Slashdot Log In
FBI Raids Security Researcher's Home
Posted by
kdawson
on Sat Oct 28, 2006 07:09 PM
from the senator-did-it-first dept.
from the senator-did-it-first dept.
Sparr0 writes, "The FBI has raided the home of Christopher Soghoian, the grad student who created the NWA boarding pass site. Details can be found on his blog including a scanned copy of the warrant. The bad news is that he really did break the law. The good news is that Senator Charles Schumer did it first, 19 months ago, on an official government website no less. The outcome of this trial should be at least academically interesting. At best, it could result in nullifying some portion of the law(s) that the TSA operates under." Read on for Sparr0's take on what laws may apply in this case.
Boiling down some of the legalese, the charges (if any are filed) will be "conspiracy to knowingly present a false and fictitious claim upon or against the United States, or any department or agency thereof in violation of USC 18 (secs. 2, 371, 1036, 1343, 2318) and USC 49 (secs. 46314 and 46316) and 49 CFR (secs. 1540.103 and 1540.105)" (edited for brevity).
Related Stories
[+]
IT: Congressman Calls for Arrest of Security Researcher 574 comments
Christopher Soghoian writes "Yesterday, I published a tool that allows you to Create your own boarding pass for Northwest flights. This was an attempt to document the fragile and broken state of identity/security for domestic flights in the US. Today, Congressman Markey (D-Mass) has called for my arrest." From the ABC article: "'I don't want to help terrorists or help bad guys do bad things on airplanes, but what we have now is what we in the industry call security theater. It's made to make you think you're secure without actually making you secure,' Soghoian said. 'As a member of the academic research community, I consider this to be a public service.' Soghoian admits that he hasn't actually tried to use one of the boarding passes yet."
[+]
IT: Charges Dropped In Fake Boarding Pass Case 135 comments
An anonymous reader writes, "Investigators have dropped the criminal case against Christopher Soghoian after satisfying themselves that he acted without criminal intent. The grad student had created a web site capable of printing fake airline boarding passes. Soghoian is quoted: 'If they fix the airport security problems... then this entire process has been worth it. If they don't fix airport security, then... what was the purpose?'" Soghoian's blog has insightful comments about the divide between security researchers and government officials on subjects such as TOR.
[+]
IT: TSA Now Investigating Boarding Pass Hacker 270 comments
An anonymous reader writes "A week after the Justice Department cleared him of any wrongdoing, Chris Soghoian, the Indiana University PhD student who created an online boarding pass generator for Northwest Airlines to highlight security holes is on the government's 'no-fly' list. The Transportation Security Administration has now launched its own investigation, says Wired blog 27strokeB. The TSA is claiming that Soghoian 'attempted to circumvent an established civil aviation security program established in the Transportation Security Regulations,' violations of which carry fines of up to $11,000 per violation. That could be a steep fine, says Washingtonpost.com's Security Fix blog: 'Something like 35,000 people viewed and possibly used the boarding pass generator during the less than 72 hours that it was live on his site in November. Soghoian told WaPo: "If they decide that the only safe way for me to leave the country is by boat, then that's pretty much the end of my career here in the States. It's one thing to harass researchers, but if they can chase them out of the country, then that's a real chilling effect."'"
[+]
IT: Boarding Pass Hacker Targets Bank of America 160 comments
Concerned Customer writes "The fake boarding pass guy is at it again. His blog shows a demonstration phishing website that is able to bypass the SiteKey authentication system used by Bank of America, Fidelity, and Yahoo. Users will be shown their security image, even though they're not visiting the authentic websites." This hack compounds the study showing that users don't pay attention to the SiteKey pictures anyway.
[+]
IT: Lax TSA Website Exposed Travelers' Information 81 comments
sjbe sends in an old story with a poetic justice ending. Almost a year ago Chris Soghoian blogged about multiple security holes exposing visitors to a TSA site to possible identity theft. Wired and others picked up the story and the TSA took down the insecure site and fixed the problems. On Friday the US House of Representatives Committee on Oversight and Government Reform released a report (PDF; HTML summary) finding that the TSA contractor, Desyne Web Services, had received a no-bid contract for the faulty site from a former employee who was then a TSA project manager. TSA has taken no action to sanction the responsible parties for the vulnerabilities. The poetic justice is that Soghoian had been investigated for 6 months by the FBI and TSA because he pointed out a vulnerability in the US air transport system; no charges were ever filed.
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
Too bad it has to be this way (Score:5, Insightful)
It's unfortunate that exposing holes in our security gets no press until someone actually leverages the hole to cause harm. For years before 9/11, the U.S. knew our airports were pitifully insecure, particularly Boston Logan, yet failed to do anything about it. So even though we'll be safer as a result of Christopher's work, he may be in prison. Unfortunately our society aplauds the whistleblower only well after the whistle has been blown, and the government aplauds them almost never at all.
Re:Too bad it has to be this way (Score:5, Insightful)
Parent
Re: (Score:3, Funny)
Re:Too bad it has to be this way (Score:5, Insightful)
Parent
Re: (Score:3, Interesting)
Re:Too bad it has to be this way (Score:4, Insightful)
Thoughtless disclosure has the potential to make things a lot worse. In the software example, if another ping of death exploit were found, simply announcing it to everyone in full would be foolish (unless you wanted to make a point and shame an organisation, then it would be foolish and malicious, and possibly illegal).
The line between sensible and thoughtless disclosure is a tricky one though. If the secret society of bad guys already know about it then all bets are off, but how do you know?
"Excuse me bad guys, are you aware that a ping with x, y and z parameters will crash a machine running w OS?"
"We are now"
"... doh!"
It should certainly be illegal for a commercial organisation to fail to respond to notification of a vulnerability in their software, but again, under what parameters? Does Microsoft have any obligation to fix holes in Windows 95? Is there any obligation to fix holes in Linux 1.x.y? (and who's obligation is it?)
There should be answers to all of these questions though, and a protocol to follow, so that this sort of mess doesn't happen.
Parent
Re:Too bad it has to be this way (Score:5, Informative)
In this case, the vulnerability had been made clear by others months prior to this disclosure. In fact, this wasn't so much a disclosure as much as it was a public demonstration of just how easy it is to exploit the already known vulnerability.
Attempting to shame an organization isn't necessarily foolish and malicious. If that organization is a government body charged with insuring your safety, and it is failing spectacularly to do so, you might desire to shame it publicly in order to improve its behavior. Illegal, I'll grant -- and often the law is unjust.
Parent
Re:Too bad it has to be this way (Score:4, Insightful)
If you want another example, read this: http://www.swiss.ai.mit.edu/6805/student-papers/s
For a wealth of information about problems with our airport and airline security, start reading archives of Bruce Schneier's Crypto-Gram: http://www.schneier.com/crypto-gram.html [schneier.com]
Parent
The only way to be certain... (Score:5, Insightful)
The chance of them knowing is the probability of them finding the information multiplied by the probability of knowing the value multiplied by the probability of producing a workable exploit.
The chance of you knowing if they know is the probability of them knowing multiplied by the probability of you knowing who the bad guys even are, multiplied by the probability of obtaining real information (they can jam anyone monitoring them by flooding the information space with junk information), multiplied by the probability of you knowing you even have real information, multiplied by the probability of being able to determine what the information actually means.
Counterintelligence is an exceptionally difficult field with a painfully poor track record. Most published successes have been by a series of sheer fluke events and staggering luck. Most published failures were unlikely to be anything else. We don't know about the unpublished stuff, but percentagewise, are we more likely to see bragging over achievements or failures, if both can be equally hidden?
I'm not saying that everything should be published, merely that it should not be assumed that not publishing is the same as others not knowing.
Now, can a case ever be made for publishing everything? Yes. Game Theory requires that all "full information scenarios" have a strategy for one side and one side only that will ALWAYS result in the winning conditions being met, no matter what the other side does. It is possible to imagine situations, particularly in computing where there is essentially no randomness and a "full information scenario" is possible, where the outcome can be guaranteed, if you want it to be.
