Showing posts with label TSA incompetence. Show all posts
Showing posts with label TSA incompetence. Show all posts

Sunday, July 03, 2011

TSA security loophole exploited

As this blog has reported on multiple prior occasions (in 2006, 2008, and 2009, at the very least), the fact that U.S. airport security separates the checking of the boarding pass by TSA from the use of a boarding pass to check in to board makes it easy to get through security with a boarding pass that matches your ID while flying under a boarding pass on a ticket purchased in a different name.

Now, as The Economist (July 2, 2011) reports, Olajide Oluwaseun Noibi, a 24-year-old Nigerian American, has been arrested after successfully doing something along these lines to fly around the country, apparently on multiple occasions.  Only Noibi wasn't even using boarding passes valid for the flights he was on--he was caught with a boarding pass in another person's name for a flight from a day prior.  And he wasn't caught because the boarding pass was detected at check-in--he had already successfully boarded the flight and was seated.  He was only caught because of his extreme body odor and a fellow passenger complained, which led to his boarding pass being checked and found to be invalid.

Friday, November 14, 2008

Criminal activity by air marshals

Looks like the air marshals have a problem similar to the TSA and the Border Patrol:
Shawn Nguyen bragged that he could sneak anything past airport security using his top-secret clearance as a federal air marshal. And for months, he smuggled cocaine and drug money onto flights across the country, boasting to an FBI informant that he was "the man with the golden badge."
Michael McGowan used his position as an air marshal to lure a young boy to his hotel room, where he showed him child porn, took pictures of him naked and sexually abused him.
And when Brian "Cooter" Phelps wanted his ex-wife to disappear, he called a fellow air marshal and tried to hire a hit man nicknamed "the Crucifixer."
Since 9/11, more than three dozen federal air marshals have been charged with crimes, and hundreds more have been accused of misconduct, an investigation by ProPublica, a non-profit journalism organization, has found. Cases range from drunken driving and domestic violence to aiding a human-trafficking ring and trying to smuggle explosives from Afghanistan.
More details at USA Today.

UPDATE (8 March 2015): Another air marshals scandal:
What began as an internal investigation into allegations of harassment and threats stemming from a spat between ex-lovers has expanded into a criminal inquiry focused on the Federal Air Marshal Service’s dispatch hub in Herndon, Virginia. More than 60 federal employees are under scrutiny as investigators look into whether flights considered at risk of hijacking or a terrorist attack were left without marshals on board, sources with knowledge of the investigation told Reveal.

Saturday, October 18, 2008

TSA airport security is a waste of time and money

Jeffrey Goldberg explains why in The Atlantic. The check for whether you're on the no-fly list is at the time of ticket purchase and check-in; there is no validation of your actual ticket against your ID at the TSA checkpoint (you can easily print and use a fake boarding pass at the TSA checkpoint); there is no check of ID when you board the plane. The checks for substances and items at the TSA checkpoint are easily subverted, with the restrictions on liquids probably the most absurd and pointless.

We're throwing away billions of taxpayer dollars per year on security theater.

(Hat tip to John Lynch.)

(Previously, previously, previously, previously, previously, previously.)

Saturday, March 15, 2008

Terrorist watch list grows past 700,000 names

The ACLU reports that the Terrorist Screening Center's watch list reached 700,000 names in September 2007, and is adding 20,000 new names per month. "At that rate, our list will have a million names on it by July. If there were really that many terrorists running around, we'd all be dead."

Names on the list include:

Robert Johnson
Alexandra Hay
Evo Morales (president of Bolivia)
Saddam Hussein (dead former dictator of Iraq)
the 9/11 hijackers (all still dead)
Gary Smith
John Williams
Edward Kennedy (Massachusetts Senator)
John Lewis (U.S. Rep. from Georgia)
Daniel Brown (U.S. soldier detained on way home from Iraq)
James Moore (author of book critical of Bush administration)
Catherine ("Cat") Stevens (wife of Sen. Ted Stevens)
Yusuf Islam (formerly known as Cat Stevens)
Vernon Lewis (retired Major General, U.S. Army)
Robert Campbell (U.S. Navy, retired)
David Nelson
John William Anderson
Don Young (U.S. Rep. from Alaska)

