This called for a visit to TSA headquarters. The headquarters is located in Pentagon City, just outside Washington. Kip Hawley, the man who runs the agency, is a bluff, amiable fellow who is capable of making a TSA joke. “Do you want three ounces of water?” he asked me.
I raised the subject of the ID triangle, hoping to get a cogent explanation. This is what Hawley said: “The TDC”—that’s “ticket document checker”—“will make a notation on your ticket and that’s something that will follow you all the way through” to the gate.
“But all they do is write a little squiggly mark on the boarding pass,” I said.
“You think you might be able to forge that?” he asked me.
“My handwriting is terrible, but don’t you think someone can forge it?” I asked.
“Well, uh, maybe. Maybe not,” he said.
Aha! I thought. He’s hiding something from me.
“Are you telling me that I don’t know about something that’s going on?” I asked.
“We’re well aware of the scenario you describe. Bruce has been talking about it for two years,” he said, referring to Schneier’s efforts to publicize the gaps in the ID triangle.
“Isn’t it a basic flaw, that you’re checking the no-fly list at the point of purchase, not at the airport?”
He leaned back in his chair.
“What do you do about vulnerabilities?” he asked, rhetorically. “All the time you hear reports and people saying, ‘There’s a vulnerability.’ Well, duh. There are vulnerabilities everywhere, in everything. The question is not ‘Is there a vulnerability?’ It’s ‘What are you doing about it?’”
Well, what are you doing about it?
“There are vulnerabilities where you have limited ways to address it directly. So you have to put other layers around it, other things that will catch them when that vulnerability is breached. This is a universal problem. Somebody will identify a very small thing and drill down and say, ‘I found a vulnerability.’”
In other words, the TSA has no immediate plans to check passengers against the no-fly list at the moment before they board their flight. (Hawley said that boarding passes will eventually be encrypted so the TSA can follow their progress from printer to gate.) Nor does it plan to screen airport employees when they show up for work each day. Pilots—or people dressed as pilots—are screened, as the public knows, but that’s because they enter the airport through the front door. The employees who drive fuel trucks, and make french fries at McDonald’s, and clean airplane bathrooms (to the extent that they’re cleaned anymore) do not pass through magnetometers when they enter the airport, and their possessions are not searched. To me this always seemed to be, well, another “vulnerability.”
“Do you know what you have on the inside of an airport?” Hawley asked me. “You have all the military traveling, you have guns, chemicals, jet fuel. So the idea that we would spend a whole lot of resources putting a perimeter around that, running every worker, 50,000 people, every day, through security—why in the heck would you do that? Because all they have to do is walk through clean and then have someone throw something over a fence.”
I asked about the depth of background screening for airport employees. He said, noncommittally, “It goes reasonably deep.”
So there are, in other words, two classes of people in airports: those whose shoes are inspected for explosives, and those whose aren’t. How, I asked, do you explain that to the public in a way that makes sense?
“Social networks,” he answered. “It’s a very tuned-in workforce. You’re never alone when you’re on or around a plane. ‘What is that guy spending all that time in the cockpit for?’ All airport employees know what normal is.” Hawley did say that TSA employees conduct random ID checks and magnetometer screenings, but he did not say how frequently.
I suppose I’ve seen too many movies, but, really? Social networks? Behavior detection? The TSA budget is almost $7 billion. That money would be better spent on the penetration of al-Qaeda social networks.
As I stood in the bathroom, ripping up boarding passes, waiting for the social network of male bathroom users to report my suspicious behavior, I decided to make myself as nervous as possible. I would try to pass through security with no ID, a fake boarding pass, and an Osama bin Laden T-shirt under my coat. I splashed water on my face to mimic sweat, put on a coat (it was a summer day), hid my driver’s license, and approached security with a bogus boarding pass that Schneier had made for me. I told the document checker at security that I had lost my identification but was hoping I would still be able to make my flight. He said I’d have to speak to a supervisor. The supervisor arrived; he looked smart, unfortunately. I was starting to get genuinely nervous, which I hoped would generate incriminating micro-expressions. “I can’t find my driver’s license,” I said. I showed him my fake boarding pass. “I need to get to Washington quickly,” I added. He asked me if I had any other identification. I showed him a credit card with my name on it, a library card, and a health-insurance card. “Nothing else?” he asked.
“No,” I said.
“You should really travel with a second picture ID, you know.”
“Yes, sir,” I said.
“All right, you can go,” he said, pointing me to the X-ray line. “But let this be a lesson for you.”