it. A few "software engineers" and "analysts" high above devise the algorithms, some more "coding monkeys" codify it, and then it gets to run "in production".

We are the users. And we get worked-up about the bugs. In this case, the bug is a security one, where a presented certificate is accepted without checking with the issuer.

Somebody thought, that it would be good to limit the crowds next to the gates to people with boarding passes. Checking, that the pass is valid (as airlines do at the actual gates), either did not occur to the coder at all or was deemed too expensive...

The new release will, hopefully, have a fix. If not, than, certainly, the next one. Nothing, you've never heard before.

Re:Organization's procedures are SOFTWARE

[jefu]

It has been my experience that bureaucracies don't generally want to believe that their policies and procedures are, indeed, essentially software and could therefore be considered as such, with provisions for analysis and with their design including provisions for exceptional cases. It is tough to debug such things once they get deployed - in part because there are usually few ways to report "bugs" and often nobody to read such bug reports if they were generated. In the ideal, the policies would specifically allow for the odd cases and provide easy ways to handle the odd cases (by "throwing exceptions" up to a superior) but in practice that is often unworkable because the "superior" has other things to cope with. doesn't care, or has allowed their "superiority" to delude them into thinking their job does not include such things.

No matter how well planned and executed, all systems eventually do other things than they were designed to do (see "Systemantics" by John Gall).

Re:Organization's procedures are SOFTWARE

[houghi]

The actions by any organization larger than, uhm, 200 people, are controlled by written procedures and norms, which are software.

Cool. Now I just need to write a procedure how people enter a building, patent that and I can strangle every company out of business.

Re:Organization's procedures are SOFTWARE

[mi]

there are usually few ways to report "bugs" and often nobody to read such bug reports if they were generated.

Bug-reporting is easy — you write to the bureaucracy's head (they'll never read it, but their staff might).

As for reacting to a bug-report, well, that sucks with most software... Something small with a single maintainer may get fixed quickly, but large projects (like KDE or Mozilla) have bug-reports lingering for years (I filed quite a few).

Re:Organization's procedures are SOFTWARE

[asuffield]

I, think you, are confused, about the purpose, of commas. Please do, not use, them in random, places.

Police state

[flug]

It was made perfectly clear during the meeting that parts of the US government, at least the two represented at the meeting, strongly disapprove of Tor - and in particular, thought that research universities such as IU, MIT, Georgia Tech, Harvard and others have no business supporting such projects.

Basically, what we are talking about here is the "parts of the U.S. government" working to turn the country into a police state.

Airline made $5, revealed all their secrets

[Ancient_Hacker]

I was looking for some bar-code scanners and bid on a batch of 9 of them on eBay.

Got them for under $1 each.

To my dismay, they can't read standard bar codes. ( I was hoping to label my books with bar codes )

To my amusement, and dismay, I figured out WHY they wouldnt read standard bar codes.

Some airline sold them to a liquidator. With their custom code in the flash memory to scan their baggage and boarding pass tags.

I wonder what their thought processes where?, something like:

• These old hand scanners are getting dirty, let's throw them away.... Wait, there's probably a few cents of value left in them, lets sell them to that liquidatior, you know, the one that pays us $20 per pallet of old stuff.
• Never mind these will help somebody impersonate a baggage loader or gate agent.
• Never mind someone can use them to validate that their tag-faking software is printing out valid tags.
• just, never mind.

Re:Airline made $5, revealed all their secrets

[Chuchi]

The standard of bar codes for bag tags and boarding passes is public (might cost a few bucks) but there is nothing secret about it.

Re:Airline made $5, revealed all their secrets

[pla]

To my dismay, they can't read standard bar codes.

Find a manual for one of them. The previous user most likely had them set to only respond to a very specific symbology, to avoid having the morons they hire accidentally confuse the system by trying to check-in things like Pepsi cans and bags of Cheetos.

You want to reset them to factory defaults, then enable all symbologies (or if you can't find an "enable all", just turn on the ones you need... Code128 works pretty well for general-purpose custom barcodes; if you want to use the existing ones, you'll need EAN and EAN+5 - And of course the various UPCs never hurt). And especially on older scanners with possibly less than pristine lenses, enable check-digit processing or you'll end up with a huge misscan rate.

Security, hah, I penetrated it by accident

[Ancient_Hacker]

I was innocently looking for some bar-code scanners ( I was hoping to label my books with bar codes ), and bid on a batch of 9 of them on eBay.

