Besides using a fraudulent boarding pass, the journo didn't "test" the TSA in any meaningful way. This wasn't like the experiment where a guy got a gun on a plane using his wheelchair, for example. While the article has great information and I agree with almost all of it, I would like to see people demonstrating the uselessness of the TSA rather than just talking about it.
If getting though security with fraudulent identification is not a problem, why does the TSA bother to attempt to prevent it?
But killing the TSA is never going to happen. No career politician is going to commit political harikiri to shut it down.
- I do not mind the free hand rubs at the airports though.
Sadly, the biggest obstacle would probably be the fear of eliminating jobs, which no politician wants to be known for, even if those jobs are mostly a waste of human labor. This is a broader problem of government bloat, and probably out of the scope of this discussion.
This is not a place for political discussion (so please don't make it one, people!), but he certainly qualifies as a career politician, having been in congress 35 years.
EDIT: lots of downvotes... I'm just stating a fact in response to the DrJ's statement... what is the cause for your downvoting?
It's quite easy to say you support something that will never get to the floor and score political points - many politicians use this technique to score points with their "base." Ron Paul, in particular, has a number of professed views which are untested. Until Mr. Paul has enough political capital to disband the TSA and does so, it's disingenuous to credit with doing it.
Probably people reading an endorsement of Ron Paul in your post, though none is really there.
The TSA also checks your ID. In most airports, the TSA is NOT online and merely looks at the printed boarding pass to make sure the name matches what is on your ID, your flight is for today, etc. In most cases the airline does not bother checking ID again, assuming that the TSA checked it.
You would not get on a plane with a fake boarding pass, but you do get into the secure area.
Because IDs are not checked by the airline, forging a boarding pass would allow you to board a plane with any name you want on the ticket -- the name on the ticket doesn't have to be your "real" name (it doesn't have to match your photo ID). This means that the TSA's various "no fly" lists, which are just lists of names of people that they've compiled that are "too dangerous to fly", are easily defeated.
Your boarding pass is scanned by a barcode reader, and the computer does seem to pick up invalid passes, but I don't think that is the point.
The TSA has made some kind of a big deal about only allowing "ticketed passengers" into the gate areas. However, their check of this comes down to ensuring you have a piece of ID that matches the name on a piece of paper you bring from home.
To use an example from the story, you could have 20 people who are not travelers each smuggle a component of a bob through security (a portion of a liquid, ptex, etc.) and then give those components to a single flyer with a valid ticket (who would have presumably gone through security with NO contraband at all, so as not to burn his identity if he accidentally went through a line with an alert agent).
There is also the simple matter of basic vulnerability testing. If you have to spend $500 on a ticket to get a trip through the TSA line, it's very costly to test the edges of the system. If you can go through the line 4x per day at 3 different airport terminals, or multiple airports that are in close proximity to each other, then you can easily run 100 test scenarios in a week about how the lines are managed, processed, etc.
As an example, I travel frequently and don't like dealing with the full-body scanners. In most airports at the busy times they "randomly" select some passengers to just go through the metal detectors because the body-radiators are slow. With about 80% accuracy I can watch how the lines are being handled and time my fiddling around with items on the xray belt to be "randomly" selected to skip the full body scanner. It takes a few cycles of observation to start to see the patterns though.
1. Buy a plane ticket under someone else's name. Presumably yours is blocked/flagged due to the airlines being able to check the no-fly list.
2. Use that ticket to forge a boarding pass in your name. Use this, along with your official ID, at the security checkpoint. All the TSA does is read it and validate date/time/what the know of flights off the top of their head. Nothing in their setup validates your boarding pass against airline records or the no-fly list.
3. At the gate, hand them the original boarding pass. They'll check it against computer records, but won't bother to check your ID against the pass.
4. Congratulations, you've bypassed a critical portion of American airline security.
This, honestly, is most of why the recent "advanced screening" systems piss me off. Our current security measures are woefully ineffective because of these kinds of loopholes, but instead of plugging those loopholes we simply pile on more half-assed systems.
The no-fly list could be a great tool for us, if used properly. Instead it's nearly trivial to circumvent for the bad guys and an enormous pain in the ass for any honest person who happens to wander into a name conflict.
1: http://www.schneier.com/blog/archives/2006/10/nofly_list.htm...
2: http://www.schneier.com/blog/archives/2007/08/conversation_w...
The airlines have significant input into the TSA's processes. Why do you think they have never objected to this (especially given that it is basically a joke?)
The Department of Homeland Security's FY11 budget authority was around $56 bil. The TSA only accounted for 14% of that money. [1]
Just for perspective -- top 5 slices of DHS's FY11 pie: U.S. Customs and Border Protection (20%), U.S. Coast Guard (18%), Transportation Security Administration (14%), Federal Emergency Management Agency (12%), Immigration and Customs Enforcement (10%).
Don't get me wrong, I'm not a huge fan of the TSA... I think we all feel a little silly as grownups waiting around in a security line in our socks. But I don't think all the hand waving about "security theater" is really justified. And there are probably quite a few things that fall under "homeland security" that aren't so controversial. Disaster response? Maritime search and rescue? Enforcement of fisheries conservation regulations? Border protection?
