Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

FBI Raids Security Researcher's Home

kdawson posted more than 7 years ago | from the senator-did-it-first dept.

516

Sparr0 writes, "The FBI has raided the home of Christopher Soghoian, the grad student who created the NWA boarding pass site. Details can be found on his blog including a scanned copy of the warrant. The bad news is that he really did break the law. The good news is that Senator Charles Schumer did it first, 19 months ago, on an official government website no less. The outcome of this trial should be at least academically interesting. At best, it could result in nullifying some portion of the law(s) that the TSA operates under." Read on for Sparr0's take on what laws may apply in this case.

Boiling down some of the legalese, the charges (if any are filed) will be "conspiracy to knowingly present a false and fictitious claim upon or against the United States, or any department or agency thereof in violation of USC 18 (secs. 2, 371, 1036, 1343, 2318) and USC 49 (secs. 46314 and 46316) and 49 CFR (secs. 1540.103 and 1540.105)" (edited for brevity).

cancel ×

516 comments

Sorry! There are no comments related to the filter you selected.

Too bad it has to be this way (5, Insightful)

Salvance (1014001) | more than 7 years ago | (#16626704)

Even faced with potential jail time, some people have a burning desire to be in the limelight. I wonder why Christopher Soghoian didn't just create a site anonymously. It would likely have the same effect, and he'd stay out of prison.

It's unfortunate that exposing holes in our security gets no press until someone actually leverages the hole to cause harm. For years before 9/11, the U.S. knew our airports were pitifully insecure, particularly Boston Logan, yet failed to do anything about it. So even though we'll be safer as a result of Christopher's work, he may be in prison. Unfortunately our society aplauds the whistleblower only well after the whistle has been blown, and the government aplauds them almost never at all.

Re:Too bad it has to be this way (5, Insightful)

Simon Garlick (104721) | more than 7 years ago | (#16626826)

The fact that you think Soghoian should have HIDDEN HIS IDENTITY FROM THE GOVERNMENT in order to identify a flaw in official security processes says a lot about your government.

Re:Too bad it has to be this way (2, Funny)

ResidntGeek (772730) | more than 7 years ago | (#16626866)

He could have put it on gnunet, turned on active migration, waited a few weeks for it to disperse, then post a few mesages on IRC and his blog saying "Hey! check out what I found on gnunet! Why, who could have put that there?"

Re:Too bad it has to be this way (5, Insightful)

ricree (969643) | more than 7 years ago | (#16627102)

Like others have said, it wouldn't be all that hard for him to have done it anonymously, but he shouldn't have to in the first place.

Re:Too bad it has to be this way (1)

ResidntGeek (772730) | more than 7 years ago | (#16627408)

Oops... I misread "should" as "could" in the post I replied to. You are perfectly correct.

GNUnet vs. Freenet (0, Offtopic)

Kadin2048 (468275) | more than 7 years ago | (#16627438)

Can you tell me what the relative advantages would be of GNUNet versus Freenet?

It seems like Freenet was basically designed for doing something exactly like this, yet it seems like Freenet really never took off for anything (besides some minor anarchism and porn). I don't pretend to know exactly why Freenet failed to take off, but how does GNUnet improve on it, and how does it hope to avoid the same fate?

Re:Too bad it has to be this way (1)

Rinisari (521266) | more than 7 years ago | (#16626868)

Mod parent up. Disclosure of vulnerabilities improves security for everything, not just software.

Re:Too bad it has to be this way (3, Insightful)

jamesh (87723) | more than 7 years ago | (#16627172)

Sensible disclosure of vulnerabilities improves security for everyone.

Thoughtless disclosure has the potential to make things a lot worse. In the software example, if another ping of death exploit were found, simply announcing it to everyone in full would be foolish (unless you wanted to make a point and shame an organisation, then it would be foolish and malicious, and possibly illegal).

The line between sensible and thoughtless disclosure is a tricky one though. If the secret society of bad guys already know about it then all bets are off, but how do you know?

"Excuse me bad guys, are you aware that a ping with x, y and z parameters will crash a machine running w OS?"
"We are now"
"... doh!"

It should certainly be illegal for a commercial organisation to fail to respond to notification of a vulnerability in their software, but again, under what parameters? Does Microsoft have any obligation to fix holes in Windows 95? Is there any obligation to fix holes in Linux 1.x.y? (and who's obligation is it?)

There should be answers to all of these questions though, and a protocol to follow, so that this sort of mess doesn't happen.

Re:Too bad it has to be this way (4, Informative)

chazwurth (664949) | more than 7 years ago | (#16627332)

The line between sensible and thoughtless disclosure is a tricky one though. If the secret society of bad guys already know about it then all bets are off, but how do you know?

In this case, the vulnerability had been made clear by others months prior to this disclosure. In fact, this wasn't so much a disclosure as much as it was a public demonstration of just how easy it is to exploit the already known vulnerability. ...unless you wanted to make a point and shame an organisation, then it would be foolish and malicious, and possibly illegal.

Attempting to shame an organization isn't necessarily foolish and malicious. If that organization is a government body charged with insuring your safety, and it is failing spectacularly to do so, you might desire to shame it publicly in order to improve its behavior. Illegal, I'll grant -- and often the law is unjust.

Re:Too bad it has to be this way (1)

chazwurth (664949) | more than 7 years ago | (#16627404)

Sorry for the unreadability of my last post. Insert a line break before the ellipsis and it will become much clearer.

Re:Too bad it has to be this way (0)

TapeCutter (624760) | more than 7 years ago | (#16627374)

Sounds like a job for game theory.

Re:Too bad it has to be this way (1, Insightful)

Anonymous Coward | more than 7 years ago | (#16626932)

I couldn't agree more that is speaks volumes that the poster doesn't recognize the problem with thinking it is normal to cloak "free speech" and hide in the shadows. What does that say about democratic ideals? Not much.

Re:Too bad it has to be this way (2, Interesting)

Millenniumman (924859) | more than 7 years ago | (#16627274)

He didn't have to publicly supply a way to bypass security. That is endangering everyone unnecessarily. First he should have contacted the airport security officials privately about it. If they did nothing, he should have then announced that he had found a way to bypass security, but not given any specifics. If they still did nothing, he should have publicly reported the problem.

It's like someone showing burglars into your home to show you that you have a security problem, before they even tell you.

Re:Too bad it has to be this way (1, Insightful)

lheal (86013) | more than 7 years ago | (#16626862)

I agree with most of what you said, particularly the part you didn't say explicitly, which is that even grad students are smart enough to avoid breaking the law.

There's a difference between pointing out security flaws, even giving detailed instructions, and providing a mechanism for breaking the law. Although one could argue that that shouldn't be illegal, I think the DMCA's provisions against circumventing a security mechanism probably apply. It all depends on what his software actually does, and how well his lawyer can explain that.

On another point, the reason our airports were so lax before 9/11 is that we would not have put up with post-9/11 security back then.

Actually, I just realized that I've not been on an airplane since 1999, and I don't know first hand how things are different.

Re:Too bad it has to be this way (3, Insightful)

dsanfte (443781) | more than 7 years ago | (#16627096)

There's a difference between pointing out security flaws, even giving detailed instructions, and providing a mechanism for breaking the law.


If he had simply pointed out the hole, people would be calling him a fearmonger.

Although one could argue that that shouldn't be illegal, I think the DMCA's provisions against circumventing a security mechanism probably apply.


It would, if the DMCA didn't solely cover breaking security mechanisms that serve to prevent copyright infringement. That's not what happened here.

On another point, the reason our airports were so lax before 9/11 is that we would not have put up with post-9/11 security back then. Actually, I just realized that I've not been on an airplane since 1999, and I don't know first hand how things are different.


So you just discredited your own statement? Thanks?

This is the type of thing that gets modded as Interesting on Slashdot?

Re:Too bad it has to be this way (2, Funny)

Paradise Pete (33184) | more than 7 years ago | (#16627216)

the reason our airports were so lax before 9/11 is that we would not have put up with post-9/11 security back then.

Exactly right. And if Bin Laden had announced beforehand that he was going to find a way to make everybody voluntarily suffer in long lines, submit to invasive searches, and just generally make life a little less pleasant every day, we still wouldn't.

Re:Too bad it has to be this way (1)

Stormwave0 (799614) | more than 7 years ago | (#16626930)

I think the main problem was that he released the software. If he just developed it and showed it to the police, I don't think he'd be in the situation he's in. Sure, it would have been harder/taken longer to get noticed, but he's also now just made a powerful tool available for someone who intends to do harm.

Re:Too bad it has to be this way (1)

Nicholas Evans (731773) | more than 7 years ago | (#16627038)

A powerful tool...that can do the same thing as five minutes of Photoshop? I fail to see how you can honestly believe that a webform to generate boarding passes is incidious enough to merit smashing your way into someone's home and seizuring their hardware. Unless, of course, you think I am a terrorist because I have image editing software.

Re:Too bad it has to be this way (3, Insightful)

cecil_turtle (820519) | more than 7 years ago | (#16627150)

...made a powerful tool available for someone who intends to do harm.

He saved the HTML from NWA's actual ticket printout page on their website, and made a form to fill in like 10 variables mad-libs style. I hardly call that "a powerful tool". More like saving somebody who knows how to right-click about 90 seconds of work to forge it themselves.

Re:Too bad it has to be this way (4, Insightful)

bfields (66644) | more than 7 years ago | (#16626988)

I wonder why Christopher Soghoian didn't just create a site anonymously.

He's one guy, he's young, and he's been entirely open and straightforward about why he's doing this--that gives him a much better chance to shame the TSA. It would've hurt his case (with the public, at least) if he'd looked furtive.

And someone with determination (not to mention search warrants) could probably figure out who he was eventually anyway.

Unfortunately our society aplauds the whistleblower only well after the whistle has been blown

Well, I'm applauding.

You can also contribute to his legal defense fund [blogspot.com] , if you'd like to show your support.

Re:Too bad it has to be this way (3, Insightful)

niiler (716140) | more than 7 years ago | (#16627178)

If the government thinks that he is enabling the "terrorists", they may also see contributing to his defense fund as contributing to terrorists which would result in your loss of habeas corpus. That said, while I have mixed feelings about what he has done (in terms of leaving his identity out there vs. taking a clearly political stand), I do feel that his is a worthy cause.

Just my 0.02 cents.

Re:Too bad it has to be this way (1)

FLEB (312391) | more than 7 years ago | (#16627048)

Yep. I only have sympathy for this guy inasmuch as I do for anyone who naively shoots themselves in the foot. Although the message itself may have needed to be said, some basic tactics to make himself a legitimate informer more than an enabler should have been put into place. He could have written a tutorial, made his generator put an obvious watermark or obvious fake airline on the "pass". It's quite well known that there are laws against forgery, and I would think it possible that making a tool for forgery might just violate laws-- and that possibility should be looked into before publishing such a tool.

