Entries Tagged "TSA"

Page 13 of 31

Adopting the Israeli Airport Security Model

I’ve been reading a lot recently—like this article on the Israeli airport security model, and how we should adopt more of the Israeli security model here in the U.S. This sums up the problem with that idea nicely:

On the other hand, no matter how safe or how wonderful the flying experience on El Al, it is TINY airline by U.S. standards, with only 38 aircraft, 46 destinations, and fewer than two million passengers in 2008. As near as I can tell, Cairo is their only destination in a majority Muslim country. Delta, before the Northwest merger is included, reported 449 aircraft and 375 destinations.

Ben Gurion Airport is Israel’s primary (not only) international gateway. In 2008, Ben Gurion served 11.1 million international passengers and 470,000 domestic passengers, roughly comparable to the 10 million total served at Sacramento, the airport I use most often. Amsterdam served 47.4 million total, and Detroit served 35.1 million total in 2008.

By American standards, in terms of passengers served, Ben Gurion is a busy regional airport.

Simply put, the Israeli airport security model does not scale.

EDITED TO ADD (1/7): More.

EDITED TO ADD (1/12): Interview with El Al’s former head of security.

Posted on January 5, 2010 at 7:04 AMView Comments

Christmas Bomber: Where Airport Security Worked

With all the talk about the failure of airport security to detect the PETN that the Christmas bomber sewed into his underwear—and to think I’ve been using the phrase “underwear bomber” as a joke all these years—people forget that airport security played an important role in foiling the plot.

In order to get through airport security, Abdulmutallab—or, more precisely, whoever built the bomb—had to construct a far less reliable bomb than he would have otherwise; he had to resort to a much more ineffective detonation mechanism. And, as we’ve learned, detonating PETN is actually very hard.

Additionally, I don’t think it’s fair to criticize airport security for not catching the PETN. The security systems at airports aren’t designed to catch someone strapping a plastic explosive to his body. Even more strongly: no security system, at any airport, in any country on the planet, is designed to catch someone doing this. This isn’t a surprise. It isn’t even a new idea. It wasn’t even a new idea when I said this to then TSA head Kip Hawley in 2007: “I don’t want to even think about how much C4 I can strap to my legs and walk through your magnetometers.” You can try to argue that the TSA, and other airport security organizations around the world, should have been redesigned years ago to catch this, but anyone who is surprised by this attack simply hasn’t been paying attention.

EDITED TO ADD (1/4): I don’t know what to make of this:

Ben Wallace, who used to work at defence firm QinetiQ, one of the companies making the technology, warned it was not a “big silver bullet”.

[…]

Mr Wallace said the scanners would probably not have detected the failed Detroit plane plot of Christmas Day.

He said the same of the 2006 airliner liquid bomb plot and of explosives used in the 2005 bombings of three Tube trains and a bus in London.

[…]

He said the “passive millimetre wave scanners” – which QinetiQ helped develop – probably would not have detected key plots affecting passengers in the UK in recent years.

[…]

Mr Wallace told BBC Radio 4’s Today programme: “The advantage of the millimetre waves are that they can be used at longer range, they can be quicker and they are harmless to travellers.

“But there is a big but, and the but was in all the testing that we undertook, it was unlikely that it would have picked up the current explosive devices being used by al-Qaeda.”

He added: “It probably wouldn’t have picked up the very large plot with the liquids in 2006 at Heathrow or indeed the… bombs that were used on the Tube because it wasn’t very good and it wasn’t that easy to detect liquids and plastics unless they were very solid plastics.

“This is not necessarily the big silver bullet that is somehow being portrayed by Downing Street.”

A spokeswoman for QinetiQ said “no single technology can address every eventuality or security risk”.

“QinetiQ’s passive millimetre wave system, SPO, is a… people-screening system which can identify potential security threats concealed on the human body. It is not a checkpoint security system.

“SPO can effectively shortlist people who may need further investigation, either via other technology such as x-rays, or human intervention such as a pat-down search.”

Posted on January 4, 2010 at 6:28 AMView Comments

Me and the Christmas Underwear Bomber

I spent a lot of yesterday giving press interviews. Nothing I haven’t said before, but it’s now national news and everyone wants to hear it.

These are the most interesting bits. Rachel Maddow interviewed me last night on her show. Jeffrey Goldberg interviewed me for the Atlantic website. And CNN.com published a rewrite of an older article of mine on terrorism and security.

I’ve started to call the bizarre new TSA rules “magical thinking”: if we somehow protect against the specific tactic of the previous terrorist, we make ourselves safe from the next terrorist.

EDITED TO ADD (12/29): I don’t know about this quote:

“I flew 265,000 miles last year,” said Bruce Schneier, a cryptographer and security analyst. “You know what really pisses me off? Making me check my luggage. Not letting me use my laptop, so I can’t work. Taking away my Kindle, so I can’t read. I care about those things. I care about making me safer much, much less.”

For the record, I do care about being safer. I just don’t think any of the airplane security measures proposed by the TSA accomplish that.

Posted on December 29, 2009 at 11:17 AMView Comments

Separating Explosives from the Detonator

Chechen terrorists did it in 2004. I said this in an interview with then TSA head Kip Hawley in 2007:

I don’t want to even think about how much C4 I can strap to my legs and walk through your magnetometers.

And what sort of magical thinking is behind the rumored TSA rule about keeping passengers seated during the last hour of flight? Do we really think the terrorist won’t think of blowing up their improvised explosive devices during the first hour of flight?

For years I’ve been saying this:

Only two things have made flying safer [since 9/11]: the reinforcement of cockpit doors, and the fact that passengers know now to resist hijackers.

This week, the second one worked over Detroit. Security succeeded.

EDITED TO ADD (12/26): Only one carry on? No electronics for the first hour of flight? I wish that, just once, some terrorist would try something that you can only foil by upgrading the passengers to first class and giving them free drinks.

Posted on December 26, 2009 at 5:43 PMView Comments

TSA Publishes Standard Operating Procedures

BoingBoing is pretty snarky:

The TSA has published a “redacted” version of their s00per s33kr1t screening procedure guidelines (Want to know whether to frisk a CIA operative at the checkpoint? Now you can!). Unfortunately, the security geniuses at the DHS don’t know that drawing black blocks over the words you want to eliminate from your PDF doesn’t actually make the words go away, and can be defeated by nefarious al Qaeda operatives through a complex technique known as ctrl-a/ctrl-c/ctrl-v. Thankfully, only the most elite terrorists would be capable of matching wits with the technology brilliance on display at the agency charged with defending our nation’s skies by ensuring that imaginary hair-gel bombs are kept off of airplanes.

TSA is launching a “full review” to determine how this could have happened. I’ll save them the effort: someone screwed up.

In a statement Tuesday night, the TSA sought to minimize the impact of the unintentional release—calling the document “outdated,” “unclassified” and unimplemented—while saying that it took the incident “very seriously,” and “took swift action” when it was discovered.

Yeah, right.

The original link to the document is dead, but here’s the unredacted document.

I’ve skimmed it, and haven’t found anything terribly interesting. Here’s what Wired.com noticed:

One of the redacted sections, for example, indicates that an armed law enforcement officer in or out of uniform may pass beyond the checkpoint without screening after providing a U.S. government-issued photo ID and “Notice of LEO Flying Armed Document.”

Some commercial airline pilots receive training by the U.S. Marshals Service and are allowed to carry TSA-issued firearms on planes. They can pass through without screening only after presenting “bonafide credentials and aircraft operator photo ID,” the document says.

Foreign dignitaries equivalent to cabinet rank and above, accompanying a spouse, their children under the age of 12, and a State Department escort are exempt from screening.

There are also references to a CIA program called WOMAP, the Worldwide Operational Meet and Assist Program. As part of WOMAP, foreign dignitaries and their escorts—authorized CIA representatives—are exempt from screening, provided they’re approved in advance by TSA’s Office of Intelligence.

Passengers carrying passports from Cuba, Iran, North Korea, Libya, Syria, Sudan, Afghanistan, Lebanon, Somalia, Iraq, Yemen or Algeria are to be designated for selective screening.

Although only a few portions of the document were redacted, the manual contains other tidbits that weren’t redacted, such as a thorough description of diplomatic pouches that are exempt from screening.

I’m a little bit saddened when we all make a big deal about how dumb people are at redacting digital documents. We’ve had a steady stream of these badly redacted documents, and I don’t want to lose that. I also don’t want agencies deciding not to release documents at all, rather than risk this sort of embarrassment.

EDITED TO ADD (12/10): News:

Five Transportation Security Administration employees have been placed on administrative leave after a sensitive airport security manual was posted on the Internet, the agency announced Wednesday.

EDITED TO ADD (12/12): Did the TSA compromise an intelligence program?

Posted on December 10, 2009 at 6:47 AMView Comments

Stabbing People with Stuff You Can Get Through Airport Security

Use of a pig model to demonstrate vulnerability of major neck vessels to inflicted trauma from common household items,” from the American Journal of Forensic Medical Pathology.

Abstract. Commonly available items including a ball point pen, a plastic knife, a broken wine bottle, and a broken wine glass were used to inflict stab and incised wounds to the necks of 3 previously euthanized Large White pigs. With relative ease, these items could be inserted into the necks of the pigs next to the jugular veins and carotid arteries. Despite precautions against the carrying of metal objects such as knives and nail files on board domestic and international flights, objects are still available within aircraft cabins that could be used to inflict serious and potentially life-threatening injuries. If airport and aircraft security measures are to be consistently applied, then consideration should be given to removing items such as glass bottles and glass drinking vessels. However, given the results of a relatively uncomplicated modification of a plastic knife, it may not be possible to remove all dangerous objects from aircraft. Security systems may therefore need to focus on measures such as increased surveillance of passenger behavior, rather than on attempting to eliminate every object that may serve as a potential weapon.

