Flying Under the Radar
Yesterday I interviewed Christopher Soghoian, a computer science grad student blogger at CNET's surveill@nce st@te, who also built a following as the author of an earlier blog that dealt with air travel, globalization, and security, slight paranoia. Chris had a rather unpleasant fifteen minutes of fame, when federal agents raided his home after he posted a boarding pass generator that would make realistic-looking Northwest boarding passes to publicize a serious flaw in the TSA's security procedures. (Of course, this inconsistent system of rules is also an interest/obsession of frequent traveler and VP pal Ian Bogost, creator of the game Airport Insecurity.)
I won't try to recap the entire interview here, since it will lead off the sixth chapter of my forthcoming book, but there are some links that a web format may be better designed to show than traditional print.
As this paper in the ACM library shows, I'm interested in the web generator genre itself and its related conventions about social subversion, pseudo-interactivity and Internet sociality. I knew that John 4dam5 had distributed his own boarding pass generator after Chris's was taken off-line, which was in Javascript rather than server-dependent PHP, but I didn't know that in the spirit of parody someone had created a search warrant generator that defaulted to many of the details in Chris's Indiana case.
Since the seeming incompetence of the government as a digital media-maker is one of the big themes in the book -- a phenomenon that I actually try to explain on a theoretical level, as I do in this recent article about another federal screw-up -- I was glad to get some more telling stories from Chris. These included a theatre-of-the-absurd moment where Soghoian had to explain to the regional head of the federal government's cybercrimes unit how to clear his cache on his computer, a relatively simple operation for the computer literate, which I often overhear our office webmaster detailing for newbies. For context, it's not quite as bad as not knowing where the refresh button is on your browser, but the fact that Soghoian's instructions had to be faxed to the feds' office for this "expert's" cache to be cleared speaks to the government's literacy problems when it comes to computational media.
Soghoian also told about how the TSA's own website for attempting to clear your name from the no-fly list was itself insecure, so that would-be travelers would be typing extremely confidential personal identity information into an online form that could be easily accessed by a hacker. Because the site, designed by the cretinous Virginia-based firm Desyne, contained a number of spelling errors, its similarity to a phishing site run by Internet scammers was apparently astonishing to behold before it was mercifully removed.
Toward the end of the interview, Soghoian made an interesting analogy between Web 2.0 and airline security in that doing actual security research on either now involves potentially violating the law, since social media programs operate on distributed platforms that run on the machines of others and thus create potential 1030 violations of computer law.
At Indiana University, Soghoian studied with Jean Camp of the Design for Values group and also overlapped with fellow hacktivist Virgil Griffith, who will be coming to UC Irvine to speak next week.
Stay tuned for more of the Soghoian story in print.
I won't try to recap the entire interview here, since it will lead off the sixth chapter of my forthcoming book, but there are some links that a web format may be better designed to show than traditional print.
As this paper in the ACM library shows, I'm interested in the web generator genre itself and its related conventions about social subversion, pseudo-interactivity and Internet sociality. I knew that John 4dam5 had distributed his own boarding pass generator after Chris's was taken off-line, which was in Javascript rather than server-dependent PHP, but I didn't know that in the spirit of parody someone had created a search warrant generator that defaulted to many of the details in Chris's Indiana case.
Since the seeming incompetence of the government as a digital media-maker is one of the big themes in the book -- a phenomenon that I actually try to explain on a theoretical level, as I do in this recent article about another federal screw-up -- I was glad to get some more telling stories from Chris. These included a theatre-of-the-absurd moment where Soghoian had to explain to the regional head of the federal government's cybercrimes unit how to clear his cache on his computer, a relatively simple operation for the computer literate, which I often overhear our office webmaster detailing for newbies. For context, it's not quite as bad as not knowing where the refresh button is on your browser, but the fact that Soghoian's instructions had to be faxed to the feds' office for this "expert's" cache to be cleared speaks to the government's literacy problems when it comes to computational media.
Soghoian also told about how the TSA's own website for attempting to clear your name from the no-fly list was itself insecure, so that would-be travelers would be typing extremely confidential personal identity information into an online form that could be easily accessed by a hacker. Because the site, designed by the cretinous Virginia-based firm Desyne, contained a number of spelling errors, its similarity to a phishing site run by Internet scammers was apparently astonishing to behold before it was mercifully removed.
Toward the end of the interview, Soghoian made an interesting analogy between Web 2.0 and airline security in that doing actual security research on either now involves potentially violating the law, since social media programs operate on distributed platforms that run on the machines of others and thus create potential 1030 violations of computer law.
At Indiana University, Soghoian studied with Jean Camp of the Design for Values group and also overlapped with fellow hacktivist Virgil Griffith, who will be coming to UC Irvine to speak next week.
Stay tuned for more of the Soghoian story in print.
Labels: government websites, security
posted by Liz Losh at 4:08 PM
0 Comments:
Post a Comment
<< Home