Perimeter
1/4/2010
05:28 PM
Rob Enderle
Rob Enderle
Commentary
Connect Directly
RSS
E-Mail
50%
50%

How Obama Could Fix Airline Security

Northwest Airlines' Christmas Day scare showcases why the current airline security program, which potentially violates due process and treats every passenger as a criminal, isn't working. It's time to start over and focus more on substance and apply a fresh set of eyes to this problem. This is one more chance for President Obama to give us a change we can believe in, and it's also a chance for us to look at airline security practices and take them for what they are -- an example of what not to

Northwest Airlines' Christmas Day scare showcases why the current airline security program, which potentially violates due process and treats every passenger as a criminal, isn't working. It's time to start over and focus more on substance and apply a fresh set of eyes to this problem. This is one more chance for President Obama to give us a change we can believe in, and it's also a chance for us to look at airline security practices and take them for what they are -- an example of what not to do.If you read the history of airline security, then you can see how we got into the mess in which some air carriers have been keeping folks out of bathrooms, preventing them from reading magazines, and are planning to install new x-ray "peep show" scanners. (I can't wait to see how long it will take the new naked image of my favorite celebrity who doesn't have a private plane to show up on the Web.)

We don't have this level of pain for buses, trains, or ships, yet each has the potential, with the right explosive device, to cause a catastrophe of even greater proportions. What if a tanker took out the Golden Gate Bridge? We've seen what a truck full of fertilizer can do to a government building, and a bomb in a train effectively changed the government in Spain, so it's not as if they are lower risk.

What happened with the airlines goes back to a policy created in 1972 that treated every passenger as a potential hijacker and evolved into treating every passenger as a potential terrorist. This is stupid because it destroys the related business and is reactive in nature. It clearly doesn't work.

In a free country -- at least this one -- we have something called due process where folks are supposed to be presumed innocent, but that is not how airport security is designed: IT presumes everyone is guilty; as we saw last month, that clearly doesn't work.

It's too costly to do it right. To make it work, you'd have to do in-depth interviews with each passenger, a full body scan, and an orifice probe much like what is done in prison (in-body explosives are already being used). And as recently demonstrated, the current process is severely limited by air travel's security workforce, which often makes this existing security structure ineffective.

The current system is reaching insane levels: Each new security requirement is being layered on top of each previous failure prone process, and the resulting mess has become unmanageable and ineffective. The TSA can't even keep practices secret, currently going after bloggers who, within hours of publishing, had the latest practices up on the Web.

The practices potentially violate our civil rights, yet we continue to act like it both works and is acceptable. Stuff like banning magazine-reading and carry-on luggage just seems insane to me -- and pathetic to others.

I think we need to step back, put emphasis back on identifying and focusing on the actually terrorists and criminals, and go back to the concept of due process. We should think about spending money on making planes safer to travel by making sure they can better withstand disasters, both man-made and natural, and focus back on saving lives on take focus off of treating all of us like criminals.

The lesson here that goes beyond air travel is that absolute security is neither practical nor possible, and you constantly need to reassess how you spend your security dollars to get the most security you can afford.

President Obama's opportunity is to step back and correct the mistakes of the past several decades and help make air travel more popular, more profitable, and more secure. This isn't without risk because any major change runs the risk that a successful terrorist will get though, and his success will be blamed on the change.

But they are currently likely to get through anyway, and the courageous path is to focus on saving lives long-term -- not avoiding hard decisions because they represent personal risk. The fact that the TSA seems to be more focused on nailing reporters who report leaks than in fixing their systems is just plain embarrassing.

I say this with the hope we can all enjoy a better, safer, and smarter decade in what is coming, and that we share a safe, secure, and happy traveling future.

-- Rob Enderle is president and founder of Enderle Group. Special to Dark Reading.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2006-1318
Published: 2014-09-19
Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, Office 2004 for Mac, and Office X for Mac do not properly parse record lengths, which allows remote attackers to execute arbitrary code via a malformed control in an Office document, aka "Microsoft Office Control Vulnerability."

CVE-2012-2588
Published: 2014-09-19
Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Enterprise 6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, or (3) Subject header or (4) body in an SMTP e-mail message.

CVE-2012-6659
Published: 2014-09-19
Cross-site scripting (XSS) vulnerability in the admin interface in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

CVE-2014-1391
Published: 2014-09-19
QT Media Foundation in Apple OS X before 10.9.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with RLE encoding.

CVE-2014-3614
Published: 2014-09-19
Unspecified vulnerability in PowerDNS Recursor (aka pdns_recursor) 3.6.x before 3.6.1 allows remote attackers to cause a denial of service (crash) via an unknown sequence of malformed packets.

Best of the Web
Dark Reading Radio