No matter what anybody else might say, it is not the job of an enemy to make your life easy, so we shouldn't expect them to. We should expect them to do the researcxh, the legwork, the analysis to figure everything out. They might indeed just wait until someone tells them, but that should be a bonus. It should not be your modus operandi. In computer security, you must assume that there are opponents out there who could have all of the industry-standard backdoor passwords, a complete printout of every Operating System and network device QA test that failed and got overlooked, and a copy of the highest-end vulnerability scanner the commercial sector has going for it.
Hell, we know that a Russian spammer got a tier-1 backbone provider to turn off Blue Frog's Internet connectivity. Turning off a link like that is very traceable, but appears to have been regarded as mere amusement for the backbone provider. The same provider is hardly likely to show scruples when it comes to handing out internal or commercially-sensitive data, software or anything else. Given the repeatedly low scores on security for many US government departments and the almost routine mishandling of classified data, there are probably those in the information black markets who know more national secrets than the entire White House combined. If one backbone provider is riddled with corruption and pwned by organized crime, then we must assume that such people are unlikely to be avoiding big money out of a sense of decency and moral fortitude.
But if the most dangerous people have the most dangerous information already - and that includes whatever terrorists might actually exist - then most of the obscurity only serves to increase the value of what has already been stolen. This makes the thieves rich, the criminals dangerous, and the politicians popular for appearing to do something, but it doesn't make anyone else - users, vendors, bystanders - any better off at all. Illusions are fun on the stage, but they should be left there.
Parent
From Senator Schumer's Feb 13, 2005 Press Release (Score:4, Informative)
Schumer today laid out the following scenario in which someone on the terrorist watch list can get through airline security undetected:
1. Joe Terror (whose name is on the terrorist watch list) buys a ticket online in the name of Joe Thompson using a stolen credit card. Joe Thompson is not listed on the terrorist watch list.
2. Joe Terror then prints his "Joe Thompson" boarding pass at home, and then electronically alters it (either by scanning or altering the original image, depending on the airline system and the technology he uses at home) to create a second almost identical boarding pass under the name Joe Terror, his name.
3. Joe Terror then goes to the airport and goes through security with his real ID and the FAKE boarding pass. The name and face match his real drivers license. The airport employee matches the name and face to the real ID.
4. The TSA guard at the magnetometer checks to make sure that the boarding pass looks legitimate as Joe Terror goes through. He/she does not scan it into the system, so there is still no hint that the name on the fake boarding pass is not the same as the name on the reservation.
5. Joe Terror then goes through the gate into his plane using the real Joe Thompson boarding pass for the gate's computer scanner. He is not asked for ID again to match the name on the scanner, so the fact that he does not have an ID with that name does not matter. [Since Joe Thompson doesn't actually exist it does not coincide with a name on the terrorist watch list] Joe Terror boards the plane, no questions asked.
Based on the above press release by a US Senator, shouldn't Schumer be charged with similar crimes?
Parent
Re: (Score:3, Insightful)
Re:Too bad it has to be this way (Score:5, Insightful)
He didn't.
That is endangering everyone unnecessarily.
No, it's not. As plenty of others have already pointed out, it doesn't matter if Osama f'in Bin Laden is sitting
in the seat beside you on your flight... As long as he doesn't have a bomb, or any other means of creating problems
on the flight, the fact that it's Osama is irrelevant. So these fake boarding passes *might* help somebody
get on a plane who isn't allowed... big deal, they will still be searched, run through a metal detector, bomb-sniffing
crap, etc. This is completely insignificant from a security standout.
And even if it were a security flaw, people have to realize that with freedom comes danger. It's probably a little bit more
dangerous to live in a very free country, than one with a strict totalitarian regime who controls every movement everybody makes... but most
people will take that tradeoff. I know I sure will. "Give me Liberty or give me Death" is not just a cute sound bite to me.
Parent
Re:Too bad it has to be this way (Score:5, Interesting)
One can only hope that most people see their freedom/liberty and individual rights being slowly eroded in the name of (bogus) safety.
I don't know about you, but I have never been directly adversely affected by a terrorist or some obvious act of terrorism (not the namby-pamby kind of "terrorism" that involves nothing more than someone feeling uncomfortable or vaguely threatened).
On the other hand, the War on Terrorism, like the War on (Some) Drugs, and every other crisis the U.S. government invents to further its agenda, to the detriment of the best interests of the people and in direct opposition to its ostensible reason for being, namely to uphold the Constitution of the United States, is making my life (and quite probably that of most people reading this) worse on a regular basis.
These days, unlike when I was a teenager, the equivalent of the Gestapo goon's order, "Your papers, please!", is very real in the USA. The jackbooted thugs are not Nazi Germans, but rather TSA, BATF, DEA, EPA, and FBI agents as well as other minions of the federal government and their state and local bully boys.
Why should any average person, engaged in ordinary behavior be expected to carry ID, much less present it like a good little subject/ward of the State?
Of course, I may be out of touch...I remember when the very notion of patenting an idea was considered absurd. Software patents would have been dismissed as ludicrous. So it goes...downhill. I also remember when I could go to the airport, buy a ticket (paying with cash if that was my preference), get on a plane and travel, effectively anonymously as one's stated name was simply accepted, and arrive at my chosen destination (within the U.S., anyway); never feeling the presence of any government agency looming over me (with the remote exception being the FAA
It all boils down to this: Who do you want controlling your life (and the lives of the people you interact with on a daily basis) -- you (and them), or Big Brother armed with the latest high tech surveillance gear, weaponry and a nearly complete disregard for the Constitution?
I'll take my chances when I get on a flight to Las Vegas that some rabid anti-abortion, anti-gambling activist group has not decided to hijack the plane and crash it into Caesar's Palace as some sort of protest against all the imagined evils that it's members think Sin City represents.
I know, based on statistics and documented history, that I am far more likely to be harmed by government than I am by an organization such as Al Quaeda. Taxes taken out of my pocket to fund these government Wars on This, That, and The-Other-Thing which just happen to make me less free are definitely a threat to my well being. Are you any different?
For liberty,
Fractalzone
Parent
Re: (Score:3, Insightful)
It's no different than computer viruses. Nobody really cares too much about computer security until they get their first viru
Re:Too bad it has to be this way (Score:5, Insightful)
- This was such an obvious flaw - one could reasonably assume security officials knew about it
- Many others - including Senator Schume, and Slate Magagine (http://www.slate.com/id/2113157/) had drawn attention to this "vulnerability" prior to Soghoian
- Soghoian had tried to publicise the problem previously without sucess - then he had his brilliant idea of producing his PHP script to demonstrate the ease with which the vulnerability could be exploited - only by doing this did he really succeed in fulfiling his duty to publicly report the problem. He has done a better job than either the Senator or Slate Magazine or the others who knew about this flaw in bringing it to the public's attention - he should be applauded for doing that.
- The fact that he has published on anonymity Preserving in P2P Networks strongly suggests that he could have acted anonymously if he had wanted to (or felt he needed to)
I am quite shocked that if Slashdot was the Jury, and the Jury's opinions were the initial opinions of the individual Jurors and not those of the Jury acting as a committee following deliberation that we wouldn't have unaminously aquited Soghoian. I'm in the UK - and this scares me - given the state of the extridaition arrangements the UK has agreed to with the USA and the potential for indefinate imprisonment in the US for non-citizens. I've been to the US twice on business this year, reading this and the countless articles like it will certainly make me think twice before arranging another trip.Parent
Re:Too bad it has to be this way (Score:5, Insightful)
He's one guy, he's young, and he's been entirely open and straightforward about why he's doing this--that gives him a much better chance to shame the TSA. It would've hurt his case (with the public, at least) if he'd looked furtive.
And someone with determination (not to mention search warrants) could probably figure out who he was eventually anyway.
Well, I'm applauding.
You can also contribute to his legal defense fund [blogspot.com], if you'd like to show your support.
Parent
Re:Too bad it has to be this way (Score:4, Insightful)
If the government thinks that he is enabling the "terrorists", they may also see contributing to his defense fund as contributing to terrorists which would result in your loss of habeas corpus. That said, while I have mixed feelings about what he has done (in terms of leaving his identity out there vs. taking a clearly political stand), I do feel that his is a worthy cause.
Just my 0.02 cents.
Parent
Re: (Score:3, Funny)
It Doesn't Have To Be This Way (Score:3, Insightful)
No rational allocation of resources would have beefed up passenger screening after 9/11. I don't care if you do get a AK-47 on a plane nowadays you won't be able to hijack it and crash it into a building for the simple reason that the people on the plane KNOW they will die if they let you fly the plane.
9/11 was a one time deal. It worked because no one expected
Re:Too bad it has to be this way (Score:4, Insightful)
If he had simply pointed out the hole, people would be calling him a fearmonger.
It would, if the DMCA didn't solely cover breaking security mechanisms that serve to prevent copyright infringement. That's not what happened here.
So you just discredited your own statement? Thanks?
This is the type of thing that gets modded as Interesting on Slashdot?
Parent
Re:Too bad it has to be this way (Score:4, Insightful)
And there's no good reason for us to put up with it now.
Parent
Security post 9/11 (Score:5, Informative)
I was a airplane re-fueler at Edmonton International Airport post 9/11 (Shell Aerocenter 2002-2003) . I can tell you this. EVERY refueler and most baggage handlers carry knives or a multi-tool (ie. leatherman) of some sort. So do many pilots. Why is this? We use them to lever open hatches, latches, open your bags for the video cameras ect. (I shit you not. I know several guys who carry those little keys that fit the little locks on your bags so they can poke around in your bags) It would be a snap for some one on the inside to plant a knife. Or even a small gun.
But how do you get past security you ask. I'll tell you. We don't. We have our own entrances and exits and these don't use metal detectors or our steel-toed boots would set them off every time. The only thing that is our security check is our id tags. Sure we go through an extensive process before we are issued one but there's lots of criminals working at your airports. That and they aren't that tough to forge. If you have a "friend" at your local DMV you could probably do it.
So security is tight at the terminal? You can charter a small to large plane at your local FBO. We never check you or your bags. Why would we? We think you are some rich guy who jaunts around on his private jet. Perfect for loading with explosives and plowing into buildings on you jihadic quest.
But what about the regular people who go through security? Did you know that you are allowed 10 packs of matches but no lighters? I can do a shit load of damage with ten packs of matches and I'm sure you could too! Oh yeah the metal detectors that you walk through aren't sensitive enough to pick up a bic lighter. If you get caught with one. Just say oops, my bad I forgot about it and make sure they see your pack of smokes. They'll take the lighter away and thats it!
If you are worried when they swab your laptop and you've been chopping some of columbia's finest ontop of it don't worry. They are searching for bomb residue. But here's a secret. They don't swab your MP3 players, video cameras, and cell phones. They just scan them with the machines. I'm not sure how many ounces of high explosive you fit in a video camera but i'm guessing it's a fair amount.
What about sniffing dogs? I fly all over the place to meet up or disembark from ships. I can't remember the last time I saw one. Why? They are a bitch to train. (pun semi-intended) Something like one out of every 20 makes the grade. And THEN they are split up for K-9 tracking, bomb sniffing, narcotics, sniffing, blind leading ect. The odds of running into a dog is pretty slim unless ou are at one of the well funded big airports. (LAX, Heathrow ect.) Most of the guys who I work with on multi-national ships regularily bring some drugs home. Not alot, but a few grams to help make the welcome home party a bit more welcoming.
These flaws are just a few I could think of off the top of my head. So whats the point? If you are creative enough (and hackers prove this regularily) and determined enough you can get past and security thats in place. Especially when it's so shoddy like it is at our airports.
So to be honest some one forging a boarding pass should be the least of their worries. Happy flying!
Parent
Re: (Score:3, Insightful)
He saved the HTML from NWA's actual ticket printout page on their website, and made a form to fill in like 10 variables mad-libs style. I hardly call that "a powerful tool". More like saving somebody who knows how to right-click about 90 seconds of work to forge it themselves.
Re: (Score:3, Interesting)
This is just being a bully instead.
Disclamer: I did not see the site when it was up so I have made some assumptions here which could be wrong.
I wouldn't mess with NWA (Score:5, Funny)
Real reason he is being arrested: (Score:5, Insightful)
We all now the TSA is a scam, we all know we are not one bit safer, we all know the airways are no better than they were before 9/11. Just a great hat trick.
Re:Real reason he is being arrested: (Score:4, Interesting)
or making it easy for other people to do so.
I think part of his point is that it was already easy for other people to do so. Not that pointing out the obvious will probably help him much from his cell in Gitmo...
Parent
Re:Real reason he is being arrested: (Score:4, Informative)
If you so desired, you could actually read the laws that you obviously have no understanding of.
Oh, if that were only true. John Gilmore's been trying for years now to do exactly that -- to read the laws/regulations under which the TSA operates and to which we're subject. Even with his millions of dollars and army of attorneys, he hasn't been able to to break the shroud of secrecy surrounding these laws, what makes you think anyone else can?
Or didn't you realize that the US now has secret laws [papersplease.org] that the public is not allowed to read? And that courts (9th circuit district and appellate) have ruled that the government doesn't have to show us the law? Hopefully the Supreme Court will correct the situation, but I'm not holding my breath.
Parent
For his sake (Score:5, Insightful)
Of course, at this point...I wonder if they even care that the public would be aware.
Re:For his sake (Score:5, Funny)
Oh no, not a hell storm of nerds posting anonymous comments on Internet messageboards! Anything but that!
Parent
Re: (Score:3, Interesting)
I'm actually referring to the mass media who will be picking this story up, posting it online, and informing the unwashed masses about the situation. The internet is FAR more than anonymous nerds these days, perhaps you'd better re-evaluate your statement.
Re:For his sake (Score:5, Insightful)
Oh, wait... this is planet earth, I forgot.
Parent
Conspiracy? (Score:3, Interesting)
Legal Defense Fund (Score:4, Informative)
http://slightparanoia.blogspot.com/2006/10/legal-
Cue typical slashdot pro-State responses... (Score:3, Insightful)
2. "He broke a law, he should go to jail." The court system should be mandated to tell the jurors in all trials about their right to nullify terrible laws. Jury nullifaction is more than a priviledge, it is a right even greater than serving on a jury.
3. "He didn't do anything wrong." This shouldn't matter either way unless he violated someone's property or person himself. I find it outrageous that people are arrested for inciting violence -- the gun doesn't kill, the inciter doesn't kill, it is the person who physically performs a violent act that is the cause of the violence. Not only did he do nothing wrong, we shouldn't even be considering whether or not he did or didn't. Did he harm anyone physically? Did he physically steal anything? Did he trespass?
On top of those 3, we should also realize that the laws pertaining to security are 100% unconstitutional. The airplanes are private. The airports should be privatized (I can't see how airports could be considered federally-regulated properties). The passengers are generally private citizens. The Constitution is clear on this, too -- it should be left up to the individual States and the people.
This is what you get when you have democracy -- even a republican form of it.
"Democracy is the most vile form of government...democracies have ever been spectacles of turbulence and contention: have ever been found incompatible with personal security or the rights of property: and have in general been as short in their lives as they have been violent in their deaths." James Madison
"Democracy... while it lasts is more bloody than either [aristocracy or monarchy]. Remember, democracy never lasts long. It soon wastes, exhausts, and murders itself. There is never a democracy that did not commit suicide." John Adams
The U.S. isn't going to hell in a handbasket, it's been there since 1913 (or 1865, if you consider the traitor Lincoln's actions).
Thankfully, there are a great number of opportunities to vacate from the system without leaving the lands of the "Nation." I can only hope that more freedom lovers just stop voting for authority and move forward to taking that authority back.
Write to your senator now ... (Score:4, Insightful)
I would like to bring your attention to the outrageous behaviour our government agencies have displayed regarding the matter of security researcher Christopher Soghoian's comments on the TSA security procedures.
Quite frankly the FBI raid on his premises are beyond comprehension for a country that preaches freedom and respect for human rights.
Not only would I like you to help in resolving Christopher's plight, I would also ask that you investigate and bring to the public's attention the true nature of the effectiveness of the TSA policies as well as to the rather offensive nature of the "secrecy" of the policies upheld by the organization.
Public transparency of the government is very important to me and any help you can give to avoid being virtually disenfranchised due being unable to evaluate the performance of my elected officals is critical.
