Commercial flight; no security

No hassle flight: no security
No hassle flight: no security

We flew from Anchorage to Homer on Alaska Airlines flight 4878, operated by ERA Aviation. No TSA. No screening; none at all. Liquids? Okay! Weapons? Whatever you want! Just check your large roll-ons and climb aboard, big boots ‘n all.. 20 seats. Open seating, open cockpit.
© Copyright 2008-2009 Bambi Vincent. All rights reserved.

Sloppy business at UPS

Rejected passport photos
Rejected passport photos

Four days away from an international trip and Bob and I have no passports. Scary. They were perfectly good and valid still for five years, until they were punctured and made invalid by Federal agents in Los Angeles. The only thing wrong with them was that they had too little space for new immigration stamps. We’d both received additional page inserts multiple times, and now we were required to get new passports.

Fine. All we needed was enough time to send them in, or better yet, bring them in and get them while we wait. That’s the tricky part, given that there is no passport office in Las Vegas. And our itinerary is packed with international trips, so there’s no time to send them in for replacement.

Time for a trip to Los Angeles, then. We gave two presentations at the California Tourism Safety and Security Conference in Anaheim May 7. Perfect timing for a visit to the passport office.

In Las Vegas, we prepared by getting official passport photos. Official, to be certain they’d be the right size, with the right background, etc. No time for mistakes. We used the “official passport photo service” at the local UPS store. When the lackadaisical employee handed over the two pairs of photos, Bob and I gawked. Our heads were small, surrounded by lots of white space, the images were contrasty, and almost black & white.

“These look terrible,” we said.

“They’re fine,” the employee assured us. “We do this all the time. Our photos are never rejected.”

We reluctantly paid $10 each and left.

Los Angeles: palms, smog, and traffic.
Los Angeles: palms, smog, and traffic.

The U.S. Passport Office rejected the photos. It didn’t take much time to get new ones at the handy passport photo service just outside the Federal Building. The new ones were bright, clear, and large. We had our new passports several hours later.

Back at the UPS store, I complained and asked for a refund. The same slovenly employee shuffled off to the back room, unsure how to react. His mono-tasking mind forced him to set aside the job he was about to do: namely, sort customers’ mail into their rented mailboxes. So he set the thick stack of envelopes on the counter beside me and left me alone with it. I stood staring at the gas bill on top of the stack, wondering what could be gleaned from that heap were I an ID thief. I had plenty of time to consider the lack of security with which that mail was handled.

The manager (or franchise owner) appeared and, when I pointed out the stack of mail, said “puh-lease!” As if she had no idea that Las Vegas is at the forefront of fraud and identity theft. Or that her mailbox-rental customers had some expectation of the private and secure handling of their mail.

© Copyright 2008-2009 Bambi Vincent. All rights reserved.

Airport danger and the strategist thief

Airport security.
Airport security.

“Did you know you’re wearing mismatched shoes?” a well-dressed Englishman said to our friend, Brooks, at London’s Heathrow airport one day.

Brooks was talking on his phone, frantic at finding out that he was supposed to be at London’s other airport, Gatwick. He locked eyes with the stranger. “I am not!” he said, refusing to be distracted. “And you’ll not succeed in grabbing my briefcase!”

Brooks had become security-obsessed hearing our tales.

“Pardon me, then. But you are.” The man walked away, intentions defeated, whatever they were.

Brooks finished his telephone call, feeling rather smug that he’d thwarted a thief who’d tried to distract him. Then he looked down at his shoes, only to see one tasseled, one buckled loafer.

Everyone knows not to leave bags unattended in airports and, lest we forget, we are relentlessly reminded by annoying announcements. Bag-stealing strategists are devious, though. Even if you aren’t looking away from your things, you may be connived into doing so. Questions by an apparently confused or puzzled foreigner touch our good-natured core and we want to help. A moment’s distraction is all an accomplice requires. Who would suspect that the pretty girl asking to borrow your pen is merely a diversion as her colleagues snag your bag?

