Physical security at airports is a curious affair. Writers like Bruce Schneier have been pointing this out for years. Schneier, indeed, is said to have been the first to use the term ‘security theatre’ to describe the often arbitrary, frequently petty, sometimes pointless and occasionally actually counter-productive rules and regulations which various security guards at various airports in various countries trot out as if they were laws.
Sometimes, it’s not theatre, but farce, which my Mac’s dictionary delightfully defines as “a comic dramatic work using buffoonery, … crude characterisation and ludicrously improbable situations”.
I was recently forced to surrender of a tin of deodorant because it bore the label 100g/153ml, yet allowed to keep a second tin of exactly the same product labelled 100g.
(I won’t name the brand, but to the marketing person who came up with that ‘enhancement’, I will say, “Well done!”)
Current airport security precautions are not entirely pointless. X-raying carry-on baggage is sensible enough, and so is checking that passengers don’t get on the wrong plane, if only to prevent a nasty bout of air-rage when they find out they are going to Perth instead of Cairns, which is roughly the same as going to Moscow instead of Madrid.
But I’ve never met anyone who thinks that aiport security precautions are effective, because it’s so easy to see the gaping holes, and it’s so obvious how much time is frittered away enforcing abstruse regulations which would better be spent actually looking out for genuine risks.
Of course, since we’re all smart enough to realise that airport security isn’t, you’d think we’d be smart enough to watch out for our own security once we’re inside. Sadly, we don’t – especially when it comes to computer security.
Here’s a good example. The Qantas lounge in Sydney, home to some of the world’s most impressively industrial cheese and biscuits, now boasts huge-screen Mac computers for guests to use. They’re gorgeous, new, and quick. You can even boot them into Windows if you must.
But if you are serious about your own security, and you read my report on kiosk hacking from Kiwicon, you’ll know that your best bet is not to use airport internet access terminals at all. If you must use them, stick to the most general browsing – for example, the same sort of headlines everyone else is likely to be reading.
Someone who travelled ahead of me to Brisbane recently didn’t follow my advice. Worse still, he didn’t even log out, reboot or reset his browser when he shot off to catch his plane.
I’ve adapted the details to protect the identity of the risk-taking traveller, but I can tell you that he works for a large consulting and business analysis company, that his name is Wieweet Iemand, that he was probably born in, or once lived in, a town in the Netherlands called Ergensdorp, and that towards the end of November he met with his client, a large mining conglomerate called Diggittup, to discuss Biznistuff.
There’s more, but I will spare him further embarrassment. (Mr Iemand from Brisbane: if you see this, there’s a spelling mistake on your LinkedIn profile. It would be pragmatic if you were to fix it.)
Please, Naked Security readers, take care not to leave a trail of personally identifiable information behind you when you travel. It’s bad enough to do so at any time, but you are particularly at risk when you are on a trip.
And avoid those kiosks. Generations before you managed to circumnavigate the globe without checking their email every hour and Tweeting every few minutes. Getting online is useful, and important, but sometimes it’s safer just to make it wait.
PS: I didn’t mention Wikileaks once!