The whole idea of checking names for flight screening is nearly pointless, since terrorists are capable of getting fake ID. It's absolutely idiotic to have extremely common names on the list and subject everyone who happens to have a common name to extra screening every time they fly. The right way to do screening is to use mechanisms like randomly subjecting people to extra screening and to have people undercover trained to identify suspicious behavior in the terminal--and to use multiple mechanisms that are randomly changed from day to day, so that security measures tested on one day will not be the exact measures in place on a later day.

UPDATE (March 18, 2008): Note that the no-fly list is a subset of the terrorist watch list. The former is what I criticize in the last paragraph. An FBI audit has stated that the information the FBI supplies for the terrorist watch list is "outdated and inaccurate."

Wednesday, March 14, 2007

Are you on the TSA no-fly list?

Check it out here. I'm not on the list, but my 13-year-old nephew is, due to his common last name.

(Via Bruce Schneier's Blog.)

Monday, March 05, 2007

Inside the TSA

Barbara Peterson took a job as a TSA screener and has written an interesting description of her experience for Conde Nast Traveler. She blames TSA's incompetence not on the individual screeners (who are generally doing as well as they could be hoped to under the demands of the job) but on Congress.

Tuesday, February 20, 2007

TSA continues to demonstrate incompetence

A web page on the TSA's website for travelers "who were told you are on a Federal Government Watch List" displays evidence of being a phishing site--it's probably not, it's just so badly done that it looks like a hacked web site that's submitting its details to an unrelated third party.

TSA responded that "We are aware there was an issue and replaced the site. The issue has been fully addressed. We take IT responsibilities seriously. There never a vulnerability; just a small glitch."

The full story may be found at Wired Blogs, which points out fifteen features that make the TSA form submission site look dangerous.

Also check out this comment at Christopher Soghoian's blog:
This may be surprising to hear: I am an employee at a major airline and I just recieved an e-mail that said we now have access to the TSA no-fly list, selectee list, and cleared list. I just accessed it and found it to contain thousands of names, DOB, SSN#s, drivers licesense #'s, military ID #'s, addresses, and even home phone #'s. The TSA just made this list and all of this information readily available to thousands of employees at my airline (and probably others). I think that previously this list was only available to ticket agents, but now it is available to every employee.
I find it quite disturbing that any airline employee has access to this information, and that many of the ppl on the cleared list have to give up there SSN# and other information.
Nice.

(Hat tip to Bruce Schneier's blog.)

Wednesday, December 20, 2006

NY Times: Theater of the Absurd at the TSA

The December 17 New York Times has a great article on airport security, with quotes from Bruce Schneier and Matt Blaze. A few key paragraphs:
The root problem, as some experts see it, is the T.S.A.’s reliance on IDs that are so easily obtained under false pretenses. “It would be wonderful if Osama bin Laden carried a photo ID that listed his occupation of ‘Evildoer,’ ” permitting the authorities to pluck him from a line, Mr. Schneier said. “The problem is, we try to pretend that identity maps to intentionality. But it doesn’t.”
...

WHEN I asked Mr. Schneier of BT Counterpane what he would do if he were appointed leader of the T.S.A., he said he would return to the basic procedures for passenger screening used before the 2001 terrorist attacks, which was designed to do nothing more ambitious than “catch the sloppy and the stupid.”

He said he would also ensure that passengers’ bags fly only if the passenger does, improve emergency response capabilities and do away entirely with ID checks and secret databases and no-fly and selectee lists. He added that he would shift funds into basic investigation and intelligence work, which he believes produces results like the arrests of the London bomb suspects. “Put smart, trained officers in plainclothes, wandering in airports — that is by far the best thing the T.S.A. could do,” he said.

Hat tip: Bruce Schneier's blog.

Tuesday, October 31, 2006

TSA Fails Screening Tests, Looks for Who Leaked the Results

The TSA badly failed a recent set of tests at Newark's Liberty Airport. TSA screeners missed 90% of the guns and explosives that testers put through the system. TSA's response? Immediate action to try to find out who leaked the results.

(Via Bruce Schneier's blog.)

Sunday, October 29, 2006

Point out the obvious, get raided by the FBI

Security researcher Chris Soghoian, a graduate student at Indiana University's School for Informatics and an intern at Google, set up a website that functions as a boarding pass generator for Northwest Airlines. The site contained a form that allowed you to fill in name, flight number, destination, and all of the other information on a boarding pass, and would display a boarding pass that would be indistinguishable from the real thing at the TSA security checkpoints.

He pointed out that the identity check at the TSA checkpoint amounts to nothing more than a comparison between the name on a picture ID and the name on a boarding pass, and that this provides no security whatsoever. I'm not sure what threat this check is even supposed to be trying to mitigate. At best, it is an attempt to piggy-back on the check against the no-fly list (which is itself a complete joke) that is performed by the airlines when you purchase a ticket, but clearly that fails as his boarding pass generator is one of several ways to create a boarding pass in a name other than your own--including modifying the displayed text generated by any airline's online site or even purchasing a ticket in any name you choose. The latter was displayed vividly by a couple of guys who purchased tickets in the names of "Al Kyder" and "Terry Wrist" (link includes video).

In my opinion, the only actual purpose served by checking for a valid boarding pass at the TSA checkpoint is to reduce the number of people passing through the checkpoint in order to most efficiently make use of security resources. It does not otherwise have any effect on security; it provides no deterrent to an attacker. It is not effective in screening out those with malicious intent, and it is not even effective in verifying identity.

Congressman Ed Markey (D-MA) has called for Chris Soghoian to be arrested. He was visited and interrogated by the FBI, then went to stay at his parents' house. Friday night, the FBI broke their way into his apartment, seized his computers, and generally trashed his place.

Lesson: Point out U.S. security weaknesses, and you will be punished. Those responsible for the weaknesses and idiocy of U.S. "security theater," however, will not be held accountable.

This is one of the rare times when Michelle Malkin actually says something correct.

Other coverage: Jim Harper, author of the excellent book Identity Crisis, at the Technology Liberation Front and at Cato@Liberty (this post does a good job of pointing out the problems with the TSA identity check). Bruce Schneier, at his blog. And there's some rather good coverage in multiple posts at BoingBoing.

The problem that Soghoian pointed out was previously described in February 2005 on Slate.com by Andy Bowers, and in 2003 by Bruce Schneier in his Crypt-o-Gram newsletter.

So yes, Kip Hawley is still an idiot.

UPDATE (November 2, 2006): Bruce Schneier has written a detailed description of the flaw in the security design of the TSA identity check, and makes the same point that even if the flaw is corrected it doesn't add any real security because it's just a check of the no-fly list.

Thursday, October 19, 2006

Innocent torture victim still on no-fly list

Maher Arar, a Canadian (born in Syria) who was arrested by the U.S. and sent to Syria where he was tortured as a result of the RCMP's erroneous labeling of him as someone associated with al Qaeda, was unable to receive a human rights award in Washington, D.C. because his name is still on the TSA no-fly list. Arar currently has a lawsuit pending in Canada against the RCMP.
(Also see the Wikipedia entry on Arar.)

This is further evidence of the TSA's failure to competently maintain the no-fly list.

UPDATE (October 20, 2006): Ed Brayton has discussed this story today.

UPDATE (January 23, 2007): The U.S. Attorney General and head of Homeland Security are both insisting that Arar remain on the no-fly list for reasons which they have disclosed only to officials in Canada. The Canadians don't think those reasons make any sense. My guess is that they think somebody they sent off to be tortured might have a beef with the people who did it to him.

Thursday, October 05, 2006

The U.S. no-fly list is a joke

Steve Kroft of 60 Minutes has obtained a copy of the no-fly list being used for airline passenger screening.

The list includes people who are not a threat (like Evo Morales, president of Bolivia, Saddam Hussein, and 14 of the 19 dead 9/11 hijackers). It includes numerous common names that are useless for screening purposes--Gary Smith, John Williams, and Robert Johnson are on the list. Kroft spoke with 12 Robert Johnsons, and all of them said they are detained almost every time they try to fly.

Worse yet, it doesn't include the names of some of the most dangerous living terrorists:
The 11 British suspects recently charged with plotting to blow up airliners with liquid explosives were not on it, despite the fact they were under surveillance for more than a year.

The name of David Belfor who now goes by Dahud Sala Hudine, is not on the list, even though he assassinated someone in Washington, D.C., for former Iranian leader Ayatollah Khomeini. This is because the accuracy of the list meant to uphold security takes a back seat to overarching security needs: it could get into the wrong hands. "The government doesn't want that information outside the government," says Cathy Berrick, director of Homeland Security investigations for the General Accounting Office.
I'd say that particular name is well known outside of the government now, Ms. Berrick.

The TSA has allegedly been trying to fix the list for three years, spending $144 million to do so, but there is "nothing tangible yet."

This is staggering incompetence. Kip Hawley is still an idiot.

UPDATE (October 5, 2006): I second Tim Lee's recommendation of Jim Harper's commentary on what's wrong with watch lists.

Saturday, September 30, 2006

Kip Hawley is an idiot

Ryan Bird wrote "Kip Hawley is an idiot" on his clear plastic bag of toiletries that he was carrying through a TSA security checkpoint at Milwaukee's General Mitchell International Airport. Kip Hawley is the head of the Transportation Security Administration.

Bird writes:
At the MKE "E" checkpoint I placed my laptop in one bin, and my shoes, cell phone and quart bag in a second bin. The TSA guy who was pushing bags and bins into the X-ray machine took a good hard look, and then as the bag when though the X-ray I think he told the X-ray operator to call for a bag check/explosive swab on my roller bag to slow me down. He went strait to the TSA Supervisor on duty and boy did he come marching over to the checkpoint with fire in his eyes!

He grabbed the baggie as it came out of the X-ray and asked if it was mine. After responding yes, he pointed at my comment and demanded to know "What is this supposed to mean?" "It could me a lot of things, it happens to be an opinion on mine." "You can't write things like this" he said, "You mean my First Amendment right to freedom of speech doesn't apply here?" "Out there (pointing pass the id checkers) not while in here (pointing down) was his response."

At this point I chuckled, just looking at him wondering if he just realized how foolish that comment was, but I think my laugh pushed him over the edge as he got really angry at this point. A Milwaukee County Sheriffs deputy was summoned - I would have left at this point, but he had my quart bag with my toothpaste and hair gel.

When the deputy got over the TSA supervisor showed him the bag and told him what had happened to that point. After he had finished I started to remind him he had left out his statement that my First Amendment rights didn't apply "here" but was cut off by the deputy who demanding my ID. I asked if I was under arrest, and his response was "Right now you are not under arrest, you are being detained." I produced my passport and he walked off with it and called in my name to see if I had any outstanding warrants, etc. The TSA supervisor picked up the phone about 20 feet away and called someone? At this point two more officers were near by and I struck up a conversation with the female officer who was making sure I kept put. I explained to her who Kip Hawley was, why I though he was an idiot, and my surprise that the TSA Supervisor felt my First Amendment rights didn't' apply at the TSA checkpoint. She didn't say much.

After he was assured I didn't have any warrants out the first office came back and I had my first chance to really speak, I explained that I was just expressing my opinion and my writing should be protected my by First Amendment rights. When he didn't respond, I then repeated that the TSA Supervisor stated my First Amendment rights didn't apply at the TSA check point and I asked if he (the deputy) agreed that was the case. He responded by saying "You can't yell fire in a crowed theater, there are limits to your rights.

At this point I chucked again.

I asked how this was even remotely like shouting "Fire" in a crowd, and his answer was "Perhaps your comments made them feel threatened."

