One of my favorite columns (albeit less so with the departure of Randy Cohen) is the Times Magazine's The Ethicist. The most recent column dealt with, guess what, the TSA. Basically, a guy keeps getting the SSSS on his boarding pass which tells the screeners to give him the extra-special grope. (Let's not get in to the argument of how silly it is to be telling people, by means of SSSS on their boarding pass, that they are going to be screened.) In any case, some guy is finding that the SSSS on his pass is not always noticed. Should he point out this incompetence?
The ethicist was pretty non-commital. I say: it's silly to be printing this on your boarding pass. How about printing them at home, photoshopping out the SSSS if necessary, and not having to deal with it anymore. Yeah, that sounds good.
Wednesday, August 17, 2011
Wednesday, August 3, 2011
"Has anyone unknown to you …"
We recently posted about the TSA asking passengers questions in an attempt at using behavior detection. The verdict? Good in theory. In practice: likely not.
Well, it turns out the first airport to implement this is BOS. And guess who is flying out of BOS in the next few weeks? This guy. Maybe. Although, perhaps I should run a little experiment and print out a boarding pass using the Photoshop and go have a little fun. All it might cost me is a couple of subway fares.
In any case, according to the article, the questions are along the lines of "how long have you been here?" and "where are you going?" It seems like what you get asked when you cross the Canadian border (we could talk about the intrusion of privacy, although you can just as easily lie). And the questions seem slightly less inane than what the baggage handlers were mandated to ask until the middle of the last decade: "Has anyone unknown to you asked you to carry anything for them."
The answer to that question was, of course: "If someone had asked me to carry something, then they would be known to me, moron."
Well, it turns out the first airport to implement this is BOS. And guess who is flying out of BOS in the next few weeks? This guy. Maybe. Although, perhaps I should run a little experiment and print out a boarding pass using the Photoshop and go have a little fun. All it might cost me is a couple of subway fares.
In any case, according to the article, the questions are along the lines of "how long have you been here?" and "where are you going?" It seems like what you get asked when you cross the Canadian border (we could talk about the intrusion of privacy, although you can just as easily lie). And the questions seem slightly less inane than what the baggage handlers were mandated to ask until the middle of the last decade: "Has anyone unknown to you asked you to carry anything for them."
The answer to that question was, of course: "If someone had asked me to carry something, then they would be known to me, moron."
Tuesday, August 2, 2011
The TSA's behavior detection program
The Times today details the TSA's expansion of behavior detection at airports—basically, informal conversations with travelers to try to see if they are, well, if they can be trusted. On paper, it looks like a good idea. The Israelis do it, and the Israelis have a really good track record when it comes to security. And it's far less invasive (they're not making you strip down, and then having a conversation, after all) and cheaper than $150,000 machines.
Unfortunately, it will probably be implemented like when I recently flew through San Francisco and had this conversation with the TSA agent checking my ID and putting the "TSA squiggle"* on my boarding pass:
Hiring some highly-trained psychologists to question travelers might make some sense, but it would still be searching for a needle in a haystack. Some common sense measures like making sure that you couldn't just print out a copy of a boarding pass with a new name on it and use it to board a plane would make a lot of sense. Not having this in place—and, really, some cheap scanners and a database are all we need (I've even seen it used, once in a while)—completely negates the whole reason we have check IDs in the first place. (Hey, remember when the airlines printed our tickets for us? That was much more secure! But it cost them money. Poor guys.)
Case in point: a few months ago I was in a terrible rush to get to the airport; and didn't have time to change out of sweaty running clothes. So when I arrived, I was disheveled, sweaty and looked like a crazy person (more than usual). Did I stick out amongst the rest of the (generally sheveled) travelers? Yes, but not to the TSA. I walked right to the plane.
So if I know the TSA (and I believe I do), I'm sure we'll all be subjected to another round of silly questions every time we fly. At least they won't be strip searching us all.
