Slashdot Mirror

← Back to Stories (view on slashdot.org)

Schneier, Journalist Poke Holes In TSA Policies

Posted by Soulskill on from the leave-my-shoes-alone dept.

Fallen Andy points out an article in The Atlantic written by Jeffrey Goldberg. He and Bruce Schneier teamed up to put the TSA's policies to the test at the Minneapolis-St. Paul International Airport. They found plenty of evidence for security theater, and rather less for actual security. Quoting: "'The whole system is designed to catch stupid terrorists,' Schneier told me. ... As I stood in the bathroom, ripping up boarding passes, waiting for the social network of male bathroom users to report my suspicious behavior, I decided to make myself as nervous as possible. I would try to pass through security with no ID, a fake boarding pass, and an Osama bin Laden T-shirt under my coat. I splashed water on my face to mimic sweat, put on a coat (it was a summer day), hid my driver's license, and approached security with a bogus boarding pass that Schneier had made for me. ... 'All right, you can go,' [an airport security supervisor] said, pointing me to the X-ray line. 'But let this be a lesson for you.'"

33 of 296 comments (clear)

  1. Well... by Ironix · · Score: 5, Insightful

    I wouldn't doubt that the whole system isn't there to catch actual terrorists, but to simply condition the populace into accepting this kind of routine as a the standard quo. Fo

    --
    Still #1 -- Lonely Gay Geek
    1. Re:Well... by DriedClexler · · Score: 4, Insightful

      I wouldn't doubt that the whole system isn't there to catch actual terrorists, but to simply condition the populace into accepting this kind of routine as a the standard quo. Fo

      You left off "shizzle".

      --
      Information theory is life. The rest is just the KL divergence.
    2. Re:Well... by slarrg · · Score: 4, Insightful

      We have a financial system that is built upon the government, huge corporations and consumers borrowing insane amounts of money to keep the myth of a strong US going. The TSA's primary purpose is to create a show designed to make the public-at-large feel safe and keep spending their money by flying. If a significant percentage of people stopped flying because of fear, the entire airline industry would collapse.

      After 9/11, Bush was all over the airwaves telling people to continue to go to work and not stop spending their money because we need to keep the economy strong. Of course, when an anthrax tainted letter was found in a congressional mail sorting facility, congress closed its doors. But we simple consumers need to just keep borrowing money and consuming to keep the economy strong and if that means creating a government agency to create a theater show, then that's just what our government will do.

    3. Re:Well... by Dun+Malg · · Score: 5, Insightful

      I wouldn't doubt that the whole system isn't there to catch actual terrorists, but to simply condition the populace into accepting this kind of routine as a the standard quo.

      I know people desperately want to see this as a subtle plot by hidden puppetmasters, but really, as with all conspiracy theories, Hanlon's Razor needs to be considered:

      "Never attribute to malice that which can be adequately explained by stupidity."

      The desire to seek explanations involving some controlling individual or group is as old as humanity itself. The vast pantheon of gods invented to explain the frighteningly random whims of nature bear witness to this. Unfortunately, that's simply not the way it is. Nature is implacable. Tornadoes and tidal waves are inevitable, as is stupid security theater. Security theater is itself a kind of appeal to "the gods" to keep us safe. The truth is, people are just plain fucking stupid, particularly large groups of people put in charge of something that can't really be prevented. Yes, they do think this is to "stop terrorists". It's not logical, it's just blind reaction. In its own way, this is actually worse than the machinations of a secret cabal, because there's no central controlling authority to expose and thwart. It's just a giant morass of human nature. Half the population has an IQ of under 100, and many of them work for the TSA. All we can do is keep explaining their error and hope they learn.

      --
      If a job's not worth doing, it's not worth doing right.
    4. Re:Well... by Dun+Malg · · Score: 3, Insightful

      ... telling people to continue to go to work and not stop spending their money because we need to keep the economy strong. Of course, when an anthrax tainted letter was found in a congressional mail sorting facility, congress closed its doors.

      Sadly, I think one of the best things you could do for the economy would be to get congress to run away more often...

      --
      If a job's not worth doing, it's not worth doing right.
    5. Re:Well... by Foobar+of+Borg · · Score: 3, Insightful

      why the hell is parent modded as "insightful"?

      You must be knew here.

