Monday, December 10, 2007

Uncrackable?

The Houston Chronicle reports that Continental Airlines and the TSA are piloting a program that would allow the use of two-dimensional barcodes displayed on the screens of cell phones and PDAs to be used as boarding passes:
Some Continental Airlines passengers leaving Houston will be the first in the nation to board flights without waving a paper boarding pass, as long as they have a cell phone handy.

A unique new check-in procedure using cell phones or personal digital assistants as boarding passes is being unveiled by Continental Airlines and the Transportation Security Administration at George Bush Intercontinental Airport today.

The three-month pilot program involves technology using encrypted bar codes on mobile device screens, something not being used anywhere else in the world, TSA official Melvin Carraway said. ("Cell phone boarding passes going into use here first" by Bill Hensel Jr., December 12)


The barcode would be e-mailed to the passenger upon check-in and would be available for use to get through the TSA security check and to get on the actual airplane.

Carraway said the TSA, which has had a problem with people trying to use fraudulent paper boarding passes in the past, is confident the technology can't be cracked.

I hope that the phrase "is confident the technology can't be cracked" is the reporter's summary of what Carraway meant. If not, then Carraway is over-confident. Even if the data represented by the barcode is encrypted and even if the that encryption is particularly strong, there have to be lots of machines capable of producing the barcodes and lots of machines capable of reading them. You don't need to know how the encryption works to beat the system, just something that do the encryption.

Of course, should we really care if some enterprising crook is able to produce bogus barcodes and thus to get through the TSA security check? No, probably not. The TSA security check is nothing more than security theater. Even if it were 100% effective in ensuring that only those who had valid tickets could get through, if I were a malefactor who wanted to do something bad on a plane or in the boarding area, I'd just buy a ticket.

1 comment:

mamacita said...

Hello? Is there an echo in here? Have you been kidnapped by aliens who won't let you blog?