Or, here’s a good one: you’re suddenly paged. Who would page you at an airport, possibly a foreign airport, or a stopover? Who even knows you’re there? You rush off to find the white courtesy phone, befuddled and worried. The accented voice on the line sounds unclear, yet urgent. You may be asked to write down a number, requiring some gymnastics while you extract a pen and find a scrap of paper. Have you looked away from your briefcase? Have you lost physical contact with it? Where is it, anyway?

Earlier, the thief had examined the object of his desire, your bag. Its luggage tag informed him of your name. The strategist paged you. He distracted you. He created his own plausible situation. Or, as Bob would say, he created a shituation.

TSA
TSA

Airports give the illusion of safeness, especially now with increased security. The swirling crowd of dazed travelers, lost or rushed or tired, makes a perfect haystack for the needle-like thief. Your bag might disappear before you even get inside, in all the curbside commotion. Long, tedious, check-in lines can be disorderly madness in some airports, inducing inattention when you need it most.

Computers and purses disappear, too, at airport security checkpoints. Guards have their hands full keeping order at the chaotic bottlenecks, and they’re watching for bigger fish than bag thieves. Don’t assume they’ll safeguard your bags.

Practically every television news program has shown this ruse. The scam occurs just after you’ve put your items on the belt. Before you walk through the metal detector, a stranger cuts in front as if in a hurry. The equipment buzzes and he has to back up and remove his watch, his coins, something. Meanwhile, you’re trapped in limboland and your bags are free-for-all on the so-called secure side.

If you’re traveling with another person, make a habit of this: one person goes through security first and collects her and your bags as they appear. The other waits to see that all bags go fully and safely into the x-ray machine, and watches the belt to see that it isn’t reversed, leaving your items vulnerable on the other side. If you’re alone, wait for any crowd at the checkpoint to pass, if you can, or be alert to anyone who barges in front of you after you’ve let go of your things.

Excerpt from Travel Advisory: How to Avoid Thefts, Cons, and Street Scams
Chapter Three (part-a): Getting There—With all your Marbles

©copyright 2000-2009. All rights reserved. Bambi Vincent

Bob Arno on “Lie to me”

Two pickpockets looking for a victim.
Two pickpockets looking for a victim.

I watched the first two episodes of Fox Network’s new television program Lie to Me, whose main character is loosely based on Paul Ekman, the world’s foremost expert on facial micro-expressions and how to spot when someone is lying. This is an intriguing, new subject to the majority of us. Call it a sexy science. Who wouldn’t like to immediately realize when his mate or partner is fibbing or deceiving him? And wouldn’t we like to ask our financial advisors: “have you ever swindled or cheated any of your previous customers?”

The bad guys, too, want to know how to manipulate their expressions when asked “where were you on the night of April 18?” Will this program suddenly shed light on surveillance and interrogation techniques that have previously been shrouded in mystery? It’s said that Paul Ekman is or has been working for the NSA. It’s confirmed that he’s involved in the structure of a limited program for TSA, in which screeners are supposed to detect irrational behavior in passengers that could indicate terrorist activity, signaling the need for additional and deeper screening of their luggage.

Dr. Ekman has spent a lifetime studying micro-expressions. What’s the chance Continue reading

Violence in Mexico

Acapulco: violence in paradise
Acapulco: violence in paradise

A few days ago, a foreigner arrived at Mexico City’s international airport and exchanged money there. What he didn’t know was that he was being observed by lookouts. When he left the airport, his car was followed by two others. He was forced off the road and approached by gunmen, who simply shot him in the head when he resisted their demand for the cash.

By now everyone knows that Mexico has become a risky destination, thanks to drug gangs and their brutal operations. Police officers have been steadily targeted by the gangs, and are being killed from the top ranks to the bottom in scary numbers I can’t quote.

