Thursday, September 27, 2012

The water bottle which could have blown up Logan

It's amazing what a walk-through metal detector can do. It can take a potentially lethal bottle filled with an unknown liquid and turn it in to water. Today, departing in Boston, I forgot to empty one of my water bottles. My bag was flagged, and the TSA "officer" found the offending item. My options were to relinquish the bottle to the TSA (which I didn't want to do) or to go out of security, pour out the water, and be rescreened.
This could have blown up
a security checkpoint.

Could I pour it in the waste basket an arm's length away? No. Why not? Because the bottle might contain an explosive liquid (even though it sure looked like water). 

Could I drink it? No. I joked that "then I might blow up" and the TSO agreed a little too seriously.

So, I took option number 3: I marched through the metal detector (Luckily, Terminal A at Boston rarely has their AIT scanners in use). Once we were through this magical force field, I wondered what the TSO, her gloved hand still holding this potentially lethal water bottle, might do. Obviously, on the airplane side of security, it could have burst in to flames. But having passed through this magical, magnetic force field, the possibly deadly liquid morphed in to a much more benign substance.

"Here ya go" she said, and handed me the bottle.

I was perplexed. Not 30 seconds before, this bottle had been so potentially dangerous that I could not touch it, and it could not be opened, lest it burst in to flames. Yet, 50 feet away, it was readily handed to me to pour in to a receptacle very similar to the one on the other side of security. And we hadn't even walked through an advanced imaging machine, but a simple metal detector.

This is your TSA at work.

Yes. I screwed up. I brought—gosh!—hydrogen dioxide through the scary security curtain. But, obviously, it was harmless; I was allowed to deposit it in to a trash can in between two crowded security lines, where it could have exploded and injured dozens. So what is it about the trash can on the in-security side of the airport that is so different (other than having fewer people congregating around it)? Why couldn't the TSA take the bottle and do me the favor of disposing of it? And who, in their right mind, wrote these kinds of regulations and thought that it made any sense?

Tuesday, September 11, 2012

What the TSA doesn't do (anymore)

A few years ago, in a great article about the foibles of the TSA, Bruce Schneier said that there were exactly two things since September 11 which made travel safer:
“Counter­terrorism in the airport is a show designed to make people feel better,” he said. “Only two things have made flying safer: the reinforcement of cockpit doors, and the fact that passengers know now to resist hijackers.” This assumes, of course, that al-Qaeda will target airplanes for hijacking, or target aviation at all. “We defend against what the terrorists did last week,” Schnei­er said. He believes that the country would be just as safe as it is today if airport security were rolled back to pre-9/11 levels. “Spend the rest of your money on intelligence, investigations, and emergency response.”
Very true. In the article, Schneier goes on to print fake boarding passes that he uses to gain access to the airport, circumventing millions of dollars worth of security with Photoshop and a $50 printer. He talks about how a potential terrorist would take advantage of the system:
[T]he terrorist uses a stolen credit card to buy a ticket under a fake name. “Then you print a fake boarding pass with your real name on it and go to the airport. You give your real ID, and the fake boarding pass with your real name on it, to security. They’re checking the documents against each other. They’re not checking your name against the no-fly list—that was done on the airline’s computers. Once you’re through security, you rip up the fake boarding pass, and use the real boarding pass that has the name from the stolen credit card. Then you board the plane, because they’re not checking your name against your ID at boarding.”
Well, that could be clarified as "they're not checking your name against ID at boarding anymore." For a couple of years after September 11, there was actually decent security in what Schneier calls the "security triangle." You purchased your ticket and the government checked your name against terrorist databases. You then printed out your boarding pass at a kiosk at the airport—or obtained it from an agent, who checked your ID. In either case, spoofing the paper stock and font of the pass is not something simple to do at home. Finally, your ID was checked both at the security checkpoint and at the gate when you boarded, so you couldn't use a fake boarding pass (and real name) to get through security and then discard it for the real pass at the gate. Circumventable? Probably. But difficult.

Within a year, two provisions of this, the proprietary printing and the gate searches, were dropped. Airlines encouraged at-home printing (it saves them money on ink and paper) and gate searches were quietly discontinued (which sped plane boarding). And a huge loophole was opened for anyone who could reasonably use Photoshop to spoof a name. A few airports are now installing systems which read your phone or ticket's QR code or bar code and display the actual name, which again is very hard to spoof. But for nine or ten years, we've had no real security going through the airports, despite the TSA's scribbling and the best radiation money can buy. And I can't imagine these systems, which have bar code reader and display, actually cost $100,000 each. Maybe that includes the initial cost of the building the back end. But give the TSA some iPhones and some coders a few grand and you'd probably have a handheld system in hours. (I'm a big-government liberal, and this pisses me off to no end!)

I would surmise, however, that spending the hundreds of millions we've spent on MMW and Backscatter radiation would be better spent on intelligence, as Schneier contends, and that we could check everyone's ticketed name against their ID for a small fraction of that sum. But try telling that to the Blue Shirts.

Sunday, December 25, 2011

Happy holidays from

Last year at this time, I was getting ready for a trip to the airport. On a weeklong romp through the Midwest* this site "went viral" and TSA statuses came pouring in. Thanks to you, they haven't stopped. We're on pace for 150 this month, or so. Thanks for submitting. A year ago this site was built on some basic HTML, a home server that kept crashing and a moderately ugly, but usable, design. We've kept the design. The rest is updated. The structure is probably not optimal, but it works. And I can give thanks for that.

