0 00:00:00,000 --> 00:00:30,000 Dear viewer, these subtitles were generated by a machine via the service Trint and therefore are (very) buggy. If you are capable, please help us to create good quality subtitles: https://c3subtitles.de/talk/341 Thanks! 1 00:00:09,290 --> 00:00:11,539 Thank you. So before I get started, 2 00:00:11,540 --> 00:00:13,849 I just wanted to say that this project 3 00:00:13,850 --> 00:00:16,128 ran for about a year and a half. 4 00:00:16,129 --> 00:00:17,929 It was a large collaborative project 5 00:00:17,930 --> 00:00:20,059 between University of Michigan, Johns 6 00:00:20,060 --> 00:00:22,339 Hopkins University and the University 7 00:00:22,340 --> 00:00:23,689 of California, San Diego. 8 00:00:23,690 --> 00:00:25,949 We have a lot of coauthors listed here. 9 00:00:25,950 --> 00:00:27,889 We also got a lot of support from people 10 00:00:27,890 --> 00:00:29,749 who were did not end up being coauthors 11 00:00:29,750 --> 00:00:31,219 who are acknowledged in the paper that 12 00:00:31,220 --> 00:00:33,379 I'd like just to mention again, 13 00:00:33,380 --> 00:00:35,149 before I go on and actually talk about 14 00:00:35,150 --> 00:00:36,559 the technical content, I'd like to 15 00:00:36,560 --> 00:00:39,019 observe that full body scanners produce 16 00:00:39,020 --> 00:00:41,089 naked scans of the human body as part 17 00:00:41,090 --> 00:00:43,279 of their operation. And as much as TSA 18 00:00:43,280 --> 00:00:45,469 would prefer that we forget that fact. 19 00:00:47,090 --> 00:00:49,249 The talk I'm going to give 20 00:00:49,250 --> 00:00:51,769 will necessarily involve explicit 21 00:00:51,770 --> 00:00:54,379 images, and so 22 00:00:54,380 --> 00:00:56,419 I'd like to warn everybody so that if you 23 00:00:56,420 --> 00:00:58,849 need to leave or 24 00:00:58,850 --> 00:01:00,199 text your friends to come over here, if 25 00:01:00,200 --> 00:01:01,219 they're in front talk, 26 00:01:02,330 --> 00:01:04,399 just be aware right now. 27 00:01:04,400 --> 00:01:06,709 All right. So with that, if you've flown 28 00:01:06,710 --> 00:01:08,599 anywhere in the last five years, 29 00:01:08,600 --> 00:01:10,279 especially if you've flown into the 30 00:01:10,280 --> 00:01:12,349 United States and Canada, you have 31 00:01:12,350 --> 00:01:14,899 interacted in some way with 32 00:01:14,900 --> 00:01:17,779 full body scanners, sometimes called 33 00:01:17,780 --> 00:01:20,479 naked scanners, porno scanners. 34 00:01:20,480 --> 00:01:22,639 TSA calls them advanced imaging 35 00:01:22,640 --> 00:01:25,159 technologies, which sounds very 36 00:01:25,160 --> 00:01:27,319 positive and and 37 00:01:27,320 --> 00:01:28,639 future looking. 38 00:01:28,640 --> 00:01:30,889 There are two of them 39 00:01:30,890 --> 00:01:32,029 that are widely deployed. 40 00:01:32,030 --> 00:01:33,829 The one on the left with the rectangular 41 00:01:33,830 --> 00:01:36,199 boxes is the Rapiscan Secure 42 00:01:36,200 --> 00:01:38,209 One Thousand, which uses backscatter 43 00:01:38,210 --> 00:01:40,669 X-ray technology to produce its image. 44 00:01:40,670 --> 00:01:43,159 The one on the right, the L3 45 00:01:43,160 --> 00:01:45,739 provision 8D has 46 00:01:45,740 --> 00:01:47,989 sort of a spending component and 47 00:01:47,990 --> 00:01:50,059 its uses millimeter wave technology 48 00:01:50,060 --> 00:01:51,649 to produce its images. 49 00:01:51,650 --> 00:01:54,139 Both of them work by producing a naked 50 00:01:54,140 --> 00:01:56,599 image of the subject, being scanned 51 00:01:56,600 --> 00:01:58,759 in the hopes of detecting 52 00:01:58,760 --> 00:02:00,979 contraband hidden on the subject body 53 00:02:00,980 --> 00:02:02,959 in an airport context that contraband 54 00:02:02,960 --> 00:02:05,149 would be, say, guns or 55 00:02:05,150 --> 00:02:07,579 knives or explosives or detonators 56 00:02:07,580 --> 00:02:09,829 or bottles of water, 57 00:02:09,830 --> 00:02:11,029 any of these things that are really 58 00:02:11,030 --> 00:02:13,189 dangerous to airport security. 59 00:02:13,190 --> 00:02:15,259 I'll give you a quick timeline. 60 00:02:15,260 --> 00:02:17,689 Body scanners were first deployed in 61 00:02:17,690 --> 00:02:20,179 the United States as a secondary 62 00:02:20,180 --> 00:02:21,139 screening technology. 63 00:02:21,140 --> 00:02:23,089 So if the metal detector went off, if 64 00:02:23,090 --> 00:02:25,189 something was funny, you could be routed 65 00:02:25,190 --> 00:02:27,289 to the special other lane where 66 00:02:27,290 --> 00:02:29,089 your body could be imaged. 67 00:02:29,090 --> 00:02:31,319 And then the move for 68 00:02:31,320 --> 00:02:33,529 making these be secondary 69 00:02:33,530 --> 00:02:35,539 technology to turning them into a primary 70 00:02:35,540 --> 00:02:37,669 screening technology happened with 71 00:02:37,670 --> 00:02:40,279 a lot of deliberation and foresight. 72 00:02:40,280 --> 00:02:42,349 What happened was that in December of 73 00:02:42,350 --> 00:02:44,359 2009, there was a failed bombing, the 74 00:02:44,360 --> 00:02:45,560 so-called underwear bomb 75 00:02:47,150 --> 00:02:49,519 that had the bomb hidden 76 00:02:49,520 --> 00:02:51,679 in the subject's clothing, 77 00:02:51,680 --> 00:02:53,899 where it was not 78 00:02:53,900 --> 00:02:55,249 detected by metal detector. 79 00:02:55,250 --> 00:02:58,189 And as a result, within a week 80 00:02:58,190 --> 00:02:59,629 and this is between Christmas and New 81 00:02:59,630 --> 00:03:01,909 Year's. So that's when a lot of important 82 00:03:01,910 --> 00:03:03,409 government decisions normally happen 83 00:03:03,410 --> 00:03:04,669 within a week. 84 00:03:04,670 --> 00:03:06,799 TSA announced that 85 00:03:06,800 --> 00:03:08,479 full body scanners would become the 86 00:03:08,480 --> 00:03:10,819 primary screening technologies 87 00:03:10,820 --> 00:03:12,469 used in airports. So when you go into an 88 00:03:12,470 --> 00:03:14,779 airport now in the United States, still 89 00:03:14,780 --> 00:03:16,219 you go through one of these. 90 00:03:16,220 --> 00:03:17,839 It's full body scanners. 91 00:03:19,610 --> 00:03:21,829 We managed to get one of these machines 92 00:03:21,830 --> 00:03:23,089 to study. 93 00:03:23,090 --> 00:03:24,829 I'll tell you how in a minute. 94 00:03:24,830 --> 00:03:26,839 In November of 2012, it arrived in our 95 00:03:26,840 --> 00:03:29,929 lab and then in 96 00:03:29,930 --> 00:03:31,999 that machine happens to be of the 97 00:03:32,000 --> 00:03:32,909 Rapiscan. 98 00:03:32,910 --> 00:03:34,759 We're very interested also in the 99 00:03:34,760 --> 00:03:36,649 millimeter wave, the provision. 100 00:03:36,650 --> 00:03:39,079 We don't happen to have one. 101 00:03:39,080 --> 00:03:40,819 If we get our hands on one, we'd love to 102 00:03:40,820 --> 00:03:43,099 study it, too, but we got the Rapiscan 103 00:03:43,100 --> 00:03:43,609 one. 104 00:03:43,610 --> 00:03:45,859 And those Rapiscan ones happened to 105 00:03:45,860 --> 00:03:48,169 have been removed from airports 106 00:03:48,170 --> 00:03:50,449 for unrelated reasons that I'll talk 107 00:03:50,450 --> 00:03:52,579 about later, also in May 108 00:03:52,580 --> 00:03:53,629 of the next year. 109 00:03:53,630 --> 00:03:55,789 So we actually had the machine in 110 00:03:55,790 --> 00:03:58,069 our lab for about 111 00:03:58,070 --> 00:03:59,929 seven months while they were deployed at 112 00:03:59,930 --> 00:04:01,669 airport. And many of the results that I'm 113 00:04:01,670 --> 00:04:03,379 going to tell you about and that Eric is 114 00:04:03,380 --> 00:04:04,909 going to tell you about, we actually 115 00:04:04,910 --> 00:04:06,499 already had during the time that they 116 00:04:06,500 --> 00:04:08,149 were at airports. They're not in airports 117 00:04:08,150 --> 00:04:09,150 right now. 118 00:04:10,670 --> 00:04:13,249 Now, these devices 119 00:04:13,250 --> 00:04:15,379 touch every third rail, 120 00:04:15,380 --> 00:04:17,359 every controversial topic that you can 121 00:04:17,360 --> 00:04:19,639 imagine in the context of airport 122 00:04:19,640 --> 00:04:22,129 security. They use ionizing 123 00:04:22,130 --> 00:04:24,289 radiation, which potentially could cause 124 00:04:24,290 --> 00:04:26,629 cancer to produce naked 125 00:04:26,630 --> 00:04:29,179 images of people's bodies 126 00:04:29,180 --> 00:04:31,249 in order to search for the 127 00:04:31,250 --> 00:04:33,439 kinds of things that could be used 128 00:04:33,440 --> 00:04:35,669 in terrorism against airplanes. 129 00:04:35,670 --> 00:04:37,999 So every kind of hot 130 00:04:38,000 --> 00:04:40,189 topic that you could imagine is 131 00:04:40,190 --> 00:04:42,259 involved in these machines. 132 00:04:42,260 --> 00:04:44,539 And as a result, they unsurprisingly 133 00:04:44,540 --> 00:04:46,309 generated a great deal of public debate. 134 00:04:46,310 --> 00:04:48,619 And the public debate was around 135 00:04:48,620 --> 00:04:51,049 three topics. First, do these 136 00:04:51,050 --> 00:04:53,119 things cause health 137 00:04:53,120 --> 00:04:55,519 issues to the people being scanned 138 00:04:55,520 --> 00:04:57,739 or more likely to the operators 139 00:04:57,740 --> 00:04:59,839 who have to stand next to them for hours 140 00:04:59,840 --> 00:05:01,159 at a time on their shift? 141 00:05:01,160 --> 00:05:03,499 And there was a letter by 142 00:05:03,500 --> 00:05:05,899 prominent scientists at the University 143 00:05:05,900 --> 00:05:07,579 of California, San Francisco, which is a 144 00:05:07,580 --> 00:05:09,889 medical school, questioning whether 145 00:05:09,890 --> 00:05:11,779 the dose to the skin may be higher than 146 00:05:11,780 --> 00:05:13,309 the manufacturer claimed. 147 00:05:13,310 --> 00:05:15,409 There are also concerns about the 148 00:05:15,410 --> 00:05:17,329 naked images that were produced by these 149 00:05:17,330 --> 00:05:19,819 scanners and whether, for example, 150 00:05:19,820 --> 00:05:22,399 TSA employees were taking advantage 151 00:05:22,400 --> 00:05:24,409 of the capabilities of producing these 152 00:05:24,410 --> 00:05:26,629 images to steer, say, 153 00:05:26,630 --> 00:05:28,729 attractive people into where they 154 00:05:28,730 --> 00:05:31,129 could be scanned and observed. 155 00:05:31,130 --> 00:05:33,469 This is a report from the flier 156 00:05:33,470 --> 00:05:35,869 talk community where people claimed 157 00:05:35,870 --> 00:05:37,939 that that the TSA employees 158 00:05:37,940 --> 00:05:40,099 were using the walkie talkies 159 00:05:40,100 --> 00:05:42,169 to warn others that a 160 00:05:42,170 --> 00:05:44,599 cutie was coming through, 161 00:05:44,600 --> 00:05:46,179 that they might want to. 162 00:05:46,180 --> 00:05:49,149 Look at and then 163 00:05:49,150 --> 00:05:51,219 maybe most germane. 164 00:05:51,220 --> 00:05:53,259 There was also a question of whether 165 00:05:53,260 --> 00:05:55,209 these things would work at all, we might 166 00:05:55,210 --> 00:05:57,069 be willing to take some health risks. 167 00:05:57,070 --> 00:05:59,229 We might be willing to take some privacy 168 00:05:59,230 --> 00:06:01,509 losses if we protected 169 00:06:01,510 --> 00:06:03,549 airports. But if we're not even doing 170 00:06:03,550 --> 00:06:05,709 that, then it seems pretty clear that 171 00:06:05,710 --> 00:06:07,899 the other debates are not even 172 00:06:07,900 --> 00:06:10,809 worth having. And there was 173 00:06:10,810 --> 00:06:13,209 a lot of questioning 174 00:06:13,210 --> 00:06:14,769 about whether these things actually did 175 00:06:14,770 --> 00:06:16,659 their job. And there was a blogger. 176 00:06:16,660 --> 00:06:18,639 This is a video that he posted to YouTube 177 00:06:19,720 --> 00:06:21,879 called Jonathan Corbett, who claimed 178 00:06:21,880 --> 00:06:24,069 that, in fact, there were techniques by 179 00:06:24,070 --> 00:06:26,619 which he could get contraband past 180 00:06:26,620 --> 00:06:27,699 these scanners. 181 00:06:27,700 --> 00:06:29,649 And he claimed that he actually tested 182 00:06:29,650 --> 00:06:31,749 these techniques against real 183 00:06:31,750 --> 00:06:33,609 deployments at real airports. 184 00:06:33,610 --> 00:06:35,829 And this got some press 185 00:06:35,830 --> 00:06:38,109 coverage. The TSA wasn't pleased. 186 00:06:38,110 --> 00:06:39,519 They actually and this is quite 187 00:06:39,520 --> 00:06:40,239 remarkable. 