Mary Beth Ruskai

 

TSA case

I challenged the TSA's (Transportation Security Administration) invasive pat-downs of people with metal implants in the First Circuit Court.

Press release, December 31, 2013: First Circuit Court of Appeals to Hear Challenge to TSA’s Passenger Pat-downs Download PDF

Download the briefs, hear oral argument, and obtain additional information.

Just before Christmas, on December 23, 2014 the court released its decision in favor of the TSA.

Below you will find commentary on many aspects of TSA policy based on things I learned preparing our case.

An analysis of the extremely disappointing decision is in preparation here.

 

Media Coverage

top

Some Comments on TSA Policy

Complaint Process

The TSA's complaint process leaves much to be desired, as thoroughly documented in the General Accounting Office Report GAO-13-43 AIR PASSENGER SCREENING: Transportation Security Administration Could Improve Complaint Processes.

There are several different ways to file complaints, including comment cards at some airports, the TSA Contact Center, and a formal complaint process. Prior to November 2013, the TSA's definition of "civil liberty" seemed to stop at the first amendment, and did not recognize the 4th amendment right to be free from unreasonable search. A year after the highly critical GAO report, TSA changed their procedures. Now the TSA seems to deny people with disabilities the right to even file a formal complaint; instead they are simply told to e-mail the TSA Contact Center! Would it not have been more reasonable to simply include a box on the form to check for a "disability" or "multicultural" complaint? Surprisingly, if one goes to the TSA site Civil Rights and/or Civil Liberties Complaint Form, it does require you to select either "Disability/Medical condition" or "Civil Rights /Liberties (Other)". The GAO was also not satisfied with TSA's response to their recommendations. Two of the four recommendations in GAO 13-43 are still "open" more a year later. In fact, the GAO site listed 6 publications with 16 open recommendations that TSA has not addressed satisfactorily as of November, 2014

Despite all this, one should still file complaints when appropriate, if for no other reason than this would preclude TSA from telling Congress that everyone is satisfied because few passengers complain.

There is also a statutory process through which one can file a compliant with DHS. In practice this is likely to be turned over to TSA; however, because it was established by Congress, DHS is required to file summary reports with Congress. Indeed, it would be wise to send a copy of any complaint to your Congressional representatives.

top

Risk Analysis

Although the supreme court has not made any direct rulings on the constitutionality of airport screening, it stated in dicta in Chandler, 520 U.S. that administrative screenings "calibrated to the risk may rank as `reasonable' — for example, searches now at airports... " Other courts have used such language as "balancing the need to search against the invasion which the search entails" and "the degree to which the seizure advances the public interest, and the severity of the interference with individual liberty" to make the same point. The EU requires airport searches to be proportional to the risk.

This means that TSA must do risk analysis before adopting new procedures. Indeed, the DHS's own National Infrastructure Protection Plan (NIPP) as well as Presidential directives and legislative actions explicitly require risk analysis . Yet there is no evidence that TSA did any risk analysis before making the decision to use invasive pat-downs rather than hand-held metal detectors (HHMD) to resolve walk through metal detector (WTMD) alarms.

The GAO repeatedly criticizes TSA for its failure to do risk analysis in a series of reports listed below, from GAO-02-150T to GAO-13-344T. Although GAO observed in the last that progress has been made, they also concluded that TSA has "significant work ahead." Indeed the summary page (as of November 2014) has 16 open recommendation for TSA.

The National Research Council (NRC) of the National Academies stated in a 2010 report, Review of the Department of Homeland Security's Approach to Risk Analysis (2010), that they

"... did not find any DHS risk analysis capabilities and methods that are yet adequate for supporting DHS decision making... Moreover, it is not yet clear that DHS is on a trajectory for development of methods and capability that is sufficient to ensure reliable risk analyses other than for natural disasters."

It should be noted that risk analysis means a sound assessment, not calibration to several decimal places. Indeed, a Rand Corporation report explicitly recommended that DHS and TSA "provide clear and accurate information about any uncertainties in its results."

top

Behavioral Detection and SPOT

The TSA has touted its Behavioral Detection or SPOT (Screening of Passengers of Observational Technique) program. This is similar to a crude form of lie detection, for which more sophisticated methods are known to be so unreliable that they can not be used in court; therefore, one would not expect it to be very effective. This is exactly what the GAO concluded in its highly critical reports GAO 14-159 and GAO 14-158T which recommended that no further funding be provided for this program which cost over $900 million since its deployment. Other experts concur, e.g., as indicated in several articles. (See Bloom, Airport Security and Jackson et al, Assessing the security benefits of a trusted traveler program.)

In attempting to defend this program TSA director John Pistole gave testimony to Congress on November 14, 2013 in which he claimed that "The National Research Council's (NRC) 2008 report Protecting Individual Privacy in the Struggle Against Terrorists (2008) cites scientific evidence that supports this method." In fact, this report does exactly the opposite in Section 3.5, e.g.,

p. 83 " Scientific support... [is] nonexistent for highly complex states (terrorist intent and beliefs)."

p. 83 "... there is no consensus in the relevant scientific community .. regarding whether any behavioral surveillance or physiological monitoring techniques are ready for use at all in the counterterrorist context ..."

p. 84 "Technologies and techniques for behavioral observation have enormous potential for violating the reasonable expectations of privacy of individuals."

The very thorough Rand Corporation report that Pistole cites concludes in their analysis of behavioral detection that

p. 148 "... because of weak signals, high false-alarm rates, and countermeasures, and because no "silver bullets" are on the horizon, information fusion is likely essential for success"

p. 149 "... most relevant behavioral indicators will have low detection rates and large false-alarm rates."

p. 157 they are valuable only " ... as part of a system to detect attacks"

Rand notes in passing the very serious privacy and civil liberty concerns, for which it defers to the 2008 NRC Report.

An example of a special situation in which Behavioral Detection might be useful is described by Jackson, et al. If terrorists tried to coerce a Trusted Traveler to carry weapons or explosives, they might appear noticeably stressed, particularly in response to questions like "Has anyone given you anything to take on the flight?" This would also hold if terrorists tried to exploit a disabled person, e.g. by concealing something in a wheelchair, and easier to implement as they could ask questions while doing a less invasive screening with HHMD or a more limited pat-down.

top

AIT Scanners

When TSA introduced the AIT scanners in the fall of 2010, they did absolutely Everything Wrong. They muddled the process by using two kinds of scanner - one of which, the X-ray backscatter scanner, was already obsolete technology through which there were easy ways to take both explosives and metal weapons without detection. (See Kaufman & Carlson for details.) Although I personally do not think the radiation was a serious concern, TSA misrepresented the risk by comparing it to the amount of increased exposure you would receive in 30 minutes on a plane. However, the latter is from cosmic radiation, while the X-ray backscatter scanner uses a frequency that ionizes molecules in skin*. The concern is therefore the possible risk of skin cancer and should be compared to UV radiation, of which you receive virtually no increase on an airplane. Moreover, the NIH, NCI and dermatologists all advise parents to slather suntan lotion on their children to prevent skin cancer from exposure to UV radiation in the sun. In the face of this, one can hardly expect the general public to be unconcerned about exposure to X-rays in scanners.

All of the X-ray scanners were removed from airports before the end of May, 2012. The millimeter wave scanners use a much longer (and thus lower energy) wavelength that has no known health effects. You probably get more exposure to this wave length with ordinary activities like using a cell phone. Nevertheless it is understandable that the general public who know little about the physics of these very different technologies remains concerned.

Both types of scanners initially used images which created privacy concerns. My own impression is that the images were not as detailed as critics claimed, but the TSA could not credibly deny this while claiming that they could detect small weapons and components of explosive devices hidden under clothing.

However, the AIT millimeter scanners at airports now all have automatic target recognition (ATR) technology which avoids the privacy issues because no one ever sees anything but a stick figure showing the location of anomalies. Having read a great deal of literature provided by the TSA, I must say that they did an impressive amount of work to make the regions identified as anomalous as small as possible to minimize the area which needed to be touched to resolve the anomaly. Still, there are false positives, as well as genuine problems for people with certain types of medical conditions and devices.

If the TSA had simply waited 6 months and deployed only millimeter wave scanner with ATR, then they might have reasonably regarded refusal to use a scanner as suspicious behavior which would justify an invasive pat-down. Before installing these scanners they should also have funded a study by the National Research Council involving physicists, engineers, and medical doctors on the effect of millimeter waves on both people's bodies and any medical devices they might have. They have still not done this, leaving many people concerned. Instead, they inexplicably decided to fund an NRC study of backscatter scanners after they had been removed.

We should insist that TSA now fund such a study so that people can use scanners without fear and any bona fide issues about medical devices (e.g., insulin pumps) are identified so that people who use these devices are not required to use scanners and given reasonable accommodation in screening by other methods.


* Because most plastics have a similar responses these scanners can not reliably distinguish skin from plastic, nor do their manufacturers claim they can do so. Indeed, one manufacturer actually notes in a different context the similarity between organic materials (e.g., skin) and explosives, as opposed to metal.

I don't know if these scanners even create a detailed image. Both types worked like CT scanners and MRIs in the sense that they do not take a picture directly. Instead, they collect data and used that data to draw a computer image. It is possible that the ATR systems can identify anomalies without even drawing a detailed image of the entire body.

 

WTMD (Walk-Through Metal Detectors)

You probably think that, as TSA claims, "when a walk-through metal detector alarms, it does not indicate where on the body the metal is located". In fact, the physical principles on which WTMD are based rely on interactions between an electromagnetic field and a metal object at the location of the metal. It is simply a question of engineering design whether this results in the familiar beep or is indicated in some other way, most commonly by lights flashing along the sides.

In fact, all of the WTMD currently in use by the TSA have multi-zone capability:

CEIA

02PN20

20 vertical zones (most widely used)

Garrett

PD 6500i

33 zones, 11 vertical and 3 lateral (left, center, right)

Metorex

Metor 200 HDe

8 vertical zones

State of the art WTMD seems to be 60 zones, 20 vertical and 3 lateral (left, center, right) and cost about $10K as compared to $200K for an AIT scanner.

When the TSA introduced scanners in 2010, they also stopped using hand held metal detectors (HHMD) without any notice to the public. At the 300 checkpoints that have only WTMD people with metal implants now receive invasive pat-downs.

Even if the WTMD do not provide as precise an indication of the location of the metal as an AIT scanner or a HHMD, they do provide some useful information which TSA staff are supposed to be trained to use. If someone with a Trusted Traveler card and medical documentation of a knee replacement goes through a WTMD and the only lights that flash are in the knee area, then it is patently absurd to react as if she has a bomb concealed in her cleavage.

Remark: On Dec. 23, 2014, police in Atlanta arrested a Delta baggage handler and accomplice who have brought as many as 18 guns onto a plane, some loaded.

Many airport employees pass to and from secure areas without undergoing any screening. TSA officials argued that "cost and potential disruption of airline operations have argued against the use of metal detectors for all workers". However, state of the art multi-zone WTMD could conceivably be used effectively for this purpose without requiring employees either to empty their pockets and undergo a pat-down or HHMD screening. Those who have a legitimate need for, e.g., metal tools, could simply be required to carry them in a specific location on a tool belt and this fact encoded on their security badges. If this location is the only active zone, they could then be waved through.

top

Explosive detection: challenges and concerns

All metals have an electronic structure that determines their interaction with an electromagnetic field. The actual electrical conductivity and magnetic susceptibility may vary with the metal or its alloy, but they all have properties that allow them to be detected with the familiar WTMD and HHMD. There is no such universal property for explosives, which are characterized by energy levels, i.e., they have a state of high energy called "meta-stable" in which they sit as if in a dip at the top of a high hill and release a large amount of energy when they are pushed over the edge. Certain classes of explosives have certain chemical properties, but there are different classes with different properties which is why detecting them is challenging.

Although some chemicals have an odor, others do not. In fact, there is an international agreement to add a small tracer to commercial plastic explosives which dogs can be trained to detect. However we can not exclude the possibility of a chemical factory somewhere that makes plastic explosives without this tracer. There are also serious issues with Explosive Trace Detection (ETD) which I discuss separately.

However, an improvised explosive device requires a detonator, which usually involves some metal which could be detected with an HHMD. Although chemical detonation is possible it is actually extremely difficult to do in a small device that could be carried onto the plane.

Moreover, an effective device needs to be contained. There is a reason that the marathon bombers used a pressure cooker. PETN in a condom (like the underwear bomber had) or a thin layer of plastic explosive will merely burn, which is exactly what happened on flight 253.

So what is the answer? According to John Pistole, head of TSA in 2014 (see also pdf).

"...one of our greatest concerns is not necessarily with those on a watch list or with some known affiliation or association with terrorist organizations. We know these individuals warrant and receive greater scrutiny and screening when and if they attempt to fly. Instead, it’s the unknown radicalized individual who has somehow acquired the skill and ability to build an improvised explosive device and tries to bring it onboard an aircraft."