At about this point the TSA Supervisor finished up his phone call, and summoned the officer back over. They talked for about 2 minutes, and then both came back over. The officer pulled out his pad and asked for my address and I asked why he needed it. "For the report I have to file since I was summoned here" I started to give it, when I noticed the TSA Supervisor was writing it down as well, so I stopped and asked why he needed it. He said he needed to file an incident report too, and I took the opportunity to ask what the resolution of the incident was, did I do anything wrong? Are you going to ask the officer to arrest me? He said no, I was free to go, but he was going to confiscate my bag. I asked "If I did nothing wrong, why would you take my bag" He pointed to a posted sign that said something about reusing plastic bags (the MKE TSA was providing quart sized zipper bags to pax today) I let him know that I had brought my bag from home and would not be letting him take it. He then asked for permission of photograph it, which I agreed too.

While he walked away to get the camera I finished giving my address to the deputy, and he told my "You're free to go" Total time, about 25 minutes.
Hat tip to Tim Lee at the Technology Liberation Front.

CNN's given coverage to the story. Also see kiphawleyisanidiot.com.

Monday, August 14, 2006

Travel with liquids--the viscosity test

In Stephen Colbert's discussion of the liquids he takes with him while traveling (on YouTube), he asked whether custard is a liquid. A USA Today "Today in the Sky" blog entry on "Putting TSA to the viscosity test" reported on the author's experiment to see what she would be forced to discard. She carried a number of items in her bag to the screening area at the Baltimore airport for a flight to St. Louis on Friday night. The items were a container of Silk soy milk, Edge shaving gel, Ban deodorant, a small container of yogurt, a sealed two-pack of Advil capsules (gel caps), some makeup items, and a packet of mustard (see photo).

She was only required to discard the soy milk, one of the makeup items, and one other item (the mustard?).

I don't remember the details and cannot verify them because USA Today has removed the blog post, probably on the grounds that it encourages readers to test the limits of security screening. But shouldn't the rules about what is permitted be clear?

Is water in a frozen state permitted?

Are there any beverages or food items which have the properties of being thixotropic (solid until shaken) or rheopectic (temporarily solid after being shaken)? There's now (at least temporarily) a market...

Saturday, August 12, 2006

Naked air travel

CNN:
Tisha Presley, bound for Fort Bragg, North Carolina, hurriedly sipped from her bottled water before going through security at the Atlanta airport.

"I assume before too long we'll be naked on the plane -- and that's fine with me," she said.
My wife Kat jokingly suggests that TSA require passengers to change into TSA-provided unitards, returned for cleaning and reuse upon arrival at the destination.

Of course, the real question is whether air travel continues to be economically viable under high levels of travel restrictions without completely transforming the industry's business model.

One thing for sure--the level of restrictions currently imposed in the UK will provide incentives for telecommuting and audio and video conferencing, which are services provided by the company which employs me, Global Crossing.

Saturday, March 18, 2006

21 airports fail bomb screening test

Investigators for the General Accountability Office conducted tests at 21 airports to test screeners' ability to detect bomb components powerful enough to blow up the trunk of a car. They successfully got the parts past security screening at all 21 airports.

The TSA responded by saying that the tests "failed to consider the full array of air travel security measures." That response doesn't seem to be to the point--the parts were successfully smuggled past security checkpoints, meaning that there was no effective countermeasure in place.

Saturday, November 19, 2005

Freedom Summit: Technological FUD

Sunday morning's first session was by Stuart Krone, billed as a computer security expert working at Intel. Krone, wearing a National Security Agency t-shirt, of a type sold at the National Cryptologic Museum outside Ft. Meade, spoke on the subject "Technology: Why We're Screwed." This was a fear-mongering presentation on technological developments that are infringing on freedom, mostly through invasion of privacy. The talk was a mix of fact, error, and alarmism. While the vast majority of what Krone talked about was real, a significant number of details were distorted or erroneous. In each case of distortion or error, the distortions enhanced the threat to individual privacy or the malice behind it, and attributed unrealistic near-omniscience and near-omnipotence to government agencies. I found his claim that the NSA had gigahertz processors twenty years before they were developed commercially to be unbelievable, for example. He also tended to omit available defenses--for instance, he bemoaned grocery store loyalty programs which track purchases and recommended against using them, while failing to note that most stores don't check the validity of signup information and there are campaigns to trade such cards to protect privacy.

