Schneier on Security
A blog covering security and security technology.
« Cheating in Online Poker |
| Friday Squid Blogging: New Species of Squid »
October 19, 2007
New TSA Report
A classified 2006 TSA report on airport security has been leaked to USA Today. (Other papers are covering the story, but their articles seem to be all derived from the original USA Today article.)
There's good news:
This year, the TSA for the first time began running covert tests every day at every checkpoint at every airport. That began partly in response to the classified TSA report showing that screeners at San Francisco International Airport were tested several times a day and found about 80% of the fake bombs.
Constant testing makes screeners "more suspicious as well as more capable of recognizing (bomb) components," the report said. The report does not explain the high failure rates but said O'Hare's checkpoints were too congested and too wide for supervisors to monitor screeners.
At San Francisco, "everybody realizes they are under scrutiny, being watched and tested constantly," said Gerald Berry, president of Covenant Aviation Security, which hires and manages the San Francisco screeners. San Francisco is one of eight airports, most of them small, where screeners work for a private company instead of the TSA. The idea for constant testing came from Ed Gomez, TSA security director at San Francisco, Berry said. The tests often involve an undercover person putting a bag with a fake bomb on an X-ray machine belt, he said.
Repeated testing is good, for a whole bunch of reasons.
There's bad news:
Howe said the increased difficulty explains why screeners at Los Angeles and Chicago O'Hare airports failed to find more than 60% of fake explosives that TSA agents tried to get through checkpoints last year.
The failure rates -- about 75% at Los Angeles and 60% at O'Hare -- are higher than some tests of screeners a few years ago and equivalent to other previous tests.
Sure, the tests are harder. But those are miserable numbers.
And there's unexplainable news:
At San Diego International Airport, tests are run by passengers whom local TSA managers ask to carry a fake bomb, said screener Cris Soulia, an official in a screeners union.
Someone please tell me this doesn't actually happen. "Hi Mr. Passenger. I'm a TSA manager. You know I'm not lying to you because of this official-looking laminated badge I have. We need you to help us test airport security. Here's a 'fake' bomb that we'd like you to carry through security in your luggage. Another TSA manager will, um, meet you at your destination. Give the fake bomb to him when you land. And, by the way, what's your mother's maiden name?"
How in the world is this a good idea? And how hard is it to dress real TSA managers up like vacationers?
EDITED TO ADD (10/24): Here's a story of someone being asked to carry an item through airport security at Dulles Airport.
EDITED TO ADD (10/26): TSA claims that this doesn't happen:
TSA officials do not ask random passengers to carry fake bombs through checkpoints for testing at San Diego International Airport, or any other airport.
TSA Traveler Alert: If approached by anyone claiming to be a TSA employee asking you to take something through the checkpoint, please contact a uniformed TSA employee at the checkpoint or a law enforcement officer immediately.
Is there anyone else who has had this happen to them?
Posted on October 19, 2007 at 2:37 PM
• 68 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
As for the last comment, about the passengers carrying test materials, wasn't there a really spectacular failure of that very system in (Toronto?) Canada a few months back? The passenger didn't even know he had it in his suitcase, the screeners failed to find it, and he discovered what was apparently sticks of explosive in his luggage when he got home and unpacked.
I want to know how they react against things that are *not* bombs.
Put a "laugh bag" (found at old fashion joke and magic shops) in their luggage and see if they overreact.
When I came back from Defcon one year they searched my luggage because I had a French Press coffee maker in it. I guess they saw the plunger.
For more overreaction news... In Portland, OR at the TOPOFF4 terror festival, they closed off a chunk of Portland because they found a vehicle that had bomb residue on it. It belonged to a law enforcement official who was participating in the celebration of fearmongering.
And they wonder why a large portion of the American public hold them in such contempt.
". . . official in a screeners union." Screeners union? Good gracious, can you imagine the horror of a job action? A concerted slow down (or worse, casual indifference to one's duties -- which is more typical of a unionized employee) at a critical choke point? The odds of arriving safely by driving instead of flying are looking better. Unions have no place in public safety.
wow that's a horrible - i would expect more of san diego. talk about conflicting messaging...
"do not leave your bags unattended. report all suspicious activity to airport security and notify a TSA member immediately if asked to carry items for another passenger."
"And how hard is it to dress real TSA managers up like vacationers?"
I'd say harder than we might assume. How do you avoid sending through a recognizable TSA undercover operative? How do you know when the operatives have become recognizable? Do you ship in TSA workers from other areas? Do you try to make your donkeys match the demographics of your airport patrons? If so, do you have that demographic employed?
From the managers' point of view, I can see why they chose a more affordable solution.
But I do agree with the point that their current solution of getting real travelers to do it is REALLY BAD.
And what happens if I, Mr. Tourist, tell Mr. TSA to take a flying leap? Or better yet start yelling "Dangerous Stranger!"
I mean really, what would we want someone to do if approached like this?
Next thing they'll be asking passengers to test their drug screening system.
traveler: you do know that most police officers and fire fighters are union members, don't you? The same is true of most other "first responders" in big cities.
"On the doll, show me where the TSA man touched you."
A rule-book slowdown would probably increase your odds of arriving safely...