Last year, the director of the federal police division monitoring trafficking and contraband was killed, along with his bodyguard. So were other top police officials, including the head of Mexico City’s anti-kidnapping unit, and the director of national police operations against drug traffickers.

Little girls in Mexico playing with bottle caps.
Little girls in Mexico playing with bottle caps.

All of Mexico is dangerous now, from the capital city to the most popular resort towns. Acapulco (the city in which Bob and I met), is now called a “violent Mexican resort.”

Tourists to Mexico are in the middle of it all. They are perceived to have cash: either on them, accessible by ATM, or available as ransom.

Mexican police say that the drug gangs now post lookouts at the airport money-exchange booths. The lookouts phone their colleagues outside the airport, who rob the visitors as they leave.

Among its many warnings about Mexico (updated 8/13/08), the U.S. State Department says:

If an ATM must be used, it should be accessed only during the business day at large protected facilities (preferably inside commercial establishments, rather than at glass-enclosed, highly visible ATMs on streets).

About Mexico City specifically, the State Department suggests:

Arriving travelers who need to obtain pesos at the airport should use the exchange counters or ATMs in the arrival/departure gate area, where access is restricted, rather than changing money after passing through Customs, where they can be observed by criminals.

It’s easy and common for criminal gangs to recruit low-level airport employees as conspirators. I wouldn’t feel much safer in the “secure” arrival/departure gate areas.

Mexican citizens have long been the targets of express kidnapping and carjacking, along with the usual burglaries and robberies. Tourists have had to be alert to pickpockets, drink-druggers, taxi-robberies, and psuedo-cops.

Things are getting worse now.
©copyright 2000-2009. All rights reserved. Bambi Vincent

Laptops lost in airports

Midnight in the Muscat airport.
Midnight in the Muscat airport.

As a very frequent flyer, I can understand that 12,000+ laptops are lost each week in U.S. airports. What’s shocking is that, according to a study, only 33% of laptops that make it to lost-and-found are reclaimed. My first thought is: insurance fraud. Lose it, claim it, get a new machine.

The point of the study, though, is really data loss, theft, and abuse. Who cares about the hardware? Wouldn’t it be fascinating to know how many of those never-claimed laptops sitting in lost-and-found actually contain sensitive data? And when was the machine last logged into? After the loss?

Having lost a few precious things myself (a special scarf, an autographed book), I know how impossible it is to contact airport lost-and-found, and the runaround you get if you luck out and reach a human. “You have to contact the airline,” “just file a report online,” “the airline controls those gates,” etc. Hopeless.

And I hate to say it but, I’m convinced that airplane cleaners reward their thankless jobs by the old “finders keepers” law. How else to explain a book left between the window seat and the wall, gone without a trace five minutes after I disembarked? Losers weepers.

Who\'s alert after suffering the human maze?
Who's alert after suffering the human maze?

I just re-read the study, Ponemon Institute’s Airport Insecurity: The Case of Missing & Lost Laptops.
I had first read it back in July when its stats were thoroughly discussed on Schneier’s site. One of my own comments there is “no departments try to return property. Look at all the staffing cuts. Who’s the first to go? An individual might try to return something, but not a department. Even if you know you left something on a plane, even if you report it a minute after you get off, you can kiss it goodbye.”

Most laptops are lost at the security checkpoint—no surprise. People think the area is full of “security” personnel, and that makes their stuff secure. Many times, I pick up my own computer, then Bob’s. No one notices or cares that I picked up two machines. No one questions me whether I have two in my arms at once, or pack up mine and walk off with another.

While the report’s stats are interesting, I think the “Recommendations and Conclusions” are unrealistic. They suggest you allow enough time, as if you haven’t just run between terminals as fast as you can to make your “airline legal” but still-tight connection. They suggest you carry less; hey, we carry what we need, and what we don’t trust the airlines (or TSA) with in checked bags. They suggest you think ahead and have a mental strategy at security. That works—as long as you aren’t in a sleep-deprived fog from flying 14 or more cramped hours and now you don’t know if it’s morning or night. And as long as everything at the checkpoint goes smoothly, which is never certain. Someone cuts in front of you and delays you from getting to the other side, where your stuff sits vulnerable. A bossy TSA agent disrupts your strategy because he wants it done his way. TSA needs to rescan half your stuff and your items are spread out all over.