188 00:06:40,240 --> 00:06:42,669 They actually called up reporters 189 00:06:42,670 --> 00:06:44,739 and they said we 190 00:06:44,740 --> 00:06:47,049 would really prefer that you not cover 191 00:06:47,050 --> 00:06:49,389 this blogger's claims and 192 00:06:49,390 --> 00:06:51,040 some reporters didn't as a result. 193 00:06:53,890 --> 00:06:55,569 But this public debate, this public 194 00:06:55,570 --> 00:06:58,359 debate around safety, around privacy, 195 00:06:58,360 --> 00:07:00,699 around the efficacy of the devices 196 00:07:00,700 --> 00:07:02,919 was not informed by 197 00:07:02,920 --> 00:07:05,229 facts from the manufacturer or 198 00:07:05,230 --> 00:07:06,789 from TSA, which was running these 199 00:07:06,790 --> 00:07:09,249 machines. And their response 200 00:07:09,250 --> 00:07:11,409 was, in general, trust us, 201 00:07:11,410 --> 00:07:12,669 we have done these studies. 202 00:07:12,670 --> 00:07:14,409 We have evaluated these devices. 203 00:07:14,410 --> 00:07:15,729 These devices are safe. 204 00:07:15,730 --> 00:07:16,929 They protect your privacy. 205 00:07:16,930 --> 00:07:17,859 They're effective. 206 00:07:17,860 --> 00:07:19,989 And no, you can't find out why 207 00:07:19,990 --> 00:07:20,889 we think that. 208 00:07:20,890 --> 00:07:23,019 And when TSA hand was 209 00:07:23,020 --> 00:07:24,789 forced through, for example, the Freedom 210 00:07:24,790 --> 00:07:27,219 of Information Act to reveal 211 00:07:27,220 --> 00:07:29,169 something about the operation of these 212 00:07:29,170 --> 00:07:30,759 scanners, what you got back was something 213 00:07:30,760 --> 00:07:31,760 like this where 214 00:07:32,890 --> 00:07:35,169 a whole bunch of information about 215 00:07:35,170 --> 00:07:37,689 the workings of the machine up through 216 00:07:37,690 --> 00:07:39,849 the the potential on the X-ray tube 217 00:07:39,850 --> 00:07:42,069 inside it was redacted. 218 00:07:42,070 --> 00:07:44,769 And so what you had was you had a debate 219 00:07:44,770 --> 00:07:46,839 around really important 220 00:07:46,840 --> 00:07:48,999 things that was 221 00:07:49,000 --> 00:07:51,159 uninformed by the 222 00:07:51,160 --> 00:07:53,439 manufacturer, uninformed by TSA, 223 00:07:53,440 --> 00:07:55,179 uninformed really by facts. 224 00:07:55,180 --> 00:07:57,009 It was speculation instead of facts. 225 00:07:57,010 --> 00:07:58,959 So as computer scientists, we did what 226 00:07:58,960 --> 00:08:01,119 computer scientists do in that situation, 227 00:08:01,120 --> 00:08:03,279 which is we turn to eBay 228 00:08:03,280 --> 00:08:06,309 and we found that 229 00:08:06,310 --> 00:08:08,469 these machines were all 230 00:08:08,470 --> 00:08:10,809 of a sudden available to purchase 231 00:08:10,810 --> 00:08:12,549 from a seller on eBay. 232 00:08:12,550 --> 00:08:14,649 Now, this seller happens to be in 233 00:08:14,650 --> 00:08:15,650 Germany. 234 00:08:16,660 --> 00:08:18,969 And he bought the machines at 235 00:08:18,970 --> 00:08:21,699 a surplus auction in Europe 236 00:08:21,700 --> 00:08:23,949 from a United States government 237 00:08:23,950 --> 00:08:26,229 facility that was selling new old 238 00:08:26,230 --> 00:08:28,389 stock, so they just put them up for 239 00:08:28,390 --> 00:08:29,679 surplus sale. 240 00:08:29,680 --> 00:08:31,749 He bought them, put them up on eBay. 241 00:08:31,750 --> 00:08:33,879 And we were very excited and we 242 00:08:33,880 --> 00:08:37,149 shipped them back to the United States 243 00:08:37,150 --> 00:08:39,538 at, frankly, great expense. 244 00:08:39,539 --> 00:08:40,928 I think they got a first class ticket on 245 00:08:40,929 --> 00:08:43,089 Lufthansa and and we got 246 00:08:43,090 --> 00:08:44,139 them into our lab. 247 00:08:44,140 --> 00:08:46,239 And our hope was that by 248 00:08:46,240 --> 00:08:48,309 having access to these machines to 249 00:08:48,310 --> 00:08:50,739 test, by performing an independent 250 00:08:50,740 --> 00:08:52,809 security evaluation of these devices, 251 00:08:52,810 --> 00:08:54,549 we would be able to take that public 252 00:08:54,550 --> 00:08:56,889 debate and inform it with facts 253 00:08:56,890 --> 00:08:58,899 and we would be able to ask and to 254 00:08:58,900 --> 00:09:01,419 answer. First is the secure 255 00:09:01,420 --> 00:09:02,979 one thousand, the Rapiscan secure one 256 00:09:02,980 --> 00:09:04,429 thousand radiologically safe. 257 00:09:04,430 --> 00:09:06,759 What is the actual dose in normal 258 00:09:06,760 --> 00:09:08,649 operation? What is the dose that can be 259 00:09:08,650 --> 00:09:10,389 delivered by somebody who tampers with 260 00:09:10,390 --> 00:09:11,919 the machine software with the machines, 261 00:09:11,920 --> 00:09:12,920 hardware? 262 00:09:13,330 --> 00:09:15,969 What are the implications for privacy 263 00:09:15,970 --> 00:09:18,849 of the machines operation, both 264 00:09:18,850 --> 00:09:21,579 with respect to the actual operators 265 00:09:21,580 --> 00:09:23,739 of the device and with respect 266 00:09:23,740 --> 00:09:25,419 to anybody else who might be able to get 267 00:09:25,420 --> 00:09:26,679 access to the images? 268 00:09:26,680 --> 00:09:28,809 And how effective is this 269 00:09:28,810 --> 00:09:31,599 at actually protecting 270 00:09:31,600 --> 00:09:34,359 airport sterile zones from 271 00:09:34,360 --> 00:09:36,429 the kinds of contraband the TSA claim to 272 00:09:36,430 --> 00:09:38,049 be concerned about when they deploy these 273 00:09:38,050 --> 00:09:39,050 machines? 274 00:09:42,370 --> 00:09:44,439 So as I've said, we 275 00:09:44,440 --> 00:09:46,359 bought this on eBay and this machine 276 00:09:46,360 --> 00:09:48,489 showed up in our lab in 277 00:09:48,490 --> 00:09:50,649 these in these crates here, and we got 278 00:09:50,650 --> 00:09:52,509 to work taking it apart, reverse 279 00:09:52,510 --> 00:09:54,669 engineering it, seeing how it 280 00:09:54,670 --> 00:09:57,579 worked and what made it tick. 281 00:09:57,580 --> 00:09:58,719 And the first thing you have to know 282 00:09:58,720 --> 00:10:00,879 about how these machines work is a 283 00:10:00,880 --> 00:10:02,049 little bit of background on x ray 284 00:10:02,050 --> 00:10:03,399 physics. 285 00:10:03,400 --> 00:10:05,589 So this machine does produce x 286 00:10:05,590 --> 00:10:07,749 ray photons, which are essentially high 287 00:10:07,750 --> 00:10:08,889 energy photons. 288 00:10:08,890 --> 00:10:11,079 The energy is actually fairly low for x 289 00:10:11,080 --> 00:10:13,449 rays. It's a 50 electron volts, 290 00:10:13,450 --> 00:10:15,549 which is around half or so of 291 00:10:15,550 --> 00:10:17,289 what you receive at, say, a dentist or 292 00:10:17,290 --> 00:10:19,899 something like that at five million amps. 293 00:10:19,900 --> 00:10:22,389 And these photons 294 00:10:22,390 --> 00:10:24,069 are ionizing radiation so they can 295 00:10:24,070 --> 00:10:25,809 interact with electrons and strip them 296 00:10:25,810 --> 00:10:26,949 off of nuclei. 297 00:10:28,120 --> 00:10:29,559 And they tend to interact with these 298 00:10:29,560 --> 00:10:31,239 electrons in two main effects, 299 00:10:32,350 --> 00:10:34,509 the photoelectric effect and the constant 300 00:10:34,510 --> 00:10:36,999 scattering in the photoelectric effect. 301 00:10:37,000 --> 00:10:39,099 The electron is hit by the photon 302 00:10:39,100 --> 00:10:41,439 and it absorbs it and just 303 00:10:41,440 --> 00:10:43,569 goes along its way. And there's no 304 00:10:43,570 --> 00:10:45,999 emitted x ray in Compton scattering. 305 00:10:46,000 --> 00:10:48,039 However, the photon hits the electron and 306 00:10:48,040 --> 00:10:48,999 sort of bounces off. 307 00:10:49,000 --> 00:10:50,769 An electron goes one way in the scattered 308 00:10:50,770 --> 00:10:52,599 photon goes another way in a random 309 00:10:52,600 --> 00:10:53,589 direction. 310 00:10:53,590 --> 00:10:55,659 That's the main cause for backscatter. 311 00:10:56,830 --> 00:10:58,929 And which of these two interactions 312 00:10:58,930 --> 00:11:01,569 happens? Most depends on the materials 313 00:11:01,570 --> 00:11:02,859 effect of atomic number. 314 00:11:02,860 --> 00:11:05,169 So, for example, dense metals 315 00:11:05,170 --> 00:11:07,589 and things made out of iron ore 316 00:11:07,590 --> 00:11:09,939 or lead absorb these photons 317 00:11:09,940 --> 00:11:11,349 and don't really backscheider at all. 318 00:11:11,350 --> 00:11:13,539 They undergo the photoelectric effect. 319 00:11:13,540 --> 00:11:15,459 However, organic compounds that have lots 320 00:11:15,460 --> 00:11:17,829 of carbon or oxygen in them undergo 321 00:11:17,830 --> 00:11:19,059 constant scattering more. 322 00:11:19,060 --> 00:11:20,979 And so they do back scatter. 323 00:11:20,980 --> 00:11:22,539 And it's through this mechanism that the 324 00:11:22,540 --> 00:11:24,309 machine is able to detect different 325 00:11:24,310 --> 00:11:26,379 materials in the subject 326 00:11:26,380 --> 00:11:28,539 by how much x rays are back 327 00:11:28,540 --> 00:11:30,700 scattered for a given spot. 328 00:11:32,710 --> 00:11:35,109 The machine actually works in 329 00:11:35,110 --> 00:11:37,509 a backward camera or a backward 330 00:11:37,510 --> 00:11:39,609 restor camera. And the idea 331 00:11:39,610 --> 00:11:41,559 here is that instead of having a large 332 00:11:41,560 --> 00:11:43,329 sensor or something like that that has a 333 00:11:43,330 --> 00:11:45,729 bunch of pixels or something like that, 334 00:11:45,730 --> 00:11:48,459 you have an x ray tube that's generating 335 00:11:48,460 --> 00:11:49,899 a bunch of x rays and sort of 336 00:11:49,900 --> 00:11:51,819 unconsummated beam and it goes through a 337 00:11:51,820 --> 00:11:53,289 narrow slit. 338 00:11:53,290 --> 00:11:55,989 So only a narrow slit sort of plane 339 00:11:55,990 --> 00:11:57,879 of x rays goes through. 340 00:11:57,880 --> 00:11:59,979 Um, here is the X-ray 341 00:11:59,980 --> 00:12:01,119 source. 342 00:12:01,120 --> 00:12:02,619 It goes through the slit and then it 343 00:12:02,620 --> 00:12:03,579 passes through a chopper. 344 00:12:03,580 --> 00:12:05,559 We'll know to be here. 345 00:12:06,760 --> 00:12:08,739 The chopper also has radial slits on it 346 00:12:08,740 --> 00:12:10,059 and it's spinning around. 347 00:12:10,060 --> 00:12:12,189 And so combined with 348 00:12:12,190 --> 00:12:14,289 the previous slit, 349 00:12:14,290 --> 00:12:15,969 there's only sort of a single colonnaded 350 00:12:15,970 --> 00:12:17,589 beam that's going through at any given 351 00:12:17,590 --> 00:12:19,719 time and that scans across the subject 352 00:12:19,720 --> 00:12:21,069 horizontally. 353 00:12:21,070 --> 00:12:22,779 This whole apparatus then moves 354 00:12:22,780 --> 00:12:24,819 vertically. So you essentially get a 355 00:12:24,820 --> 00:12:27,099 horizontal scan lines vertically up the 356 00:12:27,100 --> 00:12:28,539 subject. 357 00:12:28,540 --> 00:12:30,879 When these scan lines hit the subject, 358 00:12:30,880 --> 00:12:33,189 they undergo the previous 359 00:12:33,190 --> 00:12:35,559 phenomenon and either backscatter or 360 00:12:35,560 --> 00:12:36,669 are absorbed. 361 00:12:36,670 --> 00:12:38,859 If they back scatter, they will 362 00:12:38,860 --> 00:12:41,259 be received by photomultiplier tubes, 363 00:12:41,260 --> 00:12:43,839 which are essentially very sensitive 364 00:12:43,840 --> 00:12:46,869 photon detectors for x rays 365 00:12:46,870 --> 00:12:48,519 marked D here. 366 00:12:48,520 --> 00:12:50,919 And so from watching the 367 00:12:50,920 --> 00:12:52,479 sort of series and synchronizing this 368 00:12:52,480 --> 00:12:54,699 with the scan lines and the rise 369 00:12:54,700 --> 00:12:56,829 rate of the of the x ray tube, you 370 00:12:56,830 --> 00:12:59,529 can essentially reconstruct an image of 371 00:12:59,530 --> 00:13:01,839 the density of materials and effective 372 00:13:01,840 --> 00:13:03,819 atomic numbers of a subject as you scan 373 00:13:03,820 --> 00:13:04,820 it. 374 00:13:06,510 --> 00:13:08,579 So here it is 375 00:13:08,580 --> 00:13:10,949 in action in a fairly 376 00:13:10,950 --> 00:13:12,649 low quality video. 377 00:13:12,650 --> 00:13:14,789 I apologize for but you 378 00:13:14,790 --> 00:13:16,799 can see here, this is the chopper disk 379 00:13:18,090 --> 00:13:19,090 it's made out of 380 00:13:20,190 --> 00:13:23,159 brass is very thick and 381 00:13:23,160 --> 00:13:24,629 very heavy and takes a little bit of time 382 00:13:24,630 --> 00:13:25,809 to spin up. 383 00:13:25,810 --> 00:13:28,109 Um, eventually it spins up. 384 00:13:28,110 --> 00:13:30,059 And then this whole apparatus with the X 385 00:13:30,060 --> 00:13:32,219 tube behind it will 386 00:13:32,220 --> 00:13:35,309 rise vertically and scan across 387 00:13:35,310 --> 00:13:37,749 the subject and perform. 