In case you’ve not heard:
Friday
wiredSecurity researcher Christopher Soghoian created the Northwest Airline Boarding Pass Generator in the hope of spurring Congress to look closely at the nation’s aviation security policies, which he calls “security theater.”
The site lets anyone create a facsimile of a Northwest Airlines boarding pass, with whatever name they choose.
On Friday, Congress heard Soghoian’s message loud and clear. But instead of promising to reform broken airport security procedures, Rep. Edward Markey (D- Massachusetts), a member of the House Homeland Security committee known for his defenses of privacy, wants the site shut down and Soghoian arrested.
[…]
In reality, the “loophole” is nothing new. Security expert Bruce Schneier wrote about it in 2003, and the online magazine Slate covered it as major news in 2005. Soghoian points out that Sen. Chuck Schumer (D-New York) publicized the same security hole in April 2006. “Perhaps Sen. Schumer will end up being my cellmate,” Soghoian said.
Soghoian, a Ph.D. student at Indiana University, says he has never used one of the fake boarding passes, which are likely good enough to get someone through airport security into the “sanitized” area of the airport, but not good enough to get anyone on a plane. He was waiting for clearance from lawyers at Indiana University before attempting to test if the method worked to get through security.
[…]
Even if Soghoian’s site is shut down, any boarding pass purchased over the web can still be easily edited in any browser. That means fliers can buy a legitimate ticket through an airline’s website under a false name — evading the TSA’s no-fly list — then use a fake boarding pass under their real name to get past airport metal detectors, the only spot where IDs are checked. Fliers prone to selection for additional screening could also create boarding passes without the “SSSS” mark that tells TSA to search them more thoroughly.
Sunday
blogsCongressman Edward Markey (D-Mass) no longer believes the government should arrest Christopher Soghoian, and instead says the Department of Homeland Security should the Indiana University Ph.D student to work “showing public officials how easily our security can be compromised.”
On Friday, Markey, a senior member of the House Homeland Security Committee, called for the administration to shut down the fake boarding pass generator and “apprehend” Soghoian, who says he built the site to publicize a vulnerability in airport security, not to help would-be terrorists.
The FBI shut the site down on Friday and raided Soghoian’s house early Saturday morning.
Markey announced his change of heart Sunday morning in a press release:
On Friday I urged the Bush Administration to ‘apprehend’ and shut down whoever had created a new website that enabled persons without a plane ticket to easily fake a boarding pass and use it to clear security, gain access to the boarding area and potentially to the cabin of a passenger plane. Subsequently I learned that the person responsible was a student at Indiana University, Christopher Soghoian, who intended no harm but, rather, intended to provide a public service by warning that this long-standing loophole could be easily exploited. The website has now apparently been shut down.Under the circumstances, any legal consequences for this student must take into account his intent to perform a public service, to publicize a problem as a way of getting it fixed. He picked a lousy way of doing it, but he should not go to jail for his bad judgment. Better yet, the Department of Homeland Security should put him to work showing public officials how easily our security can be compromised.
Hmmm. They can be taught? Won’t help the guy, though.
Main website: http://slightparanoia.blogspot.com/.
Leave a Reply