copyright notice
link to the published version: IEEE Computer, August, 2015
Recognition as IEEE Computer Best Column of 2016


accesses since July 1, 2015

TSA: MISSION CREEP MEETS WASTE

Hal Berghel


The acronym TSA could just as well stand for “tricks to suppress accountability.” It is an object lesson in the misuse of technology toward ill-defined ends.

 

Mass media seems to regularly feed on the checkered past of the Transportation Security Administration, and for good reason. According to a recent ABC News exclusive, “An internal investigation of the Transportation Security Administration revealed security failures at dozens of the nation's busiest airports, where undercover investigators were able to smuggle mock explosives or banned weapons through checkpoints in 95 percent of trials.” ( http://abcnews.go.com/ABCNews/exclusive-undercover-dhs-tests-find-widespread-security-failures/story?id=31434881 ) This followed the leak of an internal Department of Homeland Security Inspector General ‘s report that indicated that TSA agents failed to detect 67 out of 70 threats presented by Red Team members. This is not an isolated problem with TSA as we'll see. Homeland Security Secretary Jeh Johnson was content to announce insubstantial changes and re-assign the TSA director ( http://www.dhs.gov/news/2015/06/01/statement-secretary-jeh-c-johnson-inspector-general-findings-tsa-security-screening ). As is the way with government, oversight of the change process will fall to a team of DHS and TSA insiders as internal investigations are the tools that bureaucrats use to diffuse criticism and/or cover up problems.

What is more, the Homeland Security Inspector General announced a few days later on June 9, 2015 that he has launched an investigation into the source of the leaker(s) who exposed the ineffectiveness of the Transportation Security Administration in detecting guns and bombs in the first place. http://www.washingtonpost.com/local/trafficandcommuting/homeland-security-looking-for-leaker-of-report-on-airport-checkpoint-failures/2015/06/09/570ede22-0eb3-11e5-adec-e82f8395c032_story.html In just the span of two weeks in early June, 2015 DHS went from imbalanced defense to full-court offense: it silenced the media and Congress by announcing a faux investigation, while aggressively pursuing the whistleblowers who let the public know about the misdeeds thereby sending a very clear signal to TSA agents who might be inclined to talk to reporters or congress.

It is axiomatic in government that the way to make an ineffective program work better is to make it larger. Axioms, one may recall, are assumed and not proven. The TSA program is a variation on the loss leader theme: we lose a little money on each sale, but we make up for it in volume. The TSA's spin was to create yet another screening program via Visible Intermodal Prevention and Response (VIPR) squads. (http://www.tsa.gov/about-tsa/visible-intermodal-prevention-and-response-vipr ). VIPR squads were another byproduct of the George W. Bush administration's concession to bigger government. But after three years of operation the 2008 DHS Inspector General reported that over 50% OF the VIPR inspectors surveyed failed to understand their mission, chain of command, or job responsibilities (https://www.oig.dhs.gov/assets/Mgmt/OIG_08-66_Jun08.pdf , p. 63). After such a glowing review, the criticisms of the VIPR teams for harassment of the traveling public must have come as quite a shock to Congress ( http://www.nytimes.com/2013/08/06/us/tsa-expands-duties-beyond-airport-security.html?pagewanted=all&_r=1 ). Four years later, the DHS IG reported that the problem with the VIPR program was that they lacked an effective public relations campaign and the employees didn't know how to prepare reports – where is Edward Bernays when we need him? (https://www.oig.dhs.gov/assets/Mgmt/2012/OIGr_12-103_Aug12.pdf , p. 16). These IG reports suggest that this swine needs more lip gloss.

AND THE BEAT GOES ON

But there's more. TSA also introduced the Screening of Passengers by Observation Techniques (SPOT) program that uses Behavioral Detection Officers (BDOs) to identify persons who may pose a potential security risk by focusing on “identifying behaviors and appearances that deviate from an established baseline and that may be indicative of stress, fear, or deception.” This ignores whether any of the afore-mentioned behaviors could have been induced by amateurish and nonsensical TSA rules, long lines at security checkpoints, the presence of armed VIPR agents in public areas suggestive of banana republics, or, heaven forbid, impolite TSA agents. By any objective measure it is an open question whether SPOT accomplishes anything from the perspective of thwarting terrorism to justify its existence. In its first year of operation, SPOT detained 50,000 passengers for additional screening, 3,600 of whom were referred to law enforcement. Of these “…3,600, 27% were illegal aliens, 17% were drug related, 14% were related to fraudulent documents, 12% were related to outstanding warrants, and 30% were related to other offenses.” ( http://www.gao.gov/assets/590/589587.pdf , p. 8). Not a terrorist to be found in this net. Some of you may recognize the similarity between these results and those reported by the NSA to congress on its bulk metadata collection program.

The March 26, 2012 GAO Report to Congress ( http://www.gao.gov/assets/590/589587.pdf ) was particularly illuminating. In the one attempt to validate SPOT, DHS' independent panel determined in April, 2011 that “SPOT was more effective than random screening to varying degrees.” This was even after the BDOs were made aware that the suspected individuals were already thought to pose a risk by earlier screening. This is government science at its finest: we tell you in advance that the subjects are thought to pose a risk, and then your subsequent confirmation of that fact was as likely to be accurate as a coin toss. Anyone who thinks that this is tax money well spent is delusional.

SPOT officials actually admitted that it was not known if the SPOT program resulted in the arrest of anyone who is a terrorist or who was planning to engage in terrorist-related activity.“ (ibid, p. 8). The GAO noted that TSA is only attempting to measure output (at which it fails miserably, incidentally), while the OMB encourages the use of “outcome measures – which track progress toward a strategic goal by documenting the beneficial results of programs – because they are more meaningful than output measures…” (p. 7) That's government-speak for break out the smoke and mirrors.

So neither outcomes nor output assessment can confirm any successes of the SPOT program. The GAO also noted that the DHS failed to complete a cost-benefit analysis before deployment. So there you have it. DHS didn't start by seeking to justify SPOT as a good idea, and then failed to seriously study whether anything useful resulted. That's what bureaucrats and government contractors call a home run.

It also must be understood that the GAO is part of the US government and inclined to support other agencies, rather than condemn them. Independent analyses of TSA programs, rare though they be, are far less optimistic than the GAO's! For example, the first independent analysis of the advanced imaging technologies (AIT) backscatter X-ray body scanner in 2014 ( https://radsec.org/secure1000-sec14.pdf ) found that that it was “ineffective at contraband screening against adaptive adversaries”, p. 13). The authors documented that it was relatively easy to conceal weapons, explosives and detonators using concealment tactics of positioning, masking, and shaping. This confirmed warnings by EPIC ( https://epic.org/privacy/surveillance/spotlight/0605/) ten years earlier. TSA is yet another privacy-invasive, tax-wasting make-work jobs program with ill-defined mission and no end game strategy added to the military-industrial-surveillance-political-media-prison-Wall Street-banking-energy-healthcare- academic-think tank-corporatist-homeland security-prohibitionist-carbon/combustion-complex. Such programs are the stuff of which geriatric empires are made.

LIQUIDS AND LEATHERMAN

Unfortunately most travelers fail to look beyond frequent irritation in their assessment of TSA, and that lack of public feedback accounts for most of the waste and abuse. There are no incentives for transparency and accountability. This has gotten so far out of control that EPIC is holding conferences on the subject ( https://epic.org/events/tsa/). Thus far TSA and DHS are allowed to remain passive with respect to negative scientific and media reports precisely because the overseers are beholden to government contractors and lobbyists and not investigative journalists and civil libertarian groups.

  1. The Backscatter X-Ray Body Scan. This tool was a classic example of going from sublime to ridiculous. It was noticed early on that the revealing digital images appealed to those of prurient interests ( http://www.politico.com/magazine/story/2014/01/tsa-screener-confession-102912_full.html ). Apparently it never occurred to the TSA that these digital images may take flight from the scanner. It wasn't long before the “images of interest” became digital currency ( http://www.cnet.com/news/feds-admit-storing-checkpoint-body-scan-images/ ), ( http://www.politico.com/magazine/story/2014/01/tsa-screener-confession-102912_full.html ) But expensive scanners maintained a high burn rate and that made both government and its contractors happy (it's sometimes hard to tell the two groups apart) ( http://www.washingtonpost.com/wp-dyn/content/article/2009/12/31/AR2009123102821.html ). After years of bad press, TSA abandoned the scanners because – hold on to your seats for this one – they didn't work! It seems that C-4 explosives and human flesh register the same ( http://www.wired.com/2014/08/study-shows-how-easily-weapons-can-be-smuggled-past-tsas-x-ray-body-scanners/ ). The technology was never scientifically tested for effectiveness in the real world, and was known not to work before deployed. At this writing, they're reserved for use with controlled populations like prisons. It is important to emphasize that body scanners were always opposed on constitutional grounds ( http://www.law.du.edu/documents/transportation-law-journal/past-issues/v37-03/Welch-Body-Scanners.pdf ), and have never been scientifically proven to work, as was proved by the underwear bomber ( http://www.cbsnews.com/htdocs/pdf/Abdulmutallab_Indictment.pdf ). The fact that TSA confiscates the pen knives and beverages but allows explosive underwear to board did little for their credibility. In 2013 the GAO reported that there was no evidence of SPOTs effectiveness in identifying aviation threats and recommended that Congress and the president withhold funding ( http://www.gao.gov/products/GAO-14-159 ).
  2. Bungling the “no fly” list. TSA and DHS involvement in the “no fly” lists of various types (projects like CAPPS I, CAPPS II, Selectee (SSSS) List, Secure Flight, etc.) have been fraught with controversy since inception by civil libertarians. The problem is that the criteria for inclusion are not known and therefore not capable of testing. There has never been significant public debate on the topic. The only way know that you're on one of these lists is to be stopped at a security checkpoint. Such was the case of Senator Ted Kennedy (http://www.cnn.com/2004/ALLPOLITICS/08/20/lewis.watchlist/index.html ). Unlike Kennedy, most travelers don't have access to the president or cabinet officials cell phone numbers, and have little effective recourse. (As an aside, after Kennedy's experience, George W. Bush cancelled the CAPPS II program that produced it.) No one so far as I know is opposed to the use of watch lists as long as the membership isn't politically or ideologically motivated, random or arbitrary. But there is considerable evidence that these lists are used as much for harassment as security. It should be pointed out that Nelson Mandela was on a no-fly list until Secretary Condoleezza Rice had him removed in 2008. Underwear bomber, no. Nelson Mandela, yes. You be the judge. This is not to be blamed on false positives as some would have you believe ( https://en.wikipedia.org/wiki/No_Fly_List), but rather bogus algorithms. This is not a system with a Type I error, but a system that is Type I stupid.

  3. Electronic Randomizers. This is one of the TSAs more recent brainwaves. In an effort to prevent self-selection of screening conveyors in airport security areas, TSA determined that this assignment should be random (http://www.gsnmagazine.com/node/30506?c=airport_aviation_security ), and let a request for information accordingly (https://www.fbo.gov/?s=opportunity&mode=form&id=e9b607a6aa395501cbee9ecf51e57abd&tab=core&_cview=1 ). Let's think about this. What is driving the travelers belt selection? It's not likely to be that a compromised TSA agent is spotted on a particular line which reveals an terrorist opportunity. Rather, it is likely due to the line moving faster. Such being the case, this technology is likely to be perceived by the traveling public as a way to randomly assign passengers to slower and longer lines, and therefore not be warmly received. We need only to look to the third world to find a randomizing technique that meets public acceptance. Everyone approaches the security checkpoint, shows credentials, and pushes the giant button on a small traffic light at the end of the belt. Green, good to go. Red, you get everything inspected manually. We could even add orange: you empty your pockets, place contents and bags on belt to go through the x-ray machine. Mexico used a system like this for decades. The cost: a few old traffic lights, a big button, a pole and a few relays. Mexico understood that terrorists don't need to think that the chance of their getting stopped is 100% to be dissuaded. They only need to believe that the chances are significant. It's the fact that they might get arrested that is the deterrent.
  4. We’ll add a few more links without comment:

  5. TSA missed 73 terrorism-flagged airline workers. http://www.politico.com/story/2015/06/tsa-missed-73-terrorism-flagged-airline-workers-report-118738.html
  6. TSA doesn't maintain its equipment properly - http://dig.abclocal.go.com/wls/documents/TSA%20equipment%20OIG.pdf
  7. TSA doesn't manager badges, IDs and uniforms properly - http://www.securityinfowatch.com/news/10501495/tsa-responds-to-inspector-general-over-badge-concerns
  8. TSA spent nearly $500,000 on a birthday party and awards banquet to boost morale - http://www.washingtonpost.com/wp-dyn/articles/A2399-2005Apr19.html
  9. Not the first TSA audit to reveal problems - http://chsdemocrats.house.gov/SiteDocuments/20110803172118-83003.pdf

And so forth.

MOTIVES AND MIXED MESSAGES

My point is that frequent travelers have come to loath TSA for the wrong reasons. If we get an expensive suit ruined because a sloppy TSA agent closed the bag with a sleeve hanging out, we internalize the irritation and go about our business. What we should have done is contacted our congressional delegation and demanded that transparency and accountability be imposed on TSA. In the case of the suit, adding accountability is trivial: the TSA inspection sticker should have a barcode representation of a one-way hash of the inspector’s employee, location and timestamp information. That would be enough for TSA to monitor the complaints without disclosing personnel information to the traveling public. If one inspector averages many complaints per day, maybe that should trigger some management action. But as things now stand, no accountability is demanded, so none is required. TSA is more than an annoying and pointless government activity, it is an insidious invasion of privacy that is only occasionally accidentally effective in stopping terrorism.

I prefer to label programs like those described above as “faith-based” in recognition of the only measure of effectiveness that they satisfy. (Hal Berghel, Faith Based Security, Communications of the ACM, v. 51, n.4, April, 2008, pp. 13-17). The longevity of faith-based programs is a function of how successfully they shun relevant science and oversight by impartial third parties, and cater to the demands of what President Eisenhower called the military-industrial complex. President Reagan's Strategic Defensive Initiative (aka Star Wars) was one noteworthy example of Faith-Based security. Championed by CIA Director William Casey, Deputy Director Robert Gates, and aided by a collection of neoconservative ideologues within the intelligence and defense communities, this science fiction solution to missile threat was widely discredited by the scientific community as unworkable from the git-go. Many of us recall David Lorge Parnas famous article on the subject (“Software Aspects of the Strategic Defense Systems,” Communications of the ACM, v. 28, no. 12, Dec. 1985, pp. 1326-1335). SDI was also vilified by commentators as a waste of taxpayer money (Melvin Goodman, National Insecurity –The Cost of American Militarism, City Lights Books, 2013, ch. 7). By some objective accounts, missile defense begun under Reagan have now cost the taxpayer in excess of $200 billion ( http://wmdjunction.com/120413_missile_defense_costs.htm ) with neither end nor kept promises in sight ( http://www.rawstory.com/2013/05/ronald-reagans-star-wars-project-still-hasnt-met-original-goal-30-years-later/ ; http://www.armscontrol.org/act/2010_05/Lewis-Postol). This is exactly what Soviet President Michael Gorbachev predicted. He told Reagan “I think you're wasting money. I don't think it [SDI] will work. But if that's what you want to do, go ahead.” (quoted in Goodman, p. 286-7) The strongest support for Star Wars came from retired physicist Edward Teller, big and powerful government neo-liberals and neo-conservatives, and perhaps Nancy's astrologers, yet the concept refuses to die. The allure of all of those un-auditable tax dollars is just too much for the military-industrial complex to overlook.

Faith-based programs like TSA, FEMA, SDI, Fusion Centers, Northcom, etc. must operate without oversight because oversight would expose that they don't work as intended. That is the prime motivation for the over-classification of the programs and the paperwork they generate. Ribald claims of effectiveness are made and conclusions are intuited. But no hypotheses are tested, no evidence is adduced, statistical modeling isn't even discussed, and the academic science and engineering community – the groups that actually have something significant to bring to the table – aren't consulted.. Behind every example of faith-based security is a government-inspired political valence. This is the real heart of the problem.

So the next time that TSA forces you into the longest line, or ruins one of your expensive garments, you are left with only your faith your inconvenience serves a greater good. The alternative is to encourage a national public discussion. I have just done my part. The rest is up to you.