388 00:13:37,750 --> 00:13:38,750 Uh. 389 00:13:40,330 --> 00:13:41,330 And they could scan. 390 00:13:44,280 --> 00:13:45,509 But of course, that's kind of scary to 391 00:13:45,510 --> 00:13:47,339 look at if you are being scanned. 392 00:13:47,340 --> 00:13:49,349 This is the very fast moving disk and 393 00:13:49,350 --> 00:13:51,479 there is fifty thousand 394 00:13:51,480 --> 00:13:53,549 volts behind it and x rays 395 00:13:53,550 --> 00:13:54,689 are spewing out of it. That wouldn't be 396 00:13:54,690 --> 00:13:56,249 very pleasant to look at if you were 397 00:13:56,250 --> 00:13:57,959 being scanned. So they had the presence 398 00:13:57,960 --> 00:14:00,509 of mind to put a nice soft 399 00:14:00,510 --> 00:14:01,979 sort of front on it. 400 00:14:01,980 --> 00:14:03,689 But you can't see any of this and you 401 00:14:03,690 --> 00:14:05,549 just stand in front of this box and all 402 00:14:05,550 --> 00:14:07,649 of that happens behind something that 403 00:14:07,650 --> 00:14:09,149 x rays can easily pass through. 404 00:14:11,300 --> 00:14:13,639 So this is what the image looks like 405 00:14:13,640 --> 00:14:15,949 when you reconstruct it, um, it's fairly 406 00:14:15,950 --> 00:14:17,179 revealing. 407 00:14:17,180 --> 00:14:19,249 You can see two things of the 408 00:14:19,250 --> 00:14:22,009 subject. First, he's definitely packing 409 00:14:22,010 --> 00:14:24,199 and he's also carrying 410 00:14:24,200 --> 00:14:25,200 a gun. 411 00:14:27,770 --> 00:14:29,209 So he probably should undergo some 412 00:14:29,210 --> 00:14:30,559 further screening. 413 00:14:30,560 --> 00:14:31,669 There are some other things that you can 414 00:14:31,670 --> 00:14:33,019 note here in this image, though. 415 00:14:33,020 --> 00:14:35,779 So, for example, you can see shin bones, 416 00:14:35,780 --> 00:14:37,909 bones that are very close to the skin are 417 00:14:37,910 --> 00:14:39,799 actually visible through this through 418 00:14:39,800 --> 00:14:41,629 this backscatter because they do the 419 00:14:41,630 --> 00:14:43,699 X-rays penetrate the skin to it 420 00:14:43,700 --> 00:14:44,779 to a small degree. 421 00:14:44,780 --> 00:14:46,549 You can also see the zipper on the 422 00:14:46,550 --> 00:14:49,009 subject's pants, the rivets 423 00:14:49,010 --> 00:14:51,709 on their jeans and 424 00:14:51,710 --> 00:14:54,019 in the chest, the subject's 425 00:14:54,020 --> 00:14:55,020 dosimeter. 426 00:14:59,250 --> 00:15:02,009 So going over our results, 427 00:15:02,010 --> 00:15:03,719 starting with radiation safety. 428 00:15:05,740 --> 00:15:07,929 To evaluate radiation safety, we 429 00:15:07,930 --> 00:15:09,429 obtained a 430 00:15:10,450 --> 00:15:12,069 sort of dummy phantom, which is a 431 00:15:12,070 --> 00:15:14,049 radiological phantom, which is used in 432 00:15:14,050 --> 00:15:15,429 medical testing. 433 00:15:15,430 --> 00:15:17,559 This is radiologically identical to 434 00:15:17,560 --> 00:15:18,759 humans. 435 00:15:18,760 --> 00:15:19,689 Interesting note. 436 00:15:19,690 --> 00:15:21,789 It actually contains a real human 437 00:15:21,790 --> 00:15:23,949 skeleton inside of it, which 438 00:15:23,950 --> 00:15:24,939 is kind of weird. 439 00:15:24,940 --> 00:15:25,940 And 440 00:15:27,700 --> 00:15:30,099 it's covered by a synthetic material 441 00:15:30,100 --> 00:15:32,709 that is sort of supposed to approximate 442 00:15:32,710 --> 00:15:33,710 human flesh. 443 00:15:34,540 --> 00:15:36,099 So we use this throughout our testing 444 00:15:36,100 --> 00:15:38,199 testing and we 445 00:15:38,200 --> 00:15:39,759 apply dosimeters to it, performed a 446 00:15:39,760 --> 00:15:42,039 number of scans at the using 447 00:15:42,040 --> 00:15:42,939 the machine. 448 00:15:42,940 --> 00:15:46,119 And we found that each scan 449 00:15:46,120 --> 00:15:48,219 deposited a relatively low dose, about 70 450 00:15:48,220 --> 00:15:51,549 to 80 nano sieverts of radiation. 451 00:15:51,550 --> 00:15:52,509 For those of you who don't know the 452 00:15:52,510 --> 00:15:53,949 sievert scale, this is about twenty four 453 00:15:53,950 --> 00:15:56,169 minutes of background exposure or 454 00:15:56,170 --> 00:15:58,059 about the same radiation that you would 455 00:15:58,060 --> 00:16:00,369 receive eating one 456 00:16:00,370 --> 00:16:01,479 banana. 457 00:16:01,480 --> 00:16:03,579 So relatively safe. 458 00:16:03,580 --> 00:16:04,779 And this this result was actually 459 00:16:04,780 --> 00:16:07,209 confirmed by another 460 00:16:07,210 --> 00:16:09,579 result from the 461 00:16:09,580 --> 00:16:11,259 American Association of Physicists in 462 00:16:11,260 --> 00:16:13,749 Medicine in twenty thirteen, simultaneous 463 00:16:13,750 --> 00:16:14,750 to our result. 464 00:16:18,690 --> 00:16:20,259 Looking at sort of the safety of the 465 00:16:20,260 --> 00:16:22,409 system, is it possible for this machine 466 00:16:22,410 --> 00:16:24,539 to, say, malfunction and produce more 467 00:16:24,540 --> 00:16:27,059 radiation than than it otherwise 468 00:16:27,060 --> 00:16:28,439 should or would under normal 469 00:16:28,440 --> 00:16:29,429 circumstances? 470 00:16:29,430 --> 00:16:30,929 We found that there were safety controls 471 00:16:30,930 --> 00:16:32,689 on the radiological output. 472 00:16:32,690 --> 00:16:34,829 Um, for example, when 473 00:16:34,830 --> 00:16:36,929 when the the x ray tube is on, 474 00:16:36,930 --> 00:16:38,189 there are hardware interlocks that are 475 00:16:38,190 --> 00:16:40,469 measuring things like is the chopper 476 00:16:40,470 --> 00:16:41,549 spinning? 477 00:16:41,550 --> 00:16:43,619 Is the vertical head moving in 478 00:16:43,620 --> 00:16:45,809 the sort of the speed that we expect? 479 00:16:45,810 --> 00:16:47,879 And as the voltage and current in an x 480 00:16:47,880 --> 00:16:50,699 ray tube in intolerants. 481 00:16:50,700 --> 00:16:53,099 Um, note, however, these are not security 482 00:16:53,100 --> 00:16:55,619 controls because the the 483 00:16:55,620 --> 00:16:57,839 rom the embedded controller of 484 00:16:57,840 --> 00:16:59,579 the system actually has the ability to 485 00:16:59,580 --> 00:17:02,039 override all of these safety checks. 486 00:17:02,040 --> 00:17:04,289 So if the software 487 00:17:04,290 --> 00:17:06,689 running on this on this embedded system 488 00:17:06,690 --> 00:17:08,818 is evil, it can override some 489 00:17:08,819 --> 00:17:09,779 of these. 490 00:17:09,780 --> 00:17:11,608 However, there is a pretty simple modular 491 00:17:11,609 --> 00:17:14,639 design that makes some of these attacks, 492 00:17:14,640 --> 00:17:16,979 say, trying to irradiate someone 493 00:17:16,980 --> 00:17:19,529 too much, much more difficult. 494 00:17:19,530 --> 00:17:20,760 For example, the 495 00:17:22,410 --> 00:17:25,108 stepper motor that drives the vertical 496 00:17:25,109 --> 00:17:27,269 assembly is its own system 497 00:17:27,270 --> 00:17:29,129 and has preprogramed routines, 498 00:17:29,130 --> 00:17:31,019 essentially their scan up or scan down. 499 00:17:31,020 --> 00:17:32,549 And the embedded system doesn't have any 500 00:17:32,550 --> 00:17:34,679 fine grained control to say, OK, go 501 00:17:34,680 --> 00:17:36,510 up only halfway or something like that. 502 00:17:38,250 --> 00:17:40,559 So this simple modular design actually 503 00:17:40,560 --> 00:17:43,199 makes it much more difficult to overrate 504 00:17:43,200 --> 00:17:45,509 skin subjects without 505 00:17:45,510 --> 00:17:47,639 replacing the software that's inside 506 00:17:47,640 --> 00:17:49,180 of this machine. 507 00:17:52,360 --> 00:17:53,589 So moving on to privacy, 508 00:17:54,640 --> 00:17:56,799 we wanted to again evaluate the 509 00:17:56,800 --> 00:17:59,299 implications of the system as 510 00:17:59,300 --> 00:18:01,359 it pertains to privacy and as 511 00:18:01,360 --> 00:18:02,859 you've probably seen, it produces naked 512 00:18:02,860 --> 00:18:05,469 images. These naked images are 513 00:18:05,470 --> 00:18:06,729 fairly revealing. 514 00:18:06,730 --> 00:18:09,009 Um, you can see parts 515 00:18:09,010 --> 00:18:10,989 of the subject here that the subject 516 00:18:10,990 --> 00:18:12,349 might not want you to see. 517 00:18:12,350 --> 00:18:14,559 Um, some subjects might not mind, but 518 00:18:14,560 --> 00:18:16,329 this is not the point of privacy. 519 00:18:17,950 --> 00:18:19,750 And there's a number of questions here of 520 00:18:21,100 --> 00:18:22,629 what are the procedures surrounding these 521 00:18:22,630 --> 00:18:25,009 images and what can 522 00:18:25,010 --> 00:18:27,399 say a TSA agent do 523 00:18:27,400 --> 00:18:29,919 to say, save these images 524 00:18:29,920 --> 00:18:32,019 or or send them to their 525 00:18:32,020 --> 00:18:33,279 friends or show them or something like 526 00:18:33,280 --> 00:18:33,849 that. 527 00:18:33,850 --> 00:18:36,159 Um, and while 528 00:18:36,160 --> 00:18:38,409 we didn't have the software that TSA 529 00:18:38,410 --> 00:18:40,479 had and was using at 530 00:18:40,480 --> 00:18:42,639 the time, TSA was claiming that these 531 00:18:42,640 --> 00:18:44,349 machines could not save, they were 532 00:18:44,350 --> 00:18:46,209 incapable of saving these images to a 533 00:18:46,210 --> 00:18:48,549 desk. However, our version 534 00:18:48,550 --> 00:18:50,679 of the software delivered, which 535 00:18:50,680 --> 00:18:52,089 we believe came from the manufacturer, 536 00:18:53,290 --> 00:18:54,489 had a save option. 537 00:18:54,490 --> 00:18:56,139 You could actually save it to, in this 538 00:18:56,140 --> 00:18:58,269 case, a floppy disk attached 539 00:18:58,270 --> 00:18:59,270 to the computer. 540 00:19:00,700 --> 00:19:02,089 And you could export these. 541 00:19:02,090 --> 00:19:03,939 And that's actually, you know, clearly we 542 00:19:03,940 --> 00:19:05,889 were able to export these images, as you 543 00:19:05,890 --> 00:19:06,999 can see them here. 544 00:19:10,230 --> 00:19:12,419 There's another interesting 545 00:19:12,420 --> 00:19:14,039 privacy implication that these machines 546 00:19:14,040 --> 00:19:16,139 have that sort of follows from 547 00:19:16,140 --> 00:19:17,069 how they work. 548 00:19:17,070 --> 00:19:19,079 So because the x ray is back scatter in 549 00:19:19,080 --> 00:19:21,419 all directions and it's not 550 00:19:21,420 --> 00:19:23,699 sort of a big sensor 551 00:19:23,700 --> 00:19:26,519 inside of the inside of the machine, 552 00:19:26,520 --> 00:19:28,499 any adversary that's nearby with their 553 00:19:28,500 --> 00:19:30,539 own photomultiplier tube can essentially 554 00:19:30,540 --> 00:19:32,669 reconstruct the naked images as 555 00:19:32,670 --> 00:19:35,069 this machine scans over the subject. 556 00:19:35,070 --> 00:19:37,529 So we perform this attack using sort of 557 00:19:37,530 --> 00:19:40,169 relatively simple PMT that 558 00:19:40,170 --> 00:19:42,299 was just laying around, I guess 559 00:19:42,300 --> 00:19:44,129 is not really optimized for this attack 560 00:19:44,130 --> 00:19:46,439 or anything. But we were still 561 00:19:46,440 --> 00:19:49,109 nonetheless able to reconstruct 562 00:19:49,110 --> 00:19:51,269 an image. And this is nowhere near as 563 00:19:51,270 --> 00:19:52,829 good as what the machine is reproducing. 564 00:19:54,000 --> 00:19:55,349 That is in part because the machine has 565 00:19:55,350 --> 00:19:57,989 eight photomultiplier tubes located 566 00:19:57,990 --> 00:19:59,939 all around the edges of the machine and 567 00:19:59,940 --> 00:20:01,569 we only have one in this case. 568 00:20:01,570 --> 00:20:02,699 And so you can see that it's much 569 00:20:02,700 --> 00:20:04,049 brighter toward the side that the 570 00:20:04,050 --> 00:20:05,579 photomultiplier suit is on. 571 00:20:05,580 --> 00:20:07,769 And but 572 00:20:07,770 --> 00:20:09,629 nonetheless, a larger photomultiplier 573 00:20:09,630 --> 00:20:11,819 tube or a more sensitive one for this 574 00:20:11,820 --> 00:20:14,699 radiation or perhaps some additional 575 00:20:14,700 --> 00:20:16,739 image processing could clean this image 576 00:20:16,740 --> 00:20:18,299 up substantially. 