Entries Tagged "homeland security"

Page 22 of 37

Consumer Reports on Aviation Security and the TSA

It’s not on their website yet, and you’d have to pay to read it in any case, but the February 2008 issue of Consumer Reports has an article on aviation security. Much of it you’ve all heard before, but there are some new bits:

Larry Tortorich, a TSA training officer and former representative to the Joint Terrorism Task Force who retired in 2006, also says he saw problems from the inside. “There was a facade of security. There were numerous security flaws and vulnerabilities I identified. The response was, it wasn’t apparent to the public, so there would not be any corrective action.”

I’ve regularly pointed to reinforcing the cockpit doors as something that was a good idea, and should have been done years earlier.

Critics, however, say a stronger door is only half of the solution. “People have this illusion that hardened cockpit doors work, and they don’t,” Dzakovic says. “If you want to have a secure door, you need to have a double hulled door.”

Consumer Reports searched NAS, the Aviation Safety Reporting System, and found 51 incidents since April 2002 in which flight crews reported problems with the hardened doors.

Most of them weren’t really security issues: locking mechanisms failing, doors popping open in flight, and so on. But this was more interesting:

A 2006 study of aviation security by DFI International, a Washington, D.C. security consultancy, found that a drunken passenger kicked a hole in a door panel and that aircraft cleaners “broke a fortified door off its hinges by running a heavy snack cart into it on a bet.”

El Al, of course, has double doors. But since the cost is between $5K and $10K per aircraft, the airline industry has fought the measure in the U.S.

The article also talks about how poor the screeners actually are, but I’ve covered all that already.

Posted on January 10, 2008 at 1:58 PMView Comments

Five-Year-Old Boy Detained by the TSA

His name is similar to someone on the “no fly” list:

A five-year-old boy was taken into custody and thoroughly searched at Sea-Tac because his name is similar to a possible terrorist alias. As the Consumerist reports, “When his mother went to pick him up and hug him and comfort him during the proceedings, she was told not to touch him because he was a national security risk. They also had to frisk her again to make sure the little Dillinger hadn’t passed anything dangerous weapons or materials to his mother when she hugged him.”

The explanation is simple: to the TSA, following procedure is more important than common sense. But unfortunately, catching the next terrorist will require more common sense than it will following proper procedure.

If I ever get to interview Kip Hawley again, I’ll ask him about this.

EDITED TO ADD (1/12): Another kid on the no-fly list.

Posted on January 10, 2008 at 10:53 AMView Comments

Airport Behavioral Profiling Leads to an Arrest

I’m generally a fan of behavioral profiling. While it sounds weird and creepy and has been likened to Orwell’s “facecrime”, there’s no doubt that—when done properly—it works at catching common criminals:

On Dec. 4, Juan Carlos Berriel-Castillo, 22, and Bernardo Carmona-Olivares, 20, were planning to fly to Maui but were instead arrested on suspicion of forgery.

They tried to pass through a Terminal 4 security checkpoint with suspicious documents, Phoenix police spokeswoman Stacie Derge said.

The pair had false permanent-resident identification, and authorities also found false Social Security cards, officials say.

While the pair were questioned about the papers, a TSA official who had received behavior-recognition training observed a third man in the area who appeared to be connected to Berriel-Castillo and Carmona-Olivares, Melendez said.

As a result, police later arrested Samuel Gonzalez, 32. A background check revealed that Gonzalez was wanted on two misdemeanor warrants.

TSA press release here.

Security is a trade-off. The question is whether the expense of the Screening Passengers by Observation Techniques (SPOT) program, given the minor criminals it catches, is worth it. (Remember, it’s supposed to catch terrorists, not people with outstanding misdemeanor warrants.) Especially with the 99% false alarm rate:

Since January 2006, behavior-detection officers have referred about 70,000 people for secondary screening, Maccario said. Of those, about 600 to 700 were arrested on a variety of charges, including possession of drugs, weapons violations and outstanding warrants.

And the other social costs, including loss of liberty, restriction of fundamental freedoms, and the creation of a thoughtcrime. Is this the sort of power we want to give a police force in a constitutional democracy, or does it feel more like a police-state sort of thing?

This “Bizarro” cartoon sums it up nicely.

Posted on January 3, 2008 at 12:49 PMView Comments

Airport Security Study

Surprising nobody, a new study concludes that airport security isn’t helping:

A team at the Harvard School of Public Health could not find any studies showing whether the time-consuming process of X-raying carry-on luggage prevents hijackings or attacks.

They also found no evidence to suggest that making passengers take off their shoes and confiscating small items prevented any incidents.

[…]

The researchers said it would be interesting to apply medical standards to airport security. Screening programs for illnesses like cancer are usually not broadly instituted unless they have been shown to work.

Note the defense by the TSA:

“Even without clear evidence of the accuracy of testing, the Transportation Security Administration defended its measures by reporting that more than 13 million prohibited items were intercepted in one year,” the researchers added. “Most of these illegal items were lighters.”

