Hacker News new | comments | show | ask | jobs | submit login
TSA Pressures Mainstream Media Not To Cover Story (tsaoutofourpants.wordpress.com)
745 points by ddelphin on Mar 8, 2012 | hide | past | web | favorite | 149 comments



The term "security theater" has been tossed around a lot, but I think it's pretty clearly coming to that. Asking the mainstream media not to cover something like this is completely indefensible from a security standpoint - what, terrorists only learn about security flaws from TV?. It's pretty patently only about keeping their budget.

Also, just going to throw this out there, but it is fairly possible that the email is totally fake.


No. It's not "coming to that". We're well past the security theater stage, and into the nightmare stage.

Even hinting that any media not cover this or ANY story is so, so far beyond the purview of TSA that it is shocking (or should be shocking—it has become rather hard to be shocked by TSA) that they would even consider pulling this.

The Supreme Court should slap them so hard that their acronym gets mixed up. This is an outrage.

(edited to add snark) I thought of the perfect new acronym! STA: Security Theater Administration.


Hinting that media cover or not cover any story is so far beyond the purview of the TSA that no competent journalist would consider taking them seriously, making this a comparatively mild nightmare.

The Supreme Court can't "slap them" for anything; someone with standing would have to bring a case, and for that case to have merit, some journalistic outlet would have had to have its discretion actually impinged by the TSA.


There might be a suit brought on behalf of one of these reporters and/or their employer arguing that the implication of consequences from such a powerful entity without a court order constitutes illegal interference with their business, possibly entitling them to some damages, and more importantly, establishing some very important precedent which might prevent the TSA from ever attempting such a stunt in the future. I could certainly see many lawyers salivating at the prospect of winning a suit against such a well-funded target, not to mention the notoriety such a contentious issue would bring them in any event.


You are not familiar with Sovereign Immunity. No lawyer in the world salivates at the thought of suing the federal government.


Maybe you're not familiar with the Federal Tort Claims Act, which provides a waiver for the federal government's immunity in the case that a federal employee has been shown to have caused wrongful damage.


I am familiar with the Federal Tort Claims Act. No reasonable person would consider your original claim a tort. Where are the damages from one government employee making a hollow threat? What specific expenses or losses did the newspaper incur because a federal employee made a threat?

Your case is weak, otherwise lawyers would be fully employed.


What if they suddenly find all of their reporters have been added to the federal no-fly list?


Then they would have a case. Also if if jackbooted TSA thugs showed up to burn down the newspaper building. But since no one has even alleged that any of these things have happened, can we skip the wild and crazy speculation?


Except what actually happens (Hello, PATRIOT act!) is that all the evidence of harm is secret, and so the Supreme Court refuses to grant standing to any injured party, and so discovery never happens and the evidence can never be brought to light and the harm never proven in court. This story has been repeated over and over since 2002.


Real lawyers do. We don't have real lawyers.


Change "Administration" to "Department" and I think you've got a winner.


> No. It's not "coming to that". We're well past the security theater stage, and into the nightmare stage.

If you want to stick to the theatrical vocabulary while being pedantic, you could talk about security phantasmagoria


Would this be considered blackmail, if the media starts getting harassed by the TSA over covering such stories?


Civil Rights violations, like the Rodney King beating


I think they are betting on security through absurdity (I initially meant to spell obscurity but this makes more sense).


They're operating on the age-old wisdom of, "If you don't know where you're going, you're never lost."


On the plus side, they're making good time.


It's incredibly suspicious to allude to an e-mail from the TSA, but not actually include a copy of said e-mail.


I'll be requesting a copy by FOIA... will post on my blog whenever it comes :)


Thank you for your brave work on this issue, you are a true patriot.

"It does not require a majority to prevail, but rather an irate, tireless minority keen to set brush fires in people's minds." -- Samuel Adams, Founding Father


Was the expression "brush fire" current in the late 1700s? In fact, the whole sentence looks a little questionable.



sure but this only applies to a citizen's inalienable right to make beer (and seasonal ales).


Could you ask the journalist in question to forward you the entire e-mail as well?


He doesn't want to ruin his relationship with the source by doing so, but again, it should be a public record releasable under FOIA


It's supposed to take a month. But, the TSA ignored my last FOIA request, so I had to sue them for it.


Thank you, story is on the blog, including this post: http://tsaoutofourpants.wordpress.com/2012/02/01/confirmed-t...


Wow. That in itself is a great story which should be heard.


