Congressman Calls for Arrest of Security Researcher

Christopher Soghoian writes "Yesterday, I published a tool that allows you to Create your own boarding pass for Northwest flights. This was an attempt to document the fragile and broken state of identity/security for domestic flights in the US. Today, Congressman Markey (D-Mass) has called for my arrest." From the ABC article: "'I don't want to help terrorists or help bad guys do bad things on airplanes, but what we have now is what we in the industry call security theater. It's made to make you think you're secure without actually making you secure,' Soghoian said. 'As a member of the academic research community, I consider this to be a public service.' Soghoian admits that he hasn't actually tried to use one of the boarding passes yet."

Re:not likely

[kfg]

Otherwise, you know, you couldn't be prosecuted for faking a bill of sale for a car, or a life insurance policy, or printing counterfeit currency, or most other forms of fraud that involve a printed document -- and you surely can.

I just created a fake bill of sale for a car. I have committed no crime, because I have not proffered it as genuine to anybody.

Fraud is a crime of intent.

KFG

Re:Ummm. The First Amendment?

[yorktown]

Unfortunately, the Supreme Court takes a very loose view of what the Constitution says. For example, it considers building a hotel and condominiums as "public use" for the purposes of eminent domain. http://en.wikipedia.org/wiki/Kelo_v._City_of_New_L ondon [wikipedia.org]

Note that all four of the dissenting justices in the Kelo decision were appointed by Republicans.

Re:not likely

[dgatwood]

The problem is that for every tale like yours, there are a thousand stories of people who found holes in a computer system, told the responsible party, and were promptly threatened with administrative action for "cracking". After all, if you weren't trying to break in, how did you stumble across the security hole to begin with?

And as I said, we've all been saying this for years. It simply took somebody having the guts to make a really visible, easy-to-use exploit for the problem before anyone would listen. I would almost bet money that they still won't listen---that they'll try to make an example of this guy and get the website shut down, but that no discernible improvement in security will result from the incident. That's how government works. That's how it has always worked, and short of regular and complete turnover of nearly the entire set of elected officials, that is how it always will work. Why? Because politicians, like most people, are fundamentally incapable of admitting that they made a mistake and apologizing, and thus, the only way to fix the mistakes made by elected officials is to elect different officials on a regular and ongoing basis to ensure that every issue gets regularly examined by new eyes.

Re:not likely

[FLEB]

Bull. You make one that puts a trivial "SPECIMEN" or "FORGERY" watermark on it, or just replaces the NWA logo (and thus gets around any other forgery/trademark issues that may arise, as well). It would still be pretty obvious.

Re:not likely

[91degrees]

True. But in both cases there would be be enough evidence to conclude that the reason for faking bill of sale, or for printing a boarding pass was because you had fraudulent intent. Ideally there would and should be a presumption of innocence, but I'd imagine that if you simply remained silent, the jury would have no qualms about finding you guilty of conspiracy to commit fraud.

Flash Update: The FBI is at The Door

[klausner]

Chris reports that the FBI is knocking [blogspot.com] on his door. The boarding pass generator [dubfire.net] is also (at least temporarily) down.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Let Markey know what you think

[psykocrime]

I suggest that all concerned Slashdotters contact congressman Markey [house.gov] and let him know what you think.

Re:Ummm. The First Amendment?

[maetenloch]

They don't have to file a case. Congress did away with Habeas Corpus recently, so they can just 'disappear' you, like all the other terrorists...

No, they didn't. Habeas corpus still applies to all U.S. citizens. Period.

What congress did in the MCA was say that non-citizens being held in Guantanamo Bay or who have been declared enemy combatants cannot claim habeas corpus rights. Note that it's not clear that they would have had habeas corpus rights even before the MCA was passed. This was an attempt by Congress to clarify the law after the recent Supreme Court Hamdan ruling.

As an aside the habeas corpus was suspended by President Lincoln during the civil war so there is precedent for doing this during wartime.

Re:Newark

[Ungrounded Lightning]

Listening to the radio this morning, they said Newark airport staff failed 20 of 22 tests involving guns and bombs being smuggled past security by undercover agents.

