Apparently, the TSA is considering a system to figure out who is a "trusted traveler," and then give them special VIP security lanes that will be less annoying and less intrusive. They may also treat different flights differently, such that "low risk" flights may not require the same level of scrutiny. While there is some wisdom in recognizing higher risk targets and lower risk targets and treating them differently, it does make you wonder if moves like this only make those "low risk" flights more of a target -- and make "trusted travelers" equally targeted. Of course, it also raises questions about what the TSA considers a "trusted" traveler, what data they collect on those flyers and how they guarantee that the info is kept private.

Ah, the TSA. Apparently among the "behavioral factors" that the TSA uses in determining who might be a criminal or a terrorist is... if you complain about the TSA. I guess that means I'm in line for some extra scrutiny. Honestly, though, this sounds a lot more like punitive action against people who complain, rather than a legitimate characteristic of someone who deserves extra scrutiny. Specifically, one of the factors is if someone is:

"Very arrogant and expresses contempt against airport passenger procedures."

An ACLU person quoted in the article wonders if this violates the First Amendment, in that it's going after someone for expressing their opinion:

"Expressing your contempt about airport procedures -- that's a First Amendment-protected right," said Michael German, a former FBI agent who now works as legal counsel for the American Civil Liberties Union. "We all have the right to express our views, and particularly in a situation where the government is demanding the ability to search you."

"It's circular reasoning where, you know, I'm going to ask someone to surrender their rights; if they refuse, that's evidence that I need to take their rights away from them. And it's simply inappropriate," he said.

Honestly, you'd have to think that a real terrorist or criminal, hoping to avoid calling attention to themselves, wouldn't be openly hostile to the search procedure, but would try to be quiet and blend in. Perhaps the TSA will defend this latest ridiculousness by saying it's all okay because it's standard operating procedure.

Julian Sanchez points us to the news that a district court judge has rejected an attempt by the privacy-rights group EPIC to force Homeland Security to release some 2,000 full body scans from the TSA's new airport scanners. EPIC has been suing to get the new scanners banned, saying that the machines violate both the Fourth Amendment (unreasonable searches) and the Administrative Procedures Act, which requires a public review of such plans before the government can implement them.

The group had filed a Freedom of Information Act for a variety of information about the scanners a while back, and while Homeland Security provided some documents, it withheld 2,000 test images that were done with volunteers. EPIC then went to court, but the judge claimed that the government has no obligation to hand over such info, and that providing such info could "provide terrorists and others with increased abilities to circumvent detection by TSA and carrying threatening contraband onboard..." In other words, the judge buys into the TSA's strategy of security by obscurity.

Frankly, if it's really true that releasing some images of what these scans look like make it possible for terrorists to beat these machines, then these machines are clearly useless. The TSA is delusional if it thinks that terrorists can't get their hands on these kinds of images. If the machine is so weak that having some images teaches you how to beat it, then the machine shouldn't be used in the first place.

With the new TSA naked scanners getting so much attention late last year, a number of different folks started offering up special clothing to wear while going through the scanners. My favorite might be the undergarments with the 4th Amendment printed in metallic ink, so that whoever is viewing the scan can see the "message" left for them. Others apparently created special "flying pasties" (possibly NSFW). While it looks like those "stickers" to put over your private parts didn't actually have anything in them to block the scanner (making them something of a scam), it appears the TSA is warning anyone who might think of wearing scanner resistant clothing. Consumerist points us to a blog post from the TSA, in which they warn anyone who plans to wear such clothing that might "conceal sensitive areas," that it will only mean that you're more likely to get groped.

So basically, passengers should be aware that the use of these types of products will likely result in a pat-down. Some might think this is TSA's way of getting back at clever passengers. That's not the case at all. It's just security.

We're certainly not going to tell you what you should or shouldn't buy or wear, but I feel it's only fair to give you a heads up on your choice of attire.

Seems a bit high on the passive-aggressive scale.

