[Archive Home][Date Prev][Date Next][Index]

"TSA Now Investigating Boarding Pass Hacker"

Title:

Thursday, December 7, 2006

Column: Security Fix
TSA Now Investigating Boarding Pass Hacker
By Brian Krebs
The Washington (DC) Post

Last month Security Fix reported that Chris Soghoian -- the Indiana University doctoral student who created an online boarding pass generator to demonstrate security holes in the Transportation Security Administration's "no-fly" list -- had been cleared of any wrongdoing by the FBI and the Justice Department.

Well, turns out the guy isn't out of the woods yet.

On Wednesday afternoon, Soghoian received a letter from the TSA informing him that the agency is conducting its own investigation into the allegation that he "attempted to circumvent an established civil aviation security program established in the Transportation Security Regulations." If Soghoian is ultimately found to have attempted said circumvention, the TSA said, he could be subjected to civil penalties of up to $11,000 per violation. That could be a steep fine: Something like 35,000 people viewed and possibly used the boarding pass generator during the less than 72 hours that it was live on his site in November.

[I can only imagine the calculus that went into picking that fine amount: "TSA guy #1: Wait, people just aren't going to take this seriously if we make it just a measly $10,000 fine." TSA guy #2: "By George, you're right! We'd better add another grand on there just to be on the safe side."]

All kidding aside, this is kind of absurd. It's absurd because the cat is already out of the bag. That's the way information on the Internet works: Once it's out there, it's incredibly hard if not impossible to get it all back. Soghoian's site has no doubt been archived by anyone who would want to use it for malicious or illegal purposes (this guy, operating under what is in all likelihood a pseudonym, continues to mirror the Northwest Airlines boarding pass generator that Soghoian built.)

Soghoian has until the day after Christmas to respond in writing to the charges against him. For him, worse than the specter of fines is the notion that he may one day find his own name on the TSA's no-fly list.

"If they decide that the only safe way for me to leave the country is by boat, then that's pretty much the end of my career here in the States," Soghoian said. "It's one thing to harass researchers, but if they can chase them out of the country, then that's a real chilling effect."

You can read a scanned copy of the TSA letter at Soghoian's site.

On the Web:
http://slightparanoia.blogspot.com/2006/12/early-christmas-gift-from-tsa.html

http://j0hn4d4m5.bravehost.com/

Prev by Date: "U.S. Airline Chiefs Ponder: Merger Wave or Ripple?"
Next by Date: "Troops can camp at Phoenix airport"
Index(es):
- Main

Fair Use Notice
This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of political, human rights, economic, democracy and social justice issues, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. For more information go to: http://www.law.cornell.edu/uscode/17/107.html. If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner. If you have any queries regarding this issue, please Email us at stepheni@cwnet.com