Feeds

The Houston Airport Rangers

Perimeter security. On horseback

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

Opinion Want to help fight terrorism? Want to be able to stop and detain suspicious characters? Or do you just want to ride your horse on ten miles of trails normally closed to the public? Then you might want to join the George Bush Intercontinental (IAH) Airport Rangers program. That's right. Just fill out a form and undergo a background check, and you too can become a front-line fighter as Houston's airport tries to keep our nation safe and secure. No experience necessary. You don't even have to be a US citizen.

No; it's not a joke. The Airport Rangers program is intended to promote both security and community participation, according to the official description. It's a volunteer mounted patrol that rides the horses along the pristine wooded trails that form the perimeter of the 11,000-acre airport.

Security is far more effective when it's based on well-trained smart people, instead of on rote-trained people checking photo IDs and X-ray machine screens, or implementing database-driven profiling. The idea of trained guards patrolling a secure perimeter is a good one. But as a security professional, I see two major problems with the program as described.

The first is the lack of training. The program encourages "licensed law enforcement officers" to participate, but that's not a requirement- anyone can be a Ranger? As best I can glean from the Web page, the training consists of a "short video" on suspicious activities. Is there any mention of civil rights and constitutional protections? Is there any attempt to prevent racial profiling? Profiling has been a problem even for major law enforcement agencies; how will a group of untrained civilians perform? And what are the liabilities to the airport when there are problems?

The second is the new security vulnerability that this program creates. The perimeter around the airport used to be a no-man's land; anyone on the property was immediately suspicious. Now there is a group of people allowed around the airport perimeter. How do you tell the difference between someone who is allowed and someone who isn't? A photo ID, one you might glance at from ten feet away, is easily forgeable. And since all Rangers are on horseback, if you have a horse and you're Western looking, you are probably going to be automatically trusted. Is the airport safer, or more at risk, because of this program? The answer isn't obvious.

Beyond these two points, the application form makes for interesting reading. In order to participate in the program, you have to waive all sorts of rights. You waive the right to challenge the arbitrary denial of one of these permits. That may be compensation for another glaring risk of this scheme: are the background checks good enough to exclude potential terrorists? Is the intent that the agency will do its own profiling, and exclude, for example, Muslims? A more charitable explanation is that they want to be able to rely on intelligence reports without having to disclose them.

The most amusing part is the required certification. Applicants must certify that they are not members of known terrorist organizations. This makes sense, although expecting terrorists to tell the truth about their affiliation is a tad naive. But why exclude people who have "claims or litigation pending against the City of Houston or the Houston Airport System"? Sounds more petty than anything else.

Finally, applicants must certify that they're not a member of any group that "advocates violence against ... any other nation." A year and a half ago, that would have excluded all members of both the Democratic and Republican party, as well as any other political party that favored invading Iraq.

Website: http://www.houstonairportsystem.org/rangers

Bruce Schneier is the CTO of Counterpane Internet Security, Inc. His latest books is "Beyond Fear: Thinking Sensibly About Security in an Uncertain World," and he publishes the free monthly newsletter "Crypto-Gram." He can be reached at http://www.schneier.com

Related stories

Airport snoop system thrown in $102m garbage can
Iris scans at UK airports, says Home Office
Abu Ghraib: US security fiasco
US airport fake ID study 'was found in al-Qaida cave'
US lubes passports with RFID snake oil
Everything you never wanted to know about the UK ID card
Plane-spotters recruited in War on Terror

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.