American airline travelers, it now turns out, have surrendered their dignity for nothing. When the Transportation Security Administration introduced X-rated x-ray scanners five years ago, many travelers suspected the devices were an expensive sham. This was confirmed Thursday by researchers at a security conference in San Diego.
Researchers from the University of California at San Diego, the University of Michigan and Johns Hopkins University bought an unused Rapiscan 1000 full-body scanner on eBay, of all places, and subjected it to the sort of intense laboratory scrutiny that the TSA never bothered to do.
“Frankly, we were shocked by what we found,” says J. Alex Halderman, a computer-science professor at the University of Michigan. “A clever attacker can smuggle contraband past the machines using surprisingly low-tech techniques.”
The machines bounce radioactive particles against a traveler’s body, recording the reflected energy to a screen. Human skin shows up as white on the display and metallic objects, which absorb X-rays, appear black.
Knives and guns are supposed to be readily visible, and they usually are — unless an evildoer takes simple precautions. A knife can be concealed by wrapping it in Teflon, which in certain circumstances the device can’t distinguish from skin.
If a gun is placed close to the side of the evildoer, it will fade to black. This trick was discovered by one Jonathan Corbett, whose testing of backscatter and millimeter-wave scanners at several airports became a viral video hit on YouTube. “The nude-body scanner program is nothing but a giant fraud,” Mr. Corbett says in the video that attracted 2 million views.
The university researchers adopted the methods that a real terrorist would use, spending a month to create malicious software that, if installed on the computer running the airport scanner, would enable the user to download copies of frequent fliers in the buff. A second feature of the program sets the scanner to respond to a “secret knock” that facilitates smuggling. If a traveler wears a shirt with a certain unique pattern, it triggers the display of an innocuous image to enable the traveler to walk through undetected carrying anything he wants.
The researchers even devised a suitcase device that, when positioned near the scanner, can intercept the radiation and reconstruct a crude image of the passenger in the nude.
The TSA dropped the use of the backscatter X-ray last year, but it still uses the privacy-invading millimeter-wave technology that has all of the same vulnerabilities. Instead of being open and forthright about the scanners, the TSA has redacted every document and kept everything about them a state secret in hopes that nobody would notice this emperor has no clothes. They have fooled only the emperor and TSA agents.
While millions of travelers have been subjected to the indignity of assuming the position of surrender while being digitally undressed, not one terrorist has been caught by the scanners. Human intelligence and common sense — something scarce at the TSA — will go a lot further in catching the bad guys than costly gadgets pushed by well-connected lobbyists.