      --
      Similar to the upcoming US election results
  2. Re:Schneier bothers me by CRCulver · · Score: 3, Insightful

    I agree. I miss the Schneier who was the author of Applied Cryptography , an icon for the cypherpunks who seemed to foretell a coming golden age of privacy, where the average man would sock it to the Man with strong crypto. I understand his view that crypto isn't everything anymore, but he has gone from being an inspiring figure to a guy who seems like he just wants to look sagely and get lots of clients for his consulting business.

  3. Obamaism by Anonymous Coward · · Score: 5, Insightful

    When I went through at JFK and asked questions about why they were segregating my bag the supervisor came over and accused me of suffering from "Obamaism".

    I complained and TSA dismissed my complaint that the supervisor was making a joke. Really? TSA thinks that a citizen asking about his rights is a joke? Really?

    1. Re:Obamaism by Builder · · Score: 3, Insightful

      Sorry, but just how is carrying a 2oz bottle (what's that in real units anyway?) better for security than carrying a 3oz bottle of fluid ?

  4. Technically, the TSA did its job right. by NeutronCowboy · · Score: 4, Insightful

    After all, they didn't arrest, because he didn't present a threat. And he didn't. So it's a bit difficult to say that the system failed, based on this story.

    However, it's interesting to see exactly how little actual security there is at the airport. Bruce is right - the only thing new is better cockpit doors and passengers who'd rather die than get high-jacked.

    --
    Those who can, do. Those who can't, sue.
    1. Re:Technically, the TSA did its job right. by Free+the+Cowards · · Score: 5, Insightful

      And yet we're wasting billions of dollars of our money building worthless systems on top of that. That's your money, and my money. I want it to stop. The best way to do this is to show how useless it is.

      I think you misunderstand Bruce's objections. He does not simply object to the fact that the TSA is insecure. He objects to the fact that the TSA wastes huge piles of money, and those huge piles of money could be used for better things.

      --
      If you mod me Overrated, you are admitting that you have no penis.
    2. Re:Technically, the TSA did its job right. by evilviper · · Score: 4, Insightful

      Bruce is missing something

      No. No he isn't. TFA directly quotes him discussing EXACTLY what you say he is "missing":

      "'Only two things have made flying safer: the reinforcement of cockpit doors, and the fact that passengers know now to resist hijackers.'"

      The point that you, and many others are missing, however, is a couple lines down:

      "the country would be just as safe as it is today if airport security were rolled back to pre-9/11 levels. 'Spend the rest of your money [elsewhere, for better effects.]'"

      ie. The security of airlines is NOT at issue. The EFFECTIVENESS OF TSA, is. You would do better to save money by cutting back on TSA, and INVESTING it elsewhere. Elsewhere may be more maintenance on commercial jets, improving air traffic control, or perhaps even a few more air marshals.

      TSA is wasting lots of money, needlessly hassling travelers, and for all that, there's no appreciable improvement in security.

      --
      Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
    3. Re:Technically, the TSA did its job right. by tburkhol · · Score: 3, Insightful

      His conclusions are not original, and their is much he is missing, including the problems of identity matching that are at the forefront of much research in the area.

      His conclusions aren't original, but somehow, even after five years of people saying, loudly, what totally irrelevant theater the TSA is, the TSA still has a budget of more than $5 billion. That's half as much as the government spends on "general science" research and twice what they spend on "energy" research. I suspect he'll shut up about TSA as soon as we stop wasting so much money on them.

      For example, you still seem to be missing his entire point. Solving "the problems of identity matching" won't make TSA any more effective because TSA is not the effective part of airline security. The effective part of airline security is that passengers will no longer be compliant participants and that the cockpit is no longer accessible to hijackers.

      To make a home security analogy: reinforcing the cockpit door is equivalent to locking the front door of your house; changing passenger attitude is equivalent to posting a guard at that door; expanding TSA search policies, data mining, and screening procedures is equivalent to planting a "Brinks" sign in your front yard. It cost a few hundred million to reinforce the doors. The attitude change was priceless in terms of the lives lost to cause it, but $0. The TSA is $5 billion/year in direct costs plus the uncountable costs of passenger frustration and inconvenience.

  5. Re:Strictly speaking the system worked by QuantumG · · Score: 5, Insightful

    1. It's trivial to get around airport security.
    2. Everyone knows this.
    3. There hasn't been any hijackings.

    Therefore:

    4. There is no-one attempting hijackings.

    --
    How we know is more important than what we know.
  6. Whom does this surprise? by thePowerOfGrayskull · · Score: 3, Insightful

    You would think that if it were effective, they would be capturing people with provable ill intent. And you'd further think that if they did this, they'd want to tell th e world, loudly! After all, they could justify their own existence that way.

