Well this is very disappointing. My own Congressional Representative, has put forth a bill, HR 3140 to expand TSA info sharing capabilities to mass transit. Because that's just what we need. Even worse, in speaking about it, Speier doesn't seem to even recognize that there's a problem with the TSA at airports, and seems to assume that it's just obvious that everything's great with airport security:
"We have put in place through TSA a very elaborate system [in airports]. We all go through those metal detectors and those secondary searches. And we've put a lot of focus on the airlines for good reason. But we have neglected the mass transit components, generally speaking," she said.
Speier said 2 million people fly each day, compared with more than 5 million who ride the subway each day in New York City alone. She pointed out that the most recent terrorist attacks have been on mass transit. Also, when U.S. Special Forces raided Osama Bin Laden's compound last year, intelligence gathered revealed the next attack was intended for mass transit.
"The writing is on the wall. We need to be better prepared than we are right now," Speier said.
I'm all for keeping trains safe from terrorists. I ride on trains all the time -- including a Caltrain that has been named after Jackie Speier (I'm not joking). But any approach that suggests the current TSA efforts are somehow reasonable and should be expanded -- without even offering any evidence that this is true -- is a serious mistake.
The House Oversight Committee has come out with a report slamming the TSA for tremendous amounts of waste, specifically in the "deployment and storage" of its scanning equipment. Basically, it sounds like the TSA likes to go on giant spending sprees, buying up security equipment and then never, ever using it. A few data points
As of February 15, 2012, the total value of TSA’s equipment in storage was, according to TSA officials, estimated at $184 million. However, when questioned by Committee staff, TSA’s warehouse staff and procurement officials were unable to provide the total value of equipment in storage.
Committee staff discovered that 85% of the approximately 5,700 major transportation security equipment currently warehoused at the TLC had been stored for longer than six months; 35% of the equipment had been stored for more than one year. One piece of equipment had been in storage more than six years – 60% of its useful life.
As of February 2012, Committee staff discovered that TSA had 472 Advanced Technology 2 (AT2) carry-on baggage screening machines at the TLC and that more than 99% have remained in storage for more than nine months; 34% of AT2s have been stored for longer than one year.
TSA knowingly purchased more Explosive Trace Detectors (ETDs) than were necessary in order to receive a bulk discount under an incorrect and baseless assumption that demand would increase. TSA management stated: “[w]e purchased more than we needed in order to get a discount.”
Oh yeah, and it appears that the TSA isn't very good at tracking this stuff. When asked about the total cost of managing this equipment, the TSA was unable to provide an answer. And then it appeared to willfully mislead Congress about this:
TSA intentionally delayed Congressional oversight of the Transportation Logistics Center and provided inaccurate, incomplete, and potentially misleading information to Congress in order to conceal the agency’s continued mismanagement of warehouse operations.
TSA willfully delayed Congressional oversight of the agency’s Transportation Logistics Center twice in a failed attempt to hide the disposal of approximately 1,300 pieces of screening equipment from its warehouses in Dallas, Texas, prior to the arrival of Congressional staff.
TSA potentially violated 18 U.S.C. Sec. 1001, by knowingly providing an inaccurate warehouse inventory report to Congressional staff that accounted for the disposal of equipment that was still in storage at the TLC during a site visit by Congressional staff.
TSA provided Congressional staff with a list of disposed equipment that falsely identified disposal dates and directly contradicted the inventory of equipment in the Quarterly Warehouse Inventory Report provided to Committee staff on February 13, 2012.
One of the theories that was floated a few years ago when there was that big rush to rollout the nudie scanners, was that much of it was being driven by fear mongering from former government officials, like Michael Chertoff, who had economic relationships with the makers of the equipment. This report doesn't confirm any of that, but it sure seems to fit that narrative pretty perfectly. Fear monger away, have the TSA buy a ton of questionable equipment it doesn't actually need, and then have much of that equipment just sit in a warehouse. All on the taxpayers' dime.
A leaked internal report by Homeland Security has revealed what most people already knew: that its new (expensive) nudie scanners have vulnerabilities that could let things through. This is hardly a surprise. We've written about previous claims including a pretty detailed research report highlighting the vulnerabilities. In fact, it seems pretty crazy that the TSA is finally starting to take notice now. What's really the most galling, of course, is that plenty of people have been pointing out these kinds of vulnerabilities for a while and the TSA did nothing. It's just that now, as the vulnerabilities are finally getting press attention, that the TSA starts to pretend to take these things seriously, rather than admitting the truth: they're there for show more than anything else.
from the who-replaced-kip-hawley-with-bruce-schneier dept
Just a few weeks ago, we wrote about noted TSA-critic and security expert (among other things) Bruce Schneier debating former TSA boss Kip Hawley over at the Economist. While that debate was interesting, you might be forgiven for reading a WSJ piece written by Hawley and wondering if Hawley wasn't secretly replaced by Schneier. In the article, Hawley admits that the TSA screening process is ridiculously broken, and even makes a few statements that are almost word for word repeats of criticism Schneier has directed in the TSA's direction for years. Here's a snippet:
More than a decade after 9/11, it is a national embarrassment that our airport security system remains so hopelessly bureaucratic and disconnected from the people whom it is meant to protect. Preventing terrorist attacks on air travel demands flexibility and the constant reassessment of threats. It also demands strong public support, which the current system has plainly failed to achieve.
The crux of the problem, as I learned in my years at the helm, is our wrongheaded approach to risk. In attempting to eliminate all risk from flying, we have made air travel an unending nightmare for U.S. passengers and visitors from overseas, while at the same time creating a security system that is brittle where it needs to be supple.
Any effort to rebuild TSA and get airport security right in the U.S. has to start with two basic principles:
First, the TSA's mission is to prevent a catastrophic attack on the transportation system, not to ensure that every single passenger can avoid harm while traveling. Much of the friction in the system today results from rules that are direct responses to how we were attacked on 9/11. But it's simply no longer the case that killing a few people on board a plane could lead to a hijacking. Never again will a terrorist be able to breach the cockpit simply with a box cutter or a knife. The cockpit doors have been reinforced, and passengers, flight crews and air marshals would intervene.
Second, the TSA's job is to manage risk, not to enforce regulations. Terrorists are adaptive, and we need to be adaptive, too. Regulations are always playing catch-up, because terrorists design their plots around the loopholes.
All of that sounds good... but why wasn't that the way the TSA acted under Hawley's 3.5 year tenure at the helm? As he explains it, some of it was merely giant bureaucratic institutional momentum. Some of it was political. Some of it was his own fault. Basically, there were a number of reasons -- not all of which are particular convincing for the public that's sick of the TSA, something that Hawley admits. While he does say that there are some things that make more sense than people realize (for example, he says that there are more reasons for requiring people to take off their shoes than people realize), there are other things that he admits are pretty stupid, such as the liquid restrictions. He notes that there are plans on someone's desk (which existed while he was at the TSA) that would allow people to bring the liquids they wanted -- basically by setting up separate lines for those bringing larger volumes of liquids, which can be scanned with relative ease with a software upgrade.
In the end, he suggests a few key changes to the TSA process to improve not just the airport experience, but also the safety of flying. And he notes all of these could be implemented in a matter of months if the TSA wanted to do it:
1. No more banned items: Aside from obvious weapons capable of fast, multiple killings—such as guns, toxins and explosive devices—it is time to end the TSA's use of well-trained security officers as kindergarten teachers to millions of passengers a day. The list of banned items has created an "Easter-egg hunt" mentality at the TSA. Worse, banning certain items gives terrorists a complete list of what not to use in their next attack. Lighters are banned? The next attack will use an electric trigger.
2. Allow all liquids: Simple checkpoint signage, a small software update and some traffic management are all that stand between you and bringing all your liquids on every U.S. flight. Really.
3. Give TSA officers more flexibility and rewards for initiative, and hold them accountable: No security agency on earth has the experience and pattern-recognition skills of TSA officers. We need to leverage that ability. TSA officers should have more discretion to interact with passengers and to work in looser teams throughout airports. And TSA's leaders must be prepared to support initiative even when officers make mistakes. Currently, independence on the ground is more likely to lead to discipline than reward.
4. Eliminate baggage fees: Much of the pain at TSA checkpoints these days can be attributed to passengers overstuffing their carry-on luggage to avoid baggage fees. The airlines had their reasons for implementing these fees, but the result has been a checkpoint nightmare. Airlines might increase ticket prices slightly to compensate for the lost revenue, but the main impact would be that checkpoint screening for everybody will be faster and safer.
5. Randomize security: Predictability is deadly. Banned-item lists, rigid protocols—if terrorists know what to expect at the airport, they have a greater chance of evading our system.
I think it's reasonable to criticize him for not doing more to get these changes in place while he was still in charge, but at least he's speaking out now. One key point in all of this, which often goes unnoted in the discussions of security theater, is that it often makes us less safe by the incentives it creates for TSA scanners. Above, one of his suggestions is to get rid of banned items, because of the "easter-egg hunt." As he notes elsewhere in the article, one of the problems with today's system is that agents become so focused on finding the specific "banned items" that they miss real threats. He relates the story of a test where agents were so focused on finding cigarette lighters that they missed bomb parts packed in the same bag around the lighter.
Of course, the problem in actually getting Hawley's ideas implemented remains the biggest hurdle. As much as the public hates the TSA screening process, no one is willing to make a change like this, because when an attack inevitably gets through (as it would with or without today's procedures), then the "new" security screening process will inevitably be blamed. As such, whoever agreed to put in place such a security regime would inevitably be sacrificed for "failing" in his or her job. So, you shouldn't necessarily expect any significant changes any time soon. Instead, it'll be yet another showing of traditional security theater... for old time's sake.
I used to travel with both a laptop and a netbook. More recently, I've usually traveled with a laptop and a tablet. I always took both the laptop and netbook out when I went through airport security, assuming that was required. Also, remembering reports that were written when the iPad first came out, I also take my tablet out and dutifully place it in a separate bin. The last time I went through the airport, a TSA agent told me (for the first time) that I don't actually need to take out the tablet, but she still thanked me for doing so. I may continue to do so, just to avoid any further hassle, but it turns out that the rules for what devices you need to take out, and what you don't, are ridiculously opaque. And, in fact, I probably never had to take out that netbook in the first place, though I wouldn't have put it past the TSA agents to force me to do so anyway if I hadn't.
Matt Richtel, at the NY Times, tries to get to the bottom of the weird rules for what devices come out and which don't and mostly comes up empty. He got curious after a similar experience, in which he was told his iPad could stay in his bag. The TSA insisted it had its reasons, but wouldn't tell him. Other security experts had some guesses, but no solid reasons. Then, there's the TSA's famous Blogger Bob. Oddly, Richtel and the NY Times apparently don't know how to do this amazingly cool HTML trick of "linking" (guys, it's 2012, get with the program), but Richtel quotes two TSA Blogger Bob posts, which I will link to here, finding them myself using another modern digital tool: the search engine. The first one says that smaller devices can stay in your bag:
Electronic items smaller than the standard sized laptop should not need to be removed from your bag or their cases. It’s that simple.
It’s important to remember, however, that our officers are trained to look for anomalies to help keep air travel safe, and if something needs a closer look, it will receive secondary screening. The key to avoiding bag searches is keeping the clutter down. The less clutter you have in your bag, the less likely it will be searched.
Only electronics the size of a standard laptop or larger (for example Playstation®, Xbox®, or Nintendo®), full-size DVD players, and video cameras that use video cassettes must be removed from their carrying cases and submitted separately for x-ray screening. Removing larger electronics helps us get a better look at them and also allows us to get a better look at the contents of your bag
That explains the what, but not the why. It also, once again, makes me think that it's often a safer bet to just remove, rather than give the TSA any reason to delay you. The second post is slightly more bizarre, in that it seems to suggest that there's a screen-size cutoff:
So with those rules in mind, the 11” model of the MacBook Air is fine to leave in your bag, and the 13” model must be removed prior to X-ray screening. Unless of course you own one of the "Checkpoint friendly" laptop bags... Keep in mind that even though you’ve done everything right, our officers are trained to look for anomalies and the need may arise to take a closer look at your gadget.
I hope this clears things up.
Got it? 11" screens? Leave 'em in your bag. 13"? Take 'em out. 12"? Well, are you feeling lucky?
I am curious, however, how many people actually have tried to go through TSA security with an 11" or smaller screen on a computer... and made it through without having to pull the device out of your bag. I can't imagine that most average TSA agents know this amazing 12" rule.
Either way, Richtel tries to parse the language to figure out why there's a screen size cutoff, and still comes up empty. Finally, he talks to an anonymous "security expert," who actually worked on "related issues with the Department of Homeland Security." That guy admitted what we all pretty much suspected all along:
He said that the laptop rule is about appearances, giving people a sense that something is being done to protect them. “Security theater,” he called it.
Richtel makes it sound like "security theater" is a new term, which it's not. But, either way, it's nice to get confirmation, yet again, that the whole thing is a joke. But, in the end, it doesn't matter, because rather than deal with security delaying you from catching your flight, it's still probably going to be easier to take everything out and put them all in individual bins.
