Homeland Security Watch

DHS announced today passenger prescreening measures to improve matching against government watch lists.  To do this, DHS is publishing two regulations:

(1) Advance Passenger Information System (APIS) Predeparture Final Rule, which enables DHS to collect manifest information for international flights departing from or arriving in the United States prior to boarding; and

(2) Secure Flight Notice of Proposed Rule Making (NPRM), which lays out DHS plans to assume watch list matching responsibilities from air carriers for domestic flights and align domestic and international passenger prescreening.

According to the DHS announcement, the changes are intended to improve targeting for determining which passengers pose a threat.  The result should be more accurate assessments of potentially dangerous passengers while easing the imposition on legitimate travelers.   This includes “better resolution for misidentified passengers,” the announcement says.  I presume this means applying more effective redress protocols to enable passengers wrongly identified as being on a watchlist so that they may be removed from it.  Presently, it is not clear how this change affects the existing DHS Traveler Redress Inquiry Program (DHS TRIP).

APIS results from a mandate in the 2004 Intelligence Reform and Terrorism Prevention Act (IRTPA).  The new measure will require air carriers to submit passenger data 30 minutes prior to departure or as each passenger checks in for the flight.  According to the statement:

Receiving both APIS and PNR data at least 30 minutes before a plane departs allows DHS to perform security checks against federal watch lists prior to passenger boarding, taking this responsibility from carriers and eliminating potential flight diversions due to watch list concerns.  For vessels departing from foreign ports bound for the United States, current requirements to transmit passenger and crew arrival manifest data between 24 to 96 hours prior to arrival will remain unchanged, but requires vessel carriers to transmit APIS data 60 minutes prior to departure from the United States. The APIS final rule follows an NPRM [notice of proposed rulemaking] published in the Federal Register on July 14, 2006.

 The Screening Coordination Office, which is led by Kathy Kraninger at DHS, is leading an effort to provide air carriers with “consolidated data submission requirements,” according to the statement.  This is to be done by integrating Secure Flight data and the APIS data into one stream. This is a helpful fact sheet describing implications of this change.

Once published in the Federal Register, the APIS final rule and the Secure Flight NPRM will be open for comment via the Federal e-Rulemaking Portal.

TSA last week announced contract awards to begin testing millimeter wave imaging machines and backscatter machines at airports in Phoenix, Los Angeles, and New York’s JFK. These passenger imaging technologies screen passengers for weapons, explosives, and other metallic and non-metallic threats under layers of clothing.

The announcement includes contract awards to American Science & Engineering (backscatter), L-3 Communications (millimeter wave), and Rapiscan Systems (backscatter). Total cost of the initial contracts is ~$2.3 million, with options to escalate. More information available here.

Looks like the U.S. and EU overcame the most recent tussle concerning how the two allies will share private or personal information in pursuit of terrorists (and other criminals, or course).  The press release from this afternoon is available here.  Following are the main points:

• The Department of Homeland Security will collect 19 types of PNR data.
• The data will be maintained for seven years in an active file, and eight years thereafter in a dormant file with limited access.
• How DHS collects PNR data from airline reservation systems changes, too. Air carriers will now transmit PNR data directly to DHS.
• European air carriers get legal assurance that they will not be in violation of EU privacy law.

The new GAO study, rolled out in testimony this week by Director of Homeland Security and Justice Issues Cathleen Berrick, suggested that DHS and the Transportation Security Administration should improve their risk-based decision making methods, planning and program evaluations, and the ways in which TSA collaborates with relevant stakeholders.

GAO cites Secure Flight – the domestic passenger prescreening system – as an example of disjointed or insufficient management attributes that have kept this program off schedule.  It’s worth reading the sections of this critique that make the case for better coordination across TSA and the international passenger screening efforts under the auspices of Customs and Border Protection.  This dimension of the report forces a more interesting discussion about how the different, but closely related, mission areas of the DHS components (TSA, CBP, S&T) could better reinforce one another and reduce duplication where similar objectives could be pursued with shared methods, data, technology, etc.  Screening of passengers lends itself perfectly to this ongoing challenge.

The new study also takes a look at how TSA and others could better partner with relevant private sector stakeholders.  Primary opportunities for better collaboration include:

• Reducing the time it takes to screen air cargo in order to diminish the disruption to delivery time for air carriers;
• Training individual cargo inspectors on more effective inspection technology;·       
• Supporting the development and deployment of improved inspection technologies; and
• Determining the best approach to implementing a “risk-based management approach to securing air cargo.”

The GAO report, entitled Aviation Security: Progress Made in Systematic Planning to Guide Key Investment Decisions, but More Work Remains, is found here.  A one-page summary also is available.

Updated DHS Schedule:

Thursday, February 15

Deputy Secretary Michael P. Jackson will testify before the House Homeland Security Committee on the department’s 2007 goals: 9:00 AM EST/311 Cannon House Office Building/Washington, DC/OPEN PRESS

Friday, February 16

Secretary Michael Chertoff will deliver remarks to the American Chamber of Commerce: 7:45 AM CST/ Intercontinental Presidente Hotel/ Campos Eliseos 218/ Col Polanco Mexico City, Mexico/ OPEN PRESS

U.S. Citizenship and Immigration Services Chief of Citizenship Alfonso Aguilar will deliver the keynote address on citizenship and immigration issues at the Puebla State Forum on U.S.-Mexico Immigration Reform Puebla: 8:30 AM CST/ State Congress/ Puebla, Mexico/ OPEN PRESS

U.S. Coast Guard Commandant Admiral Thad W. Allen will provide remarks on recreational boating safety and maritime security at the annual meeting of Boating Writers International:  8:30 AM EST/ Miami Beach Convention Center:/ 1901 Convention Center Drive/ Miami Beach, FL/ OPEN PRESS

US-VISIT Acting Director Robert Mocny will testify before the House Appropriations Committee Subcommittee on Homeland Security on the fiscal year 2008 budget request for US-VISIT: 10:00 AM EST/ 2362 Rayburn House Office Building/ Washington, DC/ OPEN PRESS 

The New York Times ran a story last week making light fun of certain aviation screening rules (hat tip: Wonkette), one which described some of TSA’s more bizarre screening rules, including rules for snowglobes and most notably, helper monkeys:

Like dogs, some specially trained monkeys are classified as service animals to assist handicapped people. But you really have to wonder if these sample sentences — from the security administration’s rules for how transportation security officers at walk-through metal detectors should handle monkeys — were written with a straight face:

“When the handler and the monkey go through the W.T.M.D. and the W.T.M.D. alarms, both the handler and the monkey must undergo additional screening.” The rules add that security officers “have been trained not to touch the monkey during the screening process” and that “the inspection process may require that the handler take off the monkey’s diaper as part of the visual inspection.”

The Federal Register contained a notice today by the TSA on a new information collection requirement related to a program that has not previously disclosed, based on a quick Google search of its name:

The Rice-Chertoff Initiative (RCI) Department of Homeland Security Traveler Redress Inquiry Program (DHS TRIP) was developed as a voluntary program by DHS to provide a one-stop mechanism for individuals to request redress who believe they have been: (1) Denied or delayed boarding; (2) denied or delayed entry into or departure from the United States at a port of entry; or (3) identified for additional (secondary) screening at our Nation’s transportation hubs, including airports, seaports, train stations and land borders. The DHS TRIP office will be located at, and managed by, TSA. In order for individuals to request redress, they are asked to provide identifying information, as well as details of the travel experience.

The one-year anniversary of the launch of the Rice-Chertoff Initiative is later this month; this program is the result of Chertoff’s promise in that speech to establish a “government-wide traveler screening redress process before the end of this year [2006].”

For more on this issue, see this earlier post.

A few months ago, Heritage Foundation scholar Jim Carafano wrote a memo proposing the need for the government to develop a “national air security strategy,” similar to the National Strategy for Maritime Security. Around that same time, the White House issued a still-classified directive (HSPD-16 / NSPD-47) on aviation security, about which few details are publicly known.

Consistent with this recommendation and directive, the federal government seems to be developing a National Strategy for Aviation Security. A Google search of this phrase reveals a link to the entry page for a TSA webboard where there is a menu option titled “National Strategy for Aviation Security.” The Google search also reveals a couple of other references to the Strategy, i.e. the program for an aviation conference in Oregon, within which one of the speakers’ bios references it.

The development of this Strategy prompts a number of questions. Is it still under development, or has it been finished and quietly disseminated inside the federal government? Are there plans to make it public, or will this be like the frequently-panned National Strategy for Transportation Security, which was a classified document and never published? Which non-governmental stakeholders have been consulted in the development of this Strategy?

Hopefully we’ll see a public version of this National Strategy in the next year, following the model of the National Strategy for Maritime Security, which has served its purpose since publication as a useful reference strategy for all maritime security stakeholders.

The operations research journal Interfaces is publishing an entire issue of homeland security-related articles this month, and highlighted one of the articles in it in a press release in mid-November. That article, entitled “How Effective is Security Screening of Airline Passengers?” attempts to answer a question that has long bedeviled TSA and other aviation screening agencies: what is more effective, risk-based screening or random screening?

The authors, Susan Martonosi at Harvey Mudd and Arnold Barnett at MIT, build a model that includes variables for primary screening effectiveness, secondary screening effectiveness, % of passengers elected for random screening, the effectiveness of the prescreening system, and the terrorists’ deterrence threshold. They test the model several times using different assumptions for these variables, and get results for a range of scenarios that suggest that neither risk-based secondary screening nor random secondary screening is inherently better than the other:

As this simple mathematical model suggests, neither side has made a persuasive case about the effectiveness of airport passenger-profiling systems. Supporters of such systems have focused mostly on the ability of the algorithm to identify terrorists (C), an ability they may well overestimate. They say little about screening effectiveness of both low-risk passengers and selectees (p1) and (p2), yet these effectiveness parameters are crucial to the overall success rate of the system. Skeptics may have given insufficient weight to deterrence (Ï„), because of which, the selection and screening system might prevent attacks even though it falls well short of perfect. Probing the system, as we have seen, could sometimes prevent a terrorist act rather than ensure its success.

They conclude the article by suggesting that improving the baseline screening for all passengers might be a better investment than improving prescreening or secondary screening. Overall, a good article, and a useful exercise in trying to analyze an issue too often guided by intuition or emotion. You can see the descriptions of some of the other articles in this issue of Interfaces at this link.

The actions depicted on this video are NOT recommended by Homeland Security Watch:

The latest in homeland security-related humor, courtesy of Andy Borowitz:

Traveling Liquid and Gel Salespeople Protest FAA Rules

Angry Goo Sellers March on Washington

Two months after the Federal Aviation Administration instituted tough new restrictions on liquids and gels on all domestic flights, traveling liquid and gel salespeople marched on Washington en masse today to protest the FAA’s action.

The National Association of Traveling Liquid and Gel Salespeople, a group which represents over 150,000 of the nation’s itinerant goo sellers, organized today’s march, which began at the Capitol building and ended in front of the White House.

Carol Foyler, the executive director of the liquid and gel salespeople’s group, said that her association’s members were being “unfairly profiled” by the FAA and had every intention of making the “oppressive” regulations a key issue in next week’s midterm elections.

“Liquid and gel salespeople are what made this country great,” Ms. Foyler said. “America’s laborers built the railroad, but it was our moisturizers and hand creams that kept their skin supple and radiant.”

Perhaps true…but alas, they’re less powerful than the resealable quart-size plastic bag lobby…

A story in today’s Washington Post adds a new twist to the UK aviation plot from August:

A group of alleged terrorists arrested in London in August planned to blow up airliners over U.S. cities to maximize casualties, rather than over the Atlantic Ocean as many intelligence officials originally thought, according to recent remarks by a senior FBI official.

The comments by Mark Mershon, head of the FBI’s New York field office, indicate that U.S. and British intelligence officials now think that the airliner plot was aimed at maximizing the potential loss of life and economic impact.

“The plan was bring them down over U.S. cities, not over the ocean,” Mershon said Oct. 24 at the Infosecurity 2006 conference in New York, according to Government Security News, which first reported the remarks this week.

This could have perhaps been the plotters’ intention, but it seems like an odd choice, given the fact that most inbound flights to the U.S. from the UK spend little or no time flying over heavily-populated parts of U.S. cities during the last part of their routes; or if they do, it’s not something that a terrorist group could accurately predict in advance, since the exact routes typically vary.

