My background is in software development and information architecture. However, for the past year, I’ve been working on independent security research I’ve dubbed "Terminal Cornucopia." The TSA is supposed to prevent passengers from slipping anything that could be used as a weapon past its multiple layers of security personnel, scanning devices, and explosive-detecting swabs. Trouble is, there are a slew of items that you can purchase just past the security checkpoint that can be turned into a makeshift arsenal. To help illustrate this vulnerability, I have recently filmed a short video with VICE to demonstrate just how easy it is to build these weapons. My goals for this project are to inform the public about this security issue, and to give the TSA/policymakers solid information on which to base decisions regarding our safety.

For an overview of the project (including demonstration videos for the weapons), check out http://terminalcornucopia.com.

Proof: https://twitter.com/evanbooth/status/416612504454721536

Edit 1: Well that's disconcerting... in the middle of an AMA about building weapons out of airport wares, my Macbook randomly shut down and won't power up. D:

Edit 2: Thank you guys for all the great questions! I have to run to appointment, but I'll try to keep answering questions over the next few hours. To get updates on Terminal Cornucopia, follow me on Twitter @evanbooth.

Comments: 1831 • Responses: 34  • Date: 

tupper931536 karma

What was it like having the FBI show up at your door?

treef0rt2080 karma

Well....they didn't wear the nifty, blue, "FBI" windbreakers, so it was a total letdown.

Really though, I'd done a fair amount of mental preparation going into this project, and I knew a visit wasn't completely out of the realm of possibility. They showed up considerably later than I would've expected (I first spoke about Terminal Cornucopia in March, they showed up in June), but I was able to stay relaxed through it. I suppose it helped that the two guys who showed up were perfectly nice and courteous.

Edit: Yeah, still pissed about the windbreakers. That's about standards, people.

tupper931081 karma

The lack of windbreakers is utterly disappointing. Did they at least produce badges and/or introduce themselves as Special Agents Mulder and Scully?

treef0rt1185 karma

Yes to the badges, but no re: The X-Files. I did whistle the theme song a few times, so that's something.

klondikes181 karma

If you don't mind, what are you most concerned about in your line of work/research - for yourself or for the other folks who might be affected?
Is there a line that you're conscious of not crossing?

Thanks for the intriguing topic!

treef0rt465 karma

My pleasure — thanks for the great questions!

I'm pretty sure laws are written to be intentionally convoluted. We've all probably committed a felony or two today without even knowing it. If someone with a modicum of power/authority gets butthurt, you're going to have a bad time. It becomes a question of whether or not you let that stop you from doing things that are right.

homerr146 karma

What did they ask?

treef0rt627 karma

They asked a lot of the same questions that have been asked here, actually. They were primarily concerned that I'd built weapons inside the airport. So I was glad to be able to tell them that I hadn't — I build everything in my office. However, I did tell them that I'd love to build weapons inside of the airport if they'd be so kind as grant me that permission. ;)

Adamapplejacks1063 karma

Dude, steel is made out of your balls.

treef0rt501 karma

I'm almost embarrassed to admit how hard this made me chortle just now.

wizard_82131 karma

What was the response to that?

treef0rt554 karma

They punched me right in the throat.

Or they just said no. It's tough to remember the details...

tupper93942 karma

Many people comment on your news articles saying that your work is educating “the bad guys” and making it easier for them to do harm. As this is a legitimate concern, how would you respond to it?

treef0rt1523 karma

This is a great question.

I think that an important thing to keep in mind when it comes to defending against attacks from "the bad guys," is that we're usually playing catch-up. Vulnerabilities like the one(s) my work examines are rooted in basic knowledge that has been available in books and on the internet for many, many, many years — primitive weapons, basic chemistry, etc. This is just one guy's opinion, but I think it's safe to assume that if an individual or a group is willing to harm or kill another person, they have already discovered this information.

I hope that my work serves as a means to level the playing field, and to help us put better, more effective, and more appropriate security measures in place moving forward.

Edit: typo

boxjohn768 karma

So seriously, how much do you worry about being under government scrutiny due to your chosen path?

treef0rt1201 karma

That all relative, I suppose. I try to keep things on the level, so if an agency were to dig into my life, they wouldn't find any surprises.

In my mind, I've taken the appropriate steps to position myself as an ally. Instead of digging around for something, I'd prefer they just ask. Admittedly, this is probably a tad naive on my part.

Edit: Having thought about this a little more, it's definitely not naivety. I'd really like to think that I'm a man of principle. Given the documents this country was founded on, when you take away all the bovine feces and nonsense, a citizen in the United States should be able to do what I'm doing without fear of scrutiny or punishment from the government. End of story.

TheRedditDoctor1008 karma

I bet it helps being a good looking young white male.

treef0rt1359 karma

Fact.

DrunkDuckIII458 karma

" In 4th grade, with the help of strategically placed pens, erasers, and a Pop-Tarts wrapper, Evan's pencil box could quickly be converted into a model rocket launchpad."

