
TSA Threatens Blogger Who Posted New Screening Directive - phsr
http://www.wired.com/threatlevel/2009/12/dhs-threatens-blogger/
======
patio11
I'm sort of a staunch law & order kind of guy, but this is why you never talk
to the police. If they want to talk to you, they can have ample opportunity to
do so in your lawyer's offices, in a comfortable plush chair, right into the
tape recorder, after giving you blanket immunity for anything resulting from
what you are about to tell them.

I will also happily let the authorities image my hard drive if they can
convince a judge to issue a search warrant for the entire thing. It isn't that
I don't trust you, officer, it is just that I desire to renew our traditional
understanding that my papers and effects are _mine_ and not to be trifled with
lightly.

~~~
stevoski
But if the TSA turn up at your door, claiming they'll put you on the no-fly
list if you don't co-operate? Once on the no-fly list, it's close to
impossible to get off the list.

It's a government agency with far too much power and no transparency.

~~~
jrockway
_Once on the no-fly list, it's close to impossible to get off the list._

Sure, if you don't want to change your name. Go to your local courthouse,
change the spelling of your name, get a new ID, you're off the list. That's
why the no-fly list is such a joke.

Also, you can bet that they would not make this threat in the company of your
lawyer. This is just a scare tactic.

------
ig1
WikiLeaks which provides anonymous leaking services for things just like this
has recently stopped due to lack of funding (and this document would likely
have been leaked there if it hadn't been stopped).

Please consider donating to them (they need both money and technical
services/expertise) at <http://wikileaks.org/> to help them carry on if you'd
like to support the freedom to whistleblow.

~~~
petewarden
I hadn't realized they were struggling, they've been responsible for some
amazing scoops. I thought it was worth calling out this appeal for volunteers
as a new item:

<http://news.ycombinator.com/item?id=1023663>

------
jrockway
This is why all of my disks are encrypted. Power turns off, data is gone. If
someone shows up at your door threatening you to provide them with a disk
image, you can happily comply. When they realize the data is useless without
the Constitutionally-protected secret key that only exists in your mind, they
will have to file charges, and get a judge to order you to testify against
yourself. And right about then, the investigation stops, because you committed
no crime, and the order to testify against yourself is illegal. (If anything,
it means you have plenty of time to talk to your attorney. They are not
getting the data any other way, so you have the power to say, "wait, let me
get my lawyer first", even if they physically seize your hardware.)

I also have a few drives in my house that look like LUKS encrypted disks, but
are actually a LUKS header with random data following it. There is no way I
could ever decrypt these disks, as there is no data on them; just random bits.

Anyway, you can tell that this was never a real criminal investigation,
because a real investigator would get Gmail records from Google, not from some
random guy with a laptop. This was purely to scare the blogger into not
publishing information about the TSA anymore. "Chilling effect."

~~~
khafra
Your fake encrypted disks are so that you can't be forced to decrypt every
disk, even under thermorectal cryptanalysis? Did you do that after reading
about pre-commitment in game theory, and do you have a plan to avoid the flaw
in pre-commitment strategies under asymmetric information exposed in Dr.
Strangelove?

~~~
jrockway
My main enemy is some random person in the airport stealing my laptop bag. My
theoretical enemy is the government.

Neither of these adversaries can afford a technical attack. The guy at the
airport will say "oh well", format the disk, and eBay it. The government will
try to convince me that I do know the key, will fail, and will have to support
its (theoretical, of course) case against me with actual evidence instead.

There is one thing I just thought of, though; the SMART log shows how much
activity the disk has experienced. It should be easy to check this log to see
which disk I use the most. I will come up with some way to plug this leak :)

But anyway, I am not sure this would "prove beyond a reasonable doubt" that I
know the key. If any case against me ever depended on me decrypting my disk, I
would first refuse. Then, theoretically, a charge of obstruction of justice
would be filed against me, and the government would have to prove that before
they could even consider their original case. (And that's no cakewalk, as
there is case law saying I don't have to give up the password, and I don't
think SMART data has ever been used in court.)

So anyway, I think my system is good enough. I don't have any friends in the
government feeding me classified information, anyway :( So, it's likely that I
will never get to test my system. But I hope the "Real Criminals" read this
and perhaps use this information to help themselves stay safe from their
oppressive regime.