Posted on November 19, 2009 at 7:10 AMView Comments

A Critical Essay on the TSA

A critical essay on the TSA from a former assistant police chief:

This is where I find myself now obsessing over TSA policy, or its apparent lack. Every one of us goes to work each day harboring prejudice. This is simply human nature. What I have witnessed in law enforcement over the course of the last two decades serves to remind me how active and passive prejudice can undermine public trust in important institutions, like police agencies. And TSA.

Over the last fifteen years or so, many police agencies started capturing data on police interactions. The primary purpose was to document what had historically been undocumented: informal street contacts. By capturing specific data, we were able to ask ourselves tough questions about potentially biased-policing. Many agencies are still struggling with the answers to those questions.

Regardless, the data permitted us to detect problematic patterns, commonly referred to as passive discrimination. This is a type of discrimination that occurs when we are not aware of how our own biases affect our decisions. This kind of bias must be called to our attention, and there must be accountability to correct it.

One of the most troubling observations I made, at both Albany and BWI, was that—aside from the likely notation in a log (that no one will ever look at)—there was no information captured and I was asked no questions, aside from whether or not I wanted to change my mind.

Given that TSA interacts with tens if not hundreds of millions of travelers each year, it is incredible to me that we, the stewards of homeland security, have failed to insist that data capturing and analysis should occur in a manner similar to what local police agencies have been doing for many years.

EDITED TO ADD (11/12): Follow-on essay by the same person.

Posted on October 29, 2009 at 6:41 AMView Comments

TSA Successfully Defends Itself

Story here. Basically, a woman posts a horrible story of how she was mistreated by the TSA, and the TSA responds by releasing the video showing that she was lying.

There was a similar story in 2007. Then, I wrote:

Why is it that we all—myself included—believe these stories? Why are we so quick to assume that the TSA is a bunch of jack-booted thugs, officious and arbitrary and drunk with power?

It’s because everything seems so arbitrary, because there’s no accountability or transparency in the DHS. Rules and regulations change all the time, without any explanation or justification. Of course this kind of thing induces paranoia. It’s the sort of thing you read about in history books about East Germany and other police states. It’s not what we expect out of 21st century America.

The problem is larger than the TSA, but the TSA is the part of “homeland security” that the public comes into contact with most often—at least the part of the public that writes about these things most. They’re the public face of the problem, so of course they’re going to get the lion’s share of the finger pointing.

It was smart public relations on the TSA’s part to get the video of the incident on the Internet quickly, but it would be even smarter for the government to restore basic constitutional liberties to our nation’s counterterrorism policy. Accountability and transparency are basic building blocks of any democracy; and the more we lose sight of them, the more we lose our way as a nation.

EDITED TO ADD (11/12): Follow up by the woman who posted the original story. She claims that the TSA’s video is incomplete, and omits the part where she is separated from her son. I don’t believe her.

Posted on October 20, 2009 at 1:11 PMView Comments

Detecting People Who Want to Do Harm

I’m dubious:

At a demonstration of the technology this week, project manager Robert P. Burns said the idea is to track a set of involuntary physiological reactions that might slip by a human observer. These occur when a person harbors malicious intent—but not when someone is late for a flight or annoyed by something else, he said, citing years of research into the psychology of deception.

The development team is investigating how effective its techniques are at flagging only people who intend to do harm. Even if it works, the technology raises a slew of questions – from privacy concerns, to the more fundamental issue of whether machines are up to a task now entrusted to humans.

I have a lot of respect for Paul Ekman’s opinion on the matter:

“I can understand why there’s an attempt being made to find a way to replace or improve on what human observers can do: the need is vast, for a country as large and porous as we are. However, I’m by no means convinced that any technology, any hardware will come close to doing what a highly trained human observer can do,'” said Ekman, who directs a company that trains government workers, including for the Transportation Security Administration, to detect suspicious behavior.

Posted on October 7, 2009 at 12:54 PMView Comments

Ass Bomber

Nobody tell the TSA, but last month someone tried to assassinate a Saudi prince by exploding a bomb stuffed in his rectum. He pretended to be a repentant militant, when in fact he was a Trojan horse:

The resulting explosion ripped al-Asiri to shreds but only lightly injured the shocked prince—the target of al-Asiri’s unsuccessful assassination attempt.

Other news articles are here, and here are two blog posts.

For years, I have made the joke about Richard Reid: “Just be glad that he wasn’t the underwear bomber.” Now, sadly, we have an example of one.

Lewis Page, an “improvised-device disposal operator tasked in support of the UK mainland police from 2001-2004,” pointed out that this isn’t much of a threat for three reasons: 1) you can’t stuff a lot of explosives into a body cavity, 2) detonation is, um, problematic, and 3) the human body can stifle an explosion pretty effectively (think of someone throwing himself on a grenade to save his friends).

But who ever accused the TSA of being rational?

Posted on September 28, 2009 at 6:19 AMView Comments

1 11 12 13 14 15 31

Sidebar photo of Bruce Schneier by Joe MacInnis.