If this is true, then using an old fashioned HHMD to find the metal in a detonator may, in fact, be the most effective method of screening a "lone wolf." A high sensitivity HHMD could find thin metal wires or a detonator concealed in a body cavity, neither of which would be detected in a pat-down or by an AIT scanner.

 

Explosives Trace Detection (ETD)

Given that the explosives trace detection swabbing itself is a rather minor invasion, one might think there there is nothing objectionable about it. However, it appears that there is a very high false positive rate, and those who do test positive receive an extremely invasive pat-down.

First, the significance of even a true positive test is questionable. One might come in contact with explosives (or chemicals that register as such) in quite innocuous ways. On the other hand it would surely be possible to strap a bomb or conceal explosives on a person without that person ever touching them.

Earlier methods were based on the detection of nitrates, which are common in many (but not all) explosives as well as many innocuous substances, e.g., small amounts of fertilizer or nitroglycerin pills for a heart condition. The current ETD devices are based on time of flight of a charged molecule in an electric field. This means that any substance with the same molecular weight will give a false positive. These instruments were developed for drug testing in the workplace. In that case, an innocent person could request a blood or urine test to clear themselves. At airports there is no such option before the extremely invasive pat-down (nor would one even be allowed to leave and not take the flight).

I would advise anyone who tests positive to ask that the swab and any related items (e.g., gloves) be sealed in an evidence bag and retained for subsequent chemical analysis. The TSA itself should really do this routinely to determine the true false positive rate of these tests and to get a clearer picture of the substances that cause them.

A sophisticated terrorist organization could probably get around this by making "designer explosives" whose molecular weight differs from those tested for. If discovered, TSA could add more items to the list and get more false positives in a vicious unproductive circle.

At the present time it appears that the only people routinely subject to ETD testing are the elderly and disabled people who get pat-downs, since the last step is to swab the gloves used and do an ETD test. Thus, in addition to the pat-down itself, these innocent people are more likely to get an even more invasive pat-down due to a false positive ETD test. This is exactly what happened to Senator Clair McCaskill, who has a metal knee.

Small airports

There are about 300 checkpoints, mostly at small airports, which have only WTMD, which means that people with metal implants who need to travel to or from these locations frequently are subject to repeated invasive pat-downs.

On the other hand a terrorist who wanted to take something that would show up on an AIT scanner could avoid this simply by driving to a small airport where he need only go through a WTMD. He could then deplane into the sterile area of a larger airport and board a bigger plane with no further screening to detect the threat item.

There is a simple solution to this problem. Most of these airports have only a few small commuter flights. These flights are not terrorist targets and the necessary security using a WTMD and HHMD could easily be carried out by airline or airport personnel at these locations. There is no need to employ a full-fledged TSA unit, provided the passengers who travel further are given additional screening. These flights only rarely use jetways and typically deplane at a designated area at the larger airport. It would be a simple matter to modify the regulations so that these passengers do not deplane directly into the sterile area and get regular screening before any subsequent flights. If necessary passengers who deplane from these flights could be bused to a location outside the sterile area.

This would save money and increase security as well as spare elderly and disabled people who need to use these commuter flights from unnecessarily invasive pat-downs.

Disability Accommodation
Better screening of people with medical conditions and devices

TSA could easily modify the Trusted Traveler or PreCheck program so that people with metal implants, disabilities and/or medical devices that preclude the use of scanners can voluntarily provide that information and allow TSA to verify it*. This information could be encoded in a Trusted Traveler card, such as the GOES card I have, or encoded on a passenger's boarding pass in a way that could be read only by TSA agents with the necessary equipment. If the only anomaly that shows up on screening is consistent with the medical information, then there should be no need for further screening beyond, e.g., a very limited pat-down of the knee or outer hip of someone with a metal implant there. n July, TSA announced on its web site (download pdf) that you can even fly without a photo ID if TSA can identify you by tapping into the many databases they have access to. Surely they already know which frequent flyers have metal joints.

Aside: It doesn't really matter to me whether TSA encodes information about my metal joints on my Trusted Traveler card or on my boarding pass. However, I am mystified by the decision to use encoding on boarding passes for PreCheck or a program like that described above. Since boarding passes are printed by the airlines, a terrorist need only hack into an airline's system to modify a single boarding pass. It would seem to be much harder to counterfeit a card with biometric information.