~~~
tommorris
Be sure that you are aware of the laws on where you travel to. In the United
Kingdom, the police can seek a warrant that requires you to either decrypt a
specific piece of data or to surrender any encryption private key or password
under Part III of the Regulation of Investigatory Powers Act 2000. Refusing to
do so under this act is a criminal offence with a sentence of two years in
prison (longer if they allege that the encrypted data is either related to
terrorist activity or child pornography).

The crazy thing about the TSA: I flew back from SFO to London last month. I
had three laptops in my carry-on bag. I also had a can of Red Bull.
Apparently, the can of Red Bull is highly suspicious, but the three laptops
are not. I had a perfect excuse though: one was running OS X, another was
running Linux and the last was running XP.

~~~
jrockway
The TSA is not supposed to care if you are doing something illegal, they are
only supposed to prevent you from bringing certain things into the secure area
of the airport. Liquids (or cans that contained them) are what they are
supposed to watch for. Laptops are fine.

Customs is another story; they would probably ask about your laptops.

------
jonknee
It's time for the TSA to go.

~~~
blahedo
And be replaced with what? I'm as irritated with all the stupid TSA crap as
anyone else and now go out of my way to avoid flying because of it---but the
post-9/11 pre-TSA period was _even worse_ as far as fickleness and
inconsistency of security.

TSA needs a lot of fixing. But on the whole I think nationalised airline
security is probably the right way to go.

~~~
philk
Two things:

1) Reinforced cockpit doors and armed pilots so terrorists can't get control
over the plane.

2) Better intelligence and policing on the ground; remember, in the last
attempted attack the guys father had raised concerns about him beforehand.

Airport screening is basically security theater.

~~~
makecheck
Arming someone isn't necessarily a benefit. If you can hold a deadly weapon,
you can also lose that weapon in a fight, at which point the weapon may be
used against you. Especially if you're sitting down in a tiny cockpit when
someone bursts in.

If you'd arm anyone at all, you'd want to be sure they are very well trained
(e.g. a police officer, infantryman or equivalent) and in a better position to
help.

~~~
bullseye
>>you'd want to be sure they are very well trained

I doubt they would just issue a firearm along with the uniforms. Many airline
pilots are ex-military and quite capable of using a sidearm.
Training/restrictions would certainly be available for those that aren't.

------
NathanKP
The story according to the two bloggers:

[http://www.elliott.org/blog/full-text-of-my-subpoena-from-
th...](http://www.elliott.org/blog/full-text-of-my-subpoena-from-the-
department-of-homeland-security/#more-10228)

[http://boardingarea.com/blogs/flyingwithfish/2009/12/30/the-...](http://boardingarea.com/blogs/flyingwithfish/2009/12/30/the-
fallout-from-sd-1544-09-06-the-feds-at-my-door/)

------
ciscoriordan
My favorite quote: "Frischling said [the TSA agents] had to go to WalMart to
buy a hard drive, but when they returned were unable to get it to work."

~~~
jrockway
An unexpected fringe benefit of owning 2TB drives: the cops can't buy them at
WalMart.

------
flatline
There's the difference between Joe-blogger and someone who's an actual
journalist. Granted, I don't know that "writes a column for the Washington
Post" is exactly hard-hitting journalism, but I find it interesting that he
did not turn over any information on his source whereas the guy who was just a
blogger complied.

~~~
jrockway
Presumably, the Washington Post has lawyers that deal with this sort of thing,
and they have a newspaper that can publish all the details to a wide
readership. The Post journalist presumably took some journalism courses, where
they probably teach you to not talk to the police in these circumstances.

The blogger probably had none of those, and just wanted to take care of his
kids that night.

------
nfnaaron
Wait, the TSA has their own subpoena-serving law enforcement agents?

I wonder if they instead used the FBI, if _those_ agents might have been able
to get an external hard drive to work?

------
Locke1689
Flagged. This one seems straight from the submission guidelines:

 _Off-Topic: Most stories about politics, or crime, or sports, unless they're
evidence of some interesting new phenomenon. Videos of pratfalls or disasters,
or cute animal pictures. If they'd cover it on TV news, it's probably off-
topic._