Oh, for the days that competent private companies did airport security screening.
Let's be honest. In a real double-blind test, bombs are going to get through. At a certain international airport which will remain nameless to protect the guilty, not only did they know their FAA/airline/DEA/PD agents by sight, but of course they would alert each other to the presence of a well-dressed traveler in a suit who seemed to take an interest in the security operation.
60% to 75% success rates strike me as honest testing.
> Unions have no place in public safety.
Tell it to the police, firefighters and prison guards.
As for giving bombs to the passengers to carry through for you, I once had an even more radical idea.
Draft travelers to do the screening. In exchange for a reduced fare, you pull a two hour shift at the airport of the TSA's choice, arriving or departing (to avoid infiltration). You still have some professionals to keep things from getting too crazy, and you'd require a forty hour training class to participate, but wouldn't that be a lovely way of getting 'everybody' involved in our security?
I wonder two things... first, what kind of bombs are they testing the screeners on? All conceivable kinds of bombs that terrorist can think up (from homemade pipe bombs to two-component fluid bombs professionally hidden in working laptop batteries), or do they test them on blinking led, homemade lose wires soldering type bombs taped to the front of the t-shirts? :p
And secondly, isn't there a rather high chance that a TSA agent gets shot? "It's a *fake* bomb. I'm a TSA agent. Here, look at my badge... *agent gets shot while grabbing for badge*".
I think the "test every checkpoint, every day" thing makes it hard to disguise your TSA managers in doing the testing. The TSA screeners are admittedly not the most explosive intellects around, but I think even they'd start to recognize the guy who daily brings the fake suitcase bomb through the security line. Even if you rotate through 30 people, you'd still start to recognize the people after a month or two.
As for authentication of TSA status when presenting the fake bomb to a passenger, it'd be fairly easy to do this at the airline check-in counter. TSA employee cooperates with airline check-in employee to hang passenger a fake bomb and insert into carry-on luggage, or checked luggage. This would be the natural place to do this anyway, since the passenger is:
1) known to be flying that day and not at the airport, outside security zone for other reasons
2) known to have suitable luggage
3) at a place, pre-security check, where they are stopped anyway and can unzip bags and insert things therein
4) capable of inserting into either checked or carry-on luggage
@mirar: since the screeners know they are to be tested that day, you could have a password system which quickly defused the situation when the bomb is detected, which password would tell the screeners "don't shoot me while I reach for my ID"
As McGavin pointed out, once the fake passengers are identified, the testing is compromised. If there were a way to safely use real passengers, that would be optimal.
I can think of a few ways to make it safe.
First, what if the passenger were first escorted into a secure part of the airport requiring card swipes, numeric codes, and identification by another airport employee first?
Second, what if it's not a bomb, but something that is only a bomb component, and clearly only a bomb component to a lay person?
Third, what if the passenger is told to hand a TSA employee a piece of paper identifying the tested bomb component upon reaching the secure side of the security station once s/he has her luggage in hand?
After that, the passenger knows that the person could have circumvented security anyway, that they don't have something that is itself dangerous, and that TSA will be notified of the component before it can be combined with another component.
Is that enough? Is it too much? Certainly the people on this board will be able to enhance the procedure even further.
What happens when a screener does actually pick up the bomb? Do they take the tester into a back room? Arrest them on the spot? Presumably the testers must have some sort of identification to avoid the barbaric treatment that your laws now allow.
New movie plot threat: someone fakes TSA tester id, gets picked up at a checkpoint, shows their id, says "everything's fine, i'm a TSA tester", gets waved on through, actually blows up plane...
A modest improvement: bad guys have an algorithm for actually getting picked to be a ``lay testing aide''. Now he not only has a (real) ID, but also a genuine fake bomb to hand over when he's caught. :-)
"Yes, Airman, we're part of a secret test team and we would like you to hand over to us four, no make that six, armed cruise missiles with nuclear warheds, so we can fly them to Louisiana to test our military detection functions. Captain, here's a secret paperwork order, signed, for your eyes only, so you and the armed custody and escort team may stand down." Tests like that?
And I'm sure they're testing a variety of dangerous shoe bombs as well, right? Is the success rate for finding shoe bombs better than for baggage bombs?
I can't remember where I read it, now, but a while back there was a darkly humorous little piece written by someone who was purportedly a former airport screener.
The part that sticks in my mind was about the testing; the guy described the testing as *always* using the same set of test objects. There was one knife, one gun, one bomb, etc. And those were the objects that the screeners were trained to look for. Just them, nothing else. And the gun was just a solid piece of metal, no real detail.
I don't know if that was pre- or post-9/11, but it's not too hard to believe. For effective tests, they need to have an always-on "Red Team" probing various airports' security via various methods, basically coming up with new avenues of attack, or at least coming up with new, DIY test objects.
Just using pipe bombs and pot-metal castings made to look like .38 S&Ws isn't going to cut it. You need to try bombs in laptop batteries, bombs in food, bombs in children's toys; you need not just guns and knives but zipguns and objects that can be snapped apart to produce sharp edges.
I really doubt they're doing that.
One would hope that the first thing someone would do after being asked to carry the fake bomb, would be to wave down the nearest police officer.
