Ryan W Smith

Recently I’ve come across a string of disturbing news reports regarding the TSAs new policy that forces airline passengers to choose between the invasive backscatter imaging scanners or a full body rub/pat down that includes thorough check of sensitive areas.  The backscatter scanners require the passenger to raise their arms and spread their legs while the attendent is able to see a black and white image of their nude form in disturbing and embarrassing detail, as seen in this article if you click to enlarge the included images to their full size.  I guess compared to the new option of having TSA do a fully invasive rub down of your entire body including the sensitive bits, then it doesn’t sound too bad.  The primary concern to me, above the fact that all of this is merely security theater and that it won’t truly benefit our national security, is that the TSA checkpoint looks more like an entrance to a prison than to an airport and moreover travelers are treated as if they were prisoners even when they’ve done nothing wrong.

The full body scanner amounts to a a strip search, and despite TSA’s objections, it has the potential to cause the same psychological effects on many of it’s victims as a strip search.  For someone that’s committed no crime and just wants to travel to see their family, I would say that it crosses the line to have them remove their shoes, jacket, belt, anything from their pockets, then ask them to step into a machine to raise their arms and keep their legs apart while some person in another room examines a detailed image of their body through their clothes.  The experience of being inspected, patted or rubbed down, and your belongings searched through in front of your family, friends is extremely degrading in my opinion and has the potential for very real psychological impact.  This psychological impact is intentional in the prison system, but in a place where upstanding citizens are merely traveling for work or to see their family, it’s gone beyond good security into a police state mindset.

I’ll close with this:  There’s a grass roots movement to stand up against this type of treatment called “Fly With Dignity” (http://flywithdignity.org/). And there you can sign the petition and send it to the Secretary of the Department of Homeland Security and TSA.  The following is the message I attached to my petition signature:

It is a sad day in American history when our leaders choose to use national security as a pretext for the forced relinquishment of God-given and unalienable rights.  This includes among other enumerated and unenumerated rights, the right as a citizen to be treated with decency, respect and trust, until we have given cause to have violated that trust by our own actions.  By allowing foreign and non-state terrorists to coerce our nation’s leaders into continually increasing the invasiveness of inspections and law enforcement of law-abiding citizens who have done no wrong, we are giving them the power to permanently shape our government in an extremely negative and detrimental way.  I have traveled many times in the past ten years, and have never been in fear of a terrorist attack on my flight, but I have always been afraid without exception when I enter the TSA screening area, not because I have something to hide, but because I am consistently treated with disrespect as if I’ve already committed a crime and must prove myself innocent while being verbally and physically degraded in front of my peers.  But more than fear, I feel sadness because I can see where this is heading and if we don’t change course soon, it will be a very sad future indeed.

I was recently at a talk on the topic of cyber warfare and international relations, and I heard a rather odd comment from a member of the audience. I didn’t catch the exact wording, but the gist of it was that there’s a growing community that believes that botnets are becoming a thing of the past, and we should be less concerned about them. My first question was: who is this community? The answer was that they are people who have worked with on several of the recent CRS reports on illicit cyber activity. These are people who do research and write reports and recommendations for Congress, so they have a relatively large amount of influence in the policy community. It should be noted that this is not a pervasive view, but it is said to be established and growing.

I’m not saying that this view is wrong, but it will take quite a bit of evidence to the contrary to get me to change my opinion. In my opinion botnets aren’t going to go away, but they will certainly evolve. No longer will they be used for simple denial of service (although that probably won’t go away entirely), but they’ll also be used for financial gain, distributed computing, distributed storage, and wide scale subversion. We saw the beginnings of this many years ago when an underground credit card ring was caught by The Honeynet Project. The bottom line is, people will never cease to find new ways to use thousands or millions of computers under their illicit control, and botnets provide them that ability.

That said, botnets of today will wane as the technology progresses, becoming the toys of the script kiddies. New botnets will have better command and control structure, will have diverse methods of propagation, will themselves be more secure (see: Conficker), and will be less detectible. So long as there are large numbers of vulnerable computers, botnets won’t die, they’ll evolve.

I came across an article today called “10 easy steps to writing the scariest cyberwarfare article ever”. It’s written in a tongue in cheek manner, but there’s a lot of truth to it, everywhere you look there’s another article about how the boogeymen are going to take over the Internet.



The truth of the matter is, there are a lot of highly (and not so highly) skilled people who wish to use our dear Internet for their own nefarious purposes. Despite what the media would make it seem, this is nothing new. This has been going on since two computers were connected to each other, before that people attacked the phone system, and so the story goes for whatever the technology of the time may be. What is new is that nation states are now publicly suspected to be behind some of the larger attacks (like the recect GhostNet that spied on the Dalai Lama, or the attacks on the electrical grid). While I’m not denying that this is a serious concern, I am concerned that the media is sensationalizing the issue, making it harder for the average citizen to separate the true concerns from the FUD.



On the one hand I’m glad that people are finally becoming aware of some of the issues surrounding cyber security, and hopefully they’ll also put some resources behind it, but on the other hand I hate to see the lack, twisting, or misuse of facts used just to scare someone into doing what you want them to do. So those of you reading the news, take it with a grain of salt… the sky isn’t falling, it’s just a little rain (and the occasional tornado :). Those of you with enough knowledge and ability to write about cyberwarfare in an intelligent manner should take it upon yourself to write a factual interpretation of the events to offset the deluge of FUD coming from most major news sources.