I Told You So?

Posted by Jim Harper

The story that images of a film star produced by whole-body imaging were copied and circulated among airport personnel in London are a little too good to be true for critics of the technology. It may yet be proven a joke or hoax, and airport officials are denying that it happened, saying that it “simply could not be true.”

But if Bollywood star Shah Rukh Khan was exposed by the technology, it validates more quickly than I expected the concern that controls on body scanning images would ultimately fail.

Here’s how I wrote about the fate of domestic U.S. proscriptions on copying images from whole-body imaging machines in an earlier post:

Rules, of course, were made to be broken, and it’s only a matter of time — federal law or not — before TSA agents without proper supervision find a way to capture images contrary to policy. (Agent in secure area guides Hollywood starlet to strip search machine, sends SMS message to image reviewer, who takes camera-phone snap. TMZ devotes a week to the story, and the ensuing investigation reveals that this has been happening at airports throughout the country to hundreds of women travelers.)

I have my doubts that this incident actually happened as reported, but it is not impossible, and over time misuse of the technology is likely. That’s a cost of whole-body imaging that should be balanced against its security benefits.

George Clooney’s Docile Body

Posted by Julian Sanchez

up_in_the_air_georgeclooney2Running the airport maze to board my flight from Madrid back to the U.S. last week, I found myself thinking, with no small measure of envy, about Ryan Bingham, George Clooney’s character from Up in the Air. The ultimate frequent flier, Bingham slides shoes and belt off, flips laptop from case, and aligns them neatly on the x-ray conveyor in a seamless, fluid display of security Tai Chi. He navigates from curb to gate and back with crisp efficiency, every motion practiced and automatic.

My envy was tempered somewhat as I reread Discipline and Punish on the trip back. Bingham’s military precision, it struck me, was the product of a form of training implicit in the security process. As a corrective brace “teaches” the proper posture just by making it the only comfortable one, the screening procedures embed a set of tacit instructions, consisting of the optimal set of motions required to pass through smoothly.  And of course, it teaches more than bodily motions: Bigham knows you don’t stand behind the Arabs in the screening line!

That’s not to say airport security is some kind of insidious brainwashing program, but there’s a dimension of privacy here that it seems to me we don’t talk about nearly enough. Our paradigms of privacy harms are invasion (the jackboot at the door, in the extreme case) and exposure (the intimate detail revealed). We generally think of these as exceptions — as what happens when surveillance goes wrong, either because it gets the wrong target or, when the surveillance is universal by design, because information that’s supposed to remain protected falls into the wrong hands or is otherwise misused.   Invasion and exposure may be serious problems, but they are fundamentally mistakes — hiccups in the system we can seek to fix.

Discipline, by contrast, is what inevitably happens when the system functions as intended, at least to the extent people are conscious of being (actual or potential) targets of surveillance. It is probably not as serious a harm as invasion or exposure most of the time, but it’s also by far the most pervasive and ineradicable effect of surveillance. It would be nice if our debates about surveillance included not just the question “What will be exposed?” but also “How — and for what — are we training ourselves?”

The Buck Stops with Obama

Posted by Roger Pilon

Today Politico Arena asks:

Do you feel safer from terrorism today than you did the day before? Assess Obama’s response.

My response:

So Obama tells us that the buck stops with him.  Aides signaled that in saying that, Politico reports, the president “was consciously seeking to be the anti-Bush, airing his administration’s dirty laundry and stepping up to take his share of the responsibility.”  Yet as Arena contributor Dana Perino notes in response, with evidence in hand, they don’t even have their facts right.  Bush repeatedly took responsibility, and for good reason:  There was much to be responsible for, not least the creation of the intelligence bureaucracy that failed so clearly to connect the Christmas Day dots, as discussed in this morning’s Wall Street Journal.
 
But before we heap too much blame on the bureaucracy and those who created it, let’s recognize that this administration’s obsession with appearing “anti-Bush,” which has been its leitmotif from the start, could hardly have inspired even the most conscientious bureaucrat.  This is not the place to recount the countless ways Obama and his people have sought to downplay the terrorist threat — or “man-caused disasters” — even as no fewer than 12 terrorist incidents, including thwarted plots, were unfolding on American soil during its tenure, culminating with November’s Fort Hood murders.  Arena contributor Walter Russell Mead put it well last evening: “The narrative that a lawyer-run, PC-happy, Miranda crazed administration is coddling criminals rather than protecting the people has been gaining a kind of subterranean credibility out there past the Beltway.”  And not without reason.
 
We can hope that the administration is at last taking terrorism seriously, but there are still too many signs that it is learning on the fly, so we will have to keep reminding Obama and his people that the buck does indeed stop with them.

Security-by-Obscurity Is Weak

Posted by Jim Harper

And we’re better off when it fails this way than when we learn the hard way that someone found an exploit.

Watch for the TSA to give extra scrutiny to wheelchairs, casts, and orthopedic shoes now that the screening manual giving those items a pass has been released.

Schneier and Friends on Fixing Airport Security

Posted by Jim Harper

Security guru Bruce Schneier comes down on the strictly pragmatic side in this essay called “Fixing Airport Security.” Because of terrorism fears, he says, TSA checkpoints are “here to stay.” The rules should be made more transparent. He also argues for an amendment to some constitutional doctrines:

The Constitution provides us, both Americans and visitors to America, with strong protections against invasive police searches. Two exceptions come into play at airport security checkpoints. The first is “implied consent,” which means that you cannot refuse to be searched; your consent is implied when you purchased your ticket. And the second is “plain view,” which means that if the TSA officer happens to see something unrelated to airport security while screening you, he is allowed to act on that. Both of these principles are well established and make sense, but it’s their combination that turns airport security checkpoints into police-state-like checkpoints.

