
Smoke Screening: Journalist tests TSA - Umalu
http://www.vanityfair.com/culture/features/2011/12/tsa-insanity-201112
======
ims
This article makes some big leaps. It says in the fourth paragraph: "Since
9/11, the U.S. has spent more than $1.1 trillion on homeland security." It
seems to imply that this is mostly because of wasteful TSA-like spending.

The Department of Homeland Security's FY11 budget authority was around $56
bil. The TSA only accounted for 14% of that money. [1]

Just for perspective -- top 5 slices of DHS's FY11 pie: U.S. Customs and
Border Protection (20%), U.S. Coast Guard (18%), Transportation Security
Administration (14%), Federal Emergency Management Agency (12%), Immigration
and Customs Enforcement (10%).

Don't get me wrong, I'm not a huge fan of the TSA... I think we all feel a
little silly as grownups waiting around in a security line in our socks. But I
don't think all the hand waving about "security theater" is really justified.
And there are probably quite a few things that fall under "homeland security"
that aren't so controversial. Disaster response? Maritime search and rescue?
Enforcement of fisheries conservation regulations? Border protection?

[1] All numbers from DHS's "FY 2011 Budget in Brief"

~~~
dpeck
There have been quite a few articles over the last decade pointing out that
the creation of DHS as a whole has been quite a waste of time and money with
little benefit.

Katrina showed many of the problems with FEMA, though it seems to have
improved since then. I'm not sure why enforcement of fisheries conservation
belongs under DHS, and as someone who does a good bit of offshore fishing I'm
not very happy with they way they over-regulate/enforce on recreational
fishermen who would have a hard time making a dent in most populations while
(seemingly) turning a blind eye to commercial efforts destroying them.

Others I don't have any insight into, but it seems that DHS has mostly the
creation of a huge number of bureaucrats who's major responsibilities involve
insuring that the money allotted is spend so that the same or more can be
requested for the next fiscal year, with the actual agencies under it getting
a smaller piece of the pie and more barriers to actually doing work than
before.

~~~
ims
You're probably thinking of the National Marine Fisheries Service under NOAA
for recreational fishing (under Dept. of Commerce, not Homeland Security). The
Coast Guard, under DHS, enforces Magnuson-Stevens and the other conservation
acts farther offshore where the commercial vessels fish.

And your point is well taken about DHS (as a department), but administrative
organization seems to me to be a completely different problem than sinister-
sounding "security theater," which is how the article paints pretty much all
efforts associated with "homeland security".

------
nathanb
I'm a little disappointed with the article when compared to my expectations
given the title.

Besides using a fraudulent boarding pass, the journo didn't "test" the TSA in
any meaningful way. This wasn't like the experiment where a guy got a gun on a
plane using his wheelchair, for example. While the article has great
information and I agree with almost all of it, I would like to see people
demonstrating the uselessness of the TSA rather than just talking about it.

~~~
DanBC
Attempting to get a weapon on board a plane carries a risk of being shot. In
the head. I'm not that surprised that people don't try it.

~~~
cgs1019
I've always been amazed that with all the effort to keep "dangerous" objects
off the plane, they still hand out aluminum soda cans which can easily be
crushed/bent/torn into quite dangerously sharp forms. Why bother carrying a
weapon on board when they're provided free of charge in flight?

~~~
Terretta
> _aluminum soda cans_

LOL (and I don't use that lightly) ...

Many airlines bring you silverware with your business or first class meal. A
metal fork, spoon, and yes, KNIFE.

Several also serve beverages in glass, including stemware.

And many items taken from you at the security line can be purchased in the
concessions: batteries, lighters, even fuel (vodka).

~~~
mgkimsal
but people in first and business class are just so _nice_ \- they _couldn't_
be a terrorist!

------
Osiris
You don't even need photoshop to modify your boarding pass.

(These steps work with Opera, I'm not sure about other browsers) 1\. Go to
print your boarding pass 2\. View source 3\. Modify any information (such as
adding something to show First Class/A-List/etc) 4\. Click Apply Changes to
make the changes to the HTML show up in the page 5\. Click Print

A perfect boarding pass with any information you want.

What could someone do that's on the watch list? By a ticket under an assumed
name, then print out two boarding passes, one with their real name that
matches their ID, then another with the assumed name.

Since the no-fly list check is only done when the ticket is purchased, use the
real ID with real name boarding pass at security to get through (they won't
check you against the list). At the gate, go ahead and give them the real
boarding pass with the fake name (they won't check your ID at that point).

* I am in no way advocating that you do this, just that it's possible and demonstrates a weakness in security _

~~~
apaprocki
Do you have references that the list is only checked at purchase time? As for
the security hole.. you have a credit card under the assumed name as well? If
they were smart they could simply flag first time fliers and anyone who flies
under a ticket purchased by someone else for extra checks. Cash ticket
purchases require real ID at the ticket counter or Western Union and
presumably you'd get checked there as well.

~~~
maaku
It's possible that when the pass is scanned at the gate by the airline
employee, the original name might be displayed on their monitor (just guessing
--I have no idea if it is), and an astute employee might notice the name
change. However I can't remember the last time an airline employee at that
stage has paid any attention to anything at all.

~~~
quanticle
What original name? The only name the airline gets is the fake name that the
terrorist provides. The only name the TSA gets is the real name from the ID
and the boarding pass. The airline and the TSA don't communicate with each
other. All the TSA checks is that you have a boarding pass and an ID. They
don't verify that the boarding pass is valid (i.e. that you're an actual
passenger on a flight scheduled to depart that day).

EDIT: In case it's not clear, the terrorists prints a _fake_ boarding pass to
get past TSA, and keep the "real" boarding pass in their pocket for the
airline.

------
DrJ
I wish we could get rid of the TSA and spend that resources somewhere else,
CIA, FBI, NSA, hell send it to DoE, NSF, maybe fund (more) research in
practical(?) renewable energy.

But killing the TSA is never going to happen. No career politician is going to
commit political harikiri to shut it down.

\- I do not mind the free hand rubs at the airports though.

~~~
pitdesi
Completely agree with you, except for one point... Ron Paul (a republican
candidate for president) wants to abolish the TSA:
[http://thehill.com/blogs/transportation-
report/tsa/188271-ro...](http://thehill.com/blogs/transportation-
report/tsa/188271-ron-paul-proposes-abolishing-the-tsa-in-plan-to-restore-
america-)

This is not a place for political discussion (so please don't make it one,
people!), but he certainly qualifies as a career politician, having been in
congress 35 years.

EDIT: lots of downvotes... I'm just stating a fact in response to the DrJ's
statement... what is the cause for your downvoting?

~~~
ams6110
_what is the cause for your downvoting_

Probably people reading an endorsement of Ron Paul in your post, though none
is really there.

~~~
cookiecaper
Heh, I thought it was probably the implication that Paul was a career
politician although he is primarily a gynecologist. He continues to deliver
babies when he's in Texas and he has spent a few terms out of office
(practicing medicine) since he was first elected in the 70s. Maybe that's a
self-interested assumption that exposes my own leanings, though.

------
pdubs
Very similar to "The Things He Carried" by The Atlantic back in 2008. Bruce
Schneier shows how worthless the TSA is.

[http://www.theatlantic.com/magazine/archive/2008/11/the-
thin...](http://www.theatlantic.com/magazine/archive/2008/11/the-things-he-
carried/7057/)

------
mootothemax
Fantastic article!

One point I've read elsewhere is that successful Islamic terrorists are a
single-use resource, what with their habit of killing themselves during the
attack. This means all their terrorism skills are lost with the successful
attack, and the pool of competent terrorists shrinks. Not to mention, the
wealth of experience and on-the-ground information is lost as well.

~~~
DanBC
The people with the knowledge are the bombmakers etc; the people carrying the
bombs need very little knowledge apart from "push the button at the right
time".

~~~
InclinedPlane
The most successful terrorist attacks against the US did not use bombs, they
used commodity weapons and teams that required thousands of dollars and weeks
of specialized training.

~~~
anamax
> teams that required thousands of dollars and weeks of specialized training.

The folks who ran that training are still alive.

~~~
InclinedPlane
Yes, the civilian flight instructors in the US, I imagine they are probably
still alive. What's your point?

~~~
anamax
I'm referring to the folks who planned the operation and trained the
hijackers.

Do you really think that the hijackers trained themselves?

------
redthrowaway
The submission might attract more attention if the headline made mention of
the fact that Schneier is the person doing the testing.

~~~
0003
Who here did not think of Bruce Schneier after reading in the lead paragraph:
"...that’s the conclusion of Charles C. Mann, who put the T.S.A. to the test
with the help of one of America’s top security experts"?

~~~
ams6110
I respect Bruce Schneier as an expert in cryptography and computer/network
security. But nothing I've seen him say about physical security seems like
anything more than obvious common sense, delivered in a sort of pompous,
sarcastic tone.

I also don't think the people in charge at the TSA are so stupid as to not
have considered that someone might alter a boarding pass.

I'm reminded of a post here a few weeks ago, I don't recall the subject
exactly but I believe it quoted Henry Kissinger, who said until you are on the
"inside" of these agencies, you have no idea of the things they know, and that
many things that don't make any sense from an external viewpoint DO make sense
once you have all the information.

~~~
WettowelReactor
As someone who has been on the inside that last quote is almost all a smoke
screen. In reality they do not know as much as they claim and many idiotic
policies are there for idiotic or political reasons. Besides since government
should be accountable to its people we should fully call to task idiotic or
irrational behavior and the excuse of "you wouldn't understand" just does not
cut it.

------
DevMonkey
The last time I went through the airport they did the hand wipe thing. I said
"You think terrorist are smart enough to wear gloves when working with
chemical explosives?" She shrugged and said "All Clear!"

~~~
bshep
I'm surprised she didnt give you a more thorough screening after the comment.

~~~
iamandrus
I'm surprised he was even let through the checkpoint after that comment.

~~~
Zarathust
I am surprised your reaction is surprise

------
pppp
I'm afraid most of what the government does is theater - meant to distract us
while they line their own pockets.

~~~
lhnn
I'm afraid because I know that's what they're doing, and they know that's what
they're doing.

~~~
toast76
..and they know you know. Yay for democracy!

------
mgkimsal
And yeah... the next wave of 'terrorist' attacks won't be airports, but
probably consumer-level areas or something that directly affects a large
number of every day people (or, just, threatens to): malls, restaurant chains,
etc.

I posited this idea to friends/family back in 2002: have a large number of
geographically distributed attacks on salt/pepper/condiments at chain and
independent restaurants around the country at the same time. Dozens/hundreds
would get sick or die, and confidence in the food supply would be disrupted
for weeks at minimum. "terror-proof" condiment dispensers would be developed,
and required on flights (cause our anti-terrorists will still be focused on
flying), and it would cost probably $500 in drugs to spike salt/pepper shakers
around the country.

People thought I was crazy (or a terrorist), but I could swear I read of this
being reported on (on a small scale) in 2005 or 2007 - Miami perhaps?

I found this:
[http://www.cbsnews.com/stories/2010/12/20/eveningnews/main71...](http://www.cbsnews.com/stories/2010/12/20/eveningnews/main7169266.shtml)
but it's from 2010 and it's not what I was thinking about.

~~~
tikhonj
I remember something about injecting toxins into off-the-shelf medicine (maybe
Aspirin?). Perhaps that's what you're thinking of?

Apparently this was longer ago than I thought: 1986. Here's a link:
[http://www.nytimes.com/1986/09/19/us/batch-of-rite-aid-
aspir...](http://www.nytimes.com/1986/09/19/us/batch-of-rite-aid-aspirin-
pills-recalled-in-search-on-cyanide.html)

~~~
mgkimsal
No, that was way long ago, and may have been inspired by the tylenol stuff
before it in some way.

No... I just can't find the story I'm thinking about now. All references to
restaurant food poisoning are now coming up with that dec 2010 incident. :/

------
yread
I don't understand. The agents at the gate always check the boarding pass
validity (with the code scanner) and check the name on it against my ID. I
haven't tried it but i can imagine that the system wouldn't allow two boarding
passes with the same code. Is it that here in Europe we do things properly or
did I misunderstood the faking of the boarding pass?

~~~
awj
A quick how-to on bypassing the TSA no-fly list:

1\. Buy a plane ticket under someone else's name. Presumably yours is
blocked/flagged due to the airlines being able to check the no-fly list.

2\. Use that ticket to forge a boarding pass in _your_ name. Use this, along
with your official ID, at the security checkpoint. All the TSA does is read it
and validate date/time/what the know of flights off the top of their head.
Nothing in their setup validates your boarding pass against airline records or
the no-fly list.

3\. At the gate, hand them the original boarding pass. They'll check it
against computer records, but won't bother to check your ID against the pass.

4\. Congratulations, you've bypassed a critical portion of American airline
security.

This, honestly, is most of why the recent "advanced screening" systems piss me
off. Our current security measures are woefully ineffective because of these
kinds of loopholes, but instead of _plugging_ those loopholes we simply pile
on more half-assed systems.

The no-fly list _could_ be a great tool for us, if used properly. Instead it's
nearly trivial to circumvent for the bad guys and an enormous pain in the ass
for any honest person who happens to wander into a name conflict.

~~~
MichaelGG
I think the no-fly has even more issues than just circumvention [1]. Schneier
calls it "a list of people so dangerous they cannot be allowed to fly under
any circumstance, yet so innocent we can't arrest them even under the Patriot
Act"[2].

1:
[http://www.schneier.com/blog/archives/2006/10/nofly_list.htm...](http://www.schneier.com/blog/archives/2006/10/nofly_list.html)

2:
[http://www.schneier.com/blog/archives/2007/08/conversation_w...](http://www.schneier.com/blog/archives/2007/08/conversation_wi_5.html)

------
robobenjie
I agree with most of the points in this article, but saying that all people
who forge boarding passes will use latex gloves seems false.

From my point of view the point of multiple screenings is to increase the
difficulty and complexity of pulling off a particular attack. Sure,
individually you can think of a way to counter each one, but as you add
constraints you reduce the pool of people willing and able to pull it off. (So
now you need a person who wants to cause terror, who is willing to blow
themselves up, who can forge simple documents, who remembered to wear latex
gloves, who can act cool enough to avoid extra screenings when walking past
guards with machine guns, etc, etc, etc). Sure some eliminate more than
others, but you multiply enough .95s together and you get a small number.

~~~
nlawalker
The thing is, it's not a bunch of .95s. It's a .00000001 and a bunch of
.9999999s. If a person wants to cause terror and is willing to blow themselves
up, they're probably already very resolved and willing to do virtually
anything else necessary to bypass the security measures you mention and any
others.

~~~
WettowelReactor
Or if all else fails they can blow themselves up at the security checkpoint,
or on a train, or on a bus, or metro, or .... Really once a person has decided
to blow themselves up their options for committing terrorism are exceedingly
large. Luckily this group of people is surprisingly small but or reactions to
to the risks are way overboard.

------
ck2
Why wouldn't terrorists hijack private planes now? Some of them are quite
large.

If we want to see the TSA go away, start hassling the billionaires.

But airports are so passe anyway, TSA has moved onto buses, trains and now car
searches, journalists are way behind.

------
tlrobinson
I like to think the TSA and their ridiculous measures actually _are_ there
purely for the "security theater"... both to reassure the ignorant public, and
to misdirect potential terrorists.

Of course, I also hope the TSA, DHS, etc have more effective measures in place
behind the scenes. I don't know if that's the case, but it would make sense to
keep them secret.

------
mgkimsal
When will we get congressional and presidential candidates vowing to shut down
the TSA? "I'll shut down the Dept of Education!" was a bit rallying cry for
Bachmann a couple months ago, partially with the justification that "It was
only started in 1979!". Well, the TSA was started less than 10 years ago, so
let's shut that down first.

------
gerggerg
The 3 oz liquid rule was always a bit laughable to me too. Print 6 fake
boarding passes, bring 6 friends, give them 3 ounces of whatever, take 21
ounces on the plane. Makes no sense to me.

And still I have to buy a special tiny tube of toothpaste for the safety of
the nation.

------
miles_matthias
The article didn't mention what happened when they tried to use the
photoshopped boarding pass to board. Maybe they had another real boarding pass
somewhere else? Maybe they didn't actually board a plane?

Their system makes sure you're supposed to be on the plane when they scan your
boarding pass to get on the plane right?

~~~
po
They didn't try to use it to board the plane, he just wanted to show that you
don't actually have to buy a plane ticket to be waved into the 'secure' area
of the airport.

~~~
miles_matthias
That's what I thought. I just didn't see them be explicit about that.

