I'm Evan Booth, and I can build guns, bombs, and other weapons out of things you can buy after the airport security checkpoints. AMA.
My background is in software development and information architecture. However, for the past year, I’ve been working on independent security research I’ve dubbed "Terminal Cornucopia." The TSA is supposed to prevent passengers from slipping anything that could be used as a weapon past its multiple layers of security personnel, scanning devices, and explosive-detecting swabs. Trouble is, there are a slew of items that you can purchase just past the security checkpoint that can be turned into a makeshift arsenal. To help illustrate this vulnerability, I have recently filmed a short video with VICE to demonstrate just how easy it is to build these weapons. My goals for this project are to inform the public about this security issue, and to give the TSA/policymakers solid information on which to base decisions regarding our safety.
For an overview of the project (including demonstration videos for the weapons), check out http://terminalcornucopia.com.
Edit 1: Well that's disconcerting... in the middle of an AMA about building weapons out of airport wares, my Macbook randomly shut down and won't power up. D:
Edit 2: Thank you guys for all the great questions! I have to run to appointment, but I'll try to keep answering questions over the next few hours. To get updates on Terminal Cornucopia, follow me on Twitter @evanbooth.
Well....they didn't wear the nifty, blue, "FBI" windbreakers, so it was a total letdown.
Really though, I'd done a fair amount of mental preparation going into this project, and I knew a visit wasn't completely out of the realm of possibility. They showed up considerably later than I would've expected (I first spoke about Terminal Cornucopia in March, they showed up in June), but I was able to stay relaxed through it. I suppose it helped that the two guys who showed up were perfectly nice and courteous.
Edit: Yeah, still pissed about the windbreakers. That's about standards, people.
The lack of windbreakers is utterly disappointing. Did they at least produce badges and/or introduce themselves as Special Agents Mulder and Scully?
Yes to the badges, but no re: The X-Files. I did whistle the theme song a few times, so that's something.
If you don't mind, what are you most concerned about in your line of work/research - for yourself or for the other folks who might be affected?
Is there a line that you're conscious of not crossing?
Thanks for the intriguing topic!
My pleasure — thanks for the great questions!
I'm pretty sure laws are written to be intentionally convoluted. We've all probably committed a felony or two today without even knowing it. If someone with a modicum of power/authority gets butthurt, you're going to have a bad time. It becomes a question of whether or not you let that stop you from doing things that are right.
What did they ask?
They asked a lot of the same questions that have been asked here, actually. They were primarily concerned that I'd built weapons inside the airport. So I was glad to be able to tell them that I hadn't — I build everything in my office. However, I did tell them that I'd love to build weapons inside of the airport if they'd be so kind as grant me that permission. ;)
Dude, steel is made out of your balls.
I'm almost embarrassed to admit how hard this made me chortle just now.
What was the response to that?
They punched me right in the throat.
Or they just said no. It's tough to remember the details...
Many people comment on your news articles saying that your work is educating “the bad guys” and making it easier for them to do harm. As this is a legitimate concern, how would you respond to it?
This is a great question.
I think that an important thing to keep in mind when it comes to defending against attacks from "the bad guys," is that we're usually playing catch-up. Vulnerabilities like the one(s) my work examines are rooted in basic knowledge that has been available in books and on the internet for many, many, many years — primitive weapons, basic chemistry, etc. This is just one guy's opinion, but I think it's safe to assume that if an individual or a group is willing to harm or kill another person, they have already discovered this information.
I hope that my work serves as a means to level the playing field, and to help us put better, more effective, and more appropriate security measures in place moving forward.
So seriously, how much do you worry about being under government scrutiny due to your chosen path?
That all relative, I suppose. I try to keep things on the level, so if an agency were to dig into my life, they wouldn't find any surprises.
In my mind, I've taken the appropriate steps to position myself as an ally. Instead of digging around for something, I'd prefer they just ask.
Admittedly, this is probably a tad naive on my part.
Edit: Having thought about this a little more, it's definitely not naivety. I'd really like to think that I'm a man of principle. Given the documents this country was founded on, when you take away all the bovine feces and nonsense, a citizen in the United States should be able to do what I'm doing without fear of scrutiny or punishment from the government. End of story.
I bet it helps being a good looking young white male.
" In 4th grade, with the help of strategically placed pens, erasers, and a Pop-Tarts wrapper, Evan's pencil box could quickly be converted into a model rocket launchpad."
Care to explain more?
Like this: http://i.imgur.com/xPAUmGP.png
Note: The eraser fit snugly in the little compartment for the pencils. The Pop-Tarts wrapper kept things from getting too melty. ;)
Thanks... I made it out of a shoestring, a yawn from a tired hippo, and a spit bubble.
Glad someone got it. ;)
Pop tarts wrapper seems sufficient but is it necessary?
I was in fourth grade...
The false necessity of unnecessary shiny stuff became a mass hypnosis long before you or me entered fourth grade. I still admit to enjoying shiny things, even though they can be blinding.
Sure I'll draw that, is that you?
Man, I wish I had time to maintain a good novelty account...
Edit: vanity? wat.
This answer is a bit of a cop out, admittedly, but I'm a lot better at digging into and defining a problem than I am working out a fully-baked solution. The analogy I like to use is expecting a gourmet chef to also be a champion competitive eater.
There are people who are far smarter than I who have written about changes that need to happen in regard to airport security. I would direct you to the inimitable Bruce Schneier: https://www.schneier.com/cgi-bin/mt/mt-search.cgi?tag=TSA.
Edit: This post is a good place to start.
If you forget how to spell "Schneier," it's best to slam your face against the keyboard repeatedly until you get lucky. That's what I do.
When you're a comedian, everybody wants you to do things besides comedy. They say, 'OK, you're a stand-up comedian -- can you act? Can you write? Write us a script!'. It's as though if I were a cook and I worked my ass off to become a good cook, they said, 'All right, you're a cook -- can you farm?'
:: moment of silence ::
Are you meaning domestic terminals, international terminals, or both?
Since I've been paying for this research out of pocket, I haven't been able to assess many airports outside of the US. I did take a trip to Amsterdam in April to speak at a conference, and found that the stuff they sell abroad is more or less the same. However, this is based on one trip — hardly enough information to make any claims.
I'm from Amsterdam! What did you think of the city?
No further comments. :)
Hey, Evan Thanks for doing an AMA.
What has been the security community's response to your research?
I've had friends in the community pick things up in airports when they travel, brainstorm weapon concepts, buy me drinks, and so on. One of the biggest things the community did that it's probably completely unaware of is offer my (legitimately) concerned wife a little peace of mind. If so many brilliant people think this research is worthwhile, it's a lot easier to accept the inherent risks in pursuing this type of information. <3
Will you be swinging by Vegas in August?
Do you prefer to drive or fly now that you're in this line of work?
I love flying. I like to imagine what it'd be like if all the seats were on wheels.
OOH! Airplane bumper cars!! You heard it here first.
What would probably happen would be a great shift in weight towards the rear of the plane during takeoff.
Let's see... you take the y-velocity, multiply that by the rotational force of the earth (factoring in humidity and elevation, of course), divide that by the weight of the cargo raised by the number of windows on the plane... refactor... carry the four... hmm...
Yep. Everybody dies.
After the FBI showed up, did you fly anywhere? If so, did you notice any difference in behavior by airport and airplane staff?
I've flown quite a bit since my visit from the FBI, and I haven't so much as received a mean look from a TSA agent. I've never been selected for special screening.
Sooo... you're white?
Yep. If I were to say that my race has nothing to do with it, I'd be doing a huge disservice to the millions of well-intentioned people who receive "special attention" because they just happen to be a little darker than I am.
This is a most unfortunate reality.
Recently the author of the anarchist cook book said in a guardian article how he regretted creating the cook book. As I'm sure opinions can change; do you feel maybe you should have been a bit more direct in your approach to the powers at be or do you feel maybe you should have tried to get away with more to further your point.
This is a great question.
First off, the author or the anarchist cook book probably feels bad because easily half the information in the book was inaccurate.
Seriously though, I've tried to loosely follow the model of Responsible Disclosure, whereby the proper authorities are informed and given an opportunity to establish a timeline for addressing the problem. When that timeline has expired, the disclosed vulnerability is made available to the public. This step is crucial because it gives the authorities (or whoever is responsible for maintaining the security of the given system) the proper motivation to address the issue.
All my findings are first disclosed to the proper authorities, who have declined the opportunity to establish a timeline for remediation. Then I tell you about the problem because you need to know that it exists in order to make well-informed decisions about commercial air travel.
I hope that answers your question.
....proper authorities are informed and given an opportunity to establish a timeline for addressing the problem. When that timeline has expired, the disclosed vulnerability is made available to the public. This step is crucial because it gives the authorities (or whomever is responsible for maintaining the security of the given system) the proper motivation to address the issue.
That's really awesome. Coming into this thread, I didn't really have an opinion on what you're doing (I'm really only just hearing about this now). After reading this, you've got an exceptional outlook, coming from a point of helping people, instead of just showing vulnerabilities. Working so closely with security as you are, makes this a real benefit, paving a way for actual solutions.
I started reading this with a bit of wariness, but I've got to say, what you're doing is actually helpful. The way you're going about it is awesome. Good job, and thank you!
Thanks, man -- I really appreciate that.
Considering the research you do: Do you have any expectation of privacy at this point?
No more than I did when I started this project.
I'm not a tinfoil hat guy, but seriously, privacy these days is created intentionally, not inherited or assumed. I'm probably not telling you anything you don't already know...
Welcome! You're a brave ass mofo. Did you fear for your safety while making the video?
No. I grew up in the country with no cable, so my brother and I had to create our own entertainment. That said, I'm comfortable around improvised explosives.
:: cue distant banjo riff ::
Do you feel at all that you might just be contributing to fear mongering and the media over reaction to the level of danger or non-danger the general public is in? I mean this as a serious question and not intended to be argumentative. I always get a bit concerned when research like yours gets a lot of media attention. It's like the big kerfluffle over 3d printed guns, anyone with access to the internet and a local hardware store can make very lethal projectile weapons without much prior knowledge or money and no need for a 3d printer. Politicians use this kind of thing to assert more control with little demonstrated effect on our safety.
With that said I still find what you are doing very interesting and do not mean to be discouraging.
Thanks, man. I do worry about this. My goal is certainly not to make people afraid, but I can't control how people react or what spin the media puts on things.
I have made it a point to try to be very realistic in interviews about how dangerous the weapons are that I've created. I'm not sure what to do outside of that — suggestions are welcome.
Plot twist: The NSA saw this and he's now being held for treason by the feds, so he's unable to answer any questions posed.
NO THIS IS EVAN BOOTH. I AM EVAN BOOTH. BLOOD TYPE AB POSITIVE. I'M LEFT HANDED. THIS IS EVAN.
BEEP BEEP BOOP BEEP
Do you think there is an equivalent of the "Full Employment Theorem" for security researchers?
It seems like any sufficiently useful collection of merchandise for sale could eventually be used to construct weapons or explosives. Can you suggest a theoretical approach for constructing a sterile airport environment that renders the construction of destructive devices impossible rather than point solutions to defeat your particular creations?
Also, do you want to hang out?
Also, do you want to hang out?
NICE TRY, DHS! ;)
Seeing as I just googled "Full Employment Theorem," I probably won't be able to answer that question to your satisfaction. Having skimmed Wikipedia, I'm now
an expert very intrigued, and will be looking into this further. Thanks!
You pose an excellent question. My far-too-broad answer won't do it justice, but here goes: We need to take a much larger step back when examining this problem. To me, this is not an issue of how sterilize the airport environment. The bigger problem is how much of our time, dignity, privacy, and tax dollars we're spending on a solution is doesn't even start to accomplish its stated goals.
Do you anticipate the spread of TSA in its current format to other areas of our lives? Such as commuter trains, highways, etc.? What "security" measures do you think will be taken?
I'm honestly not sure.
Considering how much of our security procedures are based on what attackers have done in the past (ie: we take off our shoes because of the shoe bomber), I'd say terrorists pretty much decide what we do next.
The best way, after all, to beat terrorism is to wait for terrorists to show us what we should be terrified of doing and where we'll see a wholesale elimination of our privacy and basic human rights. /s
How did you get into this current project from your background of software development and information architecture?
I’ve always had a very healthy sense of curiosity and a deep-seated fascination with resourcefulness. So, growing up (and still today), when I was in a store or office or whatever, I would pay attention the items that were around me, and just as a way of passing the time, I would think through various scenarios and how I would use those items to work through these scenarios. For instance, if I knew that in 4 hours, I would be alone when 10 armed dudes attacked the Walgreens I'm in, how would I defend myself? Terminal Cornucopia is the result of years of this type of creative problem-solving mixed with flying regularly.
What was it like having the FBI show up at your door?
View HistoryShare Link