The comments turn up an important recent Fourth Amendment decision circumscribing TSA searches. In a case called United States v. Fofana, the district court for the southern district of Ohio held that a search of passenger bags going beyond what was necessary to detect articles dangerous to air transportation violated the Fourth Amendment. “[T]he need for heightened security does not render every conceivable checkpoint search procedure constitutionally reasonable,” wrote the court.

Application of this rule throughout the country would not end the “police-state-like checkpoint,” but at least rummaging of our things for non-air-travel-security would be restrained.

I prefer principle over pragmatism and would get rid of TSA.

Is the REAL ID Revival Bill, “PASS ID,” a National ID?

Posted by Jim Harper

With the move in the Senate to revive our moribund national ID law, the REAL ID Act, under the name “PASS ID,” it’s important to look at whether we’re still dealing with a national ID law. My assessment is that we are.

First, PASS ID is modeled directly on REAL ID. The structure and major provisions of the two bills are the same. Just like REAL ID, PASS ID sets national standards for identity cards and drivers’ licenses, withholding federal recognition if they are not met.

There is no precise definition of a national identification card or system, of course, but its elements are relatively easy to identify.

First, it is national. That is, it is intended to be used throughout the country, and to be nationally uniform in its key elements. REAL ID and PASS ID have the exact same purpose – to create a nationally uniform identity system.

Second, its possession or use is either practically or legally required. A card or system that is one of many options for proving identity or other information is not a national ID if people can decline to use it and still easily access goods, services, or infrastructure. But if law or regulation make it very difficult to avoid carrying or using a card, this presses it into the national ID category.

Neither REAL ID nor PASS ID directly mandate carrying a card. Doing so would be too obviously a national ID system, and politically unpalatable. But both seek to take advantage of the state driver licensing system, and they do that for a reason: Carrying a driver’s license is a practical requirement in most parts of the country, where the automobile reigns supreme as the mode of travel.

But maybe states would decline to participate. Nothing in the PASS ID Act directly requires states to implement the system, and they are entirely free to issue non-compliant licenses and ID cards. But this was also true of REAL ID – because of the constitutional rule that the federal government cannot commandeer the organs of state government. (The case is New York v. United States.)

What both REAL ID and PASS ID do is make it difficult for state residents to function without their nationally standardized ID. They both require the nationally standardized ID to enter federal facilities (perhaps fewer of them under PASS ID), to access nuclear power plants, and to board aircraft.

But the PASS ID bill has specific language saying that a person can’t be denied boarding because they don’t have a national ID. Isn’t that an improvement? It sounds like it, but that language simply restates the rules that exist under REAL ID.

Read the rest of this post »

It Is a Checkpoint, After All

Posted by Jim Harper

The Philadelphia Inquirer asks why the TSA didn’t catch Bonnie Sweeten absconding to Orlando at the airport after faking her own and her daughter’s abduction.

The TSA and FBI are right: it’s not airport security’s job to look for people like Bonnie Sweeten. But they will quickly agree to make it part of their mission when newspapers and Members of Congress start to say they should. This is how a nominal airline security program transmogrifies into a general law enforcement checkpoint, and the noose tightens on your right to travel.

Galling Security Ignorance

Posted by Jim Harper

In a post on Saturday at NRO’s the Corner blog, former Bush speech writer Marc Theissen exhibits ignorance of basic security concepts too galling to let pass without comment.

Attempting to refute the idea that hijacking planes and flying them into buildings was “off the table” as a terrorist tactic after 9/11, Theissen says:

Really? Planes were off the table after 9/11? That would come as a surprise to every passenger in the past three years who had their liquids confiscated in an airport security line. Those security measures were instituted because in 2006 we foiled an al-Qaeda plot to hijack airplanes leaving London’s Heathrow airport and blow them up over the Atlantic (a plot our intelligence community says was just weeks from execution).

(First, put aside some issues – “what the government says about its security measures must be true” and both the immediacy and viability of the liquid bomb plot in London.)

The difference between “hijacking” and “bombing” shouldn’t need explaining. The former is taking over the controls of a thing, enabling an attacker to direct it into other things. The latter is exploding something in it or on it so as to render it inoperable.

Americans ritually donate their toothpaste to sanitation departments in the cities they visit not because a liquid bomb could enable the commandeering of a plane, but because the alleged liquid bomb could take a plane out of the sky.

The bombing of a plane is a serious concern, but not as serious or potentially damaging as the commandeering of an aircraft. And commandeering is essentially off the table. The hardening of cockpit doors, new procedures at the fronts of planes, and newfound resolve of passengers and crews against commandeering have reduced the likelihood of future commandeerings to near zero. That was what the plane going down in Pennsylvania was all about.

If it weren’t made in debate about such serious issues, Theissen’s error would be quite comical. In his jumbled version of events, the liquid bomb plotters were going to go to the trouble of capturing the controls of an airplane, then fly it around for a while, and finally blow it up over the Atlantic. It’s reminiscent of the Seinfeld episode in which Elaine attacks the theory that an elderly couple running a nearby cobbler shop had shut it down just to abscond with Jerry’s shoes:

ELAINE (amused): So. Mom and Pop’s plan was to move into the neighborhood…establish trust…for 48 years. And then, run off with Jerry’s sneakers.

KRAMER: Apparently.

ELAINE: Alright, that’s enough of this.