* The TSA squiggle
This is the most meaningless of all the meaningless security measures. Back in the day (and I mean way back), for about a year after September 11, they checked your boarding pass and ID twice: once at check-in, and once at the gate. The squiggle was, ostensibly, a measure taken to make sure you didn't switch out IDs (and boarding passes) before boarding. This had several flaws: it took a lot of time, it took a lot of personnel, the squiggles were pretty easy to forge (I just imagine the TSA standing in a briefing room every morning saying "okay, today, we're using a blue highlighter, and were underlining the date and making two vertical lines across the destination, okay?") and was rendered obsolete by the "print your own" boarding passes from home—although that happened long after this extra check disappeared. And it has been pointed out that the airlines love this whole name-matching step, because it means that you can't (easily) fly under someone else's name. That's called "revenue protection." I'm glad the government is doing the job of the airlines.
But we still have the squiggle. I've never had my squiggle checked at the gate. Sometimes I print off extra copies of my boarding pass just to see what happens if I go through with a blank one (answer: nothing). It is a completely meaningless layer of security, security theater at it's best. It does nothing to make anyone safer, and even if it did, it could be so easily circumvented that it would be a complete waste of time. And now that we have boarding passes on mobile phones, well, no one is highlighting the screen. (Flyertalk, of course, has a thread with some snarkiness about this.)
Maybe next time when I fly I'll bring along two boarding passes, get the squiggle, and proceed to immediately rip the squiggled pass in to pieces and proceed to the gate. We'll see if that causes any problems. I'm sure it won't.
Unfortunately, it will probably be implemented like when I recently flew through San Francisco and had this conversation with the TSA agent checking my ID and putting the "TSA squiggle"* on my boarding pass:
TSA agent (holding my ID): What is your name?I didn't want to insult this fellow's intelligence, but there were two reasons why this was an utter failure of a policy. The first is that anyone who had put a bomb in their underpants or a coke bottle would probably take the time to memorize the name on their fake ID. (Or, in the words of Bruce Schneier: "you're a dumb terrorist and the government will catch you".) Second, the TSA agents, even the creme de la creme out front putting on the terrorist-proof, ever-so-sophisticated squiggles on our nation's boarding passes, are not likely to be highly trained in psychology and able to determine the tics of a nervous potential terrorist.
Me: Uh, [my name].
TSA agent: Thank you [draws TSA squiggle]
Me: Wait, is that some sort of new security? Does that work?
TSA agent: Yes, it does.
Me: Seriously? People are dumb enough to give the wrong name? You catch terrorists like that?
TSA agent: You'd be surprised.
Me: Yeah, I'd be surprised, if anyone ever fell for it.
Hiring some highly-trained psychologists to question travelers might make some sense, but it would still be searching for a needle in a haystack. Some common sense measures like making sure that you couldn't just print out a copy of a boarding pass with a new name on it and use it to board a plane would make a lot of sense. Not having this in place—and, really, some cheap scanners and a database are all we need (I've even seen it used, once in a while)—completely negates the whole reason we have check IDs in the first place. (Hey, remember when the airlines printed our tickets for us? That was much more secure! But it cost them money. Poor guys.)
Case in point: a few months ago I was in a terrible rush to get to the airport; and didn't have time to change out of sweaty running clothes. So when I arrived, I was disheveled, sweaty and looked like a crazy person (more than usual). Did I stick out amongst the rest of the (generally sheveled) travelers? Yes, but not to the TSA. I walked right to the plane.
So if I know the TSA (and I believe I do), I'm sure we'll all be subjected to another round of silly questions every time we fly. At least they won't be strip searching us all.
* The TSA squiggle
This is the most meaningless of all the meaningless security measures. Back in the day (and I mean way back), for about a year after September 11, they checked your boarding pass and ID twice: once at check-in, and once at the gate. The squiggle was, ostensibly, a measure taken to make sure you didn't switch out IDs (and boarding passes) before boarding. This had several flaws: it took a lot of time, it took a lot of personnel, the squiggles were pretty easy to forge (I just imagine the TSA standing in a briefing room every morning saying "okay, today, we're using a blue highlighter, and were underlining the date and making two vertical lines across the destination, okay?") and was rendered obsolete by the "print your own" boarding passes from home—although that happened long after this extra check disappeared. And it has been pointed out that the airlines love this whole name-matching step, because it means that you can't (easily) fly under someone else's name. That's called "revenue protection." I'm glad the government is doing the job of the airlines.
But we still have the squiggle. I've never had my squiggle checked at the gate. Sometimes I print off extra copies of my boarding pass just to see what happens if I go through with a blank one (answer: nothing). It is a completely meaningless layer of security, security theater at it's best. It does nothing to make anyone safer, and even if it did, it could be so easily circumvented that it would be a complete waste of time. And now that we have boarding passes on mobile phones, well, no one is highlighting the screen. (Flyertalk, of course, has a thread with some snarkiness about this.)
Maybe next time when I fly I'll bring along two boarding passes, get the squiggle, and proceed to immediately rip the squiggled pass in to pieces and proceed to the gate. We'll see if that causes any problems. I'm sure it won't.
Monday, June 6, 2011
On a different type of security entirely
I haven't been paying much attention to TSAstatus.net recently (first I went for an abortive hike of the Pacific Crest Trail, then I traveled around with just an iPhone for a month, and I can tell you that attempting to manage a database and writing code on an iPhone is not fun). While I was "away" the site started getting spam—posts like
Now, if I knew how to code, and wanted to exclude international airports, I could enter those codes (there are only 382 airports in the country with more than 10,000 passengers annually—or 30 per day) and exclude others. But I don't—especially traveling around with an iPhone and little else. But, instead, the spam was filtered out, because using only the 26 A-Z letters, there are 17,576 possible three-letter codes, and using numbers, too, there are 46,656. So assuming the codes generated were random, one in every 46 to 182 would have been for a valid airport, and many of those would have been a tiny airports which only have a few flights per day. In other words, the spammers weren't flooding the pages for ATL, ORD and SFO.
The all statuses page did have a bunch of junk, but the spammers also didn't understand how to enter a current date, so many of the entries were for January 1, 2010, meaning they wound up at the bottom of the page. So unless you were (like me) obsessively scanning through that page, you didn't notice it.
Of course, once I got around to it, I spent more time logging in to the admin page for the database than it took to look up the MySQL to search for text within a field and delete the offending entries (how did I do it? I searched for any "notes" with the text "<a href"—there's no point in spamming without links) and exorcise them. I'm planning to find some code to disallow any post with html tags embedded (or, at least, anything with a "<" in it), but for now this works as well.
And thanks to everyone who is submitting real entries. Keep 'em coming!
I'm happy very good site Free Forbidden Lolita Pics :[ Lolita The Little Girl 256 Nudist Picture Lolita Girls =)) Nude Lolita Model Index xkjxun Lolita Bbs 10 Yo 3160 Preteen Lolitas Non Nude 8PP Nude Lolitas Modeling Toplist mdqoe Www Majic Lolita Com :-))) 3d Lolita Incest Toons tmdh Fotos Lolitas Dildos Machine :-D Young Girls Art Lolitas xpjzsk Small Lolita Sex Pics vozylh Lolita Preteen Pedo Pics %[[ Little Lolitas Russian Naked bhq Nn Preteen Lolita Models 185847 Lolitas Models Sample Videos qqalx Baby Dorki Little Lolitas >:P Hard Lolit Sex Young >:OO Loli Preten Pussy Pics roe Best Lolita Free Pics %-(((with a lot of links (which I deleted here of course) became quite common. And if you follow the site regularly, you probably didn't notice. Why? Well, spammers (bots) aren't all that smart (although they do seem to read Nabokov), so while they we able to get the posts to post (I have no anti-spam protection whatsoever) they weren't able to get them to populate many (really, hardly any) of the airport specific pages. Why? Well, they didn't know that several of the fields needed rather specific information to show up in any of the queries, namely, they needed a valid 3-digit IATA airport code.
Now, if I knew how to code, and wanted to exclude international airports, I could enter those codes (there are only 382 airports in the country with more than 10,000 passengers annually—or 30 per day) and exclude others. But I don't—especially traveling around with an iPhone and little else. But, instead, the spam was filtered out, because using only the 26 A-Z letters, there are 17,576 possible three-letter codes, and using numbers, too, there are 46,656. So assuming the codes generated were random, one in every 46 to 182 would have been for a valid airport, and many of those would have been a tiny airports which only have a few flights per day. In other words, the spammers weren't flooding the pages for ATL, ORD and SFO.
The all statuses page did have a bunch of junk, but the spammers also didn't understand how to enter a current date, so many of the entries were for January 1, 2010, meaning they wound up at the bottom of the page. So unless you were (like me) obsessively scanning through that page, you didn't notice it.
Of course, once I got around to it, I spent more time logging in to the admin page for the database than it took to look up the MySQL to search for text within a field and delete the offending entries (how did I do it? I searched for any "notes" with the text "<a href"—there's no point in spamming without links) and exorcise them. I'm planning to find some code to disallow any post with html tags embedded (or, at least, anything with a "<" in it), but for now this works as well.
And thanks to everyone who is submitting real entries. Keep 'em coming!
Wednesday, March 2, 2011
Very interesting conversation: No one knows if the scanners work
I was flying out of MSP today and had a bit of extra time before my flight to wander around the terminal. I'd come in with a bag of skis (from the Birkie) and was directed to an elite line (yes, I'm a silver elite on Delta, although the BOS-MSP round trip did not yield anything in the way of upgrades) as there were pretty long bag check lines otherwise. Yes, the elite programs have their perks, and work well as customer loyalty programs.
I checked my bag and was I was wandering back and forth in the terminal, the woman (and, note, she was not a TSA agent but a Delta employee) saw me again and helped to direct me to the appropriate line. At heavy travel times, Checkpoint 4 is for "Sky Priority" members only (Gold status or higher on Delta) but there is a silver priority line at Checkpoint 2. I said to her, "but Checkpoint 2 has the scanners, so why would I want to go there?"
Her response was interesting. First, she told me that generally they let you choose whatever line you want, and it's quite rare that they pull people in to the scanners. Then, she said that a lot of people liked the scanners, like anyone who had a metal implant. I'm not sure that's "a lot" of people, but I can see how for some people the MMW scanner might be preferable to a metal detector they are surely going to set off.
This seemed like a good time to raise the question: if these machines are so important, why are they only at some checkpoints? And were they planning to install them at the rest? Her answer was something along the lines of "no one knows if these things actually work, and we might be spending a lot of money on a technology which is really no better than the x-ray machines." She told me that the elite line was no longer at Checkpoint 1 (which used to be the holy grail: no line and no machines) but that it was very unlikely that I'd be selected for a scan/pat down. (Oh, she also said the scanners were faster than metal detectors. Uh, no.)
I was set to go through checkpoint 1 until I spied the line. A line like that is a terrorist's dream: a bunch of people all packed together. That and the fact that I don't enjoy waiting in such queues. So, I got in the elite line, the MMW on the elite side was turned off (and elites were being put through the metal detector) and popped out the other side, unscathed by any radiation or invasive TSA maneuvers.
So, MSP is still "safe" from scanners if you know where to wait, and may be for some time. From the airport employees' point of view, the advantage is not one of security as much as it is comfort for certain passengers. It seems like a costly way to accommodate passengers with metallic implants, but right now MSP has spent about a million dollars (six machines, $150k each) so that folks with plates and rods can avoid pat downs. Otherwise, they're not actually serving any security purpose.
I checked my bag and was I was wandering back and forth in the terminal, the woman (and, note, she was not a TSA agent but a Delta employee) saw me again and helped to direct me to the appropriate line. At heavy travel times, Checkpoint 4 is for "Sky Priority" members only (Gold status or higher on Delta) but there is a silver priority line at Checkpoint 2. I said to her, "but Checkpoint 2 has the scanners, so why would I want to go there?"
Her response was interesting. First, she told me that generally they let you choose whatever line you want, and it's quite rare that they pull people in to the scanners. Then, she said that a lot of people liked the scanners, like anyone who had a metal implant. I'm not sure that's "a lot" of people, but I can see how for some people the MMW scanner might be preferable to a metal detector they are surely going to set off.
This seemed like a good time to raise the question: if these machines are so important, why are they only at some checkpoints? And were they planning to install them at the rest? Her answer was something along the lines of "no one knows if these things actually work, and we might be spending a lot of money on a technology which is really no better than the x-ray machines." She told me that the elite line was no longer at Checkpoint 1 (which used to be the holy grail: no line and no machines) but that it was very unlikely that I'd be selected for a scan/pat down. (Oh, she also said the scanners were faster than metal detectors. Uh, no.)
I was set to go through checkpoint 1 until I spied the line. A line like that is a terrorist's dream: a bunch of people all packed together. That and the fact that I don't enjoy waiting in such queues. So, I got in the elite line, the MMW on the elite side was turned off (and elites were being put through the metal detector) and popped out the other side, unscathed by any radiation or invasive TSA maneuvers.