Got them for under $1 each.

To my dismay, they can't read standard bar codes.

To my amusement, and dismay, I figured out WHY they wouldnt read standard bar codes.

Some airline sold them to a liquidator. With their custom code in the flash memory to scan their baggage and boarding pass tags.

It wasnt too hard to learn all this. Every scanner had several stickers on it with diagonal red stripes and phrases like

"/// SECURITY DEVICE #xxxxxxxx/// "

"/// USER MUST HAVE SIGNED CONFIDENTIALITY AGREEMENT A8R55-2/// "

"/// FIRING OFFENSE TO REMOVE FROM RED ZONE (UNION HBK, PG 37)/// "

"/// DEADULUS & EARHART AIRLINE CUSTOM FIRMWARE VERSION 1.22"/// .

I wonder what their thought processes where?, something like:

• These old hand scanners are getting dirty, let's throw them away.... Wait, there's probably a few cents of value left in them, lets sell them to that liquidatior, you know, the one that pays us $20 per pallet of old stuff.
• Never mind these will help somebody impersonate a baggage loader or gate agent.
• Never mind someone can use them to validate that their tag-faking software is printing out valid tags.
• just, never mind.

Re:Security, hah, I penetrated it by accident

[throx]

No security should be dependent on the technology implementing it not being distributed. A truly secure system should assume that someone wanting to penetrate it can amass every piece of technology used and STILL not allow someone through. Making your security depend on the bad guys not getting equipment XYZ is just obfuscation, not security at all.

In the case of boarding passes it's simple - you check each one against the central database of valid passes for that flight. If you get two passes for the same seat then you know at least one is a fraud and you can deal with things from there.

those are antiques!!!!

[krell]

""/// DEADULUS & EARHART AIRLINE CUSTOM FIRMWARE VERSION 1.22"/// . "

Those are antiques! You might just try to re-sell them on eBay. Daedalus Airlines, in particular, had their assets sold of decades ago when the last wax-attached bird features fell off the last airliner. Both airlines declared bankruptcy, and eventually merged with the old Glenn Miller Airlines to form the Oceanic Air we know and love today. You know, the one with the slogan "Getting halfway there is all the fun". They're also the first airline to consider electrified wings in order to keep the gremlins off.

CIA and TOR

[terraformer]

Didn't the CIA take an interest in TOR at one point? Kinda hypocritical that the guberment is against it now.

Umm, not sure about this

[refriedchicken]

"Soghoian said fake boarding passes wouldn't be an issue if identification was required and checked to travel. The student said he has been able to get on four flights without showing ID."

I fly across country every other week and have well over 100,000 miles under my belt this year a lone and I have never once gotten through security without my ID. Wrong boarding pass, yes, but it still had my name and matched my ID. And since we have no National ID how does one make sure the the people paid $8 an hour know how to check every state and military ID and look for fakes?

Re:Umm, not sure about this

[christo]

Have you tried to?

It's really simple. When you checkin with the airlines, tell them you forgot your ID, and they'll print you up a special boarding pass that has the letters "SSSS" marked on it - which means that you'll get searched a bit more carefully (i.e. they'll swab stuff in your carry-on bag to check for bombs).

If your main goal is to bypass the no-fly list, and not to sneak something onto the plane, then this should be more than enough for you.

Plus, in some airports, they rush SSSS passengers to the front of the security line, so you can actually get through security faster without ID than with.

Re:Umm, not sure about this

[refriedchicken]

I have been through the SSSS line several times and everytime they have requested my ID. I have some seen some outrageous things when it comes to the security in airports but no ID is not one of them (and I would say it is the least of my concerns).

Re:Umm, not sure about this

[illegalcortex]

Right, they requested it. But did you ever say you didn't have it? That's the whole point. You are not REQUIRED to show ID. They just put you through extra screening and let you go on. You probably get on a secret list, too...

DHS Tax!

[bdonalds]

Printing devices are just machines used for printing fake boarding passes, and they all know it. So it's time to get paid for it! -Department of Homeland Security

Terrorists work to destroy trust.

[Russ+Nelson]

Trust is what makes a modern society function. To destroy a modern society, you destroy trust. In many ways, that has been the aim of the terrorists attacking the US. We trust boarding passes. Pointing out that they are not trustworthy is simply beyond the point. Trust is an ephemeral thing, and yet it is an essential thing. Printing out fake boarding passes to show that they are not trustworthy doesn't help to increase security; in fact ..... the terrorists win when you stop trusting people.

