Security

Maher Arar, a Canadian (born in Syria) who was arrested by the U.S. and sent to Syria where he was tortured as a result of the RCMP’s erroneous labeling of him as someone associated with al Qaeda, was unable to receive a human rights award in Washington, D.C. because his name is still on the TSA no-fly list. Arar currently has a lawsuit pending in Canada against the RCMP. (Also see the Wikipedia entry on Arar.) This is further evidence of the TSA’s failure to competently maintain the no-fly list. UPDATE (October 20, 2006): Ed Brayton has discussed this story today. UPDATE (January 23, 2007): The U.S. Attorney General and head of Homeland Security are both insisting that Arar remain on the no-fly list for reasons which they have disclosed only to officials in Canada. The Canadians don’t think those reasons make any sense. My guess is that they think somebody they sent off to be tortured might have a beef with the people who did it to him.

Steve Kroft of 60 Minutes has obtained a copy of the no-fly list being used for airline passenger screening. The list includes people who are not a threat (like Evo Morales, president of Bolivia, Saddam Hussein, and 14 of the 19 dead 9/11 hijackers). It includes numerous common names that are useless for screening purposes–Gary Smith, John Williams, and Robert Johnson are on the list. Kroft spoke with 12 Robert Johnsons, and all of them said they are detained almost every time they try to fly. Worse yet, it doesn’t include the names of some of the most dangerous living terrorists: The 11 British suspects recently charged with plotting to blow up airliners with liquid explosives were not on it, despite the fact they were under surveillance for more than a year. The name of David Belfor who now goes by Dahud Sala Hudine, is not on the list, even though he assassinated someone in Washington, D.C., for former Iranian leader Ayatollah Khomeini. This is because the accuracy of the list meant to uphold security takes a back seat to overarching security needs: it could get into the wrong hands. “The government doesn’t want that information outside the government,” says Cathy Berrick, director of Homeland Security investigations for the General Accounting Office.I’d say that particular name is well known outside of the government now, Ms. Berrick. The TSA has allegedly been trying to fix the list for three years, spending $144 million to do so, but there is “nothing tangible yet." This is staggering incompetence. Kip Hawley is still an idiot. UPDATE (October 5, 2006): I second Tim Lee’s recommendation of Jim Harper’s commentary on what’s wrong with watch lists.

Ryan Bird wrote “Kip Hawley is an idiot” on his clear plastic bag of toiletries that he was carrying through a TSA security checkpoint at Milwaukee’s General Mitchell International Airport. Kip Hawley is the head of the Transportation Security Administration. Bird writes: At the MKE “E” checkpoint I placed my laptop in one bin, and my shoes, cell phone and quart bag in a second bin. The TSA guy who was pushing bags and bins into the X-ray machine took a good hard look, and then as the bag when though the X-ray I think he told the X-ray operator to call for a bag check/explosive swab on my roller bag to slow me down. He went strait to the TSA Supervisor on duty and boy did he come marching over to the checkpoint with fire in his eyes! He grabbed the baggie as it came out of the X-ray and asked if it was mine. After responding yes, he pointed at my comment and demanded to know “What is this supposed to mean?” “It could me a lot of things, it happens to be an opinion on mine.” “You can’t write things like this” he said, “You mean my First Amendment right to freedom of speech doesn’t apply here?” “Out there (pointing pass the id checkers) not while in here (pointing down) was his response." At this point I chuckled, just looking at him wondering if he just realized how foolish that comment was, but I think my laugh pushed him over the edge as he got really angry at this point. A Milwaukee County Sheriffs deputy was summoned - I would have left at this point, but he had my quart bag with my toothpaste and hair gel. When the deputy got over the TSA supervisor showed him the bag and told him what had happened to that point. After he had finished I started to remind him he had left out his statement that my First Amendment rights didn’t apply “here” but was cut off by the deputy who demanding my ID. I asked if I was under arrest, and his response was “Right now you are not under arrest, you are being detained.” I produced my passport and he walked off with it and called in my name to see if I had any outstanding warrants, etc. The TSA supervisor picked up the phone about 20 feet away and called someone? At this point two more officers were near by and I struck up a conversation with the female officer who was making sure I kept put. I explained to her who Kip Hawley was, why I though he was an idiot, and my surprise that the TSA Supervisor felt my First Amendment rights didn’t’ apply at the TSA checkpoint. She didn’t say much. After he was assured I didn’t have any warrants out the first office came back and I had my first chance to really speak, I explained that I was just expressing my opinion and my writing should be protected my by First Amendment rights. When he didn’t respond, I then repeated that the TSA Supervisor stated my First Amendment rights didn’t apply at the TSA check point and I asked if he (the deputy) agreed that was the case. He responded by saying “You can’t yell fire in a crowed theater, there are limits to your rights. At this point I chucked again. I asked how this was even remotely like shouting “Fire” in a crowd, and his answer was “Perhaps your comments made them feel threatened." At about this point the TSA Supervisor finished up his phone call, and summoned the officer back over. They talked for about 2 minutes, and then both came back over. The officer pulled out his pad and asked for my address and I asked why he needed it. “For the report I have to file since I was summoned here” I started to give it, when I noticed the TSA Supervisor was writing it down as well, so I stopped and asked why he needed it. He said he needed to file an incident report too, and I took the opportunity to ask what the resolution of the incident was, did I do anything wrong? Are you going to ask the officer to arrest me? He said no, I was free to go, but he was going to confiscate my bag. I asked “If I did nothing wrong, why would you take my bag” He pointed to a posted sign that said something about reusing plastic bags (the MKE TSA was providing quart sized zipper bags to pax today) I let him know that I had brought my bag from home and would not be letting him take it. He then asked for permission of photograph it, which I agreed too. While he walked away to get the camera I finished giving my address to the deputy, and he told my “You’re free to go” Total time, about 25 minutes.Hat tip to Tim Lee at the Technology Liberation Front. CNN’s given coverage to the story. Also see kiphawleyisanidiot.com. ...

The TRUSTe program is supposed to certify that a website has a reasonable privacy policy. But Ben Edelman has cross-referenced TRUSTe certifications with SiteAdvisor ratings, and found that sites with TRUSTe certifications are twice as likely as those without to be listed as “untrustworthy” in SiteAdvisor’s database–meaning that they send out spam, distribute spyware, etc. Edelman calls out four particularly notorious sites that have or have had TRUSTe certification: Direct-Revenue.com, Funwebproducts.com, Maxmoolah.com, and Webhancer.com. All four are heavily involved with spyware. Direct Revenue and Maxmoolah have had their TRUSTe certifications revoked, but should never have been certified in the first place if TRUSTe was doing the validation they should have been doing. TRUSTe has long been criticized by anti-spammers for giving certifications to organizations that don’t deserve them. Ryan Singel has raised similar questions about TRUSTe’s reliability. ...

Ed Felten points out that Diebold voting machines use a standard, commonly used key that is used for things like hotel minibars, office furniture, jukeboxes, and electronic equipment. UPDATE (January 23, 2007): Diebold helpfully displays a photograph of the key on their website–which is sufficient to make a duplicate that works.

Ed Felten announces the release of his paper and an accompanying video about major security issues with Diebold AccuVote-TS voting machines.

This is complete absurdity. This bureaucratic overreaction (in Canada) should never have happened. Some of the more interesting questions from the interrogations: What do you think about 9/11? What are your views on the Iran issue? Do you think government is too big, too powerful? Do you connect to the Internet on this laptop? Have you downloaded any images? Do you have any pornography? Via Bruce Schneier’s blog.

AT&T has filed a lawsuit against 25 unnamed data brokers for using “pretexting” to obtain customer call data records. These data brokers would pose as the legitimate customers in order to obtain billing records for third parties for a fee. Data brokers selling this data over the Internet got some negative public attention last summer and in January of this year, but Congress has not made pretexting illegal for phone records the way it is for financial records. It came out in June of this year that law enforcement and federal agencies were active customers of these data brokers, using them to obtain data without having to go through the process of getting warrants. The Electronic Privacy Information Center already filed an FTC complaint against one data broker, Bestpeoplesearch.com. ...

Bruce Schneier points out a problem at Yosemite National Park–how to make garbage cans that resist the ability of bears to get into them, yet are not so complicated that tourists can’t figure out how to put their trash into them. Best quote, from a park ranger: “There is considerable overlap between the intelligence of the smartest bears and the dumbest tourists." There are some great comments on the thread–e.g., Saxon: How long before the bears start lurking near the cans, waiting for a human to open one so the bear can “mug” the human and get at the contents (rather like an ATM mugger)? Based on my experiences with the black bears in New England, this would not be beyond a bear’s reasoning capacity.and Mike Sherwood: The party putting stuff into the trash is willing to spend about 10 seconds on the activity, whereas the party getting stuff out has no time limit. In order to cater to the lazy and stupid, someone has to do more work. The configuration given doesn’t work because it has the traditional open and closed configurations, while making the switch between those configurations needlessly complex. In this case, they need a recepticle that fails secure. ...

Ed Felten raises some very interesting points about the recent terrorist threat against planes and our response: Just as interesting as the attackers’ plans is the government response of beefing up airport security. The immediate security changes made sense in the short run, on the theory that the situation was uncertain and the arrests might trigger immediate attacks by unarrested co-conspirators. But it seems likely that at least some of the new restrictions will continue indefinitely, even though they’re mostly just security theater. ...