How long does an FOIA request of that sort usually take? If there are multiple steps, could you give us a timeline?


Probably depends on the request. I got a pretty quick turnaround (or at least it exceeded my expectations) on my request to the FBI for whatever they knew about my grandfather: About 3 weeks.

Sidenote: if you're interested in doing the same just go to http://www.getgrandpasfbifile.com/


What kind of relationship does he have with a TSA agent who is mildly threatening him or intimidating him at least?


The TSA as a journalistic source?


Is this the same source that's threatening him?

Also, I wouldn't be surprised if the email server suddenly lost a bunch of emails the day before the FOIA request went through.


It's not "incredibly suspicious", since the author is claiming that one of his media contacts was the recipient of the email. Also, I don't see how seeing a screenshot of the purported message from the TSA would be considered more valid evidence than the current screenshot.


Second source confirms in comments! SmarterTravel March 8, 2012 at 3:34 pm | #11 Reply | Quote | Edit We were also “strongly cautioned” not to cover the story. We did anyway at SmarterTravel: http://tinyurl.com/7te5wj8


For the cautious, the above tinyurl expands to http://www.smartertravel.com/blogs/today-in-travel/did-blogg...


So you're saying that screen shot [1] of the redacted email was manufactured, or that the source of the redacted email was maybe trolling Jon?

I'm one of those folks that when I see a redacted email like that with most of the identity cookie in it I wonder if one could track down the original. I mean mail.fourtentech.com actually has a web server sitting on it and all.

Anyway, it could be a viralish stunt, but sadly its pretty credible that the TSA might say this.

[1] http://tsaoutofourpants.files.wordpress.com/2012/03/caution_...


So you're saying that screen shot [1] of the redacted email was manufactured, or that the source of the redacted email was maybe trolling Jon?

Or an infinite number of other things. Don't get bogged down in what the alternative scenario is. What is important is that if something is true, we should be able to find corroborating evidence to support it. If we can't, then we have reason to doubt the initial claim - and we can do so without arguing for a particular alternate scenario.


I'm confused. I see something that looks like an email referring to the aforementioned email from Sari Koshetz.

I do not however see an email that looks like anything from Sari Koshetz with or without redaction.

EDIT: I agree with the user "martey" below, though, that this wouldn't necessarily be evidence of anything. It's way too easy to fake this kind of thing. The FOIA request for the email is the way to go. It'll probably find itself conveniently deleted or something, though.


Then again, this is arguably censorship theater. I thought the original post was blogspammy in the extreme, and this is more of the same.

This does not make me a cheerleader for the TSA.


Just want to point this out: "strongly caution" is what the TSA flak told the reporter (according to the reporter). That doesn't necessarily mean "don't report this or we'll send you to Gitmo". It most likely was expressed in the context of "you're going to look stupid/spread misinformation if you do."

I'm not saying the TSA flak won't be vindictive if a reporter covers the story. I'm just saying, there's not an immediate reason to jump to this conclusion. You don't get to be TSA flak by writing thinly-veiled threats that are easily retrieved through public records requests.


I think it's probably in the middle.

You have to remember that journalists rely on sources, and some of those sources come from government agencies. A strong caution contains an implied threat of non-cooperation, i.e. if you cover that story, we will be feeding other journalists more info than we feed you.

We've already been seeing this a lot with the current administration, regarding trying to ban Fox News from the press pool (ok, I am no fan of Fox News, and I was a fan of Obama in 2008, but COME ON). In context, this is a meaningful threat.

However, I wonder if the issue has to do more with the "get rid of the TSA" rhetoric in the post than it does with the security hole.


You need general, sure but the TSA management is not Apple, or even a politicians who uses media manipulation to win hearts and minds. It is just inept damage control trying to cover up corruption and incompetence.


Yes, this is exactly right.

I've covered TSA and edit a blog that just covered this very story. http://www.wired.com/threatlevel/2012/03/bodyscanner-video/

Sometimes a flak can save you embarrassment and other times you disregard them because you know its a story.


Why would a PR flak ever stop a critic from embarrassing and discrediting himself? That would be gold for the TSA. The only exception would be if the critic is so powerful that even a false story would hurt the TSA. I don't think SmarterTravel is that much of a force. At most, this "caution" is concern trolling.


What does the TSA care about people looking stupid? Boing Boing took down their TSA post.


This one is still up:

http://boingboing.net/2012/03/07/howto-get-metal-through-a-t...