A few years ago I was in a security-check X-ray line. The guy ahead of me was such a "tester", smuggling a gun in his carrr-on bag. The gun was positioned against the side of the bag and sitting on its top surface, so the grip was up. It looked like a flattened-out bracelet on the X-ray.

The screener didn't catch it. The guy showed the screener how she had flunked and what a gun in that position looked like.

And I, along with a number of other people standing nearby, now know how to pack a gun in a carryon bag so it has a good chance of being missed in the X-ray screening.

Fortunately, screening machines have improved since then. For instance, some of the modern ones measure various parameters of the objects' interaction with the X-rays and generate false-color images coded by the type of material, rather than a grey-scale transmission map of a single view angle. This hack would be much tougher to get away with on the newer machines.

Re:not likely

[psykocrime]

I suspect very strongly that in the case of money, simply having the means to create counterfeit bills will probably land you in a whole heap of trouble.


This is why every American should immediately go visit FIJA [fija.org] and learn the truth about serving on a jury. Hint: you can judge the law as well as the facts, and juries ARE the "last line of defense" against oppressive government / bad laws. See Jury Nullification [wikipedia.org] and/or Peter Zenger [wikipedia.org] for more.

If I'm ever serving on a jury, I can guarantee you that I won't be voting to convict in any "victimless crime" situation, or anything where somebody is being charged with violating some bullshit law. Hung jury or acquittal, here we come.

Re:Flash Update: The FBI is at The Door

[stefanb]

FBI says they didn't arrest him [wired.com], but various people have tried to get in touch with him since then, and were unable to.

Criminal Facilitation

[westlake]

I just created a fake bill of sale for a car. I have committed no crime, because I have not proffered it as genuine to anybody.
Fraud is a crime of intent.

I have written a program to fake a boarding pass and published it on the web. I am now in bigger trouble than if I had been charged with fraud:

The charge might be framed as a from of criminal facilitation. The only intent required might be defined simply as a reckless disregard of the consequences of your actions.

What follows is a model statute that suggsts the possibilites:

__

1002. Criminal Facilitation.

(1) Offense. A person is guilty of criminal facilitation if he knowingly provides substantial assistance to a person intending to commit a felony, and that person, in fact, commits the crime contemplated, or a like or related felony, employing the assistance so provided. The ready lawful availability from others of the goods or services provided by a defendant is a factor to be considered in determining whether or not his assistance was substantial. This section does not apply to a person who is either expressly or by implication made not accountable by the statute defining the felony facilitated or related statutes.

(2) Defense Precluded. Except as otherwise provided, it is no defense to a prosecution under this section that the person whose conduct the defendant facilitated has been acquitted, has not been prosecuted or convicted, has been convicted of a different offense, is immune from prosecution, or is otherwise not subject to justice. (3) Grading. Facilitation of a Class A felony is a Class C felony. Facilitation of a Class B or Class C felony is a Class A misdemeanor.

(4) Jurisdiction. There is federal jurisdiction over an offense defined in this section when the felony facilitated is a federal felony Proposed New Federal Code [buffalo.edu]

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Ummm. The First Amendment?

[tm2b]

Scalia, on the other hand, follows the Constitutional principle that the federal government can only regulate interstate commerce ("commerce among the states," as is in the Constitution). Using that principle, it would be Unconstitutional for the federal government to prohibit the growing of Marijuana on private property. States could still outlaw it, of course, but the feds couldn't do a thing. Does that sound "conservative" to you? Nope, but it is what the Constitution says.

I wish you weren't really wrong about this.

Scalia wrote in his concurring opinion in Gonzales v. Raich [washingtonpost.com] that he believes that because growing marijuana on your private property has indirect consequences for inerstate commerce, no matter how diffuse, the US Federal government can restrict it. Only William H. Rehnquist, Sandra Day O'Connor and Clarence Thomas dissented from this view.

Scalia's a fucking hypocrite.

Re:Flash Update: The FBI is at The Door

[Anonymous Coward]

latest [blogspot.com]:

The FBI visited.

They handed me with a written order to remove the boarding pass generator. By the time we were somewhere with internet access, the website had already been taken down.

I am now safe (and no longer with the FBI).

Still trying to find a lawyer.....

Edit:

If you want to help, a good start would be to email Congressman Markey [house.gov] - who initially called for my arrest.