577 00:20:22,330 --> 00:20:24,489 So finally, we want to look 578 00:20:24,490 --> 00:20:26,859 at the efficacy of this 579 00:20:26,860 --> 00:20:28,839 of this machine isn't able to detect 580 00:20:28,840 --> 00:20:29,840 contraband. 581 00:20:31,040 --> 00:20:33,109 Um, like this guy. 582 00:20:35,780 --> 00:20:38,209 So the first attack that we looked at is 583 00:20:38,210 --> 00:20:40,699 an attack where the threat model is 584 00:20:40,700 --> 00:20:42,769 an adversary, has access to 585 00:20:42,770 --> 00:20:44,869 the software running on the console, 586 00:20:44,870 --> 00:20:46,339 and this is what the software running on 587 00:20:46,340 --> 00:20:47,629 the console looks like so that you can 588 00:20:47,630 --> 00:20:49,519 see the naked images on the left and the 589 00:20:49,520 --> 00:20:51,889 operators sort of options on the right. 590 00:20:51,890 --> 00:20:53,689 They can scan, they can assume they can 591 00:20:53,690 --> 00:20:55,849 save, as we mentioned earlier, 592 00:20:55,850 --> 00:20:57,140 to floppy drive. 593 00:20:58,180 --> 00:20:59,869 And we wanted to ask what would happen 594 00:20:59,870 --> 00:21:02,239 if, say, someone were able to replace 595 00:21:02,240 --> 00:21:03,419 the software, could they attack the 596 00:21:03,420 --> 00:21:05,539 system? And 597 00:21:05,540 --> 00:21:07,369 we implemented a pixel perfect 598 00:21:07,370 --> 00:21:09,919 representation of this program 599 00:21:09,920 --> 00:21:11,029 here. I'll show you it now. 600 00:21:12,260 --> 00:21:14,959 It's actually the same and 601 00:21:14,960 --> 00:21:16,099 indistinguishable. 602 00:21:16,100 --> 00:21:18,529 However, our version of the software 603 00:21:18,530 --> 00:21:19,909 they call their version of software 604 00:21:19,910 --> 00:21:21,769 security, except ours was called 605 00:21:21,770 --> 00:21:22,770 insecure. 606 00:21:23,600 --> 00:21:25,759 And our version of the software 607 00:21:25,760 --> 00:21:27,379 had malware in it. 608 00:21:27,380 --> 00:21:29,269 And this malware essentially looked at 609 00:21:29,270 --> 00:21:30,679 the image coming back, the true image 610 00:21:30,680 --> 00:21:32,539 coming back from the backscatter machine. 611 00:21:32,540 --> 00:21:34,819 And if it noticed that there was 612 00:21:34,820 --> 00:21:37,309 this pattern, this sort of secret knock, 613 00:21:37,310 --> 00:21:39,169 which we made is just a sort of square 614 00:21:39,170 --> 00:21:41,089 outline with another square, like a QR 615 00:21:41,090 --> 00:21:42,410 code corner, 616 00:21:43,640 --> 00:21:45,379 which you can easily make by putting red 617 00:21:45,380 --> 00:21:47,209 tape on someone's shirt and then 618 00:21:47,210 --> 00:21:48,739 concealing it under another shirt. 619 00:21:49,970 --> 00:21:52,249 We found that when the machine sees 620 00:21:52,250 --> 00:21:53,989 this or when when the malware sees this, 621 00:21:53,990 --> 00:21:55,909 it replaces that image with a benign 622 00:21:55,910 --> 00:21:57,019 image. 623 00:21:57,020 --> 00:21:59,239 So in this way, someone 624 00:21:59,240 --> 00:22:00,829 colluding with someone that's that's put 625 00:22:00,830 --> 00:22:03,109 this malware on the machine can sneak 626 00:22:03,110 --> 00:22:04,349 past contraband. 627 00:22:04,350 --> 00:22:05,350 Um. 628 00:22:08,700 --> 00:22:11,159 We also wanted to look at a threat model 629 00:22:11,160 --> 00:22:13,199 where the attacker does not have access 630 00:22:13,200 --> 00:22:14,249 to the console. 631 00:22:14,250 --> 00:22:15,899 What if they can't change the software? 632 00:22:15,900 --> 00:22:17,969 All they can do is sort of understand how 633 00:22:17,970 --> 00:22:19,799 these machines work, walk up to the 634 00:22:19,800 --> 00:22:21,599 machines with some contraband and try to 635 00:22:21,600 --> 00:22:22,600 sneak it through. 636 00:22:23,700 --> 00:22:25,259 And we thought about this for a bit. 637 00:22:25,260 --> 00:22:27,269 And we have a few attacks in this in this 638 00:22:27,270 --> 00:22:28,270 area. 639 00:22:28,680 --> 00:22:31,079 The first one that we we thought of was 640 00:22:31,080 --> 00:22:33,209 that if you look at 641 00:22:33,210 --> 00:22:35,459 a gun, it's absorbing the x 642 00:22:35,460 --> 00:22:37,769 rays and the backscatter 643 00:22:37,770 --> 00:22:39,659 and the skin is reflecting it and then 644 00:22:39,660 --> 00:22:41,489 back scattering back. 645 00:22:41,490 --> 00:22:43,679 But the background is sort of 646 00:22:43,680 --> 00:22:44,909 it's not even the X-rays. 647 00:22:44,910 --> 00:22:46,289 You're just going off into space and not 648 00:22:46,290 --> 00:22:47,399 coming back. 649 00:22:47,400 --> 00:22:49,139 So given that the background and the gun 650 00:22:49,140 --> 00:22:51,299 are both black, what happens if we 651 00:22:51,300 --> 00:22:53,549 just place this black gun over this black 652 00:22:53,550 --> 00:22:54,550 background? 653 00:22:55,870 --> 00:22:57,969 And this result was surprisingly 654 00:22:57,970 --> 00:22:59,409 effective. 655 00:22:59,410 --> 00:23:01,749 This is a fairly naive attack, but this 656 00:23:01,750 --> 00:23:04,209 subject here is carrying a 380 657 00:23:04,210 --> 00:23:05,210 pistol. 658 00:23:05,800 --> 00:23:08,859 I invite you to try to guess where 659 00:23:08,860 --> 00:23:11,309 on this subject this is carrying 660 00:23:11,310 --> 00:23:13,239 this pistol. 661 00:23:13,240 --> 00:23:15,399 And we had to actually look back at our 662 00:23:15,400 --> 00:23:17,229 notes when we made these slides to figure 663 00:23:17,230 --> 00:23:18,519 out where he was actually holding this 664 00:23:18,520 --> 00:23:19,419 pistol. 665 00:23:19,420 --> 00:23:21,279 It turns out it's right above this right 666 00:23:21,280 --> 00:23:22,280 kneecap here. 667 00:23:23,470 --> 00:23:25,779 So this attack is surprisingly effective 668 00:23:25,780 --> 00:23:28,179 for concealing metallic objects 669 00:23:28,180 --> 00:23:29,589 like firearms. 670 00:23:29,590 --> 00:23:31,719 It's also works for for knives and 671 00:23:31,720 --> 00:23:33,099 other things like this. 672 00:23:33,100 --> 00:23:35,169 In this picture, we have a 673 00:23:35,170 --> 00:23:37,419 lead tape, arrows pointing to where the 674 00:23:37,420 --> 00:23:40,119 knife is to make it even easier to see 675 00:23:40,120 --> 00:23:41,619 that the subject is carrying this knife. 676 00:23:43,870 --> 00:23:45,519 There is one mitigation that you can do 677 00:23:45,520 --> 00:23:47,259 for this type of attack, which is to scan 678 00:23:47,260 --> 00:23:49,029 from the side and it becomes very obvious 679 00:23:49,030 --> 00:23:51,679 that the subject is carrying something 680 00:23:51,680 --> 00:23:53,169 they shouldn't be carrying. 681 00:23:53,170 --> 00:23:55,839 However, we don't know of anyone that's 682 00:23:55,840 --> 00:23:58,869 performing these additional scans 683 00:23:58,870 --> 00:24:00,339 or we're performing these additional 684 00:24:00,340 --> 00:24:02,229 scans at the time that these machines 685 00:24:02,230 --> 00:24:03,230 were deployed. 686 00:24:05,750 --> 00:24:07,819 But of course, these machines 687 00:24:07,820 --> 00:24:09,139 were not intended really they weren't 688 00:24:09,140 --> 00:24:11,209 designed to detect 689 00:24:11,210 --> 00:24:13,099 metallic threats, that was something that 690 00:24:13,100 --> 00:24:15,189 metal detectors already did. 691 00:24:15,190 --> 00:24:16,729 The purpose of these machines was to 692 00:24:16,730 --> 00:24:19,069 detect plastic explosives or 693 00:24:19,070 --> 00:24:20,359 nonmetallic devices 694 00:24:21,710 --> 00:24:23,359 as the as the TSA said. 695 00:24:24,380 --> 00:24:27,259 And so scene here is actually a 696 00:24:27,260 --> 00:24:29,329 as a simulant of C4. 697 00:24:29,330 --> 00:24:31,699 This is a one pound brick of simulated 698 00:24:31,700 --> 00:24:33,949 C4. It's again, supposed to be 699 00:24:33,950 --> 00:24:36,109 radiologically identical to the real 700 00:24:36,110 --> 00:24:37,549 C4. 701 00:24:37,550 --> 00:24:39,319 It surprisingly also costs the same 702 00:24:39,320 --> 00:24:41,449 amount as C4. 703 00:24:41,450 --> 00:24:44,029 But I don't know I 704 00:24:44,030 --> 00:24:45,229 don't know if we tested if it was 705 00:24:45,230 --> 00:24:46,230 actually just C4. 706 00:24:48,290 --> 00:24:50,509 So and you can see that 707 00:24:50,510 --> 00:24:52,609 in a in an early send, a sort 708 00:24:52,610 --> 00:24:54,859 of test of this, you 709 00:24:54,860 --> 00:24:56,989 can see some of these blocks if 710 00:24:56,990 --> 00:24:58,729 you naively strap these these these 711 00:24:58,730 --> 00:25:01,159 bricks to you, you can see them outlined 712 00:25:01,160 --> 00:25:03,409 here in sort of two blocks 713 00:25:03,410 --> 00:25:05,479 here and two rectangular blocks. 714 00:25:05,480 --> 00:25:06,919 But you'll note that the middle of these 715 00:25:06,920 --> 00:25:09,109 blocks is sort of the same color as 716 00:25:09,110 --> 00:25:10,759 the skin of the subject here. 717 00:25:10,760 --> 00:25:12,349 And it's really only the outlines that 718 00:25:12,350 --> 00:25:13,939 you're that you're seeing here. 719 00:25:13,940 --> 00:25:15,739 And in fact, what you're seeing is the 720 00:25:15,740 --> 00:25:18,099 shadows of the edges of this 721 00:25:18,100 --> 00:25:20,359 of this of this block. 722 00:25:20,360 --> 00:25:22,759 So we looked at this and we wondered, 723 00:25:22,760 --> 00:25:24,919 can we find some way 724 00:25:24,920 --> 00:25:27,619 to exploit this to to to hide 725 00:25:27,620 --> 00:25:29,329 the nonmetallic threat these machines 726 00:25:29,330 --> 00:25:31,579 were designed to protect against 727 00:25:31,580 --> 00:25:33,469 and thinking adversarial instead of 728 00:25:33,470 --> 00:25:35,689 taking a brick like 729 00:25:35,690 --> 00:25:37,819 this and thinking, well, it's 730 00:25:37,820 --> 00:25:40,099 called plastic explosives, 731 00:25:40,100 --> 00:25:42,529 probably because it's plastic. 732 00:25:42,530 --> 00:25:44,809 You can mold it, you can shape it, 733 00:25:44,810 --> 00:25:47,089 you can remove sort of taper 734 00:25:47,090 --> 00:25:49,280 it down and and flatten it. 735 00:25:51,050 --> 00:25:53,149 And so we took this we 736 00:25:53,150 --> 00:25:54,739 took this technique and we said, OK, 737 00:25:54,740 --> 00:25:57,709 let's let's try to make a 738 00:25:57,710 --> 00:26:00,199 thin pancake essentially 739 00:26:00,200 --> 00:26:02,509 of of the simulant and try to smuggle 740 00:26:02,510 --> 00:26:04,639 it past. And we were 741 00:26:04,640 --> 00:26:05,779 able to do so. 742 00:26:05,780 --> 00:26:08,119 So in this image, one of these subjects 743 00:26:08,120 --> 00:26:10,429 is carrying two hundred grams 744 00:26:10,430 --> 00:26:13,159 of C4 simulant and one of them is not. 745 00:26:13,160 --> 00:26:14,629 So one of these subjects should be let 746 00:26:14,630 --> 00:26:16,039 through and the other should be 747 00:26:16,040 --> 00:26:18,289 questioned or have 748 00:26:18,290 --> 00:26:19,609 a have an additional screening take 749 00:26:19,610 --> 00:26:20,610 place. 750 00:26:21,110 --> 00:26:22,909 Again, I invite you to to to guess which 751 00:26:22,910 --> 00:26:23,929 one. 752 00:26:23,930 --> 00:26:24,930 Um. 753 00:26:25,790 --> 00:26:27,769 It turns out this one has two hundred 754 00:26:27,770 --> 00:26:29,959 grams of C4 over the stomach. 755 00:26:29,960 --> 00:26:32,239 This is again, a pancake, a very thin one 756 00:26:32,240 --> 00:26:34,189 centimeter pancake, sort of flattened 757 00:26:34,190 --> 00:26:35,659 over the belly. 758 00:26:35,660 --> 00:26:37,609 It looks almost indistinguishable from 759 00:26:37,610 --> 00:26:40,249 the normal belly of the subject. 760 00:26:40,250 --> 00:26:42,409 However, we had two issues that 761 00:26:42,410 --> 00:26:44,599 when we did this originally, the first 762 00:26:44,600 --> 00:26:46,669 issue was that there 763 00:26:46,670 --> 00:26:48,229 was no belly button because this covered 764 00:26:48,230 --> 00:26:50,479 up the sort of normal dark 765 00:26:50,480 --> 00:26:52,309 spot that showed up as a belly button. 766 00:26:52,310 --> 00:26:54,469 And the second problem was that we had no 767 00:26:54,470 --> 00:26:56,329 way, you know, if you were trying to 768 00:26:56,330 --> 00:26:58,189 attack the system, you'd have to sneak 769 00:26:58,190 --> 00:27:00,589 some metallic detonator past 770 00:27:00,590 --> 00:27:02,419 the checkpoint as well. 771 00:27:02,420 --> 00:27:04,549 We saw both of these problems by placing 772 00:27:04,550 --> 00:27:06,529 the detonator where the belly button is. 773 00:27:20,010 --> 00:27:21,930 Thus solving those problems. 774 00:27:23,910 --> 00:27:26,279 So in conclusion, 775 00:27:26,280 --> 00:27:28,379 our results show that sort of imply 776 00:27:28,380 --> 00:27:30,179 that our adversaries can conceal a number 777 00:27:30,180 --> 00:27:32,249 of contraband, including metallic threats 778 00:27:32,250 --> 00:27:34,499 like knives and firearms, but 779 00:27:34,500 --> 00:27:36,479 also the plastic explosives and 780 00:27:36,480 --> 00:27:38,069 detonators that they were designed to 781 00:27:38,070 --> 00:27:39,499 detect in the first place. 782 00:27:41,320 --> 00:27:43,479 A number of these attacks were predicted 783 00:27:43,480 --> 00:27:45,699 by people that did not have access 784 00:27:45,700 --> 00:27:48,039 to these machines, however, 785 00:27:48,040 --> 00:27:49,659 with access to these machines, you can 786 00:27:49,660 --> 00:27:51,759 refine these attacks and make them 787 00:27:51,760 --> 00:27:53,899 much more effective and 788 00:27:53,900 --> 00:27:54,910 and successful. 789 00:27:57,860 --> 00:28:00,019 All right, I'd like to take 790 00:28:00,020 --> 00:28:01,699 a step back now and think a little bit 791 00:28:01,700 --> 00:28:03,799 about what the implications are of 792 00:28:03,800 --> 00:28:06,379 our findings for these systems, 793 00:28:06,380 --> 00:28:09,439 for airport security more generally 794 00:28:09,440 --> 00:28:11,539 and for screening systems that 795 00:28:11,540 --> 00:28:14,119 have computerized components in them. 796 00:28:14,120 --> 00:28:16,549 Before I do that, though, I'd like to 797 00:28:16,550 --> 00:28:18,799 note that any time you're studying 798 00:28:18,800 --> 00:28:21,319 and finding and speaking 799 00:28:21,320 --> 00:28:23,299 about vulnerabilities in deployed 800 00:28:23,300 --> 00:28:25,579 security systems, you have to think 801 00:28:25,580 --> 00:28:27,799 about the ethics of disclosing 802 00:28:27,800 --> 00:28:28,819 versus not. 803 00:28:28,820 --> 00:28:30,979 And our decision to disclose 804 00:28:30,980 --> 00:28:32,629 our findings was made much easier by the 805 00:28:32,630 --> 00:28:34,819 fact that after we started studying these 806 00:28:34,820 --> 00:28:36,619 machines, they were pulled away from 807 00:28:36,620 --> 00:28:39,079 airports. So Artax 808 00:28:39,080 --> 00:28:40,669 that we disclosed could not then 809 00:28:40,670 --> 00:28:43,159 immediately be used to target airports. 810 00:28:43,160 --> 00:28:45,439 Even so, we were careful three 811 00:28:45,440 --> 00:28:47,419 months before talking publicly about our 812 00:28:47,420 --> 00:28:49,489 findings at all to reach out to 813 00:28:49,490 --> 00:28:52,099 the manufacturer, to Rapiscan and to DHS, 814 00:28:52,100 --> 00:28:53,329 which the Department of Homeland 815 00:28:53,330 --> 00:28:55,129 Security, which is the umbrella 816 00:28:55,130 --> 00:28:57,649 department that that includes 817 00:28:57,650 --> 00:28:59,929 TSA about our findings. 818 00:28:59,930 --> 00:29:02,209 And we know we that 819 00:29:02,210 --> 00:29:04,489 they received them, for example, because 820 00:29:04,490 --> 00:29:06,559 TSA had a press release ready when our 821 00:29:06,560 --> 00:29:08,059 paper actually came out. 822 00:29:08,060 --> 00:29:09,529 But we didn't really get a lot of 823 00:29:09,530 --> 00:29:11,599 engagement otherwise, except 824 00:29:11,600 --> 00:29:13,699 I got an email from at 825 00:29:13,700 --> 00:29:16,129 the higher up asking basically, 826 00:29:16,130 --> 00:29:18,319 what were you thinking, whose idea 827 00:29:18,320 --> 00:29:20,269 was this and who funded it? 828 00:29:20,270 --> 00:29:22,369 And that was a fun email to respond to. 829 00:29:23,450 --> 00:29:25,159 One thing we did as part of our 830 00:29:25,160 --> 00:29:27,229 disclosure is that 831 00:29:27,230 --> 00:29:29,389 we also tried to come up with the best 832 00:29:29,390 --> 00:29:31,519 procedural mitigations that we could come 833 00:29:31,520 --> 00:29:33,469 up with. If you had these systems, you 834 00:29:33,470 --> 00:29:35,899 needed to rely on them for security 835 00:29:35,900 --> 00:29:38,029 and you wanted to 836 00:29:38,030 --> 00:29:40,279 avoid some of the flaws that 837 00:29:40,280 --> 00:29:41,419 we had uncovered. 838 00:29:41,420 --> 00:29:44,059 We suggested some procedures, notably 839 00:29:44,060 --> 00:29:46,309 these side scans that Eric talked 840 00:29:46,310 --> 00:29:47,689 about are really important. 841 00:29:47,690 --> 00:29:49,849 We also think that since metal detectors 842 00:29:49,850 --> 00:29:51,919 do a fine job of finding 843 00:29:51,920 --> 00:29:55,039 metal, that these should be used 844 00:29:55,040 --> 00:29:56,989 in conjunction with metal detectors as 845 00:29:56,990 --> 00:29:58,909 opposed to the way that TSA currently 846 00:29:58,910 --> 00:30:01,039 does, where you either go through 847 00:30:01,040 --> 00:30:02,419 the metal detector or through one of 848 00:30:02,420 --> 00:30:05,539 these. But never both of 849 00:30:05,540 --> 00:30:07,639 and these mitigations were 850 00:30:07,640 --> 00:30:09,529 in our disclosure to DHS on the 851 00:30:09,530 --> 00:30:11,089 manufacturer. 852 00:30:11,090 --> 00:30:11,479 Right. 853 00:30:11,480 --> 00:30:13,669 So given that these devices 854 00:30:13,670 --> 00:30:15,409 are no longer at airports, I think it's 855 00:30:15,410 --> 00:30:17,659 fair to ask why anybody should 856 00:30:17,660 --> 00:30:19,819 care about the fact that they don't 857 00:30:19,820 --> 00:30:20,869 work as well as 858 00:30:22,280 --> 00:30:23,539 people claim they did. 859 00:30:23,540 --> 00:30:25,069 And I think there are three answers to 860 00:30:25,070 --> 00:30:26,569 that question, and I'd like to address 861 00:30:26,570 --> 00:30:27,709 each of them in term. 862 00:30:27,710 --> 00:30:29,929 First, our results shed 863 00:30:29,930 --> 00:30:32,089 light on the development 864 00:30:32,090 --> 00:30:34,159 process that TSA 865 00:30:34,160 --> 00:30:36,259 and the government more broadly 866 00:30:36,260 --> 00:30:38,599 and its suppliers use to develop 867 00:30:38,600 --> 00:30:40,909 systems that we rely on every day 868 00:30:40,910 --> 00:30:42,619 for critical infrastructure. 869 00:30:42,620 --> 00:30:45,019 Second, backscatter scanners 870 00:30:45,020 --> 00:30:46,699 are not gone. Even if they're currently 871 00:30:46,700 --> 00:30:48,499 gone from airports, they're still being 872 00:30:48,500 --> 00:30:50,059 used and they may be used again at 873 00:30:50,060 --> 00:30:52,369 airports. So our findings matter there. 874 00:30:52,370 --> 00:30:54,169 And third, we learn some lessons that we 875 00:30:54,170 --> 00:30:56,149 think have broader applicability to the 876 00:30:56,150 --> 00:30:58,189 design of secure systems. 877 00:30:58,190 --> 00:31:00,199 So I'll take each of these in turn. 878 00:31:00,200 --> 00:31:02,419 Before I do that, though, some 879 00:31:02,420 --> 00:31:04,429 of what I'm going to say is based on a 880 00:31:04,430 --> 00:31:06,889 report that came out of the 881 00:31:06,890 --> 00:31:09,049 office of the inspector general a month 882 00:31:09,050 --> 00:31:12,049 after our paper came out. 883 00:31:12,050 --> 00:31:13,999 And this is a really interesting report 884 00:31:14,000 --> 00:31:15,949 that looks at how TSA dealt with the 885 00:31:15,950 --> 00:31:17,359 machines once they were taking them out 886 00:31:17,360 --> 00:31:19,039 of airport. I'll give you two random 887 00:31:19,040 --> 00:31:20,869 facts that I found interesting in the 888 00:31:20,870 --> 00:31:23,179 report. If you've ever seen the 889 00:31:23,180 --> 00:31:25,219 Raiders of the Lost Ark, where the Ark of 890 00:31:25,220 --> 00:31:27,349 the Covenant is put away and 891 00:31:27,350 --> 00:31:28,999 some sort of government warehouse, this 892 00:31:29,000 --> 00:31:30,739 is the government warehouse, I guess, 893 00:31:30,740 --> 00:31:33,229 actually a contractor warehouse 894 00:31:33,230 --> 00:31:35,449 where at the time one hundred and six 895 00:31:35,450 --> 00:31:38,029 of these no longer used Rapiscan 896 00:31:38,030 --> 00:31:39,859 machines were stored. 897 00:31:39,860 --> 00:31:42,199 The OIG folks visited this 898 00:31:42,200 --> 00:31:44,539 warehouse on March twenty 899 00:31:44,540 --> 00:31:46,609 seventh of this year and 900 00:31:46,610 --> 00:31:47,839 took this photo. 901 00:31:47,840 --> 00:31:49,939 Any guesses for when this nice fence 902 00:31:49,940 --> 00:31:50,940 was put up? 903 00:31:52,140 --> 00:31:53,140 That's right, March twenty 904 00:31:54,540 --> 00:31:56,819 crap people are visiting another 905 00:31:56,820 --> 00:31:59,339 fact from this report, TSA 906 00:31:59,340 --> 00:32:00,899 claims, and they claimed in their press 907 00:32:00,900 --> 00:32:03,389 release that their machines have special 908 00:32:03,390 --> 00:32:05,579 software and that this special software 909 00:32:05,580 --> 00:32:08,369 is not available to anybody else and not 910 00:32:08,370 --> 00:32:10,109 given to anybody else who has these 911 00:32:10,110 --> 00:32:11,279 machines. 912 00:32:11,280 --> 00:32:13,409 VOA found that at least 913 00:32:13,410 --> 00:32:14,999 one of the machines was not properly 914 00:32:15,000 --> 00:32:17,189 wiped and that 915 00:32:17,190 --> 00:32:19,319 it was released to the state of 916 00:32:19,320 --> 00:32:21,539 North Carolina in September of 2013. 917 00:32:21,540 --> 00:32:23,699 And then for I think eight months, was 918 00:32:23,700 --> 00:32:25,739 sitting in a warehouse there with the 919 00:32:25,740 --> 00:32:27,869 software. And I found this. 920 00:32:27,870 --> 00:32:29,999 And a week later, some TSA folks flew 921 00:32:30,000 --> 00:32:32,279 out in a panic with a copy 922 00:32:32,280 --> 00:32:34,499 of the bomb to 923 00:32:34,500 --> 00:32:36,389 go wipe the hard disk. 924 00:32:36,390 --> 00:32:37,980 All right. So based on that report. 925 00:32:41,640 --> 00:32:44,099 There are two models for how security 926 00:32:44,100 --> 00:32:45,119 systems get deployed. 927 00:32:46,520 --> 00:32:49,279 They either get deployed in public 928 00:32:49,280 --> 00:32:51,169 so that there is public availability, 929 00:32:51,170 --> 00:32:53,389 public testing, public reporting, 930 00:32:53,390 --> 00:32:55,579 public bounties, things like Ponton, 931 00:32:55,580 --> 00:32:57,379 even if the source isn't necessarily 932 00:32:57,380 --> 00:32:59,359 available, you can still buy the thing, 933 00:32:59,360 --> 00:33:01,639 poke at it, study it and tell people 934 00:33:01,640 --> 00:33:02,809 about what you found. 935 00:33:02,810 --> 00:33:04,909 And that's a model that gets used for 936 00:33:04,910 --> 00:33:06,199 a lot of things. But it's not a model 937 00:33:06,200 --> 00:33:08,269 that gets used for a lot of systems that 938 00:33:08,270 --> 00:33:10,219 go in airports and other kinds of 939 00:33:10,220 --> 00:33:11,299 critical infrastructure. 940 00:33:11,300 --> 00:33:12,409 That model is secret. 941 00:33:12,410 --> 00:33:14,659 Everything developed in secret, 942 00:33:14,660 --> 00:33:17,149 evaluated in secret, deployed in secret. 943 00:33:17,150 --> 00:33:18,739 Does this work? Shirt works. 944 00:33:18,740 --> 00:33:19,639 Trust us. 945 00:33:19,640 --> 00:33:21,799 And if we're 946 00:33:21,800 --> 00:33:23,539 pragmatists, we think that both of these 947 00:33:23,540 --> 00:33:25,459 models are fine if they produce secure 948 00:33:25,460 --> 00:33:27,259 systems. And the question is, do they? 949 00:33:27,260 --> 00:33:29,059 Now, we have a lot of evidence about how 950 00:33:29,060 --> 00:33:30,679 well the public model works, but not a 951 00:33:30,680 --> 00:33:32,299 lot of evidence about how well the secret 952 00:33:32,300 --> 00:33:33,859 development model works because, well, 953 00:33:33,860 --> 00:33:36,109 it's secret. So one way to look 954 00:33:36,110 --> 00:33:38,329 at our results is to say 955 00:33:38,330 --> 00:33:40,519 that, well, this is a data 956 00:33:40,520 --> 00:33:42,949 point about how well the secret 957 00:33:42,950 --> 00:33:45,379 development model produced 958 00:33:45,380 --> 00:33:46,789 airport scanners. 