Security expert Bruce Schneier has been debating the former TSA boss, Kip Hawley, over at The Economist, concerning aviation security. The argument has gone on pretty much as expected, but Schneier's closing argument, in which he details the very real cost of the TSA's security theater, is fantastic. First, he does a brilliant job dismantling Hawley's "you just have to trust us that we know what we're doing" line:
Kip Hawley doesn’t argue with the specifics of my criticisms, but instead provides anecdotes and asks us to trust that airport security—and the Transportation Security Administration (TSA) in particular—knows what it’s doing.
He wants us to trust that a 400-ml bottle of liquid is dangerous, but transferring it to four 100-ml bottles magically makes it safe. He wants us to trust that the butter knives given to first-class passengers are nevertheless too dangerous to be taken through a security checkpoint. He wants us to trust the no-fly list: 21,000 people so dangerous they’re not allowed to fly, yet so innocent they can’t be arrested. He wants us to trust that the deployment of expensive full-body scanners has nothing to do with the fact that the former secretary of homeland security, Michael Chertoff, lobbiesfor one of the companies that makes them. He wants us to trust that there’s a reason to confiscate a cupcake (Las Vegas), a 3-inch plastic toygun (London Gatwick), a purse with an embroidered gun on it (Norfolk, VA), a T-shirt with a picture of a gun on it (London Heathrow) and a plastic lightsaber that’s really a flashlight with a long cone on top (Dallas/Fort Worth).
At this point, we don’t trust America’s TSA, Britain’s Department for Transport, or airport security in general. We don’t believe they’re acting in the best interests of passengers. We suspect their actions are the result of politicians and government appointees making decisions based on their concerns about the security of their own careers if they don’t act tough on terror, and capitulating to public demands that “something must be done”.
From there, he notes that the TSA's ridiculous security theater, for which no evidence has been provided to show it actually keeps us safer, has very real "costs" to the public:
In 2004, the average extra waiting time due to TSA procedures was 19.5minutes per person. That’s a total economic loss—in –America—of $10 billion per year, more than the TSA’s entire budget. The increased automobile deaths due to people deciding to drive instead of fly is 500 per year. Both of these numbers are for America only, and by themselves demonstrate that post-9/11 airport security has done more harm than good.
The current TSA measures create an even greater harm: loss of liberty. Airports are effectively rights-free zones. Security officers have enormous power over you as a passenger. You have limited rights to refuse a search. Your possessions can be confiscated. You cannot make jokes, or wear clothing, that airport security does not approve of. You cannot travel anonymously. (Remember when we would mock Soviet-style “show me your papers” societies? That we’ve become inured to the very practice is a harm.) And if you’re on a certain secret list, you cannot fly, and you enter a Kafkaesque world where you cannot face your accuser, protest your innocence, clear your name, or even get confirmation from the government that someone, somewhere, has judged you guilty. These police powers would be illegal anywhere but in an airport, and we are all harmed—individually and collectively—by their existence.
It's an excellent point, and one that is frequently overlooked. He notes that the increased fear created by such measures is exactly what terrorists wanted. He also points out that if we took the money being wasted on security theater today and actually applied it to "investigation, intelligence and emergency response," it would be a lot more effective. But that requires coming to terms with a politically inconvenient fact: that 100% safety is an impossible goal, and striving for it has tremendous costs, many of which simply aren't worth it.
If you read this site, you probably already know who Bruce Schneier is. We've certainly mentioned the longtime security expert plenty of times. He's been one of the leading vocal critics of "security theater" from the TSA, and therefore a perfectly reasonable counterpoint to the TSA in a hearing by the House Oversight Committee looking into TSA reform. I don't think anyone has thought quite as much about how the TSA could do things better than Bruce Schneier. But, as you can see from the website of the hearing, Schneier was removed from today's hearing:
On Friday, at the request of the TSA, I was removed from the witness list. The excuse was that I am involved in a lawsuit against the TSA, trying to get them to suspend their full-body scanner program. But it's pretty clear that the TSA is afraid of public testimony on the topic, and especially of being challenged in front of Congress. They want to control the story, and it's easier for them to do that if I'm not sitting next to them pointing out all the holes in their position. Unfortunately, the committee went along with them.
As Tim Lee notes in reporting on this story, the TSA has done similar things in the past, and even been rebuked by Rep. Jason Chaffetz -- and yet it had no problem doing it again. The fact that Schneier is a part of that lawsuit is meaningless and shouldn't stop him from testifying at all. Schneier is a clear thorn in the side of the TSA, and if it's so afraid of having him speak to Congress, that really says a lot about the (lack of) confidence it has in its own arguments. If you can't stand to let a critic speak, it suggests that perhaps your own argument isn't very strong.