    Yet somehow, we haven't heard of one Mighty Terrorist being caught by TSA. ONe must assume that this is because they are not /being/ caught. So... if TSA is not catching terrorists, what the hell are they doing?

    The sole purpose is to make people feel protected (or violated, depending on your perspective). There's a sizeable portion of the population who feels reassured when senior citizens and soccer moms get pulled out of line for a closer search.

    Land of the free.

    Right.

    1. Re:Whom does this surprise? by BorgAssimilator · · Score: 3, Insightful

      Question: Whom does this surprise?
      Answer: Lots of people.

      It's the sad truth. I mean, when you think about it, these practices got put in place by people who thought it would be a good idea (for whatever reason). There are also lots of people who just buy in to the security theater of "Oh, they check my ID, so that must filter out the terrorists" that hadn't ever looked at the policies from this point of view.

      Common sense isn't very common.

      --
      "Intelligence has nothing to do with politics!"
      -Londo Mollari
  7. The best we can do by aaandre · · Score: 5, Insightful

    I think the current state of airport security is just that - the best the agency can do, with it's current resources, budget and enormous demand for speedy throughput.

    I myself have pondered the possibility of some kind of conspiracy, but all I'm seeing is an outdated, overwhelmed structure under a lot of pressure.

    This is a very difficult problem to solve:
    - fast processing of people
    - spotting potential threats with minimum resources
    - overstretched, tired, worn-out employees
    - far from state-of-the-art equipment
    - unbeliavable throughput

    If the throughput is 1/100 of the LAX or JFK demands, then maybe it would be possible to look at each passanger, "check in" with them, evaluate their level of nervousness, clothing, carefully check for tell-signs etc.

    With 1 second per passenger that's impossible and the best an agency can do is issue blanket policies including racial/name-based profiling, travel patterns, databases of destinations etc. and hope for the best.

    I truly believe that the security policies are not an adequate protection. I don't think that's by design, rather a limitation of the design.

    No conspiracy theory here, just lots of frustration with what I perceive as needless delay and inconvenience, bordering with disrespect and abuse in some cases (large-scale profiling and temporary detention of people entering the US etc.).

    1. Re:The best we can do by swillden · · Score: 5, Insightful

      I think the current state of airport security is just that - the best the agency can do, with it's current resources, budget and enormous demand for speedy throughput.

      Sure it's the best they can do. The point, though, is that the best they can do is COMPLETELY ineffective -- and yet they still spend $7B per year doing it. Why?

      Suppose you had <insert incurable disease>, and I told you that for $10,000 per year, I would sell you a cure.

      "Does it work?" you ask.

      "No," I respond "but it's the best anyone can do."

      Would you buy it? Or would you spend your $10K on something else that actually gives you value?

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    2. Re:The best we can do by Free+the+Cowards · · Score: 5, Insightful

      This is total bullshit. You're making the common mistake of examining their current budget, their current results, and assuming that achieving more results would require either more money or less speed.

      This is simply false. It is false because it overlooks a simple fact: the current use of the budget is horrendously inefficient. In other words, better results can be achieved without making things slower (and indeed, while making things faster) on the same budget.

      Most of what the TSA does is useless. Eliminate that, and suddenly you have a bunch of free money sitting around and people going through security faster. Take that money and put it into things that are actually useful. Now you have faster, better security for the same amount of money.

      Why doesn't this happen? Mainly because this better security would be a lot less visible. This makes moron travelers feel less safe (even though they are actually more safe) and opens bureaucrats up to blame in the event that someone gets through it. All rationality flies out the window in the ceaseless finger-pointing that follows any failure, and the vast majority of bureaucrats are far more concerned with protecting their own asses than protecting the country.

      --
      If you mod me Overrated, you are admitting that you have no penis.
  8. So what if he had terrorist propaganda? by Airw0lf · · Score: 4, Insightful
    I skimmed through the TFA and the author talks about how various items of terrorist propaganda didn't raise an eyelid:

    The flag features, as its charming main image, an upraised fist clutching an AK-47 automatic rifle. Atop the rifle is a line of Arabic writing that reads Then surely the party of God are they who will be triumphant. The officer took the flag and spread it out on the inspection table. She finished her inspection, gave me back my flag, and told me I could go. I said, "That's a Hezbollah flag." She said, "Uh-huh."

