Matt Blaze's
EXHAUSTIVE SEARCH
Science, Security, Curiosity
Archives: 1 January 2007

There was a nice column by Randall Stross in the New York Times a few weeks back entitled "Theater of the Absurd at the T.S.A." [http://www.nytimes.com/2006/12/17/business/yourmoney/17digi.html]. (Unfortunately, the Times' perversely inverted pricing structure -- in which fresh news is free and old news is charged for -- means that the article may no longer be available on their free site by the time you look for it, but that's another subject for another day.) Anyway, the piece focuses on the ongoing plight of Christopher Soghoian, a computer science graduate student at Indiana University who has found himself in hot water for making available a web-based tool that creates visually convincing -- but entirely fake -- airline boarding passes. Soon after the site went online the FBI raided his home and shut down his site, but ultimately decided against filing any criminal charges. But the Transportation Security Administration isn't so sure. In spite of the FBI's declining to prosecute, the TSA is, as of this writing, apparently considering pursuing tens of thousands of dollars in administrative penalties against Mr. Soghoian. Bruce Schneier and I were both quoted in the Times piece, with the two of us suggesting that openness, rather than threats of fines and prosecution, would be a far better strategy for improving security here.

Does this mean I think putting the boarding pass generator online was a great idea? No, and in fact I have some serious reservations about it. But if Mr. Soghoian may have been guilty of a bit of poor judgement here, the TSA's behavior in response has been far, far worse -- and suggests problems much more damaging to our security than forged boarding passes.

I've finally decided to join the late 1990's and so have added a blog format to this site. Thanks to Jutta and the Questionable Utility Company of Northern California for nudging me forward with a nicely minimalist, intuitive interface where I can actually control system functions with shell commands, edit regular text files with regular text editors, and generally understand what's going on. (Before you ask: sorry, the software isn't yet available).

If it works out, I expect to publish most of my non-academic-paper-style writing here.

For a variety of reasons (spam, net kooks, and so on), I've decided against including an "add a comment" feature, at least for now. So if something I write so infuriates you that you simply must respond, you'll need to get your own blog to do it.