December 22, 2024

Airport Screening Concerns Civil Liberties Groups

Aviation security leaders are moving forward with plans to shift toward a risk-based system of passenger screening — an idea supported by the travel industry and government officials who want screeners to focus on travelers who may present a security threat.

But as details emerge on how governments and airlines plan to distinguish between “trusted travelers” eligible for lighter screening and those who will receive more scrutiny, civil liberties groups and some European regulators are questioning the use of vast amounts of personal data to decide which travelers to examine more closely — or to prevent from flying at all.

Collecting and sharing information on passengers is at the heart of the new effort. The information governments use to vet passengers includes data individuals have volunteered by applying for trusted traveler programs, as well as information gathered through terrorist watch lists, criminal background checks and border checkpoint encounters.

The risk-based approach also extends to the list of items prohibited from the cabin, which the Transportation Security Administration recently revised to allow small pocketknives.

As the focus turns more to identifying suspect travelers, not just suspect items, the government is also looking at data that airlines and travel agents have collected on their customers, ranging from birth dates and passport numbers to potentially confidential details apparent in travel itineraries (like a flight to Pakistan) and group discount codes (for a trip to a conference, for instance).

For passengers on international flights, much of the data in these “passenger name records” is already shared with the Department of Homeland Security, although the agency has agreed to filter out certain records, like a traveler’s kosher or halal meal preference — a potential indicator of religion — barring “exceptional circumstances.”

But the prospect of using passenger data not just for border control, but also to make airport screening decisions, exposed a fissure between more privacy-oriented European officials and their American counterparts.

Peter Schaar, the federal commissioner for data protection and freedom of information in Germany, speaking on a panel at an aviation security conference in Brooklyn last week, said that any system that uses passenger data to assess the security risk posed by an individual should have to meet three criteria: it must be proved to be effective at rooting out terrorists; it must be proportional to that goal, without violating privacy rights; and it must avoid negative side effects, like discrimination.

“I question whether these proposals meet at least one of those,” he said.

That perspective was in the minority at the event organized by the International Air Transport Association and attended by screening equipment manufacturers, airline and airport security directors and government officials mostly eager to move ahead — despite budget constraints — with what they called the passenger differentiation concept.

Janet Napolitano, the secretary of homeland security, who spoke at the conference, described the agency’s shift as a “risk-based approach that attempts to segregate out passengers for whom we have a lot of information and can evaluate their risk as low-risk versus those that we know little about or that are higher risk.”

The T.S.A. also plans to focus more on devices that could do catastrophic damage to an aircraft. John S. Pistole, the agency’s administrator, announced that small pocketknives and some sports equipment would be allowed in carry-on bags beginning April 25 — an effort to more closely align American rules with European standards.

The American government would also like to expand its use of behavior detection officers who question passengers in security lines, a technique used in Israel, but the Government Accountability Office has faulted the way the program is being carried out in the United States, saying it has not met scientific standards of validation.

While airlines and equipment manufacturers are seeking similar security procedures worldwide, sharing travelers’ data across borders — which already happens to some degree — presents more complex challenges. Governments are debating when and how to recognize another country’s trusted travelers, and how to respond if nations like China start asking for the same level of passenger data that the United States demands.

Article source: http://www.nytimes.com/2013/03/12/business/passenger-screening-system-based-on-personal-data-raises-privacy-issues.html?partner=rss&emc=rss

Attack on Power Grid Could Cause Broad Hardship, Report Says

By blowing up substations or transmission lines with explosives or by firing projectiles at them from a distance, the report said, terrorists could cause cascading failures and damage parts that would take months to repair or replace. In the meantime, it warned, people could die from the cold or the excessive heat, and the economy could suffer hundreds of billions of dollars in damage.

While the report is the most authoritative yet on the subject, the grid’s vulnerability has long been obvious to independent engineers and to the electric industry itself, which has intermittently tried, in collaboration with the Department of Homeland Security, to rehearse responses.

Of particular concern are giant custom-built transformers that increase the voltage of electricity to levels suited for bulk transmission and then reduce voltage for distribution to customers. Very few of those transformers are manufactured in the United States, and replacing them can take many months.

In a preparedness drill in March, technicians shipped three specially designed transformers from St. Louis to Houston and rapidly installed them in a marathon effort. The transformers were the electrical equivalent of a Swiss Army knife, with multiple attachments so that they can be used in a variety of jobs.

They are functioning well, said one of the experiment’s supervisors, Richard J. Lordan, a senior technical expert at the Electric Power Research Institute, a nonprofit consortium based in Palo Alto, Calif. But follow-up steps — like figuring out how many such transformers should be stockpiled as well as developing storage depots, financing purchases of the equipment and planning how to allocate it in an emergency — have yet to be taken.

Changes in the electric industry have made the grid more vulnerable in recent years, experts say. The grid was mostly built to serve the needs of individual utilities, but regulators have cut the generation companies loose from the companies that transport and distribute power to foster a competitive market. That has resulted in far more electricity being shipped much greater distances and in difficulty winning consensus to build new lines. Meanwhile, the Sept. 11 attacks and weather catastrophes like Hurricane Sandy have underlined the need for ever more vigilant monitoring and technological improvements.

“I don’t think we pay quite enough attention to the technology fixes that would allow us to make the power system more resilient,” said Clark W. Gellings, a researcher at the Electric Power Research Institute who is one of the report’s authors.

For example, the report broaches the development of submersible electric switches that could be operated after a hurricane. Some of the other technologies that have been suggested, like more sensors to help operators determine the status of transformers and transmission lines, would also help the grid on an average summer day.

The report urges that cheaper ways be found to put power lines underground, which would protect them from some effects of storms, and also calls for changes in infrastructure that would reduce the kind of mutual dependencies that result in wider blackouts. For example, more traffic lights could run on high-efficiency L.E.D. lamps and be equipped with batteries, and small generators could be placed in spots where power is needed for pumping water. The natural gas system could be equipped with pumps that run on natural gas instead of electricity so that the system would survive an extended blackout.

The notion of a looming attack on the grid has recently gained a conservative political following, with Newt Gingrich, who sought the 2012 Republican presidential nomination, championing a novel that imagines the crippling of the nation and the starvation of millions by unidentified enemies using high-tech methods to fry components of the grid with an electromagnetic pulse. The report does not discuss that possibility, but the appendix does include “electromagnetic pulse” among other technical terms.

The National Academy of Sciences report mainly refers to less sophisticated attacks but also warns of cyberattacks or infiltration of the grid’s transmission operators. “Even a few pernicious people in the wrong place are a potential source of vulnerability,” it said.

The report was completed in 2007, and after reviewing it, the Department of Homeland Security decided to classify its contents. The version released on Wednesday is redacted to avoid handing terrorists a “cookbook” on how to disrupt the grid, the report said.

Mr. Gellings, the researcher, said that despite the delay, most of the points it makes are still valid, although a chapter on cyberattacks is out of date.

Article source: http://www.nytimes.com/2012/11/15/science/earth/electric-industry-is-urged-to-gird-against-terrorist-attacks.html?partner=rss&emc=rss

Disruptions: Fliers Still Must Turn Off Devices, but It’s Not Clear Why

Air France

Millions of Americans who got on a plane over the Thanksgiving holiday heard the admonition: “Please power down your electronic devices for takeoff.”

And absolutely everyone obeyed. I know they did because no planes fell from the sky. No planes had to make an emergency landing because the avionics went haywire. No planes headed for Miami ended up in Anchorage. We were all made safe because we all turned off all our Kindles, iPads, iPhones, BlackBerrys and laptops, just as the Federal Aviation Administration told us to. Realistically speaking, I’m going to bet that a handful of people on each flight could not be bothered, or forgot to comply.

According to the F.A.A., 712 million passengers flew within the United States in 2010. Let’s assume that just 1 percent of those passengers — about two people per Boeing 737, a conservative number — left a cellphone, e-reader or laptop turned on during takeoff or landing. That would mean seven million people on 11 million flights endangered the lives of their fellow passengers.

Yet, in 2010, no crashes were attributed to people using technology on a plane. None were in 2009. Or 2008, 2007 and so on. You get the point.

Surely if electronic gadgets could bring down an airplane, you can be sure that the Department of Homeland Security and the Transportation Security Administration, which has a consuming fear of 3.5 ounces of hand lotion and gel shoe inserts, wouldn’t allow passengers to board a plane with an iPad or Kindle, for fear that they would be used by terrorists.

New technologies are often greeted with fear and that is certainly true of a disruptive technology like cellphones. Yet rules that are decades old persist without evidence to support the idea that someone reading an e-book or playing a video game during takeoff or landing is jeopardizing safety.

Nevertheless, Les Dorr, a spokesman for the F.A.A., said the agency would rather err on the side of caution when it comes to digital devices on planes.

He cited a 2006 study by the Radio Technical Commission for Aeronautics, a nonprofit group that tests and reports on technical travel and communications issues. The group was asked by the F.A.A. to test the effects of cellphones, Wi-Fi and portable electronic devices on planes.

Its finding? “Insufficient information to support changing the policies,” Mr. Dorr said. “There was no evidence saying these devices can’t interfere with a plane, and there was no evidence saying that they can.” I’m not arguing that passengers should be allowed to make phone calls while the plane zooms up into the sky. But, why can’t I read my Kindle or iPad during takeoff and landing? E-readers and cellphones can be easily put into “Airplane Mode” which disables the device’s radio signals.

The government might be causing more unnecessary interference on planes by asking people to shut their devices down for take-off and landing and then giving them permission to restart all at the same time. According to electrical engineers, when the electronic device starts, electric current passes through every part of the gadget, including GPS, Wi-Fi, cellular radio and microprocessor.

It’s the equivalent of waking someone up with a dozen people yelling into bullhorns.

As more and more people transition from paper products to digital ones, maybe it’s time to change these rules.

Michael Altschul, senior vice president and legal counsel for CTIA, the wireless industry association, said a study that it conducted more than a decade ago found no interference from mobile devices.

“The fact is, the radio frequencies that are assigned for aviation use are separate from commercial use,” Mr. Altschul said. “Plus, the wiring and instruments for aircraft are shielded to protect them from interference from commercial wireless devices.”

Mr. Dorr reluctantly agreed. “There have never been any reported accidents from these kinds of devices on planes,” he said.


This post has been revised to reflect the following correction:

Correction: November 28, 2011

An earlier version of this column misstated the percentage of passengers in a 737 that it would take to account for about two passengers of that plane. It is 1 percent, not 0.01 percent.

Article source: http://feeds.nytimes.com/click.phdo?i=5c912cf3ae57ad1e8e65a4727837c67f

Security Firm Sees Global Cyberspying

However, as with a number of other alarming recent reports on computer spying, the study offered few details that would allow independent verification, and it was difficult to immediately assess the damage done. It did not identify the location of the attacking computer system, say what kinds of documents or information were stolen, or offer any direct evidence of a state’s involvement.

The company, McAfee, said it had identified 72 targets — 49 of them American, including 14 federal, state and county agencies and 11 defense contractors — and also informed law enforcement agencies, which it said were investigating.

The White House referred questions to the Department of Homeland Security. At a news conference on other matters, that department’s secretary, Janet Napolitano, said: “We became aware of the McAfee report, I think, today, which is when it was released to the press, as well. We obviously will evaluate it, look at it and pursue what needs to be pursued in terms of its contents.”

One of the few named organizations, the World Anti-Doping Agency, cast doubt on the report’s assertion that the agency had been subject to a 14-month attack that began in August 2009. In a statement, the director general, David Howman, acknowledged that the agency had experienced an e-mail breach in February 2008, but that “at this stage, W.A.D.A. has no evidence from its security experts of the intrusions as listed by McAfee and the agency has yet to be convinced that they took place.”

McAfee, which was recently acquired by Intel, said it released the report to coincide with the start on Wednesday of the annual Black Hat technical security conference in Las Vegas. Briefings were scheduled to be delivered at the conference. Details of the study were first published on the Web site of Vanity Fair.

Asked why McAfee decided not to identify most of the corporations that were targets in the attacks, the company said that the corporations were worried about being identified and alarming shareholders or customers.

Cybersecurity is now a major international concern, with hackers gaining access to sensitive corporate and military secrets, including intellectual property. The report comes after high-profile computer network attacks aimed at the International Monetary Fund, Sony and the Lockheed Martin Corporation, America’s largest military contractor.

Concern over attacks being carried out by nation-states is rising sharply, particularly after Google said last year that Chinese hackers stole some of the company’s source code. Many security experts say the Chinese government has built up a sophisticated cyberwarfare unit and that the government might be partnering with professional hackers. But the list of entities, government or private, suspected of hacking campaigns, is a long one.

Jeff Moss, an Internet security expert who founded the Black Hat Conference, said it would be hard to narrow down the suspects in a broad campaign. “China is a pretty convenient punching bag,” he said.

The company’s 14-page report, written by Dmitri Alperovitch, McAfee’s vice president for threat research, traced the attacks to at least 2006 and said they peaked in 2009. It calls the attacks highly sophisticated and said targets included governments, companies, and organizations in Canada, Japan, South Korea, Taiwan, Switzerland and Britain.

“After painstaking analysis of the logs, even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators,” the report said.

McAfee said it identified a single perpetrator in March, when it discovered detailed logs of attacks while reviewing the contents of a server it had discovered in 2009 as part of an investigation into security breaches at defense companies. Joris Evers, a spokesman for McAfee, said the server was in a Western country but that he could not be more specific.

McAfee called the attacks Operation Shady RAT — RAT stands for remote access tool, a type of software used to control networked computers.

The duration of the attacks ranged from a month to what McAfee said was a sustained 28-month attack against an Olympic committee of an unidentified Asian nation.

David Barboza reported from Shanghai, and Kevin Drew from Hong Kong. John Markoff contributed reporting from San Francisco and Somini Sengupta from Las Vegas.

Article source: http://www.nytimes.com/2011/08/04/technology/security-firm-identifies-global-cyber-spying.html?partner=rss&emc=rss