    Correct me if I am wrong, but all the TSA crew are meant to watch for is if you are bringing anything onto a plane that could then be used to bring it down or hijack it.

    Propaganda on the other hand cannot possibly bring down a plane from the sky, and it is surely protected to some extent by freedom of speech.

  9. Re:Schneier bothers me by fuzzyfuzzyfungus · · Score: 5, Insightful

    You have a point; but I'm not sure whether the change is a result of selling out, or a principled(if very depressing) change in his view of security, based on subsequent experience. After all, the broader cultural appeal of the "cypherpunks sticking it to the man on the unregulable internet that treats censorship as damage and routes around it" has fallen massively. You used to hear it all the time; both from various luminaries and in regurgitated form from flacks and cheerleaders, not nearly as much anymore.

    I suspect that it has something to do with his focus on the human element of security. The fact that you can build a cryptosystem that the feds can't break on your own computer with free tools, a modest knowledge of c, and some acquaintance with number theory is pretty damn cool. The fact that your fellow citizens will cheer as the feds waterboard the key out of you really puts that in perspective, though. It is hard to be a cypherpunk utopian when less than 1% of the population can be bothered to follow a step-by-step FAQ to set up PGP, and even geeks respond to google's data mining of their email by telling you how nice the interface is. Techies can argue, correctly, that the great firewall or any other censorware is full of fairly pitiful holes. That doesn't change the fact that it puts up enough resistance(which isn't much) to keep 95% of china's equivalent of average Joe from trying to get past it.

    In a way, I think that the cypherpunk ideal fell apart when they built it and nobody came. All sorts of strong crypto are available to everybody, for free, and aren't even all that much trouble to use. Almost nobody bothers, probably so few that those who do just stand out by doing so.

    I don't like the idea; but I strongly suspect that Schneier's decline in inspiration has more to do with his assessment of the state of security than it does with any specific sellout.

  10. Re:lol by Prikolist · · Score: 4, Insightful

    It's not intended to make people safe or feel safe, that's just the excuse and the reason why the excuse works. Really TSA is just another step to reduce people's rights and move to a de-facto authoritarian state... Never doubted it, this story just proves it: they never even cared that it's effective to catch terrorists, nothing to do with that, just get people used to random unwarranted searches and seizures and arrests. It's the government and media that sucks up to it that keep people scared, keep them afraid, keep them in a state of terror... oh wait, isn't that what the evil terrorists are supposed to do not the government that "protects" from them? Does anyone even remember what does the word "terrorist" mean? Sorry for rent, it accumulates every once in a while...

    --
    I think Linux isn't better than Windows hence in the slashdot realm I'm a troll
  11. Re:Schneier bothers me by mangu · · Score: 3, Insightful

    In a way, I think that the cypherpunk ideal fell apart when they built it and nobody came. All sorts of strong crypto are available to everybody, for free, and aren't even all that much trouble to use. Almost nobody bothers, probably so few that those who do just stand out by doing so.

    Worse than that, it seems like anyone who knows anything about cryptography is automatically suspect these days. "If you have nothing to hide, then why do you need that"?

  12. Bruce says the obvious by Obfuscant · · Score: 3, Insightful
    The first time I checked in online I thought how easy it would be to modify the boarding pass I was printing on my own printer. Duh. The experience taught me how to enter UNICODE in a postscript file (United encodes some data for passengers in UNICODE).

    Much of the article talks about someone not getting things that are not illegal to fly with confiscated. He makes a big deal about carrying a flag. The screener looked at the flag. It wasn't confiscated. BIG DEAL. It isn't illegal to carry a flag on board. He wasn't arrested for ripping up paper in a bathroom. BIG DEAL. It isn't illegal to rip up paper in a bathroom. He wasn't stopped for wearing a teeshirt.

    He starts out by saying he was doing things that terrorists wouldn't do, and then complains because he wasn't questioned about doing those things.

    Then the "saline solution" hole. Yes, every time you create exemptions from rules you create loopholes for bad guys to get through. Thanks for advertising the saline solution loophole, I'll remember it. Do you think that the TSA screeners should be testing fluids for what they are? There are an awful lot of different things, and any false positive is going to be lept on as another example of TSA stupidity while some poor schmuck is detained for nothing.

