Friday, November 21, 2008

Wednesday, November 12, 2008

Airport Security

Airport security in America is a sham—“security theater” designed to make travelers feel better and catch stupid terrorists. Smart ones can get through security with fake boarding passes and all manner of prohibited items—as our correspondent did with ease.

by Jeffrey Goldberg

The Things He Carried

If I were a terrorist, and I’m not, but if I were a terrorist—a frosty, tough-like-Chuck-Norris terrorist, say a C-title jihadist with Hezbollah or, more likely, a donkey-work operative with the Judean People’s Front—I would not do what I did in the bathroom of the Minneapolis–St. Paul International Airport, which was to place myself in front of a sink in open view of the male American flying public and ostentatiously rip up a sheaf of counterfeit boarding passes that had been created for me by a frenetic and acerbic security expert named Bruce Schnei­er. He had made these boarding passes in his sophisticated underground forgery works, which consists of a Sony Vaio laptop and an HP LaserJet printer, in order to prove that the Transportation Security Administration, which is meant to protect American aviation from al-Qaeda, represents an egregious waste of tax dollars, dollars that could otherwise be used to catch terrorists before they arrive at the Minneapolis–St. Paul International Airport, by which time it is, generally speaking, too late.

I could have ripped up these counterfeit boarding passes in the privacy of a toilet stall, but I chose not to, partly because this was the renowned Senator Larry Craig Memorial Wide-Stance Bathroom, and since the commencement of the Global War on Terror this particular bathroom has been patrolled by security officials trying to protect it from gay sex, and partly because I wanted to see whether my fellow passengers would report me to the TSA for acting suspiciously in a public bathroom. No one did, thus thwarting, yet again, my plans to get arrested, or at least be the recipient of a thorough sweating by the FBI, for dubious behavior in a large American airport. Suspicious that the measures put in place after the attacks of September 11 to prevent further such attacks are almost entirely for show—security theater is the term of art—I have for some time now been testing, in modest ways, their effectiveness. Because the TSA’s security regimen seems to be mainly thing-based—most of its 44,500 airport officers are assigned to truffle through carry-on bags for things like guns, bombs, three-ounce tubes of anthrax, Crest toothpaste, nail clippers, Snapple, and so on—I focused my efforts on bringing bad things through security in many different airports, primarily my home airport, Washington’s Reagan National, the one situated approximately 17 feet from the Pentagon, but also in Los Angeles, New York, Miami, Chicago, and at the Wilkes-Barre/Scranton International Airport (which is where I came closest to arousing at least a modest level of suspicion, receiving a symbolic pat-down—all frisks that avoid the sensitive regions are by definition symbolic—and one question about the presence of a Leatherman Multi-Tool in my pocket; said Leatherman was confiscated and is now, I hope, living with the loving family of a TSA employee). And because I have a fair amount of experience reporting on terrorists, and because terrorist groups produce large quantities of branded knickknacks, I’ve amassed an inspiring collection of al-Qaeda T-shirts, Islamic Jihad flags, Hezbollah videotapes, and inflatable Yasir Arafat dolls (really). All these things I’ve carried with me through airports across the country. I’ve also carried, at various times: pocketknives, matches from hotels in Beirut and Peshawar, dust masks, lengths of rope, cigarette lighters, nail clippers, eight-ounce tubes of toothpaste (in my front pocket), bottles of Fiji Water (which is foreign), and, of course, box cutters. I was selected for secondary screening four times—out of dozens of passages through security checkpoints—during this extended experiment. At one screening, I was relieved of a pair of nail clippers; during another, a can of shaving cream.

During one secondary inspection, at O’Hare International Airport in Chicago, I was wearing under my shirt a spectacular, only-in-America device called a “Beerbelly,” a neoprene sling that holds a polyurethane bladder and drinking tube. The Beerbelly, designed originally to sneak alcohol—up to 80 ounces—into football games, can quite obviously be used to sneak up to 80 ounces of liquid through airport security. (The company that manufactures the Beerbelly also makes something called a “Winerack,” a bra that holds up to 25 ounces of booze and is recommended, according to the company’s Web site, for PTA meetings.) My Beerbelly, which fit comfortably over my beer belly, contained two cans’ worth of Bud Light at the time of the inspection. It went undetected. The eight-ounce bottle of water in my carry-on bag, however, was seized by the federal government.

On another occasion, at LaGuardia, in New York, the transportation-security officer in charge of my secondary screening emptied my carry-on bag of nearly everything it contained, including a yellow, three-foot-by-four-foot Hezbollah flag, purchased at a Hezbollah gift shop in south Lebanon. The flag features, as its charming main image, an upraised fist clutching an AK-47 automatic rifle. Atop the rifle is a line of Arabic writing that reads Then surely the party of God are they who will be triumphant. The officer took the flag and spread it out on the inspection table. She finished her inspection, gave me back my flag, and told me I could go. I said, “That’s a Hezbollah flag.” She said, “Uh-huh.” Not “Uh-huh, I’ve been trained to recognize the symbols of anti-American terror groups, but after careful inspection of your physical person, your behavior, and your last name, I’ve come to the conclusion that you are not a Bekaa Valley–trained threat to the United States commercial aviation system,” but “Uh-huh, I’m going on break, why are you talking to me?”

fake boarding pass
The author's forged boarding pass—complete with Platinum/Elite Plus status and magical TSA-approval squiggle—got him through security.


In Minneapolis, I littered my carry-on with many of my prohibited items, and also an Osama bin Laden, Hero of Islam T-shirt, which often gets a rise out of people who see it. This day, however, would feature a different sort of experiment, designed to prove not only that the TSA often cannot find anything on you or in your carry-on, but that it has no actual idea who you are, despite the government’s effort to build a comprehensive “no-fly” list. A no-fly list would be a good idea if it worked; Bruce Schnei­er’s homemade boarding passes were about to prove that it doesn’t. Schnei­er is the TSA’s most relentless, and effective, critic; the TSA director, Kip Hawley, told me he respects Schnei­er’s opinions, though Schnei­er quite clearly makes his life miserable.

“The whole system is designed to catch stupid terrorists,” Schnei­er told me. A smart terrorist, he says, won’t try to bring a knife aboard a plane, as I had been doing; he’ll make his own, in the airplane bathroom. Schnei­er told me the recipe: “Get some steel epoxy glue at a hardware store. It comes in two tubes, one with steel dust and then a hardener. You make the mold by folding a piece of cardboard in two, and then you mix the two tubes together. You can use a metal spoon for the handle. It hardens in 15 minutes.”

As we stood at an airport Starbucks, Schnei­er spread before me a batch of fabricated boarding passes for Northwest Airlines flight 1714, scheduled to depart at 2:20 p.m. and arrive at Reagan National at 5:47 p.m. He had taken the liberty of upgrading us to first class, and had even granted me “Platinum/Elite Plus” status, which was gracious of him. This status would allow us to skip the ranks of hoi-polloi flyers and join the expedited line, which is my preference, because those knotty, teeming security lines are the most dangerous places in airports: terrorists could paralyze U.S. aviation merely by detonating a bomb at any security checkpoint, all of which are, of course, entirely unsecured. (I once asked Michael Chertoff, the secretary of Homeland Security, about this. “We actually ultimately do have a vision of trying to move the security checkpoint away from the gate, deeper into the airport itself, but there’s always going to be some place that people congregate. So if you’re asking me, is there any way to protect against a person taking a bomb into a crowded location and blowing it up, the answer is no.”)

Schnei­er and I walked to the security checkpoint. “Counter­terrorism in the airport is a show designed to make people feel better,” he said. “Only two things have made flying safer: the reinforcement of cockpit doors, and the fact that passengers know now to resist hijackers.” This assumes, of course, that al-Qaeda will target airplanes for hijacking, or target aviation at all. “We defend against what the terrorists did last week,” Schnei­er said. He believes that the country would be just as safe as it is today if airport security were rolled back to pre-9/11 levels. “Spend the rest of your money on intelligence, investigations, and emergency response.”

