Australian airport security – does it break your IT department's policy?

Filed Under: Cryptography, Privacy

Australian airport security generally requires that you take your laptop out of your bag and submit it separately for scanning. But anyone passing through the checkpoint can pick up another person's belongings, whether by accident or design. And non-travellers can then leave the secure area immediately, returning to the public part of the airport. (Policing who collects what at Australian airports is left, as the textbooks say, "as an exercise to the reader".)

Since many laptops look alike, I therefore try to arrange the sequence in which I submit my possessions so that I and my laptop pass through the checkpoint at the same time. This means I don't have to leave my laptop flapping around unattended on the other side of the X-ray machine whilst I await my turn at the metal detector.

Yesterday, however, entering Canberra airport, the metal detector was set to "detect a paperclip" sensitivity, and my usually-unremarkable shoes triggered an alarm. Returning to the X-ray input chute and taking my shoes off meant that my laptop passed quickly and completely out of my sight and control, in a place thronged with people.

Realising, at least in theory, that I had just gone outside Sophos's IT security guidelines, I spoke to the duty manager at the security checkpoint. "Do you take any sort of responsibility at all for my belongings when you separate me from them during screening?"

He smiled very pleasantly and announced, in the proudly polite but certain tones of one sharing an unassailable religious doctrine (which, I suppose, is exactly what he was doing), "No responsibility whatsoever, Sir!"

I was surprised to hear this. Given the worldwide concerns about airport security, I'd have thought that the Federal government would require the private companies which operate the checkpoints to provide some sort of assurance about, and to take at least some sort of responsibility for, the security of the objects they are required to screen.

In Singapore airport, for example, a simple numbering system matches the tray in which you place your laptop with a plastic ticket you are given. The security officer checks your ticket against your laptop on the other side of the checkpoint to make sure you are picking up the right one.

In Australia, reclaiming laptops is pretty much a free-for-all. So with claims that 12,000 laptops are lost each week at American airports, and with me working for a company which sells security and control software, I'll make a recommendation.

Don't leave home without full disk encryption!

, , , , , , , , ,

You might like

One Response to Australian airport security – does it break your IT department's policy?

  1. Nigel · 712 days ago

    "No responsibility whatsoever, Sir!"

    There it is, right in plain sight --- the motto of the fraud mechanism that passes itself off as "government". They're not even ashamed to admit it. They know you can't take your business elsewhere. They have a monopoly on that service, enforced by bureaucratic edict.

    The purpose of real government is to protect the lives and/or other property of those who subscribe to its services. Ultimately, that's what "security" is all about. When you hand that job over to someone else, they had better have a proprietary interest in providing the service competently, or you're going to get incompetent service.

    What do the drones at the airport "security" checkpoint have on the line? Little or nothing. It's a completely non-proprietary operation. They have no risk. They can be rude, incompetent, or arbitrary in the use of authority for which they have no responsibility. Ultimately, that's why government (as it is currently implemented by political states) cannot provide any genuine security. Authority without responsibility FAILS.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog