Feeds

The Houston Airport Rangers

Perimeter security. On horseback

  • alert
  • submit to reddit

Top 5 reasons to deploy VMware with Tegile

Opinion Want to help fight terrorism? Want to be able to stop and detain suspicious characters? Or do you just want to ride your horse on ten miles of trails normally closed to the public? Then you might want to join the George Bush Intercontinental (IAH) Airport Rangers program. That's right. Just fill out a form and undergo a background check, and you too can become a front-line fighter as Houston's airport tries to keep our nation safe and secure. No experience necessary. You don't even have to be a US citizen.

No; it's not a joke. The Airport Rangers program is intended to promote both security and community participation, according to the official description. It's a volunteer mounted patrol that rides the horses along the pristine wooded trails that form the perimeter of the 11,000-acre airport.

Security is far more effective when it's based on well-trained smart people, instead of on rote-trained people checking photo IDs and X-ray machine screens, or implementing database-driven profiling. The idea of trained guards patrolling a secure perimeter is a good one. But as a security professional, I see two major problems with the program as described.

The first is the lack of training. The program encourages "licensed law enforcement officers" to participate, but that's not a requirement- anyone can be a Ranger? As best I can glean from the Web page, the training consists of a "short video" on suspicious activities. Is there any mention of civil rights and constitutional protections? Is there any attempt to prevent racial profiling? Profiling has been a problem even for major law enforcement agencies; how will a group of untrained civilians perform? And what are the liabilities to the airport when there are problems?

The second is the new security vulnerability that this program creates. The perimeter around the airport used to be a no-man's land; anyone on the property was immediately suspicious. Now there is a group of people allowed around the airport perimeter. How do you tell the difference between someone who is allowed and someone who isn't? A photo ID, one you might glance at from ten feet away, is easily forgeable. And since all Rangers are on horseback, if you have a horse and you're Western looking, you are probably going to be automatically trusted. Is the airport safer, or more at risk, because of this program? The answer isn't obvious.

Beyond these two points, the application form makes for interesting reading. In order to participate in the program, you have to waive all sorts of rights. You waive the right to challenge the arbitrary denial of one of these permits. That may be compensation for another glaring risk of this scheme: are the background checks good enough to exclude potential terrorists? Is the intent that the agency will do its own profiling, and exclude, for example, Muslims? A more charitable explanation is that they want to be able to rely on intelligence reports without having to disclose them.

The most amusing part is the required certification. Applicants must certify that they are not members of known terrorist organizations. This makes sense, although expecting terrorists to tell the truth about their affiliation is a tad naive. But why exclude people who have "claims or litigation pending against the City of Houston or the Houston Airport System"? Sounds more petty than anything else.

Finally, applicants must certify that they're not a member of any group that "advocates violence against ... any other nation." A year and a half ago, that would have excluded all members of both the Democratic and Republican party, as well as any other political party that favored invading Iraq.

Website: http://www.houstonairportsystem.org/rangers

Bruce Schneier is the CTO of Counterpane Internet Security, Inc. His latest books is "Beyond Fear: Thinking Sensibly About Security in an Uncertain World," and he publishes the free monthly newsletter "Crypto-Gram." He can be reached at http://www.schneier.com

Related stories

Airport snoop system thrown in $102m garbage can
Iris scans at UK airports, says Home Office
Abu Ghraib: US security fiasco
US airport fake ID study 'was found in al-Qaida cave'
US lubes passports with RFID snake oil
Everything you never wanted to know about the UK ID card
Plane-spotters recruited in War on Terror

Beginner's guide to SSL certificates

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
Gigya redirect exploit blamed for pop-rageous ploy
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Free virtual appliance for wire data analytics
The ExtraHop Discovery Edition is a free virtual appliance will help you to discover the performance of your applications across the network, web, VDI, database, and storage tiers.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
The total economic impact of Druva inSync
Examining the ROI enterprises may realize by implementing inSync, as they look to improve backup and recovery of endpoint data in a cost-effective manner.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.