Care to explain more?

treef0rt618 karma

Like this: http://i.imgur.com/xPAUmGP.png

Note: The eraser fit snugly in the little compartment for the pencils. The Pop-Tarts wrapper kept things from getting too melty. ;)

Disgruntled_Fridge218 karma

Nice diagram

treef0rt707 karma

Thanks... I made it out of a shoestring, a yawn from a tired hippo, and a spit bubble.

joesnackpack100 karma

nice reference

treef0rt114 karma

Glad someone got it. ;)

long-shots93 karma

Pop tarts wrapper seems sufficient but is it necessary?

treef0rt273 karma

I was in fourth grade...

long-shots110 karma

The false necessity of unnecessary shiny stuff became a mass hypnosis long before you or me entered fourth grade. I still admit to enjoying shiny things, even though they can be blinding.

treef0rt265 karma

[7]? [8]?

tsgmob37 karma

Sure I'll draw that, is that you?

treef0rt83 karma

Man, I wish I had time to maintain a good novelty account...

Edit: vanity? wat.

linuxdashie398 karma

[deleted]

treef0rt579 karma

This answer is a bit of a cop out, admittedly, but I'm a lot better at digging into and defining a problem than I am working out a fully-baked solution. The analogy I like to use is expecting a gourmet chef to also be a champion competitive eater.

There are people who are far smarter than I who have written about changes that need to happen in regard to airport security. I would direct you to the inimitable Bruce Schneier: https://www.schneier.com/cgi-bin/mt/mt-search.cgi?tag=TSA.

Edit: This post is a good place to start.

If you forget how to spell "Schneier," it's best to slam your face against the keyboard repeatedly until you get lucky. That's what I do.

Dlgredael303 karma

When you're a comedian, everybody wants you to do things besides comedy. They say, 'OK, you're a stand-up comedian -- can you act? Can you write? Write us a script!'. It's as though if I were a cook and I worked my ass off to become a good cook, they said, 'All right, you're a cook -- can you farm?'

-Mitch Hedberg

treef0rt206 karma

Oh, Mitch.

:: moment of silence ::

Shezzam277 karma

Are you meaning domestic terminals, international terminals, or both?

treef0rt425 karma

Since I've been paying for this research out of pocket, I haven't been able to assess many airports outside of the US. I did take a trip to Amsterdam in April to speak at a conference, and found that the stuff they sell abroad is more or less the same. However, this is based on one trip — hardly enough information to make any claims.

endlesslaundry132 karma

I'm from Amsterdam! What did you think of the city?

treef0rt463 karma

LOVED Amsterdam!

No further comments. :)

sempf235 karma

Hey, Evan Thanks for doing an AMA.

What has been the security community's response to your research?

treef0rt405 karma

Overwhelmingly positive.

I've had friends in the community pick things up in airports when they travel, brainstorm weapon concepts, buy me drinks, and so on. One of the biggest things the community did that it's probably completely unaware of is offer my (legitimately) concerned wife a little peace of mind. If so many brilliant people think this research is worthwhile, it's a lot easier to accept the inherent risks in pursuing this type of information. <3

CrimJim43 karma

Will you be swinging by Vegas in August?

treef0rt68 karma

Absolutely.

littleM0TH180 karma

Do you prefer to drive or fly now that you're in this line of work?

treef0rt501 karma

I love flying. I like to imagine what it'd be like if all the seats were on wheels.

OOH! Airplane bumper cars!! You heard it here first.

aw3man152 karma

What would probably happen would be a great shift in weight towards the rear of the plane during takeoff.

treef0rt471 karma

Let's see... you take the y-velocity, multiply that by the rotational force of the earth (factoring in humidity and elevation, of course), divide that by the weight of the cargo raised by the number of windows on the plane... refactor... carry the four... hmm...

Yep. Everybody dies.

xPhantomNL96 karma

After the FBI showed up, did you fly anywhere? If so, did you notice any difference in behavior by airport and airplane staff?

treef0rt202 karma

I've flown quite a bit since my visit from the FBI, and I haven't so much as received a mean look from a TSA agent. I've never been selected for special screening.

jbauer22442 karma

Sooo... you're white?

treef0rt377 karma

Yep. If I were to say that my race has nothing to do with it, I'd be doing a huge disservice to the millions of well-intentioned people who receive "special attention" because they just happen to be a little darker than I am.

This is a most unfortunate reality.

Nitsed158 karma

Recently the author of the anarchist cook book said in a guardian article how he regretted creating the cook book. As I'm sure opinions can change; do you feel maybe you should have been a bit more direct in your approach to the powers at be or do you feel maybe you should have tried to get away with more to further your point.

treef0rt324 karma

This is a great question.

First off, the author or the anarchist cook book probably feels bad because easily half the information in the book was inaccurate.

Seriously though, I've tried to loosely follow the model of Responsible Disclosure, whereby the proper authorities are informed and given an opportunity to establish a timeline for addressing the problem. When that timeline has expired, the disclosed vulnerability is made available to the public. This step is crucial because it gives the authorities (or whoever is responsible for maintaining the security of the given system) the proper motivation to address the issue.