I can't imagine any BoingBoing writers sitting still if the TSA forced something like this to be removed from the site.


Let's suppose the story was bogus and the reporters would look stupid (neither is true). The TSA might still not want the story to be spread widely, because people will remember the original story, but not the corrections hidden in small print.


> "you're going to look stupid/spread misinformation if you do."

"And then we will send you to Gitmo for spreading misinformation."


So, the US collectively pays for the TSA. The TSA takes your money, buys into the accountability of body scanners - somehow miss (then deny) the vulnerability – one a terrorist could successfully overcome - and they're asking, what? That no one know about it? Are you serious? Like the TSA is a newb database admin that accidentally dropped the users table or something? The TSA is literally fucking with your lives and you pay for it and seriously being told to shut up about it in no uncertain terms. Yikes.

What gets me is that the person who pointed out this flaw actually demonstrated it. I shutter to think what would have happened to this information had he only provided anecdotal hypothesis.


The TSA probably views its own mission as largely a propaganda mission. It's just creepy when we realize that it is trying to silence public debate.

The biggest oddity to me is that it's been over 10 years and this debate hasn't actually happened in the mainstream media.

I think one aspect of most orgs that have entrenched power is that they are always very deferent toward government. NPR is a great example... there is lots of coverage of various wall street schemes, mention of greed as a problem in the private sector, etc., but the underlying message in most of the stories is that government is beyond reproach.


I don't know if that's entirely true. NPR was really suspicious of the government before 2008. Then something changed.


The change happened earlier than 2008. It happened when funding was getting dismantled in Congress and subsequently a conservative ombudsman was appointed along with a guy to run operations that used to run Radio Free Europe. After that, it was National Petroleum Radio.

Republicans largely support the things that we're objecting to here, along with Obama.


Have some data to support your cognitive bias?


Not sure that data is available, but I was listening to NPR news during that time. I thought they did decent job of highlighting the poor behavior of our government. Then things changed (not government behavior, which is the same if not worse).

At the pinnacle of the credit crisis they started hating on the financial services sector. As if they had any idea of what credit derivative were. The "experts" they had on air seemed to have a textbook definition which would then be simplified by saying "It's basically gambling". Uhg.

At some point I realized that most of their "experts" (in all their coverage) were either working for the government, the Federal Reserve, or had financial ties to the government (grant recipients, lobbyist, etc...). I stopped listening around 2010 after I found myself yelling at the radio too often. Maybe things have changed.


Remind me what year Obama was elected?


The government supporting the TSA, despite its People pushing against it, is a prime example of failure of democracy in the United States. The People elected a government who does not what they want!

Some countries hold referendums to vote on controversial topics. It would be a great solution to hold one in the U.S. at the federal level asking a very simple question: "Should the TSA be shut down? Yes/No". Direct democracy at its best. Unfortunately the U.S. constitution does not provide for referendums at the federal level... http://en.wikipedia.org/wiki/Referendum#United_States


Be careful what you wish for. The capital-P people are just peachy with those machines. I traveled last week and saw nobody (other than myself) opting out. The people --- in the aggregate --- do not care about this issue.

Left to "democracy in the United States", a referendum that requested the elimination of the "opt-out" process in favor of 0.5s of wait time at the security lines would probably pass in a landslide. Thankfully, we're governed not just by a legislature but by a Constitution interpreted by a panel of judges with lifetime tenure.


Indeed. It's actually quite amazing how impressive our federal judiciary is (two notable examples in Chicago: Posner [1] and Easterbrook). Unfortunately, the judiciary has faced a fairly serious crisis in funding over the last two decades [2]. The Chief Justice spoke about this in his year end report in 2010 [3]. It's one of the largest unsung problem in the U.S. today and it makes me worry about the calibre of judges we will end up with a few decades down the road. The math is depressingly straightforward: judges get paid a lot less, law school costs a lot more, and an entire branch of government is at risk for decay.

[1] http://www.projectposner.org/

[2] http://www.uscourts.gov/JudgesAndJudgeships/JudicialCompensa...

[3] http://www.supremecourt.gov/publicinfo/year-end/2010year-end...


I don't think your observations back up your conclusions with regard to public support for the machines.

The choice people have is between these scanners and a highly intrusive "pat down" which typically includes some TSA agent's hands on your junk. That's not much of a choice.


If you'd like to make that argument, you can, but it doesn't rebut the poll data that shows a clear majority of Americans favor the machines.

(I would prefer they did not, but you can't always get what you want.)


It kind of does rebut the poll data. I bet a majority of Americans would rather be smacked in the face with a brick than shot in the face with a rifle, but it would be a pretty big distortion to rephrase that as "A clear majority of Americans favor getting hit in the face with bricks."


Favor the machines over a pat-down. They would actually _prefere_ neither.


Sorry, this is wishful (I share your wish). The reality is, the polls aren't posing the either/or question. Respondents can favor the imaging machines and reject the pat-downs. Here's a sample question:

    The Transportation Security Administration is increasing its use of so-called 
    'full-body' digital x-ray machines to screen passengers in airport security lines. 
    (Supporters say these machines improve the ability to spot hidden weapons and 
    explosives, and reduce the need for physical searches.) (Opponents say these machines 
    invade privacy by producing x-ray images of a passenger’s naked body that security 
    officials can see, and don’t provide enough added security to justify this.) Which 
    comes closer to your own view – do you support or oppose using these scanners in
    airport security lines?
You would find the actual breakdown of responses equally dispiriting.

Americans think the imaging machines are a good idea. Americans are unreasonably scared of threats to airplanes. That shouldn't surprise you, since Americans are also unreasonably scared of airplanes.

In any case, if this is a "failure of democracy", it is not a failure of the kind imagined by the root comment on this thread.


It is right that about half of the Americans don't fly very often and seem for the scanners according to some recent polls. My "failure of democracy" statement was exaggerated I think.

On the other hand, people who fly somewhat frequently seem to be almost all against them. The guy who published the video said comments against the machines on his blog outnumber 20 to 1 the people who support them.


People need to understand this: it's all about the lobbyists, period. The TSA is nothing but a cash cow for the defense and security industries. Actual security is an irrelevant side effect.


it's all about the lobbyists, period.

Don't the politicians and bureaucrats -- the ones we're trusting to look out for our interests -- bear some responsibility?


You mean people like Michael Chertoff, who pushed for the body scanners when he was the Secretary of the Department of Homeland Security and then retired to found a consulting company which has been employed by the companies who manufacture those same scanners? That sort of thing?


Some states have had good luck with referendums (ND), but I am not sure a federal version would be all that good. I'm one of those that thinks the 17th Amendment made it harder for the federal government to be accountable to the will of the people in the states. It seems like Senators are not as responsive. I don't think repealing it would help these days since people expect to directly vote for office holders (electoral college aside).

It would be interesting, since travel distances are not really the issue, if each state was represented in the Senate not by 2 Senators but by that state's Governor. Seems like you would get a much better response.


The story he's referring to is this one:

http://tsaoutofourpants.wordpress.com/2012/03/06/1b-of-nude-...


So the TSA is "securing" airports by trying to keep vulnerabilities secret. Their thinking seems to be, "if no one knows where the open door is, no one will get in." Surely that will work out well. Not!

Bruce Schneier must be getting a kick out of this.


Indeed. Here's what I posted on Facebook (mildly edited for clarity) about the TSA's response (btw one of my Facebook friends is a TSA screener):

Some thoughts about this.

The main defense that the TSA offers over the body scanners in this regard is that it is somehow better/harder to circumvent than the metal detectors, and that it's only one part of a larger program using layers of security.

We can argue about the specifics but the idea of layers of security is one thing the TSA is doing right. One of my complaints about the body scanners is that they are not implemented in a way that makes full use of this (tandem to a metal detector, as separate layers, ideally in conjunction with behavioral indicators). But that's neither here nor there. I want to talk about testing.

As a software engineer, I know there is testing, and there is testing. Extensive pre-deployment testing is important. There can't be any doubt of that. However, it is also by definition incomplete. Stuff will always get missed. Real testing in a security environment involves the sorts of things that this video involves--- many people looking for ways to circumvent a given technology and doing so. A few professional testers will miss stuff because everyone has blind spots. This has to be an ongoing thing, and it has to rely on independent individuals not beholden to the organization ordering the testing.

In the computer software field, while the stakes are lower, we deal with a level of constant attack unmatched in any physical security field. A firewall in the rural US is under more constant attack than any US troops on any battlefield and I have logs to prove this, so in my industry we have had to find better ways of dealing with these problems than we see with the Department of Homeland Security today. While my life may not depend on my firewall holding up, my livelihood very well might, as does all of your credit card data depend on firewalls of places like Amazon.

