
TSA Pressures Mainstream Media Not To Cover Story - ddelphin
http://tsaoutofourpants.wordpress.com/2012/03/08/breaking-tsa-threatens-mainstream-media-not-to-cover-story/
======
tylermenezes
The term "security theater" has been tossed around a lot, but I think it's
pretty clearly coming to that. Asking the mainstream media not to cover
something like this is completely indefensible from a security standpoint -
what, terrorists only learn about security flaws from TV?. It's pretty
patently only about keeping their budget.

Also, just going to throw this out there, but it is fairly possible that the
email is totally fake.

~~~
Bud
No. It's not "coming to that". We're well past the security theater stage, and
into the nightmare stage.

Even hinting that any media not cover this or ANY story is so, so far beyond
the purview of TSA that it is shocking (or should be shocking—it has become
rather hard to be shocked by TSA) that they would even consider pulling this.

The Supreme Court should slap them so hard that their acronym gets mixed up.
This is an outrage.

(edited to add snark) I thought of the perfect new acronym! STA: Security
Theater Administration.

~~~
tptacek
Hinting that media cover or not cover any story is so far beyond the purview
of the TSA that no competent journalist would consider taking them seriously,
making this a comparatively mild nightmare.

The Supreme Court can't "slap them" for anything; someone with standing would
have to bring a case, and for that case to have merit, some journalistic
outlet would have had to have its discretion _actually_ impinged by the TSA.

~~~
WiseWeasel
There might be a suit brought on behalf of one of these reporters and/or their
employer arguing that the implication of consequences from such a powerful
entity without a court order constitutes illegal interference with their
business, possibly entitling them to some damages, and more importantly,
establishing some very important precedent which might prevent the TSA from
ever attempting such a stunt in the future. I could certainly see many lawyers
salivating at the prospect of winning a suit against such a well-funded
target, not to mention the notoriety such a contentious issue would bring them
in any event.

~~~
jcampbell1
You are not familiar with Sovereign Immunity. No lawyer in the world salivates
at the thought of suing the federal government.

~~~
WiseWeasel
Maybe you're not familiar with the Federal Tort Claims Act, which provides a
waiver for the federal government's immunity in the case that a federal
employee has been shown to have caused wrongful damage.

~~~
jcampbell1
I am familiar with the Federal Tort Claims Act. No reasonable person would
consider your original claim a tort. Where are the damages from one government
employee making a hollow threat? What specific expenses or losses did the
newspaper incur because a federal employee made a threat?

Your case is weak, otherwise lawyers would be fully employed.

~~~
beedogs
What if they suddenly find all of their reporters have been added to the
federal no-fly list?

~~~
mcherm
Then they would have a case. Also if if jackbooted TSA thugs showed up to burn
down the newspaper building. But since no one has even alleged that any of
these things have happened, can we skip the wild and crazy speculation?

~~~
Drbble
Except what actually happens (Hello, PATRIOT act!) is that all the evidence of
harm is secret, and so the Supreme Court refuses to grant standing to any
injured party, and so discovery never happens and the evidence can never be
brought to light and the harm never proven in court. This story has been
repeated over and over since 2002.

------
danso
Just want to point this out: "strongly caution" is what the TSA flak told the
reporter (according to the reporter). That doesn't necessarily mean "don't
report this or we'll send you to Gitmo". It most likely was expressed in the
context of "you're going to look stupid/spread misinformation if you do."

I'm not saying the TSA flak won't be vindictive if a reporter covers the
story. I'm just saying, there's not an immediate reason to jump to this
conclusion. You don't get to be TSA flak by writing thinly-veiled threats that
are easily retrieved through public records requests.

~~~
einhverfr
I think it's probably in the middle.

You have to remember that journalists rely on sources, and some of those
sources come from government agencies. A strong caution contains an implied
threat of non-cooperation, i.e. if you cover that story, we will be feeding
other journalists more info than we feed you.

We've already been seeing this a lot with the current administration,
regarding trying to ban Fox News from the press pool (ok, I am no fan of Fox
News, and I was a fan of Obama in 2008, but COME ON). In context, this is a
meaningful threat.

