Subscribe to

Blogs

Was airport security really okay?

 - 
Friday, May 29, 2009
Maybe you've seen the story about the woman who faked her own kidnapping and grabbed her daughter and ran away to Florida, flying through the Philly airport by using the driver's license of her friend and coworker. Maybe you haven't. It's a tabloidy thing of no real consequence. But then I saw this story - a good one, in my opinion - where the Philly Inquirer wonders aloud whether this calls into question the validity of airport security. The TSA says, "nope. Not at all." I say, "well, not really, since any smart person knows that airport security is pretty fraudulent, anyway, and isn't really designed to keep a person off of an airplane, just a bomb or other weapon." For example:
Sweeten had a valid Pennsylvania driver's license with a photo that closely resembled her. "It was a real driver's license, so it had all the security features that a real driver's license has," FBI Special Agent J.J. Klaver said.
Which are, well, none, really. Right? It's just a picture and a name. All of the hologram stuff, etc., probably couldn't be faked by some random woman, but it could certainly be faked by a terrorist operation of some kind. But anyone who's ever used their brother's license to buy booze at the local 7-11 (not me - I don't have a brother, which was a real pain in ass at UVM, where it's virtually impossible to get alcohol without a valid ID) knows no one really looks at the picture. They look to make sure the card is real and that you didn't make it at Kinko's, but they don't really look at you, per se.
The 38-year-old Bucks County woman "was using a driver's license of somebody who looked like her, and the ticket matched the name on the license," Klaver said. "This country has decided that your driver's license is your primary form of ID," Klaver said. "Driver's license photos, to begin with, are not very good. Pull out your driver's license picture, and hold it up and look in the mirror. How much does it really look like you every day?"
Mine doesn't look anything like me right now since I'm in summertime no-beard mode and my license has me in full-beard. The TSA guys never even look at me, though. The clerks at the local supermarket are more scrutinous. That's probably because they think I'm using my brother's license and there's a real penalty for selling alcohol to a minor - what penalty is there for a TSA employee who lets through someone with a fake ID by mistake? I've never heard of one and no one's being penalized in this case. Think about that for a second. If a clerk at the grocery store sells me booze when I'm 19 and using my brother's license, the store gets a stiff fine. I think it's $500 or so here in Maine. Do you think the clerk can say, "oh, well, he was using a real license and looked a lot like the picture..."? Um, no. The liquor inspector doesn't care in the slightest. If that happens more than once or twice, you lose your license. But, the TSA lets through someone who is not the person she claims to be and this is the explanation:
TSA spokeswoman Ann Davis said, "Our officers are trained to make sure that passengers' travel documents and government-issued IDs are legitimate." "They are looking for evidence of tampering" and "proper state markings on the ID. They do look at the photo," Davis said. "However, law enforcement tells us that the woman in question used the valid ID of a coworker with whom she shares a very strong resemblance." "If the photo bears a strong resemblance to the passenger, and all other markings appear to be legitimate, then the ID would not raise any red flags," Davis said.
Talk about covering your ass! There's nothing about being concerned that this happened, nothing about an officer being punished, nothing about making sure this never happens again. Just, well, "hey, we did our job, right?" What absolute crap. When I think about what the Israelis would say about this, I'm aghast. The Israelis are laughing at us. They are. They think we're idiots. Just think about this:
Sweeten paid cash at the US Airways ticket counter at the airport for two 4:15 p.m. tickets to Orlando. Airlines track passengers who pay cash or buy one-way fares as part of market research, but such behavior is not considered suspicious or reported to security. "You are allowed to pay cash for an airline ticket," Klaver said.
Who pays cash for an airline ticket? Who does that? Have you ever done that? What percentage of people buy airline tickets at the airport with cash? I bet it's less than .000001. No one does that. But that's not suspicious behavior? Of COURSE that's suspicious behavior. That's the definition of suspicious behavior - doing something that no one does! The Israelis talk all the time about profiling actions and behaviors and not profiling people. This woman drew no attention because she's a white woman traveling with a little kid. How cute! It's a mommy-daughter trip to Florida! But, seriously, who, employed in a security role, could watch someone pay cash for a same-day ticket to Florida and not provide a little extra scrutiny to what's going on? But the thing is the person who sold the ticket probably doesn't see themselves in a security role, even though they should. So, they don't care, it's not their job; there's no system in place to flag such actions on the part of passengers; and by the time the TSA screener sees the ticket, it's just a normal ticket, so why would they spend more time on it? This is the explanation we get:
"Whether she showed ID to buy an airline ticket, again, she had a driver's license that looked like her," Klaver said. "They don't ask for a second form of ID. We don't use biometrics - fingerprints, retinal scans. It would be prohibitively expensive. We use a driver's license." "The woman took steps to get away. She was successful at it," Klaver said. "Does this show some systemic weakness in our security process? That's an opinion I'm not going to offer."
Again, an appeal to technology and money, when they don't have anything to do with it. It's about people, systems, and training. I'm sorry, but just how much could those two women look alike? You're telling me if she had been flagged for the cash payment and somebody looked a little harder it wouldn't have slowed things down enough for someone to check if there was anything on the wire about a woman who'd maybe been abducted, probably with a picture attached? A better system would have solved the problem. It doesn't have anything to do with biometrics. There's plenty of technology in place, as evidenced by the quick way they figured out where Sweeten went and so captured her. However, there's no way you could get some kind of bomb or device on a plane if you're going through security. I'm convinced of that. So our system is designed to prevent one very specific thing from happening, but it's not designed to catch criminals flying around the country under assumed aliases, that's for sure. I'm not surprised by that. But maybe my lack of surprise is what should be surprising to me.

