Adventures with the TSA

In the last month, I’ve had two interesting experiences with the TSA. Both times, the airline ended up saving the day. I’m writing this not as a “LOOK HOW BAD THIS HAS BECOME!” as I have friends in targeted demographics as well as friends on lists who consistently get detained, and they already write far more eloquently and intimately about that side of things than I could wish to. This is more a “look at what this is like, for someone who is socially aware but also not in a tracking system” (that I know of).

What’s in a Name?

The back issue on my end is this: I like my first name, but it’s not my social name – that’s “Willow,” my middle name. I have no desire to change my names, especially not to simply make the job the state has taken on easier. This means, when I travel internationally, my full name is listed with the airline from my passport, which also means my frequent flier programs have FIRST MIDDLE LAST. Which means when I book an intra-continental flight, my FIRST LAST shows up, while MIDDLE LAST are on all of my locally-relevant IDs (driver’s license, credit cards, academic IDs, etc). I have usually just brought an ID which indicates my first initial, and everything’s dandy.

This hasn’t been an issue until the last two months, when it has suddenly become enough of a red flag that merits extensive measures be taken that I’m not a dangerous person. Which means going through all of my stuff and a thorough pat down. Which is often used as a threat, not as a heads up. As someone who has consistently opted out of scanners which can store and transmit images of your body (and therefore into pat-downs) for the past 5 years of heavy travel, I’m pretty acquainted with the less aggressive version of this process. I asked to see the policy stating that they had a right to touch me, based on my name. TSA informed me that no one is allowed to see their policies, and to please wait on a supervisor.

A gold sticker replicates a TSA-agent's badge and reads "TSA Team Boston, Junior Officer" with the Department of Homeland Security emblem and eagles all over the place.I waited. And waited. My flight began to board. I was still on the other side of security. Finally, I went to the airline desk and told them what was going on, and they changed the name on the ticket to match the ID I had on hand. I made my flight. I’m not sure if the airline did a legal thing, so I’m not naming them, but holy shit am I grateful.

Victory point: the TSA staff felt so badly about their process and supervisor being so shitty that they gave me a junior TSA agent sticker. To which Jenbot responded “You’re just two more pasties away from the world’s funniest private screening.”

Nonconsensual Pat Downs!

Last night had significantly less humor. I, for once, went for the full-body scan thing. My emotional fortitude to opt out of every process is slowly being worn down, which just pisses me off even more. I hate rolling over and showing my belly, but I also hate being touched by strangers who think I’m a fucking villain 3+ times a month. The scan showed an “anomaly in my pants” (lulz), and the female-identified TSA agent started patting me down before verbal acknowledgement nor even eye contact were made. I stopped her, saying I hadn’t consented to a pat down, at which point she indicated the anomaly and stated a pat-down needed to happen. I said I understood, but I hadn’t yet consented. She asked if there was going to be a problem, I said “with you touching me without my consent? Yes.” She then deployed the mantra of “going through all of my stuff and a thorough pat down,” but this time with about 3 additional TSA agents, a manager, and 2 federal officers around me, with them holding onto my stuff.

I balked. I’d rather spend another night where I was than deal with this (I was in a lovely place with lovely people). They tried to take my ID to scan it for a report I wouldn’t see. I instead put on my boots, got my bags (they didn’t resist my taking my things, but they also didn’t make it clear in any way it was possible), and walked towards the airline counter to sort things out. As I was walking away, one of the federal officers told me in a surprisingly friendly tone that if I attempted to make it through a different security line that night, I would be arrested and criminal charges pressed against me.

The airline informed me that I could use the ticket’s cost towards a future flight, but that they couldn’t book me on another flight the next day free of charge. That was between me and the TSA. I went back to the security line and talked with state officers, the TSA manager, and their manager about my general work, large-scale conflict resolution, sexual assault survivors, trans friends, and the TSA’s lack of empathy and effectiveness. I should have left the last part out, but I was pissed off. They allowed me to go through the process that night, if I were willing to go through the pat-down and stuff-going-through. And fuck it, my going home was more important in that moment than my civil liberties. And yes, I’m also well aware that basically no other demographic would have been able to have this privilege (because while it was personally deeply uncomfortable and not ok, it was still a systemic privilege to be able to have a re-do).

A friend who happened to be in the airport at the same time (small world is small) had seen some of this happening, and waited past security for me to be sure everything was all right. I’m deeply thankful for this act of kindness and manifestation of social fabric. Also that the TSA manager enacted the pat-down, as a personalized moment of “I know I’m a part of a fucked up system.” I made it through security at the core of the airport just as my flight was meant to be taking off in a peripheral gate, but I jogged to my gate anyway. And the goddamn airline held an entire flight for 15 minutes just so I could still get out that night. So much gratitude.

Internal Consistency is How the Terrorists Win, Apparently

It’s worth noting here that I fly a fair amount. I also tend to detect patterns and systems fairly well. I dread the inevitable next agent-splaining of how TSA policies work, which are always attempts to be kind and to let me in on “how things work,” but are never remotely consistent. Fuck you. The haphazard nature of enforcement has little to do with “let’s keep ’em guessing!” and far more to do with “what equipment is working today and what rules we’ve been chop-busted about most recently.”

Which Just Adds To…

The cycle we’re caught up in right now does little to nothing to “catch the terrorists” (which is also just slapping a band-aid on a gaping wound of systemic problems) and a whole lot in further ostracizing and demeaning historically marginalized demographics.

I have no idea what to do with this – the work I can’t not do (for passion, for frustration, for specialization) merits traveling a fair amount. The people I love are a distributed lot. But I also can’t handle instances like this happening too much more before… something has to change. Me, or it.

Here’s something I used to do a lot more, and which now I’ve been worn down out of doing, so I can still have emotional capacity for other things I care about. And that also pisses me off.

Is it secret, is it safe?

Being in Berlin reminded me that I haven’t been around the hackers I know and love since my last round of gadget aquirement. A lot of conversations have been happening recently around the usability of crypto-aware tools (including an event in DC on Jan 11th that GWOB is doing with OpenITP – you should go!). What we fail to talk about are how easy many existing things are out there, and what they are. Here are some things we did:

Encrypt all the things!

Why this matters: when interacting with law enforcement, you can plead the 5th around your password, but the hardware itself can be seized, albeit sometimes for a short time. During this, they can take an image of your disk, IE, scan and copy anything on it. By encrypting your device, all they will see is adsfliu9p8aerkadfov8c79234hfgia etc instead of “ohai.”
File Vault

  • A Mac. It’s not as hard as you think. With a solid state drive, it takes about 45 minutes. Let it run tonight while you head to bed. For a Mac, plug it in, launch System Preferences > Security and Privacy > File Vault > Encrypt.
  • An Android. Also not difficult. Settings > Security > Encrypt Device. Again, you’ll need to leave it plugged in and have a bit of patience with it.

Password Management

Why this is important: helps you not fall into password reuse issues by allowing you to only remember one strong password, and loading in non-human-memorable passwords.
On Mac, I went for 1Password. It costs some money, but it’s hella easy to use, and I can share an encrypted file via dropbox between my multiple devices so I can still access accounts. While I’m plugging in these accounts to 1Password, I’m slowly changing all my less-secure passwords for randomized ones.

Communications

drawn for Morgan Mayhem’s Center for Civic Media talk on Coercion Resistant Design

Why this is important: While we’ve achieved HTTPS in most places, within and between larger “clouds” data is not actually sent encrypted. In order for you to maintain your privacy, it’s important for anything you send to be encrypted. All of these are usable in the exact same way from a user standpoint as the things they replace. They just also encrypt the traffic. Try them out.

I already use Adium for Off The Record (OTR) and Thunderbird for Pretty Good Privacy (PGP) on my Mac. I’d use Jitsi but it crashes anytime I’ve tried. Waiting until it works. That said, I also want the messages I send on my phone to be encrypted.

  • ChatSecure : chat on phone
  • TextSecure : already installed, but worth mentioning
  • Threema : also encrypts images etc! Let me know if you’re on it, definitely needs critical mass in order to be usable. I’m K69NNHXE
  • Orweb : Tor browser on phone
  • Orbot : Tor node on phone

Self-Hosting

Why this is important: you control your data. Or at least someone you can go punch in the face does. I am also incredibly hungry at this point of writing this post and thus this section lacks detail.
Uberspace : I like this group out of Berlin. They’re pretty great.
Ownweb : All the functionality of calendar, contact storage, etc. Works beautifully on Uberspace.
edit: Make that OwnCloud. Thanks, Natanji! Also, hosting on your own of course requires the mental and technical to maintain those servers.

Is it safe?

When is the last time you ran a backup? Why not right now?

<3 to all the fine folk who helped out with this : Tomate, Herr Flupke, Morgan.