So, as we head to the new year, year 2 of TSA status, keep the statuses coming, keep the information up-to-date, keep the notes succinct and keep me laughing as I glance down the page. But, most of all, help your fellow passengers navigate the silliness that is the TSA.



* I spent successive nights leading up to the trip, and then beyond, in Twin Mountain, N.H., Newton, Mass., Hayward, Wis., Duluth, Minn, Saint Paul, Minneapolis and Chicago. Needless to say, by the Windy City I was spent.

Monday, December 5, 2011

How long does it take to get through airport security?

You can help us find out. We've recently added an optional feature where you can enter the time of day you pass through a checkpoint and how many minutes you wait in line. Why? Well, why not! We have a bunch of submissions, and as I was waiting in security the other day, I thought to myself, man, wouldn't it be nice to build a database of how long these lines are? It would. Let's do a quick pro/con analysis:


  • The site becomes a bit more cluttered with entry boxes for these data. 
  • The site wavers from it's core mission.


  • The site can, perhaps, collect data showing that x-ray machines create longer lines (which might themselves be good targets for "evil doers") and more of a headache for all. 
  • We've had people ask us to put in a "time" field so that they can see if security is or is not being used at certain times—this is an included feature (and may show that certain machines are turned on and off at certain times of day. 
  • It will allow people who don't like wasting their time sitting waiting for planes to get a better idea of how early they have to arrive at the airport. 
  • It may attract new site users who will update the checkpoint status (which is required of all posts)
  • It might even be fun!

So, since I think the pros outweigh the cons, and had several hours to mess around with code on the plane (and, thanks to GoGo, test code live), it's in place. It's optional, but we hope you'll use it.

*NB: If you do report wait times, please report only the time from when you first got in line to when you got through the WTMD, but not time spent waiting for a secondary pat-down. If you want to note which line you went through (elite/regular) use the notes column for that.

Update: apparently the TSA used to provide this information, but no longer does (i.e. the links to that page are kaput).

Tuesday, November 29, 2011

Not TSA Status related

But our lovely Senators want to pass the Stop Online Piracy Act, which won't stop online piracy but will affect legit websites. Probably not TSA Status. But, still. Jesus. Go here to fight back (since you're already fighting back against the TSA).

Monday, November 28, 2011

An attempt to explain the "turn off your devices" rule

We've all been there. The plane taxis back from the gate. Something important happens on the internet! You scroll down your mobile device when suddenly a stern-looking flight attendant tells you that the device can't be used during take-off and landing, and can only be used with transmission disabled later in the flight. When you've been told it's okay. Because, apparently, it could cause the plane to fall from the sky.

Apparently not. As this Times blog post points out, no plane has ever dropped from the sky due to the use of a mobile device. Ever. Many mobile devices have come in to existence since these rules were put in to place, but all are banned. (And why can you use a cell phone but not a laptop during post-landing taxi when the two technologies are quickly converging?) The best reason anyone can offer that this ban exists is that there is no evidence that electronic gadgets can't interfere with a plane. But, of course, the same study found that there is no evidence that they can. In fact, the FAA doesn't even have (pdf) a set list of devices they ban, but they leave it up to the airlines.

Obviously, this is a large load of horse hockey. I've frequently not only not turned off my device, but actively used it. Here are some examples:

  • In June of 2008, I was on a flight from DEN to MSP which was delayed, allowing me to listen to some of the Celtics-Lakers finals game being played (my father played the radio in to a cell phone which I held to my ear away from the aisle). We finally took off during the fourth quarter, at which point I was able to carry the cell phone call through about 4000 feet. The Celtics won. The fellow next to me appreciated the score updates; the woman across the aisle gave me a stare of death. The airplane flight was without any consequence.
  • The next year, I was flying over a friends' house approaching the airport. I sent a text message to that effect. The plane landed safely.
  • I never power down my computer. I simply put it to sleep.
  • In 2010, I used Google Voice to dial in to a conference call through GoGo inflight, which was forbidden by GoGo but worked like a charm with Google Voice. So there goes the "they don't want people having conversations" argument.
  • I've recently been using an iPhone speedometer app to see how fast planes are traveling when they take off and land. It doesn't work so well at high altitudes. But it hasn't yet crashed a plane.
And every time I fly, I try to think of new ways to subvert this rule. I never take the battery out of my wristwatch (which certainly could crash a plane!). Maybe next time I'll turn on my headlamp to see what happens (probably a plane crash) or bring a transistor radio (crash-tastic). A few years ago I had a pilot dial up the local Boston Red Sox affiliate and play AM radio over the in-flight entertainment system until the signal was lost (Channel 9 on United is quite versatile). And the plane arrived at it's destination unscathed.

A couple new site features

1. We've gotten a flood of submissions in recent days (everyone traveling and standing in lines) and have added a countdown to 2000 submissions ticker on the home page. As of this writing, there are 135 statuses to go!

2. We've added a few more (12, to be precise) major airports to the search page so you can just click and go; no need to type and search. Not a big deal, but better use of screen real estate.

Let us know how you like it!