It's the equivalent of checking for gas leaks with a lit match. Yeah, gas leaks are bad, but he was the dumbass who blew the situation up.

Re:Too bad it has to be this way (1)

maetenloch (181291) | more than 7 years ago | (#16627354)

I agree - it would have been smart of him to either use a fake airline or put a large 'FAKE' watermark in the background. In Hollywood when they use prop money in movie scenes, they're always careful to make it obvious to anyone closely examining the bills that they're fake. Otherwise they could run afoul of counterfeiting laws, even if there was no attempt to distribute the fake maoney.

I wouldn't mess with NWA (4, Funny)

CrazyJim1 (809850) | more than 7 years ago | (#16626712)

They're straight out of Compton yo.

Re:I wouldn't mess with NWA (1)

Paradise Pete (33184) | more than 7 years ago | (#16627264)

They're straight out of Compton yo.

Shouldn't that be "They?"

Above the law (1)

WilyCoder (736280) | more than 7 years ago | (#16626728)

Senators above the law, researchers aren't?

I'm in the wrong business....

Re:Above the law (1)

Philip K Dickhead (906971) | more than 7 years ago | (#16626746)

Need you ask the question?

Anyway - the Bruce Schneier version of this attack is available for any airline you choose.

Re:Above the law (1)

WilyCoder (736280) | more than 7 years ago | (#16626898)

It was tongue in cheek.

Senators are not above the law (1, Interesting)

Anonymous Coward | more than 7 years ago | (#16627208)

No one is above the law. Not only that but everyone is entitled to equal application of the law. If it is shown that the law is being applied unfairly to one group and not to another, that invalidates any convictions.

The prosecutor has to show why the senator was not prosecuted or has to prosecute the senator.

http://en.wikipedia.org/wiki/Rule_of_law [wikipedia.org]

Liberty (-1)

Anonymous Coward | more than 7 years ago | (#16626740)

Just because it is technically possible to break into someone's home doesn't make it right.

Re:Liberty (0)

Anonymous Coward | more than 7 years ago | (#16626818)

does that make cutting keys a crime?

Real reason he is being arrested: (4, Insightful)

hsmith (818216) | more than 7 years ago | (#16626758)

The gov't doesn't like to look bad. They don't like flaws being publically seen of their great "system" of boondoggles which they have created.

We all now the TSA is a scam, we all know we are not one bit safer, we all know the airways are no better than they were before 9/11. Just a great hat trick.

Re:Real reason he is being arrested: (1)

sgt_doom (655561) | more than 7 years ago | (#16626838)

Hmmm...I see....so you are saying that 19 Arabs, with minimal aviation experience, did a first-class superlative job on 9/11/01? And, no doubt, you would claim it would take thousands had this actually been an inside job??

What am I missing here? Perhaps the absence of critical thinking skills? Perhaps too much time gaming or cable-TV surfing? High school physics, anyone??

Seems obvious - with the demise of habeas corpus, ex post facto law-breaking and mending, and the major power shift now allowing the prez to use national guard elements from different states in other states in the case of a Gardenplot, however contrived (all brought about - and unconstitutional - in the Military Commissions Bill) - that the danger still exists for everyone.

Re:Real reason he is being arrested: (1)

novus ordo (843883) | more than 7 years ago | (#16627004)

He's going to be charged with "conspiracy to knowingly present a false and fictitious claim upon or against the United States, or any department or agency thereof in violation of USC 18..." So they are saying he's lying about TSA security sucking ass? Ahahah...I can't describe the irony and stupidity. They will basically have to defend their stupid policies in court.

Re:Real reason he is being arrested: (1)

hawaiian717 (559933) | more than 7 years ago | (#16627356)

So they are saying he's lying about TSA security sucking ass?

No, they are saying he's lying by presenting a fake boarding pass to TSA agents, or making it easy for other people to do so.

For his sake (4, Insightful)

Lord_Dweomer (648696) | more than 7 years ago | (#16626782)

For his sake I'm glad this is getting so much coverage. Not only will it hopefully make a lot of America realize how dumb our government is, and make them realize that Democrats can be just as authoritarian as Neocons...but most importantly, it makes it near impossible for the Feds to "disappear" him because he has the media spotlight on him and the second he goes missing the entire internet will raise a royal hell storm. And that is a PR shitfest that the GOP definitely does not want to have on their hands, especially around election time.

Of course, at this point...I wonder if they even care that the public would be aware.

Re:For his sake (5, Funny)

Simon Garlick (104721) | more than 7 years ago | (#16626848)

the second he goes missing the entire internet will raise a royal hell storm

Oh no, not a hell storm of nerds posting anonymous comments on Internet messageboards! Anything but that!

Re:For his sake (2, Interesting)

Lord_Dweomer (648696) | more than 7 years ago | (#16626938)

Oh no, not a hell storm of nerds posting anonymous comments on Internet messageboards! Anything but that!

I'm actually referring to the mass media who will be picking this story up, posting it online, and informing the unwashed masses about the situation. The internet is FAR more than anonymous nerds these days, perhaps you'd better re-evaluate your statement.

Re:For his sake (4, Insightful)

Tony Hoyle (11698) | more than 7 years ago | (#16627106)

Yeah, like dimitri skylarov was all over the front pages of the newspapers, and CNN did a three hour special on software patents, and the Fox picked up on how regressive the DMCA was...

Oh, wait... this is planet earth, I forgot.

