more on Web Site Lets Anyone Create Fake Boarding Passes

[David Farber <dave () farber net>]

Begin forwarded message:

From: john kemp <john.kemp () mac com>
Date: October 31, 2006 10:13:21 AM EST
To: dave () farber net
Subject: Re: [IP] more on Web Site Lets Anyone Create Fake Boarding  
Passes

Hi Dave,

I don't think it's just that senators don't understand the problem. But
leaving that aside for a moment, let's examine this particular case:

i) These things were NOT boarding passes - they ONLY get you into the
secure area. Note that you might also want to create a fake driver's
license (also apparently very easy with current technology if kids < 21
can get them for buying alcohol). At that point you still need to get a
boarding pass to get on the plane.
ii) When you go through security, I think the most important things they
do to you are:

  - Check that your ID matches your boarding pass, and that your ID
photo looks like you.
  - Profile you (by looking at you) to see if you "look suspicious or
nervous" (and perhaps in other ways).
  - Check your hand luggage and person for suspicious, dangerous or
prohibited items.

So, how important is it that you can apparently print a fake pass for
the security area? Perhaps only as important as being able to make fake
ID, something which teenagers have been doing successfully for many
years. Fake ID and a boarding pass will be enough to get you on the
plane. Real or fake ID + one of the passes printed in this exercise will
NOT get you on a plane. But the point is that forging of (identifying)
passes is no more a problem in this case than it ever was.

Now, back to the lack of understanding of senators ;)

Here's a problem: Any identification mechanism (even biometrics) will
one day be faked. And many identification mechanisms (eg. biometrics)
have unpleasant side-effects.
Here's another problem: ID doesn't tell anyone what you will DO. Timothy
McVeigh (decorated war veteran and loyal soldier would be a classic
example) Identity can tell someone some basic information about you. It
won't read your mind and expose that information to the security guard.

But what's a politician to do? Many don't understand these issues at
all. And then there are the political issues surrounding that.

Profiling (by questioning, observing and acquiring data regarding
passenger habits) and physical inspection of passengers makes many
queasy. But as El Al security has shown, it's perhaps the best way to
avoid airplane incidents.

Regards,

- John

David Farber wrote:
> When will our Senators understand ANYTHING
>
>
> Begin forwarded message:
>
> From: Jim Huggins <jhuggins () kettering edu>
> Date: October 30, 2006 9:04:22 PM EST
> To: David Farber <dave () farber net>
> Cc: Ip ip <ip () v2 listbox com>
> Subject: Re: more on Web Site Lets Anyone Create Fake Boarding Passes
>
> On Sun, 29 Oct 2006, David Farber wrote (in part):
>
> > I do seriously question the ethics and maturity of someone who
> > demonstrates what is well understood just for the sake of it all.
>
> I guess I'm not convinced that the boarding-pass loophole is  
> actually well
> understood ... at least, by those with the authority to change things.
>
> As evidence, I cite the reaction of Congressman Edward Markey (D- 
> Mass),
> member of the House Homeland Security committee, who, after news of  
> the
> website became widely known, called for the creator of the website  
> to be
> arrested:
>
>     http://www.wired.com/news/technology/0,72023-0.html
>
> And then, once it was explained to him that the creator only took a
> previously-known attack and made it easier, called on the  
> government to
> *HIRE* him instead:
>
>     http://blog.wired.com/27bstroke6/2006/10/congressman_res.html
>
> So, is the guy a criminal or a hero?  If Congress can't figure it  
> out, I'm
> not convinced they understand the underlying problems ...
>
>
>
>
> -------------------------------------
> You are subscribed as frumioj () mac com
> To manage your subscription, go to
>  http://v2.listbox.com/member/?listname=ip
>
> Archives at: http://www.interesting-people.org/archives/interesting- 
> people/



-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/