By Alan S. Brown
To understand why airport security has consumed from 50 percent to 80 percent of the total Transportation Security Administration (TSA) budget since the agency was created in 2001, consider a cardinal rule of politics: Never lose the last war.
This rule is why the French built the Maginot line after World War I, even though many officers (including then-obscure Charles DeGaulle) foresaw that German mobile armor would sweep around it easily. And it is why airport screeners on the morning of 9/11 searched for guns and large knives, the weapons used by hijackers during the 1970s and 1980s.
“The system did just what it was designed to do. It kept large weapons off the plane but allowed box cutters and Swiss army knives to pass right through,” explains Robert Poole, director of transportation for Reason Foundation, a conservative think tank.
Standard hijacking procedures — cooperate to minimize casualties — made it easy for a handful of terrorists with small hand weapons to convert three aircraft into suicide missiles. When passengers aboard the fourth plane, United Flight 93, learned about the WTC and Pentagon, knives and box cutters were not enough to keep them from rushing the hijackers.
Three months later, Richard Reid attempted to bring down a Paris-Miami flight with plastic explosive hidden in his shoe. Surprisingly, ICTS International NV, the screening company at the Paris Airport, identified Reid as suspicious and subjected him to a lengthy interrogation. Although it confiscated nail clippers and nail files from other passengers, it had no effective way to check for explosives. Only immediate action by aircraft crew and passengers stopped Reid from detonating his bomb.
The Next Threat
This sequence of events highlights some important truths about airport security. First, security systems and procedures did what they were designed to do. Second, terrorists were able to find and exploit vulnerabilities in the system. Third, it is easier for security to aim technology at the last threat rather than find the next, unknown threat. Fourth, people remain the most important line of defense, but they need the right tools to be effective.
The question about air security today is whether TSA and airports are building systems and technology flexible enough to deal with the next round of threats. “As soon as you harden one area, you leave another vulnerable,” says Ray Garza, president of CTI Consulting Services, a Germantown, Md., firm that helps airports improve security.
“When you upgrade the front door, you’d better secure the back door because that’s where they’re going to go next,” says Garza. “And after you do it, better check the windows. And then you better make sure the person ringing your front door is really the delivery guy.”
U.S. airports have certainly locked the front door and the back door too. They have undoubtedly improved security from five years ago. Yet some — perhaps many — windows remain open.
Since 9/11, The U.S. Government Accountability Office (GAO) has issued 36 reports highlighting airport security shortcomings. It has criticized everything from screener training, worker access systems, and cargo shipments to out-of-control implementation of programs to prescreen and register travelers. The Dept. of Homeland Security (DHS), which now includes TSA, has only begun to look for ways to focus security resources on the most risky passengers.
TSA has many critics. Poole, for example, claims TSA has a built-in conflict of interest because it sets and regulates security policy while employing the baggage and passenger screeners who implement it.
“How can it regulate itself,” asks Poole. He argues that airports should take responsibility for their own security while TSA pays for some equipment and audits procedures. He also wants to see a more risk-based approach to passenger screening, even if that means profiling based on suspicious patterns of behavior and purchases.
Hans Weber, president of San Diego, Calif.-based Tecop International Inc. and a member of several security panels constituted after 9/11, also makes the case for profiling. “So far,” he explains, “our policy is to keep bad things from getting on airplanes, and we define those bad things based on what terrorists have shown us in the past.
“After 9/11, we banned small knives. After Reid, we bought 1,000 explosion detection systems costing $1 million each to check for bombs. Once we defined that threat, then we had to worry about man-portable antiaircraft missiles. We go on and on, defining threats and using technology against them.
“Our enemies will always be a step ahead of us in defining the next bad thing. They’ll see where we put defensive measures, then go where our defense is weakest. We can’t possibly afford to protect against everything. We can’t continue to go after bad things exclusively. We have to factor in bad people, and that means we have to profile.”
Weber argues that profiling could eliminate known passengers who do not pose a threat. That would enable security personnel to spend more time on unknown travelers. Profiling, however, is not even an option until TSA and DHS implement the computerized information systems they need to capture and analyze passenger records.
Some of these programs, such as Registered Traveler and Secure Flight, are moving towards fruition. Yet both have had significant implementation problems and remain far behind schedule. Meanwhile, airports must concentrate on “bad things” through a series of overlapping security systems.
“There’s no way to eliminate 100 percent of the risk when someone is willing to give their life,” explains James O’Bryon, a Belair, Md., consultant who chairs the National Research Council’s Committee on Assessment of Security Technologies for Transportation.
Instead, he suggests multiple, overlapping barriers. “It’s sort of like holding a balloon,” he explains. “If you squeeze one part, it bursts out somewhere else. If we put in enough systems to act as deterrents, maybe we can force terrorists to go somewhere else where they’re less comfortable and catch them if/when they make a mistake.”
The security squeeze starts with passengers and carry-on luggage screening. Passengers, usually shoeless, walk through a metal detector while their baggage goes through an X-ray system. The system relies on nearly 40,000 TSA employees and a much smaller number of private security guards to read the X-ray images and correctly identify potential weapons or bombs in carry-on bags.
They must also try to guess which passengers might be carrying explosives or ceramic knives on their persons. “There are technologies that can detect what you have under your clothing, but they clearly outline your body so they’re deemed unacceptable [because of privacy] so far,” says Weber. Even without those tools, screeners are the most important barrier to keeping dangerous people off airplanes.
There are many ways to improve screener effectiveness, says Colin Drury, director of State University of New York at Buffalo’s Research Institute for Safety and Security in Transportation. An expert on inspection systems, Drury argues that feedback is the best way to improve performance. Most X-ray machines, for example, can insert images of threats — guns, knives, bombs — into images of bags going through the machine. “That keeps them trained and alert,” says Drury.
He also recommends tests to select people with a strong sense of spatial relationships, frequent assignment changes to maintain sharpness and training programs that expose screeners to progressively more difficult images so they can build better mental models of threats. “A side-on knife is easy to spot,” he says, “but it takes training to understand what you’re looking at when the knife is pointing straight up at you.”
Even so, given the enormous flow of people through airports, screeners have little time to subject passengers to intensive interrogations.
Screeners may not search passengers, but they test 100 percent of their checked-in baggage for explosives. This is done with X-rays, computer tomography (CT), chemical swabs or even bomb-sniffing dogs.
Some of the equipment is quite sophisticated. CT systems, for example, work like hospital CAT scan systems. As a bag moves through the unit, a rotating lens takes X-ray “slices” that a computer reassembles into a three-dimensional image. Complex mathematical algorithms assess the density and energy absorption and scattering of the materials in the bag. If the patterns match those of known explosives, the bag receives further attention.
The system is far from perfect. “It really galls me that we haven’t we got a competent explosive detection system,” says Aaron Gellman of Northwestern University’s Transportation Center in Chicago. “We have far too many false positives, and a lot of false negatives too.”
Experts understand Gellman’s frustration. “A foolproof explosives detector is extremely difficult to design,” says Weber, who made his name designing measurement equipment. “The difference in atomic composition of explosives and safe molecules is often a matter of the placement of an atom or two. This is a very small difference to detect.
“The very few techniques that are really specific to explosives detection have two weaknesses,” he continues. “First, none cover the broad range of explosives. Second, they are very slow, not 500 bags per hour but one bag per 15 minutes.
“For high-speed process, we have to use techniques that are not fully specific to explosives,” he says, referring to X-rays and CT. “In the universe of stuff they detect, explosives overlap with safe molecules. As a result, the false alarm rate is high. I know how to make bags from perfectly acceptable materials that will alarm 100 percent of the time,” he says. Yet Weber sees improved technologies on the horizon.
So does O’Bryon. “I’ve been watching for more than eight years, and we’ve made quite a bit of progress,” he says. “Detection rates have grown more reliable, and false alarms have gone down though they are still too high.”
O’Bryon believes explosive detection systems are reliable enough for automatic detection, passing through the vast majority of bags and kicking out those that need further attention.
Poole points to GAO studies that show fully automated systems could eliminate up to three-quarters of the people now needed to screen checked-in baggage. “The payback for these systems is only one to two years, but the way funding works in Washington, TSA operations have first claim on budget monies. If anything is left over, it can then go into the capital budget,” he says. This makes it unlikely TSA will install more automated systems without Congressional action.
In the past, terrorists posing as passengers have hijacked airplanes. But what happens if the threat comes from workers inside the airport?
“An airport is like a community, like a small town,” says Garza. “Think about trying to protect your community from people who live there, from visitors, from people going through.”
It creates massive access control problems. In many ways, this is a problem U.S. security firms are accustomed to solving. They begin with establishing a perimeter fence and monitoring it with motion detectors, pressure sensors, and microwave and laser sensors. Inside the perimeter, swipe cards, PIN numbers and even biometrics give employees access only to those areas they are authorized to enter.
“Even then, you still need guards at the gates,” says Garza. “A driver may swipe his card and he’s okay, but who’s that person in the passenger seat? You have to have someone there to ask that question.”
Yet the biggest weakness in perimeter security remains the human element, says Weber. “The fundamental vetting of workers is still weak,” he says. “It is unreasonable to think we can separate certain weaknesses in our society — the ease of ID theft, the ease with which people can get a new driver’s license and assume a new identity — from how airports hire people. There are too many loopholes, and too many people who want to make money selling data.”
Weber’s concern is underscored by a June 2004 GAO report. It criticized TSA for not requiring fingerprint-based criminal history checks and security awareness training for all airport workers.
GAO also criticized air cargo security, which is essentially based on a trust system. The system relies on certified shippers, such as UPS and Federal Express, to put security procedures in place and pay special attention to new or unusual customers.
In an October 2005 report, GAO identified problems with TSA shipper information and how it uses the data to identify shippers who may present potential risks. It also notes that many shippers may have financial problems meeting TSA’s security requirements.
Airports have gotten better at stopping what Weber calls “bad things,” but nearly five years after 9/11, TSA has made only modest progress in preventing airline ticket sales to terrorists. Under the current prescreening system, TSA distributes a terror watch list to airlines, which then check ticket sales against it.
Some agencies have been reluctant to provide full intelligence on terrorist identities on such a widely distributed list. “We’d be giving information out to reservation agents that only high-level security people should handle,” says Poole.
TSA was supposed to implement a new prescreening system, called CAPPS II, years ago. It would have required passengers to provide their birthday, address, phone number and possibly other data. CAPPS II would then check the information against terror watch lists, commercial databases and criminal records.
Privacy advocates objected to such intrusive screening, especially after one of TSA’s subcontractors was caught mining sensitive data for patterns. In its latest incarnation, CAPPS II has morphed into Secure Flight. Under it, TSA will check passenger names against a centralized interagency list of terrorists and mark some passengers for additional scrutiny.
“It is an outrage,” says Poole. “Secure Flight doesn’t use pattern recognition. It doesn’t tie things together. Airlines should not be in a position where they have to make decisions based on fragmentary information.”
The program itself remains behind schedule. According to a February 2006 GAO report, TSA not only slapped the program together in haste but has not yet determined what passenger data it will require from airlines or what technologies it will use to match names.
Meanwhile, TSA’s Registered Traveler program has completed five pilot implementations at five airports and plans to roll out the program at interested airports later this year. The program asks frequent travelers to volunteer information about themselves as well as fingerprints and an iris scan. This information will be stored on an identity card that allows registered travelers to move rapidly through airport security.
Like Secure Flight, Registered Traveler has been years in the making. Along the way, it has lost the backing of some of its early supporters. The Air Transport Association of America (ATA), for example, opposes it because it offers few benefits to frequent fliers. “When it was first proposed, screening lines were long and it promised real benefits,” says ATA spokesperson Victoria Day. “Now lines are much shorter, and there’s no guarantee registered travelers would not have to take off their shoes or take out their laptops like everyone else.”
Yet ATA’s response misses the larger question about how to balance resources and risk. According to Alex Ralli, vice president of airport operations for Parsons Transportation Group, there are three basic models for airport security. The Israeli approach relies on security personnel to profile and intensively interrogate potential suspects. Europeans, on the other hand, combine profiling with automated baggage checking.
The United States, says Ralli, has been moving from a reactive to a more proactive mode. “Our intentions are good, but our freedom makes us inherently vulnerable. We don’t tolerate profiling or standing in line for three hours for an interrogation.”
The Israelis, who live in a nation the size of New Jersey, have only a handful of international flights each day. The United States has about 4,400 movements daily. It has not time to adopt Israeli practices. It needs to find its own ways to become proactive.
That’s why one of the first recommendations made by Weber’s security panel after 9/11 was to screen for bad people. Registering frequent travelers and prescreening ticket purchasers would reduce the number of people security personnel would have to deal with in the airport.
Using software to screen ticketing and credit information for patterns that match potential terrorist profiles would help even more. It would enable airports to devote more resources to the most risky fliers.
“In my opinion,” says Weber, “we can keep putting new layers of technology in place for each new set of bad things, but we’re at our limits. We’ve spent 80% of our budget on bombs in checked bags, so we don’t have enough money to implement systems to find explosives on people. There’s no way in hell we have money to go after antiaircraft missiles.
“And all along, we’re not dealing with the fundamental issue. We’re fighting bad people and not bad things,” he says.
And there is no way airports can keep up with the evolving threat unless they do both.
Alan Brown is contributing editor to Homeland Response.