However, I wonder if the issue has to do more with the "get rid of the TSA"
rhetoric in the post than it does with the security hole.

~~~
Drbble
You need general, sure but the TSA management is not Apple, or even a
politicians who uses media manipulation to win hearts and minds. It is just
inept damage control trying to cover up corruption and incompetence.

------
tomkin
So, the US collectively pays for the TSA. The TSA takes your money, buys into
the accountability of body scanners - somehow miss (then deny) the
vulnerability – one a terrorist _could successfully_ overcome - and they're
asking, what? That no one know about it? Are you serious? Like the TSA is a
newb database admin that accidentally dropped the users table or something?
The TSA is literally fucking with your lives and you pay for it and seriously
being told to shut up about it in no uncertain terms. Yikes.

What gets me is that the person who pointed out this flaw _actually
demonstrated it_. I shutter to think what would have happened to this
information had he only provided anecdotal hypothesis.

------
grandalf
The TSA probably views its own mission as largely a propaganda mission. It's
just creepy when we realize that it is trying to silence public debate.

The biggest oddity to me is that it's been over 10 years and this debate
hasn't actually happened in the mainstream media.

I think one aspect of most orgs that have entrenched power is that they are
always very deferent toward government. NPR is a great example... there is
lots of coverage of various wall street schemes, mention of greed as a problem
in the private sector, etc., but the underlying message in most of the stories
is that government is beyond reproach.

~~~
IanDrake
I don't know if that's entirely true. NPR was really suspicious of the
government before 2008. Then something changed.

~~~
mattdeboard
Have some data to support your cognitive bias?

~~~
IanDrake
Not sure that data is available, but I was listening to NPR news during that
time. I thought they did decent job of highlighting the poor behavior of our
government. Then things changed (not government behavior, which is the same if
not worse).

At the pinnacle of the credit crisis they started hating on the financial
services sector. As if they had any idea of what credit derivative were. The
"experts" they had on air seemed to have a textbook definition which would
then be simplified by saying "It's basically gambling". Uhg.

At some point I realized that most of their "experts" (in all their coverage)
were either working for the government, the Federal Reserve, or had financial
ties to the government (grant recipients, lobbyist, etc...). I stopped
listening around 2010 after I found myself yelling at the radio too often.
Maybe things have changed.

------
mrb
The government supporting the TSA, despite its People pushing against it, is a
prime example of _failure of democracy in the United States_. The People
elected a government who does not what they want!

Some countries hold referendums to vote on controversial topics. It would be a
great solution to hold one in the U.S. at the federal level asking a very
simple question: "Should the TSA be shut down? Yes/No". Direct democracy at
its best. Unfortunately the U.S. constitution does not provide for referendums
at the federal level...
<http://en.wikipedia.org/wiki/Referendum#United_States>

~~~
tptacek
Be careful what you wish for. The capital-P people are just peachy with those
machines. I traveled last week and saw nobody (other than myself) opting out.
The people --- in the aggregate --- do not care about this issue.

Left to "democracy in the United States", a referendum that requested the
elimination of the "opt-out" process in favor of 0.5s of wait time at the
security lines would probably pass in a landslide. Thankfully, we're governed
not just by a legislature but by a Constitution interpreted by a panel of
judges with lifetime tenure.

~~~
InclinedPlane
I don't think your observations back up your conclusions with regard to public
support for the machines.

The choice people have is between these scanners and a highly intrusive "pat
down" which typically includes some TSA agent's hands on your junk. That's not
much of a choice.

~~~
tptacek
If you'd like to make that argument, you can, but it doesn't rebut the poll
data that shows a clear majority of Americans favor the machines.

 _(I would prefer they did not, but you can't always get what you want.)_

~~~
sitkack
Favor the machines over a pat-down. They would actually _prefere_ neither.

~~~
tptacek
Sorry, this is wishful (I share your wish). The reality is, the polls aren't
posing the either/or question. Respondents can favor the imaging machines
_and_ reject the pat-downs. Here's a sample question:

    
    
        The Transportation Security Administration is increasing its use of so-called 
        'full-body' digital x-ray machines to screen passengers in airport security lines. 
        (Supporters say these machines improve the ability to spot hidden weapons and 
        explosives, and reduce the need for physical searches.) (Opponents say these machines 
        invade privacy by producing x-ray images of a passenger’s naked body that security 
        officials can see, and don’t provide enough added security to justify this.) Which 
        comes closer to your own view – do you support or oppose using these scanners in
        airport security lines?
    

You would find the actual breakdown of responses equally dispiriting.

Americans think the imaging machines are a good idea. Americans are
unreasonably scared of threats to airplanes. That shouldn't surprise you,
since Americans are also unreasonably scared of airplanes.

In any case, if this is a "failure of democracy", it is not a failure of the
kind imagined by the root comment on this thread.

~~~
mrb
It is right that about half of the Americans don't fly very often and seem for
the scanners according to some recent polls. My "failure of democracy"
statement was exaggerated I think.

On the other hand, people who fly somewhat frequently seem to be almost all
against them. The guy who published the video said comments against the
machines on his blog outnumber 20 to 1 the people who support them.

------
milesf
The story he's referring to is this one:

[http://tsaoutofourpants.wordpress.com/2012/03/06/1b-of-
nude-...](http://tsaoutofourpants.wordpress.com/2012/03/06/1b-of-nude-body-
scanners-made-worthless-by-blog-how-anyone-can-get-anything-past-the-tsas-
nude-body-scanners/)

------
cs702
So the TSA is "securing" airports by trying to keep vulnerabilities secret.
Their thinking seems to be, "if no one knows where the open door is, no one
will get in." Surely that will work out well. Not!

Bruce Schneier must be getting a kick out of this.

~~~
einhverfr
Indeed. Here's what I posted on Facebook (mildly edited for clarity) about the
TSA's response (btw one of my Facebook friends is a TSA screener):

Some thoughts about this.

The main defense that the TSA offers over the body scanners in this regard is
that it is somehow better/harder to circumvent than the metal detectors, and
that it's only one part of a larger program using layers of security.

We can argue about the specifics but the idea of layers of security is one
thing the TSA is doing right. One of my complaints about the body scanners is
that they are not implemented in a way that makes full use of this (tandem to
a metal detector, as separate layers, ideally in conjunction with behavioral
indicators). But that's neither here nor there. I want to talk about testing.

As a software engineer, I know there is testing, and there is testing.
Extensive pre-deployment testing is important. There can't be any doubt of
that. However, it is also by definition incomplete. Stuff will always get
missed. Real testing in a security environment involves the sorts of things
that this video involves--- many people looking for ways to circumvent a given
technology and doing so. A few professional testers will miss stuff because
everyone has blind spots. This has to be an ongoing thing, and it has to rely
on independent individuals not beholden to the organization ordering the
testing.

In the computer software field, while the stakes are lower, we deal with a
level of constant attack unmatched in any physical security field. A firewall
in the rural US is under more constant attack than any US troops on any
battlefield and I have logs to prove this, so in my industry we have had to
find better ways of dealing with these problems than we see with the
Department of Homeland Security today. While my life may not depend on my
firewall holding up, my livelihood very well might, as does all of your credit
card data depend on firewalls of places like Amazon.

The video I linked to yesterday, while I don't agree with all of the political
remedies proposed is a solid example of penetration testing, and the sort that
makes us more secure. We should no more trust the TSA with securing our
airports than we should trust Microsoft with securing our data. Microsoft
can't get there without armies of white-hat hackers reporting vulnerabilities
before the bad guys find and exploit them. The TSA shouldn't attempt this
either.

Just this week we saw a massive security hole discovered at Github, which many
open source projects use. This hole allowed anyone who had an account (and
anyone can sign up!) the ability to commit software changes to any project on
the system. The severity of this problem was just unbelievable. In all
likelihood this would have gone at least partially unfixed (given past
attempts to get the software fixed) had it not been for one daring individual
breaking into the system in a reasonably responsible (as far as we know, but
if you use github, audit your code!) way.

But imagine if a bad guy did this? What critical systems would be vulnerable
for years because of malware planted? The fact that it was reported in a
public way after a previous fix was attempted and fell flat was a good thing.

I have been on the receiving end of accusations of fearmongering for exposing
security holes (in software). The fact though is that this is usually the
first step to getting the problem fixed. Whatever else is discussed, we need
to keep that in mind.

The correct response should have been, "We are evaluating this report and,
once we are finished doing so, will institute whatever corrective steps appear
to be necessary to solve the problem." This is not it.

------
epaga
Though both the email and the blog response from TSA are incredibly
unprofessional, the email is NOT intimidation or a "veiled threat", and
exaggerating by claiming it is is not going to help a sane discussion about
this issue. What do you think the TSA is "threatening" to do? They have no
power over the media.

All the TSA are saying is "exercise caution with reporting on bloggers that
make random statements because you can end up looking stupid". They're wrong
in this case, of course, and most likely know they're wrong, but that doesn't
make their statement be intimidation (nor should it be read as such). Let's
stay reasoned and calm, people.

~~~
dedward
Is that what the TSA actually said, or just your interpretation of it?

~~~
finnw
_Wouldn't it be a shame if your shop got broken into, looted and set on fire?_

Is the above sentence a threat? Of course it is. Not literally (I did not
directly say that I would send thugs to loot your shop if you refused to pay
me protection money) but a _reasonable person_ would, more likely than not,
interpret it as a threat.

If I did _not_ mean it that way but was so dumb as not to anticipate that you
would read it that way, I would deserve to go to jail for extortion anyway.

And the TSA, by virtue of having the power to add people to the No Fly List
without public scrutiny _and_ knowing of all the rumours of them having added
people for political reasons, they should expect any "request" they make to be
interpreted that way, and they should take extra care to ensure that it isn't.

------
bpd1069
Overlay a thin layer of material over the metal plate (the dark/black region
in the images) that has a regular repeating pattern (think checkerboard) that
shows objects suspended beyond the body's silhouette.

Problem solved.

~~~
teej
The problem isn't that this one particular technique exists. The problem is
that the TSA's decision making process led them to spend billions of dollars a
year against the advisement of the top security experts in the world.

For an organization who's sole purpose is the security of the American people,
they're awfully bad at doing things that ensure the security of the American
people.

~~~
ams6110
A big problem with that procurement was the very close ties between former TSA
director, Michael Chertoff, and the company that makes the full body scanners.

------
reinhardt
Eagerly waiting for the Streisand effect

------
georgemcbay
FTA: "For obvious security reasons, we can’t discuss our technology's
detection capability in detail"

The only situation that would make this "obvious" is if the technology is
inadequate. Basically by saying that, they're admitting to a large amount of
security through obscurity.

Imagine a bank's website saying "For obvious security reasons, we can’t
discuss how our passwords are store in detail". Wait, why not? If the
technology is adequate to the task you should be able to explain exactly how
it works without compromising anything!

~~~
dedward
Can you cite a bank website where they DO explain how their passwords are
stored in detail?

~~~
eschulte
I don't talk to many banks about their password storage, but they all should.

<http://en.wikipedia.org/wiki/Security_through_obscurity>

------
chao-
What really has my interest is not the TSA's request/threat. That part is
unsurprising. Instead, my mind ran through a few ideas about what a news story
on this topic would entail. From the last time I bothered to watch CNN, I
recall they've acquired a penchant for saying "And a viral video of [topic] is
hot on the Twitters today!", showing the video, getting someone in-house to do
surface analysis, reading off some Facebook posts, and cutting to commercial.
Ideally, a reporter does their own investigation on the topic, either by
contacting the TSA and arranging to film while testing the scenario depicted
here, or by doing a more undercover verification ala the video itself.

I don't wish to be specifically judgmental of CNN, and I don't wish to over-
analyze my mock-scenario. Instead I'm using the thought experiment of a news
report on this topic to express frustrations with journalistic practices I
have already seen elsewhere. It seems to me there isn't as much motivation on
behalf of larger news organizations to put together a verified report, when
you can replay something from YouTube and people will believe it much the
same.

But maybe there are positive aspects? Crowdsourcing the genesis of news topics
allows for a better breadth of topics, clearly. And I recognize there is a
need for it in situations such as the Syrian unrest, Tibet, or any place that
foreign journalists can't easily access. I get the feeling though, when I go
to 'old' media, that I expect old media standards and practices. When I go to
'old' media and get a replay of internet videos followed by an equally-long
segment of internet comments, I wonder why I'm not just browsing the internet
for myself.

------
reidmain
Security through obscurity.

Doesn't work on the Internet. Doesn't work in real-life.