This is where the TSA has it completely backwards. The goal isn’t to confiscate prohibited items. The goal is to prevent terrorism on airplanes. When the TSA confiscates millions of lighters from innocent people, that’s a security failure. The TSA is reacting to non-threats. The TSA is reacting to false alarms. Now you can argue that this level of failures is necessary to make people safer, but it’s certainly not evidence that people are safer.

For example, does anyone think that the TSA’s vigilance regarding pies is anything other than a joke?

Here’s the actual paper from the British Medical Journal:

Of course, we are not proposing that money spent on unconfirmed but politically comforting efforts to identify and seize water bottles and skin moisturisers should be diverted to research on cancer or malaria vaccines. But what would the National Screening Committee recommend on airport screening? Like mammography in the 1980s, or prostate specific antigen testing and computer tomography for detecting lung cancer more recently, we would like to open airport security screening to public and academic debate. Rigorously evaluating the current system is just the first step to building a future airport security programme that is more user friendly and cost effective, and that ultimately protects passengers from realistic threats.

I talked about airport security at length with Kip Hawley, the head of the TSA, here.

Posted on December 27, 2007 at 6:28 AMView Comments

Chemical Plant Security and Externalities

It’s not true that no one worries about terrorists attacking chemical plants, it’s just that our politics seem to leave us unable to deal with the threat.

Toxins such as ammonia, chlorine, propane and flammable mixtures are constantly being produced or stored in the United States as a result of legitimate industrial processes. Chlorine gas is particularly toxic; in addition to bombing a plant, someone could hijack a chlorine truck or blow up a railcar. Phosgene is even more dangerous. According to the Environmental Protection Agency, there are 7,728 chemical plants in the United States where an act of sabotage—or an accident—could threaten more than 1,000 people. Of those, 106 facilities could threaten more than a million people.

The problem of securing chemical plants against terrorism—or even accidents—is actually simple once you understand the underlying economics. Normally, we leave the security of something up to its owner. The basic idea is that the owner of each chemical plant 1) best understands the risks, and 2) is the one who loses out if security fails. Any outsider—i.e., regulatory agency—is just going to get it wrong. It’s the basic free-market argument, and in most instances it makes a lot of sense.

And chemical plants do have security. They have fences and guards (which might or might not be effective). They have fail-safe mechanisms built into their operations. For example, many large chemical companies use hazardous substances like phosgene, methyl isocyanate and ethylene oxide in their plants, but don’t ship them between locations. They minimize the amounts that are stored as process intermediates. In rare cases of extremely hazardous materials, no significant amounts are stored; instead they are only present in pipes connecting the reactors that make them with the reactors that consume them.

This is all good and right, and what free-market capitalism dictates. The problem is, that isn’t enough.

Any rational chemical plant owner will only secure the plant up to its value to him. That is, if the plant is worth $100 million, then it makes no sense to spend $200 million on securing it. If the odds of it being attacked are less than 1 percent, it doesn’t even make sense to spend $1 million on securing it. The math is more complicated than this, because you have to factor in such things as the reputational cost of having your name splashed all over the media after an incident, but that’s the basic idea.

But to society, the cost of an actual attack can be much, much greater. If a terrorist blows up a particularly toxic plant in the middle of a densely populated area, deaths could be in the tens of thousands and damage could be in the hundreds of millions. Indirect economic damage could be in the billions. The owner of the chlorine plant would pay none of these potential costs.

Sure, the owner could be sued. But he’s not at risk for more than the value of his company, and—in any case—he’d probably be smarter to take the chance. Expensive lawyers can work wonders, courts can be fickle, and the government could step in and bail him out (as it did with airlines after Sept. 11). And a smart company can often protect itself by spinning off the risky asset in a subsidiary company, or selling it off completely. The overall result is that our nation’s chemical plants are secured to a much smaller degree than the risk warrants.

In economics, this is called an externality: an effect of a decision not borne by the decision maker. The decision maker in this case, the chemical plant owner, makes a rational economic decision based on the risks and costs to him.

If we—whether we’re the community living near the chemical plant or the nation as a whole—expect the owner of that plant to spend money for increased security to account for those externalities, we’re going to have to pay for it. And we have three basic ways of doing that. One, we can do it ourselves, stationing government police or military or contractors around the chemical plants. Two, we can pay the owners to do it, subsidizing some sort of security standard.

Or three, we could regulate security and force the companies to pay for it themselves. There’s no free lunch, of course. “We,” as in society, still pay for it in increased prices for whatever the chemical plants are producing, but the cost is paid for by the product’s consumers rather than by taxpayers in general.

Personally, I don’t care very much which method is chosen: that’s politics, not security. But I do know we’ll have to pick one, or some combination of the three. Asking nicely just isn’t going to work. It can’t; not in a free-market economy.

We taxpayers pay for airport security, and not the airlines, because the overall effects of a terrorist attack against an airline are far greater than their effects to the particular airline targeted. We pay for port security because the effects of bringing a large weapon into the country are far greater than the concerns of the port’s owners. And we should pay for chemical plant, train and truck security for exactly the same reasons.

Thankfully, after years of hoping the chemical industry would do it on its own, this April the Department of Homeland Security started regulating chemical plant security. Some complain that the regulations don’t go far enough, but at least it’s a start.

This essay previously appeared on Wired.com.

Posted on October 18, 2007 at 7:26 AMView Comments

Shoe Scanners at the Orlando Airport

I flew through Orlando today, and saw an automatic shoe-scanner in the lane for Clear passengers.

Poking around on the TSA website, I found this undated page. It seems they didn’t pass the TSA tests, and will be discontinued:

The shoe scanning feature on the machine presented for testing on August 20 does not meet minimum detection standards. While significant improvements were made, (in fact a new machine was submitted) the shoe scanner still does not meet standards to ensure detection of explosives.

GE’s been apprised of these results and TSA and GE have agreed to continue working together. TSA and its partners at the laboratory stand ready to further test the GE shoe scanner feature upon completion of additional detection capability enhancements to meet the agreed upon security requirements.

The machine currently in use in Orlando does not meet minimum detection standards and several additional security measures are required by TSA to mitigate the shortfalls of the shoe scanner feature. Accordingly, the prototype shoe scanner used in Orlando will be discontinued, effective October 10. It had been hoped that an acceptable scanner would be available, but given that the lab prototype does not meet all standards, TSA will not authorize the shoe scanner feature for security purposes in any of the airports where it is currently deployed and awaiting use. The GE Kiosks may be used to read biometric cards associated with the Registered Traveler program but will not provide a security benefit.

Posted on October 10, 2007 at 4:02 PMView Comments

Weird Terrorist Threat Story from the Raleigh Airport

This is all strange:

In a telephone interview, Fischvogt also told me, “we received word from the pilot about the suspicious activity before the flight landed.” Fischvogt explained that when Flight 518 landed, it sat on the tarmac for 45 minutes before FBI “took jurisdiction,” boarded the plane and arrested two people. DHS and local law enforcement were also present on the tarmac but “FBI took over the sight and the situation,” Fischvogt said.

“Wait a minute,” I asked, “The passengers were stuck inside the plane with two bad guys for 45 minutes before law enforcement boarded the aircraft?” I wanted to make sure I heard Fischvogt correctly.

“Yes,” Fischvogt confirmed.

Consider the agencies present 24/7 at the federalized Raleigh-Durham International Airport: FBI, DHS, (TSA & Federal Air Marshal Service), Joint Terrorism Task Force, ICE (Immigrations and Customs Enforcement) and airport police. And yet it took seven law enforcement agencies some forty-five minutes to put a single officer on the plane to counter the threat and secure the aircraft?

My analysis is that the delay was caused by FBI and DHS fighting over who had jurisdiction; protocol over ‘acts of air piracy’ are a constant source of bickering between the two agencies and have been the subject of at least one DHS Inspector General’s Report.

Of course the threat was a false alarm, but still….

EDITED TO ADD (10/9): Read the comments. The author of this blog seems to be a fear-mongering nutcase. (I should have read more about the source before posting this.)

Posted on October 8, 2007 at 1:56 PMView Comments

Remote-Controlled Toys and the TSA

Remote controlled toys are getting more scrutiny:

Airport screeners are giving additional scrutiny to remote-controlled toys because terrorists could use them to trigger explosive devices, the Transportation Security Administration said Monday.

The TSA suggests travelers place remote-controlled toys in checked luggage.

The TSA stopped short of banning the toys in carry-on bags but suggested travelers place them in checked luggage.

Okay, let’s think this through. The one place where you don’t need a modified remote-controlled toy is in the passenger cabin, because you have your hands available to push any required buttons. But a remote-controlled toy in checked luggage, now that’s a clever idea. I put my modified remote-controlled toy bomb in my checked suitcase, and use the controller to detonate it once I’m in the air.

So maybe we want the remote-controlled toy in carry-on luggage, where there’s a greater chance of detecting it (at the security checkpoint). And maybe we want to require the remote controller to be in checked luggage.

Or maybe….

In any case, it’s a great movie plot.

EDITED TO ADD (10/4): Here are two news stories and the DHS press release.

Posted on October 4, 2007 at 10:20 AMView Comments

Government Employee Uses DHS Database to Track Ex-Girlfriend

When you build a surveillance system, you invite trusted insiders to abuse that system:

According to the indictment, Robinson, began a relationship with an unidentified woman in 2002 that ended acrimoniously seven months later. After the breakup, federal authorities allege Robinson accessed a government database known as the TECS (Treasury Enforcement Communications System) at least 163 times to track the travel patterns of the woman and her family.

What I want to know is how he got caught. It can be very hard to catch insiders like this; good audit systems are essential, but often overlooked in the design process.

Posted on October 3, 2007 at 3:02 PMView Comments

1 20 21 22 23 24 37

Sidebar photo of Bruce Schneier by Joe MacInnis.