A few months ago, the White House quietly issued a classified joint Homeland Security Presidential Directive / National Security Presidential Directive - HSPD-16/NSPD-47 - and has not released its contents. The San Francisco Chronicle ran a story about the directive in mid-August, noting that it contained the following contents:

The order, confirmed to The Chronicle by officials with knowledge of its contents, focuses on threats to aircraft from passenger baggage and air cargo — including detection of conventional, nuclear, radiological, and chemical devices — securing the airspace over the continental United States, and developing technologies to detect and prevent missile attacks on aircraft.

The directive, known as both National Security Presidential Directive 47 and Homeland Security Presidential Directive 16, also orders the agencies to implement a plan to check airline passenger lists against the government’s watch lists and to assume the costs of conducting the database searches. The cost of checking passenger lists currently falls to the airlines.

Recently a notice appeared in the Federal Register that is the first government confirmation of HSPD-16/NSPD-47 that I’ve seen. The notice describes a new Plan for the Emergency Security Control of Air Traffic, which cleary defines DOD, DOT, and DHS roles in the event of an emergency airspace incident, and establishes a “ESCAT Air Traffic Priority List (EATPL)” which serves as an order of priority for use and entry into U.S. airspace in the event of the activation of this plan.

This EATPL seems a bit out of balance to me, putting state and local law enforcement and first response activities near the end of the air traffic priority list, after a long list of military air assets. In a scenario where an attack has taking place and out-of-region emergency services are needed, it seems as if this priority list create a risk that state and local response assets would be stuck at the back of the queue, behind military assets who may be necessary to secure airspace and facilitate continuity of government, but who aren’t going to save any civilian lives. Hopefully this is an issue that is being discussed between DHS and DOD; otherwise this could lead to of the same command-and-control response breakdowns that we saw in the response to Hurricane Katrina.

Note to self: don’t create script to allow anyone to print out fake airline boarding passes:

A website that let anyone with an Internet connection and a printer create fake airline boarding passes has been shut down after federal agents visited the creator.

FBI agents raided Christopher Soghoian’s home over the weekend, seizing computers and other equipment, Soghoian wrote on his blog. They first visited him Friday afternoon with a request to take the site down, but when he got online, he found that the site had already been removed, he wrote.

….Soghoian’s “Northwest Airlines Boarding Pass Generator” let people create boarding passes that look virtually identical to the ones printed from the Northwest Airlines website. They could be used to get past airport security, but not to get on an airplane, because the airline would have no record of the reservation, Soghoian said.

Here’s Soghoian’s blog. While it probably wasn’t the wisest move to create this script and put it online, I think that making a criminal case out of this is an unfortunate response. Instead, the FBI and/or the airlines should be focusing on strengthening the security of commercial aviation documents - perhaps by working with Soghoian and offering him a job.

Just published in the new issue of Washington Technology: an op-ed by my boss (and sometime co-author) Scott Gould and the Reform Institute’s Dan Prieto headlined “The data trail: Best vector to secure aviation.” Check it out.

The DHS inspector general released a report yesterday that looks at TSA’s staffing of non-administrative positions at major airports. It finds a system in which airports’ administrative staffing decisions bore little relation to the size of the airport. For example, the chart on page 6 of the report shows airports that had 300-400 screeners and over thirty administrators, for a 10:1 ratio; whereas larger airports with over 1,000 screeners in some cases had 10-15 administrators, for up to a 100:1 ratio.

The report describes a current initiative within TSA to reapportion the administrative workforce, an effort launched in 2004 which thus far has not been implemented. Hopefully it will be soon. And it also looks at the use of TSA screeners for administrative purposes, which has led directly to the screener workforce racking up hundreds of thousands of hours of overtime in recent pay periods.

