Waterfront property at low tide

Now with ultra-cool updates at the bottom!

So I managed to set off the explosives detector at CYEG this afternoon on my way home. It was, to say the least, a humiliating experience, enhanced only by the frustration that I was late for my flight. Why my bag was randomly chosen to be explosive-residue-tested is a bit of a mystery; my laptop, the usual suspect for this kind of thing, wasn’t in there at all, and when they swabbed the bag I didn’t think anything of it. I mean, I use a totally different bag to carry my Semtex around.

Apparently, though, when the explosive detector is activated, you get to get super-duper screened. Which involves a physical search of everything you’re bringing with you. And a physical search of yourself, which is sufficiently thorough that I think someone owes me breakfast. And, as with everything involving the government, there’s paperwork to fill out. Name. Address. Birthday. Occupation. It goes on and on. I asked what was going to happen to the form. “Oh, nothing,” the guy said a little too nonchalantly for my tastes. Yeah, right. And if you believe that one…

So I totally won’t be shocked that I’m now tagged and will get nailed every time I go to get on a flight from hereon in.

The punch line is that my bag tested positive for nitroglycerine residue. Which is, in hindsight, totally not unexpected, since it has been home to several bottles of nitro spray that at one point or another have found their way into my pockets and then into my bag. (Don’t look at me like that — I’m not stealing the damn drug. It’s just that it’s frequently easier to shove them in a pants pocket rather than keep fishing for one at the bedside or whatever, and besides, we’ve now gone to single-patient use sprays so that once you use one on one patient, it’s fininshed.) Whether one discharged, or leaked, or whatevered in my bag, it somehow got NTG molecules all over the place, and that’s what the detector picked up. The guy said this happens all the time but I’m not so sure, and in any event I’m not even remotely certain how I could go about getting the NTG residue off my bag so this doesn’t happen in the future. NTG spray has a pretty distinctive smell. All I can smell in my bag is consumer electronics, so it must have been some minute amount somewhere.

The worst part of it all is that I can’t even make snide jokes about the total uselessness of the air travel security theatre, since spotting passengers with explosives is, uh, kind of what you want the security theatre to be doing. Must.. find.. useless government joke.. in here.. somewhere..

Some time after I posted this, Bruce Schneier happened upon it and posted an excerpt on his blahg. There were a few things that came up in the comments to his post that I wanted to address, so I’ve re-posted my own follow-up here.

First of all, please understand that my post was not intended as a commentary on air travel security. I have a personal habit of having horrible things happen to me when I travel, and posted the story to my LiveJournal mostly as a means to amuse my friends; the tone of voice behind the story is one of weary resignation, not frustration or anger. (Though I’ll note that had I known Bruce would repost it here, I might have been more eloquent and thoughtful.)

Second, as mpd and the anonymous poster above me have noted, this was not a false positive result. The detector correctly detected (and identified) the nitroglycerine residue on my bag, and it functioned exactly as expected. The screening personnel also functioned exactly as expected: They investigated the source of the alarm, asked me reasonable questions to determine why the alarm condition occurred, and, having been satisfied that I did not represent a threat to air safety, allowed me to board my flight. The alarm condition was thus valid (I had nitroglycerine molecules on me), but irrelevant to the overall goal of preserving the safety of the flying public (I’m not a terrorist, so who cares if I have nitroglycerine residue on me?).

Third, keep in mind this was at a Canadian airport. CATSA isn’t a whole lot better than the TSA, but it is marginally less stupid, and the margin seems to make a difference.

The anonymous poster’s comments regarding medical diagnostics are particularly astute and I think the comparisons are very valid: If you spot a suspicious lump on ultrasound, you naturally biopsy it. When the biopsy comes back benign, we don’t turn around and say the ultrasound was a waste of time — we say that the diagnostic process worked more or less as expected.

For a variety of reasons, though, it feels as though there was some kind of failure here, although it’s difficult to figure out exactly where the failure occurred and what should have been done differently. It’s tough to argue that we shouldn’t be checking for explosives, it’s tough to argue that we shouldn’t additionally screen people found to have explosive residues on their personal effects, and it’s tough to say that we shouldn’t document instances where residues were found but posed no threat. It may be that we need to take situations like this in stride and recognize that they will happen, and design the system in such a way that these situations do not escalate into something bigger than they need to be. Viewed in that light, I think The System worked fairly well overall (though I would have preferred that it worked on someone else).

My biggest concern about the whole incident is what happens to the report that was filed as a result of the positive explosives test; not being one to have much faith in the government, I’m not at all convinced that “nothing” is going to happen to the document. Insofar as there are other risks here, I think the biggest one is the personal shock that may come from being suddenly yanked out of line and subjected to a more intensive screening process.

As to some specific comments…

Thomas: “The question is whether or not this system the best we can do for the cost (money/convenience/liberty).” I agree. After having had about a week to think about it, I’ve come to the tough-to-swallow conclusion that it is the best we can do for the relative costs. The whole thing seems excessive but on further reflection, as I said, it’s tough to argue against any one aspect of it. It pains my libertarian soul to say this, but this may be about as good as we’re going to get.

One final risk comes to mind: Because this event was related to airport security, and because we’re used to thinking of airport security as being mostly useless, we run the risk of writing off those procedures which actually do result in a net increase in safety to the traveling public.

This is a security system?

I locked myself out of my online banking application the other day, the result of having flunked its “are you really you” verification system twice. It was asking me, after having punched in my giant bank card number and my password, what my favorite author was. You know why it does this, of course. But I was thinking that it might be kind of pointless.

The challenge-response system of security is great as an additional level, but I’ve come to the conclusion that it’s probably the weakest part of the system. Weirdly my banking password is stronger than any of the challenge-replies I could think of, inasmuch that it would be much harder to break my password than break any of the challenges. If you could guess my password, the odds are really good you could guess the answer to any challenge-response system out there on the Internet. Obviously this is entirely dependent on you knowing me, but consider the number of people in the world who know

  • your mother’s maiden name…
  • what your first pet’s name was…
  • who your favorite sports team is…
  • where you were born…
  • what year you graduated from high school…
  • what your first job was…

… among many others. OK, so the list is basically confined to your mom and your spouse and maybe some other family members, but the point is still the same: this kind of attack is trivial if you know anything about the person who owns the account you’re trying to compromise. And you may only need to know one of those things, depending on how broken the system is. Arguably, the dumber you are, the easier it is (though in fairness it should be pointed out that this kind of system may or may not have played a role in the break, not that this excuses anything).

There’s an obvious fix for this — let users craft their own questions — but I’m not sure why it isn’t more widely deployed.

And why did I manage to lock myself out? Because I couldn’t remember who my favorite author was. Was it author C, who’s been on my mind a lot lately? Was it author O, who I used to like a lot and haven’t read much of lately (okay, she’s dead and I’ve read everything)? Was it author F, who I use when I’m trying to sound smart and sophisticated (what, was I trying to impress the security robot)? Was the answer case-sensitive?

I never found out. The bank gave me two strikes; I blew it both times, and that was it.