~~~
jonknee
I find it very relative hacker news and this isn't a story that will be
covered on TV news. This is behind the scenes and is about how the internet is
completely disrupting the control of information by governments.

~~~
Locke1689
Hmmm, maybe. However, I could definitely see TSA harassment as something be
covered on TV news. I mostly saw this from the political/legal angle which is
rather trite and has been covered many times before.

 _This is behind the scenes and is about how the internet is completely
disrupting the control of information by governments._

I didn't think of this at first but you may be right. Although, I would have
preferred an analysis from that perspective in this case, rather than a
reporting of the legal circumstances.

------
ghshephard
I'm wondering if there are any of us who would suggest that right after a
terrorist attack, it might be a good idea _not_ to share with the bad guys how
we're going to stop them? I mean, maybe hold off for a week or so while we
figure out if:

A) There are more attacks coming.

B) How we are going to stop them.

~~~
rdtsc
You are assuming that what TSA was doing, is doing and is planning to do
stopped/is stopping/will stop terrorist attacks.

Their track record is so horrible that they should be fired on the spot, be
asked to apologize to everyone they harassed over the years and be forced to
return tax payer's money they wasted for expensive x-ray vision and air
puffing machines.

To bring back an analogy I made in a previous post, they are like the witch
doctor that is trying to cure cancer with a rattle or a voodoo doll. The
patients keep dying so as far as they can see, the rattle is not advanced
enough. Now they've enhanced the rattle with more bells and added more rules
that patients have to follow to get cured.

Of course, those who see through the farce and write about it, get some
personal attention and home visits...

~~~
ghshephard
Okay, I'm interested in some more detail regarding your concerns. In
particular, why do you consider their track record to be horrible, and what
actions should they have been taking to prevent liquid detonated PETN bombs?

Off the top of my head, I can fault the TSA for only two things:

1\. They don't have Full Body Scanners in place. The technology has been
around for 3+ years, and would have caught the PETN sewn into the underwear.

2\. They still allow liquids onto planes, which can be used to detonate and/or
do significant damage to the inside of an airplane.

You clearly have your own list of steps the TSA could have taken - I'm
wondering what they are?

~~~
lhuang
1\. There have been numerous "breaches" conducted by journalists, etc. over
the years.

2\. I think the greater point isn't that the TSA is ineffective but rather
that they are inefficient. Making millions of travelers each year jump through
more and more hoops isn't making any of us safer. A smart, determined,
terrorist will easily smuggle something aboard. I've personally walked through
security a half dozen times with a lighter in my bag (forgot it was even
there) when flying both domestic and international, including going from AMS
to IAD. Plus how many TSA screeners have you seen just aimlessly do their job?
You think these guys have real incentive to catch smart/determined terrorists?

The fact is the TSA has burned through billions of dollars (your money) that
may have been better spent on intelligence and more robust "threat list"
monitoring systems. Not to mention on a bevy of other issues they could have
tackled with that money.

The TSA going after a few bloggers is inane. Do you feel safer knowing that a
bunch of knucklehead TSA agents wasted tax payer money to intimidate a bunch
of bloggers? Will the confidentiality of a stupid list of hoops travelers must
jump through make you safer?

Is the end-result even a net positive for society? Is it even CLOSE?

~~~
ahlatimer
I forgot that I had a multitool attached to my keys when I went through
security about a year ago. I actually took my keys out, put them in the
basket, and walked through. No agent said anything until the return trip,
where I was asked to either check my bag or throw it away.

~~~
kelnos
I used to have a mini-Leatherman attached to my key ring, which had a small
knife on it. I'd often forget to take it off when traveling, and it made it
through airport security on at least 4 trips (so at least 8 times through the
x-ray machine), probably more. Ironically, it wasn't the TSA who eventually
took it from me, but security outside a club in San Francisco.

