Entries Tagged "DHS"

Page 36 of 38

TSA Abuse of Power

Woman accidentally leaves a knife in her carry-on luggage, where it’s discovered by screeners.

She says screeners refused to give her paperwork or documentation of her violation, documentation of the pending fine, or a copy of the photograph of the knife.

“They said ‘no’ and they said it’s a national security issue. And I said what about my constitutional rights? And they said ‘not at this point … you don’t have any’.”

Posted on June 7, 2005 at 4:10 PMView Comments

Billions Wasted on Anti-Terrorism Security

Recently there have been a bunch of news articles about how lousy counterterrorism security is in the United States, how billions of dollars have been wasted on security since 9/11, and how much of what was purchased doesn’t work as advertised.

The first is from the May 8 New York Times (available at the website for pay, but there are copies here and here):

After spending more than $4.5 billion on screening devices to monitor the nation’s ports, borders, airports, mail and air, the federal government is moving to replace or alter much of the antiterrorism equipment, concluding that it is ineffective, unreliable or too expensive to operate.

Many of the monitoring tools—intended to detect guns, explosives, and nuclear and biological weapons—were bought during the blitz in security spending after the attacks of Sept. 11, 2001.

In its effort to create a virtual shield around America, the Department of Homeland Security now plans to spend billions of dollars more. Although some changes are being made because of technology that has emerged in the last couple of years, many of them are planned because devices currently in use have done little to improve the nation’s security, according to a review of agency documents and interviews with federal officials and outside experts.

From another part of the article:

Among the problems:

  • Radiation monitors at ports and borders that cannot differentiate between radiation emitted by a nuclear bomb and naturally occurring radiation from everyday material like cat litter or ceramic tile.
  • Air-monitoring equipment in major cities that is only marginally effective because not enough detectors were deployed and were sometimes not properly calibrated or installed. They also do not produce results for up to 36 hours—long after a biological attack would potentially infect thousands of people.
  • Passenger-screening equipment at airports that auditors have found is no more likely than before federal screeners took over to detect whether someone is trying to carry a weapon or a bomb aboard a plane.
  • Postal Service machines that test only a small percentage of mail and look for anthrax but no other biological agents.

The Washington Post had a series of articles. The first lists some more problems:

  • The contract to hire airport passenger screeners grew to $741 million from $104 million in less than a year. The screeners are failing to detect weapons at roughly the same rate as shortly after the attacks.
  • The contract for airport bomb-detection machines ballooned to at least $1.2 billion from $508 million over 18 months. The machines have been hampered by high false-alarm rates.
  • A contract for a computer network called US-VISIT to screen foreign visitors could cost taxpayers $10 billion. It relies on outdated technology that puts the project at risk.
  • Radiation-detection machines worth a total of a half-billion dollars deployed to screen trucks and cargo containers at ports and borders have trouble distinguishing between highly enriched uranium and common household products. The problem has prompted costly plans to replace the machines.

The second is about border security.

And more recently, a New York Times article on how lousy port security is.

There are a lot of morals here: the problems of believing companies that have something to sell you, the difficulty of making technological security solutions work, the problems with making major security changes quickly, the mismanagement that comes from any large bureaucracy like the DHS, and the wastefulness of defending potential terrorist targets instead of broadly trying to deal with terrorism.

Posted on June 3, 2005 at 8:17 AMView Comments

DHS Enforces Copyright

Why is the Department of Homeland Security involved in copyright issues?

Agents shut down a popular Web site that allegedly had been distributing copyrighted music and movies, including versions of Star Wars Episode III: Revenge of the Sith. Homeland Security agents from several divisions served search warrants on 10 people around the country suspected of being involved with the Elite Torrents site, and took over the group’s main server.

Shouldn’t they be spending their resources on matters of national security instead of worrying about who is downloading the new Star Wars movie? Here’s the DHS’s mission statement, in case anyone is unsure what they’re supposed to be doing.

We will lead the unified national effort to secure America. We will prevent and deter terrorist attacks and protect against and respond to threats and hazards to the nation. We will ensure safe and secure borders, welcome lawful immigrants and visitors, and promote the free-flow of commerce.

I simply don’t believe that running down file sharers counts under “promote the free-flow of commerce.” That’s more along the lines of checking incoming shipping for smuggled nuclear bombs without shutting down our seaports.

Edited to add: Steve Wildstrom of Business Week left this comment, which seems to explain matters:

The DHS involvement turns out to be not the least bit mysterious. DHS is a sprawling agglomeration of agencies and the actual unit involved was Immigration and Customs Enforcement, a/k/a the Customs Service. Its involvement arose because the pirated copy of Star Wars apparently originated outside the U.S. and Customs is routinely involved in the interception and seizure of material entering the U.S. in violation of copyright or trademark laws. In Washington, for example, Customs agents regularly bust street vendors selling T-shirts with unlicensed Disney characters and other trademarked and copyright stuff.