959 00:33:46,790 --> 00:33:49,039 And it doesn't seem to have done a super 960 00:33:49,040 --> 00:33:49,609 great job. 961 00:33:49,610 --> 00:33:50,779 And frankly, there's really two 962 00:33:50,780 --> 00:33:52,879 alternatives, and we don't know which 963 00:33:52,880 --> 00:33:54,139 one of these is the case. 964 00:33:54,140 --> 00:33:55,879 We need some more transparency to find 965 00:33:55,880 --> 00:33:57,979 out. Either the TSA process 966 00:33:57,980 --> 00:34:00,289 didn't find the flaws that we were able 967 00:34:00,290 --> 00:34:02,539 to in about a year and a half 968 00:34:02,540 --> 00:34:04,909 with under two hundred K of budget 969 00:34:04,910 --> 00:34:07,369 and some graduate student time, 970 00:34:07,370 --> 00:34:09,619 which is kind of bad, or they 971 00:34:09,620 --> 00:34:11,869 found the same flaws and 972 00:34:11,870 --> 00:34:13,849 they went ahead with deployment anyway. 973 00:34:13,850 --> 00:34:15,619 And that's kind of bad, too. 974 00:34:15,620 --> 00:34:17,899 But neither of these makes the model 975 00:34:17,900 --> 00:34:19,369 look particularly good. 976 00:34:25,830 --> 00:34:27,749 And we're very curious which it is, but 977 00:34:27,750 --> 00:34:30,149 we don't know and TSA isn't saying, 978 00:34:30,150 --> 00:34:32,459 in fact, these these 979 00:34:32,460 --> 00:34:34,678 departments are doubling down on secrecy. 980 00:34:34,679 --> 00:34:37,019 I was talking with a reporter who had 981 00:34:37,020 --> 00:34:39,209 spoken with a spokesperson 982 00:34:39,210 --> 00:34:41,099 at a TSA like agency in a different 983 00:34:41,100 --> 00:34:43,049 country. They said, oh, yes, we have 984 00:34:43,050 --> 00:34:44,669 evaluated these machines, too. 985 00:34:44,670 --> 00:34:46,709 We have our own findings about how they 986 00:34:46,710 --> 00:34:47,519 work. 987 00:34:47,520 --> 00:34:49,799 Reporter asks, Will you release 988 00:34:49,800 --> 00:34:51,238 those findings? Will you release that 989 00:34:51,239 --> 00:34:53,399 report? And the spokesperson 990 00:34:53,400 --> 00:34:54,689 just left. 991 00:34:54,690 --> 00:34:55,690 Right. So. 992 00:34:57,620 --> 00:34:59,479 That either works or doesn't. 993 00:34:59,480 --> 00:35:01,549 What we need to do is either to 994 00:35:01,550 --> 00:35:03,559 have more third party audits of these 995 00:35:03,560 --> 00:35:05,359 devices, if you can get them on eBay, if 996 00:35:05,360 --> 00:35:06,499 you can get your hands on one of these 997 00:35:06,500 --> 00:35:08,209 provision, 8D, the millimeter wave 998 00:35:08,210 --> 00:35:10,279 scanners, please call us. 999 00:35:10,280 --> 00:35:12,259 Billy Rios had to talk at Black Hat this 1000 00:35:12,260 --> 00:35:13,669 year where he studied some of these other 1001 00:35:13,670 --> 00:35:15,919 devices. They also didn't do so well. 1002 00:35:15,920 --> 00:35:18,139 Or we think that a different 1003 00:35:18,140 --> 00:35:20,719 model in which the agencies 1004 00:35:20,720 --> 00:35:23,569 reach out to 1005 00:35:23,570 --> 00:35:26,149 to academics, 1006 00:35:26,150 --> 00:35:28,639 to security experts in the community 1007 00:35:28,640 --> 00:35:30,919 and try to get an independent, 1008 00:35:30,920 --> 00:35:33,109 rigorous evaluation is really 1009 00:35:33,110 --> 00:35:33,739 valuable. 1010 00:35:33,740 --> 00:35:35,539 And one model for that is California's 1011 00:35:35,540 --> 00:35:37,669 secretary of state's top to bottom, 1012 00:35:37,670 --> 00:35:39,409 Deborah Bowen's top to bottom review of 1013 00:35:39,410 --> 00:35:40,849 voting machines and use in California in 1014 00:35:40,850 --> 00:35:43,309 2007, which produced reports 1015 00:35:43,310 --> 00:35:45,439 that really helped push the debate around 1016 00:35:45,440 --> 00:35:47,959 voting machines forward quite a bit. 1017 00:35:47,960 --> 00:35:50,629 Now, TSA 1018 00:35:50,630 --> 00:35:52,879 should make clear pulled the machines 1019 00:35:52,880 --> 00:35:55,129 out because the manufacturer wasn't 1020 00:35:55,130 --> 00:35:57,679 able to produce what's called automatic 1021 00:35:57,680 --> 00:35:59,809 target recognition software that worked. 1022 00:35:59,810 --> 00:36:01,339 And the idea behind automatic target 1023 00:36:01,340 --> 00:36:03,469 recognition is that the naked image is 1024 00:36:03,470 --> 00:36:05,449 not shown to the operator directly. 1025 00:36:05,450 --> 00:36:06,949 Rather, it's interpreted by software. 1026 00:36:06,950 --> 00:36:08,869 And the software says go investigate the 1027 00:36:08,870 --> 00:36:09,919 left arm. 1028 00:36:09,920 --> 00:36:12,109 And because of that functional 1029 00:36:12,110 --> 00:36:13,639 requirement that the manufacturer was not 1030 00:36:13,640 --> 00:36:15,829 able to reach, these machines were pulled 1031 00:36:15,830 --> 00:36:16,830 back. 1032 00:36:17,600 --> 00:36:18,649 That means two things. 1033 00:36:18,650 --> 00:36:20,329 It means, one, that if the manufacturer 1034 00:36:20,330 --> 00:36:21,589 is able to come up with that software 1035 00:36:21,590 --> 00:36:23,239 later, they could come back to airports. 1036 00:36:23,240 --> 00:36:25,489 It means to that TSA 1037 00:36:25,490 --> 00:36:27,499 made these machines available to other 1038 00:36:27,500 --> 00:36:29,689 government agencies on 1039 00:36:29,690 --> 00:36:31,609 the model that these things work. 1040 00:36:31,610 --> 00:36:33,109 And if your functional requirements are 1041 00:36:33,110 --> 00:36:35,119 different from ours, then you might want 1042 00:36:35,120 --> 00:36:36,169 to deploy them. 1043 00:36:36,170 --> 00:36:38,359 And the OIG report 1044 00:36:38,360 --> 00:36:40,429 actually gave the details on 1045 00:36:40,430 --> 00:36:41,989 where these machines went. 1046 00:36:41,990 --> 00:36:44,059 TSA had 250 fifty one of these machines, 1047 00:36:44,060 --> 00:36:45,829 which they bought at a cost of about 40 1048 00:36:45,830 --> 00:36:48,019 million dollars. The total cost of the 1049 00:36:48,020 --> 00:36:49,999 program is well over a billion dollars. 1050 00:36:50,000 --> 00:36:51,739 This is just to purchase the Rapiscan 1051 00:36:51,740 --> 00:36:53,809 hardware. Two hundred fifty of those 1052 00:36:53,810 --> 00:36:55,069 two hundred fifty one machines were at 1053 00:36:55,070 --> 00:36:56,449 airport at one point or another. 1054 00:36:56,450 --> 00:36:58,579 They were all pulled back by June of 1055 00:36:58,580 --> 00:37:00,769 2013 and by the end 1056 00:37:00,770 --> 00:37:03,319 of August, TSA had gotten 1057 00:37:03,320 --> 00:37:04,999 rid of about one hundred and sixty five 1058 00:37:05,000 --> 00:37:06,679 of these, one hundred sixty one of them 1059 00:37:06,680 --> 00:37:08,029 to state and local governments. 1060 00:37:08,030 --> 00:37:10,279 Where did they go? Well, they went to 1061 00:37:10,280 --> 00:37:13,729 a bunch of sheriffs offices. 1062 00:37:13,730 --> 00:37:15,829 They went to a bunch of states 1063 00:37:15,830 --> 00:37:17,059 to distribute. 1064 00:37:17,060 --> 00:37:19,279 They ended up, by and large, 1065 00:37:19,280 --> 00:37:21,439 at courthouses and 1066 00:37:21,440 --> 00:37:22,459 jails. 1067 00:37:22,460 --> 00:37:25,129 And frankly, I think that 1068 00:37:25,130 --> 00:37:27,889 whether somebody can get a 1069 00:37:27,890 --> 00:37:29,989 gun into a courthouse or a jail still 1070 00:37:29,990 --> 00:37:32,179 matters. So our findings still matter 1071 00:37:32,180 --> 00:37:33,180 in that respect. 1072 00:37:34,700 --> 00:37:36,949 Finally, TSA also has a contract 1073 00:37:36,950 --> 00:37:39,079 with other manufacturers looking to 1074 00:37:39,080 --> 00:37:41,209 provide new cities that also 1075 00:37:41,210 --> 00:37:43,339 use backscatter X-ray technology to 1076 00:37:43,340 --> 00:37:45,199 do the imaging. And these might still end 1077 00:37:45,200 --> 00:37:46,200 up at airports. 1078 00:37:47,190 --> 00:37:49,859 All right, so taking a step back, 1079 00:37:49,860 --> 00:37:51,749 some more, talking about the broader 1080 00:37:51,750 --> 00:37:53,480 lessons that we learned of. 1081 00:37:54,750 --> 00:37:57,269 First thing we learned is that 1082 00:37:57,270 --> 00:37:59,639 you can't ever do better than what's 1083 00:37:59,640 --> 00:38:00,989 coming out of your sensors. 1084 00:38:00,990 --> 00:38:02,729 So the way that these machines are 1085 00:38:02,730 --> 00:38:05,279 operating their sensors, all they get 1086 00:38:05,280 --> 00:38:07,799 is a brightness per pixel, 1087 00:38:07,800 --> 00:38:08,729 dark or light. 1088 00:38:08,730 --> 00:38:10,709 And there's no way for them to 1089 00:38:10,710 --> 00:38:13,229 distinguish between dark metal and 1090 00:38:13,230 --> 00:38:15,239 background where there's no backscatter 1091 00:38:15,240 --> 00:38:17,249 and there's just nothing they can do to 1092 00:38:17,250 --> 00:38:18,250 improve on that. 1093 00:38:20,620 --> 00:38:22,509 There's other X-ray scans, for example, 1094 00:38:22,510 --> 00:38:24,669 for baggage that use a different model 1095 00:38:24,670 --> 00:38:26,979 and do do better, but 1096 00:38:26,980 --> 00:38:28,659 the physics doesn't matter if the 1097 00:38:28,660 --> 00:38:30,789 software that mediate between your 1098 00:38:30,790 --> 00:38:33,279 sensors and the operators view 1099 00:38:33,280 --> 00:38:34,389 has been compromised. 1100 00:38:34,390 --> 00:38:36,069 And we were able to do that with physical 1101 00:38:36,070 --> 00:38:38,199 access to the machine and show a proof of 1102 00:38:38,200 --> 00:38:40,269 concept that 1103 00:38:40,270 --> 00:38:42,399 is a problem with every kind 1104 00:38:42,400 --> 00:38:43,479 of scanner. 1105 00:38:43,480 --> 00:38:45,579 But it's not a problem that based on the 1106 00:38:45,580 --> 00:38:47,649 public messaging, at least TSA or 1107 00:38:47,650 --> 00:38:48,969 the manufacturers seems to have 1108 00:38:48,970 --> 00:38:49,970 understood. 1109 00:38:51,290 --> 00:38:53,389 Second, procedures really matter, you 1110 00:38:53,390 --> 00:38:55,699 deploy a system not just on its own, 1111 00:38:55,700 --> 00:38:57,649 but as part of a bigger system with 1112 00:38:57,650 --> 00:38:59,449 humans operating it and 1113 00:39:00,500 --> 00:39:02,719 procedures are something that 1114 00:39:02,720 --> 00:39:05,029 you can lose. You can know today 1115 00:39:05,030 --> 00:39:07,009 that you should be doing side scans that 1116 00:39:07,010 --> 00:39:09,229 send your report from nineteen ninety one 1117 00:39:09,230 --> 00:39:11,299 said that you should be doing side scans 1118 00:39:11,300 --> 00:39:13,519 and then by the time the system gets 1119 00:39:13,520 --> 00:39:15,499 deployed, that's gone. 1120 00:39:15,500 --> 00:39:17,989 In fact, the way that the UI 1121 00:39:17,990 --> 00:39:20,509 of the system is set up, it discourages 1122 00:39:20,510 --> 00:39:22,639 operators from doing both side scans 1123 00:39:22,640 --> 00:39:23,569 on front and back scans. 1124 00:39:23,570 --> 00:39:25,309 It really wants only two scans per 1125 00:39:25,310 --> 00:39:26,399 subject instead of four. 1126 00:39:26,400 --> 00:39:28,279 And that's really unfortunate because it 1127 00:39:28,280 --> 00:39:30,379 nudges the operator away from doing this 1128 00:39:30,380 --> 00:39:31,699 thing that would actually be safer 1129 00:39:33,110 --> 00:39:34,039 next. 1130 00:39:34,040 --> 00:39:35,959 This is not the crowd that needs to be 1131 00:39:35,960 --> 00:39:38,119 told this, but thinking 1132 00:39:38,120 --> 00:39:40,219 like an adversary really matters 1133 00:39:40,220 --> 00:39:42,439 in whether you end up producing a secure 1134 00:39:42,440 --> 00:39:43,819 system or not. 1135 00:39:43,820 --> 00:39:46,249 Another thing that really matters 1136 00:39:46,250 --> 00:39:48,349 is how simple, how 1137 00:39:48,350 --> 00:39:50,779 modular, how carefully 1138 00:39:50,780 --> 00:39:52,699 separated all the parts of the system 1139 00:39:52,700 --> 00:39:54,409 are. And this is unfortunately somewhere 1140 00:39:54,410 --> 00:39:55,819 where I think we're seeing somewhat of a 1141 00:39:55,820 --> 00:39:57,649 regression because the systems that were 1142 00:39:57,650 --> 00:40:00,229 designed in the 80s and 90s with discrete 1143 00:40:00,230 --> 00:40:02,329 logic and very simple protocols 1144 00:40:02,330 --> 00:40:05,329 seem to do much better than 1145 00:40:05,330 --> 00:40:07,099 systems that are more commonly designed 1146 00:40:07,100 --> 00:40:09,409 today, that have a lot of integration and 1147 00:40:09,410 --> 00:40:10,739 very capable S.O.S. 1148 00:40:13,540 --> 00:40:14,979 And then finally, 1149 00:40:16,720 --> 00:40:18,969 it's not really clear that 1150 00:40:18,970 --> 00:40:21,249 the secrecy 1151 00:40:21,250 --> 00:40:23,529 with which TSA and the manufacturer 1152 00:40:23,530 --> 00:40:25,479 treated these systems actually kept 1153 00:40:25,480 --> 00:40:27,939 people from coming up with attacks 1154 00:40:27,940 --> 00:40:29,019 that would work. 1155 00:40:29,020 --> 00:40:30,969 So I talked earlier about Jonathan 1156 00:40:30,970 --> 00:40:33,069 Corbitt, the blogger, who said, well, 1157 00:40:33,070 --> 00:40:34,929 I bet you could just place this to the 1158 00:40:34,930 --> 00:40:36,279 side of the body and it would just be 1159 00:40:36,280 --> 00:40:38,559 invisible. And I tested it and it seems 1160 00:40:38,560 --> 00:40:39,560 to work. 1161 00:40:40,180 --> 00:40:41,199 He wasn't the only one. 1162 00:40:41,200 --> 00:40:43,569 There are physicists even earlier who 1163 00:40:43,570 --> 00:40:46,029 in that infuriating physicist way that 1164 00:40:46,030 --> 00:40:48,609 physicists who looked at the images 1165 00:40:48,610 --> 00:40:49,929 that were published and said, well, the 1166 00:40:49,930 --> 00:40:52,179 machine must work this way, and therefore 1167 00:40:52,180 --> 00:40:54,159 we hypothesize that metal to the side of 1168 00:40:54,160 --> 00:40:55,359 the body will be invisible. 