BackPackAdam alerts us to the news that a pilot in California is being disciplined by the TSA because he dared to film a video highlighting problems with security at San Francisco International Airport (SFO). The pilot himself was a Flight Deck Officer (FDO) and authorized to carry a gun on board of flights... but within days of him posting the videos to YouTube, he was met by four federal air marshals and two sheriff's deputies at his house, who ordered him to hand over his gun and to hand over his state-issued permit to carry a concealed weapon. He has since been informed that the TSA is reviewing his situation for possible disciplinary measures. The whole thing is pretty ridiculous. All he was doing was highlighting problems with the system (specifically pointing out how pilots have to go through the full security procedure -- even though he's allowed to carry a gun and a weird axe thing onboard, while ground crew can get through security with just the swipe of a card). The guy was highlighting flaws in the system -- classic whistleblowing, but rather than fix the system, the message from the TSA is clear: if you point out flaws in our system, we'll take it out on you. It's classic shoot-the-messenger behavior. The guy says he doesn't regret what he did, but does seem a bit surprised that rather than responding to the problems, the feds seem to be coming after him.

We've heard the various stories of folks getting weapons past the TSA's new scanners -- such as Adam Savage's famous video from earlier this year, or the more recent report of a guy getting past the scanners with a 6" hunting knife. Both of those stories appeared to just be about the bag scanners missing stuff on the conveyor belt. But what about the new backscanner x-ray machines? Well, Jay points us to some new research by two UCSF professors that indicates getting dangerous weapons or explosives past the new machines isn't that hard. They look at how the machines work and the various images currently out there, as well as their understanding of x-ray technology, and point out that since the x-rays need to pass through your body, if you flattened out some plastic explosives, they probably won't be noticed, or if you just put the weapon on your side the new machines probably won't spot them:

It is very likely that a large (15–20 cm in diameter), irregularly-shaped, cm-thick pancake with beveled edges, taped to the abdomen, would be invisible to this technology, ironically, because of its large volume, since it is easily confused with normal anatomy. Thus, a third of a kilo of PETN, easily picked up in a competent pat down, would be missed by backscatter "high technology". Forty grams of PETN, a purportedly dangerous amount, would fit in a 1.25 mm-thick pancake of the dimensions simulated here and be virtually invisible. Packed in a compact mode, say, a 1 cm×4 cm×5 cm brick, it would be detected.

The images are very sensitive to the presence of large pieces of high Z material, e. g., iron, but unless the spatial resolution is good, thin wires will be missed because of partial volume effects. It is also easy to see that an object such as a wire or a boxcutter blade, taped to the side of the body, or even a small gun in the same location, will be invisible. While there are technical means to mildly increase the conspicuity of a thick object in air, they are ineffective for thin objects such as blades when they are aligned close to the beam direction.

Feeling safer? Once again, this isn't to say that there shouldn't be a security screening process, but if we have to go through all this trouble, shouldn't we at least have a system that is at least somewhat effective?

While we've been highlighting the absolutely ridiculous responses by the US government to both the terrorism threat to airlines and the Wikileaks situation, it should be noted (thankfully!) that not everyone in the US government is overreacting, and there are some clear signs of sanity.

First up, we have Aaron Farnham pointing us to Defense Secretary Robert Gates' response to the Wikileaks disclosure of diplomatic cables, that seems to take a much more rational view:

But let me -- let me just offer some perspective as somebody who's been at this a long time. Every other government in the world knows the United States government leaks like a sieve, and it has for a long time. And I dragged this up the other day when I was looking at some of these prospective releases. And this is a quote from John Adams: "How can a government go on, publishing all of their negotiations with foreign nations, I know not. To me, it appears as dangerous and pernicious as it is novel." . . .

Now, I've heard the impact of these releases on our foreign policy described as a meltdown, as a game-changer, and so on. I think -- I think those descriptions are fairly significantly overwrought. The fact is, governments deal with the United States because it's in their interest, not because they like us, not because they trust us, and not because they believe we can keep secrets.

Many governments -- some governments deal with us because they fear us, some because they respect us, most because they need us. We are still essentially, as has been said before, the indispensable nation. So other nations will continue to deal with us. They will continue to work with us. We will continue to share sensitive information with one another. Is this embarrassing? Yes. Is it awkward? Yes. Consequences for U.S. foreign policy? I think fairly modest.

The full statement has even more details, where he talks about better information sharing. Given some of the responses from others inside and outside the government, it's nice to see someone like Secretary Gates (who has been quite critical of Wikileaks in the past), come out with a more reasoned response (though it has received almost no press coverage).

Similarly, Wired has an article highlighting how Michael Leiter, the director of the National Counterterrorism Center, is speaking more reasonably about anti-terrorism efforts and security as well, noting (as we have in the past) that "perfect security" is an impossible goal that is, itself, damaging to security.

He points out that the US appears to be playing right into Al Qaeda's hands by playing up each failed terrorist attempt and then overreacting to it, noting that (like internet trolls), a better response might be to just ignore them publicly, while continuing to do things quietly on the back end to protect the country.

I don't agree with everything he had to say, but given how many frustrating responses we've seen from government officials on both of these issues over the last few weeks, it's worth pointing out that not everyone is responding that way.

I really haven't talked much (at all) about the "safety" concerns over the TSA's X-ray scanner devices, because a lot of it did seem like overreactions from people who didn't really know what they were talking about. However, there does appear to be increasingly credible claims from scientists that, at the very least, what the government is saying about these machines is not at all accurate. Keith Dawson points us to a blog post by Molecular Biologist Jason Bell, reviewing the literature on these devices and comparing it to questions sent by a group of scientists at UCSF, and suggesting (at best) that the government is being misleading in its claims about the safety of the devices. Here's just a snippet:

With respect to errors in the safety reports and/or misleading information about them, the statement that one scan is equivalent to 2-3 minutes of your flight is VERY misleading. Most cosmic radiation is composed of high energy particles that passes right through our body and the plane itself without being absorbed. The spectrum that is dangerous is known as ionizing radiation and most of that is absorbed by the hull of the airplane. So relating non-absorbing cosmic radiation to tissue absorbing man-made radiation is simply misleading and wrong. Of course these are related and there is over-lap, but we have to compare apples to apples.

Furthermore, when making this comparison, the TSA and FDA are calculating that the dose is absorbed throughout the body. According the simulations performed by NIST, the relative absorption of the radiation is ~20-35-fold higher in the skin, breast, testes and thymus than the brain, or 7-12-fold higher than bone marrow. So a total body dose is misleading, because there is differential absorption in some tissues. Of particular concern is radiation exposure to the testes, which could result in infertility or birth defects, and breasts for women who might carry a BRCA1 or BRCA2 mutation.

The report also notes that while the UCSF team was made up of well-known and well-respected scientists, the TSA's response included no author credits, and there's no indication that it was written by any actual doctors or scientists. I'm still not convinced the medical concerns are that big of a deal (well, perhaps for TSA agents stationed near the devices...), but it is a bit troubling that the TSA isn't being particularly forthcoming on this stuff.

Law professor Jeffrey Rosen has an excellent analysis of why the TSA's new searches are unconstitutional. He notes that, even if the majority of people aren't too bothered by the searches, that doesn't change the fact that they appear to be illegal. This is even though the courts have generally been quite deferential to the government when it comes to claims of "national security" in doing things like preventing terrorism. He notes that, while the Supreme Court has not heard such a case, there are various appeals court rulings that set the standards for such searches:

the U.S. Court of Appeals for the 9th Circuit ruled in 2007, that "a particular airport security screening search is constitutionally reasonable provided that it 'is no more extensive nor intensive than necessary, in the light of current technology, to detect the presence of weapons or explosives.' "

In a 2006 opinion for the U.S. Court of Appeals for the 3rd Circuit, then-Judge Samuel Alito stressed that screening procedures must be both "minimally intrusive" and "effective" - in other words, they must be "well-tailored to protect personal privacy," and they must deliver on their promise of discovering serious threats. Alito upheld the practices at an airport checkpoint where passengers were first screened with walk-through magnetometers and then, if they set off an alarm, with hand-held wands. He wrote that airport searches are reasonable if they escalate "in invasiveness only after a lower level of screening disclose[s] a reason to conduct a more probing search."