Schnei­er and I joined the line with our ersatz boarding passes. “Technically we could get arrested for this,” he said, but we judged the risk to be acceptable. We handed our boarding passes and IDs to the security officer, who inspected our driver’s licenses through a loupe, one of those magnifying-glass devices jewelers use for minute examinations of fine detail. This was the moment of maximum peril, not because the boarding passes were flawed, but because the TSA now trains its officers in the science of behavior detection. The SPOT program—“Screening of Passengers by Observation Techniques”—was based in part on the work of a psychologist who believes that involuntary facial-muscle movements, including the most fleeting “micro-expressions,” can betray lying or criminality. The training program for behavior-detection officers is one week long. Our facial muscles did not cooperate with the SPOT program, apparently, because the officer chicken-scratched onto our boarding passes what might have been his signature, or the number 4, or the letter y. We took our shoes off and placed our laptops in bins. Schnei­er took from his bag a 12-ounce container labeled “saline solution.”

“It’s allowed,” he said. Medical supplies, such as saline solution for contact-lens cleaning, don’t fall under the TSA’s three-ounce rule.

“What’s allowed?” I asked. “Saline solution, or bottles labeled saline solution?”

“Bottles labeled saline solution. They won’t check what’s in it, trust me.”

They did not check. As we gathered our belongings, Schnei­er held up the bottle and said to the nearest security officer, “This is okay, right?” “Yep,” the officer said. “Just have to put it in the tray.”

“Maybe if you lit it on fire, he’d pay attention,” I said, risking arrest for making a joke at airport security. (Later, Schnei­er would carry two bottles labeled saline solution—24 ounces in total—through security. An officer asked him why he needed two bottles. “Two eyes,” he said. He was allowed to keep the bottles.)

We were in the clear. But what did we prove?

“We proved that the ID triangle is hopeless,” Schneier said.

The ID triangle: before a passenger boards a commercial flight, he interacts with his airline or the government three times—when he purchases his ticket; when he passes through airport security; and finally at the gate, when he presents his boarding pass to an airline agent. It is at the first point of contact, when the ticket is purchased, that a passenger’s name is checked against the government’s no-fly list. It is not checked again, and for this reason, Schnei­er argued, the process is merely another form of security theater.

“The goal is to make sure that this ID triangle represents one person,” he explained. “Here’s how you get around it. Let’s assume you’re a terrorist and you believe your name is on the watch list.” It’s easy for a terrorist to check whether the government has cottoned on to his existence, Schnei­er said; he simply has to submit his name online to the new, privately run CLEAR program, which is meant to fast-pass approved travelers through security. If the terrorist is rejected, then he knows he’s on the watch list.

To slip through the only check against the no-fly list, the terrorist uses a stolen credit card to buy a ticket under a fake name. “Then you print a fake boarding pass with your real name on it and go to the airport. You give your real ID, and the fake boarding pass with your real name on it, to security. They’re checking the documents against each other. They’re not checking your name against the no-fly list—that was done on the airline’s computers. Once you’re through security, you rip up the fake boarding pass, and use the real boarding pass that has the name from the stolen credit card. Then you board the plane, because they’re not checking your name against your ID at boarding.”

What if you don’t know how to steal a credit card?

“Then you’re a stupid terrorist and the government will catch you,” he said.

What if you don’t know how to download a PDF of an actual boarding pass and alter it on a home computer?

“Then you’re a stupid terrorist and the government will catch you.”

I couldn’t believe that what Schneier was saying was true—in the national debate over the no-fly list, it is seldom, if ever, mentioned that the no-fly list doesn’t work. “It’s true,” he said. “The gap blows the whole system out of the water.”

This called for a visit to TSA headquarters. The headquarters is located in Pentagon City, just outside Washington. Kip Hawley, the man who runs the agency, is a bluff, amiable fellow who is capable of making a TSA joke. “Do you want three ounces of water?” he asked me.

I raised the subject of the ID triangle, hoping to get a cogent explanation. This is what Hawley said: “The TDC”—that’s “ticket document checker”—“will make a notation on your ticket and that’s something that will follow you all the way through” to the gate.

“But all they do is write a little squiggly mark on the boarding pass,” I said.

“You think you might be able to forge that?” he asked me.

“My handwriting is terrible, but don’t you think someone can forge it?” I asked.

“Well, uh, maybe. Maybe not,” he said.

Aha! I thought. He’s hiding something from me.

“Are you telling me that I don’t know about something that’s going on?” I asked.