Re:For his sake (0)

Anonymous Coward | more than 7 years ago | (#16627376)

Sheesh, we can go higher profile with that... can anyone recall one story in the papers or on a major news network about Kevin Mitnick?

Nah, we get "Find out what shampoo when mixed with what bottled water can cause a slight irritating itch on your scalp...AFTER THIS!"

Re:For his sake (0)

Anonymous Coward | more than 7 years ago | (#16627300)

I don't think it is getting much coverage.

Get the Terrorist!!!! (1)

Original Replica (908688) | more than 7 years ago | (#16626786)

At least we know that he was arrested and charged, not undergoing extraordinary-rendition. Sadly without the prior publicity stating his intent, this may not have been the case.

Re:Get the Terrorist!!!! (1)

smchris (464899) | more than 7 years ago | (#16626904)

Your knowledge can be rendered retroactively confidential.

It isn't like nobody saw this coming or anything, is it?

Not a terrorist (2, Insightful)

suso (153703) | more than 7 years ago | (#16627012)

This guy is not a terrorist, he's a security researcher. I live in Bloomington as well and work with a guy who is taking a cryptographic protocols class with Chris. He says that Chris is a decent guy, which is probably the case. I for one commend Chris for releasing this kind of information to the public. Even if he had released it to the FAA or Northwest Airlines, its doubtful that the public would have ever known. He is simply doing what most security researchers do, its just that his research coincides with current hot topics in politics and public interest.

Re:Not a terrorist (1)

dreamchaser (49529) | more than 7 years ago | (#16627446)

No, he was grandstanding. There are PLENTY of people in the media who would have taken this story, right around election time especially, wihtout actually making a page that facilitates the action. He didn't have to go to the lengths he did. Was it malicious? I don't think so. Should he be punished? Again I don't think so, though legally he could be. It was, however, not a very smart move unless he was willing to do time in order to bring this to light.

There are SO many ways he could have gone about raising public awareness without the boneheaded move of making himself vulnerable to prosecution. Not too bright.

Conspiracy? (2, Interesting)

TubeSteak (669689) | more than 7 years ago | (#16626788)

A conspiracy with who?

Re:Conspiracy? (0)

Anonymous Coward | more than 7 years ago | (#16626892)

Himself. His ISP. The Internets.

Re:Conspiracy? (1)

jamesh (87723) | more than 7 years ago | (#16627006)

I always thought that a conspiracy could also refer to a plan made by a single person, but the dictionary is pretty clear that it means a group of 2 or more people getting together to do bad things. Possibly it is inferred that the offender here is giving the means to do wrong to others.

Sounds a bit vague though... unless the law in question has a different meaning for conspiracy?

Re:Conspiracy? (1)

ScrewMaster (602015) | more than 7 years ago | (#16627436)

I remember reading Shakespeare in high school ... so many words had changed their meanings over the intervening centuries that the text was peppered with footnotes explaining what a particular word meant back in the Bard's time. I found it very hard to get into the flow, since I was constantly referring to the bottom of each page.

The law is much the same, only worse given the near-unintelligibility (to the layperson) of what our esteemed misrepresentatives sign into law every day. That, in and of itself, ought to be illegal. The virtual encryption of such documents has allowed a state of affairs resembling the ancient Egyptian priesthood to control our legal system. In truth, it is very much harder to use the law (or fight it) when one can barely understand it, and must pay dearly for a priest/professional to "interpret" it properly.

In any event, dictionary definitions of words may have little or no relevance to the same words as used by lawyers.

Re:Conspiracy? (0)

Anonymous Coward | more than 7 years ago | (#16627330)

A conspiracy with who?

Don't you mean, with whom?

Things haveto be done different... (1)

Lumpy (12016) | more than 7 years ago | (#16626808)

If you are going to throw all the kings tea in the harbor, you make sure you and your friends are dressed in disguise and have plausable deniability.

Honestly, with the incredible smarts we have today, why dont you experts learn from the past espically with the incredible insanity and lack of freedom we have today.

Personally I really hope he does everything possible to make sure the case and events are in the news and getting LOTS of attention, because that is the only way this will be able to be won.

Legal defense fund (1)

siliconwafer (446697) | more than 7 years ago | (#16626858)

The kid has a legal defense fund in the event that he can't find a lawyer to take the case Pro-Bono.

http://slightparanoia.blogspot.com/ [blogspot.com]

Scroll down to the "Donate" link.

Let's help him out.

What did he expect? (1, Insightful)

Reality Master 101 (179095) | more than 7 years ago | (#16626864)

Look, if my house has poor security, you're still in trouble if you start a factory to create keys for criminals to break in.

What did he expect from this? It doesn't matter how good or poor security is -- what matters is whether you conspired to break that security.

What a fool. I have absolutely no sympathy for him. If he had just published a paper, then I'd be a bit more sympathetic. But the guy actively sought to bypass airline security. What, does the guy not realize that people are a WEE BIT CONCERNED these days about airline security?

Re:What did he expect? (5, Insightful)

illegalcortex (1007791) | more than 7 years ago | (#16626986)

Look, if my house has poor security, you're still in trouble if you start a factory to create keys for criminals to break in.


You wanna rethink that analogy there, "Reality Master"? Cause I'm pretty sure they call those places "locksmiths."

Re:What did he expect? (1)

maetenloch (181291) | more than 7 years ago | (#16627414)

You wanna rethink that analogy there, "Reality Master"? Cause I'm pretty sure they call those places "locksmiths."


Except that in most states you have to have a license (and background check) to operate as a locksmith. If you started handing out machines that could pick a standard lock to non-locksmiths, it probably would be against the law.

Re:What did he expect? (0)

Anonymous Coward | more than 7 years ago | (#16627002)

The last time I checked it wasn't illegal to manufacture a lock-pick.

Re:What did he expect? (2, Interesting)

siddesu (698447) | more than 7 years ago | (#16627010)

Of course, if it wasn't your house, but a hotel, both you and your guests would surely be _WAY_ safer if only hardened criminals knew about your lock problems and how to open the door.

After all, we know that about half the population of any given country is just waiting for a chance to get on a plane with a bomb, and that the turrists are spontaneous people who don't research and plan in advance.

What is funny is that while there's a law to punish the guy, apparently nothing will be done to either Northworst, or the TSA for not doing their job. America obviously takes air travel security seriously.

Re:What did he expect? (1)

DirePickle (796986) | more than 7 years ago | (#16627026)

But people already do have factories that create keys for criminals to break in. Key bumping [youtube.com] .

A question of intent (2, Informative)

dsanfte (443781) | more than 7 years ago | (#16627040)

I think what needs to be looked at here, and what is often ignored by those with agendas to push, is intent. His intent was to improve security, not to see it subverted by enemies of the state. It is the government's fault, not his, that the only way to ensure the closure of this security hole was to engineer a tool to exploit it.

The fact that he published his identity and did this entire thing above-board settles the question of intent for me. He was not maliciously motivated. That is the basis by which we should judge him.

If I showed up at my apartment with the door unlocked, I would be rather annoyed. If I had had notes posted to my door for several years beforehand telling me my lock was insecure, and how to secure it with relative ease, and I then showed up at my apartment door to find it unlocked with a note saying "Told you so", I'd be embarassed. The key is, as long as the belongings inside are left untouched, all that's hurt here is pride. Pride is not something the law needs to be protecting.

Re:A question of intent (0)

Anonymous Coward | more than 7 years ago | (#16627272)

His intent was fame. If it wasn't he simply would have written about how easy it is to get past the security checkpoints. Instead, he wrote a tool and published it encouraging other people to try it out for themselves. The publication of the tool serves no purpose other than helping people violate the law and making headlines.

Re:What did he expect? (1)

KKlaus (1012919) | more than 7 years ago | (#16627070)

Mmmm... No I think using analogies actually makes a rather clear cut issue confusing. Like making analogies about auto theft with copyright infringment. If we had to make an analogy, I'd say it's more like you only let people into your house when they wear a special hat that you make out of newspaper, and this guy starts making the same hat.

He's not creating a loophole, which would be handing out keys to a lock which was only supposed to have one key (yours), he's making obvious the already present existence of a loophole, namely that any retard with a bit of computer knowledge can make the so called key.

In your defense though, it does seem like people must really be closing their eyes and yelling when they illustrate security holes with exploits, but trust me, a whitepaper about airport security would be ignored by the government so fast you wouldn't believe. I mean they're not going to admit they're just putting on a show unless they _really_ have to.

Re:What did he expect? (1)

hugzz (712021) | more than 7 years ago | (#16627104)

It's illegal to make keys in your little fantasy world?

Someone should be arrested for breaking into your house. It doesn't matter if someone makes all the lockpicks in the world, hard is only done when someone uses it to break into your house. which is already illegal. Why arrest the keymaker also when the harmful act is already illegal?

If your house a lock that can easily broken, be happy when someone informs you about this and take the opportunity to replace your locks. Dont arrest the person who tells you that your locks suck, and shows you a bump key out to indicate why.

Re:What did he expect? (1)

ericartman (955413) | more than 7 years ago | (#16627252)

Google "bump Keys" oh......... and don't tell anybody I told you k?

Cue typical slashdot pro-State responses... (3, Insightful)

dada21 (163177) | more than 7 years ago | (#16626874)

1. "If you don't like it, move away." Considering the fact that Congress is severely limited by the Constitution in creating NO law that infringes on our God-given (or inherent, if you prefer) right to speak freely on our property, the laws listed above have nothing to do with what he did. In fact, his website IS his property, he rents it, and he's protected. Congress here should be the ones behind bars for continuing to violate the Constitution they took an oath to uphold.

2. "He broke a law, he should go to jail." The court system should be mandated to tell the jurors in all trials about their right to nullify terrible laws. Jury nullifaction is more than a priviledge, it is a right even greater than serving on a jury.

3. "He didn't do anything wrong." This shouldn't matter either way unless he violated someone's property or person himself. I find it outrageous that people are arrested for inciting violence -- the gun doesn't kill, the inciter doesn't kill, it is the person who physically performs a violent act that is the cause of the violence. Not only did he do nothing wrong, we shouldn't even be considering whether or not he did or didn't. Did he harm anyone physically? Did he physically steal anything? Did he trespass?

On top of those 3, we should also realize that the laws pertaining to security are 100% unconstitutional. The airplanes are private. The airports should be privatized (I can't see how airports could be considered federally-regulated properties). The passengers are generally private citizens. The Constitution is clear on this, too -- it should be left up to the individual States and the people.

This is what you get when you have democracy -- even a republican form of it.

"Democracy is the most vile form of government...democracies have ever been spectacles of turbulence and contention: have ever been found incompatible with personal security or the rights of property: and have in general been as short in their lives as they have been violent in their deaths." James Madison

"Democracy... while it lasts is more bloody than either [aristocracy or monarchy]. Remember, democracy never lasts long. It soon wastes, exhausts, and murders itself. There is never a democracy that did not commit suicide." John Adams

The U.S. isn't going to hell in a handbasket, it's been there since 1913 (or 1865, if you consider the traitor Lincoln's actions).

