In a strange twist, a researcher who has published a simple, well-known demonstration of the huge flaws in airline security screenings is now being threatened with arrest.
Congressman Ed Markey Wants Security Researcher Arrested
Congressman Edward Markey (D-Mass.) wants the federal government to arrest security researcher Christopher Soghoian for creating the Northwest Airline Boarding Pass Generator, a site which lets anyone create a facsimile of a Northwest Airlines boarding pass. Soghoian hoped to spur Congress to look closely at the nation’s aviation security policies, which he calls “security theater.”
Instead, Markey, a member of the House Homeland Security committee, wants the site shut down and Soghoian arrested.
“The Bush Administration must immediately act to investigate, apprehend those responsible, shut down the website, and warn airlines and aviation security officials to be on the look-out for fraudsters or terrorists trying to use fake boarding passes in an attempt to cheat their way through security and onto a plane,” Markey said in a statement. “There are enough loopholes at the backdoor of our passenger airplanes from not scanning cargo for bombs; we should not tolerate any new loopholes making it easier for terrorists to get into the front door of a plane.”
Here is an update:
http://blog.wired.com/27bstroke6/
Sunday, 29 October 2006
Congressman Rescinds Call for Student’s Arrest
Congressman Edward Markey (D-Mass) no longer believes the government should arrest Christopher Soghoian, and instead says the Department of Homeland Security should the Indiana University Ph.D student to work “showing public officials how easily our security can be compromised.”
On Friday, Markey, a senior member of the House Homeland Security Committee, called for the administration to shut down the fake boarding pass generator and “apprehend” Soghoian, who says he built the site to publicize a vulnerability in airport security, not to help would-be terrorists.
The FBI shut the site down on Friday and raided Soghoian’s house early Saturday morning.
There is an update to the story in Wired at
http://www.wired.com/news/columns/0,72045-0.html?tw=wn_story_page_prev2
Soghoian claims that he wanted to demonstrate the vulnerability. You could argue that he went about it in a stupid way, but I don’t think what he did is substantively worse than what I wrote in 2003. Or what Schumer described in 2005. Why is it that the person who demonstrates the vulnerability is vilified while the person who describes it is ignored? Or, even worse, the organization that causes it is ignored? Why are we shooting the messenger instead of discussing the problem?