I can hear loudness coming out, so that must be my dumb ass.
Okay! Welcome to OJKAN Day 2.
When I saw that this was a quote-unquote keynote, I decided to say something I hoped more substantial than my usual lockpicking stuff.
So that's what we're going to talk about today. We're just going to talk about how we think about security.
And I know that's a topic that a million people have treated before me much better than I ever could.
But I think it's something that bears repeating, because we keep fucking up the human element about it.
And where people fit in your equation is something you should remind each other about.
A lot of this stuff is going to be stuff some of you already know, but it's the kind of thing you want to forward to relatives and bosses.
Not because I'm cool at this, but just because it's funny and it involves shit that's important.
It's where people fit into your tech and how they interact for your security.
And why not illustrate it with the greatest epic fail ever that we still have today, which is the TSA.
Don't punch my junk!
Why going through airport security is worse than and involves a shot to the nuts now and again.
I fly a lot. I travel to a lot of cons. I'm on planes all the time.
Not quite as much as Chris Hoff, but you know, a lot.
I go through screenings all the time. I got really good at it.
I was basically, without the sexiness, I was George Clooney in that movie Up in the Air.
I had my routine, and I could blast on through, and yeah, alright, it's stupid, whatever.
I would just, bam, through. How many of you are kind of routine flyers?
And we bitch, but we're good at it, right? It's not fun, but you're like, alright, I know the routine.
And that worked for me until the freaking virtual strip search came along.
That was a bridge too far. That completely put me over the edge.
For a number of reasons. Most of which involve simple matters of tech.
Like, the TSA basically has done this.
You get served a nice meal, a steak and stuff, and you're like, ooh, this looks tasty, but waiter, there's no fork.
Excuse me, can someone help? I need a fork.
And they're like, oh yeah, yeah, I understand, and thank you for filling out our web form.
Your complaint matters to us. Let's address that.
And they're like, boop, and you're like, no, wait, that's, no, you have one thing that's wrong.
I don't need more of this. I need to have a fork.
And you're like, oh god, we're so sorry. Here, wait, give us a little more money. We can install, we'll do more.
And you're like, do you not see this is still not a fork? Why are you putting this wrong shit here?
This is not helping. And they're like, oh well, that thing we used to do, we got rid of it, we need to do that again.
Let's bring that old tech back. And you're like, no, this is still not a fork. What is fucking wrong with you?
You keep adding stuff. You keep costing us more. But it's still not what we need.
The security is completely broken from a tech perspective.
Not just how we use it, but what it looks for. It looks for the wrong things. We do not do anything right.
The tools are wrong. They're inefficient. It's, you know, we're performing surgery with hacksaws and not even getting the cancer.
It's like the cancer's in this right arm and you chop someone's left leg off.
That is our experience with the TSA.
Just because some people are not aware of the differences, if you want to bitch about this to friends and relatives, get your terms right.
There are two types of virtual strip searches. They are a little different.
The one that looks like the futuristic phone boothy thing, that is the millimeter wave.
The backscatter is the actual two big blocks you stand in between. They are different.
Some people use the term backscanner. That's like mixing them all up.
Millimeter wave scanner, backscatter.
The millimeter wave is what produces those grayish, sort of blurry images.
The backscatter, that's the one that's like, hello nurse.
That's the really like, you see everything.
The backscatter one is the one they are deploying more of now.
That is the one they are shifting to. That is the one they are ordering more of.
That is the one you're going to keep seeing unless we knock this shit off.
Whoa, lots of wall of text. Unlike me, that's okay. I'm not trying to tell you to read it.
I just want you to know this fellow.
Rafi Sela. Brilliant, brilliant guy. Does a lot of consulting all around.
Works with the Israelis, works internationally. Google him.
Read up his quotes. Really excellent quotes, especially in the sphere of airport security.
Really, just no bullshit. I'll reference the Israelis a lot in this talk because they just do not take crap.
Excellent way of talking about things where he actually makes an example talking to a different airport administrator.
Not in Israel, here on our side in the Americas.
He says, what would happen if during baggage scan someone saw basically bricks of dough, play dough, pens stuck in them, the clock.
Classic thought, what would you do?
And the guy he was speaking to, the head of the airport said, well we would shut down our airport.
We would evacuate. And he was just like, oh, face bomb.
That's completely the wrong response.
But yet, I mean, that's what you would picture, right?
If you could, could you imagine the bomb, like actual detective real bomb, which we can't find half the time.
In an airport, of course there would be, you know, get everyone out.
Not in Israel.
Do you know when you check in, they have specifically convex contoured bomb blast areas for all the bags to be screened.
What would stand something like a hundred kilos of plastic explosive.
They can detect a bomb and it's just business as usual for everyone else.
They have response procedures.
Everyone just keep, you know, you might not miss your flight if you're elsewhere.
They'll lock it down a little bit.
But could you imagine that?
Could you imagine that degree of efficiency, that degree of security?
Just that feeling of like, wow, we just have our fucking head and ass wired together.
That is not the American way.
That is not what we do.
You know, we just freak out and panic for every possible situation that comes along.
Why?
Because that's, we are responsive.
We are reactive.
We're not proactive in any way.
And it's all in how we interact with the tools we use.
There are two real ways that I like to think about security.
And it's all, you know, holiday time.
Because it's Christmas, you know.
You can have a very rigid security model or you can be flexible.
And this comes down to how you are sticking people in that equation.
Are people using their brains or are they just fucking button pushers?
Rigid security just relies on, you know, this is our process, this is our policy, our technology does what it has to do.
If you just have a framework of what's supposed to happen, but you let actually properly trained people, you know, consider each situation.
If you absolutely let the people be in charge, that, in my opinion, is supposed to be security.
We don't do that.
You know, is it dumb people, you know, being, just supporting the tech that's there?
Or is it really good tech supporting the people?
That is what I want you to take away from all this and tell somebody who can make a fucking decision somewhere in the organization.
Tech is supposed to support people.
People are not just supposed to be there supporting the tech.
The tech doesn't fucking save you.
Rigid security is broken.
And like people who are much cooler than me and do a lot more badass shit, we're trying to get a democracy to talk about it today.
Time and again, tech is broken if your people are dumb.
There's a great comedian whom I love, any libertarian probably has heard of Doug Stanhope before.
He has a wonderful routine, all about just trying to order a breakfast sandwich in Subway.
Has anyone heard it?
He goes in, he says, yeah, you know, I'm rolling a little late.
I love the breakfast sandwich because it's actually on a sandwich roll, not something crazy like a waffle muffin.
He says, yeah, can I get you that breakfast sandwich?
He's like, oh, I'm sorry, sir.
We stopped serving breakfast because that's our policy.
The breakfast is away now.
He's like, come on, kid, it's not away.
It's in the second green cabinet.
When you open it up to get that guy's mayonnaise, I saw the egg.
It's not even a real egg.
Just get the egg.
That's the only difference.
I'm sorry, sir, that's our policy.
The skit actually ends, I think, with his mother as a suicide bomber, which brings us back to terrorism.
But it's that example.
Like one fucking person who's just blindly not doing anything because this is what I'm supposed to do, that's what we do in our security models.
Flexible security is excellent because one little individual piece, one guy here, one lady there, they can make a quick judgment.
They can make a situation adapt much better than your tech ever can.
So I don't mean violating policy just like, oh, we're going to change the way we do this as a matter of organizational routine.
There's a lot of links thrown up in this whole thing.
We'll get the slides online.
There's a lot of stories I'm linked to, a lot of crazy shit.
There's a story about when I was traveling through San Francisco airport with a bunch of guns.
And basically, I'm not going to get into it all here.
You can read about it.
You would get your weapons screened.
You'd get everything locked in.
And they said, now, sir, after we screen your luggage, please be sure you don't touch the luggage.
And I'm like, don't touch it?
Why would I touch it?
You're going to take it away, right?
Like you screen it, I lock it, and it goes away.
That's what every other airport does.
No, not a cell phone.
They screen it.
They lock it.
And then some guy who doesn't speak English comes up with a baggage cart, loads it, takes it back out through the front of the airport,
walked it along the curb and just down around the bend.
And I was like, what are you?
What?
This is luggage that now has a TSA cleared sticker on it?
And it's just wandering around in public, uncontrolled?
I actually asked them about this.
I'm like, what are you fucking doing this?
Well, that's just the way we do it here.
That's just how we roll.
I'm like, oh.
Breaking the standard, breaking a smart policy as a matter of routine, that's just a different routine.
That's not thinking on your feet.
And in the end, I got detained by police for asking too many questions.
A break from routine, a reactive response, a proactive response, any of that should come from one person.
A person is smart.
In the scene, in the field, a person can be flexible.
People are dumb.
A person is smart.
People are dumb.
Anybody know who said that?
Who said that?
Tommy Jones.
Tommy Jones said that.
Yes.
And he's played a cop in so many movies, we should trust him on matters of our own.
But yeah, what do we need to change?
What do we need to do specifically in the airports?
Because that's very, I'm passionate about this these days.
It's the holiday season coming up.
We're all going to travel.
How do we get from, you know, candy cane to Twizzler?
How do we get flexible?
You can read a lot of amazing quotes by people like Bruce Schneier, just who will not pull any punches.
They'll be like, well, we can just fucking take away the TSA, go back to all the old models, and put money into other places.
I dig on that.
You know, there's a wonderful number of things he has said, not feasible in the short term, but I encourage you to read his blog and get behind him.
However, simple things that we could actually make happen if we made small changes that represent not being dumb people, but being smart people, I think are within reach.
Those lines, holy fuck.
Do you know if you go into LL Airport, you sail through and are at the lounge before your flight takes off in like 20 minutes, you don't get bunched up in a bunch of lines because a line, a crowd is as much of a soft target as anything else.
They understand that.
If there's a big crowd somewhere in a threat area, you are doing it wrong.
We can eliminate that if we do things better.
This is how this is like this is the airport telling me just people right through beautiful, big open space.
They're not clustered up.
Most quote Israelification that you hear talked about is not feasible for us.
I used to love that idea that we could just roll like that man.
Absolutely.
Just Ben Gurion.
That airport rocks.
Yeah, they have one small airport in our whole country.
We have what?
Like 400 medium and large sized airports with no staff training.
It's not going to happen for us, at least not overnight.
But we can have elements of what they have.
We can have our lines go the fuck away.
We can have behavioral profiling where sometimes a little shady is like, oh, I don't know what's that.
We could do behavioral profiling.
What did Ralphie Sayless say?
Profiling is a word that people like to throw around if they don't know security.
I'm not talking about racial shit.
I'm talking about just look for the C character and ask him a couple more questions.
We could do this.
We don't screen any of the people who are caterers.
We don't do any of that yet.
We could easily try to push that through.
And the baggage.
We still have baggage flying on flights when passengers aren't on it.
Again, want to read a really fucking funny story?
It involves us coming back from hackcon on Scandinavian air and our bags coming into the country and just reading online.
