The FBI has let Indiana University graduate student Christopher Soghoian off the hook for having posted a fake boarding pass generator on his website. Soghoian had intended to illustrate the ease with which a person on the no-fly lists could gain access to secure areas of an airport, although it is unlikely that anyone could have boarded a plane without further trickery.

Naturally, the TSA is less than welcoming toward those who would reveal the flaws in its security protocols, so the FBI quickly moved in by ordering Soghoian to remove the pass generator from his site, searching his residence, and impounding his property.

He points out on his blog that the no-fly lists are exceptionally weak, with numerous false positives to their credit, and no terrorists caught. He notes that it's also possible to fly domestically without ID if one is willing to submit to additional screening, which means that a banned person could fly, although it would be difficult for them to smuggle a weapon on board with the extra scrutiny they would attract.

"The domestic no-fly list and the ability to fly without ID simply cannot co-exist," he writes. "We need to figure out, as a nation where the majority of people do not support a national ID, if we want a no-fly list in the first place and if we are willing to be forced to present our papers."

He seems to believe that the government should do it right, or not at all, with a bit more emphasis on the not-at-all option. He's clearly no fan of the TSA's slack approach, which is to enact a security rain dance, the sole purpose of which is to assure the public that "something" is being done. ®

Related stories

• US bars ID refuseniks from planes - but not ID losers (10 June 2008)
• Barcode faking for fun and profit (2 January 2008)
• Updated TheTrainline.com fixes web security derailment (2 November 2007)
• How to sniff out private information on Facebook (26 June 2007)
• Ryanair check-in site exposes data (24 May 2007)
• University admins lend phishers a hand (18 April 2007)
• TSA makes a hash of 'no-fly' redress site (21 February 2007)
• USA to ground all travellers until 'cleared' (6 November 2006)
• Airline security critic raided by Feds (31 October 2006)
• Four sue over passenger data (22 August 2005)
• TSA squanders millions of US tax dolllars (21 April 2005)
• Passenger screening gimmick stuck at the gate (29 March 2005)
• DHS comes clean on CAPPS, lets self off hook (28 March 2005)
• Cat Stevens midair terror incident spurs tougher measures (26 September 2004)
• Uncle Sam demands all air travel records (22 September 2004)
• Database snafu puts US Senator on terror watch list (19 August 2004)
• Airport snoop system thrown in $102m garbage can (16 July 2004)
• Airport security failures justify snoop system (26 April 2004)
• Morrissey detained in LAX terror swoop (22 April 2004)
• American Airlines data used to test passenger snoop system (13 April 2004)