1169 00:40:55,360 --> 00:40:57,519 And we further hypothesize that a 1170 00:40:57,520 --> 00:40:59,619 pancake of explosive shaped 1171 00:40:59,620 --> 00:41:02,199 to the to the stomach should 1172 00:41:02,200 --> 00:41:03,819 be invisible against the skin. 1173 00:41:03,820 --> 00:41:05,139 And both of these things were right. 1174 00:41:05,140 --> 00:41:07,449 And neither of these groups had 1175 00:41:07,450 --> 00:41:09,639 access to the machines to test on. 1176 00:41:09,640 --> 00:41:12,219 So the fact that 1177 00:41:12,220 --> 00:41:14,289 the details of the operation of these 1178 00:41:14,290 --> 00:41:16,119 machines was kept secret didn't keep 1179 00:41:16,120 --> 00:41:18,099 people from coming up and publicly 1180 00:41:18,100 --> 00:41:20,379 disclosing attacks that would work. 1181 00:41:20,380 --> 00:41:22,509 It kept the public from being 1182 00:41:22,510 --> 00:41:24,279 informed and participating in a 1183 00:41:24,280 --> 00:41:25,929 meaningful debate. 1184 00:41:25,930 --> 00:41:27,999 One thing that we did find out that we 1185 00:41:28,000 --> 00:41:29,919 were a little bit surprised by is how 1186 00:41:29,920 --> 00:41:32,349 much better our attacks got 1187 00:41:32,350 --> 00:41:34,449 once we had access to the machine 1188 00:41:34,450 --> 00:41:36,309 to test on. So we had things that we were 1189 00:41:36,310 --> 00:41:37,419 sure would totally work. 1190 00:41:37,420 --> 00:41:39,459 And then we'd put them up against the 1191 00:41:39,460 --> 00:41:41,709 machine and they'd be very visible. 1192 00:41:41,710 --> 00:41:44,199 And we had to go through a process 1193 00:41:44,200 --> 00:41:46,389 of iteration and refinement until 1194 00:41:46,390 --> 00:41:48,489 we came up with something that 1195 00:41:48,490 --> 00:41:50,649 actually was, as you 1196 00:41:50,650 --> 00:41:52,029 saw, quite invisible. 1197 00:41:52,030 --> 00:41:54,249 And we were able repeatedly to to 1198 00:41:54,250 --> 00:41:56,229 get things past the machine. 1199 00:41:56,230 --> 00:41:58,539 So one defense that might 1200 00:41:58,540 --> 00:42:01,299 actually work is to 1201 00:42:01,300 --> 00:42:04,239 keep these machines out of the hands 1202 00:42:04,240 --> 00:42:06,459 of people who might want to 1203 00:42:06,460 --> 00:42:08,539 actually mount attacks. 1204 00:42:08,540 --> 00:42:10,659 Now, unfortunately, if that's what 1205 00:42:10,660 --> 00:42:12,489 you're going to do, you probably 1206 00:42:12,490 --> 00:42:14,649 shouldn't sell these machines 1207 00:42:14,650 --> 00:42:16,899 at surplus auction in 1208 00:42:16,900 --> 00:42:19,239 Europe to any 1209 00:42:19,240 --> 00:42:20,240 random old person. 1210 00:42:22,630 --> 00:42:24,759 You probably should control a lot better 1211 00:42:24,760 --> 00:42:27,069 who gets access to these machines as part 1212 00:42:27,070 --> 00:42:28,070 of their jobs. 1213 00:42:29,590 --> 00:42:31,689 And frankly, it's 1214 00:42:31,690 --> 00:42:33,639 not really clear at all that this is that 1215 00:42:33,640 --> 00:42:36,099 this is a feasible control because 1216 00:42:36,100 --> 00:42:37,479 I used to be able to keep track of all 1217 00:42:37,480 --> 00:42:38,799 these other machines that were available 1218 00:42:38,800 --> 00:42:40,089 to sale on auction. 1219 00:42:40,090 --> 00:42:41,809 I lost track. 1220 00:42:41,810 --> 00:42:43,539 I believe that as of a couple of days 1221 00:42:43,540 --> 00:42:45,429 ago, you could buy one of these machines 1222 00:42:45,430 --> 00:42:47,079 for four thousand dollars. 1223 00:42:47,080 --> 00:42:48,879 And the seller even claimed that it was 1224 00:42:48,880 --> 00:42:51,069 an exact model with both of the unit 1225 00:42:51,070 --> 00:42:52,719 side by side as opposed to ours. 1226 00:42:52,720 --> 00:42:55,509 So the one 1227 00:42:55,510 --> 00:42:57,759 kind of secrecy that we think 1228 00:42:57,760 --> 00:43:00,459 might actually be valuable in practice 1229 00:43:00,460 --> 00:43:02,859 does not seem to be 1230 00:43:02,860 --> 00:43:03,939 being used. 1231 00:43:03,940 --> 00:43:06,249 And with that reassuring 1232 00:43:06,250 --> 00:43:08,379 note, I'll stop and take any questions 1233 00:43:08,380 --> 00:43:09,380 that you have. 1234 00:43:21,000 --> 00:43:23,130 Thank you for this very interesting talk. 1235 00:43:25,200 --> 00:43:27,059 First of all, do we have any questions 1236 00:43:27,060 --> 00:43:28,110 from the Signal Angel? 1237 00:43:30,120 --> 00:43:31,120 Yes, no, maybe, 1238 00:43:32,190 --> 00:43:33,629 yes, please. 1239 00:43:33,630 --> 00:43:35,639 Yes, we have three questions. 1240 00:43:35,640 --> 00:43:37,829 The first one is with the scanner, detect 1241 00:43:37,830 --> 00:43:39,899 explosives that are hidden inside a 1242 00:43:39,900 --> 00:43:41,579 human body. Have you tested it? 1243 00:43:44,130 --> 00:43:46,319 We did not get a subject willing 1244 00:43:46,320 --> 00:43:47,820 to test that particular attack. 1245 00:43:49,920 --> 00:43:52,529 We don't know is clear 1246 00:43:52,530 --> 00:43:55,259 that the the scanner does see 1247 00:43:55,260 --> 00:43:56,579 a little bit into the body. 1248 00:43:56,580 --> 00:43:59,159 You could see the shin bones, but 1249 00:43:59,160 --> 00:44:01,649 I don't know that we can speculate 1250 00:44:01,650 --> 00:44:03,779 about any particular other 1251 00:44:03,780 --> 00:44:04,780 placement. 1252 00:44:07,080 --> 00:44:08,819 OK, one more from the police. 1253 00:44:08,820 --> 00:44:09,939 OK, thank you. 1254 00:44:09,940 --> 00:44:12,029 Um, another question was, 1255 00:44:12,030 --> 00:44:14,129 would it be helpful to have a 1256 00:44:14,130 --> 00:44:16,259 check, check up pattern 1257 00:44:16,260 --> 00:44:18,689 in the background of the scan people 1258 00:44:18,690 --> 00:44:20,840 to distinguish the the outline better? 1259 00:44:24,490 --> 00:44:27,069 So is the question that having 1260 00:44:27,070 --> 00:44:28,630 a pat down, in addition to 1261 00:44:29,710 --> 00:44:31,809 the advanced imaging, I think I think 1262 00:44:31,810 --> 00:44:34,059 the question is, could you have 1263 00:44:34,060 --> 00:44:36,189 some sort of background 1264 00:44:36,190 --> 00:44:38,739 behind the subject 1265 00:44:38,740 --> 00:44:40,929 that was some sort of 1266 00:44:40,930 --> 00:44:42,669 checkerboard pattern or something like 1267 00:44:42,670 --> 00:44:44,799 that, where it wasn't 1268 00:44:44,800 --> 00:44:47,199 all it wasn't all clear. 1269 00:44:48,760 --> 00:44:50,319 The problem is that you do need that to 1270 00:44:50,320 --> 00:44:51,609 be pretty. 1271 00:44:51,610 --> 00:44:53,649 So there was a wall behind us, our 1272 00:44:53,650 --> 00:44:55,659 subject. It was just far enough away that 1273 00:44:55,660 --> 00:44:58,119 the the x rays didn't come back 1274 00:44:58,120 --> 00:44:59,829 to register substantially. 1275 00:44:59,830 --> 00:45:02,439 So you'd need this to be much closer to 1276 00:45:02,440 --> 00:45:04,509 the person. Now, if you look at 1277 00:45:04,510 --> 00:45:06,699 the TSA model in order to save time, 1278 00:45:06,700 --> 00:45:08,829 they have two of these units facing each 1279 00:45:08,830 --> 00:45:10,239 other in the subject in the middle. 1280 00:45:10,240 --> 00:45:11,829 So it's not really clear where you could 1281 00:45:11,830 --> 00:45:14,469 place that to to get 1282 00:45:14,470 --> 00:45:16,239 a useful background. 1283 00:45:16,240 --> 00:45:17,709 You might also be able to use the 1284 00:45:17,710 --> 00:45:20,109 external PMT attack to 1285 00:45:20,110 --> 00:45:22,179 determine what that pattern is and then 1286 00:45:22,180 --> 00:45:23,979 figure out where to hide your contraband 1287 00:45:23,980 --> 00:45:24,980 based on that. 1288 00:45:28,010 --> 00:45:30,439 OK, let's take one question from 1289 00:45:30,440 --> 00:45:31,849 microphone three, please. 1290 00:45:33,020 --> 00:45:35,509 Hi, first, thanks for the talk. 1291 00:45:35,510 --> 00:45:37,549 It's really good. 1292 00:45:37,550 --> 00:45:40,279 You mentioned that the secrecy 1293 00:45:40,280 --> 00:45:42,589 model doesn't work so well. 1294 00:45:42,590 --> 00:45:44,659 I don't believe 1295 00:45:44,660 --> 00:45:46,939 that we can get rid of that. 1296 00:45:46,940 --> 00:45:48,619 It's just human nature. 1297 00:45:48,620 --> 00:45:50,899 Just as a manager 1298 00:45:50,900 --> 00:45:52,069 in charge of I'm not. 1299 00:45:52,070 --> 00:45:53,070 But just 1300 00:45:54,230 --> 00:45:55,939 thinking of a manager in charge of 1301 00:45:55,940 --> 00:45:58,099 implementing a system, the 1302 00:45:58,100 --> 00:46:00,229 idea would be that I get 1303 00:46:00,230 --> 00:46:03,229 a lot of people from the outside to 1304 00:46:03,230 --> 00:46:06,259 try to break my idea of my project 1305 00:46:06,260 --> 00:46:07,789 in order to make it secure. 1306 00:46:07,790 --> 00:46:10,129 And that requires a lot of backbone 1307 00:46:10,130 --> 00:46:12,379 and that I 1308 00:46:12,380 --> 00:46:13,309 don't want to insult anybody. 1309 00:46:13,310 --> 00:46:15,949 But managers 1310 00:46:15,950 --> 00:46:18,169 tend not to be 1311 00:46:18,170 --> 00:46:20,269 very big boned, strong, but 1312 00:46:20,270 --> 00:46:21,889 more like, you know, weaseling around. 1313 00:46:21,890 --> 00:46:23,959 And so I don't believe that you 1314 00:46:23,960 --> 00:46:26,089 get rid of the secrecy model 1315 00:46:27,680 --> 00:46:28,680 that just my opinion 1316 00:46:30,230 --> 00:46:31,230 said it is is. 1317 00:46:32,700 --> 00:46:34,919 I I think that 1318 00:46:34,920 --> 00:46:36,449 there is a difference between secrecy and 1319 00:46:36,450 --> 00:46:37,859 sort of keeping, 1320 00:46:39,180 --> 00:46:41,399 say, closed source or something is as 1321 00:46:41,400 --> 00:46:43,219 a as a model for keeping things secret. 1322 00:46:43,220 --> 00:46:45,449 So, as I've said, the 1323 00:46:45,450 --> 00:46:47,639 public model could include proprietary 1324 00:46:47,640 --> 00:46:49,139 software, proprietary solutions being 1325 00:46:49,140 --> 00:46:51,389 evaluated in the public 1326 00:46:51,390 --> 00:46:53,789 versus sort of a trust 1327 00:46:53,790 --> 00:46:56,099 us. This is this is secure. 1328 00:46:56,100 --> 00:46:57,269 You don't even need to look at this. 1329 00:46:57,270 --> 00:46:59,369 You shouldn't be looking at this, um, 1330 00:46:59,370 --> 00:47:00,329 sort of model. 1331 00:47:00,330 --> 00:47:02,399 I've been working in professional 1332 00:47:02,400 --> 00:47:04,459 software, and 1333 00:47:04,460 --> 00:47:06,629 I know that you build something and, 1334 00:47:06,630 --> 00:47:08,039 you know, it's flawed. 1335 00:47:08,040 --> 00:47:10,299 You just hope nobody finds out, 1336 00:47:10,300 --> 00:47:12,689 uh, and you don't want to 1337 00:47:12,690 --> 00:47:15,029 try to try and get a direction 1338 00:47:15,030 --> 00:47:17,429 attention to that and 1339 00:47:17,430 --> 00:47:20,069 tell people, just look at that and 1340 00:47:20,070 --> 00:47:21,599 tell me my project is busted. 