Feeds

The Houston Airport Rangers

Perimeter security. On horseback

  • alert
  • submit to reddit

The essential guide to IT transformation

Opinion Want to help fight terrorism? Want to be able to stop and detain suspicious characters? Or do you just want to ride your horse on ten miles of trails normally closed to the public? Then you might want to join the George Bush Intercontinental (IAH) Airport Rangers program. That's right. Just fill out a form and undergo a background check, and you too can become a front-line fighter as Houston's airport tries to keep our nation safe and secure. No experience necessary. You don't even have to be a US citizen.

No; it's not a joke. The Airport Rangers program is intended to promote both security and community participation, according to the official description. It's a volunteer mounted patrol that rides the horses along the pristine wooded trails that form the perimeter of the 11,000-acre airport.

Security is far more effective when it's based on well-trained smart people, instead of on rote-trained people checking photo IDs and X-ray machine screens, or implementing database-driven profiling. The idea of trained guards patrolling a secure perimeter is a good one. But as a security professional, I see two major problems with the program as described.

The first is the lack of training. The program encourages "licensed law enforcement officers" to participate, but that's not a requirement- anyone can be a Ranger? As best I can glean from the Web page, the training consists of a "short video" on suspicious activities. Is there any mention of civil rights and constitutional protections? Is there any attempt to prevent racial profiling? Profiling has been a problem even for major law enforcement agencies; how will a group of untrained civilians perform? And what are the liabilities to the airport when there are problems?

The second is the new security vulnerability that this program creates. The perimeter around the airport used to be a no-man's land; anyone on the property was immediately suspicious. Now there is a group of people allowed around the airport perimeter. How do you tell the difference between someone who is allowed and someone who isn't? A photo ID, one you might glance at from ten feet away, is easily forgeable. And since all Rangers are on horseback, if you have a horse and you're Western looking, you are probably going to be automatically trusted. Is the airport safer, or more at risk, because of this program? The answer isn't obvious.

Beyond these two points, the application form makes for interesting reading. In order to participate in the program, you have to waive all sorts of rights. You waive the right to challenge the arbitrary denial of one of these permits. That may be compensation for another glaring risk of this scheme: are the background checks good enough to exclude potential terrorists? Is the intent that the agency will do its own profiling, and exclude, for example, Muslims? A more charitable explanation is that they want to be able to rely on intelligence reports without having to disclose them.

The most amusing part is the required certification. Applicants must certify that they are not members of known terrorist organizations. This makes sense, although expecting terrorists to tell the truth about their affiliation is a tad naive. But why exclude people who have "claims or litigation pending against the City of Houston or the Houston Airport System"? Sounds more petty than anything else.

Finally, applicants must certify that they're not a member of any group that "advocates violence against ... any other nation." A year and a half ago, that would have excluded all members of both the Democratic and Republican party, as well as any other political party that favored invading Iraq.

Website: http://www.houstonairportsystem.org/rangers

Bruce Schneier is the CTO of Counterpane Internet Security, Inc. His latest books is "Beyond Fear: Thinking Sensibly About Security in an Uncertain World," and he publishes the free monthly newsletter "Crypto-Gram." He can be reached at http://www.schneier.com

Related stories

Airport snoop system thrown in $102m garbage can
Iris scans at UK airports, says Home Office
Abu Ghraib: US security fiasco
US airport fake ID study 'was found in al-Qaida cave'
US lubes passports with RFID snake oil
Everything you never wanted to know about the UK ID card
Plane-spotters recruited in War on Terror

5 things you didn’t know about cloud backup

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
KER-CHING! CryptoWall ransomware scam rakes in $1 MEEELLION
Anatomy of the net's most destructive ransomware threat
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
prev story

Whitepapers

Gartner critical capabilities for enterprise endpoint backup
Learn why inSync received the highest overall rating from Druva and is the top choice for the mobile workforce.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.