Krone began by giving rather imprecise definitions for three terms: convenience, freedom, and technology. For convenience, he said it is something that is "easy to do," freedom is either "lack of coercion" or "privacy," and technology is "not the same as science" but is "building cool toys using scientific knowledge." While one could quibble about these definitions, I think they're pretty well on track, and that a lack of society intrusion into private affairs is a valuable aspect of freedom.

Krone then said that the thesis of his talk is to discuss ways in which technology is interfering with freedom, while noting that technology is not inherently good or evil, only its uses are.

He began with examples of advancements in audio surveillance, by saying that private corporations have been forced to do government's dirty work to avoid Freedom of Information Act issues, giving as an example CALEA (Communications Assistance for Law Enforcement Act) wiretaps. He stated that CALEA costs are added as a charge on your phone bill, so you're paying to have yourself wiretapped. He said that CALEA now applies to Voice Over IP (VOIP), including Skype and Vonage, and that the government is now tapping all of those, too. Actually, what he's referring to is that the FCC issued a ruling on August 5, 2005 on how CALEA impacts VOIP which requires providers of broadband and VOIP services which connect to the public telephone network to provide law enforcement wiretap capability within 18 months. There is no requirement for VOIP providers which don't connect to the public telephone network, so the peer-to-peer portion of Skype is not covered (but SkypeIn and SkypeOut are). This capability doesn't exist in most VOIP providers' networks, and there is strong argument that the FCC doesn't have statutory authority to make this ruling, which is inconsistent with past court cases--most telecom providers are strongly opposing this rule. The Electronic Frontier Foundation has an excellent site of information about CALEA.

Krone next talked about the ability to conduct audio surveillance on the inside of the home using 30-100 GHz microwaves to measure vibrations inside the home. This is real technology for which there was a recent patent application.

He raised the issue of cell phone tracking, as is being planned to use for monitoring traffic in Kansas City (though he spoke as though this was already in place--this was a common thread in his talk, to speak of planned or possible uses of technology as though they are already in place).
(This is actually currently being used in Baltimore, MD, the first place in the U.S. to use it.)

He spoke very briefly about Bluetooth, which he said was invented by Intel and other companies (it was invented by Ericsson, but Intel is a promoter member of the Bluetooth Special Interest Group along with Agere, Ericsson, IBM, Microsoft, Motorola, Nokia, and Toshiba). He stated that it is completely insecure, that others can turn on your phone and listen to your phone's microphone, get your address book, and put information onto your phone. While he's quite right that Bluetooth in general has major security issues, which specific issues you may have depend on your model of phone and whether you use available methods to secure or disable Bluetooth features. Personally, I won't purchase any Bluetooth product unless and until it is securable--except perhaps a device to scan with.

Next, Krone turned to video surveillance, stating that in addition to cameras being all over the place, there are now cameras that can see through walls via microwave, that can be used by law enforcement without a search warrant, which hasn't been fully decided by the courts yet. I haven't found anything about microwave cameras that can see through walls, but this sounds very much like thermal imaging, which the Supreme Court has addressed. In Kyllo v. U.S. (533 U.S. 27, 2001) it was ruled that the use of a thermal imaging device to "look through walls" constituted a search under the Fourth Amendment and thus requires a search warrant. Scalia, Souter, Thomas, Ginsburg, and Breyer ruled with the majority; Stevens, Rehnquist, O'Connor, and Kennedy dissented.

Krone briefly mentioned the use of "see through your clothes" X-ray scanners, stating that six airports are using them today. This technology exists and is in TSA trials, and was actually tested at a Florida airport back in 2002. A newer, even more impressive technology is the new Tadar system unveiled in Germany in mid-October 2005.