After all, how do you know that the rest of the TSA employees have not been suborned? :)
@Craigh has good suggestions on how you could make such a program workable, but would put another burden on passengers, and would be welcomed as much as a jury summons.
Very believable story -- it happened to me some years ago, before 9/11. As I put my bags on the belt, someone in uniform, with a badge, put a sealed object on top of my suitcase. I suspected what was happening -- and had plenty of time -- so I did nothing. I'd have had trouble reacting rapidly enough in any event, because of how little time there was before my bag entered the X-ray machine.
I decided to watch the screener. As my bag went through, I could see the shocked expression on her face. Before she could do anything, though, the tester reached around and took the object off my bag. She saw him, recognized the test, and relaxed. I do not know what was in the object. It was too small to hold most pistols (or silhouettes of pistols); it could have been a snub-nose pistol or some other small one, or a silhouette of a grenade.
I don't know if she recognized him, or simply assumed he was legit from his uniform and badge. She did not rescan my bag, which she should have done. I regard the test as a good idea, but difficult to do properly, especially against a sophisticated enemy.
What I want to know is how many *real* bombs airport screeners have detected.
The solution is that they should use local police and/or firefighters contacted through their usual official hierarchy to do the tests.
@Joe English --
>What I want to know is how many *real* bombs
>airport screeners have detected.
Zero. We'd be bombarded with that glorius example of diligence from every media orifice for years and years if they got lucky to nab a real one.
Are you feeling safer? Do not forget to pay taxes.
Indeed, I'm convinced that the only reason the US hasn't had another 9/11 is that no one has made a real attempt.
">What I want to know is how many *real* bombs
>airport screeners have detected.
Zero. We'd be bombarded with that glorius example of diligence from every media orifice for years and years if they got lucky to nab a real one.
Are you feeling safer? Do not forget to pay taxes."
But, ideally, they wouldn't detect any bombs, because the system in place would be effective enough to deter efforts to smuggle a bomb on board.
So to flip it around, when *was* the last time that someone successfully go a bomb on board a US domestic flight (only person I can think of in recent memory is Richard Reid, who had to use a movie plot method of getting the explosives on board).
Brian -- the terrorists are not stupid; they know full well that their chances to get caught smuggling a bomb is not worse than 50:50. For a group of persons intent on a suicide strike being caught is not exactly a deterrent.
The absense of terrorists caught red-handed by the airport security merely means that there isn't that many terrorists.
I want to know what happens if they ask you to carry and you refuse.
This doesn't surprise me. After all, we're talking "Security Theater" here. Remember, this is the same TSA that says it's okay to bring a lighter -a plastic tube filled with an explosive gas- onto the plane, but not a bottle of water. Oh yeah, I feel safer.
averros, it is probably a bit more complicated. After Tushino bombing (security service with metal detectors allegedly didn't bother to check some pneumatic guns, but were enough to get suicide bombers nervous - they exploded in queue to enter, killing tens instead of hundreds) I tend to believe that knowing security inefficiency and not getting nervous are not the same when the brain is washed enough to commit self-destruction to kill.
Actually, I think that 50:50 odds of being caught by the TSA are something that a suicide bomber would really rather not face. A suicide bomber is not merely willing to die, they *want* to die. Spending years in prison is not glamorous to somebody convinced of martyrdom.
If the odds are 50/50, the terrorist planners are going to want to have multiple attempts, to increase the odds of one getting through. But that now means that the guy they catch has a good chance of having information that is useful, since they need coordination. If a guy gets caught with bomb and a Qur'ran at an airport, they're going to start screening very slowly and very thoroughly, making the odds of the next attempt less than 50:50.
The other thing that 50:50 odds will do is make potential terrorists put more effort into finding out ways to bypass security, to hide bombs, etc. Hopefully, they'll do more things that increase their risk of getting caught, like trying to make more challenging explosives that might blow up on them or use materiel that is more heavily tracked through the supply chain.
In other words, I think that a 50:50 detection rate at airports actually reduces the risk of a successful bombing by a lot more than 50%. Such a detection rate initially sounds like a waste of time given the money that is spent, but I think that a rate like that does actually help a lot. (That being said, I think the rate should be a *lot* better, but I also don't know what sort of test was really being done. 50:50 on gun-shaped pieces of metal is bad, 50:50 on well wrapped chemical components sounds good...)
"Remember, this is the same TSA that says it's okay to bring a lighter -a plastic tube filled with an explosive gas- onto the plane, but not a bottle of water."
Come on, be reasonable. You know that's not correct. They won't let you bring on a bottle of an unknown liquid that you *claim* is water. That's the entire point. They don't know what it is.
That's not to say that I agree with their current regulations - I just don't want them mis-represented. I would support "311" a lot more if I saw some chemists saying they thought the rules made sense...
The more they test the less likely they are to assume I and my cpap are a real threat and the less likely I am to get shot.
May reduce their effectiveness, but I think the screeners and their over-reactions are a bigger threat to me than a terrorist.
"A suicide bomber is not merely willing to die, they *want* to die."
Okay. Terrorist walks into Airport, ready to board his flight. Now he either is able to get on the plane, blow it up and kill some people or he might also be called out while waiting to board. What exactly would stop him from detonating whatever explosive he's got on him or in his luggage right after being called out and killing *some* people, including himself, in the process?
Just to show how little I trust our current government, it strikes me that this insane scheme has another pitfall.
Namely, this would be a swell way to set up people who are considered "undesirable" to anyone in a position of authority.
Anyone from a low-level TSA employee with a personal grudge to a partisan operative high in the goverment could target a traveler they didn't like to be selected for this "service" and set-up as a terrorist.
It would go like this: The target is approached to help test the TSA system. S/he is given assurances that once the fake bomb is found, certain paperwork or code words will alert the screeners that the target is working with TSA.
But instead the target person is hung out to dry, and charged with attempted terrorism.
NOTE: I never would have believed our government capable of such a thing 10 years ago. Now, I'm not so confident.
The absense of terrorists caught red-handed by the airport security merely means that there isn't that many terrorists.
No, it means that they are finding softer targets: nightclubs, subways, and busses, and in foreign countries instead of the USA. This is like how you don't have to make your home security system safe against movie-plot super thieves who can mysteriously buy your security codes, descend from the ceiling on wires, and wriggle their way through interlaced laser beams. You've just got to make it look harder than robbing your neighbors...
(Or in the old joke, "I don't have to be faster than the bear, I've just got to be faster than you.)
This is the single most idiotic thing I have heard in the entire "War on Terror".
I can't help but think the proper thing to assume is that the TSA Official is a terrorist, and to treat them as such.
For example, in some places a CCW holder could legally carry into the unsecured part of an airport and might well if they aren't travelling. I can easily see a concerned citizen drawing their firearm on a perceived terrorist, and indeed I would hope that this would happen. The mere idea that a federal official would hand out things to sneek past security...
I mean, WTF??? Asking people who do not know you to take an item onto a plane you are not going on? Suggesting that it looks like a bomb? This from the same people who ask you if you packed your own luggage?
Anyone involved in this should just be fired. 100% of them, no excuses.
Of course, this is a stupid idea.
The fact of the matter is that the terrorist groups aren't really interested in blowing up US planes - or they'd be doing it.
It's that simple.
There is NO WAY to stop a terrorist from conducting his mission IF he has any competence at all. Fortunately many, perhaps most, terrorists don't. But clearly the level of security provided by the TSA is not sufficient to stop the ones that do exist who have some competence.
So the fact that planes aren't blowing up simply means that that tactic is not first up in the terrorist mind these days and has nothing to do with TSA procedures - all of which could be circumvented with some planning, some imagination and some nerve - all of which a FEW terrorists have.
Read Dick Marcinko's book about how his Red Cell SEAL Team basically penetrated every US military and political security there is, including US Navy nuclear weapons lockers, Air Force One, Camp David, US Naval Intelligence HQ, and the Groton nuclear sub base. About the only place they didn't try to get in was the White House - or at least, they never admitted that. Had they tried, there is little doubt they would have succeeded, however. They got several men with several pounds of C-4 within twenty yards of the President's cottage at Camp David. They put IEDs on nuclear subs at Groton.
Of course, his SEAL Team were both highly trained and highly motivated (mostly by the fun of shoving it in the face of the brass as by desiring to secure America). But their success rate was almost one hundred percent. They established that military security - let alone corporate security - is an oxymoron.
Which is why you wonder why we worry about Iranian nukes that don't exist when Israel has 100-200 of their own and are surrounded by terrorists who would love to have one.
If terrorists want to start blowing up US airplanes, they will do so. And if they get caught in line trying to do so, they will blow up the people in line. Do you want to try flying after about a dozen lines are blown up - or even a few planes - successfully?
They don't even have to get on the plane or in line. They can shut down the US airline industry any time they want. They can do it either by blowing themselves up anywhere in crowded airports, or simply driving by the flight line from a mile away and shooting down an airliner with a missile - as TWA Flight 800 was almost certainly downed in retaliation for the Iranian Vincennes incident - or just launching a couple mortar shells at a plane as it taxies.
Do such things a dozen times and see happens to airline flying in this country.
They simply are concentrating on other methods and have limited resources to do the kinds of attacks I've outlined. But they could do it. That and the fact that Muslims in this country stand out like sore thumbs, making it easier for law enforcement and counterintelligence to track them.
The fact is that the so-called "terrorist threat" is far more limited than the government would have you believe. They are far fewer in number, have limited ability to get into the country in numbers with an organization and a plan and resources to carry out the plan, and even fewer have the intent. They are mostly interested these days in overthrowing Pakistan, Iraq, and Afghanistan. They operate more easily in those societies because they are Muslim societies. Operating in the US is more difficult and in some sense "scary" for them.
Almost no terrorist groups have expended any major effort to get into the US, organize major cells, and conduct high profile operations. That was why 9/11 stood out - and hasn't been repeated in years.
And this is not the way to conduct effective terrorism. Terrorism is only effective if it is chronic. Executing an attack once every few years is utterly pointless, unless the attack is so spectacular as to "change everything" - i.e., a nuclear attack that kills scores or hundreds of thousands. The 3,000 killed on 9/11 and the method used was probably the most spectacular and effective terrorist attack ever done - and it's highly unlikely to be repeated more frequently than once a decade.
And that's a waste of time, for the most part.
Which is probably why it hasn't been repeated - despite its success in mobilizing the US to screw itself royally in Iraq and Afghanistan.
It's not that TSA procedures or other US security is so hard to beat. It's all the other factors that are really unrelated to security that is keeping the US relatively secure.
But if those factors ever break down - meaning if the US attacks Iran, and Iran decides to activate some more professional operatives against the US - you will see effective terrorism here. And the US government will not be able to stop it - because those pros will have the resources to get in and out of the country without being seen at Customs checkpoints, will have secure safe houses here that will not be constantly watched by FBI agents, will have explosives and weapons provided from caches already in place or smuggled in by the same routes used by drug smugglers, will have soft targets already selected and planned for, and will merely have to carry out the pre-planned mission.
They may even have prepared suicide bombers that are in place or can be smuggled in - while the real operatives stay behind. This is how the original Towers bombing went. The pros came in, set up the bomb and the plan, got some patsies to do the job while they flew home undetected.
Read any terrorist fiction book or some of the better terrorist movies. If the authors can think of reasonably tight plots, professional terrorist operatives can as well. The number of soft, effective targets in the US is almost limitless.
All you need is a handful of guys willing to drive a car bomb into Times Square at rush hour, or carry a backpack on to the subway at rush hour, or even just a couple of hand grenades in their pockets. Do this with ten guys over two or three days in three or four major cities. The US will be in a panic within 24 hours, with National Guard troops (if there are any still outside of Iraq) on every street corner (which will be useless).
Bottom line: You cannot stop terrorism without 1) killing or capturing all the terrorists - which is not feasible unless they are a small, localized group; or 2) changing your policies so the terrorists do not want to attack you as opposed to attacking someone else.
I think that if this extraordinarily stupid policy does not get shelved due to the publicity, it will certainly get ashcanned when an upstanding citizen does the right thing and puts a serious asswhupping on the "terrorist" trying to give him a bomb.
After all, if one declines the offer, and it's a real bombing attempt, then your life is in jeopardy, so serious action involving bodily harm is certainly justified by any "reasonable man" standards.
The real damning statistic here isn't how many times the fake bombs got through -- it's how many times they managed to convince idiots to help them out.
My first thought was similar to Rich's - yell for police support.
But to me it would be a totally frightening situation - unfortunately, police officers seeing a dispute between someone in uniform and someone not in uniform are likely to assume the wrong side is at fault.
Sometimes the real TSA folks are professional enough to find a way to resolve it without further conflict, and I'm *probably* not a political target, but I'd rather not either get hauled off into some back room, get shot by a cop, or miss my plane. Sometimes they're not. But we're going to walk calmly and quietly over to the white courtesy phone there and call for a supervisor.... and hope the damn phone works, which too many of them don't any more. And I'm usually running late, so I'm going to miss the plane.
A *real* terrorist who wanted to plant bombs in people's luggage would get a job as an airport shuttle driver - they'd have easy access to luggage, and people are used to drivers being immigrants.
Isn't daily testing a bit much? Some testing is desirable (and from the reports, apparently more testing than is going on in lots of places), yes. But if it's that regular, don't the screeners get complacent? "It's another test."
Given everything I've heard about TSA employee competance...
1: This is perfectly believable
2: The average guy on the street will probably do a better job than they would anyways
My fear is for the poor passenger. Knowing that he/she has a 'bomb' in their possession will make them nervous. Nervous passenger with 'bomb' and uptight security personnel could well result in a dead passenger.
Wow. Just wow. I echo Bruce and hope this isn't true. Because if it is, they are just training the flying populace to accept things that look like bombs from someone to take on the plane.
How long before a fake TSA official supplies a fake fake bomb which the TSA predictably misses as the remove all moist things from the region, only to have that bomb detonate?
Like one commenter said, this sounds like a movie plot. Except that if they are really doing this, they are reducing this from a fantastic, long-odds plot to something that could be feasible. Good work!
You're all missing the plot - if you're a smart terrorist you don't have to smuggle bombs on to a plane, you just have to enlist the co-operation of your friendly Bush administration to scare the crap out of the flying public. Voila! No risk, same effect, down to the horrendous expense of time and effort to find non-existent bombs.
Isn't there a risk from repeated tests that, when the TSA staff find a "bomb" in a piece of luggage, they presume it's fake and act accordingly.
For example, rather than detaining the person with the necessary precautions for a potential terrorist, they instead say - "Oh, you must be the TSA guy. Would you mind coming over here?".
@Richard Steven Hack:
The simple thing is that most terrorist's goal ist NOT to kill as many US americans (or europeans) as possible but to become "calif instead of the calif" (if someone of you knows the french comic "Isnogod" :-) )
First and mostly they want to turn over the gouvernments in their own countrys.
So constantly killing as much as possible of us is not very effective.
This is insane. Now all the "terrorists" have to do is pose as an TSA manager. Who's going to screen those guys? If someone approaches me and asks me to carry a fake bomb, I'm going to tackel them and scream bloody murder!!