The report offers up four concluding recommendations:

1. Conduct a workforce analysis of FSD administrative staff and develop a staffing model to identify the number of employees actually needed at airports. This analysis should identify key mission areas and responsibilities; and take into consideration the time and nature of administrative work performed by screeners when assessing its workforce requirements.
2. Review proposed adjustments to FSD staffing levels and ratios of administrative to screener personnel. In particular, proposed changes to Hawaii’s administrative staff caught our attention as warranting more review.
3. Continue to study technologies or systems that will automate data entry functions at airports.
4. Reclassify administrative positions using more inclusive position titles to incorporate more of the functions employees perform and facilitate the hiring of administrative personnel.

In its response, TSA concurs with most of these recommendations, and indicates that it has recently started a comprehensive workforce review.

This is a smart response to the August aviation plot in the UK, tackling what many experts have believed to be the biggest vulnerability in the commercial aviation security regime today:

Airport workers are finding themselves subject to surprise screenings as the government issues new security tactics at airports nationwide. The changes are a direct response to this year’s foiled plot to blow-up America-bound airplanes.

Baggage handlers, gate agents, ramp workers and other airport employees who in the past were not subject to any security searches before the enter restricted and secure areas are now being targeted in this latest government effort to make airports safer.

….Sources say that the London terror plot foiled in August prompted U.S. officials to ramp up security after United Kingdom officials disclosed that some of the men arrested were airport workers. Until today, airport workers in the U.S. only went through an initial background check in order to get hired.

There probably aren’t sufficient resources today to have comprehensive inspection procedures for airport workers, and it probably wouldn’t deliver a high security return-on-investment. But developing a system of random spot checks is an effective investment, and can act as a strong deterrent against a plot that involves an airport ‘insider’ as a conspirator or accomplice. This should be quickly expanded nationwide, and random checks should take place not just at entry doors and gates but also at places deep inside the airport, and include the air cargo and general aviation areas within major airports - not just the passenger terminals.

As I noted last week, a segment on 60 Minutes on Sunday night looked at the issue of the government’s no-fly list, based upon an investigation that studied a copy of the list. The investigators found numerous flaws with it, most notably the fact that 14 of the 19 9/11 hijackers (presumably dead) were still on the list, and people with common names such as “Robert Johnson” are repeatedly flagged when they fly. The transcript of the segment is available here.

The segment was based largely on the reporting found in the new book “Unsafe at Any Altitude” by Susan Trento and Joseph Trento. I read a review copy of the book over the weekend, and while it was a compelling read, I’m not quite sure what to make of it.

The main argument of the book is that private aviation screening firms were falsely scapegoated after 9/11, and that today’s TSA performs worse at aviation screening than these private companies. The book tells the story of Frank Argenbright, the founder and namesake of one of the major screening companies at the time, arguing that he was personally scapegoated because of screening problems at the company in Philadelphia in 2000, even though (the book argues) the screeners at the company’s airports in Dulles and Newark performed their duties appropriately on the morning of 9/11.

The book suggests that TSA employees today “detect only about half the dangerous articles sent through airport security in tests,” in contrast with a “80 to 95 percent detection rate” by private screeners prior to 9/11. I’ve been a strong advocate of federal-run screening at the TSA, fearing an overly cost-driven race to the bottom if it is reprivatized, but this part of the book makes a credible case for examining a return to private sector screening - something that TSA is looking at today via the Screening Partnership Program.

So why am I not sure what to make of the book? Because amid this narrative are a few mind-boggling revelations, which if true, would require complete reassessments of the conventional wisdom about 9/11.

For example, on page 137 and page 192:

The biggest secret was that Saudi Arabian government agents whom the CIA had relied on for inside information on al Qaeda were, in fact, working for Osama bin Laden. Two of those agents were among the hijackers on American Airlines Flight 77 out of Dulles. Those two men were the ones the CIA and FBi had asked [Argenbright manager] Steve Wragg to watch on the video at Dulles Airport. The CIA had known since 2000 that they were in the United States, but it hadn’t notified the FBI until June 2001. The FBI had been looking for them all summer in connection with the October 2000 bombing of the Navy’s USS Cole off the coast of Yemen, but had not been able to find them.

….Prior to 9/11 senior CIA officials had convinced themselves that GID, the Saudi intelligence service, had placed agents inside al Qaeda. Because these two men - Khalid al-Mihdhar and Nawaf al-Hazmi - were thought to be Saudi agents, the CIA did not tell the FBI about them when they came into the United States from a terrorist summit meeting in Malaysia. Had the CIA shared what it knew, the FBI might have had a chance to at preventing the 9/11 attacks.