I have long had a strategy. I lay down my things—always the same things—in a strict order. This allows me to pick them up on the other side and reassemble everything quickly and logically. Every once in a while, that bossy TSA employee will rearrange my things, or hold back some of them in order to re-run someone else’s. This tampers with the otherwise reliability of my strategy.

I like two of the study’s recommendations. One is obvious, to label your laptop so you can be easily contacted. The other mildly recommends that airports make it easier for passengers to report losses. That would really help. Fat chance.

Choosing the right luggage for constant travelers

choosing the right luggage
choosing the right luggage
Our typical haul: four aluminum Halliburtons to check, a roll-on each, a shoulder bag each.

For very frequent travelers, the right luggage is vital. Bob and I have used aluminum Zero Halliburton luggage forever. It’s heavy and expensive. It gets dented and full of stickers. Every few trips, a bag loses a handle or a wheel, and we keep on repairing them. We can’t even take advantage of their good locks anymore. Instead, we wrap strong tape around the seams to thwart thieves.

In iffy hotels we use one of these as a safe for small valuables, sometimes even laptops. The theory is that a camera, passport, maybe even a laptop can “get legs.” A large, heavy suitcase is less likely to go missing.

Choosing the right luggage

Bob uses a black aluminum Halliburton roll-aboard. It’s strong, padded, and lockable, so he’s not worried when his carry-on must be put in a plane’s cargo hold, no matter what’s in the bag. You can see it on the top of the left stack in the photo. This clamshell-type roll-on does not suit me at all. I like lots of zipper compartments, so I can easily grab my computer power cord, a book, or a document from a file folder. I also like a roll-on big enough to neatly carry an outfit or two. These are usually called one-suiters. I always have one suit and one stage dress in the roll-on. I’ve been without my checked luggage one time too many.

choosing the right luggage
Carry-on system by Mandarina Duck.

My roll-on has a matching shoulder bag which stacks easily and securely. And of course it has a shoulder strap for the millions of stairs that require hauling instead of rolling. The shoulder strap attaches with a ridged plastic tab. This was my biggest concern when I bought this combo three-plus years ago. What if it comes loose? My laptop is in the shoulder bag, my iPod, passport, a little camera, and all my most important things. Many a time I have boarded rickety boats with this bag on my shoulder. But I’ve come to trust it.

The plastic tab broke on the way to Oman recently. The day I got home I photographed the strap and sent it to the company. In a week, I had a new strap, overnighted from Italy, no charge. So I think I should mention that my carry-on luggage is made by the Italian company, Mandarina Duck.

Retail loss prevention

Virginia Retail Loss Prevention Conference centerpiece
Virginia Retail Loss Prevention Conference centerpiece

The crotch-walk was demonstrated, just before a strip-tease, at the Virginia Retail Loss Prevention Conference last week. We do get to see some oddball demonstrations, like how to steal a Rolex, the miraculous faro shuffle,  and how organized crime families work.

An armed robber bursts into a small retail shop in a mock robbery.
An armed robber bursts into a small retail shop in a mock robbery.

Thursday evening, attendees saw a comedic demonstration of pickpocketing—performed by the inimitable Bob Arno, of course. We all scooted out of the conference in time to catch the VP debates.

Friday morning began with an armed robbery—rather, a mock robbery—staged and acted in a corner of a hotel ballroom fitted out with the works of an entire discount apparel store. Within the mock shop, a real FBI agent played customer, looked after by an attentive shop employee. When a gunman burst through the door brandishing real blue steel and shouting for cash, the shop employee raised a baseball bat. (Wrong move.) The enraged robber emptied the till, waved his weapon about, and demanded the contents of the safe. When the cowering employee insisted there was no safe, we thought the robbery would become a murder. But the perp fled and a police detective showed up to quiz witnesses (attendees) for descriptions. Height, weight of suspect? scars? tattoos? clothes? hat? weapon? which way did he go? car? license plate? It all happened so fast it’s amazing what we missed.

