Tag: TSA

New Underwear Bomb, New Threat Information

It’s a good bet that news of a new thwarted underwear bomber will underlie more than one argument for the strip-search machines American travelers encounter even at the domestic terminals of our airports. According to the AP:

The plot involved an upgrade of the underwear bomb that failed to detonate aboard a jetliner over Detroit on Christmas 2009. This new bomb was also designed to be used in a passenger’s underwear, but this time al-Qaida developed a more refined detonation system, U.S. officials said. … The would-be suicide bomber, based in Yemen, had not yet picked a target or bought his plane tickets when the CIA stepped in and seized the bomb, officials said.

Reading this, you’ve been reminded of the fact that, somewhere in a remote Middle Eastern backwater, someone would like to bomb an aircraft flying into the United States. For many, this will induce a bout of probability neglect, making it very hard to process the upshot of this news: This type of attack, which was already very unlikely to succeed, has been made even less likely to succeed.

How did it become less likely to succeed? Let’s use the Transportation Security Administration’s layered security concept to examine things.

In December 2009, the underwear bomber (well—he failed: the “underwear bomb plotter”), managed to get a deformed bomb onto a plane. It was so deformed that he could not cause it to explode. Instead, he burned himself while other passengers subdued him. In the TSA’s formulation, the plot was foiled by the last security layer (it’s hard to read in the graphic): passengers.

(This is not actually the last security layer. The design of planes to withstand shocks to the fuselage is a preventive against downings that small smuggled bombs will have a hard time overcoming.)

The latest news has it that an updated underwear bomb was seized in Yemen by the CIA. That’s the first layer of security in the TSA’s graphic. Intelligence—the first layer.

(This is not actually the first security layer. A benign, phlegmatic foreign policy would produce fewer people worldwide wishing to do the United States harm and more people intolerant of those who do.)

Now, it is not all 100%, unalloyed good security news. As the AP report says:

The FBI is examining the latest bomb to see whether it could have passed through airport security and brought down an airplane, officials said. They said the device did not contain metal, meaning it probably could have passed through an airport metal detector. But it was not clear whether new body scanners used in many airports would have detected it.

There may be an innovation in underwear bombs that make them easier to smuggle on to planes. At its best, this innovation may render the body scanners useless against them. (Again, watch for arguments that, despite their impotence, this news makes body scanners all the more essential. A news report yesterday said that new vulnerabilities in the machines have been unearthed by government investigators.)

On balance, I think this news shows just how much the threat is diminished. Innovations in bomb-making, happening on the far outskirts of modern society, are being thwarted at their source, long before they begin the journey through the many other security layers that protect aviation and air travelers. You may continue to move about the country even more confident of your safety than you did before. I’m hopping on a plane again Friday morning, and I will be just as polite and cheerful as ever in declining to go through the strip-search machines.

The TSA Won’t Be Reformed

Why is it that the head of the Transportation Security Administration comes out with his ideas for reform three years after leaving office? Is it the book he’s got coming out next week? That’s part of it. But he supplies the real answer: “TSA’s bureaucratic momentum and political pressures.”

It’s possible to imagine an agency that isn’t directed by bureaucratic momentum and political pressures, but it isn’t possible to produce one. The litany of nonsensical procedures, indignities, and privacy invasions at the airport will not go away until the TSA does.

Viral Video Strips Down Strip-Search Machines

The TSA’s response yesterday to a video challenging strip-search machines was so weak that it acts as a virtual confession to the fact that objects can be snuck through them.

In the video, TSA strip-search objector Jonathan Corbett demonstrates how he put containers in his clothes along his sides where they would appear the same as the background in TSA’s displays. TSA doesn’t refute that it can be done or that Corbett did it in his demonstration. More at Wired’s Threat Level blog.

More than six months ago, the D.C. Circuit Court of Appeals required the Transportation Security Administration to commence a rulemaking to justify its strip-search machine/prison-style pat-down policy. TSA has not done so. The result is that the agency still does not have a sturdy security system in place at airports. It’s expensive, inconvenient, error-prone, and privacy-invasive.

Making airline security once again the responsibility of airlines and airports would vastly improve the situation, because these actors are naturally inclined to blend security, cost-control, and convenience with customer service and comforts, including privacy.

I have a slight difference with Corbett’s characterization of the problem. The weakness of body scanners does not put the public at great danger. The chance of anyone exploiting this vulnerability and smuggling a bomb on board a domestic U.S. flight is very low. The problem is that these machines impose huge costs in dollars and privacy that do not foreclose a significant risk any better than the traditional magnetometer.

Corbett is right when he urges people to “demand of your legislators and presidential candidates that they get rid of this eight billion-dollar-a-year waste known as the TSA and privatize airport security.”

Abolish the Department of Homeland Security

We’re ten years past 9/11, and over the last decade we’ve shed a number of our liberties and spent wildly to counter a terrorist threat that, as the recent model airplane plot demonstrated, isn’t existential. The bureaucratic legacy of 9/11, the Department of Homeland Security, has proven an unwieldy and pork-laden nightmare. It’s time to abolish it.

My recent policy analysis, Abolish the Department of Homeland Security, makes the case for doing so. To begin with, DHS is a management disaster by its very nature:

In creating Homeland Security, Congress lumped together 22 previously unconnected federal agencies under a new Cabinet secretary. That’s a problem, not a solution. And while members of Congress routinely clamor for consolidating Homeland Security oversight in one committee, that seems unlikely: 108 congressional committees and subcommittees oversee the department’s operations. If aggregating disparate fields of government made any sense in the first place, we long ago would have consolidated all Cabinet responsibilities under one person — the secretary of government.

Apart from the structural handicaps that DHS faces, the whole notion of “homeland security” is problematic. The “odiously Teutono/Soviet” concept trends us ever closer to a police state and is particularly prone to pork-barrel spending. As I said in my recent op-ed on the topic:

It allows politicians to wrap pork in red, white and blue in a way not possible with defense spending. Not every town can host a military installation or build warships, but every town has a police force that can use counterterrorism funds to combat gangs or a fire department that needs recruits or a new fire station.

Congress must reform its grant programs and end this wasteful spending. While we’re at it, let’s end federal funding for fusion centers, local- and state-organized intelligence cells that duplicate FBI efforts in counterterrorism and end up labeling nearly anyone who expresses political dissent as a potential terrorist, a point I made at this Capitol Hill Briefing. I’ll be speaking at another Capitol Hill Briefing with Jim Harper today on abolishing the Transportation Security Administration. More information available here.

Behavior Detection as Interrogation

With the Department of Homeland Security constantly spinning out new projects and programs (plus re-branded old ones) to investigate you, me, and the kitchen sink, it’s sometimes hard to keep up. But I was intrigued with a report that behvaior detection officers are getting another look from the Transportation Security Administration. Behavior detection is the unproven, and so far highly unsuccessful (Rittgers, Harper), program premised on the idea that telltale cues can reliably and cost-effectively indicate intent to do harm at airports.

But there’s a new behavior detection program already underway. Or is it interrogation?

Due to a bottleneck at the magnetometers in one concourse of the San Francisco airport (no strip-search machines!), I recently had the chance to briefly interview a Transportation Security Administration agent about a new security technique he was implementing. As each passenger reached him, he would begin to examine the traveler’s documentation and simultaneously ask the person’s last name. He confirmed to me that the purpose was to detect people who did not immediately, easily, and accurately respond. In thousands of interactions, he would quickly and naturally learn to detect obfuscation on the part of anyone carrying an ID that does not have the last name they usually use.

As a way of helping to confirm identity, it’s a straightforward and sensible technique. Almost everyone knows his or her last name, and quickly and easily repeats it. The average TSA agent with some level of experience will fluently detect people who do not quickly and easily repeat the name on the identity card they carry. The examination is done quickly. This epistemetric check (of a “something-you-know” identifier—see my book, Identity Crisis) occurs during the brief time that the documents are already getting visual examination.

Some people will not repeat their name consistent with custom, of course. The hard of hearing, speakers of foreign languages, people who are very nervous, people who have speech or other communication impediments, and another group of sufferers—recently married women—may exhibit “suspicious” failure to recite their recently changed surnames. Some of these anomalies TSA agents will quickly and easily dismiss as non-suspicious. Others they won’t, and in marginal cases they might use non-suspicious indicia like ethnicity or rudeness to adjudge someone “suspicious.”

The question whether these false positives are a problem depends on the sanction that attaches to suspicion. If a stutterer gets a gauntlet at the airport each time he or she fails to rattle off a name, the cost of the technique grows compared to the value of catching … not the small number of people who travel on false identification—the extremely small number of people who travel on false identification so as to menace air transportation.

We used this and closely related techniques, such as asking a person’s address or the DMV office where a license was issued, at the bar where I worked in college. It did pretty well to ferret out people carrying their older friends’ IDs. Part of the reason it worked well is because our expert doormen could quickly escalate to further inquiry, dismissing their own suspicions or denying entry to the bar very quickly. The cost of getting it wrong was to deny a person entry to the bar and sometimes possession of a license. These are relatively small costs to college students, unlike the many hours in time-costs to a traveler wrongly held up at the airport. According to my interview, suspicion generated this way at the airport requires a call to a supervisor, but I did not learn if secondary search is standard procedure, or if cases are handled some other way.