Alan Smithee> This is insane. Now all the "terrorists" have to do is pose as an TSA manager.
Nonsense. A TSA rep can take people to a secure area whose access authenticates him. I'm always ready to criticize TSA for foolishness, but I see nothing in this report that indicates that the authentication is as weak as many here, including Bruce, seem to have assumed--badge only. On the contrary, I would assume that the handover of a fake bomb would occur in a place where the screeners and general airport security folks couldn't possibly see it, if the test is to be meaningful.
And besides, a non-TSA guy walking around an airport around wearing a TSA uniform is going to attract attention from the legitimate TSA people very quickly.
Furthermore, perhaps TSA is testing a sample of the passengers as well. We are all asked if anyone gave us something to carry when we check in. Perhaps they're surveying how people answer that question if a TSA rep, authenticated or not, gives us something to carry.
In response to traveler's post from Fri 10/19,
'". . . official in a screeners union." Screeners union? Good gracious, can you imagine the horror of a job action? A concerted slow down (or worse, casual indifference to one's duties -- which is more typical of a unionized employee) at a critical choke point? The odds of arriving safely by driving instead of flying are looking better. Unions have no place in public safety.',
I say there had better be a union. Without it these guys would get little pay and no benefits (no health insurance or retirement plan). Unions are not perfect, but they are better than nothing.
I want to know how often the passenger gets to the screening table and says, "I was handed this package by a guy dressed in a TSA uniform." And then, what happens when that happens.
And what happens when the passenger is found to be carrying the package. Does the manager jump in and say, "Congratulations, guys, you just passed," or say, to the passenger, "You just failed to tell them that you were handed a package to carry through security."
The terrorists have a new method available: Dress like a TSA agent.
Roxanne> I want to know how often the passenger gets to the screening table and says, "I was handed this package by a guy dressed in a TSA uniform."
Indeed. Perhaps TSA wants to know the same thing.
Roxanne> And what happens when the passenger is found to be carrying the package.
Whatever actually happens, we can surmise that it's reasonable, since otherwise we would have heard reports of passengers being unnecessarily strip-searched or otherwise abused in such a circumstance.
Why does everyone assume the stupidest possible scenario? For all we know, TSA contacts the passenger two weeks before his or her departure and requests that the passenger visit the TSA office at the airport before checkin, where the passenger receives a completely inert object containing a few copper wires and a trace chemical application for the sniff detectors, along with a letter and contact information for a TSA representative who is already present at the security checkpoint. Really, what lemmings people in this topic seem to be.
"Just to show how little I trust our current government, it strikes me that this insane scheme has another pitfall.
Namely, this would be a swell way to set up people who are considered "undesirable" to anyone in a position of authority."
This was essentially my thought too, as well as what a great way to pad "apprehension" statistics. Sure many of them might end up as "test" as reason, but they certainly will report the ones they find as a legitimate catch of a threat and pad a terrorism stat for funding and justification prurposes. Worse (as was pointed out) failure to have assurances for the "code word" working or some moderate political agenda and this is easily used to harass or "disappear" folks who are inconvenient.
Other reasons for this being blatantly stupid are listed above in the form of expectation setting, risk of bodily harm to several participants or nearby non-involved people, disproportionate response from screeners or local police, etc etc.
Brian S> Other reasons for this being blatantly stupid are listed above in the form of expectation setting, risk of bodily harm to several participants or nearby non-involved people, disproportionate response from screeners or local police, etc etc.
More lemming language.
If screeners are going to engage in a shootout or other major misdeed because of a false positive (which this will be), isn't it better that we find out when there's no real bomb on the scene?
I think having real passengers carry the "fake" bomb is a great idea... After all, what are the chances of there being *TWO* bombs on one aircraft..?
You have far, far, far more confidence and trust in our government than I do and way more than is healthy, esp. in this kind of situation. I really think the best way out of this if you're handed something is to first politely and firmly refuse, walk away and make a scene if pursued. After all, that's exactly what we're being told to do by countless video blurbs, posters and soundbites.
Dillo> I really think the best way out of this if you're handed something is to first politely and firmly refuse, walk away and make a scene if pursued.
That sounds reasonable. But we have no evidence that you'll just be "handed something". Those assumptions--that TSA personnel will just walk up to you in an airport and show you a badge as sole authentication, then hand over something for you to carry--are pure speculation, and that is what I take issue with. It starts with Bruce, and everyone else just hops on the bandwagon.
The practice, as much as we know about it, is only reported to occur at one airport, so it may well be a pilot project. If it is successful, perhaps the TSA will issue advice to travelers for recognizing genuine TSA personnel, and explain how they will contact participants. They haven't gotten a chance--all the information we have comes, via reporter, from a leaked report and a screeners' union official.
The described test is about as close to a valid test of screener effectiveness as one could devise, and costs practically nothing compared to hiring and training enough testers that the screeners wouldn't recognize them. Using travelers, TSA could test screeners dozens of times per day, and generate enough data to determine what kinds of devices and people get overlooked the most. I'm disappointed to see Bruce attack TSA with a kneejerk, completely unsubstantiated claim of ineffective authentication, while utterly failing to observe the potential benefits of the strategy. TSA may do some stupid things, but even Bruce admits that not everything they do is stupid, so why assume they're being stupid this time?
"If screeners are going to engage in a shootout or other major misdeed because of a false positive (which this will be), isn't it better that we find out when there's no real bomb on the scene?"
IF there was bomb involved it wouldn't be a false positive, and the real threat to life and limb from that would justify a shot or physical response.
However IF that were to happen I would want them to respond that way regardless of daily tests using false bombs. Isn't that merited today without this testing?
OTOH a daily test of 1000s of TSA agents across America who are otherwise bored and waiting for an event to happen? We'd be stacking the deck in favor of over-reaction and false response.
So let's see, a daily test involving fake bombs: Chance of occurance 100%.
A terrorist bringing in a real bomb and trying to walk through security with it: Chance of occurance extremely low if not 0 post 9/11.
Let's assert both have equal chances of detection, and equal chances of a "violent response". False positive rates with dwarf actual responses and folks will get hurt or dead dozens if not hundred of times before a real event justifies that response and action.
However stupid that reason alone makes this idea, there are others that make it bad too. As stated, the opportunity to use this as a political tool or justify detainment of people is very real. The message being sent to passengers is now that anyone who hands you something to carry across is bad (smuggler, etc) EXCEPT those dressed officially, those are ok to accept a "false" bomb from and try to walk through security with. It's ok, they're from the government and they're here to help.
If your point was it is best to start shooting before a bomb shows up so that we aren't shooting AND wondering about a bomb, I think you need to look more closely at the odds of each happening.
If your point was that poor response can be trained out of the equation, I'm not sure your post exactly says that, nor do I believe it can be in a largely low wage, high turnover system.
Brian S> Let's assert both have equal chances of detection, and equal chances of a "violent response". False positive rates with dwarf actual responses and folks will get hurt or dead dozens if not hundred of times before a real event justifies that response and action.
False positives *do* happen, regardless of any particular testing mode, because sometimes ordinary objects look or smell like bombs. So, yes, given the false positive and negative rates you suggest, we *want* to inure screeners to false positives so they don't go off half-cocked every time someone brings an ususual CD-ROM drive through.
Brian S> If your point was it is best to start shooting before a bomb shows up so that we aren't shooting AND wondering about a bomb, I think you need to look more closely at the odds of each happening.
Yes, that is my point. If the screeners are that trigger happy, let's stack the odds so that there is less likely to be a real bomb in the line at the same time mayhem breaks out, because it's going to happen sooner or later anyway.
Of course, if they *were* that trigger happy there would have been thousands of massacres at security checkpoints over the last few years, so we can safely ignore that possibility.
Sorry, meant to respond to this earlier as well:
Brian S> The message being sent to passengers is now that anyone who hands you something to carry across is bad (smuggler, etc) EXCEPT those dressed officially, those are ok to accept a "false" bomb from and try to walk through security with. It's ok, they're from the government and they're here to help.
That is *not* the message being sent to passengers. That is the message Bruce and you and a bunch of other folks here have made up in your heads. I hate having to repeat myself, but look at the facts: TSA hasn't made any announcement about this--they haven't had the chance. The scant information we have comes from a leaked report and a comment from a union official who does not represent TSA. The assumption that someone wearing a uniform can now give you an object to carry through is speculative to the point of absurdity.
What if TSA sent a letter to your home two weeks before your flight, offering you the chance to make $50 and help improve airline security, and requesting that if you are willing, please visit the airport TSA office after checking in. Those who show up get an explanation of the process, and are given $50, an inert object that has some testable property to put in their carry-on, along with an official letter and the contact information for TSA staff who are present at the security checkpoint, and who have been given the names of the participating travelers. Since the screeners already know that passenger testing is part of the regimen, they know, if they find the object, how to recognize the letter, and give it to the TSA staff to authenticate. The traveler goes on his merry way and no bullets are fired.
Is this scenario simple and foolproof enough that you can think beyond the catastrophizing to the point of seeing how useful it would be to have *real world* testing of the screeners at a sufficient frequency to see where their vulnerabilities are?
>At San Diego International Airport, tests are run by passengers whom local TSA managers ask to carry a fake bomb, said screener Cris Soulia, an official in a screeners union.
I've witnessed this happen a few years ago at a UK airport when two colleagues was approached just after security, but before the screeners. I think there was a fake bomb, fake knife and fake handgun, as I recall. At the other side another observer watched and intervened when the items (in this case) were found...
If there exist such "letters of marque" that a traveller can show to prove he's part of the testing program, I'd expect actual terrorists to want very badly to know what they look like, so that they can be forged.
I'd hope that the fake items themselves would bear TSA markings and serial numbers referenced in the letters, and that some algorithm to prevent replay attacks
Maybe take a hash of all the serial numbers and the date and hour of the test, then encrypt with a private key (that only the Tiger Team has, while all TSA employees and airport security have the public key) to generate a signature. Then encode all the components of the hash, and the signature, in a bar code that can easily be read by the screeners.