[1] All numbers from DHS's "FY 2011 Budget in Brief"
Katrina showed many of the problems with FEMA, though it seems to have improved since then. I'm not sure why enforcement of fisheries conservation belongs under DHS, and as someone who does a good bit of offshore fishing I'm not very happy with they way they over-regulate/enforce on recreational fishermen who would have a hard time making a dent in most populations while (seemingly) turning a blind eye to commercial efforts destroying them.
Others I don't have any insight into, but it seems that DHS has mostly the creation of a huge number of bureaucrats who's major responsibilities involve insuring that the money allotted is spend so that the same or more can be requested for the next fiscal year, with the actual agencies under it getting a smaller piece of the pie and more barriers to actually doing work than before.
And your point is well taken about DHS (as a department), but administrative organization seems to me to be a completely different problem than sinister-sounding "security theater," which is how the article paints pretty much all efforts associated with "homeland security".
That presumes that "the U.S." means federal and state spending, and even over 10 years that plus the TSA budget is still only $850 billion, so I don't know how they tally the rest.
I was a kid the last time I flew before 9/11, but didn't they still use metal detectors back then?
(These steps work with Opera, I'm not sure about other browsers) 1. Go to print your boarding pass 2. View source 3. Modify any information (such as adding something to show First Class/A-List/etc) 4. Click Apply Changes to make the changes to the HTML show up in the page 5. Click Print
A perfect boarding pass with any information you want.
What could someone do that's on the watch list? By a ticket under an assumed name, then print out two boarding passes, one with their real name that matches their ID, then another with the assumed name.
Since the no-fly list check is only done when the ticket is purchased, use the real ID with real name boarding pass at security to get through (they won't check you against the list). At the gate, go ahead and give them the real boarding pass with the fake name (they won't check your ID at that point).
* I am in no way advocating that you do this, just that it's possible and demonstrates a weakness in security
I did read an article a while back that explained the TSA no-fly check procedures but I can't locate it.
The bill still comes to you, but that's on the credit card company's end.
From my point of view the point of multiple screenings is to increase the difficulty and complexity of pulling off a particular attack. Sure, individually you can think of a way to counter each one, but as you add constraints you reduce the pool of people willing and able to pull it off. (So now you need a person who wants to cause terror, who is willing to blow themselves up, who can forge simple documents, who remembered to wear latex gloves, who can act cool enough to avoid extra screenings when walking past guards with machine guns, etc, etc, etc). Sure some eliminate more than others, but you multiply enough .95s together and you get a small number.
These chances of passing these screenings aren't independent. They aren't just die rolls where a terrorist needs to roll 6 five times in a row for their plot to succeed. If they can improve their chances on one screening they can and will improve their chances on the rest (which was the point he was trying to make).
Now consider how much time and money is spent for each additional screening that's put into place, both for those putting it in place and the millions that have to jump through all the extra hoops each day to travel. Worth it?
The point was that multiple layers are only useful if they test different thing. I'm more inclined to believe that those two layers are "tantamount to performing the same test twice" because they can both be done before the fact, and planned for.
The problem about multiplying enough 0.95s together is the number of false positives that occur. The article mentions one, where an air marshal killed a deranged passenger in Miami. That's an extreme case. Hidden is the, what, 5 minutes needed for screening * 700 million passengers per year giving over 6,000 extra person-years wasted waiting on security every year.
One point I've read elsewhere is that successful Islamic terrorists are a single-use resource, what with their habit of killing themselves during the attack. This means all their terrorism skills are lost with the successful attack, and the pool of competent terrorists shrinks. Not to mention, the wealth of experience and on-the-ground information is lost as well.
I also don't think the people in charge at the TSA are so stupid as to not have considered that someone might alter a boarding pass.
I'm reminded of a post here a few weeks ago, I don't recall the subject exactly but I believe it quoted Henry Kissinger, who said until you are on the "inside" of these agencies, you have no idea of the things they know, and that many things that don't make any sense from an external viewpoint DO make sense once you have all the information.
I posited this idea to friends/family back in 2002: have a large number of geographically distributed attacks on salt/pepper/condiments at chain and independent restaurants around the country at the same time. Dozens/hundreds would get sick or die, and confidence in the food supply would be disrupted for weeks at minimum. "terror-proof" condiment dispensers would be developed, and required on flights (cause our anti-terrorists will still be focused on flying), and it would cost probably $500 in drugs to spike salt/pepper shakers around the country.
People thought I was crazy (or a terrorist), but I could swear I read of this being reported on (on a small scale) in 2005 or 2007 - Miami perhaps?
I found this: http://www.cbsnews.com/stories/2010/12/20/eveningnews/main71... but it's from 2010 and it's not what I was thinking about.
Apparently this was longer ago than I thought: 1986. Here's a link: http://www.nytimes.com/1986/09/19/us/batch-of-rite-aid-aspir...
No... I just can't find the story I'm thinking about now. All references to restaurant food poisoning are now coming up with that dec 2010 incident. :/
Their system makes sure you're supposed to be on the plane when they scan your boarding pass to get on the plane right?
http://www.theatlantic.com/magazine/archive/2008/11/the-thin...
If we want to see the TSA go away, start hassling the billionaires.
But airports are so passe anyway, TSA has moved onto buses, trains and now car searches, journalists are way behind.
Of course, I also hope the TSA, DHS, etc have more effective measures in place behind the scenes. I don't know if that's the case, but it would make sense to keep them secret.
And still I have to buy a special tiny tube of toothpaste for the safety of the nation.
