Fewer Broken Pieces

Bruce Schneier has the most succinct explanation I have heard to date of the well-know “No-Fly” list workaround:

Buy a ticket in some innocent person’s name. At home, before your flight, check in online and print out your boarding pass. Then, save that web page as a PDF and use Adobe Acrobat to change the name on the boarding pass to your own. Print it again. At the airport, use the fake boarding pass and your valid ID to get through security. At the gate, use the real boarding pass in the fake name to board your flight.

The problem is that it is unverified passenger names that get checked against the no-fly list. At security checkpoints, the TSA just matches IDs to whatever is printed on the boarding passes. The airline checks boarding passes against tickets when people board the plane. But because no one checks ticketed names against IDs, the security breaks down.

As Mr. Schneier points out, this has been know for a long time.  It has been possible since airlines started allowing passengers to print their own boarding passes.  I remember being absolutely shocked the first time I heard about home-printed boarding passes.

So could we at least dispense with the TSA check of ticket against ID at the security queue?  Also, would love not to have to take shoes off, and to be able to take liquids on the plane again.  If there is no security value, why do it?

Thanks to Bruce Schneier for pointing me to You’ve Been Left Behind. I will let the site do the talking:

You’ve Been Left Behind gives you one last opportunity to reach your lost family and friends For Christ. Imagine being in the presence of the Lord and hearing all of heaven rejoice over the salvation of your loved ones. It is our prayer that this site makes it happen.

…

The unsaved will be ‘left behind’ on earth to go through the “tribulation period” after the “Rapture”. . . . There will be a small window of time where they might be reached for the Kingdom of God. We have made it possible for you to send them a letter of love and a plea to receive Christ one last time. You will also be able to give them some help in living out their remaining time. In the encrypted portion of your account you can give them access to your banking, brokerage, hidden valuables, and powers of attorneys’ (you won’t be needing them any more, and the gift will drive home the message of love). There won’t be any bodies, so probate court will take 7 years to clear your assets to your next of Kin. 7 years of course is all the time that will be left. So, basically the Government of the AntiChrist gets your stuff, unless you make it available in another way.

So this is a rapture-based business. I have to say the business model is novel. There are two main questions I have. First, how does an electronic system know when the rapture happens? Answer:

This occurs when 3 of our 5 team members scattered around the U.S fail to log in over a 3 day period. Another 3 days are given to fail safe any false triggering of the system.

There are a lot of reasons why three out of people might not be able to log in to an electronic system for 6 days. Also, mid- and post-tribulation rapture adherents need not apply.

Secondly, how do the recipients of post-rapture blessings decrypt the secret information you have left for them? If the key and the encrypted data are stored on the same system (or even by the same company), it is insecure and an extreme risk for identity theft. If only the encrypted data is stored on the server, then how is the encryption key communicated to the recipients? I’ve sent an email to the proprietors.

There are of course numerous other risks which are associated with entrusting such data to a third party, but I will not go into them here. All I can say is that I will not be subscribing, and technical concerns are not the only reason.