Five Myths about Airport Security
On April 20, 2014, a fifteen-year-old boy wandered onto a supposedly secure airport ramp at Mineta San José (California) International Airport, then climbed into the wheel well of a Hawaiian Airlines Boeing 767 and took a free trip to Maui. The incident raised new questions about the efficacy of U.S. airport security—and, predictably, prompted calls for more resources (i.e., taxpayer money) to be expended to prevent yet another such event.
An estimated $57 billion has been spent on airport security since the terrorist attacks of September 11, 2001 (Serna et al. 2014). Yet, since its inception in November 2001, the Transportation Security Administration (TSA) has neither prevented nor failed to prevent a terrorist from hijacking or taking down a passenger plane.
Here I will assess the effectiveness of the TSA’s “risk-based, intelligence-driven, common-sense, layered approach” to aviation security, as TSA chief John S. Pistole likes to depict it (TSA 2014a), and offer my conclusions about the effectiveness of some of those layers and the system as a whole.
Myth 1: New Screening Technology Is Making Us Safer
No. It’s just costing us more and more money.
According to a December 21, 2010, investigative report by The Washington Post’s Dana Hedgpeth (2010): “The massive push to fix airport security in the United States after the attacks of Sept. 11, 2001, led to a gold rush in technology contracts for an industry that mushroomed almost overnight. Since it was founded in 2001, the TSA has spent roughly $14 billion in more than 20,900 transactions with dozens of contractors.”
Hedgpeth also cites a Government Accountability Office (GAO) finding that “the TSA has ‘not conducted a risk assessment or cost-benefit analysis, or established quantifiable performance measures’ on its new technologies. ‘As a result, TSA does not have assurance that its efforts are focused on the highest priority security needs.’”
The first case in point is the explosive trace portal machine. In 2004, the TSA purchased 207 of these “puffer” machines, which blast passengers with a puff of air that blows particles off their clothing onto sensors. Only ninety-four of the machines were ever deployed because the TSA gradually figured out that they were impractical on several counts: They broke down often, they were unreliable because of suspect substances common in airports (such as jet-fuel fumes), and the machines blasted particles off a subject’s clothing onto others waiting in the queue, which caused bottlenecks. The last of the machines were quietly removed from airports in 2010. Total cost of this aborted program was $30 million (Stinchfield 2011).
On February 23, 2007, the TSA proudly unveiled the first of its X-ray backscatter full-body scanners at Sky Harbor International Airport in Phoenix, where it was employed on an experimental basis as a secondary screening device (TSA 2007). The machines were designed to detect non-metallic objects, such as explosives and items that can be construed by TSA screeners as weapons, and were touted by the TSA as an efficient and acceptable alternative to patting down airline passengers. Eventually, the TSA would own 250 Rapiscan advanced imaging technology machines (AITs) peddled by the lobbying firm The Chertoff Group (as in, former Department of Homeland Security Secretary Michael Chertoff) (Eggan 2010).
These “porno scanners,” as they came to be called, produced a near-explicit image of passengers’ naked bodies. They spawned the first widespread public outcry over security procedures at airports. The result was a provision in the FAA Modernization and Reform Act of 2012 requiring that the machines be fitted with “automated target recognition” software—that is, privacy software that produces a stylized image of the passenger. There also were concerns about the health effects of the X-ray machines, but they became academic when Rapiscan was unable to produce the privacy software, and the last of the machines was removed from U.S. airports in June 2013 (Jansen 2013). The 250 Rapiscan machines alone, excluding all operating expenses, cost taxpayers $40 million.
Millimeter-wave AITs were deployed alongside the X-ray machines and remain in service today. These machines now have software that produces a stylized image of the passenger. But they have a sufficiently high false-positive rate that negates the very reason they have been touted by the TSA: to reduce pat-downs and speed security lines. ProPublica’s Michael Gabell and Christian Salewski report
In Germany, the false positive rate was 54 percent, meaning that every other person who went through the scanner had to undergo at least a limited pat-down that found nothing. . . . [Results] from other countries, as well as tests conducted in the United States before 9/11, show false alarms occurred between about a quarter and half of the time. Moreover, dozens of U.S. travelers told ProPublica they had to get a pat-down despite passing through the body scanners. (Grabell and Salewski 2011)
As of April 26, 2014, there were 740 millimeter-wave AITs at 160 U.S. airports. By the way, if you’re a terrorist who wants to avoid passing through a body scanner, the TSA publishes a list of airports with AITs (TSA 2014c). The goal is to have 1,800–2,000 AITs, at the price of $150,000 each, deployed at all 450 U.S. airports.
Forgetting the costs and the waste, are these machines making us safer? The simple fact is that non-metallic explosives cannot be detected reliably by any of these machines—or even by pat-downs (Wackrow 2012). If formed like a pancake with tapered edges, a plastic explosive such as pentaerythritol tetranitrate (PETN) would be undetectable. Preventing several terrorists from each smuggling small amounts of explosives through security and assembling them in the “safe area” would be impossible.
Myth 2: We Can Spot Terrorists through Identification and Intelligence
Let’s look at the track record of our intelligence and ID operations post-9/11.
Richard Reid, the shoe bomber. Because of suspicions he raised among authorities—such as not having any luggage—Reid was prevented from boarding a flight from Paris to Miami on December 21, 2001. However, after additional screening by the French National Police, who concluded that Reid’s British passport was genuine, he was allowed to board the next day. Passengers and flight crew prevented Reid from lighting the fuse attached to the explosives concealed in his shoe, and the plane landed safely at Logan International Airport in Boston (CNN 2001).
Umar Farouk Abdulmutallab, the underwear bomber. In November 2009, British intelligence officials and Abdulmutallab’s own father warned various U.S. officials, including two CIA officers in Nigeria, that Abdulmutallab had been consulting with Islamic cleric and rabble rouser Anwar al-Awlaki and that he had murderous intentions. Abdulmutallab’s name never made it onto a no-fly list managed by the FBI. On Christmas Day 2009, he boarded Northwest Airlines flight 253 from Amsterdam to Detroit with PETN sewn into his underwear. Like Reid, Abdulmutallab’s suicide-bombing attempt was thwarted by passengers and flight crew (Sullivan 2009).
Tamerlan Tsarnaev, deceased Boston Marathon bomber. According to an April 19, 2013, press release issued by the FBI, “at the request of a foreign government,” Tsarnaev was investigated in 2011 (FBI 2013):
[The] FBI checked U.S. government databases and other information to look for such things as derogatory telephone communications, possible use of online sites associated with the promotion of radical activity, associations with other persons of interest, travel history and plans, and education history. The FBI also interviewed Tamerlan Tsarnaev and family members. The FBI did not find any terrorism activity, domestic or foreign, and those results were provided to the foreign government in the summer of 2011. The FBI requested but did not receive more specific or additional information from the foreign government.
Myth 3: Trained TSA Agents Can Identify Terrorists through Their Behavior
The TSA’s S.P.O.T. (screening passengers by observation techniques) program employs some 3,000 behavior detection officers at about 160 airports and has cost taxpayers nearly $900 million since its inception in 2007 (Jansen 2013). Yet it has failed to nab one single terrorist. According to a November 2013 report by the GAO (2013):
Available evidence does not support whether behavioral indicators . . . can be used to identify persons who may pose a risk to aviation security. GAO reviewed four meta-analyses . . . that included over 400 studies from the past 60 years and found that the human ability to accurately identify deceptive behavior based on behavioral indicators is the same as or slightly better than chance [emphasis added].
Further, a GAO report issued in May 2010 says that at least sixteen known terrorists traveled through U.S. airports in the S.P.O.T. program on at least twenty-three occasions without being detected (GAO 2010). That’s not all. On November 1, 2013, lone gunman Paul Anthony Ciancia made his way into a TSA checkpoint at Los Angeles International Airport, killing Transportation Security Officer Gerardo Hernandez and wounding two other agents and a civilian (Weikel and Nelson 2013). Hernandez was one of 100 behavior detection officers at LAX (Fox News Latino 2013).
Despite growing criticism, TSA head Pistole continues to steadfastly defend the program as an indispensible “layer” of security (Department of Homeland Security 2013).
Myth 4: TSA PreCheck Is Revolutionizing Aviation Security
Yes. But in what way?
TSA PreCheck cross-checks information provided by airlines and passengers against intelligence databases in order to assemble a list of trusted travelers who are eligible for expedited screening. As of April 29, 2014, there were ten participating airlines and 115 airports in the system. Participants in other DHS trusted-traveler programs, such as Global Entry, are also eligible for PreCheck. Program participants pass through metal-detector portals rather than full-body scanners. They are not required to remove their shoes, take laptops out of their cases, or suffer other such inconveniences in exchange for $85, being fingerprinted, and submitting sensitive personal information to the government (TSA 2014d).
While lauded as a boon to post-9/11 air travel by some—for example, by The New York Times’ Joe Sharkey (2014)—the program has several downsides: personal information might be stolen or misused (remember that the credit-card information of some forty million Target customers was hacked during the 2013 holiday shopping season), there is no guarantee of expedited screening every time, and PreCheck creates two classes of airline passengers.
That’s not all. Having heard stories from friends of how they were waved to the PreCheck line even though they were not paying participants, I contacted the TSA’s Office of Security Capabilities Communications Team to find out how these passengers were being vetted. The answer:
[Travelers] who are not members of a DHS trusted traveler program may be identified as eligible for TSA Pre-Check through an intelligence-driven, risk-based analysis of passenger data. Using the same data that passengers have provided for years, TSA’s Secure Flight performs risk-based analysis to permit eligible individuals into the TSA Pre-Check Lane.
This bypass procedure is called “managed inclusion”: “a real-time threat assessment of passengers at select airports” (TSA 2013). In other words, they vet airline passengers on the fly using sniffer dogs and behavior detection officers. (I am waiting for an answer to my follow-up question requesting more information about the specific sources of passenger data.)
Further, members of the military may also participate in PreCheck without further vetting simply by supplying their Department of Defense numbers (TSA 2014b). On November 5, 2009, Nidal Malik Hasan—a major in the U.S. Army—fatally shot thirteen people and injured thirty others at Fort Hood, Texas. And on April 19, 1995, Army veteran Timothy McVeigh detonated a truck bomb in front of the Alfred P. Murrah Federal Building in Oklahoma City that killed 168 people.
It seems the flying public, while inclined to overestimate the danger of terrorism in the skies, does have a good handle on how PreCheck compromises the TSA’s “risk-based, intelligence-driven, common-sense, layered approach” to airport security. In a July 2012 Gallup poll, 54 percent of respondents said that TSA screening procedures were very or somewhat effective in preventing terrorism (Gallup 2012). But in a Harris poll in 2014, following the Hawaiian Airlines incident, that number dropped to 50 percent. A majority of people surveyed in all categories of flying frequency agreed that PreCheck’s relaxed screening procedures were compromising security (71 percent among those who took no airline trips in the past year; 65 percent among those who took one to five trips in the last year; 54 percent among frequent flyers) (Reuters 2014).
This brings us back to our 740—and counting—millimeter-wave body scanners. While the more credulous air travelers, travel writers, and security mavens seem to be beguiled by the TSA’s AITs, the PreCheck program, and its “managed inclusion” exception to full screening, others of us are not. Although the secrecy inherent in security procedures makes this impossible to prove, I have concluded that the TSA’s push to sign up PreCheck members and its waving of nonmembers into the PreCheck line is an effort to compensate for the reliably high false-positive rate of the scanners. Whether this is to speed up security-line bottlenecks or to obfuscate the fact that the AITs are junk, the final effect is the same: compromising the airport security measures that we have been told are necessary to protect us from terrorists.
Myth 5: The More Airport Security Measures, the Better
Let’s look again.
The TSA publishes a diagram of its twenty layers of airport security. When we’ve finished rummaging through all these layers, we come to the bottom of the stack—measures that were in place prior to 9/11, or that were instituted immediately after the attacks (TSA 2014a):
• Positive baggage matching (making sure baggage accompanies a passenger on the same plane)
• Federal Air Marshal Service
• Federal flight deck officers
• Law enforcement officers
• Trained flight crew
• Hardened cockpit doors
• The passengers themselves
These are genuine common-sense measures that can and have been effective, that do not involve buying more and more expensive hardware that might or might not work, and that are not costing taxpayers billions.
On September 12, 2001, no cabin of airline passengers was going to allow their airplane to be hijacked. Period. Add reinforced cockpit doors, trained flight crew, maneuvers and other measures that pilots can take to spoil the party, and various armed personnel, such as air marshals. And, as witnessed by the failed shoe bomber and underwear bomber attempts, passengers and flight crews are batting 1,000 in taking care of themselves.
The whole of airport security has become less than the sum of its parts—or layers, as TSA Administrator Pistole would put it. Having convinced the public that we are in imminent danger of more terror in the skies, and that massive government spending and invasion of our privacy are necessary to keep us safe, Pistole has to explain how airport security that is now flying by the seat of its pants—through PreCheck, managed inclusion, and the fanciful S.P.O.T. program—isn’t compromising our security.
CNN. 2001. Shoe bomb suspect remains in custody (December 25). Online at http://edition.cnn.com/2001/US/12/24/investigation.plane/.
Department of Homeland Security. 2013. Written testimony of TSA Administrator John Pistole for a House Committee on Homeland Security, Subcommittee on Transportation Security hearing titled “TSA’s SPOT Program and Initial Lessons From the LAX Shooting” (November 14). Online at http://www.dhs.gov/news/2013/11/14/written-testimony-tsa-administrator-house-homeland-security-subcommittee.
Eggan, Dan. 2010. Scanner firms rely on Washington insiders. The Washington Post (December 24). Online at http://www.washingtonpost.com/wp-dyn/content/article/
FBI press release. 2013. 2011 Request for Information on Tamerlan Tsarnaev from Foreign Government (April 19). Online at http://www.fbi.gov/news/pressrel/press-releases/2011-request-for-information-on-tamerlan-tsarnaev-from-foreign-government.
Fox News Latino. 2013. Los Angeles airport shooting victim saw TSA job as a way of serving adopted homeland (November 2). Online at http://latino.foxnews.com/latino/news/2013/11/04/lax-shooting-victim-saw-tsa-job-as-way-serving-adopted-homeland/.
Gallup. 2012. Americans’ views of TSA more positive than negative (August 8). Online at http://www.gallup.com/poll/156491/Americans-Views-TSA-Positive-Negative.aspx.
Government Accountability Office (GAO). 2010. Aviation security: Efforts to validate TSA’s passenger screening behavior detection program underway, but opportunities exist to strengthen validation and address operational challenges (May 20). Online (with link to full report) at http://www.gao.gov/products/GAO-10-763.
GAO. 2013. Aviation security: TSA should limit future funding for behavior detection activities (November 8). Online (with link to full report) at http://www.gao.gov/products/GAO-14-159.
Grabell, Michael, and Christian Salewski. 2011. Sweating bullets: Body scanners can see perspiration as a potential weapon. ProPublica (December 19). Online at http://www.propublica.org/article/sweating-bullets-body-scanners-can-see-perspiration-as-a-potential-weapon#22900.
Hedgpeth, Dana. 2010. Auditors question TSA’s use of spending and technology. The Washington Post (December 10). Online at http://www.washingtonpost.com/wp-dyn/content/article/2010/12/20/AR2010122005599.html.
Jansen, Bart. 2013. TSA dumps near-naked Rapiscan body scanners. USA Today (January 18). Online at http://www.usatoday.com/story/travel/flights/2013/01/18/naked-airport-scanners/1845851/.
Reuters. 2014. Harris poll press release: Who screens the screeners? (April 24). Online at http://www.reuters.com/article/2014/04/24/ny-theharrispoll-svy-idUSnPn1WDyHs+9a+PRN20140424.
Serna, Joseph, Kate Mather, and James Rainey. 2014. Security experts are troubled by stowaway aboard Hawaii flight. Los Angeles Times (April 21). Online at http://www.latimes.com/local/la-me-stowaway-20140422,0,5694526.story#axzz2zcjjZhed.
Sharkey, Joe. 2014. Something to sing about, finally, at airport security. The New York Times (April 28). Online at http://www.nytimes.com/2014/04/29/business/tsa-finally-hits-a-high-note-with-passengers.html?emc=edit_tnt_20140428&lid=51095165&tntemail0=y&_r=0.
Stinchfield, Grant. 2011. TSA security puffers pulled from service. NBC-DFW (February 25). Online at http://www.nbcdfw.com/news/local/TSA-Security-Puffers-Pulled-From-Service-116885608.html.
Sullivan, Eileen. 2009. Napolitano concedes airline security system failed. The Salt Lake City Tribune (December 28). Online at http://www.sltrib.com/News/ci_14080461.
Transportation Security Administration (TSA). 2007. TSA announces pilot of multi-view and high-definition x-ray machines at security checkpoints (July 9, press release). Online at http://www.tsa.gov/press/releases/2007/07/09/tsa-announces-pilot-multi-view-and-high-definition-x-ray-machines-security.
TSA. 2013. What is managed inclusion? (December 4). Online at http://www.tsa.gov/traveler-information/what-managed-inclusion.
TSA. 2014a. Layers of security (January 14). Online at http://www.tsa.gov/about-tsa/layers-security.
TSA. 2014b. Military personnel, injured service members/veterans and wounded warriors (April 24). Online at http://www.tsa.gov/traveler-information/military-personnel-injured-service-membersveterans-and-wounded-warriors.
TSA. 2014c. AIT: Frequently asked questions (April 26). Online at http://www.tsa.gov/ait-frequently-asked-questions.
TSA. 2014d. TSA Pre✓™ expands to include Air Canada, first international carrier to join expedited screening program (April 29). Online at http://www.tsa.gov/press/releases/2014/04/29/tsa-precheck-expands-include-air-canada-first-international-carrier-join.
Wackrow, Richard E. 2012. Can carry-on explosives bring down an airliner? Skeptical Briefs (Summer 2012).
Weikel, Dan, and Laura J. Nelson. 2013. LAX shooting of TSA agent points up gaps in post-9/11 security. The Los Angeles Times (November 3). Online at http://www.latimes.com/local/la-me-1103-lax-security-20131103,0,902571,full.story#axzz2jb16EMLp.