TSA agents are not doormen at bars, of course, and the subjects they are examining are not college kids out to get their drink on. These are government agents examining citizens, residents, and visitors to the United States as they travel for business and pleasure, often at high cost in dollars and time. The stakes are higher, and when the government uses a security technique like this, a layer of constitutional considerations joins the practical issues and security analysis.

I see three major legal issues with this new technique: Fourth Amendment search and seizure, the Fifth Amendment right against self-incrimination, and Due Process. When questioning joins an ID check at the airport, it’s a deepening of a search that is already constitutionally suspect. The Fifth Amendment issues are interesting because travelers are being asked to confess through their demeanor whether they are lying or telling the truth. It would seem to cross a Fifth Amendment line and the rule against forced self-incrimination. The Due Process issues are serious and fairly straightforward. When a TSA screener makes his or her judgment that a person is not responding consistent with custom and is therefore “suspicious,” these judgement calls allow the screeners to import their prejudices. Record-keeping about suspicion generated using this technique should determine whether administration of this epistemetric check violates constitutional due process in its application.

In its constant effort to ferret out terrorist attacks on air transportation, the TSA is mustering all its imagination. Its programs raise scores of risk management issues, they create constitutional problems, and they are a challenge to our tradition of constitutionally limited government. The threat that a person will use false identification to access a plane, defeating an otherwise working watch-list sytem, to execute some attack is utterly small. At what cost in dollars and American values do we attack that tiny threat?

The founding problem is the impetuous placement of federal government agents in the role of securing domestic passenger aviation. There are areas where government is integral to securing airports, airlines, and all the rest of the country—foreign intelligence and developing leads about criminal plots, for example—but the day-to-day responsibility for securing infrastructure like airports and airplanes should be the responsibility of its owners.

If the TSA were to go away, air security measures might be similar in many respects, but they would be conducted by organizations who must keep travelers happy and safe for their living. The TSA hasn’t anything like private airports’ and airlines’ incentives to balance security with convenience, privacy, cost-savings, and all other dimensions of a satisfactory travel experience. Asking people their names at airport security checkpoints is an interesting technique, and not an ineffective one, but it should probably be scrapped because it provides so little security at a relatively great cost.

TSA’s Partial Retreat From Full-Body Scans

It’s tempting to believe that the Transportation Security Administration’s move to change the software in strip-search machines is a response to the court ruling finding that it violated the law in rolling out the machines, but it’s almost surely coincidence.

The new software will show items that the software deems suspicious on a generic outline of a body rather than showing a detailed body image. The change will indeed reduce the invasiveness of the machine strip-search process. And because the image is less revealing, it can be viewed in the screening area instead of at a remote location. That means there doesn’t need to be a person dedicated to looking at denuded images of travelers. A major cost of running these machines—payroll—drops by a substantial margin.

The software will almost certainly not do as good a job of discovering hidden weapons as a human looking at a detailed image would. If it’s calibrated to over-report, TSA agents will rightly start to ignore its alerts on belt buckles and underwire bras. If it’s calibrated to under-report, well, it might fail to alert on an actual weapon or bomb. But those things are exceedingly rare, and the increased risk probably won’t make a difference.

In fact, that’s the interesting thing happening here: the TSA is allowing a small increase in risk in exchange for large gains in privacy and cost savings. The reason it took years of complaints, litigation, legislation, and other conflict is because the TSA did not analyze the risks and its responses before going forward with strip-search machines as it did. Trial-and-error isn’t costly to the government. The taxpayer fronts the money and gives up the privacy.

None of this means the TSA has now gotten the balance right. The airport security gauntlet will still be an overwrought mess and an affront to constitutional liberty. We will have to remain insistent on principle, on dignity and privacy, and on sound risk management while TSA gets a public relations bump from being less awful than it was before.

Strip-Search Machines: A Loss Seeds the Win

Last week, the D.C. Circuit Court of Appeals rejected a Fourth Amendment challenge to the Transportation Security Administration’s strip-search machine policies, but it found that the TSA violated the Administrative Procedure Act in rolling them out. Too bad that the court arrived at the Fourth Amendment issues before they were ripe.

The bulk of the decision was devoted to the TSA’s law violation in creating strip-search machine policies without doing a notice-and-comment rulemaking. That’s the procedure federal agencies are required to carry out when Congress has delegated them legislative authority. Congress did delegate such authority when it told the Department of Homeland Security to develop technologies that detect nonmetallic, chemical, biological, and radiological weapons in 2004’s Intelligence Reform and Terrorism Prevention Act.

“[T]he TSA has advanced no justification for having failed to conduct a notice-and-comment rulemaking,” the court wrote, adding that it expects the agency “to act promptly on remand to cure the defect in its promulgation.”

The TSA will likely spout “constantly changing threat environment” boilerplate to try and argue that it can avoid notice and comment under the APA’s “good cause” exception. An agency can skip notice and comment “when the agency for good cause finds … that notice and public procedure thereon are impracticable, unnecessary, or contrary to the public interest.”

