(A)bort, (R)etry, (I)gnore: Perspectives on Information Security

Various agencies have heralded the use of backscatter X-ray machines [wikipedia] as a safe, non-invasive technique for scanning airline passengers to detect weapons or devices hidden under clothing or in sensitive areas of the body.

Independent of the security value of these machines, I was curious about how they operated, who developed them, and who sells them.

Steve Smith appears to be a scientist involved in creating similar technology (the “SECURE 1000“); the company Rapiscan seems to sell a variety of these kinds of devices. The SECURE 1000 looks different than backscatter machines I’ve seen at airports. It looks like Dr. Smith has been fairly successful; his research group’s Web site (http://www.spectrumsdi.com/) redirects to SAIC.

The ISU site claims that the risks from radiation of these machines is negligible.

This concept is a pretty hot topic:

“Airport admits ‘strip search’ body scanners WILL show people naked”

“X-ray Body Scanners Arriving at Airports”

Slate, with the salacious title: “Digital Penetration”

The dailymail article above quotes an official saying: “The images are not saved, you literally walk through, the screener hits a button to say clear and the image goes.” The Slate article quotes the TSA: “‘Images will not be printed, stored or transmitted,’ TSA swears on its Web site.” [the link Slate provides is broken, but here is the TSA main page for "Advanced Imaging Technology" and the "Privacy" subtopic. -Ed.]

This claim is what troubles me most. It troubles me because it sounds like officials repeating a marketing line they’ve been handed by companies selling these sorts of systems, with little real proof or assurance for the public that these machines have been certified not to store the images.

Given the requirement to have the personnel looking at the scan be physically removed from the subject being scanned means that these images are captured and transmitted to some computer terminal. This in turn means that the image or file traverses a network and most likely winds up on a commodity PC screen. There is likely some file and temporary storage involved here — making sure that this data is completely wiped from the system and not inadvertently saved (even on hard disk temporary or memory swap space) is a non-trivial programming exercise. And there is a tangible energy cost to proactively deleting information.

The TSA privacy Web page for this technology says: “Advanced imaging technology cannot store, print, transmit or save the image, and the image is automatically deleted from the system after it is cleared by the remotely located security officer. Officers evaluating images are not permitted to take cameras, cell phones or photo-enabled devices into the resolution room.”

While this is an admirable sentiment, as a citizen, I’d like to see proof of these limitations rather than a statement of policy. In fact, given that running wires and cabling is an expensive process (and leads to messy trip hazards), I suspect the transmission of these images is wireless. It would be interesting to observe the wireless frequencies in use at airport checkpoints (something that can be done very surreptitiously, unless laptops are banned completely) and capture the data passing over them.

Also of interest, TSA’s Freedom of Information site: http://www.tsa.gov/research/reading/index.shtm. Among the documents here are PDF scans of citizen feedback on backscatter technology [PDF], ranging from a few well-argued positions to short, barely legible emotional reactions to various TSA practices. Also present are contracts that TSA has with various private companies. Good to see which beltway bandits are hooked up to the TSA teat. Finally, there are also videos of Salt Lake City’s checkpoints.

Threats to privacy exist in a number of forms. What is interesting about the following case is that the government is using the prosecution of someone who is probably guilty of breaking drug laws as a vehicle to expand its surveillance powers over law-abiding citizens. This is akin to the story of the motorcyclist in Maryland who was charged with wiretapping the police that pulled him over simply because he had a helmet cam. If the government can’t tolerate being observed, taped, recorded, and tracked, than why should citizens? Is not the citizen supreme? Doesn’t the government exist to serve the citizen, not the other way around?

http://www.time.com/time/nation/article/0,8599,2013150,00.html?hpt=T2 (Time.com)

It seems like we’ve reached a state in the US where the value proposition of living in a “free” republic has become less meaningful. Four hundred years ago, European settlers were quite willing to live on the frontier, braving the dangers that come with little or no infrastructure in return for the freedom of self-determination. In contrast, modern America seems to have become addicted to too many comforts; in the course of “outsourcing” the maintenance of law and order (so that we can continue ordering Starbucks, sending Tweets, and watching American Idol), we’ve given away extraordinary powers to those “security” institutions.

And here is the irony of it all — these institutions, faced with solving an impossible problem (the security and safety of every citizen) continually request (or seize) even more power, justifying said initiatives by claiming they need yet another power to keep us safe. This gradual process inexorably ends in a police state: there is no other social attractor at the end of this particular road. Only a determined and vigilant effort at reducing the size and scope of government power can combat this tendency. It likely takes civic leaders willing to assume a short, unspectacular political career: they come in, fix the problem, upset some portion of the electorate, and subsequently get voted out.

I’m concluding two years of experience with a 15-inch Macbook Pro, Mac OS X 10.5.8, 2.4 GHz Intel Core 2 Duo, 4 GB RAM. My experience suggests that the perceived “quality” of Macs is overrated — they are no more or less high quality than other commodity notebooks.

Specific complaints follow:

1. keyboard and trackpad randomly stop responding; reboot fixes issue for short time. Keyboard occasionally “stutters” or repeats characters until another key is pressed. This requires me to carry around an external keyboard and mouse. I hypothesize that the battery comes into contact with the keyboard and trackpad connector and leads to a short or overheated wire.
2. battery is effectively dead; unplugged operation of notebook leads to about 5 minutes of uptime before hard power off
3. the battery/CPU/GPU put off tremendous heat (others have noticed this “feature” of Macbooks
4. internal optical drive intermittantly fails to read CDs or DVDs; total failure about a year in
5. the “Automatically adjust brightness as ambient light changes” option under Display occasionally “checks” itself (even though I have unchecked it). As a result, the screen dims at inconvenient times
6. the built-in iSight camera has recently (within past 6 months) stopped working (this makes keeping in touch with family difficult, as I need to reboot every time I want to video Skype). I can get it to work briefly by shutting down the machine, resetting the system memory as described by Apple (with machine off, press and hold the power button for 5 seconds), and rebooting. When I manually reposition the physical screen position, the camera stops responding (in the middle of Skype sessions). It appears that the camera also stops working upon a suspend/closing the lid. From these symptoms, seems like a loose wire or connector.

Do I have good things to say about this machine? Yes, but they basically amount to “it works.” The negatives listed above, however, strongly detract from the overall usefulness of this machine, particularly as a mobile platform.

Helpful configuration information:

http://www.ucalgary.ca/it/help/articles/email/clients/tbirdosx/ldap