So, MSP is still "safe" from scanners if you know where to wait, and may be for some time. From the airport employees' point of view, the advantage is not one of security as much as it is comfort for certain passengers. It seems like a costly way to accommodate passengers with metallic implants, but right now MSP has spent about a million dollars (six machines, $150k each) so that folks with plates and rods can avoid pat downs. Otherwise, they're not actually serving any security purpose.
Thursday, February 24, 2011
We're wasting our money
I just don't get it. The TSA says that body scanners are important to catch terrorists. They cost $150k each (!) and with close to 2000 planned for deployment, that's a bill of $300m. Nevermind that they are ineffective or that they are being pushed by industry lobbyists. If they were so bloody important, you'd think that, where they are deployed, the TSA would actually be using them!
But they're not. When metal detectors and x-rays went in to place a long time back, they started putting everyone through them. And they still do. You can beat a metal detector, but you can't avoid them. When someone walks in to an airport without passing through security, they evacuate the whole place. And you know what? That might be a bit overblown, but it's consistent, and it's security.
The scanners? You can opt out, although the pat downs are pretty thorough. But in so many cases, even where the scanner have been installed, it is so easy to just, well, get around them and go through the old-fashioned metal detectors. I just flew from BOS to MSP. In BOS, one of the three lanes open had an imaging machine in use. Now, if they were randomly selecting people for the machines, that would be one thing. But it's so easy to avoid the machines, it makes you wonder if they're actually that important or a possibly-dangerous, definitely invasive money sink?
At MSP, it was worse. In December, they had the scanners at some of their checkpoints, and not at others. Two months later, it's the same deal. And at 8 p.m. none of the scanner machine checkpoints were open. Not only is it easy to avoid the machines, but they are doing their best to not put people through them.
Maybe the TSA is still testing them. But if they were so important, they could be spread out, and at least put some element of chance in to whether you'd be put through. As it stands now, if you wanted to get on to an airline without passing through one of the scanners, your options are almost unlimited.
But they're not. When metal detectors and x-rays went in to place a long time back, they started putting everyone through them. And they still do. You can beat a metal detector, but you can't avoid them. When someone walks in to an airport without passing through security, they evacuate the whole place. And you know what? That might be a bit overblown, but it's consistent, and it's security.
The scanners? You can opt out, although the pat downs are pretty thorough. But in so many cases, even where the scanner have been installed, it is so easy to just, well, get around them and go through the old-fashioned metal detectors. I just flew from BOS to MSP. In BOS, one of the three lanes open had an imaging machine in use. Now, if they were randomly selecting people for the machines, that would be one thing. But it's so easy to avoid the machines, it makes you wonder if they're actually that important or a possibly-dangerous, definitely invasive money sink?
At MSP, it was worse. In December, they had the scanners at some of their checkpoints, and not at others. Two months later, it's the same deal. And at 8 p.m. none of the scanner machine checkpoints were open. Not only is it easy to avoid the machines, but they are doing their best to not put people through them.
Maybe the TSA is still testing them. But if they were so important, they could be spread out, and at least put some element of chance in to whether you'd be put through. As it stands now, if you wanted to get on to an airline without passing through one of the scanners, your options are almost unlimited.
Monday, February 7, 2011
New UI, new TSA nonsense
First of all, new UI! I learned just enough php and mysql to copy and paste (read: steal from the Internets) enough code to make a page which automatically updates and can be searched by airport and such. So much more better than the old one. And easier for the webmaster, too, who doesn't have to rejigger Google Docs in to excel and then in to code each time an update is in order. Huzzah!
Also, my daily read of TSA nonsense: soon we can pay a nice fee to the government (I'm a big government liberal and I think this is ludicrous) to maybe get through security faster. Here's an idea: how about make security work better so that no one pays any fees and we actually know who is who.
Ugh.
Also, my daily read of TSA nonsense: soon we can pay a nice fee to the government (I'm a big government liberal and I think this is ludicrous) to maybe get through security faster. Here's an idea: how about make security work better so that no one pays any fees and we actually know who is who.
Ugh.
Subscribe to:
Posts (Atom)