True Security, or Job Security?

“We must plan for freedom, and not only for security, if for no other reason than that only freedom can make security secure” — Karl Popper

Remember when flying was an adventure?  When people-watching at the airport was fun, and walking through the gates to an aircraft would fill your soul with excitement and the feeling that you were going to see the world and to accomplish wonderful things?   I do too.

It hasn’t been that way for quite a long time now.  We’ve squeezed the life out of it.  The airlines charge ever more for less and less of the experience.  Having to pack differently and to show up two hours earlier for less of a flying experience makes it feel more and more like a bus ride to a neighboring town than an adventure.

What of this extra two hours, the standing in line, the extra layers of screening, and “no telling of jokes or otherwise filling the time!”?  What is the price we are paying, and what is gained at that price?  How much have you paid in extra fees over the past *13* years? How much has it cost for all the extra queues, the metal detectors, the body scanners, all the personnel, the bulletproof doors on cockpits?  What has that extra two hours on top of the ride to the airport, check-in, baggage, cost you out of your vacation time or business time?

What do we all get for all this expenditure?  Are we more safe?  Do you get a warm, fuzzy feeling, knowing that someone in a uniform scrutinizing your undershorts?  Do you feel better overall?  I’d like to see the yearly statistics on the number of actual, bona fide threats that have been thwarted after all this outlay.  Sure, they have trashed countless tubes of toothpaste, wasted many hours of peoples’ lives, and maybe found a few hundred thousand little pocketknives, but I am talking about serious threats by people who seriously wanted to do those around them serious harm.  How many?  2? 5?

Ladies and gentlemen, I would like to share the results of a security audit performed on one of the backscatter scanners by RADSEC.  it’s not terribly long, but what you will see might surprise you.


“One of the primary goals of the Transportation Security Administration (TSA) is to provide the highest level of security and customer service to all who pass through our screening checkpoints.” —

“Our duties are wide-ranging, but our goal is clear: a safer, more secure America, which is resilient against terrorism and other potential threats.” —

When the scanners and their operating systems were being designed, they insisted on a closed engineering model, hoping to keep anyone from defeating the security measures by simply keeping details of how the scanner works as a secret.   Those who are familiar with software development and OSS can cite thousands of instances where this method gets you the exact opposite.

The RadSec team was able to get the scanner as a government surplus item via eBay.

Available on eBay — The scanner designers seem to have assumed that attackers would not have access to a Secure 1000 to test and rehearse their attacks. However, we found that we could purchase a government-surplus Secure 1000 from an eBay seller, even while the machines were still in use by TSA.

Here is the report by RADSEC:  Rapiscan Secure 1000

These things are horrible, don’t do what you think, and as you see in section 4, are horribly hackable, and you can even capture partial images from anywhere nearby of someone else being scanned.

Oh, just the scanners, you say?

How about this?  tsa-on-the-run

Or maybe this one?  Hey, thanks for the 900 Million dollars.  Let’s flush it.  What could be better than spending nearly a billion dollars to say you have “trained” people to follow their gut suspicions, and then just drop the program entirely, saying that it isn’t effective?

The airline industry sure has changed, but if you talk with gate agents, attendants, or pilots, you will find that it’s not better for them, and we already know that it’s not better for passengers.

Show of hands, how many of us have looked at flight prices, started to calculate the extra cost, time, and effort, and then decided to make it a long car trip instead?  I thought so.