The video I linked to yesterday, while I don't agree with all of the political remedies proposed is a solid example of penetration testing, and the sort that makes us more secure. We should no more trust the TSA with securing our airports than we should trust Microsoft with securing our data. Microsoft can't get there without armies of white-hat hackers reporting vulnerabilities before the bad guys find and exploit them. The TSA shouldn't attempt this either.

Just this week we saw a massive security hole discovered at Github, which many open source projects use. This hole allowed anyone who had an account (and anyone can sign up!) the ability to commit software changes to any project on the system. The severity of this problem was just unbelievable. In all likelihood this would have gone at least partially unfixed (given past attempts to get the software fixed) had it not been for one daring individual breaking into the system in a reasonably responsible (as far as we know, but if you use github, audit your code!) way.

But imagine if a bad guy did this? What critical systems would be vulnerable for years because of malware planted? The fact that it was reported in a public way after a previous fix was attempted and fell flat was a good thing.

I have been on the receiving end of accusations of fearmongering for exposing security holes (in software). The fact though is that this is usually the first step to getting the problem fixed. Whatever else is discussed, we need to keep that in mind.

The correct response should have been, "We are evaluating this report and, once we are finished doing so, will institute whatever corrective steps appear to be necessary to solve the problem." This is not it.


Though both the email and the blog response from TSA are incredibly unprofessional, the email is NOT intimidation or a "veiled threat", and exaggerating by claiming it is is not going to help a sane discussion about this issue. What do you think the TSA is "threatening" to do? They have no power over the media.

All the TSA are saying is "exercise caution with reporting on bloggers that make random statements because you can end up looking stupid". They're wrong in this case, of course, and most likely know they're wrong, but that doesn't make their statement be intimidation (nor should it be read as such). Let's stay reasoned and calm, people.


Reporters travel a lot. Severe abuses of the opaque http://en.wikipedia.org/wiki/No_Fly_List have long been alleged, and I certainly wouldn't put it past them to retaliate that way.


Is there an implied threat of being less cooperative with feeding the journalist info though?

It doesn't have to be "we will put you on a no-fly list" so much as "well, that's our right but we don't have to let you in to any press conferences anymore...."


Is that what the TSA actually said, or just your interpretation of it?


Wouldn't it be a shame if your shop got broken into, looted and set on fire?

Is the above sentence a threat? Of course it is. Not literally (I did not directly say that I would send thugs to loot your shop if you refused to pay me protection money) but a reasonable person would, more likely than not, interpret it as a threat.

If I did not mean it that way but was so dumb as not to anticipate that you would read it that way, I would deserve to go to jail for extortion anyway.

And the TSA, by virtue of having the power to add people to the No Fly List without public scrutiny and knowing of all the rumours of them having added people for political reasons, they should expect any "request" they make to be interpreted that way, and they should take extra care to ensure that it isn't.


Overlay a thin layer of material over the metal plate (the dark/black region in the images) that has a regular repeating pattern (think checkerboard) that shows objects suspended beyond the body's silhouette.

Problem solved.


The problem isn't that this one particular technique exists. The problem is that the TSA's decision making process led them to spend billions of dollars a year against the advisement of the top security experts in the world.

For an organization who's sole purpose is the security of the American people, they're awfully bad at doing things that ensure the security of the American people.


A big problem with that procurement was the very close ties between former TSA director, Michael Chertoff, and the company that makes the full body scanners.


How many places do you think assume security is a problem that can be solved by buying fancy products?

This is an all-too-common mistake. I am sure we have all seen it in the IT industry. I am surprised we don't just recognize it and call it out as such when we see the federal government doing the same.


no they are spending billions to advertise traveling securely as what they are attempting to secure is so statistically approaching zero to be laughable..

in the 1970s when it was found that people could highjack planes by delivery a threatening note or bomb and using a parachute to jump out with money what do you think the airlines did?\

They took the statistically significant thing and changed how planes were designed to prevent people being able to jump out of airliners through the back escape doors.

It did not cost billions of dollars and no extra xray scanning machines were used either..

First act of de-toothing TSA is putting those qualified on security of airlines..the airlines themselves back in charge of security!'


> For an organization who's sole purpose is the security of the American people

Their sole purpose is to make money. They obviously don't give a damn about security.


Why do you think it is black in the first place? Think physics and X-rays, not computer screen...


