The FBI has let Indiana University graduate student Christopher Soghoian off the hook for having posted a fake boarding pass generator on his website. Soghoian had intended to illustrate the ease with which a person on the no-fly lists could gain access to secure areas of an airport, although it is unlikely that anyone could have boarded a plane without further trickery.
Naturally, the TSA is less than welcoming toward those who would reveal the flaws in its security protocols, so the FBI quickly moved in by ordering Soghoian to remove the pass generator from his site, searching his residence, and impounding his property.
A month or so later, the Feds have decided to let the matter drop. According to Soghoian, the authorities were in no way persuaded that he had performed a service by spotting a flaw and publicising it, but allowed that he had not intended to cause harm.
He points out on his blog that the no-fly lists are exceptionally weak, with numerous false positives to their credit, and no terrorists caught. He notes that it's also possible to fly domestically without ID if one is willing to submit to additional screening, which means that a banned person could fly, although it would be difficult for them to smuggle a weapon on board with the extra scrutiny they would attract.
"The domestic no-fly list and the ability to fly without ID simply cannot co-exist," he writes. "We need to figure out, as a nation where the majority of people do not support a national ID, if we want a no-fly list in the first place and if we are willing to be forced to present our papers."
He seems to believe that the government should do it right, or not at all, with a bit more emphasis on the not-at-all option. He's clearly no fan of the TSA's slack approach, which is to enact a security rain dance, the sole purpose of which is to assure the public that "something" is being done. ®