    So, a terrorist who isn't stupid steals a credit card and buys a ticket under someone else's name. He prints a fake boarding pass with his real name (?) to get past TSA. Then he uses the original pass to get on the plane. We're told that this hole can be closed by simply checking the names at the time someone gets on the plane.

    Uhhh, hand raised here. Question? If a terrorist is smart enough to steal a credit card with someone else's name to buy the ticket, won't he be smart enough to get a FAKE DRIVER'S LICENSE WITH THE SAME NAME so he can get past your new, stricter policy? You haven't closed the triangle at all. You've just made everyone feel more secure when they aren't. That's the game you are complaining about.

    Hey. Every security measure can be bypassed by someone intent enough on doing it. TSA didn't find some of the things this guy was carrying that he shouldn't have been. Gee. Humans aren't perfect. Combine that and the ability to bypass anything, of course you get the logical result that we might as well not do anything to stop people from taking whatever they want on board.

  13. Re:Schneier bothers me by geekmux · · Score: 3, Insightful

    He rocks the boat...

    And therin lies the fundamental difference between a noted expert in the Security field and the average joe. Bruce can and does rock the boat, where the average joes opinion would barely make a splash against the side of an inflatable raft.

    While I agree there seems to be more grandstanding nowadays, if anyone is going to effect some level of change, the chances are far greater with his sig at the bottom of the Security report.

    As with all things Security, it's always taken in baby steps unless something VERY large happens.

  14. Re:Schneier bothers me by Obfuscant · · Score: 5, Insightful
    At this point, you're going to run up against the one advance in airplane security that *has* been made post-9/11: you're not getting through the reinforced cockpit door with anything less than a battering ram.

    No, the one advance in security is not the door to the cockpit, it's the understanding on everyone's part that cooperating with a hijacker isn't in anyone's interest anymore, and the half a dozen guys (and maybe a few women) who will be beating the terrorist to a bloody pulp as the rest of the passengers applaud.

    United 93 was a test. The next time, the plane won't go down while the bad guys get killed.

  15. Re:lol by Free+the+Cowards · · Score: 4, Insightful

    How is that any sort of argument? Planes weren't raining out of the sky before the TSA was around, or even before any security measures were being taken.

    I will sell you this rock, it keeps tigers away....

    --
    If you mod me Overrated, you are admitting that you have no penis.
  16. Re:Schneier bothers me by Obfuscant · · Score: 4, Insightful
    Of course, what you're forgetting is that there's still the occasional hijacker who really does just want to fly to Cuba.

    This isn't something I have to worry about forgetting, it's something he better not forget. He's not going to make it.

  17. Re:Schneier bothers me by EaglemanBSA · · Score: 4, Insightful

    Or the other one...the pilot with a .40 Glock who's trained to kill people with it under his arm. I know, my brother is one.

    --
    Quiz: True or False -- On a scale of 1 to 10, what is your middle name?
  18. Re:Schneier bothers me by symbolic · · Score: 4, Insightful

    I wonder how likely this is to happen. Think about it - we have a government that has systematically become of the most purposelessly invasive influences in our lives, that has routinely skirted the law, and routinely questioned the validity of our constitutional democracy - if we can't stand up to that by throwing out the yahoos in office who vote for this stuff, would they seriously be able to stand up to someone on a plane?

  19. Re:Schneier bothers me by T-Bucket · · Score: 3, Insightful

    Oh, and don't forget the second advance. The FFDO program. (Commonly known as the "Guns in the cockpit program") By the time you get your second kick in on that door the pilot will be responding with a hail of bullets.

  20. Re:Schneier bothers me by Just+Some+Guy · · Score: 5, Insightful

    I knew a guy who worked airport security pre-9/11. One day they were running a security drill, and pulled him aside when he let a guy through the checkpoint with a two-piece rifle. Why did he allow him to pass? "Because it wasn't a working rifle. It wasn't put together."

    --
    Dewey, what part of this looks like authorities should be involved?
  21. Re:Schneier bothers me by ScrewMaster · · Score: 4, Insightful

    Yes, but you miss my point. Average Joe, the guy with a good job, and a family, and everything to live for is going to hesitate to throw all that away. More to the point, however, is that going up against armed men requires more than just a knowledge that you're going to die: you have to be willing to die now, and not hope that someone else will be brave enough to do what has to be done. Furthermore, you really should have some idea of how to fight.

    As a culture, we've pretty conclusively shown that we'd rather someone else do the dirty work. We'll see: it'll happen again.

    --
    The higher the technology, the sharper that two-edged sword.