Tuesday, October 31, 2006

Don't Criticize Big Brother

This at Homeland Stupidity. I have to say this is pretty outrageous, but this guy wasn't exactly the sharpest stick by providing a means to produce fake boarding passes. Schneier had a post on this and a link to Boing Boing on the topic. Soghoian's blog is here.
Exposing flaws in airport security by talking about them will get you watched closely by government agents. Hi, guys.

Creating a compelling demonstration of just how stupid the federal government is, though, will get you a less-than-friendly visit from the Federal Bureau of Investigation, followed by a predawn raid the next day.

Christopher Soghoian created the Northwest Airlines Boarding Pass Generator to demonstrate flaws in the government’s implementation of airport security and the so-called no-fly list. A few short days later, on Friday, FBI agents visited him and, as he told it, handed him a “written order” to take down the site, and unfortunately, he did.

Then the FBI agents kept a federal judge awake until two in the morning to get a search warrant (mirror) because Soghoian, in creating the site, supposedly engaged in “conspiracy to commit, or the commission of knowingly presenting a false and fictitious claim upon or against the United States, or any department or agency thereof,” according to the warrant.

I’m not even entirely sure what that means, or how this particular bit of security research qualifies as a federal crime. Earlier this week, Rep. Ed Markey (D-Mass.) had called for Soghoian to be arrested for putting up the site. Maybe he knows what it means. (Update: On Sunday morning, Rep. Markey rescinded his call for Soghoian to be arrested, and said that Homeland Security should hire him instead.)

Soghoian said he was shaken after the first FBI visit and spent the night elsewhere, and came home Saturday morning to find his door forced open, “a rather ransacked home, a search warrant taped to my kitchen table, a total absence of computers — and various other important things.”

It’s not that he’s trying to compromise airport security. It’s that he’s pointing out that airport security already is compromised, or, as his site used to read, “The TSA Emperor Has No Clothes.”

“Conspiracy to commit, or the commission of knowingly presenting a false and fictitious claim upon or against the United States, or any department or agency thereof,” sounds like a sedition act offense. Over-reaction? I'm guessing yes. Not that making a fake boarding pass could be exceptionally difficult. I find it amusing that they shut down his website. Surely they don't think that would stop anyone with the abilities or intention to falsify a rather poorly designed and weak security device.

Then there is one of our favorite Masshole Representatives screeching for the head of this guy. Markey did back off later, but as usual, he did it after making a complete ass of himself.
"The Bush administration must immediately act to investigate, apprehend those responsible, shut down the website, and warn airlines and aviation security officials to be on the look-out for fraudsters or terrorists trying to use fake boarding passes in an attempt to cheat their way through security and onto a plane," wrote Rep. Edward Markey, D-Mass., a senior member of the Committee on Homeland Security, in a statement.

"There are enough loopholes at the backdoor of our passenger airplanes from not scanning cargo for bombs; we should not tolerate any new loopholes making it easier for terrorists to get into the front door of a plane," Markey wrote.

Aviation expert John Nance says Soghoian may have shed light on a gap in airport security, but it's not something he should be commended for.

"My knee-jerk reaction to this is extreme concern," he said. "There's a free speech issue of course, but this is under the same legal categorization as screaming fire in a crowded theater."

Nice that he has control of those knee-jerk over-reactions. Let's not mention that Schneier has been pointing out these flaws since 2003. But hey, let's all flip out if someone makes it obvious or easy. A security professional points out the flaws and no one listens for three years, then someone makes a program that actually does it and now it's a problem.

Personally I think Soghoian is a dope. He stepped in front of a bus with this one and will get nothing from it, except maybe a lot of time talking to public servants. He was effective in getting his message across, but then, I'm betting he's not so happy that he did it. He could have tried going to Markey or someone of his political ilk to get this some attention, but I'm uncertain that it would have gotten nearly as much attention.

Doesn't things like this make you feel so much safer when flying?



No comments: