Feeds

The Houston Airport Rangers

Perimeter security. On horseback

  • alert
  • submit to reddit

Protecting users from Firesheep and other Sidejacking attacks with SSL

Opinion Want to help fight terrorism? Want to be able to stop and detain suspicious characters? Or do you just want to ride your horse on ten miles of trails normally closed to the public? Then you might want to join the George Bush Intercontinental (IAH) Airport Rangers program. That's right. Just fill out a form and undergo a background check, and you too can become a front-line fighter as Houston's airport tries to keep our nation safe and secure. No experience necessary. You don't even have to be a US citizen.

No; it's not a joke. The Airport Rangers program is intended to promote both security and community participation, according to the official description. It's a volunteer mounted patrol that rides the horses along the pristine wooded trails that form the perimeter of the 11,000-acre airport.

Security is far more effective when it's based on well-trained smart people, instead of on rote-trained people checking photo IDs and X-ray machine screens, or implementing database-driven profiling. The idea of trained guards patrolling a secure perimeter is a good one. But as a security professional, I see two major problems with the program as described.

The first is the lack of training. The program encourages "licensed law enforcement officers" to participate, but that's not a requirement- anyone can be a Ranger? As best I can glean from the Web page, the training consists of a "short video" on suspicious activities. Is there any mention of civil rights and constitutional protections? Is there any attempt to prevent racial profiling? Profiling has been a problem even for major law enforcement agencies; how will a group of untrained civilians perform? And what are the liabilities to the airport when there are problems?

The second is the new security vulnerability that this program creates. The perimeter around the airport used to be a no-man's land; anyone on the property was immediately suspicious. Now there is a group of people allowed around the airport perimeter. How do you tell the difference between someone who is allowed and someone who isn't? A photo ID, one you might glance at from ten feet away, is easily forgeable. And since all Rangers are on horseback, if you have a horse and you're Western looking, you are probably going to be automatically trusted. Is the airport safer, or more at risk, because of this program? The answer isn't obvious.

Beyond these two points, the application form makes for interesting reading. In order to participate in the program, you have to waive all sorts of rights. You waive the right to challenge the arbitrary denial of one of these permits. That may be compensation for another glaring risk of this scheme: are the background checks good enough to exclude potential terrorists? Is the intent that the agency will do its own profiling, and exclude, for example, Muslims? A more charitable explanation is that they want to be able to rely on intelligence reports without having to disclose them.

The most amusing part is the required certification. Applicants must certify that they are not members of known terrorist organizations. This makes sense, although expecting terrorists to tell the truth about their affiliation is a tad naive. But why exclude people who have "claims or litigation pending against the City of Houston or the Houston Airport System"? Sounds more petty than anything else.

Finally, applicants must certify that they're not a member of any group that "advocates violence against ... any other nation." A year and a half ago, that would have excluded all members of both the Democratic and Republican party, as well as any other political party that favored invading Iraq.

Website: http://www.houstonairportsystem.org/rangers

Bruce Schneier is the CTO of Counterpane Internet Security, Inc. His latest books is "Beyond Fear: Thinking Sensibly About Security in an Uncertain World," and he publishes the free monthly newsletter "Crypto-Gram." He can be reached at http://www.schneier.com

Related stories

Airport snoop system thrown in $102m garbage can
Iris scans at UK airports, says Home Office
Abu Ghraib: US security fiasco
US airport fake ID study 'was found in al-Qaida cave'
US lubes passports with RFID snake oil
Everything you never wanted to know about the UK ID card
Plane-spotters recruited in War on Terror

The next step in data security

More from The Register

next story
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.