If there’s one thing that I can’t stand, it’s people who don’t learn from their mistakes, and here once again, the TSA has failed to learn. Once again they evacuated a terminal, took many people and crammed them into small spaces, and created a huge target for a bomber, this time in Terminal 8 of JFK. This time the incident occurred because someone went through a door he shouldn’t have gone through.
Author: Eliot
Our Nightmare at Newark: TSA was a threat to our security
As you may already know, Newark Airport was in chaos on January 3rd due to a person walking through the exit of the so-called strerile area. The incident occurred around 5:20pm, around the time that we were sitting down for a dinner snack inside. Good thing. We were not to eat on the plane, which was scheduled to leave at 6:50pm. We boarded the plane, the door was closed but we didn’t go anywhere. After a time we were told of the breach. I packed our stuff up. Anyone who read the accidentally released TSA manual as I did would have known that this would happen once we learned that someone had gotten through. Sure enough that’s exactly what happened, which led to the scene depicted to the right, because everyone else was doing exactly the same thing.
This led to thousands of people being crammed into the outside normally insecure areas of Terminal C (I say “normally”) because all passenger areas within the terminal were at this moment insecure), an event for which the airport is unprepared. For one, there aren’t so many bathrooms outside of security. At Terminal C there are no restaurants. Furthermore, it was difficult to move about. Smart and lucky people might have made their way to the AirTrain and perhaps have gotten to Terminal A, where such conveniences could be found.
There were a lot of mistakes made, and many of them have been acknowledged. However, the biggest one has not. By evacuating the terminal in the way that they did, the TSA actually created a huge risk to many thousands of people by concentrating them in a small area. Had a small group of bombers walked into that area, with backpacks, not only could they have killed many people, but they also could have done so and survived. It would be the height of irony if the only portion of that terminal left intact was the secure part, while thousands were injured or worse.
They might even have been able to get away unscathed. Instead of avoiding the threat, the TSA magnified it by their actions. Doing nothing would have been less risky.
“But,” you say, “they had to reclear everyone, didn’t they?” My answer would be that it’s a seemingly nice idea, but it may not be practical. Here are some things the TSA could have done differently:
- Use teams of people to clear people at their flights by their gates. This is human intensive and not particularly easy, but it would have at least kept people from having to leave the secured area, and thus contributing to the risk. The interesting thing is that the TSA had a whole lot of staff doing a whole lot of nothing while the passengers were exiting the sterile area. And so they could have implemented this measure in some limited way for flights that were ready to go, where all passengers are accounted for.
- Work with the airline to cancel flights. Nobody thought to do this because apparently they didn’t understand the threat. In fact, Continental representatives contributed to the risk by encouraging people to wait and not rebook (more on this some other time). Continental needed to position a lot of planes anyway in order to avoid utter chaos in the coming days.
- Use other terminals and/or buses. That is, get people to areas that haven’t been compromised, and then move them to planes. This requires a fair amount of coordination with both the airline and the port authority. Those buses may not even exist at Newark.
But ultimately, there is no perfect answer to the question because each of these solutions costs money, and that requires that someone measure risk. The risk of letting one person through is at most one plane of several hundred people. This is so because the cockpit doors are reinforced. A terrorist might be able to get an explosive on board, but it would be unlikely that he could use it to direct a plane into a population center, which is what Newark Airport Terminal C’s outer areas became. And there is the risk equation.
Now you may say that I contributed to the risk by not leaving the area. True, I did. Indefensible. My wife and daughter should be quite upset with me, especially since I work in the business. Now it’s time for the TSA to own up. Oh, and it’s not just some local TSA guy who they can hoist this one on. Once security was breached, the local teams followed procedures in the manual.
Pancakes!
First, before I write anything else, HAPPY NEW YEAR! I hope 2010 is the best year of your life, thus far.
Here’s a recipe for pancakes I made for those who can get the ingredients.
Eliot’s Blueberry Apple Banana Pancakes
Ingredients:
- One egg
- Two cups low-fat milk
- One teaspoon baking soda
- One teaspoon vanilla
- Two tablespoons vegetable oil (these can be omitted to reduce fat)
- Two cups flour (all purpose, not self rising)
- 8 ounces of fresh blueberries (frozen won’t cut it)
- One large banana or one and a half smaller bananas, sliced thinly.
For the apples:
- two fuji apples
- One tablespoon vegetable oil
- One teaspoon cinnamon
Heat a pan to medium. Peel and core apple. Slice into relatively thin (but not paper thin) pieces, and cut into smaller bits. Add oil, apples and cinnamon. Fry for 5-7 minutes, stirring occasionally. When finished, remove from pan onto a plate and let cool. Add baking soda and vanilla to an egg and whisk. Add milk and vegetable oil and mix. Add flour while whisking (I use half cup measures). Mix in blueberries and bananas. Add in apples.
Heat a large pan to medium-high, greasing if necessary. Spoon quarter cup pancakes onto pan. Cook about 5 minutes and flip. Wait another minute and remove. Repeat until batter is gone and serve immediately.
Serves 4.
Credit Card Protections and Privacy Eroded Yet Again in the USA
When we got married, we ordered our invitations over the Internet from a company that seemed fairly reputable. Apparently, however, their ordering process was screwed up because we didn’t get the invitations until 6 weeks prior to the wedding. No big deal to some, perhaps, except that almost nobody was going to be local to the wedding location, and many people were going to have to book airline reservations. I asked the credit card company to stop payment to the vendor because of the late delivery.
Yesterday’s Wall Street Journal reports on a new service that vendors can use to spot consumers who stop payment through their credit cards. Sometimes consumers will stop payment when they have received products in time, and used them. This is particularly common this time of year, when lots of vendors sell lots of crap about which they know nothing. The consumer gets pissed off because they’ve just bought a no-good product, and the vendor gets pissed off, because they have to spend time fighting the consumer instead of selling.
The new service blocks consumers’ credit cards due to this so-called friendly fraud. In most cases, the consumer will likely have no idea why their card is being turned down, and will simply pay with cash (a vendor who accepts a different card from such a consumer would be stupid).
Is this the way things should be? Vendors are reporting credit card information to third parties without the consent of the consumer, and then that third party turns around and makes a profit on that information. The consumer is the loser for having availed himself or herself of her rights under the credit card agreement. What’s more, what is to stop a bad vendor from reporting a good customer? Who will have the last laugh?
Now some will say that a good customer can always fight, and the article does say that these new services often offer avenues of appeal. And I bet it will work not quite as well as credit agencies handle it. At least in those circumstances, there are laws.
Unwitting Mules and Computers
When I first traveled through Switzerland some 16 years ago, I went to France for the day, leaving from Geneva. On entering France, the guards saw a long, curly haired, American in a rental car, and they assumed I would be carrying drugs, so they took apart the car. I didn’t mind it until it occurred to me that perhaps the last guy who rented might have left something behind. Fortunately, none of that happened.
Last year, I attended one of my favorite conferences, the Workshop on the Economics of Information Security (WEIS08). I met there a number of good folk from the law enforcement community, and some talked about some of their successful investigations into crime on the computer. In one case, the investigators found megabytes of illicit material on someone’s hard drive. An astute and bright man from Microsoft by the name of Stuart Schechter pointedly asked the question how the investigators knew that the owner of the PC had stored the illicit material. The implication here would be that bad guys could be using the computer without the knowledge of its owner. The detective answered that such evidence is only one component used to charge and/or convict someone.
Now comes a case reported by AP in neighboring Massachusetts where this scenario has been brought to the fore. Michael Fiola, an employee of the state government, was fired, arrested, and shunned because some criminal broke into his computer.
What are the lessons to be learned? There is this common notion by many that end users aren’t generally the victims of the people who break into their computers. Not so in this case. There is also a belief that faith in government prosecutors alone will get an innocent person out of trouble. Not so in this case. They did eventually drop the charges, but only at the cost of his entire savings, large amounts of stress, etc.
This is not the only such case in which this has happened. So, do you know what’s on your computer? Are you sure?