Wednesday, October 25, 2006

Airport (in)security for the masses

I realized today that editing HTML, while easy enough for a geek, is still far too difficult for population at large.

And thus, I now present: Chris's Northwest Airlines Boarding Pass Generator

Using this, you can:

1. Meet your elderly grandparents at the gate
2. 'Upgrade' yourself once on the airplane - by printing another boarding pass for a ticket you're already purchased, only this time, in Business Class.
3. Demonstrate that the TSA Boarding Pass/ID check is useless.

Have fun!


Anonymous said...

Beware that NWA could sue you for copyright infringement, for the design of their boarding pass or for distributing an image of their logo from your web site.

Perhaps link to that image directly from NWA.

Anonymous said...

Ever since the invention of online checkin, it's been easy to print "fake" boarding passes or boarding passes with different names, etc.

But printing a fake boarding pass does NOT breach security.

1) The gov't does not require ID to fly. If you don't have ID, you can submit to an additional security check (see,71115-0.html). At most airports, ID checks aren't even performed by TSA--they're performed by commercial contractors hired by the airlines to protect the airlines' nontransferability rules.

2) Regarding the no-fly list, Osama is not going to have any easier a time getting through with a fake BP with someone else's name as he will with a legit BP with someone else's name. Either way, he can just use fake ID (or submit to the extra screening for pax without ID). In fact, he'll have an easier time simply booking a ticket under an alias--since he'll actually be allowed on the plane (not just into the airside area of the airport).

3) Even if a bad guy makes it through security with a fake BP, he's still gone through security. For all the TSA's shortcomings (and there are plenty), they're reasonable effective at screening out weapons and explosives from passengers (and purported passengers). The main reason non-passengers aren't allowed through the TSA gauntlet is because it would put an additional burden on TSA--not because non-passengers pose a greater security threat than passengers.

4) NOBODY WANTS TO ATTACK THE AIRPORT. Airport security exists to protect airplanes, not airports. If a terrorist wants to kill people on the ground, there are plenty of easier targets (train stations, shopping malls, movie theaters, etc.) without having to schlep out to the (relatively) heavily guarded airport.

Please consider removing your boarding pass generator. It points out a flaw in TSA's policy of excluding non-passengers, yes. But it's not a significant threat to anybody, and given the TSA's consistently idiotic responses to perceived threats (even when they're non-threats like this), I wouldn't be surprised if some jerk in Washington decided to ban online checkin because you pointed out its "security flaws."

Online checkin saves passengers time and the airlines money. Please don't ruin it for everyone by provoking the TSA into banning it.

By all means, continue criticizing the TSA. They suck. But this is not one of the reasons why.

Anonymous said...

Interesting article, and a clever hack.

While I don't disagree that the TSA security is useless, your second technique (involving a real and fake boarding pass) wouldn't work as stated for someone on one of the watch lists, since someone on one of those lists (or a random selectee) can't print a boarding pass at home. The potential terrorist would have to go to the ticket counter and get a boarding pass (with SSSS markings). I'm pretty sure this pass is supposed to be examined at the gate to make sure that the more-rigorous screening has happened. So the potential terrorist would have to carry a marker pen and make some illegible mark on the boarding pass in order to fool the gate staff. Since this is clearly impossible, we have nothing at all to worry about. :)

Anonymous said...

You can't upgrade yourself by just changing the text content of the boarding pass. It ain't that simple.

Anonymous said...

It's funny, this script is all over the net now, just do to the fact that the news makes it a curiosity...

The underground sites have all this stuff anyways... half the sites are in some cave in China... ;-)


Anonymous said...

It is unfortunate that pointing out what should have been an obvious oversight is legal and making a proof of concept is not; Anyone that has heard George Carlin's tirade on Airport 'security' can appreciate that an Airport is neither safe or secure. I really hope this works out well for you.

Anonymous said...

We love to shoot the messenger, especially when the emporer has no clothes -- as is certainly the case here.

Security at the airport is in all likelihood little more than an illusion. That an entire society shares this illusion only makes it a mass delusion, a known form of psychosis.

The cognitive dissonance that results from knowing how vulnerable we are, how inconvenient the airport security screening is, and how useless it is, is almost too much to bear. The psychic toll weighs heavily and we seek relief.

Yet the very act of going through the ritualistic motions of the check-in process somehow soothes the angst - as long as we believe it wards off evil spirits and evil doers.

An online boarding pass generator does not provide any relief. To the contrary, it merely jabs a stick into our pyschic wound, so we aim at its courageous creator.

It has always been thus.

Outta Names