It's a whole frigging mess that involves RenderMan and his baggage in Switzerland and stuff.
That's really good.
We could do this.
First and foremost on my list, though, is actually eliminating the imaging machines, getting these the fuck out of the airport.
You can be a part of this.
We can make this happen instead of just sitting around bitching and holding our dicks.
Yes.
These are horrible.
I want everyone to know this because some of you, this might be news.
From a purely tech perspective, even the whole idea of let's have dumb people supporting the tech, this isn't even tech worth supporting.
It can't detect anything.
The UK, look at that last quote, the UK did a fucking study on this and did not go for it.
The UK, if there's a technology that's voyeuristic and invasive for security purposes and the UK doesn't want a piece of that, Jesus, it is not working.
You like that Photoshop job, do you?
This is all like Photoshop fun, this whole slide thing.
There's a study that just came out, I just had to add this slide, the actual Journal of Transportation Security evaluated these machines.
They don't detect shit at all.
Your junk?
They do detect your junk, yes.
So why do we have them?
The same reason we have most stuff the government gets behind.
Money and stupidity.
Money and stupidity.
Who can name the first person on this side here?
Chertoff.
Chertoff, who can name the person over here?
Exactly.
Napolitano.
Not to be confused with Judge Napolitano, who's an excellent guy who writes a lot of good columns, but yes, money and stupidity.
Absolutely do not put up with this shit.
Tell people about this.
This is what the government is trying to spin.
These are friendly images.
Most citizens, most passengers like the machine instead of the pat-down.
Well yeah, instead of the fucking pat-down, of course people like the machine.
It reminded me, who remembers that old commercial with the socks?
Where they're like, look, this is the dirty sock.
This is the sock washed in the competitor's brand.
But this is the sock washed in time.
Yeah, like compared to shit.
Compared to ball grabbing.
Sure, like this looks good.
The fucking Ben-Gurion Airport.
Behavioral shit.
Ben-Gurion Airport, that is the super white sock.
That's what I want on my toes and my shawl.
Well, I swung it.
So we're going to go with the...
They put a sock on your shawl.
Something that, you know, this is where people think I'm getting a little freaky and all because I get all passionate about stuff.
Do not discount that there are people in the government very happy with citizens being quite fine with arbitrarily being put into submissive positions in front of people in authority.
I do not cotton to that.
I do not dig on that.
That is a big part of this for me too.
The idea that little kids can be walking through the airport with their parents.
Oh, what's daddy doing?
Oh, this man with the badge said he's just supposed to stand like this for a while.
Fuck you.
Sorry, I say fuck a lot in my conversations.
Oh yeah, welcome back, guys.
So again, why not fly instead of the machines?
Behavioral profiling, people.
Behavioral profiling is where it's at.
I'm a big advocate of it.
Tell me in the Q&A if you think it's wrong, like throw shit at me and yell stuff.
I don't know.
Who watches Lie to Me?
Anybody?
It's a good show.
You should watch it just for like handling your farling alone.
That's like a reason and a half.
Oh, shut up.
She's 19.
I can say, you know, little miss whatever her name is on the show.
That'd be creepy.
She's 16 on the show.
That'd be like TSA if I was doing that shit.
How do we fight back?
How do we fight back against all these policies?
Because this is fine, but this is like no different than us in a bar.
Somebody like, man, they're from the government and they use dumb machines and then we all bitch and we, you know, yeah, you're right, pass me that beer.
And then we go home.
How do we actually do this?
How do we change a security model in something that is a little beyond our control?
It's not our company.
It's not anything we're tied to.
It's just something we interact with.
We can do it.
Two methods of attack, monkey wrenching and political pressure.
Monkey wrenching and political pressure.
And you can be a part of both of these.
Monkey wrenching, the system I'm sad to say, involves making bad lines worse.
That is the thing.
Make this process as bad as it can be so that more people are pissed, so that there's pressure coming from the top down, from the bottom up, everywhere.
There's plenty of ways to do that.
They all involve opting out.
Will anybody in this room tell me that they are actually going to opt out of these machines if they come across them?
Done it twice.
How many of you have done it?
How many people are going to keep doing it?
Even in this holiday season that's coming up, if you've got to travel with a family?
We don't.
I would like to see, I'm proud of the hands I'm seeing, I'd like to see more.
But what do you do next?
What are you, like, we all say this, like, boy, I'm going to opt out.
And there you are in the lobby.
You're liking that, right?
Well, there's a lot of people who say they have plans, man.
They're like, man, this is what I'm going to do.
I got to get a little bit together.
There are some pretty nasty people who are like, man, I'm not going to bathe.
I'm going to be all nasty and shit.
I'm just going to be making it fucking horrible for them.
Some of them, myself included, I was like, you know what, man, it's time to bust out the kilts.
Kilts, no underwear, stroll on the train.
I don't know if that's a viable plan or not.
I mean, it's something worth talking about.
Our friends in DC-949 have had their own plan, maybe chemically assisted,
but they're just going to, like, power it away into a huge lecture.
Frank, too, has said he's going to do that as a CP.
I don't know on the Twitter sphere if they actually pull that one off.
But there's an important question in all of this.
How much is fucking with this guy going to really do it?
Does he have any power?
Do you think she gives a fuck what that guy thinks?
Do you think she listens to the front line?
So bear that.
I'm not saying it's right or wrong to, like, do those other tactics when you're opting out,
but how far you take it is just be reflective about it.
Think about this and talk about it a little more with me and with others.
Really, monkey-wrenching the system is making just the process fail,
as long as the lines continue to suck and back up.
Because the more you foul up the process, it's like, you know,
you don't actually have to be engaged with an enemy on the battlefield.
If you distract enough of their forces over here,
your brothers and sisters-in-arms can cross the river, you know, over there.
The more you just tie up the machine and slow down the process and take screeners aside,
the more they have to rely on just a magnetometer, just the X-ray,
to get people going through, not the X-ray, sorry, the metal detector,
just to go through the proper way.
So, opting out, of course.
Do you want a private screening?
Think about it now.
Don't think about it when you're standing right there.
Think about the merits of it.
It takes people off the line.
It takes longer.
It messes with them more.
But is there merit, is there political merit in people witnessing this whole process?
And if so, do you want to wear certain outfits?
Do you want to stand there and talk out loud?
I'm sorry.
So, yeah, reporting things, just dragging it out, or get creative.
So just opting out right away.
You guys all know, I mean, everyone in this room knows,
but for the benefit of those watching or the relatives that you send this link to,
and be like, hey, this guy is funny when he says fuck a lot,
cunt was in there once.
For those relatives, you know, encourage your relatives to opt out.
Encourage your friends. Make sure everyone knows you have that right.
Clearly announce, you know, make others in line.
If they're behind you, like, boy, is this shit?
Look at this grandma. Look at this guy.
I'm going to opt. You bet your ass I'm going to opt out.
One of the most satisfying things for me was when I saw the machine going up.
I was in like, I don't know, Denver or California someplace.
And I announced loudly just to my fellow passengers.
I was like, bullshit.
Opting out of that.
And this woman from the TSA is like, oh, you don't want to do that.
That'll slow you down.
I said, bitch, I got fucking time.
I get to an airport so goddamn early because the lounge is comfy and fuck you.
Little grandma behind me is like, you make a good point, son.
I will opt out.
Man behind her, business guy, was, you know, probably dealing with bureaucrats his whole life.
He's like, yeah, you know what? We should opt out.
Lady from the TSA heard that.
And then, of course, they'll never admit this.
That machine suddenly was not in use.
They just started waving all of us through the metal detector.
I am pleased about that.
I'm pleased that it had a little cascading effect.
And it's all because if you plan for your, you know, if you plan for your time, you're not wasting your time.
You're wasting their time.
And that's what matters.
Do you want it in private or public?
This is your own choice.
Do you want to just remember, private screening?
They're going to really lean on you.
Oh, you don't want that.
Because it pulls them off.
But again, do you want to slow the process?
Or do you want to be, you know, do you want to stand there and just make fun?
Like, so people can see and be like, boy, this is the worst hand job I've ever gotten.
Like, just, you know, whatever you want to say.
Like, think about that before you're standing right there.
Ties up people if you pull them aside.
It just, you know, think about it.
I'm not certain which is bad.
I'm not even certain which I would do.
But I'm going to consider it before I'm in front of the machine.
If you have a friend, ask for an observer.
Why?
Because it just pulls more people through.
Now your friend has to go to this other area.
Now he or she has to be clear.
Now there's more people involved.
Now you have someone to operate the camera.
That is absolutely your right.
And it's a good thing in my opinion.
Why a camera?
For documenting?
The more videos like this and photos that wind up on YouTube, the more political pressure we have.
There are really nice cameras.
There are even really small cameras.
They'll get like two cameras.
Who the hell knows?
You can test your shit.
Does your phone record if you turn the screen off?
Or does it keep going? Does it stop?
How covert do you want to be?
Think about this before you're in line.
These are amazing photos that we see and we get all indignant about.
Some of these even predate all this bullshit.
Screening of nuns, screening of kids.
How many people heard about the little kid whose leg braces had to be removed?
His father was a fucking cop.
And if he was crying, there was no video of that.
There was no photo of that.
I guarantee you that would have blasted around the internet a lot harder.
These organizations would have pushed that another news cycle if there was video, if there was some documentation of it.
Even that shitty recorded video of John Tyner, the Don't Touch My Jump Guy, not a great video,
but it's enough to make the story more real, to make it really human.
Think about that when you're recording this stuff.
There are excellent spy cams.
There are excellent keychain cams.
We use them when pen test jobs and Red Team jobs.
Use them for this.
Red Team the Airports, for fuck's sake, just be like, yeah, I'll turn my phone off and my keychain's still rolling.
You don't know this.
Record, please.
And get creative.
There's a lot of other stuff you should know and you should research.
Does anybody know who this is?
No?
A really hot training?
Yes, you are correct, sir.
Spencer is right, a really hot training.
A little bit deprecating to say, no, this is Calpurnia Adams.
She is a transgendered activist.
She's a speaker.
She's well known.
And she's really, really hot, man.
For a trans woman, like, yes, I think she's smoking.
Do you know?
Transgender people have different sets of rights, special rights in these screenings.
You have the right to request a physical pat down, not from a person of your sex, but a person of your gender.
Because you guys know that's two different things.
How you are presenting that dead is how you are allowed to be screened.
And again, not only is it good to flex your rights if you're a person like this who really needs to be understood by people in authority,
but it just ties the shit out more.
It gets people hassled.
We've got to call supervisors.
I'm not saying become such a dick that you might do something damaging to the rights of the gay community and the transgender community.
Don't be an asshole.
But it's something that you or your friends should be aware of.
You can make use of that.
Make use of that.
Do you want to make a custom outfit?
Do you want to go through the machine once?
No, wait, I have metal here.
Wait, I can do that.
No, you're not supposed to have that.
Just constantly monkey wrenching it that way.