Have the backgroundpattern made of alternating pieces of absorbent and transparent material, then. (I assume the machines work by measuring obstruction of rays. If they work by reflection of rays, then replace "absorbent and transparent" with "absorbent and reflective".)


Yes, that is basically what I suggested, the material (film) would just drape over the backscatter plate. The resultant image (without a subject) would resemble a black / not so black checkerboard pattern.

The image appears to be a negative relative to the amount of xrays reflected back to the xray source so the additional material would simply have to be slightly less reflective (more absorbent) than the backscatter plate.


No, the image is the positive of the reflected xray, white is more backscatter. Metal has little backscatter and neither does empty space. There is no 'backscatter plate' in terms of a background required to generate the silhouette as far as I am aware.


Isn't it solved by just forcing the scanee to turn to the side, scan front rear and sides?

Great - now the time to get through security just went up!

I mean, the TSA idiots STILL require us to remove our shoes because of some joker with a lighter attempting to burn his foot.


Twice the dose of radiation.


And twice as long to screen per person.


But that would probably ruin the scan from the other direction? There are two pictures, I thought because there is a scan from the front and a scan from the back.


So it sounds like the easy solution is to do two scans. One face-on, and then they ask you to turn to the side and they do another.


Attacker then puts the smuggled payload on the inner thigh, where the leg itself blocks it from the sides.


Or inner arm for that matter.

Also, does anybody know what prevents people from simply taping a knife to the bottom of their foot, under their sock?


Eagerly waiting for the Streisand effect


FTA: "For obvious security reasons, we can’t discuss our technology's detection capability in detail"

The only situation that would make this "obvious" is if the technology is inadequate. Basically by saying that, they're admitting to a large amount of security through obscurity.

Imagine a bank's website saying "For obvious security reasons, we can’t discuss how our passwords are store in detail". Wait, why not? If the technology is adequate to the task you should be able to explain exactly how it works without compromising anything!


Can you cite a bank website where they DO explain how their passwords are stored in detail?


I don't talk to many banks about their password storage, but they all should.

http://en.wikipedia.org/wiki/Security_through_obscurity


What really has my interest is not the TSA's request/threat. That part is unsurprising. Instead, my mind ran through a few ideas about what a news story on this topic would entail. From the last time I bothered to watch CNN, I recall they've acquired a penchant for saying "And a viral video of [topic] is hot on the Twitters today!", showing the video, getting someone in-house to do surface analysis, reading off some Facebook posts, and cutting to commercial. Ideally, a reporter does their own investigation on the topic, either by contacting the TSA and arranging to film while testing the scenario depicted here, or by doing a more undercover verification ala the video itself.

I don't wish to be specifically judgmental of CNN, and I don't wish to over-analyze my mock-scenario. Instead I'm using the thought experiment of a news report on this topic to express frustrations with journalistic practices I have already seen elsewhere. It seems to me there isn't as much motivation on behalf of larger news organizations to put together a verified report, when you can replay something from YouTube and people will believe it much the same.

But maybe there are positive aspects? Crowdsourcing the genesis of news topics allows for a better breadth of topics, clearly. And I recognize there is a need for it in situations such as the Syrian unrest, Tibet, or any place that foreign journalists can't easily access. I get the feeling though, when I go to 'old' media, that I expect old media standards and practices. When I go to 'old' media and get a replay of internet videos followed by an equally-long segment of internet comments, I wonder why I'm not just browsing the internet for myself.


Security through obscurity.

Doesn't work on the Internet. Doesn't work in real-life.


Passwords are Security through obscurity. That does not make them useless, just vulnerable.


That is not what "security through obscurity" means. The phrase specifically refers to security which relies on secrecy of design or implementation details.


A password is a best-effort attempt at implementing the theoretical construct of a 'cryptographic shared secret'.

Passwords are from perfect at that of course, but it's not correct to call them 'obscurity' either.

The distinction between security and obscurity derives from Kerckhoffs's principle. https://en.wikipedia.org/wiki/Kerckhoffs%27s_Principle


They're allowed to say that. The media is allowed (encouraged; morally obliged, perhaps) to ignore them. Whether he's right or wrong (and I'm sure he's right), the bureaucracy would prefer to continue working towards their quarterly MBOs than to address another controversy. This is a non-story.


Completely absurd. The TSA is allowed to vaguely intimidate the media? I call bullshit. I know from reading hundreds of your comments that you are a reasonable man, so please explain where you are coming from on this.