Of course, as Rosen notes, the new searches do not pass that test by a long shot. He also points out that an analysis of the machines suggests that -- despite claims to the contrary by the TSA -- new research shows that last year's underwear bomber would not have been caught with these machines, which suggests that such machines are not "effective" under the above basic definition. Perhaps the Supreme Court will finally weigh in on this topic... though, by the time it reaches that level, the TSA will probably have moved on to even more ridiculous security theater practices.

As the complaints against the TSA ratchet up, various people are finally starting to point out why the whole concept of security theater is a farce. The entire setup is based on the idea that you can have "perfect security." But, if you wanted perfect security, the only way to do that is to not let anyone fly, ever. As James Fallows notes it doesn't make much sense to "spend limitlessly toward the impossible end of reducing the risk to zero." As he notes:

Every society accepts some risks as part of its overall social contract. People die when they drive cars, they die when they drink, they die from crime, they die when planes go down, they die on bikes. The only way to eliminate the risks would be to eliminate the activities -- no driving, no drinking, no weapons of any kind, no planes or bikes. While risk/reward tradeoffs vary between, say, Sweden and China, no nation accepts the total social controls that would be necessary to eliminate risk altogether.

Yet when it comes to dealing with terrorism, politicians know that they will not be judged on the basis of an "acceptable level of risk." They know that they can't even use that term when discussing the issue. ("Senator Flaccid thinks it's 'acceptable' for terrorists to blow up planes. On Election Day, show him that politicians who give in to terror are 'unacceptable' to us.") And they know for certain that if -- when -- a plane blows up with Americans aboard, then cable news, their political opponents, Congressional investigators, and everyone else will hunt down any person who ever said that any security measure should be relaxed.

This is the political tragedy of "security theater."

Along those lines, the Unqualified Offerings blog (via Julian Sanchez) does a nice job explaining how the incentives line up to create this ridiculous situation. Basically, he notes that a terrorist attack on an airplane will happen. Some day. No matter what we do to try to prevent it. But once that happens, the response is going to be obvious: those who pushed hard for more ridiculous security theater that wasn't implemented will keep their jobs and retain power. Those who pushed for more reasonable solutions will be vilified.

100% success is usually impossible in the real world. Given that eventually, one way or another, a terrorist will almost certainly take down a plane, the only question that management has to ask itself is what position they want to be in when that happens. And that answer is simple: Safe in their jobs, and poised to inherit a bigger budget.

And that's why we get security theater.

The goal isn't so much actual safety. After all, as Jim Harper notes, if you look at the actual "risk" of a terrorist attack on an airplane today, it's pretty close to zero. But the whole process is built around trying to bring it all the way to zero, which is an impossibility, but leads to ridiculous extremes. And, he notes, this is exactly how the terrorists planned it:

This is apostasy in Washington -- where the political imperative is zero risk. But risk is a reality of life. We take risks when we drive, when we walk across a street and when we go to the fridge for that two-day-old slice of pizza.

This illusory quest for zero risk helps terrorism achieve its goals. As news of "Operation Hemorrhage" -- smaller, low-cost attacks aimed to disrupt commerce and stoke fears -- demonstrates clearly, terrorism works by inducing target states to overreact. That's the only mode terrorists have for affecting major powers like the United States.

We've been nothing if not a patsy to their strategy. The element of surprise, central to terrorism, forces us to defend everything against every mode of attack -- a logic that naturally bleeds us.