Thankfully, there are a great number of opportunities to vacate from the system without leaving the lands of the "Nation." I can only hope that more freedom lovers just stop voting for authority and move forward to taking that authority back.

Re:Cue typical slashdot pro-State responses... (2, Interesting)

Anonymous Coward | more than 7 years ago | (#16627056)

1. "If you don't like it, move away."
You already pointed out that this point of view is morally bankrupt. It also may not be an option in the future. There's a rule inching toward approval to let the DHS deny permission to leave the country [hasbrouck.org] .

Re:Cue typical slashdot pro-State responses... (1)

jcr (53032) | more than 7 years ago | (#16627130)

Jury nullifaction is more than a priviledge, it is a right even greater than serving on a jury.

Personallly, I regard it as a duty.

-jcr

Re:Cue typical slashdot pro-State responses... (1)

novus ordo (843883) | more than 7 years ago | (#16627224)

You fail to see the difference between a constitutional republic and a democracy. I doubt you even know what "tyranny of the majority" would mean or what kind of significance that would have. US is a constitutional republic not a democracy. Your quotes are quite the sentiment the founding fathers had about democracies.

"The two great points of difference between a democracy and a republic are: first, the delegation of the government, in the latter, to a small number of citizens elected by the rest; secondly, the greater number of citizens, and greater sphere of country, over which the latter may be extended"
-James Madison(Federalist 10 [yale.edu] , 1787).

It's not my fault the schools don't teach you that. You're supposed to learn that on your own.

Uh, no. (1)

ChePibe (882378) | more than 7 years ago | (#16627308)

2. "He broke a law, he should go to jail." The court system should be mandated to tell the jurors in all trials about their right to nullify terrible laws. Jury nullifaction is more than a priviledge, it is a right even greater than serving on a jury.

Jury nullification in this case serves no long-term purpose. Sure, it could get this kid off the hook, but that's about it. The possibility remains that a future jury will convict rather than let someone off.

On the other hand, strict application of the law and an appeal to higher courts could, however, result in it being thrown out through the principle of Judicial Review - causing this kid a whole lot of headaches in the short term, but helping others in the long term.

The best way to overturn harmful laws is often by strictly applying them.

As to this:

I find it outrageous that people are arrested for inciting violence -- the gun doesn't kill, the inciter doesn't kill, it is the person who physically performs a violent act that is the cause of the violence.

True, one who incites to kill does not commit murder, but he or she could be no less culpable.

Osama Bin Laden, for example, did next to nothing to actually plan, finance (his own personal fortune was long gone by the mid 90's, according to most estimates), or carry out the 9/11 attacks or any other attacks on U.S. national interests. He just provided the idea that Americans should be killed and gave a green light to a plan to kill Americans (not to mention a hell of a lot of people from other countries). Should we, then, not target him as he has only incited others to kill?

Re:Uh, no. (0)

Anonymous Coward | more than 7 years ago | (#16627426)

The best way to overturn harmful laws is often by strictly applying them.

If enforcing them is morally wrong, then it isn't an option is it! The census has been returned too large. How many MEN are there in this country, with a backbone that one cannot pass his hand through?

This isn't a civil liberty issue.... (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#16626906)

I hope this nerd ends up on the Bureau's most-wanted terrorists list. IMO, the FBI is doing an excellent job at prevent terrorism on U.S. soil. Props to the Special Agents who no doubt scared this miscreant dweeb shitless!

Re:This isn't a civil liberty issue.... (0)

Anonymous Coward | more than 7 years ago | (#16627454)

You're going to be the first one I hang against the smoldering backdrop of a successful Revolution.

I wonder... (1)

Cylix (55374) | more than 7 years ago | (#16626944)

Has anyone here used the script to make a fake boarding pass? Me, I took a look at the head line and didn't even dare look at the page. I had the feeling it was going to be a bit messy.

I was just wondering if anyone used it and had a visit from the ever so friendly FBI.

Re:I wonder... (1)

Doppler00 (534739) | more than 7 years ago | (#16626972)

The FBI is going to break into your house just for reading this slashdot article! You are now an enemy of the state!

Re:I wonder... (0)

Anonymous Coward | more than 7 years ago | (#16626978)

I get a 404 but it should be easy enough to write something similar. Any volunteers?

Re:I wonder... (1)

seventhc (636528) | more than 7 years ago | (#16627428)

i used it once and had no probs.....oh wait, someones at the door...brb

Who's liable? (0)

Anonymous Coward | more than 7 years ago | (#16626946)

If the government knowingly maintain a broken security system that leads to a terrorist attack? I don't see what this kid did wrong, he created a proof of concept using skills possessed by tens of thousands of people in the US alone. I'm sure /the terrorists/ could hack a simple script together. When are the government agencies going to be put on trial?

In response to the blog post comments: (0)

Anonymous Coward | more than 7 years ago | (#16626992)

"They've got to protect the country".

The most they should have done to "protect the country" from this man would have been to get the program file taken down from the site. Breaking the window, ransaking the home, taking computer equipment that will probably make his actual work as a graduate student much more difficult...and all of it in the middle of the night? It's not even security _theater_, it's just plain fear-mongering. Dorian Deligeorges was in charge of the scare tactics, and Kennard Foster approved it. Both of you: wouldn't it make more sense to fix the security hole? Why don't you push for asking for ID at the gate, fixing this and probably many yet-to-be-considered security flaws?