Sincerely
Exposing the powerful is always a crime (Score:5, Interesting)
And so a corollary is that any security researcher who exposes a risk or danger is a criminal (;-))
--dave
Schumer may not be relevant (Score:4, Interesting)
More to the point is that Bruce Schneier was pointing out the boarding pass problem in _2003_.
What exactly were they looking for? (Score:3, Insightful)
Re:What exactly were they looking for? (Score:5, Insightful)
The repairs for any damage that the FBI did, include the maliciously broken window (really, the FBI doesn't know how to pick locks?) will come out of his pocket.
And yes, now they can scan his hard drive for whatever they want, im / chat logs, "kiddie porn" (aka porn involving a girl who faked her ID, even if it is sold through regular channels under the belief that it is legal - it just takes 1 of these to get a mandatory sentence of several to a dozen years in prison, depending on the state).
Anything that can be used for character assassination will be. It doesn't help that that congressman who is trying to look tough on terrorism opened his mouth either.
Parent
all this hoopla over nothing (Score:4, Informative)
Which raises the question: why have the watch lists in the first place? I think they are more psychological than anything else: they give the impression that there is a continuing threat, they give the impression that the government is doing something, and they make people willingly give in to controls that they previously wouldn't have considered. Remember: you used to be able to travel across this nation without the government being able to track your every step.
Re:all this hoopla over nothing (Score:4, Informative)
Great piece and it is pretty much guaranteed that you'll feel the watch lists are a joke (or a bigger joke) after you watch it.
It's on their annoyingly bad website. These links should work.
Video [cbsnews.com]
Article [cbsnews.com]
And "Security Theater" is an excellent way to describe the "security" measures that have been enacted over the past few years.
Parent
A good time for prosecutorial DISCRETION (Score:4, Insightful)
Legal Defense (Score:3, Interesting)
The fact that he is going through this for pointing out a flaw is pretty horrifying. That said, hopefully the justice system will 'do justice' to keep this guy out of prison. Even still at best he's going to be pretty shaken up by this for a while to come, and probably be out a fairly sizable chunk of money in legal defense; at worst, he's gonna have a pretty horrible time (can't check punishments as all but final 2 of the USC links The Fine Summary are 404s). All for pointing out what should be a fairly apparent flaw in a 'security' system. I guess the guys at the FBI just like arresting folk [wikipedia.org] for things like that. Hell, why didn't they arrest Andy Bowers of Slate for his research / article [slate.com] too?
Also, can some pro-2nd amendment folk go and give him some "legal defence"? You know, protect people from the government and all that... ;-)
Who are the terrorists in this case? (Score:5, Insightful)
terrorist noun A person who uses terrorism in the pursuit of political aims.
terrorism noun The use of violence and intimidation in the pursuit of political aims.
I quote from his blog [blogspot.com]:
This is a case of classic police-state gestapo tactics.
This guy hasn't done anything wrong, he hasn't even hilighted a previously unknown security flaw, and now he's subject to this kind of treatment...
Re:What did he expect? (Score:5, Insightful)
You wanna rethink that analogy there, "Reality Master"? Cause I'm pretty sure they call those places "locksmiths."
Parent
A question of intent (Score:3, Informative)
The fact that he published his identity and did this entire thing above-board settles the question of intent for me. He was not maliciously motivated. That is the basis by which we
Read The Declaration of Independence. (Score:3, Insightful)
Freedom requires that people stand up, publicly, for what they believe in. That is why the 1st Amendment reads:
Simply striking against a conve
Re:Read The Declaration of Independence. (Score:5, Interesting)
The founding fathers did not sign that document and then nailed a copy to the kings door when it was only 8 of them. They did that quietly and only AFTER they had sufficient strength to overcome the oppression that would be sent when they made their intentions public.
THAT is the difference. If the article's author got 30-40 researchers and professors to all stand together and say "screw you Homeland security! you give us NO security!" and then published the proof to that effect, the FBI would not have raided their homes in 24 hours, a cowardly senator would not have opened his big trap against them and the government would have had to treat them very VERY differently.
A single person is easily opressed and removed. a larger group, specifically a group that is well known is not.
Parent
Re: (Score:3, Insightful)