Student's Web site receives national attention

Garnering widespread national media coverage, campus reaction has been deeply split on IU Ph.D. student Chris Soghoian's decision to develop a Web site that produces fake Northwest Airlines boarding passes. \nAs a result of creating the site, which has since been taken down, the FBI and Transportation Security Administration have been investigating Soghoian, and Saturday his apartment was raided by FBI agents, who secured a search warrant beforehand. \nSoghoian said in his blog, http://slightparanoia.blogspot.com, that he created the site to point out a loophole in airline security.\nThe stir caused by the Web site came to head last week when Massachusetts Congressman Edward Markey publicly called for the arrest of Soghoian. Though, when Markey learned of Soghoian's intentions, he retracted his condemnation.\nWith more than 80 media outlets picking up the story, including The Associated Press, the online magazine Slate and USA Today, the topic has also been highly discussed and debated in the blogosphere. According to Google's blog search, dozens of blogs have mentioned the issue in the past couple days. \nGraduate student Bill Mankins said he thinks the authorities have a right to investigate this situation. \n"The FBI had a legal search warrant to enter his apartment," Mankins said. "Nothing seems to show that what they are doing is illegal." \nAccording to his blog, Soghoian said he did not attempt to use a fake boarding pass to board an airplane but instead lists one of the uses of a fake boarding pass to "demonstrate that the TSA Boarding Pass/ID check is useless." Soghoian has repeatedly declined to comment to the media on the case, saying his lawyers told him to remain silent until the issue blows over.\nSid Stamm, a graduate student and computer security researcher for IU, said he does not think what Soghoian did is a threat, and it should not be treated as such. \n"Chris wrote software that automates production of false boarding passes with the intent of proving how easy it is to make false boarding passes," he said. \nSome of Soghoian's professors, including cybersecurity researcher Markus Jakobsson, have come out in support of their student. \nSophomore Brian Wolfe said he is not surprised that Soghoian was able to create fake boarding passes. \n"With the technology that is accessible to almost anyone now, it's no surprise we have people that are capable of doing things like this," he said. \nIn their coverage of these events, a number of news organizations, such as Wired News and ABC News, have said Soghoian is not the first to call attention to doctored boarding passes. \nBruce Schneier, an internationally renowned security technologist, detailed steps to create fraudulent passes for those on the no-fly list in his 2003 blog. Also, last year, Sen. Charles Schumer, D-N.Y., posted specific instructions on his office's Web site about how to go about bypassing airline security using fake boarding passes, complete with numbered steps. Both said the purpose of releasing the information was to call public attention to the security gaps. \n"This 'flaw' in airport security is at least three years old and has been explained to Congress and the general public by non-technical politicians," Stamm said. "It is nothing new, and the flaw remains open. Anyone with some white-out and a photocopier can do exactly what Chris illustrated by printing a boarding pass from an airline's Web site, changing their name and making a copy." \nStamm said he thinks Soghoian did this to emphasize a security loophole that has already been made public by others.\n"What he did, though it may not be legal, was probably intend to reiterate an existing flaw in the airport security procedures," he said. "The fact that he is getting lots of media coverage (as previous whistle-blowers have not) might be the way he hopes to get the problem fixed, even if he has to face consequences."\nBut Mankins is skeptical of Soghoian's intentions for posting the Fake Boarding Pass Generator Web site. \n"My question is why he posted the information on a Web site." Mankins asked. "If he was pointing out a missed loophole, then why didn't he contact the authorities to let them know of the problem instead of making the information publicly accessible?" \nChay Tidwell, a graduate student, also questions Soghoian's motives. \n"It's unclear at this point what exactly his intentions for putting up the Web site are," Tidwell said. "Possibly he could have posted the information as a public service warning to ensure the safety of citizens or he may be more concerned with making organizations such as the TSA look bad"