The cost of fixing the window and getting new computer equipment for research are examples of what might as well be a tax on Freedom of Speech. Continued disillusion in the ability of the government to solve a problem wisely are provided for free.

Write to your senator now ... (4, Insightful)

Anonymous Coward | more than 7 years ago | (#16627020)

Dear Senator,

I would like to bring your attention to the outrageous behaviour our government agencies have displayed regarding the matter of security researcher Christopher Soghoian's comments on the TSA security procedures.

Quite frankly the FBI raid on his premises are beyond comprehension for a country that preaches freedom and respect for human rights.

Not only would I like you to help in resolving Christopher's plight, I would also ask that you investigate and bring to the public's attention the true nature of the effectiveness of the TSA policies as well as to the rather offensive nature of the "secrecy" of the policies upheld by the organization.

Public transparency of the government is very important to me and any help you can give to avoid being virtually disenfranchised due being unable to evaluate the performance of my elected officals is critical.

Sincerely

Exposing the powerful is always a crime (4, Interesting)

davecb (6526) | more than 7 years ago | (#16627036)

And so a corollary is that any security researcher who exposes a risk or danger is a criminal (;-))

--dave

Re:Exposing the powerful is always a crime (0)

Anonymous Coward | more than 7 years ago | (#16627078)

If he was genuinely interested in security research he would have published a paper on the flaw. Instead he chose to publish a tool (which he did not even test) with the intention of people using it to create counterfeit documents. I liken it to the difference between a security research he publishes information about a security flaw and someone who writes a virus that takes advantage of the flaw.

We need martial law now (2, Insightful)

bxbaser (252102) | more than 7 years ago | (#16627054)

The only way to get this situation under control.

How exactly did he break the law? (0)

Anonymous Coward | more than 7 years ago | (#16627064)

Perhaps the law quoted in the summary is incorrect or out of context, but I don't see how he "knowingly presented a false and fictitious claim upon or against the United States". Wasn't the claim TRUE, which is why they are so mad about it?

Schumer may not be relevant (3, Interesting)

Beryllium Sphere(tm) (193358) | more than 7 years ago | (#16627088)

Senators have constitutional immunity for what they say in the Senate. That might extend to his official website, though Proxmire set a precedent that points in the opposite direction.

More to the point is that Bruce Schneier was pointing out the boarding pass problem in _2003_.

What exactly were they looking for? (2, Insightful)

TheSHAD0W (258774) | more than 7 years ago | (#16627112)

The man affirmed that he created the page, the FBI had plenty of grounds to charge him. Why search his premises? Looking for other dirt to kick up in case the judge disagrees with the prosecutor?

Re:What exactly were they looking for? (2, Insightful)

jtobin (988724) | more than 7 years ago | (#16627204)

Possibly, but most likely to scare him. Especially given that they raided his house at 2AM. Their goal seems to be to try to frighten people out of questioning the authorities and the 'security' measures they've put in place (even when they're fundamentally flawed, ad in this case).

In English, please? (1)

SuperBanana (662181) | more than 7 years ago | (#16627118)

Boiling down some of the legalese, the charges (if any are filed) will be "conspiracy to knowingly present a false and fictitious claim upon or against the United States, or any department or agency thereof in violation of USC 18 (secs. 2, 371, 1036, 1343, 2318) and USC 49 (secs. 46314 and 46316) and 49 CFR (secs. 1540.103 and 1540.105)" (edited for brevity).

So, in English, this means what? Slander/liable against the US government? So, if I say "Bush has an ass the size of Texas", I should expect the FBI soon?

Sounds like a foot-in-the-door technique. Like using mail fraud/tax code to get your nose into someone's papers, or using a "tail light it out"/"speeding" to pull over someone that looks like they're up to no good.

Either that, or the Federal government is visciously going after anyone that dares to suggest airline travel isn't safe, lest it hurt an already crippled and dying industry. Reminds me of the MBTA (Boston's subway/bus/commuter rail system) policy on photographic permits: you can film or take photos, but ONLY if the final product is vetted by the MBTA and does not show the MBTA in an "unfavorable" light or imply the MBTA system is "unsafe."

Re:In English, please? (0)

Anonymous Coward | more than 7 years ago | (#16627156)

So, in English, this means what? Slander/liable against the US government? So, if I say "Bush has an ass the size of Texas", I should expect the FBI soon?


No, I'm pretty sure it means Fraud (by presenting a counterfeit security document to government personnel). What you, and most others seem to be forgetting is that he did not simply embarrass the government by pointing out a security flaw. Rather, he published a tool specifically designed to help other people take advantage of the flaw.

Suggestion to please everyone: (0)

Anonymous Coward | more than 7 years ago | (#16627160)

_If_ he did indeed break the law, and _if_ he gets convicted, and _if_ the sentence is jail _then_ ... I suggest he asks for the sentence to be changed to banning/exile.

US society gets rid of such a dangerous individual and he antecipates his emigration, which is anyway a good idea, considering some recent martial law developments.

Broken legal system (0)

Anonymous Coward | more than 7 years ago | (#16627194)

I think that this case illustrates how incredibly messed up our legal system is. If an investigational news show such as 20/20 or Dateline showed how to do this, the Feds wouldn't dare go after them. No one is going after Charles Schumer, although the law is definitely broad enough to charge him with a crime. These people have power and money.

Instead, they attack a graduate student who they knew could not possibly defend himself financially.