He addressed RFIDs, and specifically RFIDs being added to U.S. passports in 2006, and some of the risks this may create (such as facilitating an electronic "American detector"). This is a real threat that has been partially addressed by adding a radio shielding to the passport to prevent the RFID from being read except when the passport is open. As Bruce Schneier notes, this is not a complete safeguard. Krone also stated that there is a California bill to put RFIDs in cars, with no commercial justification, just to "know where everyone is and what they have with them at all times." I'm not aware of the bill he is referring to, but the use of transponders in cars for billing purposes for toll roads is a possible commercial justification.

He spoke about the laser printer codes that uniquely identify all documents printed by certain laser printers, which have been in place for the last decade and were recently exposed by the Electronic Frontier Foundation and reported in this blog (Krone mistakenly called it the "Electronic Freedom Foundation," a common mistake). He also briefly alluded to steganography, which he wrongly described as "the art of hiding information in a picture." While hiding a message in a picture is one form of steganography, what is characteristic of steganography is that it is hiding a message in such a way as to disguise the fact that a message is even present.

He then went on to talk about Intel's AMT product--"Advanced Management Technology." This is a technology that allows computers to be remotely rebooted, have the console redirected, obtain various information out of NVRAM about what software is installed, and to load software updates remotely, even if the system is so messed up that the operating system won't boot. This is a technology that will be extremely useful for large corporations with a geographically dispersed work force and a small IT staff; there is similar technology from Sun Microsystems in their Sun Fire v20z and v40z servers which allows remote access via SSH to the server independent of the operating system, which allows console port and keyboard access, power cycling of the server, etc. This is technology with perfectly legitimate uses, allowing the owner of the machine to remotely deal with issues that would previously have required either physically going to the box or the expense of additional hardware such as a console server.

Krone described AMT in such a way as to omit all of the legitimate uses, portraying it as a technology that would be present on all new computers sold whether you like it or not, which would allow the government to turn your computer on remotely, bypass all operating system security software including a PC firewall, and take an image of your hard drive without your being able to do anything about it. This is essentially nonsensical fear-mongering--this technology is specifically designed for the owner of the system, not for the government, and there are plenty of mechanisms which could and should be used by anyone deploying such systems to prevent unauthorized parties from accessing their systems via such an out-of-band mechanism, including access control measures built into the mechanisms and hardware firewalls.

He then went on to talk about Digital Rights Management (DRM), a subject which has been in the news lately as a result of Sony BMG's DRM foibles. Krone stated that DRM is being applied to videos, files, etc., and stated that if he were to write a subversive document that the government wanted to suppress, it would be able to use DRM to shut off all access to that file. This has DRM backwards--DRM is used by intellectual property owners to restrict the use of their property in order to maximize the potential paying customer base. The DRM technologies for documents designed to shut off access are intended for functions such as allowing corporations to be able to guarantee electronic document destruction in accordance with their policies. This function is a protection of privacy, not an infringement upon it. Perhaps Krone intended to spell out a possible future like that feared by Autodesk founder John Walker in his paper "The Digital Imprimatur," where he worries that future technology will require documents published online to be certified by some authority that would have the power to revoke it (or revoke one's license to publish). While this is a potential long-term concern, the infrastructure that would allow such restrictions does not exist today. On the contrary, the Internet of today makes it virtually impossible to restrict the publication of undesired content.

Krone spoke about a large number of other topics, including Havenco, Echelon, Carnivore/DCS1000, web bugs and cookies, breathalyzers, fingerprints, DNA evidence, and so on. With regard to web bugs, cookies, and malware, he stated that his defense is not to use Windows, and to rely on open source software, because he can verify that the content and function of the software is legitimate. While I hate to add to the fear-mongering, this was a rare instance where Krone doesn't go far enough in his worrying. The widespread availability of source code doesn't actually guarantee the lack of backdoors in software for two reasons. First, the mere availability of eyeballs doesn't help secure software unless the eyeballs know what to look for. There have been numerous instances of major security holes persisting in actively maintained open source software for many years (wu-ftpd being a prime example). Second, and more significantly, as Ken Thompson showed in his classic paper "Reflections On Trusting Trust" (the possibility of which was first mentioned in Paul Karger and Roger Schell's "Multics Security Evaluation" paper), it is possible to build code into a compiler that will insert a backdoor into code whenever a certain sequence is found in the source. Further, because compilers are typically written in the same language that they compile, one can do this in such a way that it is bootstrapped into the compiler and is not visible in the compiler's source code, yet will always be inserted into any future compilers which are compiled with that compiler or its descendants. Once your compiler has been compromised, you can have backdoors that are inserted into your code without being directly in any source code.