Re:Terrorists work to destroy trust.

You make trust sound like a universally good thing. Is it good to trust a serial murderer?

Certainly, trust is vital to many social systems -- but blind trust is as detrimental to the system as no trust at all.

Trust a boarding pass which uses a secure protocol to prove, beyond much doubt, that the holder paid a fare. That is reasonable trust. Trust a boarding pass just because it looks "official," even when it's proven to follow an utterly broken security model? That is undeserved trust.

If you trusted the broken security model in the past, then you discovered it was always broken, the discovery is not to blame. The trust was undeserved in the first place; you granted it initially upon false premises. The solution is to fix the model so it actually deserves your trust. If you prefer, don't bother fixing the model but live with the knowledge that it's not secure. (Though, to do this, one must first dismiss the all-consuming, quivering, I'll-trust-anyone-who-offers-to-protect-me fear, and consider that the rich and powerful people claiming to have your interests at heart might have their own interests at heart.)

When you imply that exposing the untrustworthiness is akin to the goals of "terrorists," you're straying into fairy land. Society's not going to collapse when we stop trusting charlatans.

Re:Terrorists work to destroy trust.

[illegalcortex]

That's bullshit. Trust is something terrorists LIKE. It was trust that allowed the 9/11 hijackers to do what they did. You say that printing fake boarding passes doesn't increase security. That's not the point. The point is that it makes it crystal clear that we don't HAVE security the way things are set up. And it makes it clear that some of the "security" measures in place do only one thing - inconvenience non-terrorists (you know, the 99.99999% of the traveling public). We either need a security system that is effective and cannot be easily circumvented (or event circumvented with difficulty), or we need to drop those useless measures and accept that we are taking a risk and it's worth it for our freedom.

Ummm Hello....Navy

[finkployd]

It was made perfectly clear during the meeting that parts of the US government, at least the two represented at the meeting, strongly disapprove of Tor - and in particular, thought that research universities such as IU, MIT, Georgia Tech, Harvard and others have no business supporting such projects.

I wonder how they feel about TOR being a naval research project.

I, for one

I will not set foot into an airport until they stop forcing us to pose for the nude-body scanner.

Call me shy or puritanical or what you will, but I do not want naked pictures of me in a federal database. Given the ease with which such biometric-identifying information could be abused or stolen by hackers, this practice does not make me feel safe.

It makes me feel oppressed.

Mind Reading

[Doc+Ruby]

So if I ignore the security trying to stop me from boarding the plane with my large toothpaste tube, intending only to brush my teeth after dining on their airplane food, then I shouldn't be arrested? The criminal charges apply only to people boarding with criminal intent for their toothpaste?

Look, the charges against this guy are bogus. The criminals are the people in the TSA who treat us like dirt on a cop's beat, while leaving these gaping security holes for actual attackers to exploit. Who try to cover their asses by arresting people who out their incompetence. The whole simcurity industry is a mafia, shaking us down with fear and intimidation while leaving us undefended.

But the lawyers, judges and legislators who decide justice based on unknowable (philosophically, perhaps even nonexistent) "intent", are worse than criminals. They're destroying the entire rational basis for justice, based on testable evidence and disprovable legal theories, in favor of arbitrary mind reading. Even if they didn't "intend" to do that, they've done the damage.

Just like security rules can protect us only from actual acts and results, not forgive well-intentioned acts that might create insecurity anyway. Should the law allow me to bring my pressure-detonating bomb prototype on an airplane, just because it never occurred to me that it would destroy the plane in flight? What if I did that a few times? What if I just got on the plane so drunk that I abused the passengers, making a mess in the aisle, a few times a month on business trips, intending only to "relax" my nerves before the flight?

The law should protect us from too-risky actions and actual danger. Including the incompetent actions of the TSA which can't accept warnings from researchers that boarding passes are insecure. Not dwell in the imaginary world of "good intentions".

Re:Mind Reading

[Doc+Ruby]

Moderation 0
    50% Interesting
    50% Troll

Sleazy trollMods never brush their teeth, anyway. Why should they even read the posts, let alone reply when they disagree?

Are expired fake boarding passes ok?

[NotQuiteReal]

Here is a story about company that creates the paperwork for your alibi. The story covers an alibi to hide an affair.

