Making Sense of New TSA Procedures
Since they were announced recently, I’ve been working to make sense of new security procedures that TSA is applying to flights coming into the U.S.
“These new measures utilize real-time, threat-based intelligence along with multiple, random layers of security, both seen and unseen, to more effectively mitigate evolving terrorist threats,” says Secretary Napolitano.
That reveals essentially nothing of what they are, of course. Indeed, “For security reasons, the specific details of the directives are not public.”
But we in the public aren’t so many potted plants. We need to know what they are, both because our freedoms are at stake and because our tax money will be spent on these measures.
Let’s start at the beginning, with identity-based screening and watch-listing in general. A recent report in the New York Times sums it up nicely:
The watch list is actually a succession of lists, beginning with the Terrorist Identities Datamart Environment, or TIDE, a centralized database of potential suspects. . . . [A]bout 10,000 names come in daily through intelligence reports, but . . . a large percentage are dismissed because they are based on “some combination of circular reporting, poison pens, mistaken identities, lies and so forth.”
Analysts at the counterterrorism center then work with the Terrorist Screening Center of the F.B.I. to add names to what is called the consolidated watch list, which may have any number of consequences for those on it, like questioning by the police during a traffic stop or additional screening crossing the border. That list, in turn, has various subsets, including the no-fly list and the selectee list, which requires passengers to undergo extra screening.
The consolidated list has the names of more than 400,000 people, about 97 percent of them foreigners, while the no-fly and selectee lists have about 6,000 and 20,000, respectively.
Stunner: Strip-Search Machine Used to Ogle
An airport security staffer faces discipline after using a whole-body imaging machine to ogle a co-worker, according to this report. It’s another signal of what’s to come when the machines are in regular use. (In a previous post, I aired my doubts about the veracity of reports that a famous Indian movie star had been exposed, but the story foretells the future all the same.)
I’ve written before that whole-body imaging machines in airports create risks to privacy despite TSA’s efforts to minimize those risks with carefully designed rules and practices.
Rules, of course, were made to be broken, and it’s only a matter of time — federal law or not — before TSA agents without proper supervision find a way to capture images contrary to policy. (Agent in secure area guides Hollywood starlet to strip search machine, sends SMS message to image reviewer, who takes camera-phone snap. TMZ devotes a week to the story, and the ensuing investigation reveals that this has been happening at airports throughout the country to hundreds of women travelers.)
Rules against misuse of whole-body imaging are fine, but they are not a long-term, effective protection against abuse of “strip-search machines.”
I Told You So?
The story that images of a film star produced by whole-body imaging were copied and circulated among airport personnel in London are a little too good to be true for critics of the technology. It may yet be proven a joke or hoax, and airport officials are denying that it happened, saying that it “simply could not be true.”
But if Bollywood star Shah Rukh Khan was exposed by the technology, it validates more quickly than I expected the concern that controls on body scanning images would ultimately fail.
Here’s how I wrote about the fate of domestic U.S. proscriptions on copying images from whole-body imaging machines in an earlier post:
Rules, of course, were made to be broken, and it’s only a matter of time — federal law or not — before TSA agents without proper supervision find a way to capture images contrary to policy. (Agent in secure area guides Hollywood starlet to strip search machine, sends SMS message to image reviewer, who takes camera-phone snap. TMZ devotes a week to the story, and the ensuing investigation reveals that this has been happening at airports throughout the country to hundreds of women travelers.)
I have my doubts that this incident actually happened as reported, but it is not impossible, and over time misuse of the technology is likely. That’s a cost of whole-body imaging that should be balanced against its security benefits.
‘A Career Where X-Ray Vision And Federal Benefits Come Standard’
That’s the slogan the Transportation Security Administration is apparently using to entice people to apply for jobs as airport screeners. Now that they’re preparing to expand the use of whole body imaging scanners, which can produce moderately detailed nude images of travelers, maybe they should consider a tagline that doesn’t sound like it’s designed to recruit voyeurs.
Security-by-Obscurity Is Weak
And we’re better off when it fails this way than when we learn the hard way that someone found an exploit.
Watch for the TSA to give extra scrutiny to wheelchairs, casts, and orthopedic shoes now that the screening manual giving those items a pass has been released.
Congress on Privacy: Schizophrenic or Lagging?
In the same bill that Congress limited the use of whole-body imaging or “strip-search machines” at airports (text of the amendment here), it required the Transportation Security Administration to study using facial and iris recognition to identify people in line for airport security checkpoints (Sec. 242 of House-passed version here).
So glimpses at de-identified bodies are a privacy outrage while massive biometric databases and records of people’s travels are good to go?
Not necessarily. Average people (and members of Congress) understand better what a look at the body is, but they don’t understand as well what biometric tracking and databasing of our movements means. So they’re quick to object to the former and lagging on the latter.
Those of us who understand the privacy consequences of government-deployed facial recognition and tracking must press to educate our less-well-versed fellow Americans.
House Votes against “Strip-Search” Machines
Yesterday the House adopted an amendment to the Transportation Security Administration Authorization Act that would prohibit the TSA from using Whole Body-Imaging machines for primary screening at airports and require the TSA to give passengers the option of a pat-down search in place of going through a WBI machine, among other things.
You can read the amendment here, and the roll call vote will soon be up here. Use it to decide whether to cheer or jeer your member of Congress.
Tightening the Noose Around the Right to Travel
Ask anyone who has experienced life in a country where freedom of movement is not recognized, and you’ll come away impressed with the importance of having the right to travel. That right takes another step back in the United States today.
Today the federal government takes over from airlines the process of running passengers against its terrorist watch lists. This means that when you fly, the Transportation Security Administration now requires airlines to give the government your full name, your itinerary, your date of birth, your gender, and an optional “redress number.”
Running names against watch lists does not secure against even modestly sophisticated attackers — 17 of 19 9/11 hijackers were “clean skin” terrorists, without histories of activity that would get them on watch lists. And in 2002, an MIT study (the “Carnival Booth“) showed how passenger profiling failed as a security measure. Attackers could “step right up” and test the system on dry runs to see if it singles them out. The same applies to watch listing.
Transferring responsibility for checking watch lists is a small step, but it brings into sharp focus that the government is now pre-screening Americans’ travel and travel plans.
There is no telling which direction this mission will creep over time. In the event of an attack on some other mode of travel — even a small or failed attack — expect the government to extend pre-approval for travel in that direction. The government will soon discover that it can run names of travelers past other lists — first dangerous wanted criminals, then wanted criminals, then “deadbeat dads,” and on down the line to people with unpaid parking tickets.
Cato on Facebook
Cato on Twitter
Cato on Google+
Cato on YouTube
