Sunday, December 17, 2006

Your Homeland, Less Secure, Redux

There is, as the article points out, a certain Pirandelloesque quality to the Department of Homeland Security:
In late October, Christopher Soghoian, a Ph.D. student in the School of Informatics at Indiana University, found his attention wandering during a lecture in his Cryptographic Protocols class. While sitting in class, he created a Web site he called “Chris’s Northwest Airlines Boarding Pass Generator.”

A visitor to the site could plug in any name, and Mr. Soghoian’s software would create a page suitable for printing with a facsimile of a boarding pass, identical in appearance to one a passenger who had bought a Northwest Airlines ticket would generate when using the airline’s at-home check-in option.

The fake pass could not be used to actually board a plane — boarding passes are checked at the gate against the roster of ticket buyers in the airline’s database — but it could come in handy for several other purposes, Mr. Soghoian suggested, such as passing through airport security so you could meet your elderly grandparents at the gate.

Or, as he told his site’s visitors, it could “demonstrate that the T.S.A. Boarding Pass/ID check is useless.” It worked well, indeed.
In other words, Sohogoian basically put up a "fill-in-the-blanks" scan of a Northwest Airlines boarding pass.

Naturally, once word of his hoax got around, there was a certain...consternation...amongst the DHS and the FBI. Who, I mean, who could possibly have thought up such an unique and terrifying idea? To scan an actual boarding pass, and alter a legitimate one so that anyone could present it at an airport security gate, and pass?

Um, I dunno...anyone who's ever scanned a hundred dollar bill and then printed counterfeit versions of it? I would have assumed that the Secret Service was under the umbrella of the DHS and thus forced to share such information (the Secret Service having been originally part of the Department of Treasury, hence in charge of counterfeiting), but apparently not.

Meanwhile, the dunderheads at DHS are more concerned with...ID cards.
The root problem, as some experts see it, is the T.S.A.’s reliance on IDs that are so easily obtained under false pretenses. “It would be wonderful if Osama bin Laden carried a photo ID that listed his occupation of ‘Evildoer,’ ” permitting the authorities to pluck him from a line, Mr. Schneier said. “The problem is, we try to pretend that identity maps to intentionality. But it doesn’t.”

Woe to him or her who happens to have a name identical to someone else deemed a possible menace to society and who finds, upon check-in, that the no-fly list places one’s own name by Mr. bin Laden’s. When a terror suspect’s alias using the Kennedy name appeared on the list, gate agents blocked Senator Edward M. Kennedy of Massachusetts from boarding in Washington. And Boston. And Palm Beach, Fla. And New York. Each time, supervisors interceded on his behalf, but only because of his status as an elected official.
Admittedly, a lot more inconvenient to Mr. Kennedy than to the terrorists, who would just pony up a few hundred...well, maybe thousand...for a new fake ID. It's not like they just have to fool the barely-up-from-acne clerk at the liquor store.

Catching terrorists, despite the Bush administration's mantra of "fahtin' 'em 'ere, so's we dunnit haff ta faht 'em hyar", is a matter of criminology, not warfare. Good police work, like training more plainclothes security agents who observe the behavior of people in public places, or more agents trained in Farsi to infiltrate known terrorist-sympathetic groups (like some charities which funnel money to Al Qaeda and Hamas and Hizbollah...this worked wonders against the IRA in England), and plain-old "connect the dots thinking" like the kind Colleen Rowley did before September 11, finding Moussaoui in a flight school and realizing he might be up to no good, that's what is going to stop the next terror attack, which is coming.

It's only a matter of time, not a matter of if.

tags technorati :