Bart Didden & Supreme Court nominee Sotomayor

 - 
Thursday, May 28, 2009
Here's a little six degrees of separation exercise for you on this Thursday morning: How are security personality Bart Didden and Supreme Court nominee Sonia Sotomayor connected? I had this very thought this morning when I saw a big ole picture of Bart (who's president of USA Central Station Alarm Corp., former NBFAA president etc.) in the New York Times in a story about Sotomayor's judicial decision history. (I really wish I could post the picture...but I can't yet... you know, it's the same old story...our techies just can't get me permission. ) Anyway, here's the link to the story, and you can see the photo here. The story's says that Sotomayor's decisions (while she served on the Second Circuit Court of Appeals) on business and finance are difficult to categorize. Well, some conservatives point to certain decisions and say "danger," while others point to so-called pro-business decisions as evidence that Sotomayor is not an idealogue. As an example, the story cites:
In a 2006 property rights case, she upheld a town’s effort to take private property for redevelopment. But in 2002, she supported property rights in a case involving impounded cars.
And here's the Bart-Sonia connection: The property rights in question in 2006 were Bart Didden's. From the story:
¶And in a key property-rights case, Didden v. Village of Port Chester, Judge Sotomayor took part in a brief unsigned order from the Second Circuit in 2006. The order, which followed the Supreme Court’s major property-taking decision in Kelo v. City of New London, supported a town’s effort to seize property for the use of a developer. Richard A. Epstein, a conservative legal scholar at the University of Chicago, wrote in Forbes magazine that “American business should shudder in its boots if Judge Sotomayor takes this attitude to the Supreme Court.”

Maybe there WILL only be one card someday

 - 
Thursday, May 28, 2009
So, HID already teamed with Dell to make it so one card gets me in the door and on the network. Cool. But not nearly as cool as that same card being my debit card. That's REALLY cool. For some reason, HID put out a press release with a bunch of hot links all throughout it, but didn't actually post the link on their web site, so I can't link to it, but here's the news:
IRVINE, Calif., May 28, 2009 – HID Global, the trusted worldwide leader in providing solutions for the delivery of secure identity, today announced that its iCLASS®secure contactless technology for physical and logical access control has been successfully combined with INSIDE Contactless’ MicroPass®contactless payment platform featuring Visa®payWave capability to enable the industry’s first converged card solution that incorporates identity and access control with payment. Recently debuted in a pilot for U.S. Bank, the converged solution enables U.S. Bank and Visa issuers worldwide to create new card programs using this converged solution, providing users with a single card that offers them the ability to gain access to secure buildings and facilities and make purchases. No longer are users required to carry multiple cards or tokens.
Let me summarize that for you, in case you didn't make it all the way through the 57-word first sentence: HID can now make it so one card lets you get in the door, get on the network, and buy groceries. Cool. (Okay, so it's not really your debit card, per se, but it's close to that.) If I worked in a place that had any access control whatsoever or actually gave a crap at all about network access privileges, I would be all over that! I have to actually leave some of my cards at home because they don't all fit in my wallet. If you can make it so I have fewer cards, you are my new best friend. Gosh I wish some of my cards were access card thingees so that I could then take advantage of this new cool capability on the part of HID and have fewer cards. Dang crime-free Maine! I think it goes without saying that this is a killer app for college campuses, where mommy and daddy are constantly refilling the account that goes along with the ID card kids use for getting stuff at the dining hall and vending machines and the laundry. Now that card can be both a picture ID and the only way into the dorm and the only way to get onto the school network/log on to their school provided laptop? Seems like a no brainer. Maine will do something like this with our driver's licenses in 2055, but they'll expect us to be impressed that not only is it an ID card, but it's also great for scraping the ice off your windshield AND removing annoying sap deposits on your hood. How's THAT for convergence?!?

Good Samaritan security Co. saves day

 - 
Thursday, May 28, 2009
I came across this story from azfamily.com this morning and thought it was an interesting example of altruism in the industry, the more so because when I called Central Security Group seeking comment, the central station manager I spoke with had no idea what I was talking about. I relayed the story to him , and he checked their monitored account database and confirmed. "We're monitoring them, all right," he said, and promised to escalate my call to higher ups and see if I could get some more commentary on why Central decided to help these poor people out. It sure is nice to see people doing the right thing and not publicizing it; doing the right thing because it's right not because it will win them the recognition of news outlets like 3 On Your Side and SSN, who notice when people do the right thing. It's nice to see people in the industry doing nice things to keep public perception of the industry from tarnishing, even if it means they're eating the cost of some monthly RMR. I called PCA Security to try and get some input from them on what happened, and (actually, this is kind of funny) the same girl who answered the phone for poor Dawn Stapley when she tried to follow up with her alarm company answered my call. Just as in the azfamily story, the girl answered "Security, please hold!" before putting me on hold, which came complete with loud and--to my mind--unpleasant guitar rock music. She did eventually come back, though, and, after hearing why I called, asked me to call back later and speak with the boss, which I will do. I'll follow up on this story as more input becomes available.

Wall Street discovering Brink's Home Security, but are they doing their homework?

 - 
Wednesday, May 27, 2009
Here's another Wall Street convert talking about what a smart investment BHS is Mostly, it's more of what we already know: Brink's Home Security is a very well run company. One problem I note, is that this guy's not reading Security Systems News. It's obvious, because loyal readers know well that BHS is about to undergo a major change. The name Brink's Home Security is going away and the company plans to rebrand within the next few months. I'm not doubting the ability of Brink's to survive the rebranding (or acquisition by another brand perhaps?) After all, it will still be a smart company run by smart people. Still, you can't underestimate the importance of brand names. Just look at the buzz caused by Smith & Wesson Security Services when they've barely gotten off the ground.

Help with the system, score free dope?

 - 
Wednesday, May 27, 2009
Sorry, couldn't help myself: "NDSU gets half of needed funds for hemp research security." Anybody doing business in North Dakota and want to get in on the ground floor with the hemp industry? I'm sure you'll score some brownie points...

Feds have screwdriver-proof system

 - 
Wednesday, May 27, 2009
Great story out of the Kansas City Star exploring the heights of human idiocy: "Man tries to break into KC's Federal Reserve Bank with a screwdriver." Well done by Christine Vendel, with perfect just-the-facts writing and a beautiful last sentence: "Police believe he was intoxicated." Hilarious.

Another contest winner

 - 
Wednesday, May 27, 2009
As I do some reporting on who won the American Security Challenge (I'll have that up later today), I did come across this release (maybe password protected) from AlertEnterprise, a company that didn't return my phone calls when they recently grabbed some venture capital money. They've won the Security Summit's "coveted Most Innovative Product and Service award in the Information Assurance, Cyber Security and Security Software category." (And it's true - I hear people all the time saying, "Gosh, I really hope we win the Most Innovative Product and Service award in the Information Assurance, Cyber Security, and Security Software category at the Security Summit! Do you think we have a chance?" I always tell them, "no, that award is much too coveted by other people. You have no shot.") They do seem to have cool secret sauce that allows you to correlate physical and logical access control, which Imprivata and a few others can do, but maybe not quite as easily, since AlertEnterprise works like this:
AlertEnterprise products are available as COTS (Commercial Off The Shelf) software that works with existing enterprise systems and physical access control systems delivering incremental return on investments in applications like ERP systems, IT security automation solutions and critical infrastructure management solutions for energy management, oil and gas, chemicals processing and mass transport.
I think other solutions require an appliance of some sort and can't be done simply with software, but I'm not totally sure about that. Anyway, awards are fun, right? I know I like to win awards. I got a really spiffy mug for being the bestest soccer coach ever this past fall, for example. I still drink out of it every day and it makes me feel all warm and fuzzy inside. It doesn't say what AlertEnterprise got, but "AlertEnterprise delighted attendees and judges in all categories and was also named runner up for the Best in Show award," so I'm sure they got a plaque or something, at least. Can't drink out of a plaque, though, so what good does it do you, really?

