Copied from http://blog.wired.com/27bstroke6/
Saturday, 28 October 2006
Sometime after 2:00 a.m. Central Time Saturday morning, the FBI searched the home and seized computers belonging to Christopher Soghoian, an Indiana University Ph.D. student who created a DIY boarding pass generator, according to a post on his blog. Backstory.
On Friday night, Soghoian and his advisor met with the FBI for several hours. Just hours later, FBI agents had a federal magistrate judge sign a search warrant at 2 a.m. to find evidence that Soghoian was involved in a "conspiracy to commit or the commission of knowingly presenting a false and fictitious claim upon or against the United States, or any department or agency thereof." Links to search warrant and attachment (27B mirrors: warrant and attachment).
Soghoian found the search warrant taped to his kitchen table Saturday morning when he returned home after sleeping elsewhere.
The warrant specifies that agents can seize all of Soghoian's computer equipment, any records pertaining to airline travel, airports and aviation security, and records or correspondence relating to his website and blog.
Soghoian did not immediately respond to an email, but earlier today wrote me to say he's not talking to reporters until he has a lawyer.
First, the FBI is likely looking to find direct evidence that Soghoian actually used a fake boarding pass to board a plane. Soghosian told me he had never done so and was waiting for clearance from lawyers before doing so. Finding such proof would allow the feds to try to prosecute him for the fraud statute quoted in the search warrant. The conspiracy charge is much more of a long shot to prosecute since it would require proving intent. That said, that's just my opinion and I am very much not a lawyer.
Second, shutting down the boarding pass generator will likely not be effective in keeping the tool off the web. There's already replacement code floating around the internet and it may only be hours before it gets loaded onto a server hosted beyond the FBI's reach.
Third, Security expert Adam Shostack has written that senior TSA managers were briefed in February 2004 on the vulnerability exploited by Soghoian's website. That is in addition to the discussion of how the gap between where a boarding pass is printed and where the security line starts, which began with Bruce Schneier in 2003, and was continued here, here and here, among other places.
Fourth, any browser can change a boarding pass and shutting down Soghoian's site doesn't change that.
Fifth, anyone else noticing the deafening silence from the Electronic Frontier Foundation (they only do criminal cases), the American Civil Liberties Union (no idea), the Electronic Privacy Information Center (generally only does FOIA cases and friend of the court briefs) and John Gilmore's Identity Project (maybe trying to seem respectable since it's trying to get the Supreme Court to hear Gilmore's appeal of his airport I.D. case loss in the Ninth Circuit?). I'm not saying any of these groups should be Soghoian's counsel, but not one has even issued a statement to my knowledge.
Full Wired Story on Soghoian here.
Previous blog coverage: