[awj]

A quick how-to on bypassing the TSA no-fly list:

1. Buy a plane ticket under someone else's name. Presumably yours is blocked/flagged due to the airlines being able to check the no-fly list.

2. Use that ticket to forge a boarding pass in your name. Use this, along with your official ID, at the security checkpoint. All the TSA does is read it and validate date/time/what the know of flights off the top of their head. Nothing in their setup validates your boarding pass against airline records or the no-fly list.

3. At the gate, hand them the original boarding pass. They'll check it against computer records, but won't bother to check your ID against the pass.

4. Congratulations, you've bypassed a critical portion of American airline security.

This, honestly, is most of why the recent "advanced screening" systems piss me off. Our current security measures are woefully ineffective because of these kinds of loopholes, but instead of plugging those loopholes we simply pile on more half-assed systems.

The no-fly list could be a great tool for us, if used properly. Instead it's nearly trivial to circumvent for the bad guys and an enormous pain in the ass for any honest person who happens to wander into a name conflict.

[MichaelGG]

I think the no-fly has even more issues than just circumvention [1]. Schneier calls it "a list of people so dangerous they cannot be allowed to fly under any circumstance, yet so innocent we can't arrest them even under the Patriot Act"[2].

1: http://www.schneier.com/blog/archives/2006/10/nofly_list.htm...

2: http://www.schneier.com/blog/archives/2007/08/conversation_w...

[gergles]

Well, it isn't really about airline security, it's about revenue protection. If you're too dumb to photoshop your boarding pass, you also have no choice but to pay the $X00 "change fee" to give your tickets to somebody else.

The airlines have significant input into the TSA's processes. Why do you think they have never objected to this (especially given that it is basically a joke?)