Delta CAPPS-2 watch: decrypt boarding passes!

John Gilmore gnu at toad.com
Thu Mar 6 03:19:34 EST 2003 

Delta Air Lines is the guinea pig for the CAPPS-2 intrusive database
search on every passenger.  They'll be doing this in three cities,
starting THIS MONTH.

First, if you were thinking of flying, be sure not to fly on Delta.
See http://boycottdelta.org.

Second, if you're stuck on Delta, or want to watch their system, then
please report back (to me, gnu at delta.toad.com, or to the cryptography
list) about how the airport checkin and screening process has changed.
We should be able to rapidly figure out which cities they are doing
this in, based on the airline's behavior changes.

For example, some stories say that the system will require more info
from you, like your home address and date of birth.  Other stories say
that no new info is collected.  One has pointed out that Delta's
frequent flyer program has collected birthdate info for years.  I
suggest flying WITHOUT tying your flight into the frequent flyer
database.

Also, most news stories claim that your boarding pass will have
"encrypted" on it a "red/yellow/green" flag that tells the security
screeners whether to:

    *  Block you from getting on the flight
    *  Search the hell out of you
    *  Let you walk through with minimal hassle

The stories report that the security screeners at the checkpoint might
have new machines to run your boarding pass through (to "decrypt" this
info).  This could all be disinformation.  If true, it should be easy
to spot, particularly if you've flown through these airports before.

And, besides identifying what cities they're doing this in, we should
also start examining a collection of these boarding passes, looking
for the encrypted "let me through without searching me" information.
Or the "Don't let me fly" information.  Then we can evaluate how easy
it would be to turn one into another.  (Don't mistake a system that
claims to provide security for one that actually does.)

I'll restate just for the record that I oppose this entire program,
as well as the unconstitutional demand for ID before traveling in the US.
I'm suing Ashcroft, TSA, and Homeland Security over it.  We're currently
awaiting Judge Illston's decision on the government's motion to dismiss
the case as frivolous.  (How many of you who thought it was frivolous
eight months ago, still think it is?)  http://cryptome.org/freetotravel.htm 

	John


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list