I can sympathize with the FBI serving him notice warrant to take the site down. But they decided to do more than that and seize all of his property, and now they don't even need to charge him with the original crime. If they can't prove that he violated these security statutes, they can charge him with pirating software or having obscene pornography or some other crime.

Our law system has become so incredibly bloated that it has become an embodiment of Cardinal Richelieu's statement "If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him."

Mr. Soghoian made the fatal mistake of being a poor nobody. Yes, he probably broke the law, but that doesn't really matter much in this country anymore.

I wish I could propose a solution to this. The best thing I can think of is to demand accountability and transparency from government. The government should respect its people, and the people its government. Sadly, neither seems to be true today.

I feel much safer now... (1)

spywhere (824072) | more than 7 years ago | (#16627200)

...don't you?

some unbroken links (1)

troll -1 (956834) | more than 7 years ago | (#16627306)

Title 18, 1036, 1343, and 2318

Attempting to enter a vessel by false pretenses: [cornell.edu]

Fraud by wire: [cornell.edu]

Trafficking in counterfit labels: [cornell.edu]

Personally I think he'll be vindicated of everything. Pointing out a security flaw is not an attempt to enter a vessel, commit fraud, or traffick in anything.

Repost! (0, Offtopic)

BobSutan (467781) | more than 7 years ago | (#16627312)

This was already posted like 26 hours ago. Talk about your short-term memory!

http://it.slashdot.org/article.pl?sid=06/10/27/212 4231 [slashdot.org]

Re:Repost! (1)

Kaemaril (266849) | more than 7 years ago | (#16627384)

This, however, is a new development in that case and not a dupe.

My new hero (0, Flamebait)

ta0 (81152) | more than 7 years ago | (#16627326)

Christopher Soghoian is my new personal hero.

I sincerely hope that his actions will make us all a little safer.

It only helps that I'm an Indiana University alum myself.
Go Hoosiers! Beat the FBI, rah rah rah!

He will absolutely be convicted (0)

Anonymous Coward | more than 7 years ago | (#16627372)

of criminal copyright violation at the very least. The unauthorized use of Northwestern's logo is what will do him in.

CFR 49 says (1)

Eric Smith (4379) | more than 7 years ago | (#16627398)

I haven't checked the cited sections of the US Code, but it doesn't appear to me that he violated any of the cited sections of the CFR. It's possible that a third party might have, without his knowledge, used the boarding pass generator to violate these regulations.

The CFR 49 regulations say that:

You can't make a fraudulent or intentionally false statement in any application for an identification medium. He didn't. Since he didn't hand a generated boarding pass to a TSA officer, he didn't make any application.

You can't make a fraudulent or intentionally false entry in a record that is kept, made, or used to show compliance with this subchapter. He didn't, as the generated boarding pass was not presented to a TSA agent to be used as a record.

You can't make a reproduction or alteration, for fraudulent purpose, of any report, record, security program, access medium, or identification medium issued under this subchapter. He didn't attempt to use a generated boarding pass to get through security or onto a plane, nor did he induce any third party to do so, thus he had no fraudulent purpose.

You can't tamper or interfere with, compromise, modify, attempt to circumvent, or cause a person to tamper or interfere with, compromise, modify, or attempt to circumvent any security system, measure, or procedure implemented under this subchapter. He didn't modify or tamper with a real boarding pass, nor make any attempt to circumvent the boarding pass procedure, so he's clear on this one too.

You can't enter, or be present within, a secured area, AOA, SIDA or sterile area without complying with the systems, measures, or procedures being applied to control access to, or presence or movement in, such areas. He didn't.

You can't use, allow to be used, or cause to be used, any airport-issued or airport-approved access medium or identification medium that authorizes the access, presence, or movement of persons or vehicles in secured areas, AOA's, or SIDA's in any other manner than that for which it was issued by the appropriate authority under this subchapter. He didn't use an airport-issued or airport-approved access medium or identifaction medium. He made his own.

Go back to Bed.. (1)

BlahSnarto (45250) | more than 7 years ago | (#16627406)


America. Your government has figured out how it all transpired.
Go back to bed, America. Your government is in control again.
Here. Here's American Gladiators. Watch this, shut up. Go back
to bed, America. Here is American Gladiators. Here is 56 channels
of it! Watch these pituitary retards bang their fucking skulls
together and congratulate you on living in the land of freedom.
Here you go, America! You are free to do what we tell you! You
are free to do what we tell yo

all this hoopla over nothing (3, Informative)

oohshiny (998054) | more than 7 years ago | (#16627440)

Notice how in all this discussion, everybody is implicitly assuming that the watch lists are actually worth anything. In fact, I think the reason this hole has existed for several years without any problem due to them is that the watch lists simply don't make any difference at all.

Which raises the question: why have the watch lists in the first place? I think they are more psychological than anything else: they give the impression that there is a continuing threat, they give the impression that the government is doing something, and they make people willingly give in to controls that they previously wouldn't have considered. Remember: you used to be able to travel across this nation without the government being able to track your every step.

No, not necessarily (2, Interesting)

RKThoadan (89437) | more than 7 years ago | (#16627450)

"He really did break the law?" I don't think so, but I'm not qualified to make that statement and neither are you. It takes a judge or a jury to say that. To me, it doesn't appear that he conspired to do any such thing. He simply wanted to public to realize how insecure it really was. It sounds like this law requires such intent. There is also the question of whether Northwest Airlines would be considered a Government agency or department for the purposes of this law.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?