Bruce Schneier’s head might explode. The noted cryptographer and security Obi-Wan Kenobi has been a longtime critic of the US Transportation Security Administration (TSA) – accusing the agency of incompetence in the way it operates security screening at US airports.
Now come reports that the agency has been tipping its hand to would be terrorists by disclosing what kind of security screening passengers who use the TSA’s Pre Check program will receive up to 24 hours before their flight.
The security lapse, first spotted by aviation bloggers, could give terrorists an easy way to slip through security check points with forbidden material without fear of getting caught.
Pre Check is a TSA program that allows frequent flyers on participating airlines to get expedited screening on domestic travel. There are separate screening lanes at airports, and Pre Check passengers don’t have to do the hated TSA striptease: removing shoes, belt and outerwear, while disgorging the contents of their bags and pockets. It’s all very civilized. But insecure.
The news about the chatty boarding passes percolated up from aviation blogs, such as Puckinflight, where travel enthusiasts noticed that flight information encoded in barcodes printed on Pre Check boarding passes wasn’t encrypted.
Passengers could print out their boarding pass in advance, then scan the printed barcode to determine whether or not they would be screened at the airport.
As Puckinflight notes, the security lapse creates two problems. First: because the barcodes aren’t encrypted, passengers can alter information on the front of the boarding pass. Second, passengers can actually change their Pre Check status, generate a new barcode and then digitally alter the boarding pass so that they won’t get screened.
The story left experts scratching their head, including Schneier:
What a dumb way to design the system. It would be easier - and far more secure - if the boarding pass checker just randomly chose 10%...of PreCheck passengers to send through regular screening.
If the checks are random – as they should be – why assign them in advance, Schneier wondered.
This isn’t the first time the TSA has found itself in hot water over insecure boarding passes.
In 2006, the security and privacy rights gadfly Christopher Soghoian got himself raided by the FBI after he created a boarding pass generator that would create fake boarding passes for Northwest Airlines. Despite the fact that he merely applied techniques that had long been public knowledge about how to create bogus passes, and exploiting obvious gaps in airport screening processes.
Security experts complain that the TSA uses separate systems to issue the boarding passes and to check passengers in, making it easy for anyone with a computer to digitally alter a legitimate boarding pass and board a plane.
The TSA addressed some of those concerns when it moved to use encrypted barcodes in 2009 – a move that made it harder to digitally manipulate legitimate boarding passes. But that begs the question of why the agency elected to use unencrypted barcodes for its Pre Check program.
Experts like Schneier also accuse the agency of putting too much emphasis on procedures that make a show of security – like shoe scanning, bag emptying and checking photo IDs – but that provide little real security, because they’re noisy – too many false positives – or easy to circumvent.
Though embarrassing, the Pre Check boarding pass flaw is just one of many in a deeply flawed system, Schneier argued. He wrote:
I don't feel any less safe because of this vulnerability.
The TSA did not immediately comment for this story.