FBI raids creator of fake boarding pass generator – Homeland Stupidity
Exposing flaws in airport security by talking about them will get you watched closely by government agents. Hi, guys.Creating a compelling demonstration of just how stupid the federal government is, though, will get you a less-than-friendly visit from the Federal Bureau of Investigation, followed by a predawn raid the next day.
Christopher Soghoian created the Northwest Airlines Boarding Pass Generator to demonstrate flaws in the government’s implementation of airport security and the so-called no-fly list. A few short days later, on Friday, FBI agents visited him and, as he told it, handed him a “written order” to take down the site, and unfortunately, he did.
Then the FBI agents kept a federal judge awake until two in the morning to get a search warrant because Soghoian, in creating the site, supposedly engaged in “conspiracy to commit, or the commission of knowingly presenting a false and fictitious claim upon or against the United States, or any department or agency thereof,” according to the warrant.
I’m not even entirely sure what that means, or how this particular bit of security research qualifies as a federal crime. Earlier this week, Rep. Ed Markey (D-Mass.) had called for Soghoian to be arrested for putting up the site. Maybe he knows what it means.
Soghoian said he was shaken after the first FBI visit and spent the night elsewhere, and came home Saturday morning to find his door forced open, “a rather ransacked home, a search warrant taped to my kitchen table, a total absence of computers — and various other important things.”
It’s not that he’s trying to compromise airport security. It’s that he’s pointing out that airport security already is compromised, or, as his site used to read, “The TSA Emperor Has No Clothes.”
And it’s not that he’s some evil hacker or terrorist, either. He’s a fairly well known security researcher at Indiana University who has also done security work for Apple and Google. He obtained an M.S. in Security Informatics at Johns Hopkins University and is engaged in Ph.D. research at Indiana University. Earlier this year he created a new anti-phishing tool.
It’s also not like this particular security problem requires any particular technical skill. Anybody who can operate Microsoft Word could exploit this airport security problem.
So what we have is the FBI going after security researchers who are actually helping make us more secure. Apparently it’s perfectly fine to have bad airport security. After all, as long as nobody actually points out how bad the security is, then the security must be good! This is really how these people think.
This is also the mindset which let 19 terrorists hijack planes on September 11, 2001. The security was just as bad before 9/11 when it was heavily government regulated. Now that government controls it directly, it’s still just as bad. And these people want you to think that everything is all right.
Everything is not all right! Airport security sucks and it’s the government’s fault. It was the government’s fault on 9/11 and it is the government’s fault today.
And this completely misguided and probably illegal action by the FBI isn’t helping. (To get a search warrant like that, they would almost certainly have had to lie through their teeth to the judge.) In fact, it’s just covering up the problem.
This will not do.
We were right to get the FAA out of airport security after 9/11. They deserved their nickname of “Tomb Stone Agency.” Where we went wrong was in completely nationalizing it. Now we have a real Tomb Stone Agency. They even got the acronyms to match.
Instead, we should have gotten the government out of the airport security business, and turned it over to the airports, the airlines and the insurance companies, where it properly belongs in the first place. (See El Al for one possible example.) And you can be certain that until that happens, airport security will continue to have truck-sized holes in it, needlessly inconveniencing millions of innocent people while letting through the bad guys.
You can also be sure that complete idiots like Rep. Ed Markey and the FBI will continue to harass anybody who points out that the emperor has no clothes, while the terrorists laugh at us for destroying ourselves from within.
io_error does his usual bang up job reporting this at Homeland Security and it really is a case of their stupidity. I don’t understand how the FBI was able to convince a judge to raid a public researcher like Mr. Soghoian. I’m looking forward to the lawsuit for unlawful search and seizure, or since they got a search warrant are they therefore blameless?
As for the security issue, I thought of it also when I started seeing such forms. As long as the form’s barcode works, few bother to read farther. Any receipt or form can be adjusted once you have it on your PC. One reason why some suggest passworded PDFs (ie. editing locked) be used instead, then at least it would be harder to edit them and they’d have the semblance of security.
Tags: Interesting, News, Oddities, Politics, Security, Technology