Of the numerous other topics that Krone discussed or made reference to, there are three more instances I'd like to comment on: MRIs used as lie detectors at airport security checkpoints, FinCen's monitoring of financial transactions, and a presentation on Cisco security flaws at the DefCon hacker conference. In each case, Krone said things that were inaccurate.

Regarding MRIs, Krone spoke of the use of MRIs as lie detectors at airport security checkpoints as though they were already in place. The use of fMRI as a lie detection measure is something being studied at Temple University, but is not deployed anywhere--and it's hard to see how it would be practical as an airport security measure. Infoseek founder and Propel CEO Steve Kirsch proposed in 2001 using a brainscan recognition system to identify potential terrorists, but this doesn't seem to have been taken seriously. There is a voice-stress analyzer being tested as an airport security "lie detector" in Israel, but everything I've read about voice stress analysis is that it is even less reliable than polygraphs (which themselves are so unreliable that they are inadmissible as evidence in U.S. courts). (More interesting is a "stomach grumbling" lie detector...) (UPDATE March 27, 2006: Stu Krone says in the comments on this post that he never said that MRIs were being used as lie detectors at airport security checkpoints. I've verified from a recording of his talk that this is my mistake--he spoke only of fMRI as a tool in interrogation.)

Regarding FinCen, the U.S. Financial Crimes Enforcement Network, Krone made the claim that "FinCen monitors all transactions" and "keeps a complete database of all transactions," and that for purchases made with cash, law enforcement can issue a National Security Letter, including purchases of automobiles. This is a little bit confused--National Security Letters have nothing specifically to do with financial transactions per se, but are a controversial USA PATRIOT Act invention designed to give the FBI the ability to subpoena information without court approval. I support the ACLU's fight against National Security Letters, but they don't have anything to do with FinCen. Krone was probably confused by the fact that the USA PATRIOT Act also expanded the requirement that companies whose customers make large cash purchases (more than $10,000 in one transaction or in two or more related transactions) fill out a Form 8300 and file it with the IRS. Form 8300 data goes into FinCen's databases and is available to law enforcement, as I noted in my description of F/Sgt. Charles Cohen's presentation at the Economic Crime Summit I attended. It's simply not the case that FinCen maintains a database of all financial transactions.

Finally, Krone spoke of a presentation at the DefCon hacker conference in Las Vegas about Cisco router security. He said that he heard from a friend that another friend was to give a talk on this subject at DefCon, and that she (the speaker) had to be kept in hiding to avoid arrest from law enforcement in order to successfully give the talk. This is a highly distorted account of Michael Lynn's talk at the Black Hat Briefings which precede DefCon. Lynn, who was an employee of Internet Security Systems, found a remotely exploitable heap overflow vulnerability in the IOS software that runs on Cisco routers as part of his work at ISS. ISS had cold feet about the presentation, and told Lynn that he would be fired if he gave the talk, and Cisco also threatened him with legal action. He quit his job and delivered the talk anyway, and ended up being hired by Juniper Networks, a Cisco competitor. As of late July, Lynn was being investigated by the FBI regarding this issue, but he was not arrested nor in hiding prior to his talk, nor is he female.

I found Krone's talk to be quite a disappointment. Not only was it filled with careless inaccuracies, it presented nothing about how to defend one's privacy. He's right to point out that there are numerous threats to privacy and liberty that are based on technology, but there are also some amazing defensive mechanisms. Strong encryption products can be used to enhance privacy, the EFF's TOR onion routing mechanism is a way of preserving anonymity, the Free Network Project has built mechanisms for preventing censorship (though which are also subject to abuse).