The premise of your outrage is that the TSA has some authority over the media that they are abusing. The TSA has no authority over the media. The media routinely publishes terrifyingly sensitive government secrets over the direct and strident objections of the DoJ and gets hauled into court to defend itself. That the media has a pretty excellent track record in those courts is not so much my point as that the media has so much experience building that track record that only the dumbest reporter would give half a shit whether some TSA functionary "strongly cautioned" them not to run a story.

Since this observation isn't so much "insightful" as it is "completely obvious on its face", to me, Occam's Razor suggests that what the TSA was implying was that the guy was wrong, and that his story was going to make the media look dumb.

Since I have never once seen anyone from the TSA land on the right side of an argument, from airport security to spelling and grammar, we don't have to argue about which one of us is more vehemently contemptuous of it, or, in this case, its argument.


The blog post characterizes this communication as intimidation. I don't see anything remotely intimidating about it; to me it looks like the TSA telling the other reporter that the guy has no credibility, and I think this is an entirely valid criticism of anyone who delighted to be featured on Alex Jones' show.

I have no especial objection to the original story, but it's little more than a marketing exercise: a hyperbolic headline attached to a banal observation, which shoots at a large target and unsurprisingly, hits it. When you think about it, government procuremet on this scale is almost always slow and suffers from stable-door syndrome. As I've said before, nothing is going to happen with the TSA until after the election, because the minute Obama proposes loosening security at airports he'll be accused of inviting terrorists onto planes. Have you not noticed how none the congresspeople who say they are outraged - outraged! - over the TSA's intrusive security methods have made any attempt to cut the agency's funding?


Just because they are legally in the right does not mean that we cannot express our displeasure with their actions.


They're not really threatening anything, they're just asking "please don't cover this story". That's their right and it's not censorship unless the journalist faces consequences for covering the story (no future interviews, harassment by the legal system, etc.) It doesn't seem like any consequences are mentioned or implied, so this doesn't bother me. Of course the TSA doesn't want negative press. Would you?


No, they're not asking ""please don't cover this story"". They are "strongly cautioning" them not to, which can reasonably be interpreted as a veiled threat.


A threat to do what?


"I know where you live."

What is that a threat to do?

How about, "Be careful."?


The government's powers are limited by the Constitution. Someone who threatens to follow you home and kill you, however, is operating in an environment without restrictions, and you might therefore worry that you're actually going to be killed.

"Prior restraint" is a well-tested concept and it doesn't do very well in court. And all the government has to harass you are the courts.


Just because you think that the only way the government is capable of harassing you is with the courts, does not mean that they are not capable of veiled threats. A threats are not limited to personal physical violence.

Though I of course strongly disagree with your premise anyway, particularly when the governmental agency in question is the DHS.


The government should not be in the business of telling the press what to cover. Individuals and businesses, sure. Government, no. I understand there are occasional exceptions due to national security, but those requests come from the highest levels of government and are rare. This is some asshole at the TSA calling up reporters to spread FUD. Completely indefensible.


Well I work in the press and the government can say what they want. It's wrong for the press to obey the government's every wish and it is wrong for the press to immediately ignore the government's every opinion. If a NASA PR person tells me that the agency has determined the Earth to be round that doesn't mean that I need to launch an investigation into the possible flatness of the earth.

There's a difference between "telling/informing" and mandating. The latter is bad; the former is...well, part of a government's job is to disseminate information.


I think it is actually pretty common for authorities not to cover a story if it is in the public interest. For example, a kidnapping case in progress and so on.

The question then, is it in the public interest not to cover this story. I'd say it would probably not matter so much from a security standpoint, but more so for the amount of mayhem that could ensue at airport security if this was public knowledge.


This is insanity. I try to avoid flying as much as possible.

However, the whole controversy also seems to lack common sense. An easy "solution" to this whole problem is to ask people to go into the machine and do a 360 degree rotation before emerging on the other side. I'll call this the "Airport Dance" :-)

What? It's not like we aren't made to dance already!


The current arrangement subjects you to one short burst of radiation to take a static image, and it's enough energy to have some doctors worried. Multiply that up by however many frames you want to capture, and I don't think it would be "some doctors" any more.

Besides, I've got no idea if the machines in place have microwave units that can withstand a high duty cycle like that. I wouldn't be surprised if they can't.


Does anyone have some independently verified numbers for the amount of radiation that a FBS exposes a passenger to and how it compares to the amount of radiation exposure the same passenger would get from 3 hours in a plane? The TSA claims that the latter is significantly (like 100x) greater than the former.