Tune in Thursday to see NBFAA's Merlin Guilbeau & 'Safety Chick' talk security

 - 
Wednesday, May 27, 2009
Look what just popped into my inbox: NBFAA's executive director Merlin Guilbeau is ginning up some nice publicity for the industry. Mark your calendars, on Thursday, May 28, Merlin will do a live satellite broadcast from ADT's central station in Aurora, Colo., where he'll discussing safety tips and answering questions from the media. He'll be joined by the 'Safety Chick' Kathleen Baty. Below are listed the TV and radio stations that will be participating.    6:50-7:00 AM ET WHO     NBC / 073 - DES MOINES - TV / LIVE   7:15-7:20 AM ET KGAN    CBS / 089 - CEDAR RAPIDS - TV / LIVE   7:35-7:45 AM ET WLKF-AM / 013 - TAMPA - RADIO / LIVE   7:45-7:55AM ET WFNC-AM / 028 - RALEIGH - RADIO / LIVE   8:10-8:20 AM ET WYAM   IND / 084 - HUNTSVILLE - TV / LIVE   8:45-8:55 AM ET KRNV    NBC / 110 - RENO - TV / LIVE   9:05-9:10 AM ET WSAT-AM / 025 - CHARLOTTE - RADIO / LIVE   9:10-9:15 AM ET KWTX   CBS / 095 - WACO - TV / TAPE   9:15-9:20AM ET WXMI   FOX / 039 - GRAND RAPIDS - TV / TAPE   9:20-9:30 AM ET WTVR   CBS / 061 - RICHMOND - TV / LIVE   9:30-9:40 AM ET WFIN-AM / 088 - TOLEDO - RADIO / TAPE 9:40-9:45 AM ET KVAL    CBS / 120 - EUGENE - TV / LIVE 9:45-9:50 AM ET WNEM   CBS / 066 - FLINT - TV / TAPE 10:05-10:10 AM ET KCMN-AM / 091 - COLO SPGS. - RADIO / LIVE 10:10-10:20 AM ET CABLE RADIO NET - NATIONAL - RADIO / LIVE 10:20-10:25AM ET WFTX   FOX / 062 - FT. MYERS - TV /TAPE 10:35-10:40AM ET WBRC   FOX / 040 - BIRMINGHAM - TV / TAPE   10:50-11:00 AM ET WDIS-AM / 009 - BOSTON - RADIO / TAPE   11:00-11:15 AM ET KTOK-AM / 048 - OKLAHOMA CITY - RADIO / TAPE**   11:25-11:40AM ET Something You Should Know - NATIONAL - RADIO / TAPE#   11:15-11:25 AM ET KWIX-AM / 137 - COLUMBIA, MO - RADIO / TAPE   11:40-11:50 AM ET KBFX    CBS / 126 - BAKERSFIELD - TV / LIVE   11:50AM-12:00 PM KPQ-AM / 176 - YAKIMA - RADIO / TAPE   12:20-12:25 PM ET WDTN   NBC / 058 - DAYTON - TV / LIVE   CUST. GENERIC KGNS    NBC/187 - LAREDO - TV/GENERIC **This Oklahoma City booking will also air on the following stations: KEBC-AM, KJYO-FM, KHBZ-FM, KTST-FM, KXXY-FM   # Something You Should Know airs nationally on 150 radio stations  

AMS '09 Dealer Conference a success

 - 
Wednesday, May 27, 2009
The Alarm Monitoring Services 2009 Dealer Conference exceeded expectations as AMS dealers gathered together in New Orleans for three education-filled days, according to a release from Richard Hahn and Associates. I think it's a good sign that conferences appear to continue to do well, despite a poor economy. An industry needs investment in the form of educational endeavors, of which there were many at the 09 AMS Dealer Conference. Conference speakers included AMS' dealer services manager Brad O'Malley, Stiel Insurance's Marvin Brosset, C.J. Bruno of Compass Capital Management, industry lawyer Ken Kirschenbaum of Kirschenbaum & Kirschenbaum, PC, Roger Wahden of Pre-Paid Legal Services, Inc., Louisiana-based CPA Pat Buckley, OzVision's Stan Silberstein, and AMS' own Rick and Dera Jolet I've written about it before: Keep participating, keep learning and continue to be good stewards of the industry. Plans are already in motion for next year's event, which will also celebrate Alarm Monitoring Services' 30th anniversary.

Pages