08 February 2007
I found this at Matt Blaze's Crypto Blog
"Newly armed with the official terminology, I did a bit of googling this morning and found the TSA's Airport Security Design guidelines. This 333 page (PDF format) manual specifies, in all the detail one could ever hope for, everything there is to know about designing the security infrastructure for an airport, right down to the layout of the divest tables for the X-ray ingress points at sterile concourse station SSCPs. It's all very meticulous and complete, even warning of the "potential for added delay while the passenger divests or composes" (page 99). For some geeky reason, I find all this mind-numbing detail about the physical architecture of security to make strangely compelling reading, and I can't help but look for loopholes and vulnerabilities as I skim through it.
Somehow, for all the attention to minutiae in the guidelines, everything ends up just slightly wrong by the time it gets put together at an airport. Even if we accept some form of passenger screening as a necessary evil these days, today's checkpoints seem like case studies in basic usability failure designed to inflict maximum frustration on everyone involved. The tables aren't quite at the right height to smoothly enter the X-ray machines, bins slide off the edges of tables, there's never enough space or seating for putting shoes back on as you leave the screening area, basic instructions have to be yelled across crowded hallways. According to the TSA's manual, there are four models of standard approved X-ray machines, from two different manufacturers. All four have sightly different heights, and all are different from the heights of the standard approved tables. Do the people setting this stuff up ever actually fly? And if they can't even get something as simple as the furniture right, how confident should we be in the less visible but more critical parts of the system that we don't see every time we fly?"