Each woman wears eight outfits, layers applied in the shop\'s dressing room.
Each woman wears eight outfits, layers applied in the shop's dressing room.

After breakout sessions on till-tapping, sweethearting, environmental anti-theft design, and other esoteric topics, lunch was served, accompanied by a thieves’ fashion show. Brilliantly written by Susan Milhoan, president and CEO of the Retail Alliance, male and female models paraded across the stage to pulsing new-age music lying under Susan’s slick narrative. We were introduced to shoplifters with a variety of ingenious methods and containers for hiding their ill-gotten gains: a gift-wrapped box with a hidden flap, a loosely-closed umbrella carried upright, booster-bags slung about the hips under voluminous skirts, and many more.

In a thieves\' strip-tease, two shoplifters peel off the layers.
In a thieves' strip-tease, two shoplifters peel off the layers.

Finally came the crotch-walker: a woman in a dress who casually strolled before the crowd and, on command, dropped a small appliance to the floor from its snug position, gripped tightly between her thighs. Whole hams are frequently stolen this way, our fashion narrator explained, then sold at a discount for quick cash. Yum.

The thieves’ fashion show finale was a raucous strip tease starring two young, slim women who sidled onto the stage with slinky grace. Classic stripper music began and the women proceeded to peel layer after layer off of their bodies. Each wore eight complete outfits and, though they stopped stripping while still decent, stood among a mountain of garments, with a value of thousands of dollars.

95% of retailers in Virginia are small businesses with only one to five employees. The sole function of the Virginia Retail Loss Prevention Alliance is to provide these business owners with resources to help prevent “shrinkage.” According to Milhoan, only three organizations like hers exist in the U.S. Yet, what they offer is of immense value to small retailers across America. I’d like to see the Virginia Retail Loss Prevention Conference tour as a road show. Any sponsors out there?

Bob Arno on redflagging as criminal profiling

An eye.
An eye.

[Finally, a few words from Bob Arno.]

As we travel the world every year, we interact with organized crime figures, street criminals, and security personnel along the way, observing and absorbing the latest trends in criminal behavior and the latest techniques. Over the past twenty years, I have maintained dialogs and communications with some rather interesting criminal minds on four continents. But talking about security issues and criminal behavior, on the internet or to media in general, is always a dilemma. Yes, it’s useful to reveal the latest scoop about the rogue fringe of society, but by bringing revelations into the open we might tip our hand to the bad guys.

Striking up conversations with criminals usually means we first have to detect them, identify them, and somehow confirm that they really are thieves—unless we have direct cooperation from law enforcement agencies. We’ve developed unique skills in detecting criminal behavior and patterns that we recognize before the crimes take place. Modern crime prevention is often based on similar methods and techniques, and written into algorithms for computer analysis. Yes, they are obviously very different depending on the country where the criminals are active, the type of crimes anticipated, and other cultural factors. In security circles, a common word for this analytical activity is “redflagging.”

Bambi Vincent, Kevin Mitnick, and Bob Arno.
Bambi Vincent, Kevin Mitnick, and Bob Arno.

The kick-in-the-pants for this post came from an incident we became privy to in Atlanta last week, while there to address the ASIS annual conference—the world’s largest security convention. Kevin Mitnick, the famous (or infamous) former hacker—is there such a thing as former hacker?—was also there, as a presenter and panel host on Internet abuses. Kevin, always full of new anecdotes and intriguing …˜backend’ stories, is an old friend of ours. It was his exhaustive airport encounter earlier that day (with ICE, US customs, and the FBI) that got me thinking about redflagging, which is what entangled Kevin.

