- Registered Traveler finally going national:
More than 20 airports gearing up for faster screening.
- TSA conflict of interest still a problem:
Who will guard the guardians?
- Another airport opt-out?:
Key West could be next to use the private sector.
- Boarding pass loophole:
What TSA should do about it.
- Upgrading carry-on screening:
Some new technology looks promising.
- News notes
- Quotable quotes
It's been a long wait for beleaguered frequent flyers, but the Transportation Security Administration has finally given its approval to nationwide expansion of the Registered Traveler program. The first service provider, Verified Identity Pass, was certified by TSA in late November, and certification of the two other announced providers—Unisys's RT Go and the Fast Lane Option (FLO) Alliance—may have occurred by the time you read this.
Verified, operator of the successful pilot program at Orlando (to which I belong), is now installing its facilities at Cincinnati, Indianapolis, San Jose, and Terminal 7 at JFK. Verified CEO Steven Brill told Aviation Daily he expects to have 18 installations in operation by the end of next year. RT Go has signed up Reno and expects to announce several others this month. FLO has bid on Albany and Denver and is awaiting their decision.
Besides already-operational Orlando, some 22 airports have applied to TSA to launch RT programs. They include such major airports as Atlanta, all three Washington, DC area airports, both Chicago airports, Los Angeles, Miami, and Pittsburgh.
Despite at least three RT providers (so far), the program will be completely interoperable. In other words, your membership in one company's program will enable you (with your biometric membership card) to use the RT lanes at every participating airport. (Working out the details for interoperability was one reason it took TSA, airports, and service providers so long to get to this point.) Airport trade association American Association of Airport Executives is operating a Central Information Management System (CIMS) as part of its existing Transportation Security Clearinghouse. CIMS will process all data received from RT applicants, will interface with TSA for the required background checks, and will handle communications to the service providers regarding issues such as revoked credentials.
As Iï¿½ve reported previously in this newsletter, Verified and TSA have been testing an advanced-designed check-in kiosk, from GE, that scans shoes and fingers for explosives. CEO Steve Brill tells me he is confident that the shoe-scanning function will be operational by mid-December when they start up the JFK operations and transition Orlando from its local configuration to national (interoperable)—and at other locations as they begin operations early next year. That will mean no more shoe removals. And if all goes well, a month or two later the trace-detection of fingers will be approved, meaning no jacket removals, either. That should be a huge boost for memberships.
Last year when I testified on airport screening before a subcommittee of the House Homeland Security Committee, one of my key points was that TSA has a built-in conflict of interest. In the legislation that created the agency, Congress made it both the transportation security regulator and the provider of a major airport security service, passenger and bag screening. I've made this point also in policy papers, conference presentations, and in this newsletter. Alas, it seems to have fallen on deaf ears, perhaps in part because while people could appreciate that a conflict exists in theory, it did not look as if there was much of a problem, in practice.
But three recent events illustrate that the conflict is very real. One was the widely reported Red Team testing of screening at Newark, in which the team beat the screeners 20 out of 22 times. A second, reported last week by Annie Jacobsen at National Review Online (Nov. 28th), concerned a four-foot sword (!) that a passenger managed to carry on board an American plane at Dallas-Fort Worth. And the third, also reported by Jacobsen, was an incident at Kona, Hawaii, in which a baggage screener accidentally dropped a binder of information designated SSI (Sensitive Security Information) into a passenger's luggage while it was being screened. The passenger, Navy veteran Joe Langer, only discovered the binder when he unpacked the bag the next day.
What is most interesting about all three incidents is the TSA's response. TSA spokesman Nico Melendez had "no comment" for Jacobsen regarding the sword, and called the SSI binder incident a "fumble." My assessment is that they hoped both would get as little attention as possible, to avoid further embarrassment of the agency. As for Newark, TSA dispatched an investigation team to try to figure out . . . not why the screening performance was so miserable but who leaked the report to the media.
This is "cover your ass" writ large—and it's exactly the kind of thing that happens when one and the same agency writes the rules and then operates under them. Imagine instead what would have happened if these screening failures had been the responsibility of airport employees or a private screening contractor. TSA would have no institutional self-interest to protect; its focus would clearly be on figuring out what caused these performance failures and disciplining the responsible parties (and I don't mean the whistleblowers!).
Rep. William Pascrell (D., NJ), a member of the Homeland Security Committee, defended the unknown Newark whistleblower. But if he wants to fix the underlying problem, he should look into legislation that would devolve the screening function to the airports, resolving the conflict of interest problem once and for all.
As I have noted in previous issues, the general permission for airports to opt out of TSA-provided passenger and baggage screening has not gone very far—primarily, because both the law and TSA's interpretation of the law constrain the program so rigidly that most airport directors can see little or no gains from having a TSA-selected contractor parachuted into their airport. That's true even though GAO and Inspector General studies have found the performance of certified screening contractors to be as good as or slightly better than that of TSA screeners.
But here and there a special circumstance arises, where opt-out still makes good sense. One such case is now pending in the Florida Keys. Both Continental Connection and Delta Connection would like to begin service to Marathon Airport early next year, but the TSA has no screening operation there, so the service cannot be launched. Monroe County operates both Key West and Marathon airports, and TSA has 25 screeners at Key West.
Because of growth in Key West air service, that screener workforce consists of the "regular" allocation of 10 TSA screeners plus another 15 from TSA's National Screening Force, a mobile force that is dispatched to fill in temporarily at airports with a sudden increase in workload. But for some bureaucratic reason known only to TSA, those 15 "mobile" screeners have been there for several years now. So in addition to their normal screening salaries and benefits, TSA also pays them $100/day for hotel accommodations and $60/day for living expenses. That's nearly $60K a year per screener in added costs.
It's that added cost that creates the opening for Monroe County to opt out. FirstLine Security, the TSA-certified firm that provides screening services for Kansas City International, has said it could provide 41 screeners to serve both Key West and Marathon at the same cost as TSA is now incurring to serve only the former. So the county has applied to participate in TSA's opt-out program, the Screening Partnership Program. But airport director Peter Horton, the two airlines, and members of Florida's congressional delegation have all been frustrated that a decision from TSA has not been forthcoming. The Marathon Chamber of Commerce has a letter to TSA director Kip Hawley on its website, which anyone can sign and email to Hawley (www.floridakeysmarathon.com/TSA2.asp). And Rep. Ileana Ros-Lehtinen is urging Reps. Peter King (R, NY) and Dan Lungren (R, CA) of the Homeland Security Committee to press their case with TSA.
This seems like a no-brainer. Let's hope TSA agrees soon.
Just before Thanksgiving, the FBI dropped its case against Chris Soghoian, the college student who had posted instructions on the Internet about how to forge a boarding pass and use it to avoid being checked against the TSA's no-fly list. Commentators pointed out that this loophole was not news and had been pointed out as far back as 2003. Yet it has persisted, with no evident steps by TSA to change things. How come?
First, let's be sure we understand what the loophole consists of. The point of the scam is to be able to conceal your identity from the TSA system that compares your name to the agency's no-fly list. You start by purchasing a ticket under a different name, thus, that name is the one checked. When you show up at the airport and enter the screening line, you show your real I.D. and the fake boarding pass with your name on it; they match. From there on, you can use your real boarding pass (which matches the airline's reader at the gate), since there is no further match-up of your driver's license and boarding pass. This would not work if there were boarding pass readers at the checkpoints (as there should be), but that is a whole additional cost that TSA would have to persuade Congress to fund.
My guess is that TSA had thought they would fix the loophole as part of implementing their forthcoming Secure Flight system, but as we all know, Secure Flight is still under development and a long ways from being operational. Critics such as Bruce Schneier thinks that adding boarding pass readers at the gates is pointless, because "its only security purpose would be to check names against the no-fly list," which he argues is a joke. (www.wired.com/news/columns/0,72045-0.html)
I agree that the incomplete and inaccurate no-fly list that TSA shares with the airlines is a joke, but the picture would change dramatically once Secure Flight is implemented. Today, because TSA does not want highly sensitive information shared widely with airline reservations or check-in staff, it shares only a highly truncated version of its watch list with the airlines. But under Secure Flight, no such list would be disseminated. Instead, airlines would submit the passenger name record at the time of ticket purchase, and TSA would run that record past a much larger, integrated watch list. That list would include not only the absolutely "no-fly" people but also a much larger set of high-risk people who must get intensive "secondary" screening before being allowed to board. So contrary to Schneier, the checkpoint readers would tell the screeners which passengers need to be taken aside for secondary screening—a very essential component of a more risk-based screening system.
Chris Soghoian did the country a service by reminding us that this loophole still exists. It's high time TSA got its act together and rolled out Secure Flight—along with checkpoint boarding pass readers.
There have been positive developments to address the lack of systematic screening for explosives at passenger checkpoints, since TSA decided it was safe to let us carry a few 3-ounce containers of liquids in a one-quart Ziploc. Just to be clear, that procedure is now allowed because testing and calculations showed that such small quantities were very unlikely to pose a serious threat to passenger planesï¿½not because current carry-on X-ray machines can tell if said liquids are explosives. But TSA is now at least looking into the possibility of detecting explosives in carry-on bags.
First, it continues to test various technologies in hopes of finding some combination that would be small, fast, and inexpensive enough to replace the current (very old-tech) checkpoint X-ray machines. Several different firms make "multi-view" X-ray machines that are better at identifying three-dimensional shapes, but it's not clear how reliably then can distinguish explosive liquids and solids from harmless ones. As I wrote last issue, quadrupole resonance does show promise at identifying the chemical composition of substances. And now a Canadian company, Optosecurity, has built a device that attaches to existing X-ray machines, and uses optical-recognition technology to identify three-dimensional objects and detect liquid explosives. Let's see how fast and reliable it is, under real-world conditions, and at what cost.
Second, TSA is considering shifting about $20 million that had been budgeted for buying more puffer booths (those time-consuming devices you may have been unlucky enough to have to stand in while puffs of air were directed at you, to detect explosive particles) to speed development of technologies like those mentioned above. That's a good idea, because the puffers are a kludge of a technology. They are way too slow for mass screening (which seems to be what they are being tested for), but they are overkill for secondary screening. If you take someone aside for that, he or she gets a pat-down and can easily get a swab-test in one of the nearby explosive trace detection machines. So the puffer booths have no meaningful role. By all means, use that money to develop better technology, rather than buying more useless machines.
"Precautionary Principle" for Airports? One of the sacred cows of the political Left, when it comes to environmental issues, is the "precautionary principle," which essentially says that anything new should be banned unless it can be proved it will do no harm (which is logically not possible, but leave that go). So I find it amusing that French Interior Minister Nicholas Sarkozy last month invoked the precautionary principle in deciding to dismiss a number of Paris airport workers identified by the police as "linked to fundamentalist movements with potentially terrorist purpose." The French Left is up in arms over this, apparently not noticing (or choosing to ignore) the contradiction.
New Homeland Security Library Resource A new 75-book library of key books on homeland security and counter-terrorism has been assembled by RAND Corporation, the Brookings Institution, and the National Academies Press. The books cover a wide range of subjects, including many directly related to aviation security. You can see a complete listing of all 75 books at: www.nap.edu/catalog/homelandlibrary.
"[Osama Bin Laden] understood that one tool he had in waging war against the United States was to drive us crazy, into bankruptcy, trying to defend ourselves against every conceivable threat. We have to be realistic about what we expect and what we do. We do have limits, and we do have choices to make."
—Homeland Security Secretary Michael Chertoff, in testimony before the Senate Homeland Security and Government Affairs Committee, Sept. 12, 2006.
"The TSA needs to pay much more attention to and spend much more money on development of new detection technology and a lot less on personnel-intensive screening. It needs to adopt methods of interrogation and observation—without profiling if possible, with profiling if necessary—that winnow the screening workload down to people and things that seem threatening."
—"Five Years After 9/11: A Little Safer, No Surer," Editorial, Aviation Week, Sept. 11, 2006