back to article TSA fails again with adjustable boarding passes

The reputation of possibly America's least-favorite fondlers, the Transportation Security Administration (TSA), has taken yet another hit with the discovery that its shoddy security allows passengers in its PreCheck system to pick their own security status. PreCheck allows some frequent fliers willing to pay $100 for a …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

Like Yoda once said...

Ignorance leads to fear, fear leads to anger, anger leads to destruction.

And there is no one more ignorant than an American bureaucrat.

13
0
Bronze badge
Thumb Up

> continuously set the standard for excellence in transportation security

The TSA does this admirably, just in an antonymic way (ie study what they do carefully, then do something else)

1
0

This post has been deleted by its author

Devil

Says it all

This video pretty much says it all about TSA...

https://www.youtube.com/watch?v=M_j6Z2gPX_U

3
0
Silver badge

Nice try

According to the TSA's vision statement, the agency strives to "continuously set the standard for excellence in transportation security . . .

Unfortunately a vision statement is no cure for blindness.

10
0
Bronze badge
Angel

Re: Nice try

Heretic! you lack the necessary faith, blind faith... observe here how the healing backscatter rays can even heal the lame:

http://www.youtube.com/watch?v=ww7WlSPi9gc#t=5s

0
0
Mushroom

Re: Excellence

Vision statements are bad enough. If you see the word "Excellence" you just know you're going to be dealing with crap.

2
0
Silver badge
FAIL

TSA, more like the STA

Security

Theatre

America

6
0

Another scenario is that a group of bad people (tm) get some tickets, decode which one(s) of them are for the cursory treatment and get them to smuggle things aboard.

Bizarre that on my Android phone there is a (free) barcode reading app that can create encrypted barcodes - yet the TSA spends the US taxpayers' dollars to inconvenience as many travellers as possible, and still produce a system with entirely avoidable security holes.

ttfn

2
1
Gold badge

Encoded <> encrypted

on my Android phone there is a (free) barcode reading app that can create encrypted barcodes

That 's the whole point - the data is NOT encrypted. It is a string that's converted ("encoded") into a barcode, but if you feed a barcode generator the altered data and put that on the ticket it apparently raises no alarm because there isn't as much as a checksum on the whole string.

To do this right you would stick a reference number in the barcode, with a local checksum and a backcheck to a simple database if the code actually existed. The way it is implemented now is less than useless because it gives TSA staff handling instructions that are not verifiable. I'd do a serious background check on whichever moron came up with this approach..

It would be good if they tried to actually do something sensible with the TSA, but that would mean admitting that until such time it was just another hoax to waste tax money. Never going to happen..

3
0
Silver badge

Re: Encoded <> encrypted

It would be trivial, however, to generate a public/private key pair, encrypt the data in the barcode using the private key and then distribute the public keys to those with the scanners.

There are then two scenarios in which the 'bad guys' could get hold of the public key and decrpypt the barcodes, thus knowing whether they were down for screening, which would require access to the scanning terminals, and the worse scenario where they were able to steal the private key and generate duff codes. Presumably, the key holder would have enough common sense to keep the private key safe.

2
0
Gold badge

Re: Encoded <> encrypted

Presumably, the key holder would have enough common sense to keep the private key safe

Well, that rules out Sony :)

2
0
Anonymous Coward

Eleven years of exellence in state-backed thuggery and harassment

Publishing their incompetence like this will cause cosmetic changes, but nothing substantial. And that's pretty sad, because it allows them to make another good show out of "doing something" even if it was their own incompetence that necessitated getting off their lazy arses, justifying themselves some more where it isn't warranted.

The dubious service these guys deliver obviously doesn't work, as is evident from even the most superficial examination, yet nobody in charge wants to notice. Very few voters even seem to do.

So the scary part is rather that the US citizenry still hasn't called their government to heel --their constitution was crafted to allow exactly that-- and is still having the world put up with these state-backed bozos.

5
0
Anonymous Coward

The way IATA will want to fix this...

... is to go right ahead with their "checkpoints of the future" plan, that comes in multiple colour-coded grades of thuggery, and where not your boarding pass but the chip in your passport will determine how much you're to be checked. That's right, your government gets to say how much you're to be harassed. They're looking out for you, see?

So instead* of slipping the TSA a hundred bucks to be fondled a bit less, you'll now have to haggle with the bureaucrats in your own country for similar "privileges". Weren't the countries painted** the most "terrist" also the most unstable, with underpaid (or not paid at all) bureaucrats, and therefore susceptible to bribery?

Sounds like a sound plan to me! All hail the IATA's sheer and undiluted brilliance! Also thank them for the chip in your passport in the first place. Amazing stroke of instant world-wide security, I say. I for one, etc.

* "Instead of". HA HA HA HA. "In addition to", of course, silly human. Also: Proof of market success, so hike the prices!

** As opposed to actual source; most "9/11" hijackers hailed from US oil buddy Saudi Arabia.

2
0
Silver badge
Gimp

Re: The way IATA will want to fix this...

Almost but when you wrote "not your boarding pass but the chip in your passport" I think you meant "not your boarding pass but the chip in your neck"

Why bother with passports when you can just implant a chip and scan people at will. It could be used in shops, stadiums etc for deter thieves and thugs. Used on the tube for automatic billing. No more need for passports, cradi cards or cash.

If you have a problem, the first responders will know where you are to within a few metres. Perfect safety all of the time. No more crime, no more terrorism. Utopia.

Yes, technology will certainly set use free by making us all slaves.

0
0
Anonymous Coward

"Why bother with passports"

That chip in your passport is already there, in a large percentage of all issued passports world-wide, so this plan could easily be pushed through in a few short years. Not using what you've already pushed for previously, and subsequently got, makes no sense, not even to them... yet. But who'll say what the next upgrade cycle will bring?

0
0
Anonymous Coward

Re: The way IATA will want to fix this...

Surely the issue is not JUST how much you are fondled but who is doing the fondling?

I like the system in China, their metal detectors are so sensitive they detect my fly buttons...

I nearly always get patted down.. But the security guys & girls are so friendly I have no reason to complain, they do the job swiftly and efficiently!

Plus as a guy getting patted down by a pretty lady is not objectionable and my 6 years old son has had to be patted down, he giggles at the girls, I dread to think what would happen if a guy tried to pat him down..

0
0
Silver badge
Stop

Re: The way IATA will want to fix this...

IATA has nothing to do with standards.

You mean, presumably, International Civil Aviation Organization (ICAO), a United Nations agency.

IATA is simply a price fixing club that represents rich airlines.

0
0
Anonymous Coward

Presumably... who?

I was originally going to write "INTERPOL", because there was this chief whatever from there that touted this idea, only then I looked for it ("checkpoint of the future") and all easy references said IATA, so I ran with that.

It really doesn't matter much. We can thank the ICAO for the (broken, unsafe, as specified) RFID chips in our passports, the USoA for ensuring everbody put them in too (their not-a-visa-honest visa programme*), and our own governments to take that shtick Just Too Far. The ID card died an ignoble death for now in Blighty, but it's alive and well on the continent, complete with RFID chip just because, and yes indeedy you need it for ever more things, they take ever more copies of that data --quite often without real need and against regulations-- and so our privacy still dies a slow death. And then there's the likes of INTERPOL who believe everybody wants to be biometrically checked at every occasion because that's supposed to make you feel safe.

Anyhow. All those organisations are far too government-connected to be able to actually provide real security, so we keep on having to lose privacy and accept more harassment because that's the only substitute they have on offer. Who cares which organisation or other wants you to jump through another hoop?

It's all theatre and it's got to stop.

* Now with "happiness tax". Yes, seriously.

0
0
Silver badge
Thumb Down

Idiots

The boarding pass weakness aside, don't they realise that being a business man able to shell out $100 for a background check is not proof against the ideological drive that leads people to destroy themselves along with everyone around them?

The gaping hole in their security is that they think some are more trustworthy than others.

5
0
Anonymous Coward

Wrong.

Some people are more trustworthy than others. The entire point of airport security is to pick out those who would do bad before they have a chance to carry out any nefarious plan. The problem is that their detection methods are worth nothing.

In fact those methods can be and have been shown to be entirely useless with but a few short highschool grade probability calculations.

What they excel at is guzzling money and other people's time and providing nothing more service than thuggery and the occasional theft of some of your luggage. As long as they exist they will remain the government-mandated gold standard, so they're actively in the way of any better solution. Thus they are worth less than nothing, and the problem is that they exist at all.

0
0
Silver badge
Boffin

Re: Wrong.

It partly depends on the purpose of the security checks - are they there to catch the bad people, or are they there to make the general flying public feel safe. If you look back at the history of aviation, it's both.

0
0
Devil

Translation...

"PreCheck allows some frequent fliers willing to pay $100 for a background check to skip some of the onerous security checks, like taking off shoes and unpacking laptops or toiletries."

Translation: "This person is rich or has an expense account, and they bring in a lot of money for the airlines, so don't upset them. Keep the thieves, thugs and theatricals essential security checks for the plebs."

"PreCheck customers are still subject to more intensive searches on a randomized basis, however."

Translation: "Unless they really annoy you."

7
0
Anonymous Coward

Re: Translation...

Maybe this only works for people who are certain their toiletries are worth more than $100 ... :P

0
0
Anonymous Coward

So how many people carry a portable barcode printer? and can use it between check in and security?

Its all very easy to scan and recode on a smart phone but if they use laser scanners the phone screen will not work. the only screens that do work with laser scanners are e-paper, so you'd have to scan and send to an

e-book or another e-paper device like a Pebble watch... so maybe its a simple app for Phone and Pebble.

But I guess if you use online checkin you can preprint your own boarding cards at home..

0
3
Anonymous Coward

How about they supply them with Rorschach tests, a marker pen and a set of instructions on how to grade yourself on your appearance by matching yourself to a set of flashcards of the main stereotypes.

0
0
Anonymous Coward

Just what we need

More stupid questions in the manner of 'Did you print this boarding pass yourself'

0
0
Anonymous Coward

Re: Just what we need

To which my answer is always yes... I print my boarding passes before leaving home!

0
0
Anonymous Coward

I still find it interesting that while the TSA says use TSA approved locks... Virgin Atlantic do not recommend using them when flying to the USA...

Myself, I have a tough plastic case with built in combo lock, if they decide to break into it, fine, once that is broken they are fully liable for every bit of damage IMHO, you have X-Rays, use them!

There is NEVER a need to open a case unless something is detected...

You know what they do in China? they X-Ray the bag when you check in, then if something is seen they call you over to look at it WITH you! A sensible system they have!

2
0
Terminator

They'll just break the locks... and your case

They have complete legal backing to break into your case - if it gets damage tough shit - try getting it compensated (especially if you are an un-American). I've even had a lock go entirely missing from my bag (fortunately nothing stolen).

I use cable ties now, I use multiple cable ties on each zipper and clip the ends too. They're free to cut them off but the idea is to make it extremely not worthwhile in terms of frustration, time and number of easier bags to open and steal from.

0
1
Anonymous Coward

Pretty easily solved I guess. By all means check-in at home. Get a barcode on your phone or printed out, whatever. Then walk by the check-in machines (which are already in place doing just this) to scan that and get a printed sheet that has something appropriate to the airport etc on the back. rotate 10-20 of those paper rolls over 5 days so it's impossible to know what backing you get. Another way is to have the frequent fliers (who get enrolled in TSA Pre for free (at least US Airways did) show their driving license (as it currently the case) PLUS their FF card / club-pass. That ties the boarding pass to the ID and to the FF. How many of these loons are going to spend an entire year travelling over 50,000 miles in one year to get a FF card in the 2nd year. Planning like that isn't solved by the guy at the control point; that's an FBI thing over the entire preceding year. Boarding passes have the FF number and the status on them. If yours doesn't please shush as US Airways does so it can be done. Then take the decision point on whether to bleep once or thrice away from the boarding pass and onto the TSA's reader. Randomise that function. Until today I didn't realise the pass was the decision maker and that's just dumb - as has been exposed. Those people who have paid to be on the list do go through FBI checks and get cards from whoever enrolled them. And not that it matters at all, but TSA Pre is not applicable to anybody flying international from the USA.

1
0
Facepalm

Why we don't fly anymore, Chapter 56

My wife and I have stopped flying anywhere we can reach by car, in large part due to the TSA and other post-9/11 programs. This has actually improved our travel experience in many ways!

How motivated are we to avoid airlines? We have made round trips from Atlanta to Dallas in a weekend, plus similar trips to New England states. Drove to the Midwest states several times. Sharing quiet time in a car for hours is more pleasurable than the shorter trip on an airline. No security hassles, no luggage searches, limits on how much shampoo we can have. No checking bags which fail to arrive. No screaming babies or flu-carriers behind us. LEG ROOM!

Air travel in the US is abominable, and the useless knee-jerk programs thrown up by political hacks eager to be seen "DOING SOMETHING" only make it worse. I pity frequent business travelers, I really do.

0
0
Anonymous Coward

Re: Why we don't fly anymore, Chapter 56

I'm not going to support the TSA in any way. Way too much theatre, incompetence and plain ignorance. However, you're way overhyping it. Pack sensibly (don't read anything more into it than that; sensibly) and you won't ever get your bags searched. If I carry my bag on I'm only travelling 3-4 days so my liquids are no problem at all. If I'm travelling 5+ days then I'm likely checking the bag so the liquids thing doesn't even crop up. So that's your pre-boarding hangups invalidated. I can't help you with your dislike of poor people, babies and leg room. I share all of that but usually get upgraded to 1st so it's only a problem in a fifth of my flights. I can cope with that. You aren't a FF so I do feel your pain. Of course, the fact that you have to fly out of ATL makes your anger entirely understandable but that's the airport, not the TSA or the airline. It's a gargantuan place that I wouldn't wish on anyone but blame the right people. Heck, there's enough stupidity to pin on the TSA and we all know that the US carriers are largely bankrupt union driven incompetent fools but don't hit the TSA because ATL sucks ass.

0
1
Anonymous Coward

You're forgetting...

... all the backing databases with lists of badness that are essentially arbitrary and secret, plus are kept for whatwasit, 75 or 99 or whatever it is this week years. And their fear of explosive water and nailclippers. And all those other things that are individually insulting but not insurmountable, but heaped together spell T S A.

Going by car by comparison merely risks a car breakdown, or at most a stop and in the US a mostly declinable search.

0
0
Anonymous Coward

OK, here's the point...

The background check you have to pass to get on PreCheck is the same background check you need to pass to get an airside pass to work unescorted on the apron at an airport in the US.

On a day-to-day basis, many US airport workers typically undergo even less screening than PreCheck, in some cases, only random TSA checks. Significantly fewer checks than PreCheck anyway.

So, the hole in security isn't PreCheck, and knowing if you are likely to be able to skip full screening. If you passed the check so that you could use PreCheck, you could work airside at the airport.

In other words, this is totally blown out of all proportion.

0
0
This topic is closed for new posts.

Forums