In the past few weeks, two books have been published which both indirectly focus on redflagging, how to isolate a certain behavior from the norm, and then to draw conclusions. This is not exactly science, but reasonable speculation. Behavior is an extension of human emotion; it’s difficult to completely suppress our emotions, and therefore our behavior.

The new books are The War Within: Secret White House, by Bob Woodward, and The Numerati, by Stephen Becker. Both books allude to new and secret formulas used by the U.S. government as well as the private sector, to fight terrorism and crime in general. Woodward’s book speculates about isolating terrorist leaders and taking them out with precise weapons. In his blog, Schneier on Security, Bruce Schneier wagers that Woodward is talking about “tagging.” The speculation centers around new technologies, but we can be quite certain that some algorithms on behavior are reasons for the new successes in the war on terrorism.

Lips
Lips

The other book, The Numerati, is not about politics or security developments. It’s about the latest trends in analyzing emerging patterns by drilling through data banks. A good review, “Drilling Through Data,” can be read in The Wall Street Journal, and there’s an interview with the author on NPR. The book discusses security software analytics. The last part of the book covers irregular pattern recognition and Jeff Jonas’ work in the casino industry. A good introduction to the world of Jeff Jonas and his contribution to the security industry is posted in O’Reilly’s Etech Conference pages from March 2008. Jeff Jonas works for IBM (and we assume for divisions of our National Security Agency, in some capacity or another). To get the gist of his talk on casino scams and how to detect crime in casinos using surveillance technology coupled with databases of known criminals, you have to drill further. This is very good reading for those with an interest in irregular pattern recognition.

Neither book sheds any precise information on what we want to know most: what are the security agencies concentrating on when they assemble their “trip wires” for redflagging? And that’s good; why should we let the other side know how they’re spotted?

Forehead
Forehead

In its most simplistic application, analytics are used in surveillance software in the retail and hospitality industries, and in public places. For example, the scanning of individuals hovering or loitering around an entrance or in a hotel lobby; the number of seconds a cash register’s drawer stays open in a store; how the hands of the employee at that cash register move; the angle of the hand holding the credit card (think portable skimmers).

All of which is just foreplay to the real issue: the behavior of terrorists. What speed or pace and how do they walk when approaching a target? How does a female terrorist behave differently from a male? How do they behave when stopped or challenged? And most important, what about their face reactions? Can a telephoto video scanner pick up micro-expressions and can the latest research by people like Dr. Paul Ekman and Mark Frank map these movements with accuracy?

Fake smile.
Fake smile.

For some interesting current examples of micro-expressions, watch again the recent Sarah Palin interview on ABC Evening News with Charles Gibson.   The moments for interpretation come at three minutes and 59 seconds, when Charles Gibson asks her if she has ever met with foreign heads of states. More of the same expressions when Gibson asks whether Russia was provoked to go into Georgia, five minutes and 13 seconds into the interview. And finally, at eight minutes and 34 seconds, at the question about the Bush Doctrine. Whether the clenching, lip protrusion, closing of eyes, and swaying can be interpreted as precise proof of one thing or another is up to the students of Paul Ekman.

Redflagging as a form of profiling is controversial. My points above illustrate how complex and far-reaching the conclusions may be to our society. I have not even touched on the privacy angle, the national security aspects, and what the bad guys can do to counteract the revelations made by media on the latest security innovations. Ultimately it comes down to the old argument: what do we keep secret (for national security) and what do we allow the public to know in order to protect privacy and maintain open political dialogs?

My objective today is to draw attention to the constant need to fine-tune information analytics. It is the lack of qualified experts drawing useful conclusions, which has triggered all kinds of recent mishaps, near financial ruin, and security lapses. This article is not meant to start new political discussions on security secrecy or privacy protection. Others who specialize in advancing and protecting both viewpoints are far more qualified.

[The facial features above belong to confirmed criminals, photographed during interrogation.]