But the threat environment is not “constantly changing” at the level of abstraction relevant for the strip-search machine policy—some people are out there who might try to get dangerous articles onto planes—and these machines will be in place for decades, if not permanently, under the TSA policy. They will affect the privacy and security of billions of air passenger journeys. Even if there were need for haste in rolling out the machines, nothing makes it uniquely difficult, or anything other than appropriate, for the TSA to engage in a public process to substantiate its actions.

When the TSA does a rulemaking, it will have to lay out its strip-search machine policies and—crucially—justify them. Notice-and-comment rules are subject to court review, and reversal if they are “arbitrary, capricious, an abuse of discretion, or otherwise not in accordance with law.” That is a rather low standard, but it’s a higher standard than the agency has ever met before—none at all.

The TSA will have to exhibit how its risk management supports the installation and use of strip-search machines. How did the TSA do its asset characterization (summarizing the things it is protecting)? What are the vulnerabilities it assessed? How did it model threats and hazards (actors or things animated to do harm)? What are the likelihoods and consequences of various attacks? Risk assessment questions like these are all essential inputs into decisions about what to prioritize and how to respond.

Congress dictated detection of various harmful agents, a form of interdiction. (The other responses to risk are acceptance, prevention, and mitigation.) Given the array of choices available to it, how did the TSA select strip-search machines?

Crucially, how well do strip-search machines reach the risks identified in their risk assessment? This is a cost-benefit question. How much do strip-search machines cost to purchase, maintain, and operate? The costs denominated in dollars include money spent on buying the machines, configuring airports, and paying TSA salaries to operate the machines and process passengers. Such costs also include opportunity costs imposed on travelers when the time they spend at airports lengthens to accommodate extended security screening and variable delays. Yet more costs are denominated in lost privacy and dignity to the traveler. These are substantial, though hard to quantify.

Security benefits are also hard to quantify, but the agency should do so if it is to justify its policies as something better than random or intuitive reaction. DHS and TSA officials endlessly talk about risk and risk management, but they cannot honestly say they are doing risk management if they are not thinking these issues all the way through. I’ve offered a methodology for valuing security benefits, and security experts (as well as students) have analyzed the costs and benefits of homeland security programs. The TSA can do it too.

Watch in the rulemaking for the TSA to obfuscate, particularly in the area of threat, using claims to secrecy. “We can’t reveal what we know,” goes the argument. “You’ll have to accept our generalizations about the threat being ‘substantial,’ ‘ever-changing,’ and ‘growing.’” It’s an appeal to authority that works with much of the American public, but it is not one to which courts—a co-equal branch of the government—should so easily succumb.

If it sees it as necessary, the TSA should publish its methodology for assessing threats, then create a secret annex to the rulemaking record for court review containing the current state of threat under that methodology, and how the threat environment at the present time compares to threat over a relevant part of the recent past. A document that contains anecdotal evidence of threat is not a threat methodology. Only a way of thinking about threat that can be (and is) methodically applied over time is a methodology.

With this information in hand, a court would not only be ready to assess the TSA’s rule under the Administrative Procedure Act’s “arbitrary and capricious” standard. It would be ready to assess the reasonableness of the TSA’s strip-search machines and procedures under the Fourth Amendment.

Without that information, the D.C. Circuit plugged the strip-search machines into the strangely incoherent “administrative search” exception to the Fourth Amendment. In two pages of analysis (out of the opinion’s seventeen), the court found that strip-search machines are administrative “because the primary goal is not to determine whether any passenger has committed a crime but rather to protect the public from a terrorist attack.”

Come again?

It seems the court could have taken judicial notice that terrorist attacks are carried out through one or more criminal behaviors. People who have weapons or other dangerous articles at airport checkpoints are subject to arrest and prosecution. Crime control and public protection are one in the same, even in counterterrorism.

The “administrative search” exception to the Fourth Amendment seems to rest on the willingness of a court to abstract away the fact that individuals are prevented from proceeding where they would go (seized) while their persons, papers, and effects are rummaged (searched) for the purpose of discovering violations of the criminal laws. Earlier in the opinion, in fact, the court mocked the idea that the TSA might not “engage in ‘law enforcement, correctional, or intelligence activity.’” It surely does. This is not “administrative.” It’s criminal law enforcement.

Perhaps with a full record—a notice-and-comment rulemaking with a docket full of information and analysis—the D.C. Circuit and other courts will have the opportunity to revisit whether the TSA’s strip-search machine policies are constitutionally reasonble, or whether they’re unexamined reaction. Last week’s “loss” on the Fourth Amendment issue sets the stage for sounder thinking on the strip-search machine policy.

All of this would be obviated, of course, if airline security were restored to private hands.