Perimeter
1/4/2010
05:28 PM
Rob Enderle
Rob Enderle
Commentary
Connect Directly
RSS
E-Mail
50%
50%

How Obama Could Fix Airline Security

Northwest Airlines' Christmas Day scare showcases why the current airline security program, which potentially violates due process and treats every passenger as a criminal, isn't working. It's time to start over and focus more on substance and apply a fresh set of eyes to this problem. This is one more chance for President Obama to give us a change we can believe in, and it's also a chance for us to look at airline security practices and take them for what they are -- an example of what not to

Northwest Airlines' Christmas Day scare showcases why the current airline security program, which potentially violates due process and treats every passenger as a criminal, isn't working. It's time to start over and focus more on substance and apply a fresh set of eyes to this problem. This is one more chance for President Obama to give us a change we can believe in, and it's also a chance for us to look at airline security practices and take them for what they are -- an example of what not to do.If you read the history of airline security, then you can see how we got into the mess in which some air carriers have been keeping folks out of bathrooms, preventing them from reading magazines, and are planning to install new x-ray "peep show" scanners. (I can't wait to see how long it will take the new naked image of my favorite celebrity who doesn't have a private plane to show up on the Web.)

We don't have this level of pain for buses, trains, or ships, yet each has the potential, with the right explosive device, to cause a catastrophe of even greater proportions. What if a tanker took out the Golden Gate Bridge? We've seen what a truck full of fertilizer can do to a government building, and a bomb in a train effectively changed the government in Spain, so it's not as if they are lower risk.

What happened with the airlines goes back to a policy created in 1972 that treated every passenger as a potential hijacker and evolved into treating every passenger as a potential terrorist. This is stupid because it destroys the related business and is reactive in nature. It clearly doesn't work.

In a free country -- at least this one -- we have something called due process where folks are supposed to be presumed innocent, but that is not how airport security is designed: IT presumes everyone is guilty; as we saw last month, that clearly doesn't work.

It's too costly to do it right. To make it work, you'd have to do in-depth interviews with each passenger, a full body scan, and an orifice probe much like what is done in prison (in-body explosives are already being used). And as recently demonstrated, the current process is severely limited by air travel's security workforce, which often makes this existing security structure ineffective.

The current system is reaching insane levels: Each new security requirement is being layered on top of each previous failure prone process, and the resulting mess has become unmanageable and ineffective. The TSA can't even keep practices secret, currently going after bloggers who, within hours of publishing, had the latest practices up on the Web.

The practices potentially violate our civil rights, yet we continue to act like it both works and is acceptable. Stuff like banning magazine-reading and carry-on luggage just seems insane to me -- and pathetic to others.

I think we need to step back, put emphasis back on identifying and focusing on the actually terrorists and criminals, and go back to the concept of due process. We should think about spending money on making planes safer to travel by making sure they can better withstand disasters, both man-made and natural, and focus back on saving lives on take focus off of treating all of us like criminals.

The lesson here that goes beyond air travel is that absolute security is neither practical nor possible, and you constantly need to reassess how you spend your security dollars to get the most security you can afford.

President Obama's opportunity is to step back and correct the mistakes of the past several decades and help make air travel more popular, more profitable, and more secure. This isn't without risk because any major change runs the risk that a successful terrorist will get though, and his success will be blamed on the change.

But they are currently likely to get through anyway, and the courageous path is to focus on saving lives long-term -- not avoiding hard decisions because they represent personal risk. The fact that the TSA seems to be more focused on nailing reporters who report leaks than in fixing their systems is just plain embarrassing.

I say this with the hope we can all enjoy a better, safer, and smarter decade in what is coming, and that we share a safe, secure, and happy traveling future.

-- Rob Enderle is president and founder of Enderle Group. Special to Dark Reading.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-1032
Published: 2014-09-17
Cross-site scripting (XSS) vulnerability in the Euroling SiteSeeker module 3.x before 3.4.5 for EPiServer allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party inf...

CVE-2012-1417
Published: 2014-09-17
Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com.

CVE-2012-1506
Published: 2014-09-17
SQL injection vulnerability in the updateStatus function in lib/models/benefits/Hsp.php in OrangeHRM before 2.7 allows remote authenticated users to execute arbitrary SQL commands via the hspSummaryId parameter to plugins/ajaxCalls/haltResumeHsp.php. NOTE: some of these details are obtained from th...

CVE-2012-1507
Published: 2014-09-17
Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) newHspStatus parameter to plugins/ajaxCalls/haltResumeHsp.php, (2) sortOrder1 parameter to templates/hrfunct/emppop.php, or (3) uri parameter to index...

CVE-2012-2583
Published: 2014-09-17
Cross-site scripting (XSS) vulnerability in Mini Mail Dashboard Widget plugin 1.42 for WordPress allows remote attackers to inject arbitrary web script or HTML via the body of an email.

Best of the Web
Dark Reading Radio