There are a lot of really great bumper stickers and things that have come out because of this process.
Turn them into a shirt.
Turn them into anything.
I don't know.
Get creative with it when you're monkey wrenching this system.
Request those glove changes.
Tie them up all the way.
They're about to do this.
Hey, wait a minute.
I have this.
Change your gloves.
That ties them up some more.
Drag the shit out to make it longer and more complex, not to be an ass,
but just to demonstrate the complete foolishness of this whole process.
Know the rules.
Show the rules.
Do not get in confrontation angrily, but just be like tap, tap, tap, tap, tap on a piece of paper.
How many people saw the Flying with Firearms talk I used to give?
How many people printed out one of those rule sheets that I made?
Carried with them.
I made this rule sheet.
It's on my site.
Print it out.
It's quotes right from the website.
It has a nice little official seal that makes it look like as if they prepared the document.
You're not lying.
They didn't really prepare it, but these are their words.
It has all the rules written on it.
Keep it around.
Show it.
Don't get angry.
Just get indignant.
Just be demanding of what is your right in the situation.
And you should know this, but if you have any medical stuff, any medical supplies,
and you've never tried to fly with them, or if this holiday season is your first time with kids,
there's been a mess over and over of bad training about baby milk, formula,
have all your medical prescriptions and paperwork printed out too.
So be ready for that.
This sheet also has phone numbers of the Office of Public Affairs,
the Office of Civil Rights for the TSA.
Call them.
Get in their face.
Be like, whoa, you are doing this wrong.
I got these people on speed dial.
Watch that situation change.
It just takes a little bit of extra time.
Time you should have.
And if it really comes down to it, be aware that real cops do not like TSA fake cops.
TSA gets a little badge and a blue shirt.
They are not sworn officers.
They do not have police authority.
Police hate it when they behave as though they have authority.
If you have been actually wronged, if you have been touched or grabbed before you gave your consent
or you say, no, I want to leave, if they actually get in your face, demand a police officer.
Get a supervisor, tell him or her to demand a police officer.
They will all but filet you trying to get you out of that screening area before a cop gets there.
They do not want to deal with that.
They do not want the report written up.
If you think you are actually wronged, push it that far.
It is all because of the policy that is in place that this is going to keep having repercussions on.
How do you bring about the political pressure?
Not just monkey wrenching in the moon, but how do you pressure this whole system?
A number of ways.
The things we know, but are the things we do?
Actually writing letters, being part of the lawsuits that are out there, tweeting, posting videos.
Like writing letters and such to your representatives.
We talk about it.
How many people have actually written or called their representative indignantly about this?
That is like three hands.
Mine should not even be up.
I bitch about it, I have not done it.
I was written by a fucking kill and I have not picked up a phone yet.
That is my bad. That is all of our bad.
Like send the letter.
How many people just got a new representative or senator in the last election?
Tell them, be like, hey, shit bird, you just got in office because of these things that I care about.
You are going to be on the fucking street if you do not get this shit fixed up.
Yes sir?
Do you know any of these ULs that you need to talk to me about and actually go to their office in person?
Yeah, you guys are all beltway, you know, near the beltway.
Go to their office.
Be like, this matters to me.
They do listen.
Especially if it keeps happening.
Never been lawsuits?
I am not big into frivolous litigation.
I think in America we sue people too much.
Maybe something is going to happen though.
Be a part of it if you know the right people.
Get involved.
Follow it at least online.
Follow the news.
Be up to date on them.
There is a great number of blogs.
There is a great number of Twitter feeds.
I happen to follow the Assault on Privacy guy.
I think he is a nice clearing house.
I am not recommending.
Is that you?
Holy shit, that is Prez.
I did not know that sir.
You are fucking great.
He calls a lot of great people.
I am not saying a lot of shit slip by.
If it is happening, especially if it involves TSA, he has got it up there.
Put it on your feed.
There is a wonderful documentary.
Nobody heard of it because it went with a whisper.
I did not even know this was out for a couple of months.
Please remove your shoes.
Get it.
Watch it when you are curling up with the family this holiday season.
You will learn amazing facts about the TSA.
Things like almost 50% of their time, according to the GAO, is spent on other.
Not screening, not researching, not training.
Other.
You will learn where their budgets go.
You will learn from people in the front lines what they are doing wrong.
And again, just analyze and talk to your representatives and senators a bit.
Can we make these things get better?
Well, of course.
The crowds, the lines, that is a freebie.
If we fix the process, absolutely, that just gets better.
Make people the human focus in the screening.
Not dumb people operating tech, but smart people supported by tech.
Political pressure is going to win that one.
Absolutely.
You want the imaging machines eliminated, it is just going to come down to monkey wrenching.
It is going to come down to actually opting out, to really do it.
Thankfully, cargo and luggage, that is being handled by legislation.
Follow up.
Read the GAO reports.
Read the independent testing if it actually happens.
If it doesn't, get on the fucking phone.
Get in front of your keyboard.
Write to somebody.
Be like, why is this shit not happening?
I feel like I am getting didactic and getting really political at all of this.
I am hoping you guys are still seeing that this is a really visceral real life example
of completely broken security that could be, and in other parts of the world, is great.
We have to be political occasionally, a little bit, because it takes political pressure to make change.
Kennedy once vowed that he would smash the CIA into a thousand pieces.
Yeah, we saw a lot of work done for him, right?
But do you expect this kind of leadership from Obama?
We will smash the CIA into a thousand pieces.
I don't think that is going to happen.
Certainly not in this political climate.
It is only going to happen if people get really angry.
We are angry, but actually take this anger plus your knowledge of how security is supposed to really fucking work
and make a change.
Be a part of it.
Thank you for listening to me, talking about how security should be rigid.
It should be flexible.
And we can start.
We really can start right here.
Thank you very, very much.
Applause
A couple of questions, I guess.
Not directly related to this, definitely TSA related.
I am going onto their website.
I am trying to figure out what the rules are and so forth.
And they don't publish.
If I could find the stuff in the blog, the blog, it is a.gov site, doesn't seem very official.
I printed it out and brought it with me anyway.
But I am a cheapskate.
And also I hate to let my chart components go someplace else.
People tell me check it or mail it.
But that gets pricey also once you have already paid for a plane ticket and all that.
What is the rules if while you are in the line and they find something they don't want to turn the plane with,
I have read on the TSA blog that they are supposed to give you the option to mail it back to yourself,
go back and put it in check, go back and give it to someone who brought it to the airport, or throw it away.
I think those are the four options they are supposed to give you.
Is that the case?
So the question concerns what are your rights in the actual screening area.
They are very badly published as you mentioned.
And that is something that Gershner says.
Gershner says this is where most people interact with law enforcement in their life.
But actually your rights in the situation are not clear.
Especially with respect to, we found this thing in the bag and I don't like the look of it.
And my supervisor will not be swayed.
What are your rights?
And you say usually it is one of four things.
You can throw it away, you can go back out and give it to someone who drove you to the airport,
you can try to check it, they don't give you your bags back, I'll tell you that much.
You can't ask for, oh, bring that back.
No, you can produce a bag out of your ass and check it that way.
Or you can mail it to yourself.
They are under no obligation to make a postal slot available.
I used to tell people in my other talk all the time, fly with pre-stamped flat rate envelopes.
Up to 70 pounds you can jam in a flat rate envelope and it will get there.
It's supposed to be 13 ounces or less if it's going to be mailed anonymously, but that doesn't apply.
If the mailing stamp, this is interesting most people don't know, is tied to someone.
So if you have a Pitney Bowes machine, if you have a PayPal account that can generate mailing,
pre-stamp it that way, you can put fucking 70 pounds of lead shot,
throw it in the middle of the night in a mailbox across town.
It will get where it's supposed to go because that does not violate the policy per se.
So it is a policy that's supposed to let you step back out of line and...
Yes, they are supposed to let you step back out of line.
Because technically, even if they're not saying, oh, you have this thing,
you're allowed to just walk back out of line and fucking leave under any circumstance.
You're allowed to say, no, I won't go through that.
No, you're not touching my dick.
Fuck you, fuck you, goodbye and just leave.
Sorry, go on.
So I was just watching on CNN, I travel a lot just like you, it was just watching on CNN,
and TSA is saying that if you opt out of that screening,
they're going to subject you to the pat-down anyway.
Right, so the idea that if you opt out, you have to complete the screening, the idea of that.
Right, so they're saying...
That has not been legally found to be the case.
So they're saying if you don't go through the screening, you don't fly.
So if you say, okay, well fuck it, I'm not flying, they're going to write you down anyway.
They do not have the right to touch you into it.
So that's what we're saying, that's what we're saying on CNN.
Correct.
I understand that.
So has there been anything where someone has actually hit the press test button on that?
Yes.
The Don't Touch My Jump guy, John Tyner, he was threatened with a civil suit
for leaving and not completing the process.
Now I have heard reports that they have publicly said they will not follow up on it.
You will not be subject to the fine if you leave.
But I see a lot of other hands who may disagree with me.
So here we go, one, two, and back around on that.
The Court of Appeals for the Ninth Circuit did say that the fine is constitutional.
But that's really the Ninth Circuit, so that's like West Coast.
East Coast.
I'm sorry?
He said East Coast.
So apparently the West Coast Appeals Court did find that fine to be legally okay.
They're just not going to complete the screening, and if you leave early, they can find you.
Now, whether or not they're going to actually do that to anybody is a question.
You can walk just right back past.
You can't walk in.
You can't walk into the airport, but we're talking about walking in.
The reality of the situation is that your rights as a passenger going through the airport's
screening line have never actually gone to the Supreme Court level, so it's really unclear
as to what rights people actually have.
Yeah, did you guys hear that?
Your rights as a passenger that has never been tested at the Supreme Court level.
They don't want to test you.
Yeah.
They don't want to test it. That's why they're not going to press the issue.
But if enough people keep opting out, it's either going to be dead in the water or it's
finally going to reach the court.
So your condition might be to take your carry-on, take a super small lightweight bag with you
that you can walk back out and then check it or just bring a bunch of envelopes with you.
Skydog's old Khan Freaknik, the Khan bag used to be this wonderful little crushable sack.
Yeah, yes.
I just keep it shoved in the bottom of my usual carry-on.
And the moment if I hit a duty-free shop or if I got a thing or this or if I need to recheck
something, just pull it out.
There it is, another bag.
Instantly I have a bag of these.
I use that all the time.
Was there a question?
Cool.
No?
Well, I'm going to make you laugh and be a horrible shill.
Yeah, go ahead.
Oh, it was more of a comment.
Comment, yes.
So you mentioned political pressure and legislation for a lot of the requirements, but I think
the biggest problem is the PR problem, right?
Because it's all about perception.
I mean, Schneier said it's all about security theater and he himself said in his talk about
how people are really shitty at assessing risk.
I'm really afraid of falling out of the air.
I'll drive around Texas without a seatbelt.
Right.
And we all know what's the bigger risk.
We're talking about Bruce Schneier and our perception of risk and perception of security.
Right.
And so how do you turn all of those people who are like, oh, you know, this is a maroon
convenience, this is sort of a small issue, that PR problem, how do you turn that around?
How do you turn that around?
By bringing a copy of Please Remove Your Shoes to Your Family's House on the holidays.
And they're like, hey, instead of watching the freaking lions get clobbered – no, that's
Thanksgiving, right?
If it's not the freaking eagles or the cults of the pats, I really don't know what I'm
talking about, but yeah, instead of that, get your family like, hey, have you seen this?
This is freaking crazy.
This is awesome.
Watch this.
Just buy 10 of others.
That's what it comes down to.
It's fun when we bitch amongst ourselves, but bitch to others.
Bitch in line to people around you.
Civil disobedience.
What does that mean?
Civil disobedience.
Civil disobedience.
We'll have to talk to you and Thoreau about that one, because that gets a little bit
questionable in some ways.
A hand behind you.
It's one thing, remember that the people are human and they can't be social engineers.
People can be social engineered and they are human.
Yes.
Yes, they are.
Yes, sir.
The popular counter-argument to all of this is basically it has two lines, one with pat
down and screening and one without.
And then they're saying that to people that don't do the pat down and screening, that
they're not being known with a plan that hasn't been secured or checked.
Do you think you need comment on that?
You're talking about different planes?
Two planes.
Two planes.
One with pat down and screening and one without.
They're saying that no one would go on the non-secured planes.
Oh, I would fucking go on that.
If there was like a shit happens airline where you're just like, we have no security, we
can roll on, I don't care if you have a fucking knife or a gun, I'd fly that.
Because remember, aloha air is the answer to all of this.
Do you know how much shit a plane can take in the sky and still fly?
You need a fucking ton of explosives to actually take a plane down.
You need a package.
You can't turn on your cell phone.
Yeah, I would fly that plane in a heartbeat.
I would be on the plane and it's like, fuck it, whatever.
Because we have a reinforced cockpit and passengers who are going to kick your ass if you act up.
Do you ever want your cell phone to open?
Is that the airline we're talking about?
Yes.
Well, I mean, the follow up on that, like, okay, will I fly on an airplane where everyone
falls, has an injector on?
I think so.
Yeah.
There is a certain line and it's like, okay, yes, probably you should bring machine gun
on board.
Probably.
But I don't need to see if your paint is okay.
Well, that's it.
We're hoping to get back to basically the 910 level of airport security is where we belong.
Can we compromise on this?
We have hot strippers on one side, Chippendales guys on the other ones.
So we have all our bases covered.
And those ones you choose which side to go in, they check your junk and it's all good.
So strippers and Chippendales people doing the jump check.
I don't know.
I don't know if I have a...
Maybe that's as an opt-in.
We go one and two and three.
The comments you're making is on something that we call the illusion of security.
The illusion of security.
The illusion of security.
We as security folks know the illusion of security.
Oh, this six foot fence means I can't get in there.
You know, what you know is all bullshit.
It's like you can easily climb that fence or whatever, but it keeps the honest person
honest.
And that's the issue that we've been seeing, my team has been seeing is that the TSA and
the government reacts to the anomaly versus the standard.
Yeah.
Yes, there's a shoe bomber now.
Oh, you're also surrender shoes.
Underwear bomber.
Now I've got to cover your nuts.
It's like really, why are you doing this?
It's like they cater to the anomaly and then if they don't have training that's nationwide.
So you'll go to one airport like in the DC area where it's, you know, some things are
fairly secure.
But then you go to another place where they're over...
When you're in Iowa and the guy's like, oh, we're going to have to strip search you.
It's fucking Iowa.
Like this is not a target.
But there are people that they ramp security up like in the heartland, they're trying to
get it.
It's like what is...
There's just no consistency.
That's the stupidity side of it.
Yes.
That's the whole timing side of it.
Because they've been told that people that don't live in the US are trying to kill you
all the time and they can fly on your aircraft.
No, that comes down to it, because they won't do profiling.
Because they won't do profiling.
Right.
Do you know we do have experimental profiling?
It's called the SPOT program.
I forget the analogy.
Bob Black?
What?
Bob Black?
No, not that kind of profiling.
When you get pulled over in like a nice car somewhere.
When you get pulled over, not me.
No, that's the thing about it.
No, we do it in airports.
They have a program that just, it tested poorly because they don't put the money and training
into it.
But David, that's the thing.
My team can tell you that if we've gone through the airport, I get special screening every
time.
Do you?
We've had guys go through...
Yeah.
We actually took a, we were having a LAN party in the hotel.
My guys had networking gear, Xbox, the same rig.
I had the same thing.
Two of my guys went through before me.
I came through, they stopped me for 20 minutes while they tried to figure out what an Xbox
was.
Jesus.
They had never seen it before.
It's bad.
See, that makes it even worse.
Bad profiling ruins the idea of behavior.
It ruins the idea of good profiling.
It's the bear, man.
It's the bear.
It is the bear.
It is the bear.
It is the bear.
It is the bear.
It is the bear.
It is the bear.
It is the bear.
It's the bear.
It's the bear.
It's the bear.
It's the bear.
It's the bear.
It's the bear.
It's the bear.
It's the bear.
Hopefully, that's horrible.
And again, if you had photos, that would be,
how much more impact would that have?
You can tweet that shit.
But again, hopefully physical security should be layers.
If someone gets up there and is walking through the gate,
hopefully they would notice, but I'm still not pleased
and it's not like an outlaw or something on the gate.