The Secret Service’s role in computer crime enforcement arose from its anti-counterfeiting activities which extended to electronic crimes against financial institutions and cyber-crime in general. But they aren’t very good at it (anyone remember the Steve Jackson Games fiasco?) and the functions would probably best be turned over to another agency.

Posted on June 1, 2005 at 2:31 PMView Comments

Surveillance Cameras in U.S. Cities

From EPIC:

The Department of Homeland Security (DHS) has requested more than $2 billion to finance grants to state and local governments for homeland security needs. Some of this money is being used by state and local governments to create networks of surveillance cameras to watch over the public in the streets, shopping centers, at airports and more. However, studies have found that such surveillance systems have little effect on crime, and that it is more effective to place more officers on the streets and improve lighting in high-crime areas. There are significant concerns about citizens’ privacy rights and misuse or abuse of the system. A professor at the University of Nevada at Reno has alleged that the university used a homeland security camera system to surreptitiously watch him after he filed a complaint alleging that the university abused its research animals. Also, British studies have found there is a significant danger of racial discrimination and stereotyping by those monitoring the cameras.

Posted on May 16, 2005 at 9:00 AMView Comments

New U.S. Government Cybersecurity Position

From InfoWorld:

The Department of Homeland Security Cybersecurity Enhancement Act, approved by the House Subcommittee on Economic Security, Infrastructure Protection and Cybersecurity, would create the position of assistant secretary for cybersecurity at DHS. The bill, sponsored by Representatives Mac Thornberry, a Texas Republican, and Zoe Lofgren, a California Democrat, would also make the assistant secretary responsible for establishing a national cybersecurity threat reduction program and a national cybersecurity training program….

The top cybersecurity official at DHS has been the director of the agency’s National Cyber Security Division, a lower-level position, and technology trade groups for several months have been calling for a higher-level position that could make cybersecurity a higher priority at DHS.

Sadly, this isn’t going to amount to anything. Yes, it’s good to have a higher-level official in charge of cybersecurity. But responsibility without authority doesn’t work. A bigger bully pulpit isn’t going to help without a coherent plan behind it, and we have none.

The absolute best thing the DHS could do for cybersecurity would be to coordinate the U.S. government’s enormous purchasing power and demand more secure hardware and software.

Here’s the text of the act, if anyone cares.

Posted on May 6, 2005 at 8:05 AMView Comments

Lighters Banned on Airplanes

Lighters are now banned on U.S. commercial flights, but not matches.

The Senators who proposed the bill point to Richard Reid, who unsuccessfully tried to light explosives on an airplane with matches. They were worried that a lighter might have worked.

That, of course, is silly. The reason Reid failed is because he tried to light the explosives in his seat, so he could watch the faces of those around him. If he’d gone into the lavatory and lit them in private, he would have been successful.

Hence, the ban is silly.

But there’s a serious problem here. Airport security screeners are much better at detecting explosives when the detonation mechanism is attached. Explosives without any detonation mechanism—like Richard Reid’s—are much harder to detect. As are explosives carried by one person and a detonation device carried by another. I’ve heard that this was the technique the Chechnyan women used to blow up a Russian airplane.

Posted on April 20, 2005 at 4:21 PMView Comments

Processing Exit Visas

From Federal Computer Week:

The Homeland Security Department will choose in the next 60 days which of three procedures it will use to track international visitors leaving the United States, department officials said today.

A report evaluating the three methods under consideration is due in the next few weeks, said Anna Hinken, spokeswoman for US-VISIT, the program that screens foreign nationals entering and exiting the country to weed out potential terrorists.

The first process uses kiosks located throughout an airport or seaport. An “exit attendant”—who would be a contract worker, Hinken said—checks the traveler’s documents. The traveler then steps to the station, scans both index fingers and has a digital photo taken. The station prints out a receipt that verifies the passenger has checked out.

The second method requires the passenger to present the receipt when reaching the departure gate. An exit attendant will scan the receipt and one of the passenger’s index fingers using a wireless handheld device. If the passenger’s fingerprint matches the identity on the receipt, the attendant returns the receipt and the passenger can board.

The third procedure uses just the wireless device at the gate. The screening officer scans the traveler’s fingerprints and takes a picture with the device, which is similar in size to tools that car-rental companies use, Hinken said. The device wirelessly checks the US-VISIT database. Once the traveler’s identity is confirmed as safe, the officer prints out a receipt and the visitor can pass.

Properly evaluating this trade-off would look at the relative ease of attacking the three systems, the relative costs of the three systems, and the relative speed and convenience—to the traveller—of the three systems. My guess is that the system that requires the least amount of interaction with a person when boarding the plane is best.

Posted on April 20, 2005 at 8:16 AMView Comments

Failures of Airport Screening

According to the AP:

Security at American airports is no better under federal control than it was before the Sept. 11 attacks, a congressman says two government reports will conclude.

The Government Accountability Office, the investigative arm of Congress, and the Homeland Security Department’s inspector general are expected to release their findings soon on the performance of Transportation Security Administration screeners.

This finding will not surprise anyone who has flown recently. How does anyone expect competent security from screeners who don’t know the difference between books and books of matches? Only two books of matches are now allowed on flights; you can take as many reading books as you can carry.

The solution isn’t to privatize the screeners, just as the solution in 2001 wasn’t to make them federal employees. It’s a much more complex problem.

I wrote about it in Beyond Fear (pages 153-4):

No matter how much training they get, airport screeners routinely miss guns and knives packed in carry-on luggage. In part, that’s the result of human beings having developed the evolutionary survival skill of pattern matching: the ability to pick out patterns from masses of random visual data. Is that a ripe fruit on that tree? Is that a lion stalking quietly through the grass? We are so good at this that we see patterns in anything, even if they’re not really there: faces in inkblots, images in clouds, and trends in graphs of random data. Generating false positives helped us stay alive; maybe that wasn’t a lion that your ancestor saw, but it was better to be safe than sorry. Unfortunately, that survival skill also has a failure mode. As talented as we are at detecting patterns in random data, we are equally terrible at detecting exceptions in uniform data. The quality-control inspector at Spacely Sprockets, staring at a production line filled with identical sprockets looking for the one that is different, can’t do it. The brain quickly concludes that all the sprockets are the same, so there’s no point paying attention. Each new sprocket confirms the pattern. By the time an anomalous sprocket rolls off the assembly line, the brain simply doesn’t notice it. This psychological problem has been identified in inspectors of all kinds; people can’t remain alert to rare events, so they slip by.

The tendency for humans to view similar items as identical makes it clear why airport X-ray screening is so difficult. Weapons in baggage are rare, and the people studying the X-rays simply lose the ability to see the gun or knife. (And, at least before 9/11, there was enormous pressure to keep the lines moving rather than double-check bags.) Steps have been put in place to try to deal with this problem: requiring the X-ray screeners to take frequent breaks, artificially imposing the image of a weapon onto a normal bag in the screening system as a test, slipping a bag with a weapon into the system so that screeners learn it can happen and must expect it. Unfortunately, the results have not been very good.

This is an area where the eventual solution will be a combination of machine and human intelligence. Machines excel at detecting exceptions in uniform data, so it makes sense to have them do the boring repetitive tasks, eliminating many, many bags while having a human sort out the final details. Think about the sprocket quality-control inspector: If he sees 10,000 negatives, he’s going to stop seeing the positives. But if an automatic system shows him only 100 negatives for every positive, there’s a greater chance he’ll see them.

Paying the screeners more will attract a smarter class of worker, but it won’t solve the problem.

Posted on April 19, 2005 at 9:22 AMView Comments

GAO's Report on Secure Flight

Sunday I blogged about Transportation Security Administration’s Secure Flight program, and said that the Government Accountability Office will be issuing a report this week.

Here it is.

The AP says:

The government’s latest computerized airline passenger screening program doesn’t adequately protect travelers’ privacy, according to a congressional report that could further delay a project considered a priority after the Sept. 11 attacks.

Congress last year passed a law that said the Transportation Security Administration could spend no money to implement the program, called Secure Flight, until the Government Accountability Office reported that it met 10 conditions. Those include privacy protections, accuracy of data, oversight, cost and safeguards to ensure the system won’t be abused or accessed by unauthorized people.

The GAO found nine of the 10 conditions hadn’t yet been met and questioned whether Secure Flight would ultimately work.

Some tidbits:

  • TSA plans to include the capability for criminal checks within Secure Flight (p. 12).
  • The timetable has slipped by four months (p. 17).
  • TSA might not be able to get personally identifiable passenger data in PNRs because of costs to the industry and lack of money (p.18).
  • TSA plans to have intelligence analysts staffed within TSA to identify false positives (p.33).
  • The DHS Investment Review Board has withheld approval from the “Transportation Vetting Platform” (p.39).
  • TSA doesn’t know how much the program will cost (p.51).
  • Final privacy rule to be issued in April (p. 56).

Any of you who read the report, please post other interesting tidbits as comments.

As you all probably know, I am a member of a working group to help evaluate the privacy of Secure Flight. While I believe that a program to match airline passengers against terrorist watch lists is a colossal waste of money that isn’t going to make us any safer, I said “…assuming that we need to implement a program of matching airline passengers with names on terrorism watch lists, Secure Flight is a major improvement—in almost every way—over what is currently in place.” I still believe that, but unfortunately I am prohibited by NDA from describing the improvements. I wish someone at TSA would get himself in front of reporters and do so.

Posted on March 28, 2005 at 7:03 PMView Comments

Sidebar photo of Bruce Schneier by Joe MacInnis.