Doug Lhotka

Airplanes and laptop bans have been in the news a lot recently.  As someone who flies a fair bit, I’ve been watching the circus with both horror and amusement.  I have a suspicion as to what the real motivation may be, but we’ll get to that in a bit.

There’s allegedly intelligence information that terrorists are building laptop bombs to take down commercial flights, like what was done recently in Somolia.  Let’s accept that at face value for the moment.  In the case in Somolia, airport workers were involved, which is the one of the largest security risks in aviation today – a corrupt trusted insider.  I suspect, but don’t that EU and US airport security is somewhat better than Mogadishu, but let’s set that aside too.

All this is driving a potential ban on laptops and tablets in the passenger compartment of aircraft – but not in the cargo hold.  While baggage in the cargo hold is screened, the asserted motivation is that laptop bombs would have to be manually actuated.  Evidently timers are beyond the capability of terrorists?  Strikes me as a bit unrealistic.

What is real though, is the risk of fire from a few hundred lithium ion batteries improperly packed, on devices that have been slept (not turned off), in soft sided suitcases tossed around in the baggage handling process.  As Samsung found out with the Galaxy Note 7, this is not an academic issue – if one of those devices had caught fire in a cargo hold, the runaway fire would have been impossible to extinguish, and likely brought the aircraft down.  If we can’t allow an e-cigarette in the cargo hold, why would we allow a laptop with 10-100x the thermal energy?  That’s exactly what the airlines are pushing back on.

Fire is absolutely a far greater risk than a terrorist incident.  65 Million people fly between the US and Europe annually.  Between tablets and laptops (some people have both, most have at least one), that’s a massive increase in fire risk – and to the point where I’d have serious second thoughts about flying.

If there’s a real risk of a ‘laptop bomb’ then require additional screening – power them on & swab them down. That’s far more effective than sticking them in the cargo hold.  It’ll avoid the economic damage from reduced passenger traffic, lost/damaged/stolen devices, and the inevitable fires.  What it will do is increase security costs, add additional screening at the boarding areas for international flights (or at the main checkpoint if they do this for all flights), and generally create more passenger friction.  That could be mitigated by exempting Global Entry and/or TSA-Precheck passengers from the additional screening, but it’ll be an impact regardless.

And here’s where my suspicious, cynical nature comes in.  What if that screening is the real end goal, and all this chatter about a flat-out ban is designed to manipulate public opinion, and get us ready to accept the ‘lesser of evils’?   “It’s a pain, but it could have been worse – they could have banned them completely.”

Hmmmmm.

MacRumors has an interesting article on the iPhone8 with a rumor that it’ll forgo the fingerprint reader in favor of a 3D facial scanner.  It’s an interesting idea that could be very convenient, but would it be secure?

The obvious first question is, can it be spoofed?  It’s relatively straightforward to capture a 3d model of someones face, including visual coloration.  That can then be split into a texture, which is unwrapped digitally, printed and transferred to a flexible skin.  The 3D model can be printed on a consumer 3D printer, and the recombined with the printed skin to form a reasonably accurate 3d model of someone’s head.

Will it be good enough to spoof the sensor?  If it includes IR sensors that look for non-uniform thermal images, it’d be more reliable, but if it’s just an image and morphology recognition, it should be possible.  A lot will depend on the tolerance built in, and most facial recognition systems have a crossover problem.

Assuming Apple releases a phone that has this, and allows charging and headphones at the same time, without looking like (homage to Bruce here) a bleached squid is dangling from my shirt, I’ll give it a try and let you know.

Next we have the issue of compelled unlocking.  This is a murky area of law, and we don’t have clear direction.  Forcing someone to type in a password is probably not going to survive.  Requiring someone to press a finger to a sensor is currently winding it’s way through the courts, and that outcome is definitely in the grey area.

I suspect that requiring someone to hold still while a phone is held up in front of their face is likey to be permitted.

Last, these systems have real challenges with false positives and negatives – they range from nearly a joke (hold up a picture), to annoying (high failure rate).

Apple’s managed to do some interesting things with usable user-friendly security, so if anyone can get the tradeoffs right, it’s probably them.  I just hope it’s not the sole option on a flagship product.