They mention fake airline itineraries, not boarding passes, but would a fake, used boarding stub also get you in trouble?

OT: having an affair is sleazy, but not illegal. If that alibi company is used to cover a crime, do they have any liability?

Yay!

[8ball629]

Chalk one up for the citizens!

TIME FOR GO TO BED!

[MS-06FZ]

Soghoian's blog has insightful comments about the divide between security researchers and government officials on subjects such as TOR.

There has long been a sharp division of opinion on the merits and failings of TOR... So Soghoian's observations aren't anything new...

Not a security issue

[tclark]

Keep in mind, the photo ID requirement is not a security measure. It's a measure to keep you from selling your non-refundable tickets. From Schneier:

Unlike every other airplane security measure -- including reinforcing cockpit doors, which could have prevented 9/11 -- the airlines didn't resist this one, because it solved a business problem: the resale of non-refundable tickets. Before the photo ID requirement, these tickets were regularly advertised in classified pages: "Round trip, New York to Los Angeles, 11/21-30, male, $100." Since the airlines never checked IDs, anyone of the correct gender could use the ticket. Airlines hated that, and tried repeatedly to shut that market down. In 1996, the airlines were finally able to solve that problem and blame it on the FAA and terrorism.

your signature

[pikine]

Fear: When you see B8 00 4C CD 21 and know what it means

There is nothing to fear. It is just a small fragment of MS-DOS assembly code. "B8 00 4C" is "mov ax, 4c00h", and "CD 21" is "int 21h". It is a MS-DOS system call that exits your program (system call number 4c) with a status 00 (the lower byte of ax). Now everyone knows...

I haven't used Windows for a long time, but I wonder if it still comes with an MS-DOS debugger?

I think it's about efficiency, not security

[killerc]

It seems to me that requiring a boarding pass is less about increasing security and more about reducing the number of people passing through the security checkpoints. Can you imagine how long the lines would be if friends and loved ones were still allowed to see you off/meet you at the gate?

Re:I think it's about efficiency, not security

[bfields]

It seems to me that requiring a boarding pass is less about increasing security and more about reducing the number of people passing through the security checkpoints. Can you imagine how long the lines would be if friends and loved ones were still allowed to see you off/meet you at the gate?

Sure; it's not checking boarding passes that's being made fun of--it's the idea that the no-fly list can prevent people with certain names from flying.

The fake-boarding-pass generator points out that you don't even need to forge a photo ID to bypass the no-fly list; you just need to forge one boarding pass, at a cost of a few pennies worth of printing.

easily faked boarding passes

[mrmarshmellow]

I don't know for sure but last time I flew, I flew Airtran and they had checkin online and you can print out the boarding pass at home. I'm pretty sure the print out was regular HTML and I could have easily changed the name. Even if it weren't HTML, you can print it out as a PDF file then edit the text. So Bob can buy a ticket then change then name to Charlie with an HTML editor and Charlie can easily go through security. Security can avoid this by typing the name or scanning the tickets which would recognize the fake but I'm pretty sure all they do is match the boarding pass name with the ID. Anyway, I think the whole name security thing is pretty lame. How hard is it for these organized terrorists not to get fake IDs like any underage college student? As a more useful academic exercise, has anyone thought about this: Bob buys a heavily discounted ticket to Hawaii on Airline XYZ but becomes sick and can't go. Bob can't get a refund from the airline so would have to eat the ticket. Instead, he checks in online and prints out the online boarding pass and gives it to his buddy Charlie. Charlie then buys two full fare fully refundable oneway tickets on the same flight. He also checks in online and prints out his boarding pass. Now Charlie just goes through security with his boarding pass + ID. They don't check ID at the gate (only scan your ticket) so to board the plane he hands Bob's print out to the gate agent and he gets on the plane. After his vacation, Charlie refunds his own ticket and gives Bob a beer for using his ticket. I wonder if a crime is even committed because you went through security legitimately under your own ID and boarding pass. You took a seat that wasn't yours but the non-transferability is up to the airline to enforce and not the government. It's no different than if I buy a ticket to a concert and give to my friend, even if it says non-transferable. Usually they require ID at willcall to pick it up but don't check again through the gates. Anyone? Good way to save those non-refundable fares!

What harm did he cause?

[vinn01]

I looked it up. I'm confused - what harm do he cause on an airline? Other than delaying it for a long time.

Re:What harm did he cause?

Eh, delay? He hijacked the airplane and forced its occupants to fly to Cuba. From '71 Hijacker Gets Term of 15 Years

Grant did not deny hijacking the plane, which had been scheduled to fly from Milwaukee to Detroit on Jan. 22, 1971. He first ordered the plane flown to Africa and then decided on Cuba when he became convinced that Africa was too far for the plane to travel.

Playing dumb, vinn01, only makes you look dumb.

a little bit OT

[Langfat]

I hadn't heard that, but it makes a lot of sense. After all, while it would produce more terror to blow up a Wal-mart in the Middle of Nowhere, USA that's certainly no where near as big or meaningful as the 9/11 attacks.

I was having a conversation with my friends about this and the other point they made was the 'human factor.' After all, if a suicide bomber is giving his life to a mission, I'm sure he'd rather go down in history as one of the guys who participated in 9/11 than one of the many dudes who blew up some wal-mart's across the country. Now, I realize that car bombs go off every day in Iraq, but like you said, it's the low-level terrorism that people sort of get used to. Even on the news now they report it as "another day of deadly attacks in Iraq - 2 carbombs, a shooting and one suicide bomber" - nowhere near they amount of coverage of 9/11. Now, I'm no psychologist, but I sense there's a little bit of egoism and megalomania in these guys...they wanna be heroes, they wanna be martyrs, they don't wanna be just some cannon fodder for some 'greater cause.'

Re:a little bit OT

[illegalcortex]

I think you're exactly right about the egotism/megalomania bit. But I think it's also on the side of the people planning. The only reason we haven't been attacked again is because they have yet to find a juicy target that will outdo 9/11. I seriously suspect the next attack (at least by the same people who follow the escalation plan) to affect a whole city or possibly multiple cities. I really doubt airplanes will have anything to do with it. It's actually playing into the terrorists hands that so much of our time and effort is spent on worrying about airplanes at this point.

Reminder: BUSH DID 9/11

He's practically a part of the Bin Laden family, what don't you get?

The real purpose

In your preoccupation with terrorists, you have forgotten about the immense threat posed by Vampires (Vampyres?) to the populace at large, and especially on airplanes flying through the perennial dark, so far removed from the rest of civilization. The boarding pass issue is still a problem, but checking IDs is definitely effective against the Noble Dead. Obviously, that's what the Airport Security Moguls were thinking when they instituted the check, since everyone knows that terrorists all have photo IDs just like all the rest of the Living.

"But wait!" you say, "What about the recently 'converted' who still have their photos from before they were introduced into the ranks of darkness?" True, the check won't stop them, but they're not the real concern here. What's really important is to prevent the Master Vampyres, who are all at least a couple centuries old, from boarding. They're the ones who can cause real havoc.

Double Standard?

[Ced_Ex]

I wonder what the differences would be in this story had this guy been "Muhammed al-Maqmood" instead of Christopher Soghoian?

Probably get the usual terrorist plot stuff I suppose.

Just like that video where a white guy goes on a bridge by himself and starts snapping pictures. Nothing happens, so he leaves and comes back dressed as a sheik, complete with long white robe and head covering. He then proceeds to do the exact same things he did prior without the costume. Within 2 mins he is accosted by security officials and told to leave the bridge.

Does anyone else think "Muhammed al-Maqmood" wouldn't have gotten off so easily?

Welcome to the collective

[DragonHawk]

"I've been a slashdot lurker, and finally registered for an account because I think I have something of value to say here."

Welcome to the collective. Please turn in your life. You can pick up your hot grits in room 404.

Re:Welcome to the collective

[m3tr1k]

"Welcome to the collective. Please turn in your life. You can pick up your hot grits in room 404."

Hey man I went to where I thought 404 was but all I got was a lousy error. Can you show me where the grits are? :)

It's Easy to Bypass the No-Fly List

When ordering your ticket online, specify any safe name, "John Robert Smith", as the passenger and pay with your credit card in your name. The passenger name does not trigger any alerts and the transaction goes through. Before you print your boarding pass at home, simply save it as HTML/PDF and modify the name to be your true terrorist name matching your official terrorist ID card. You then can proceed through security and the gate because the boarding pass still has the legitimate coding even though the name had been changed. You are on board ready to blow it up. Note that baggage would need to be handled through curbside where they simply check your ID as opposed to ticket counter where they bring up your actual record which would not match your ID.