“We’re well aware of the scenario you describe. Bruce has been talking about it for two years,” he said, referring to Schnei­er’s efforts to publicize the gaps in the ID triangle.

“Isn’t it a basic flaw, that you’re checking the no-fly list at the point of purchase, not at the airport?”

He leaned back in his chair.

“What do you do about vulnerabilities?” he asked, rhetorically. “All the time you hear reports and people saying, ‘There’s a vulnerability.’ Well, duh. There are vulnerabilities everywhere, in everything. The question is not ‘Is there a vulnerability?’ It’s ‘What are you doing about it?’”

Well, what are you doing about it?

“There are vulnerabilities where you have limited ways to address it directly. So you have to put other layers around it, other things that will catch them when that vulnerability is breached. This is a universal problem. Somebody will identify a very small thing and drill down and say, ‘I found a vulnerability.’”

In other words, the TSA has no immediate plans to check passengers against the no-fly list at the moment before they board their flight. (Hawley said that boarding passes will eventually be encrypted so the TSA can follow their progress from printer to gate.) Nor does it plan to screen airport employees when they show up for work each day. Pilots—or people dressed as pilots—are screened, as the public knows, but that’s because they enter the airport through the front door. The employees who drive fuel trucks, and make french fries at McDonald’s, and clean airplane bathrooms (to the extent that they’re cleaned anymore) do not pass through magnetometers when they enter the airport, and their possessions are not searched. To me this always seemed to be, well, another “vulnerability.”

“Do you know what you have on the inside of an airport?” Hawley asked me. “You have all the military traveling, you have guns, chemicals, jet fuel. So the idea that we would spend a whole lot of resources putting a perimeter around that, running every worker, 50,000 people, every day, through security—why in the heck would you do that? Because all they have to do is walk through clean and then have someone throw something over a fence.”

I asked about the depth of background screening for airport employees. He said, noncommittally, “It goes reasonably deep.”

So there are, in other words, two classes of people in airports: those whose shoes are inspected for explosives, and those whose aren’t. How, I asked, do you explain that to the public in a way that makes sense?

“Social networks,” he answered. “It’s a very tuned-in workforce. You’re never alone when you’re on or around a plane. ‘What is that guy spending all that time in the cockpit for?’ All airport employees know what normal is.” Hawley did say that TSA employees conduct random ID checks and magnetometer screenings, but he did not say how frequently.

I suppose I’ve seen too many movies, but, really? Social networks? Behavior detection? The TSA budget is almost $7 billion. That money would be better spent on the penetration of al-Qaeda social networks.

As I stood in the bathroom, ripping up boarding passes, waiting for the social network of male bathroom users to report my suspicious behavior, I decided to make myself as nervous as possible. I would try to pass through security with no ID, a fake boarding pass, and an Osama bin Laden T-shirt under my coat. I splashed water on my face to mimic sweat, put on a coat (it was a summer day), hid my driver’s license, and approached security with a bogus boarding pass that Schnei­er had made for me. I told the document checker at security that I had lost my identification but was hoping I would still be able to make my flight. He said I’d have to speak to a supervisor. The supervisor arrived; he looked smart, unfortunately. I was starting to get genuinely nervous, which I hoped would generate incriminating micro-expressions. “I can’t find my driver’s license,” I said. I showed him my fake boarding pass. “I need to get to Washington quickly,” I added. He asked me if I had any other identification. I showed him a credit card with my name on it, a library card, and a health-insurance card. “Nothing else?” he asked.

“No,” I said.

“You should really travel with a second picture ID, you know.”

“Yes, sir,” I said.

“All right, you can go,” he said, pointing me to the X-ray line. “But let this be a lesson for you.”


link

UPDATE:
Last week, in response to my article about the idiocy of airport security, the head of the Transportation Security Administration, Kip Hawley, essentially conceded the main argument of my article, which was that America's aviation security system is not designed to catch smart terrorists, but stupid terrorists. Here's what Hawley wrote last week:

"Clever terrorists can use innovative ways to exploit vulnerabilities. But don't forget that most bombers are not, in fact, clever. Living bomb-makers are usually clever, but the person agreeing to carry it may not be super smart. Even if "all" we do is stop dumb terrorists, we are reducing risk."
Not quite believable. And yet he really said it.