Lesson No. 1: Don't embarrass the security folks

On Blogs

November 05, 2006|By Troy McCullough | Troy McCullough,Sun Columnist

Like thousands of other bloggers, Christopher Soghoian has been a vocal critic of post-Sept. 11 security measures.

Specifically, Soghoian, a doctoral student at Indiana University, has complained that requiring passengers to produce boarding passes before getting past airport screeners is nothing more than "security theater," offering passengers a false sense of safety while providing little hindrance to bad guys trying to enter restricted areas.

Unlike most other blog critics, Soghoian did much more than complain. In an attempt to make his point as bluntly as possible, the computer security student designed a fake boarding pass generator and placed it on his Web site. Visitors could type in whatever personal information they wanted and print out a legitimate-looking Northwest Airlines boarding pass. The pass's bar code wouldn't actually get you onto a plane, Soghoian noted, but it looked authentic enough to fool most TSA screeners standing by the metal detectors.

Soghoian said his purpose in creating the fake passes was to show how easily such security measures could be overcome.

"The only way for these kind of problems to get fixed, are through public full disclosure," he wrote on his site at the time. The Transportation Security Administration and Homeland Security, he said, "cannot be expected to fix anything unless they are publicly shamed into doing so."

The government wasn't impressed.

An outraged congressman initially called for Soghoian's arrest, and late last month, the FBI showed up on his doorstep and ordered him to remove the boarding pass generator from his site, which he promptly did. Hours later, the FBI returned with a search warrant.

"I didn't sleep at home last night," Soghoian wrote. "It's fair to say I was rather shaken up. I came back today, to find the glass on the front door smashed. Inside, is a rather ransacked home, a search warrant taped to my kitchen table, a total absence of computers - and various other important things. I have no idea what time they actually performed the search, but the warrant was approved at 2 a.m."

An FBI spokeswoman contacted by BoingBoing.net would not discuss whether charges were pending, saying only, "We will confirm that he has not been arrested."

And Soghoian is no longer talking publicly about the incident, other than occasional updates on his blog, slightparanoia.blogspot.com.

But in a bit of good news for the 24-year-old student, Soghoian noted that Rep. Edward J. Markey, a Massachusetts Democrat, is no longer seeking his incarceration.

"Under the circumstances, any legal consequences for this student must take into account his intent to perform a public service, to publicize a problem as a way of getting it fixed," Markey wrote in a press release last week. "He picked a lousy way of doing it, but he should not go to jail for his bad judgment."

And Markey grudgingly concluded that Soghoian had highlighted a very real security flaw: "It remains a fact that fake boarding passes can be easily created and the integration of terrorist watch lists with boarding security is still woefully inadequate. The best outcome of Mr. Soghoian's ill-considered demonstration would be for the Department of Homeland Security to close these loopholes immediately."

So Soghoian's blunt message appears to have sunk in with at least one government official.

How long the FBI will focus on the messenger is unknown.

Listen to Troy McCullough's podcasts at baltimoresun.com/onblogs.

Baltimore Sun Articles
|
|
|
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.