Shostack + Friends Blog Archive


On Printing Boarding Passes, Christopher Soghoian-style.

Yesterday, I blogged about Christopher Soghoian’s print your own boarding pass tool. Quite a few people (including the FBI) are taking the wrong lesson from this. Wrong lessons include “we shouldn’t be allowed to print boarding passes,” “we should check ID at the gate,” and “Christopher Soghoian should be arrested.”

The right lesson is that the TSA is putting us all through a silly wringer based on an ID system they know is so porous as to be irrelevant. Much like they did with the “imminent threat” of “liquid bombs” wherein alleged conspirators didn’t have passports, the powers that be are responding with theater, rather than saying “it doesn’t matter.”

If we wanted useful screening, we would screen passengers at the door of the plane, like they do in, say, the Czech republic. It’s too expensive. We might consider more air marshals. It’s too expensive. Removing a line of seats, and making the flight deck a larger area, with a sealed off washroom and kitchen. It’s too expensive. And frankly, there are much better ways to spend our money, including leaving it in the hands of the taxpayers. I digress.

There’s nothing in the print your own boarding pass that needs fixing, except bad and expensive theater. Let’s fix the problem by admitting that ID checking does no good, rather than acting all shocked at the power of a good demo.

10 comments on "On Printing Boarding Passes, Christopher Soghoian-style."

  • David Brodbeck says:

    This has become a typical modus operandi, hasn’t it? When a security problem is revealed, treat the person who pointed it out as a criminal instead of fixing the problem.
    Frankly, I’ve always thought boarding passes looked awfully easy to fake, and I’ve also never figured out what security benefit is gained by keeping people from going into the secured area without a bording pass. They can’t board a plane without one. If they want to wait in the security line so they can meet their grandmother at the gate, why not let them?

  • Student says:

    Well, there are really three reasons that you don’t want people to go past the security checkpoints. All of these assume that we keep the current system and it’s effective.
    1: We are practicing Firewall defences, not defence in deep. Each person on the inside of the firewall is an increased risk.
    2: Each extra person past the checkpoint is a (hidden) cost. It costs to have people do the security checks and keep the equipment in order.
    3: More people lower the ratio of dangerous people to non-dangerous. And, as in any filtering solution, you really want to keep the ratio of dangerous people as high as possible. It is much easier for humans (or machines) to be effective if the need to pick out one bad apple out of 2 instead of one bad apple out of 2000.

  • David Molnar says:

    The FBI recently executed a search warrant at Chris’s home, taking his computers.

  • Brad Lhotsky says:

    Unfortunately, I’m starting to see, even from friends and family, that “perceived security”, ie “Security Theatre” is more important than real security. They just want to feel good about their safety while they’re being horribly inconvenienced. They don’t like to feel that everything they’ve done has been in vain.
    The public perception drives the government security more than sound research. I’m surprised this guy actually created that page. Idealistically, he’s justified, and idealistically, I’d agree and join him. It’s scary times right now. I would have waited for the MCA to be declared Unconstitutional before posting implementation.

  • David Brodbeck says:

    I hope those of you who decided to have a little fun printing out boarding passes for Osama Bin Laden and Saddam Hussein used anonymizing services. The FBI no doubt has the web logs by now, and it’d be typical of them to go around and start paying visits to people who are in them…

  • Adam says:

    I sincerely hope that the FBI knows it has better things to do than to chase down people who printed these things.

  • David Brodbeck says:

    I would hope so, too. But given that the original raid seemed to be triggered by a complaint from a Congressman, there may be political factors at work.
    The more I think about this incident, the more inevitable it seems. It seems like Chris must have known that this was going to trigger unwanted attention from law enforcement. As a gesture it’s a bit like proving that $20 bills are easy to forge by giving away counterfeit ones at the local mall. To paraphrase Douglas Adams, ten out of ten for style, but minus several million points for good thinking.

  • sick of it says:

    There are two answers:
    1. Always vote for the people you’ve never heard of; shake up the payola; oust the morons. Less goverment will always be best because it can not do anything right.
    2. Leave the US as it self-implodes but before it crushes all everyone good, too.

  • insidr_xenox says:

    So then, this problem of the tickets being printed is overblown, yes, but this gentleman seemed to desire receiving attention. There are many better ways to make the public aware of the problem, such as setting-up interviews with major US television stations, that all would be aroused by that opportunity to cover and show such a story. And the comment about the Czech airports is not even funny; the Czech security is nothing to brag over. Just simply hope that someone realizes the gaps in the ticketing sistem.

  • Adam says:

    insidr: I understand what you’re saying and disagree about publicity. Many people had tried to point this out, without success.

Comments are closed.