~~~
Retric
Passwords are Security through obscurity. That does not make them useless,
just vulnerable.

~~~
marshray
A password is a best-effort attempt at implementing the theoretical construct
of a 'cryptographic shared secret'.

Passwords are from perfect at that of course, but it's not correct to call
them 'obscurity' either.

The distinction between security and obscurity derives from Kerckhoffs's
principle. <https://en.wikipedia.org/wiki/Kerckhoffs%27s_Principle>

------
tptacek
They're allowed to say that. The media is allowed (encouraged; morally
obliged, perhaps) to ignore them. Whether he's right or wrong (and _I'm sure
he's right_ ), the bureaucracy would prefer to continue working towards their
quarterly MBOs than to address another controversy. This is a non-story.

~~~
Bud
Completely absurd. The TSA is allowed to vaguely intimidate the media? I call
bullshit. I know from reading hundreds of your comments that you are a
reasonable man, so please explain where you are coming from on this.

~~~
tptacek
The premise of your outrage is that the TSA has some authority over the media
that they are abusing. The TSA has no authority over the media. The media
routinely publishes terrifyingly sensitive government secrets over the direct
and strident objections of the DoJ and gets hauled into court to defend
itself. That the media has a pretty excellent track record in those courts is
not so much my point as that the media has so much experience building that
track record that only the dumbest reporter would give half a shit whether
some TSA functionary "strongly cautioned" them not to run a story.

Since this observation isn't so much "insightful" as it is "completely obvious
on its face", to me, Occam's Razor suggests that what the TSA was implying was
that the guy was _wrong_ , and that his story was going to make the media look
dumb.

Since I have never once seen anyone from the TSA land on the right side of an
argument, from airport security to spelling and grammar, we don't have to
argue about which one of us is more vehemently contemptuous of it, or, in this
case, its argument.

------
jrockway
They're not really threatening anything, they're just asking "please don't
cover this story". That's their right and it's not censorship unless the
journalist faces consequences for covering the story (no future interviews,
harassment by the legal system, etc.) It doesn't seem like any consequences
are mentioned or implied, so this doesn't bother me. Of course the TSA doesn't
want negative press. Would you?

~~~
burgerbrain
No, they're _not_ asking _""please don't cover this story""_. They are
_"strongly cautioning"_ them not to, which can reasonably be interpreted as a
veiled threat.

~~~
jrockway
A threat to do what?

~~~
burgerbrain
_"I know where you live."_

What is that a threat to do?

How about, _"Be careful."_?

~~~
jrockway
The government's powers are limited by the Constitution. Someone who threatens
to follow you home and kill you, however, is operating in an environment
without restrictions, and you might therefore worry that you're actually going
to be killed.

"Prior restraint" is a well-tested concept and it doesn't do very well in
court. And all the government has to harass you are the courts.

~~~
burgerbrain
Just because you think that the only way the government is capable of
harassing you is with the courts, does not mean that they are not capable of
veiled threats. A threats are not limited to personal physical violence.

Though I of course strongly disagree with your premise anyway, _particularly_
when the governmental agency in question is the DHS.

------
skanga
This is insanity. I try to avoid flying as much as possible.

However, the whole controversy also seems to lack common sense. An easy
"solution" to this whole problem is to ask people to go into the machine and
do a 360 degree rotation before emerging on the other side. I'll call this the
"Airport Dance" :-)

What? It's not like we aren't made to dance already!

~~~
regularfry
The current arrangement subjects you to one short burst of radiation to take a
static image, and it's enough energy to have some doctors worried. Multiply
that up by however many frames you want to capture, and I don't think it would
be "some doctors" any more.

Besides, I've got no idea if the machines in place have microwave units that
can withstand a high duty cycle like that. I wouldn't be surprised if they
can't.

~~~
rhplus
Does anyone have some independently verified numbers for the amount of
radiation that a FBS exposes a passenger to and how it compares to the amount
of radiation exposure the same passenger would get from 3 hours in a plane?
The TSA claims that the latter is significantly (like 100x) greater than the
former.

~~~
regularfry
There are numbers out there, but the problem isn't just the amount of energy,
it's where it's concentrated. The theory goes that because of its very short
wavelength everything that gets absorbed is concentrated in the topmost layers
of the skin, so the energy density where it might be damaging is much higher
than the absolute amount of energy might suggest.

From memory part of the argument was that the studies hadn't yet been done
which might show whether this could be a health issue, so claiming the
scanners were safe was at best premature.

------
reader5000
I think the problem is just that the TSA is run by unprofessional people who
clearly have no idea what they're doing.

------
DamnYuppie
I hope the email is fake. Yet I would not be surprised if it wasn't. Most
government employees I have met are not really that intelligent. Add that to a
bit of power and little to no accountability and you have an instant recipe
for disaster.

~~~
pseingatl
Sari Koshetz is the name of a TSA representative. Google her.

~~~
artursapek
So?

Edit: Seriously, what does that prove? Someone faking an email can Google for
TSA spokeswomen just as easily as someone trying to verify it.

------
rickdale
I remember before they were rolling out the scanners seeing a story run by the
mainstream media about how congress had invested large amounts of money in the
scanners before they realized how useless they were and now they were going to
push really push hard for them to become the norm. I guess they succeeded. It
sucks how in America a logical argument bumps heads with a touchy subject.

------
alanh
Journalism has been called the fourth pillar of the government.

Its job is not to prop up the establishment, but rather to keep it
responsible.

------
jlujan
Apperently Sari Koshetz doesn't deny anything

[http://www.popehat.com/2012/03/08/in-which-i-strongly-
cautio...](http://www.popehat.com/2012/03/08/in-which-i-strongly-caution-the-
tsa-to-snort-my-taint-and-probably-get-on-the-no-fly-list/)

------
todd3834
For someone who clearly values security, I am surprised to see him running
Internet Explorer :-/

~~~
sdfjkl
It's MS Exchange's web-frontend (OWA), which doesn't play nice with most
browsers (last I checked it degraded into some "basic functionality" mode when
using anything but IE, although that was a while ago). FourTen Technologies is
his company and seems to be mainly a Microsoft shop based on their staff's
skill set (ASP, .NET, COM, MSSQL, AD) and portfolio:
<http://www.fourtentech.com/about/whoswho/>

Amusingly their portfolio includes a major project for the NYPD building a
automated surveillance network designed for (amongst other functions)
_"detecting unauthorized individuals in secure areas of the financial
district"_ \-- <http://www.fourtentech.com/mcs-nypd.html>

------
twiceaday
Security by obscurity.

------
zotz
"Totalitarian democracy is a term made famous by Israeli historian J. L.
Talmon to refer to a system of government in which lawfully elected
representatives maintain the integrity of a nation state whose citizens, while
granted the right to vote, have little or no participation in the decision-
making process of the government."

<http://en.wikipedia.org/wiki/Totalitarian_democracy>

~~~
haroldp
See Also: <http://en.wikipedia.org/wiki/Managed_democracy>

------
ktizo
The TSA might as well just move into Barbara Streisand's beachfront property
if they are using these kind of tactics.

------
lightyrs
I am outraged.

------
ramses
Harassment and directly attacking Free Speech? ... but somehow I suspect that
this was an employee independently acting stupid, and not an institutional
policy.

~~~
burgerbrain
Did you read the TSA's recent blog post about this? It displays exactly the
same sort of attitude.

------
runn1ng
To play devil's advocate - he clearly has an agenda and his video is more long
and boring political ramblings than something really substantial.

~~~
scelerat
1\. Anyone who says they don't have an agenda is lying. Everyone has their
reasons for doing anything and everything.

2\. There is absolutely nothing wrong with having an agenda.

~~~
CWuestefeld
Adding to that:

If he makes a bundle of money in the course of defending our freedoms, then my
hat is off to him. Bravo!

From an economics perspective, the fact that someone has turned a profit (in a
free market) is _prima facie_ evidence that he has delivered something of
value.

~~~
reitblatt
Or he's discovered a new kind of sucker, cf. homeopathy.