* There is no real privacy issue because the information can be verified without giving TSA access to medical records describing the underlying medical condition. Moreover, when someone with a metal implant sets off a metal detector or an insulin pump shows up on a scanner, TSA gets that information anyhow.

top

Sensitive Security Information (SSI)

By the end of the cold war, it was generally recognized that much of what was classified as "top secret" was already available in the public domain, e.g., in physics journals. It was also found that far more people had some type of security clearance than the government could effectively keep track of. Security policy was revised under the principle "high fences around narrow areas." For the current advise of experts in this area see a recent report from the US Public Interest Classification Board.

The Air Transportation Act passed in 1974 included a new provision for "Sensitive Security Information" (SSI) which was different from classified information. After the 9/11 attack congress passed a law which allowed the TSA to designate information as SSI and determine who had access. There is undoubtedly a need for some information (e.g., holes in AIT scanner screening that terrorists could exploit) to be restricted and not released to the public. However, TSA has applied this law in ways that completely contravene the principle of "high fences around narrow areas." Millions of TSA employees as well as external contractors have access to some SSI despite only the most rudimentary clearance screening. Many experts, including such people as J. William Leonard, head of the Information Security Oversight Office during the Bush administration, consider this excessive secrecy unnecessary and even counter-productive for security.

Some information, although readily available, is classified as SSI. In particular, the TSA considers the pat-down procedures to be SSI and redacted my attorneys' descriptions of them before releasing a public version of our briefs. This is patently absurd. How can the details of pat-down procedures be secret when thousands of people go through this process every day and descriptions have appeared on the web and in the news media?

Although TSA gave access to some SSI to my attorneys, it would not grant access to me (although the clearance procedures are similar to what I had already undergone when given Trusted Traveler status under the GOES program). The real problem was not my access to information I already knew, but the additional legal expenses and procedural hurdles this created. Neither I (nor clerical staff) could review the final versions of the briefs before they were filed under seal. I could see them only weeks later after TSA had approved a redacted version for release. There were things my attorneys could not discuss with me. A portion of the oral arguments in my case were closed to the public and I could not even attend or hear all of the oral arguments and discussions in court.

 

top

Reports


National Research Council (NRC)

These reports can be downloaded as pdf files and/or read on the web using HTML at no charge.

top

General Accountability Office (GAO) Reports

Although I had been under the impression that the government accountability office was primarily concerned with cost-effectives, I have learned that they do impressive work on many other aspects the operations of government agencies. The reports listed below are all publicly available at the GAO web site. In some cases, they are redacted versions of reports issued earlier to Congress which included classified information.

Reports which include Risk Assessment issues.

Highlight "GAO recommended, and the Department of Homeland Security concurred, that TSA develop sound methods to assess whether proposed screening changes would achieve their intended purpose and generate complete documentation on proposed screening changes that are deemed significant.."

Remark: However, TSA has not done this in many cases, including its decision to eliminate the use of hand-held metal detectors.

p. 42 "However, TSA officials could not identify which of the 92 proposed SOP modifications they consider to be significant... "

p. 10 "The actions DHS reports taking or has underway to address the management of its acquisitions and the development of new technologies are positive steps and, if implemented effectively, could help the department address many of these challenges. However, showing demonstrable progress in executing these plans is key. In the past, DHS has not effectively implemented its acquisition policies... Since DHS has only recently initiated these actions, it is too early to fully assess their effect ..."

p. 33 "This [TSA's BWS] assessment was made almost 2 years ago. While senior TSA ... management officials support implementation of the plan, collectively, TSA has not mitigated the risks and operational inefficiencies identified in the DHS BWS assessment. Moreover, TSA has not completed its internal review of the conversion plan ..."

Other Topics

top

National Infrastructure Protection Plan



Rand Corporation reports

The Rand Corporation has published a number of reports which can be downloaded for free from its web site.

Articles and blogs by many of its experts, e.g., Jack Riley and Brian Jackson, are also available on the Rand web site, including

top

Articles by Sheldon Jacobson

Sheldon Jacobson is one of the foremost experts on aviation security. He has been using Operations Research to study aviation security since well before 9/11. Many of his recommendations have been adopted by TSA, e.g., in the PreCheck program.

top

Other Articles

top