How about the TSA engages the Mystery Shoppers to do their testing? Frankly, the TSA has made getting through airport security onerous enough without making the same people test their system. $50 isn't going to do it for me. But if they used Mystery Shoppers, or some similar team, people in no particular hurry to get through the security line, people who, if there is a minor mix up and the tester ends up in a back room, won't miss a flight, then maybe this will work. Heck, make it a two pronged attack: a fake boarding pass and a fake detectable item. My time in line is for getting me to my plane, not for testing a system that, frankly, I don't much believe in.
The Monster> Maybe take a hash of all the serial numbers and the date and hour of the test, then encrypt with a private key (that only the Tiger Team has, while all TSA employees and airport security have the public key) to generate a signature
That level of effort is not required. Just have the TSA office communicate with the agent at the checkpoint the name of the passenger who has been given a test object, along with an identifier marked on the test object.
ytrozs> $50 isn't going to do it for me.
I invented that price point out of whole cloth. On a travel day where I'm not in a hurry, I might do it for $50. I expect some people would do it for free.
ytrozs> if they used Mystery Shoppers, or some similar team, people in no particular hurry to get through the security line, people who, if there is a minor mix up and the tester ends up in a back room, won't miss a flight
... then they won't be testing how well they can screen *travelers*. What would the Mystery Shoppers pack in their carry-ons? Where would they claim to be headed, for what purpose? And by what protocol would they be issued boarding passes?
No concocted set of mystery shopper scenarios is going to cover the range that real travelers will cover, and real travelers are already passing through the screening, so why do we need to recruit phonies for the job? It won't test as well and it will cost more.
The only danger I see is if someone who wants to smuggle a real bomb through is lucky enough to be recruited for testing; then that person *might* be able slip through if his or her baggage is not rescanned once the test object is found and removed. So rescanning needs to be part of the procedure.
I was a screener at IAD for 3 years and quit in 2005. And although 90% of the TSA staff are awesome people and decicated screeners, the other 10% were 3 trees short of a forest when it came to common sense and the "legal" ramifications of their jobs. But it fits their mindset. The sceener who made the request was probably under pressure to complete some training so they could document it and have good numbers to send to TSA HQ and look good. Since he s not allowed to carry threat items through the checkpoint and/or he was one of the training people who doesn't even work in the terminal the screenes would see a test commng when they saw him so he developed a plan. Just get a passenger to do it. If caught he could say it was a test and he'd have his numbers and mission completed. Or if he'd hit a snag where it would get him in trouble...say like someone from the real TSA Inspector General red team was conducting test was observing, or news media was nearby, or new LEO or maybe a Supervisor that had out for him (which in the TSA is legal-but thats another story) then he coud pin the felony the passenger and save hs butt and be a hero too.
When you take a trip always have 3 phone nubers on you. The 1-800 FBI tip line, the 1-800 Tsa comaint/tip line, And the closest news media tip line. If this happens again get screeers name from his ID and first call the FBI, then the media, then the TSA and repoert a Screene imporsonater was trying to get you smggle the something hrugh the checkpoint. Do not call the airport police because each airport handles its TSA/Airport Police relationship dfferently Some LEO's arent real fond of TSA which tends to lead unpredictable outcomes. Trust me The FBI will contact them and TSA and everyone responds to The FBI's requests. The meda is your saftey net cause TSA doesn't like these incdents in the limelight.
Oh and make sure you make the calls OUTSIDE the checkpoint.
I think TSA has great potential but we've got to all operate on the same page.
The mission of TSA is to provide safe travel and provide outstanding customer service. No true security or law enforcement agencey can split the two. TSA cannot please everyone and once a terrorist buys a plane ticket they are legally customers. How about TSA provide the outanding service of ensuring free and safe travel for all and let stand.
Okay I'm gettin off my high horse
for now. Oh one more thing. To all passengers who passed through IAD from 2002-2005 and thanked me for what I was doing-it meant alot. To those who had negative nasty comments - I am happy you made it safey to your destination and are able to be here and read this!
I'm very late here, but this whole concept is stupid for reasons that people aren't grasping. It's stupid because if you're going to have random people check airport security, have them actually use their brains to subvert it instead of just carrying things.
If I actually thought that we needed more, security, at airports, and I was in charge, I'd pay people to bounties to devise and smuggle dangerous devices through security. For every device they get through that could take out an airplane, they get 1000 dollars. For every lethal projectile weapon, 200, for every knife, 100.
Obviously, they'd notify someone in advance about the specific time. Make them check in once they get to the airport. They call a specific number on their cell, state their location, the person in the testing security office has them wave to the camera, or some other less-obvious motion.
He then watches them, making sure they do not get anywhere near an actual plane and turns themselves in immediately after passing the security checkpoint, or if they do get caught, informs TSA they are a tester.
Granted, this is actually a non-trivial amount of work to operate, so if we're going to let random people do it, they should have to ante up 50 bucks or so to have a try. (But if they win, remember, they get up to $1000.)
Of course, no one will ever implement this as it would make it incredibly obvious that it's impossible to stop that stuff from getting through any security checkpoint. (Which is actually why I'm suggesting it. I'd actually do it without a reward _and_ with the 50 dollar fee just to demonstrate how stupid this whole thing is.)
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.