> From: Jan Coffey <[EMAIL PROTECTED]> > All you need is a printer. > > >From United: > > Save Time — Print out your own boarding pass > > We're pleased to introduce EasyCheck-in OnlineSM. Now from the convenience of > your home or office, you can print out your own boarding pass. Even if you > have bags to check, all it takes is a quick visit to united.com. Print out > your boarding pass and when you get to the airport, go through security and > then proceed right to your gate. It's a real time saver. For more details > about Easy Check-in Online
http://www.counterpane.com/crypto-gram-0308.html Security Notes from All Over: Photo-ID Verification A reader sent in this conversation he overheard at a corporate security desk one morning: Employee: I have lost my photo-ID card, can I get a day pass please? Security Guard: Certainly, what is your serial number? Employee: 123456 [Security guard pulls up the details on his computer, which includes a photograph of the employee.] Security Guard: Do you have a driver's license or another piece of identification which has your picture on it? Employee: Why would you need that? Security Guard: To match against our records. Employee: A picture of my face? Security Guard: Yes Employee: This is my face -- I am wearing it on my head. Security Guard: I need another piece of ID with a picture on it to compare against this one. This is a great story, because it illustrates how completely clueless security guards can be about how security really works. The point of the photo ID is to allow the guard to match a face with an authorization. A photo ID that is only issued to employees accomplishes that. The database does the same thing: it contains both the employee's photo and his authorization. But the guard doesn't understand that; all he knows is that he needs to look at a piece of plastic with the person's picture. -------------------------------------------------------------------------- ------ Flying on Someone Else's Airplane Ticket The photo-ID requirement on airplanes was established in 1996 by a still-secret FAA order. It was a reaction to TWA flight 800, which exploded shortly after takeoff, killing all 230 on board. This was an accident -- after 18 months the FBI concluded that there was no evidence of a bomb or missile -- but the ID requirement was established anyway. The idea is that checking IDs increases security by making sure that the person flying is the person who bought the ticket. After 9/11, the government decided that checking IDs multiple times increased security even more, especially since there is now a "watch list" of suspicious people to check the names against. It doesn't work. It's actually easy to fly on someone else's ticket. Here's how: First, have an upstanding citizen buy an e-ticket. (This also works if you steal someone's identity or credit card.) Second, on the morning of the flight print the boarding pass at home. (Most airlines now offer this convenient feature.) Third, change the name on the e-ticket boarding pass you print out at home to your own. (You can do this with any half-way decent graphics software package.) Fourth, go to the airport, go through security, and get on the airplane. This is a classic example of a security failure because of an interaction between two different systems. There's a system that prints out boarding passes in the name of the person who is in the computer. There's another system that compares the name on the boarding pass to the name on the photo ID. But there's no system to make sure that the name on the photo ID matches the name in the computer. In terms of security, this is no big deal; the photo-ID requirement doesn't provide much security. Identification of passengers doesn't increase security very much. All of the 9/11 terrorists presented photo-IDs, many in their real names. Others had legitimate driver's licenses in fake names that they bought from unscrupulous people working in motor vehicle offices. The photo-ID requirement is presented as a security measure, but business is the real reason. Airlines didn't resist it, even though they resisted every other security measure of the past few decades, because it solved a business problem: the reselling of nonrefundable tickets. Such tickets used to be advertised regularly in newspaper classifieds. An ad might read: "Round trip, Boston to Chicago, 11/22-11/30, female, $50." Since the airlines didn't check IDs and could observe gender, any female could buy the ticket and fly the route. Now that won't work. Under the guise of helping prevent terrorism, the airlines solved a business problem of their own and passed the blame for the solution on to FAA security requirements. But the system fails. I can fly on your ticket. You can fly on my ticket. We don't even have to be the same gender. _______________________________________________ http://www.mccmedia.com/mailman/listinfo/brin-l