So, a video made by a TSA-critic and blogger named Jonathan Corbett has been making the viral video rounds, supposedly showing how "anyone can get anything past the TSA's scanners." Now, I've been a hugecritic of the TSA's scanners and the TSA itself. I think the entire security process is a joke and a form of security theater. I think the naked scanners are a huge waste of taxpayer money and potentially dangerous. But... I'm somewhat surprised at how quickly people just believed what was said in Corbett's video. You can watch the video here:
First off, I was surprised to hear that the "revelation" was that by putting something on your side, the machines wouldn't notice it. That's not a revelation at all. It was one of the conclusions that came out in a research report published in 2010, which got a fair amount of publicity at the time. Among various vulnerabilities for the scanners, the report noted:
The images are very sensitive to the presence of large pieces of high Z material, e. g., iron, but unless the spatial resolution is good, thin wires will be missed because of partial volume effects. It is also easy to see that an object such as a wire or a box- cutter blade, taped to the side of the body, or even a small gun in the same location, will be invisible. While there are technical means to mildly increase the conspicuity of a thick object in air, they are ineffective for thin objects such as blades when they are aligned close to the beam direction.
In other words, strap a knife to your side, and perhaps the machine won't spot it. We heard that years ago. So, nothing new here.
Plus, I'm pretty sure that the machines now take images from multiple angles, which would rule out this vulnerability. On top of that, Corbett bases his claim on a couple of sample images that are black and white -- and uses that to claim that a black object on your side will not show up against the black background. Once again, I'm pretty sure his info is now completely out of date. The TSA has been upgrading the scanners so they no longer show the "nude" picture. Just last month we showed an image of what the new machines show:
And they show this in public, since there's no more nudity to contend with. Notice that there's a white background... and it's not a scan anyway, but a detector system that highlights points to check out.
Now, it is true that Corbett was able to get through the machines with a metallic box in his side pocket, and that's his proof. He does this twice. While, again, I'm not impressed by the machines, I don't think this is "proof" in the sense that Corbett believes. First of all, official tests show that there's a ridiculously high error rate with these machines -- they let through "bad stuff" all the time. So, I agree with Corbett that the machines are a complete waste and should be done away with, but I don't think one guy going through the scanners twice without getting stopped for a little metallic box in his pocket... is absolute proof that anyone can get through without getting stopped.
Of course, it seems worth pointing out that a metal box is not a dangerous object, and the point of the machines (so we're told) is to stop threatening objects from getting through -- not just metallic objects. So it's possible that the TSA agents saw this thing in his pocket and immediately saw that it wasn't something dangerous. Corbett's test was whether or not the scanners detect metal. But they're not metal detectors, so the test itself is flawed.
So, while I don't agree with the TSA's response to this video in which "Blogger Bob" somewhat angrily snaps back about how important TSA scanning is, I don't think Corbett's claims are that convincing and I'm surprised at how much press it's been generating. Yes, the scanners are probably pointless, and it's all security theater, but that doesn't mean we should all stop thinking through the details on videos that potentially show some weaknesses in these machines.
The TSA apparently has heard enough of various claims that its agents have been giving... um... "special attention" to attractive women making their way through airport security, and has issued a clear denial that the TSA ever focuses on looks, rather than security. In the specific case they're discussing, in which a woman claimed that she was forced to go through a body scanner three times, the TSA says that it happened so long ago that there aren't any specifics to go on. However, it does note that the machines at that airport are not the infamous "nudie scanners" but rather the newer machines that don't show a person's direct scan (and that these images are viewable by the person being scanned):
It does seem likely that the TSA is correct that the claims of this woman being put through a scanner for prurient purposes may have been exaggerated, but that doesn't mean that attractive people aren't necessarily called out for extra attention. The TSA categorically denies this possibility, but how would it know? It's not like TSA agents have a particularly good track record in obeying the law. Could there have been a situation where someone sent a woman through the scanner multiple times not to see the scan, but to keep paying her special attention? That seems much harder to rule out, and nothing in the TSA's post even acknowledges that possibility.
Either way, the blog post also notes that the woman did not file a complaint at the time, and suggests that if you have a problem, you should do so. Perhaps the TSA's Blogger Bob has never traveled like us "normal" people, but the whole process of getting through security is often such a hassle, the last thing you want to do after finally being allowed into the gate area is to continue dealing with the TSA and/or to provoke further scrutiny. As we've seen in the past, the TSA also does not have the best record when it comes to responding to those who complain about its activities.
I'm sure Blogger Bob believes that the TSA doesn't give special attention to attractive passengers, but perhaps it's time to acknowledge that the entire security theater setup is open to such charges because of how poorly designed it is?