I am writing to you as a Senior Information Security Analyst with Northrop Grumman corporation. I am employed with NGC on behalf of the United States Postal Service. I am a CISSP (Computer Information Systems Security Professional) and help protect the IT systems of America’s postal system.
I am writing you about the topic of Christopher Soghoian. This past Friday you called for his arrest due to the creation of the “http://www.dubfire.net/boarding_pass” website.
As you are hopefully aware of now, the security flaw in the TSA boarding methodology is not new. Bruce Schneier, a security expert who has done significant work for the US government, wrote about the exact same flaw in 2003. Senator Charles Schumer made a press release about it in 2005. I myself have been aware of the flaw since I read Bruce Schneier’s article earlier this year. I will repeat myself: It is not new.
It is irresponsible to have continued to ignore a fundamental problem with TSA security in airports for so many years. Mr. Soghoian was irresponsible in putting together a website for public consumption to exploit it. But he was being QUITE responsible in outing this flaw.
Neither you nor the rest of congress should continue to stick your heads in the sand. The TSA is NOT doing their job to the fullest extent necessary. Bruce Schneier has pointed out other problems in TSA security systems before, but has often been ignored.
The US government is passing laws and performing actions that reduce personal freedoms to try and bolster security. That is the wrong path. Security should come at the cost of convenience, not freedom. That way both security and personal freedoms are assured.
Thank you for your time. I look forward to your response.