1341 00:47:23,550 --> 00:47:25,260 So pessimistic way, but. 1342 00:47:28,560 --> 00:47:30,119 OK, just a quick note, if you have to 1343 00:47:30,120 --> 00:47:32,399 leave in between, please be quiet. 1344 00:47:32,400 --> 00:47:34,259 If you can, please remain seated. 1345 00:47:34,260 --> 00:47:36,659 It's not going to take that long. 1346 00:47:36,660 --> 00:47:38,849 And I think the discussion has been very 1347 00:47:38,850 --> 00:47:40,469 interesting so far. 1348 00:47:40,470 --> 00:47:42,639 So let's take one question from 1349 00:47:42,640 --> 00:47:43,640 my friend to please. 1350 00:47:44,670 --> 00:47:47,099 Do you know about the publication 1351 00:47:47,100 --> 00:47:49,289 of the TSA 1352 00:47:49,290 --> 00:47:51,599 software? It was to able 1353 00:47:51,600 --> 00:47:53,849 to save images, too, from 1354 00:47:53,850 --> 00:47:55,409 one of the machines that went to a 1355 00:47:55,410 --> 00:47:57,569 courthouse. And some 1356 00:47:57,570 --> 00:47:59,729 journalists got to know of it 1357 00:47:59,730 --> 00:48:01,889 and asked the Freedom 1358 00:48:01,890 --> 00:48:04,259 of Information Act of this courthouse 1359 00:48:04,260 --> 00:48:05,999 to release those images. 1360 00:48:06,000 --> 00:48:08,279 And then I think the if 1361 00:48:08,280 --> 00:48:10,559 published, some of those 1362 00:48:10,560 --> 00:48:11,560 redacted. 1363 00:48:13,050 --> 00:48:15,179 Yes. So so other 1364 00:48:15,180 --> 00:48:17,849 sites in other deployments definitely 1365 00:48:17,850 --> 00:48:20,159 have shipped to the field with software 1366 00:48:20,160 --> 00:48:21,719 that allows saving. 1367 00:48:21,720 --> 00:48:23,849 TSA swears up and down 1368 00:48:23,850 --> 00:48:25,559 that there's is ship to the field with 1369 00:48:25,560 --> 00:48:27,059 software that doesn't allow saving. 1370 00:48:27,060 --> 00:48:29,279 But it's pretty clear that 1371 00:48:29,280 --> 00:48:31,799 if that software were replaced 1372 00:48:31,800 --> 00:48:34,649 or somebody put, you know, a 1373 00:48:34,650 --> 00:48:36,809 figure captured dongle or any of 1374 00:48:36,810 --> 00:48:38,819 these other kinds of things, smuggled a 1375 00:48:38,820 --> 00:48:40,889 cell phone into the room where the 1376 00:48:40,890 --> 00:48:43,019 images are inspected, that these 1377 00:48:43,020 --> 00:48:45,839 these images are not necessarily 1378 00:48:45,840 --> 00:48:47,819 as ephemeral as TSA claims. 1379 00:48:47,820 --> 00:48:48,820 OK, thank you. 1380 00:48:50,040 --> 00:48:51,419 Do we have any more questions from the 1381 00:48:51,420 --> 00:48:52,420 Internet? 1382 00:48:53,510 --> 00:48:55,999 Now, OK, then, let's go back to Microfit 1383 00:48:56,000 --> 00:48:57,679 three, please. 1384 00:48:57,680 --> 00:48:59,749 Firstly, great, OK, guys, thanks for 1385 00:48:59,750 --> 00:49:01,339 coming to us. 1386 00:49:01,340 --> 00:49:03,409 From what I gather, it seems like this 1387 00:49:03,410 --> 00:49:05,839 the sensors are basically a skin sensor. 1388 00:49:05,840 --> 00:49:07,159 It's telling you where there is skin and 1389 00:49:07,160 --> 00:49:08,509 where there's not skin. 1390 00:49:08,510 --> 00:49:09,969 So what's stopping you? 1391 00:49:09,970 --> 00:49:12,049 Or in fact, have you tried using, 1392 00:49:12,050 --> 00:49:13,669 say, a sheet of pigskin, which you can 1393 00:49:13,670 --> 00:49:15,679 buy for about 20 bucks from the butcher 1394 00:49:15,680 --> 00:49:17,869 and concealing contraband underneath 1395 00:49:17,870 --> 00:49:19,879 that? And if the skin is thick enough, 1396 00:49:19,880 --> 00:49:21,739 then I mean, we can see the shin bones 1397 00:49:21,740 --> 00:49:23,149 because the skin there is quite thin. 1398 00:49:23,150 --> 00:49:25,369 But if you get a thick piece of big skin, 1399 00:49:25,370 --> 00:49:27,739 you could put practically anything 1400 00:49:27,740 --> 00:49:29,359 under there. From what I gather, from how 1401 00:49:29,360 --> 00:49:31,189 this how this works, has this been tested 1402 00:49:31,190 --> 00:49:32,269 by yourselves or anyone else? 1403 00:49:33,800 --> 00:49:36,589 So one of the problems with testing with 1404 00:49:36,590 --> 00:49:38,869 pig skin or, you know, steaks 1405 00:49:38,870 --> 00:49:40,850 is that you end up having raw meat, 1406 00:49:41,960 --> 00:49:43,199 which gets very messy. 1407 00:49:43,200 --> 00:49:45,259 Um, so 1408 00:49:45,260 --> 00:49:47,269 I think I think I agree that those sorts 1409 00:49:47,270 --> 00:49:49,849 of techniques could mask. 1410 00:49:49,850 --> 00:49:52,039 But again, they do have to be 1411 00:49:52,040 --> 00:49:53,299 fairly thick. 1412 00:49:53,300 --> 00:49:54,619 And the other thing that you have to keep 1413 00:49:54,620 --> 00:49:56,599 in mind is that they have to taper down 1414 00:49:56,600 --> 00:49:58,819 to to to 1415 00:49:58,820 --> 00:50:00,919 sort of match your skin, because if 1416 00:50:00,920 --> 00:50:03,499 there is sort of a gap between 1417 00:50:03,500 --> 00:50:05,029 sort of a thick slab of meat that all of 1418 00:50:05,030 --> 00:50:07,139 a sudden just ends, you'll see a shadow. 1419 00:50:07,140 --> 00:50:09,199 And, um, so I'm, 1420 00:50:09,200 --> 00:50:11,329 uh, my family's Italian and I've 1421 00:50:11,330 --> 00:50:12,889 worked with pigskin quite a lot. 1422 00:50:12,890 --> 00:50:15,199 And you can actually really shape 1423 00:50:15,200 --> 00:50:18,019 and type of this stuff and contour it. 1424 00:50:18,020 --> 00:50:20,089 So and it doesn't it doesn't sort of 1425 00:50:20,090 --> 00:50:22,249 drip blood like like a steak would. 1426 00:50:22,250 --> 00:50:24,379 So I would recommend perhaps trying to 1427 00:50:24,380 --> 00:50:25,309 work with this. 1428 00:50:25,310 --> 00:50:26,419 I mean, it's it's ten bucks. 1429 00:50:26,420 --> 00:50:27,559 Give it a go, guys. 1430 00:50:27,560 --> 00:50:28,560 It's. 1431 00:50:32,310 --> 00:50:34,649 I will say that right now 1432 00:50:34,650 --> 00:50:36,929 I think our best our 1433 00:50:36,930 --> 00:50:39,269 best answer for how do you smuggle, 1434 00:50:39,270 --> 00:50:41,369 say, a gun on a person as opposed to 1435 00:50:41,370 --> 00:50:43,079 off to the side of the body is, as you 1436 00:50:43,080 --> 00:50:44,429 wrap it up, real nice in plastic 1437 00:50:44,430 --> 00:50:45,430 explosive, 1438 00:50:47,130 --> 00:50:48,629 because that's easier to get than a piece 1439 00:50:48,630 --> 00:50:49,799 of thick skin. 1440 00:50:49,800 --> 00:50:52,019 Well, it turns out you just call up or 1441 00:50:52,020 --> 00:50:53,999 you call up this company and you say, I'd 1442 00:50:54,000 --> 00:50:55,229 like some simulant, please. 1443 00:50:55,230 --> 00:50:57,229 And they say, OK. 1444 00:50:57,230 --> 00:50:58,230 That's scary. 1445 00:50:59,130 --> 00:51:00,419 And we did test. 1446 00:51:00,420 --> 00:51:02,549 We tested before we put the detonators 1447 00:51:02,550 --> 00:51:05,099 next to the simulant, but it's not 1448 00:51:05,100 --> 00:51:06,689 it's not real explosive. 1449 00:51:06,690 --> 00:51:07,690 Thanks for that. 1450 00:51:09,960 --> 00:51:12,179 OK, let's get back to the microphone 1451 00:51:12,180 --> 00:51:13,229 to please. 1452 00:51:13,230 --> 00:51:15,929 I wonder if it would be possible to 1453 00:51:15,930 --> 00:51:17,949 hide something even with the side scan 1454 00:51:17,950 --> 00:51:20,099 sonar, maybe the idea would be maybe 1455 00:51:20,100 --> 00:51:22,279 between the eyes that 1456 00:51:22,280 --> 00:51:24,059 the scan from the front and behind it 1457 00:51:24,060 --> 00:51:26,519 would be between, uh, against 1458 00:51:26,520 --> 00:51:28,799 the background and for the side 1459 00:51:28,800 --> 00:51:30,479 scan. But maybe the knife would be 1460 00:51:30,480 --> 00:51:32,669 shielded by the by the 1461 00:51:32,670 --> 00:51:35,219 by both sides for themselves that 1462 00:51:35,220 --> 00:51:36,689 that might be possible. 1463 00:51:36,690 --> 00:51:38,429 I think, um. 1464 00:51:38,430 --> 00:51:40,949 So the procedure for the side scan 1465 00:51:40,950 --> 00:51:43,559 is actually sort of an offset 1466 00:51:43,560 --> 00:51:45,719 legs and offset arms to 1467 00:51:45,720 --> 00:51:47,939 try to counter that. But yes, there could 1468 00:51:47,940 --> 00:51:49,629 still be you could sort of fake it. 1469 00:51:49,630 --> 00:51:51,539 No, I didn't hear you sort of. 1470 00:51:51,540 --> 00:51:53,309 I don't mind maybe with you with the 1471 00:51:53,310 --> 00:51:55,549 arms. I think they were not right. 1472 00:51:55,550 --> 00:51:57,509 No one got a completely, completely 1473 00:51:57,510 --> 00:51:58,510 straight up. 1474 00:52:03,650 --> 00:52:05,929 OK. Microphone three again, please. 1475 00:52:05,930 --> 00:52:08,089 So there were X hundred million flights 1476 00:52:08,090 --> 00:52:09,619 per year in countries that deploy these 1477 00:52:09,620 --> 00:52:11,059 things were deployed, these things, and 1478 00:52:11,060 --> 00:52:13,159 each person gets a banana or two. 1479 00:52:13,160 --> 00:52:14,389 Have you thought the entire model to 1480 00:52:14,390 --> 00:52:15,769 figure out the number of excess deaths? 1481 00:52:20,540 --> 00:52:23,869 Well, so we have looked at, uh, 1482 00:52:23,870 --> 00:52:26,149 worked with the 1483 00:52:26,150 --> 00:52:28,519 medical department, um, uh, 1484 00:52:28,520 --> 00:52:30,199 a little bit to sort of look at that and 1485 00:52:30,200 --> 00:52:32,329 see one of the problems is 1486 00:52:32,330 --> 00:52:34,759 that the the levels of radiation 1487 00:52:34,760 --> 00:52:37,639 here are so low that the models 1488 00:52:37,640 --> 00:52:39,229 we're not confident that the models can 1489 00:52:39,230 --> 00:52:41,539 actually accurately reflect, um, 1490 00:52:41,540 --> 00:52:43,639 sort of an accurate picture of a large 1491 00:52:43,640 --> 00:52:46,099 number of very, very small scans. 1492 00:52:46,100 --> 00:52:48,229 Um, but given the models 1493 00:52:48,230 --> 00:52:50,719 that we do have, I think that the 1494 00:52:50,720 --> 00:52:52,789 the increased number of deaths is still 1495 00:52:52,790 --> 00:52:54,479 below one. 1496 00:52:54,480 --> 00:52:55,550 OK, so. 1497 00:52:57,770 --> 00:52:59,269 OK, we have one more question from the 1498 00:52:59,270 --> 00:53:00,799 Internet, thank you. 1499 00:53:00,800 --> 00:53:03,249 The question is, how do 1500 00:53:03,250 --> 00:53:04,969 the scanner perform the leather? 1501 00:53:04,970 --> 00:53:05,970 Kloth. 1502 00:53:09,230 --> 00:53:11,299 I am sorry to report that we're not cool 1503 00:53:11,300 --> 00:53:12,300 enough to have tested that 1504 00:53:14,300 --> 00:53:15,300 maybe the. 1505 00:53:18,510 --> 00:53:20,429 OK, again, microphone number three, 1506 00:53:20,430 --> 00:53:21,029 please. 1507 00:53:21,030 --> 00:53:23,039 I, uh, thanks for the very interesting 1508 00:53:23,040 --> 00:53:25,259 talk, if I think I've 1509 00:53:25,260 --> 00:53:27,359 once read and a cyber crime novel or 1510 00:53:27,360 --> 00:53:30,119 something like that, that someone used 1511 00:53:30,120 --> 00:53:32,459 glass weapons like a glass knife, 1512 00:53:32,460 --> 00:53:34,669 or would you be able to conceive 1513 00:53:34,670 --> 00:53:37,229 that an x ray scans? 1514 00:53:37,230 --> 00:53:39,299 Like, would that even show up in 1515 00:53:39,300 --> 00:53:41,440 a just normal skin without hiding it? 1516 00:53:42,810 --> 00:53:45,089 So glass specifically will 1517 00:53:45,090 --> 00:53:47,159 it reflects back 1518 00:53:47,160 --> 00:53:48,719 as much like skin. 1519 00:53:48,720 --> 00:53:50,249 However, you can sort of put it over 1520 00:53:50,250 --> 00:53:52,469 skin. And if 1521 00:53:52,470 --> 00:53:54,419 it's the right thickness and everything, 1522 00:53:54,420 --> 00:53:57,359 then it might look very much like skin. 1523 00:53:57,360 --> 00:53:59,789 Similarly, ceramic materials 1524 00:53:59,790 --> 00:54:01,709 could could also be used. 1525 00:54:01,710 --> 00:54:04,079 I think ceramic is brighter than 1526 00:54:04,080 --> 00:54:05,629 so than skin by default. 1527 00:54:05,630 --> 00:54:07,769 You see it as a as a bright 1528 00:54:07,770 --> 00:54:08,729 spot on the skin. 1529 00:54:08,730 --> 00:54:10,019 I don't know how glass looks. 1530 00:54:13,760 --> 00:54:16,429 OK, if there are no more questions, 1531 00:54:17,720 --> 00:54:19,489 please give our speakers another warm 1532 00:54:19,490 --> 00:54:20,490 round of applause.