All my findings are first disclosed to the proper authorities, who have declined the opportunity to establish a timeline for remediation. Then I tell you about the problem because you need to know that it exists in order to make well-informed decisions about commercial air travel.

I hope that answers your question.

Edit: grammar

phnx0221100 karma

....proper authorities are informed and given an opportunity to establish a timeline for addressing the problem. When that timeline has expired, the disclosed vulnerability is made available to the public. This step is crucial because it gives the authorities (or whomever is responsible for maintaining the security of the given system) the proper motivation to address the issue.

That's really awesome. Coming into this thread, I didn't really have an opinion on what you're doing (I'm really only just hearing about this now). After reading this, you've got an exceptional outlook, coming from a point of helping people, instead of just showing vulnerabilities. Working so closely with security as you are, makes this a real benefit, paving a way for actual solutions.

I started reading this with a bit of wariness, but I've got to say, what you're doing is actually helpful. The way you're going about it is awesome. Good job, and thank you!

treef0rt17 karma

Thanks, man -- I really appreciate that.

erreip_arevir121 karma

Considering the research you do: Do you have any expectation of privacy at this point?

treef0rt284 karma

No more than I did when I started this project.

I'm not a tinfoil hat guy, but seriously, privacy these days is created intentionally, not inherited or assumed. I'm probably not telling you anything you don't already know...

Crossfired197 karma

Welcome! You're a brave ass mofo. Did you fear for your safety while making the video?

treef0rt285 karma

No. I grew up in the country with no cable, so my brother and I had to create our own entertainment. That said, I'm comfortable around improvised explosives.

:: cue distant banjo riff ::

byllc71 karma

Do you feel at all that you might just be contributing to fear mongering and the media over reaction to the level of danger or non-danger the general public is in? I mean this as a serious question and not intended to be argumentative. I always get a bit concerned when research like yours gets a lot of media attention. It's like the big kerfluffle over 3d printed guns, anyone with access to the internet and a local hardware store can make very lethal projectile weapons without much prior knowledge or money and no need for a 3d printer. Politicians use this kind of thing to assert more control with little demonstrated effect on our safety.

With that said I still find what you are doing very interesting and do not mean to be discouraging.

treef0rt71 karma

Thanks, man. I do worry about this. My goal is certainly not to make people afraid, but I can't control how people react or what spin the media puts on things.

I have made it a point to try to be very realistic in interviews about how dangerous the weapons are that I've created. I'm not sure what to do outside of that — suggestions are welcome.

Tullyswimmer69 karma

Plot twist: The NSA saw this and he's now being held for treason by the feds, so he's unable to answer any questions posed.

treef0rt307 karma

NO THIS IS EVAN BOOTH. I AM EVAN BOOTH. BLOOD TYPE AB POSITIVE. I'M LEFT HANDED. THIS IS EVAN.

BEEP BEEP BOOP BEEP

kerrmudgeon46 karma

Do you think there is an equivalent of the "Full Employment Theorem" for security researchers?

It seems like any sufficiently useful collection of merchandise for sale could eventually be used to construct weapons or explosives. Can you suggest a theoretical approach for constructing a sterile airport environment that renders the construction of destructive devices impossible rather than point solutions to defeat your particular creations?

Also, do you want to hang out?

treef0rt140 karma

Also, do you want to hang out?

NICE TRY, DHS! ;)

Seeing as I just googled "Full Employment Theorem," I probably won't be able to answer that question to your satisfaction. Having skimmed Wikipedia, I'm now an expert very intrigued, and will be looking into this further. Thanks!

You pose an excellent question. My far-too-broad answer won't do it justice, but here goes: We need to take a much larger step back when examining this problem. To me, this is not an issue of how sterilize the airport environment. The bigger problem is how much of our time, dignity, privacy, and tax dollars we're spending on a solution is doesn't even start to accomplish its stated goals.

Seqing_truth44 karma

Do you anticipate the spread of TSA in its current format to other areas of our lives? Such as commuter trains, highways, etc.? What "security" measures do you think will be taken?

treef0rt150 karma

I'm honestly not sure.

Considering how much of our security procedures are based on what attackers have done in the past (ie: we take off our shoes because of the shoe bomber), I'd say terrorists pretty much decide what we do next.
The best way, after all, to beat terrorism is to wait for terrorists to show us what we should be terrified of doing and where we'll see a wholesale elimination of our privacy and basic human rights. /s

jbarra235 karma

How did you get into this current project from your background of software development and information architecture?

treef0rt35 karma

I’ve always had a very healthy sense of curiosity and a deep-seated fascination with resourcefulness.  So, growing up (and still today), when I was in a store or office or whatever, I would pay attention the items that were around me, and just as a way of passing the time, I would think through various scenarios and how I would use those items to work through these scenarios. For instance, if I knew that in 4 hours, I would be alone when 10 armed dudes attacked the Walgreens I'm in, how would I defend myself? Terminal Cornucopia is the result of years of this type of creative problem-solving mixed with flying regularly.