Yes sir.
Is your email name correct?
Deviant at, no it's not.
Deviant at deviating.net.
Let's go ahead and screw this.
The second question I had was,
there was a woman recently that went through security
with some breast milk and they made her toss it,
so she filed a complaint.
She came back through and she was held for like 45 minutes
because TSA saw her coming.
Yeah, the breast milk lady and she complained
and then they profiled her coming in.
They said, oh this bitch, blah.
What could she have done differently
to get herself out of that 45 minute wait?
I would say call the Office of Communication
or call the Office of Civil Rights in the TSA
in the first five minutes
and she would have been in a better position.
But you had your cell phone at that point?
Was it objective for that intervention?
You can say, I demand my phone,
I'm gonna make a call to your blah, blah, blah.
She can tell the supervisor, I need to call the office.
She even had all the paperwork,
but the second time she came,
she had to have all the paperwork
and said this is a medical.
Yeah, she had all the paperwork.
And I was supposed to ask for your blah, blah, blah,
and she said that.
Now she was rolling footage and rolling recording
the whole time and that shit wound up on YouTube.
I bet it'd be an even better response.
And I have apologized to her since then.
The whole footage is up on YouTube.
It is all up.
The print of her name shouldn't act.
Oh, yeah, she subpoenaed the footage.
Yeah.
So yeah, I mean it's horrible.
But again, it's more pressure.
Like in the end, that turns out to be good pressure,
in my opinion.
But again, that's where the training is just not consistent.
People are not consistently following.
Yeah, it's broken in a lot of ways.
Hopefully, I just think by all of us hacking
at the root of all this evil,
eventually it all falls down.
That's my pipe dream anyway.
Like alcohol fueled dazed and confused plagued.
One and then two.
So there's a trend.
We've got street bombers.
We've got underwear bombers.
Now I guess we would probably see a Preston bank bomber.
Preston bank bomber.
So how is that going to change?
Train at the Preston bank bomber.
Yeah, train at the Preston bank bomber.
Yeah, I mean to follow this to its logical conclusion,
obviously like anal cavity, that is where you can absolutely
pack dangerous shit and none of these machines find it.
It's already been done.
Already been done.
Yeah, now you all are serious about it.
Is that what we're going to start doing?
I mean, is that what it's going to take to get people
in middle America like just peoria?
Will it play in peoria?
Will it finally not play in peoria?
Like do anal cavity searches?
What's going to piss us off enough?
Do the imaging machines have a magnetometer in them as well?
Do the imaging machines have a magnetometer in them?
I am not aware of that.
Does anyone know?
Do they?
I don't know.
I'm hearing no and it would make sense to me
that it's probably hard to pack
two different types of tech together.
I just thought that no initiator on the person
thinks that the magnetometer thing was supposed to have
two different different elements.
So yeah, it's.
How are we on time?
We have about five more minutes.
We have about five more minutes?
I'm going to make everyone chuckle with two things
just because I know the people behind them
and it's the holiday season.
And if you want interesting gifts for people,
this is going to be like, I'm going to ruin all my cred
right now by like selling out.
No, these are little fun things.
If you really dig someone or do not dig them this holiday,
do you know that you can send them cold anonymously
as a Christmas gift?
The site just is coming online right now
as soon as the payment mechanism is put in place.
Or speaking of payment, you can actually,
in fact a buddy of mine makes pads.
Has anyone ever seen the pads of $2 bills?
Anybody ever paid with a pad of $2 bills?
It is awesome when you're in a store
and you just start ripping off money
that people think is fake anyway
and you're tearing off a pad.
He likes to say it's like fuzzing life.
You just interact with it.
You just fuck with people's brains.
It's a very hackery thing to do and you see what happens.
So yeah, like unusual currency or scent of coal
I just think are two really cute, funny things.
So I kind of had to drop that in there
and let people know about that.
But there was one hand right in front.
Yes.
From my own observation of traveling to the airport,
I found the idea that non-profiling and being random
would be random if it was by a computer.
You put humans in there and all of a sudden
you've got teenage girls that keep getting randomly chosen
or a guy with a beard
keep getting randomly chosen to go through.
So that's the other side of if it's not profiling,
done badly, should you do truly, purely random?
Schneier's mentioned that I think, I'm pretty sure.
But yeah, the idea of proper random
so we don't know what's going on and it's not being unfair.
That's a worthy thing considering.
All of these are really worthy points
to be talked about more.
Anyone else?
Is there any more beers to go back there?
Can Dr. Hood, can you find me a yin link?
That would be awesome.
You said how far does it go?
How far is anybody here willing to go
to get through a security line?
Are you willing to go through a full x-ray machine
to see what's inside your cell?
How do you think they get stuff into a prison?
Yeah, define for yourself before you are in line
what is your breaking point?
Really ask yourself these questions.
How bad does tech have to get?
How bad does the system have to be
before you stand up and say enough?
Hopefully, I think it's already there.
Anything else?
Do you think the UK's starting off
with more old cameras for the adapter
than anywhere else in the civilized world?
Yeah, the man with the accent from across the pond asked,
the important question, do you think the UK started off
with more cameras than anyone else?
Do you think it all happened in one day?
No, it didn't.
It never happens all at once.
It just inches along, it just inches along.
And as long as people don't stand up
and just start pissing all over the system,
it keeps on fucking creeping along.
Knock the shit down.
All right, I'm just gonna sound like a fucking
ranting maniac if I keep talking, I think.
Talk to me back there by the bar,
and thank you very much, this was fun.
Thank you.