There are numbers out there, but the problem isn't just the amount of energy, it's where it's concentrated. The theory goes that because of its very short wavelength everything that gets absorbed is concentrated in the topmost layers of the skin, so the energy density where it might be damaging is much higher than the absolute amount of energy might suggest.

From memory part of the argument was that the studies hadn't yet been done which might show whether this could be a health issue, so claiming the scanners were safe was at best premature.


I'd like to see it on an updated version of this chart:

https://www.xkcd.com/radiation/

(side note: I have the HTTPS version on my clipboard because I hesitated before typing "radiation dosage" into google, and decided to load up Tor to search for it.)


Nope. If the payload is attached to the inner thigh, the smuggler's leg will shield it from the side scan.


I think the problem is just that the TSA is run by unprofessional people who clearly have no idea what they're doing.


I hope the email is fake. Yet I would not be surprised if it wasn't. Most government employees I have met are not really that intelligent. Add that to a bit of power and little to no accountability and you have an instant recipe for disaster.


Sari Koshetz is the name of a TSA representative. Google her.


So?

Edit: Seriously, what does that prove? Someone faking an email can Google for TSA spokeswomen just as easily as someone trying to verify it.


Why would it be fake?


Somebody's idea of a joke, feeding the opponents fake data to decrease their credibility, someone just wanting attention? People do various things for irrational reasons.


I remember before they were rolling out the scanners seeing a story run by the mainstream media about how congress had invested large amounts of money in the scanners before they realized how useless they were and now they were going to push really push hard for them to become the norm. I guess they succeeded. It sucks how in America a logical argument bumps heads with a touchy subject.


Journalism has been called the fourth pillar of the government.

Its job is not to prop up the establishment, but rather to keep it responsible.


Apperently Sari Koshetz doesn't deny anything

http://www.popehat.com/2012/03/08/in-which-i-strongly-cautio...


For someone who clearly values security, I am surprised to see him running Internet Explorer :-/


It's MS Exchange's web-frontend (OWA), which doesn't play nice with most browsers (last I checked it degraded into some "basic functionality" mode when using anything but IE, although that was a while ago). FourTen Technologies is his company and seems to be mainly a Microsoft shop based on their staff's skill set (ASP, .NET, COM, MSSQL, AD) and portfolio: http://www.fourtentech.com/about/whoswho/

Amusingly their portfolio includes a major project for the NYPD building a automated surveillance network designed for (amongst other functions) "detecting unauthorized individuals in secure areas of the financial district" -- http://www.fourtentech.com/mcs-nypd.html


Security by obscurity.


"Totalitarian democracy is a term made famous by Israeli historian J. L. Talmon to refer to a system of government in which lawfully elected representatives maintain the integrity of a nation state whose citizens, while granted the right to vote, have little or no participation in the decision-making process of the government."

http://en.wikipedia.org/wiki/Totalitarian_democracy



The TSA might as well just move into Barbara Streisand's beachfront property if they are using these kind of tactics.


I am outraged.


Harassment and directly attacking Free Speech? ... but somehow I suspect that this was an employee independently acting stupid, and not an institutional policy.


Did you read the TSA's recent blog post about this? It displays exactly the same sort of attitude.


haha surely you kid?


To play devil's advocate - he clearly has an agenda and his video is more long and boring political ramblings than something really substantial.


1. Anyone who says they don't have an agenda is lying. Everyone has their reasons for doing anything and everything.

2. There is absolutely nothing wrong with having an agenda.


Absolutely. I'm pretty sure that I don't like this guy's politics, his manner irritates me, and every time he says "porn scanners" I get douche chills. But by exposing the truth to the people who pay for it, he's doing god's work and I'm 100% behind him. Not in front of him, but behind him, because he's a brave, tenacious pitbull, and clearly not just fighting for himself.

Of course, if some TSA or government representatives show me proof that he was wrong, and in addition prove to me that this is not security theater for the personal profit of government cronies by dismantling some of Bruce Schneier's premises, I'll be 100% behind them too. It's just not likely that'll happen because this guy and Schneier show their work.


Adding to that:

If he makes a bundle of money in the course of defending our freedoms, then my hat is off to him. Bravo!

From an economics perspective, the fact that someone has turned a profit (in a free market) is prima facie evidence that he has delivered something of value.


Or he's discovered a new kind of sucker, cf. homeopathy.


3. Having an agenda does not invalidate his results.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: