Insecure Flight: Broken Boarding Passes and Ineffective Terrorist Watch Lists

17 Pages Posted: 20 Jul 2007

See all articles by Christopher Soghoian

Christopher Soghoian

Yale University - Yale Information Society Project

Date Written: July 19, 2007


In this paper, we discuss a number of existing problems with the airport transportation security system in the United States. We discuss two separate, yet equally important issues: The ease with which a passenger can fly without any identification documents at all and the ease with which print-at-home boarding passes can be modified, tampered with, and faked. The significance of these vulnerabilities becomes clear when viewed in light of the US government's insistence on maintaining passenger watch lists, whose contents are secret and effectiveness depend upon the government being able to verify the identity of each flying passenger. We then introduce a method of determining if any particular name is on the no fly list, without ever having to step foot into an airport. We introduce a physical denial of service attack against the Transportation Security Administration (TSA) checkpoints at airports, distributed via an Internet virus. Finally, we propose technical solutions to the user modifiable boarding pass problem, which also neutralize the physical denial of service attack. The solutions have the added benefit of meshing with TSA's publicly stated wish to assume responsibility for verifying passengers names against the watch lists, as well as enabling them to collect and store real time data on passengers as they pass through checkpoints, something they are not able to do under the existing system.

Keywords: airport security, identity, transportation security administration

Suggested Citation

Soghoian, Christopher, Insecure Flight: Broken Boarding Passes and Ineffective Terrorist Watch Lists (July 19, 2007). Available at SSRN: or

Christopher Soghoian (Contact Author)

Yale University - Yale Information Society Project ( email )

127 Wall Street
New Haven, CT 06511
United States

Do you have negative results from your research you’d like to share?

Paper statistics

Abstract Views
PlumX Metrics