Read that passage twice. The authors are suggesting something that I’ve never heard before, and couldn’t find in any of the authoritative sources on 9/11 over the weekend - that two of the 9/11 hijackers were thought to be Saudi agents inside al-Qaeda but were actually double-double agents, and true members of al-Qaeda - who could have been easily tracked down in San Diego had information on them been shared with the FBI and other agencies. The ability to assess the verity of this claim is above my paygrade, but I have a hard time believing that 60 Minutes would associate itself with a book without vouching for its credibility.

Some other key revelations in the book:

• The reason that 14 of the 19 9/11 hijackers are still on the no-fly list is that U.S. intelligence agencies fear that the real hijackers stole the identities of other Saudis prior to 9/11;
• The first chapter of the book tells the story of Eric Gill, an Argenbright employee at Dulles who stopped an attempt by five Middle Eastern men dressed as airport employees to enter the secure zone of Dulles Airport on the night of 9/10/01…and later identified two of the men among the 9/11 hijackers;
• The book claims that “the CIA is routinely placing employees undercover with airlines and even as sky marshals” (page 195);
• The book describes incidents of finding bombs at airports after 9/11 that have heretofore been unreported, including one “found taped to a bathroom wall at the airport in Seattle.” (page 183)

Overall, I’m hesitant to accept everything in the book as fact, given the prevalence of anonymous sourcing, until there is further cross-checking of their findings. But for those who follow aviation security and intelligence issues, it’s a worthwhile read, and likely to stir up some lively discussion in the coming days and weeks. Here’s the link to it on Amazon.

The Government Accountability Office released a report today entitled “Terrorist Watch List Screening: Efforts to Help Reduce Adverse Effects on the Public.” It takes a close look at the existing watch list system, and the activities that have been taken to improve people’s ability to address the fact that they are incorrectly placed or identified on government watch lists. It contains a useful chart on Page 11 that shows the existing watchlist check process. And it notes current efforts underway to develop a government-wide redress process:

The Terrorist Screening Center, from its unique position as administrator of the consolidated terrorist watch list, has noted significant differences among agencies in providing watch-list-related redress. For instance, whereas the Transportation Security Administration has designated an official accountable specifically for redress, U.S. Customs and Border Protection does not and also has not followed consistent procedures in referring appropriate redress queries to the Terrorist Screening Center. Thus, at the Terrorist Screening Center’s request, the Department of Justice is leading an effort to develop an interagency memorandum of understanding to ensure that opportunities for redress are formally documented and that agency responsibilities are clear, with designated officials specifically accountable for supporting the continued success of watch-list-related redress. This effort, according to the Terrorist Screening Center, has been ongoing since fall 2005, and a final draft of the memorandum of understanding is expected to be ready for interagency clearances by fall 2006. The Department of Justice and the Terrorist Screening Center have acknowledged that, upon finalization of an interagency agreement that documents the redress opportunities and designates agencies’ responsibilities, it is important that appropriately updated information on redress and points of contact be made available to the public, including updates of Web-based guidance.

This is an issue that Sec. Chertoff had promised progress on by the end of 2006, in his “Secure Borders and Open Doors” speech in January, noting then that DHS’s goal “is to establish a government-wide traveler screening redress process before the end of this year to enable travelers who have complaints or have legitimate issues to resolve those questions with one-stop shopping.” Hopefully sufficient progress is being made on this front. In the absence of an effective redress system, the public’s long-term acceptance of watchlisting efforts is likely to recede.

The United States and the European Union reached a final deal on the Passenger Name Record (PNR) dispute today, a negotiation forced by the European Court of Justice ruling striking down the prior agreement in May. DHS issued a press release this morning that puts a positive spin on the outcome:

I am pleased to announce the European Union (EU) and Department of Homeland Security (DHS) have reached a final agreement regarding Passenger Name Record (PNR) data which will allow us to make full use of passenger data as needed to protect our borders. This agreement provides the information sharing that I called for in August.

Under the agreement, U.S. Customs and Border Protection will have new flexibility to share PNR data with other counter-terrorism agencies within the U.S. government, carrying out the President’s mandate to remove obstacles to counter-terrorism information sharing. The new flexibility will apply to agencies within DHS as well as to the Department of Justice, the FBI, and other agencies with counter-terrorism responsibilities; sharing will be allowed for the investigation, analysis, and prevention of terrorism and related crimes. We are pleased that this U.S.-EU agreement promotes our joint goal of combating terrorism while respecting our joint commitment to fundamental rights and freedoms, notably privacy.

I am also encouraged that the agreement will allow the department to receive PNR data earlier, thus increasing our ability to identify potential terrorists. The department will in time obtain access to PNR outside of the 72 hour mark when there is an indication that early access could assist in responding to a specific threat to flights bound for the United States.

But the EU Politix website discusses another change from the current system that is less favorable to the U.S.:

EU justice commissioner Franco Frattini said that the new system agreed with the US department of homeland security met demands from the European parliament for a rebalancing of the previous agreement.

“We decided together to guarantee a new system for transferring data, which I believe is very good news,” he told journalists.

“In the past we had a ‘pull’ system, which meant the US was allowed to pull data directly from airline databases in the EU.”

“Now have a push system – the US must make a request to the airlines to give them the information.”

“There will be no direct access for US authorities – this was one of the main topics of our discussions in the parliament.”

The ability for CBP to share information with other counterterrorism and homeland security agencies is an important win for DHS. But this last item seems to me to be a critical loss from a counterterrorism perspective. The new system will facilitate watch list checks and name matches, but it sounds like it will be difficult and cumbersome to conduct link analysis and related queries using PNR data - which is what Sec. Chertoff has insistently said was needed following the UK aviation plot. It’s possible that DHS could jury-rig a system that allows it to conduct link analysis among data elements that have been “pushed” to them, but that seems more challenging from a technology perspective and likely less effective.

The website for 60 Minutes indicates that they plan to run a piece this Sunday looking at the US government’s no-fly list, and pointing out deficiencies in it. From the preview piece on the show’s website:

60 Minutes, in collaboration with the National Security News Service, has obtained the secret list used to screen airline passengers for terrorists and discovered it includes names of people not likely to cause terror, including the president of Bolivia, people who are dead and names so common, they are shared by thousands of innocent fliers.

Steve Kroft’s investigation, in which an ex-FBI agent who worked on its al Qaeda task force says the list of 44,000 names is ineffective, will be broadcast this Sunday, Oct. 8, at 7 p.m. ET/PT.

The former FBI agent, Jack Cloonan, knew the list that was hastily assembled after 9/11, would be bungled. “When we heard the name list or no-fly list … the eyes rolled back in my head, because we knew what was going to happen,” he says. “They basically did a massive data dump and said, ‘Okay, anybody that’s got a nexus to terrorism, let’s make sure they get on the list,’” he tells Kroft.

The “data dump” of names from the files of several government agencies, including the CIA, fed into the computer compiling the list contained many unlikely terrorists. These include Saddam Hussein, who is under arrest, Nabih Berri, Lebanon’s parliamentary speaker, and Evo Morales, the president of Bolivia. It also includes the names of 14 of the 19 dead 9/11 hijackers.

The most interesting part of the story is that certain highly-sensitive names - e.g. members of al-Qaeda known to intelligence agencies but not publicy known - are deliberately left off the list, for fear that it could fall into the wrong hands:

But the names of some of the most dangerous living terrorists or suspects are kept off the list.

The 11 British suspects recently charged with plotting to blow up airliners with liquid explosives were not on it, despite the fact they were under surveillance for more than a year.

The name of David Belfield who now goes by Dawud Sallahuddin, is not on the list, even though he assassinated someone in Washington, D.C., for former Iranian leader Ayatollah Khomeini. This is because the accuracy of the list meant to uphold security takes a back seat to overarching security needs: it could get into the wrong hands. “The government doesn’t want that information outside the government,” says Cathy Berrick, director of Homeland Security investigations for the General Accounting Office.

This should be an interesting segment on Sunday. It’s also supposed to contain content from the forthcoming book “Unsafe at Any Altitude,” as noted on the book’s website.

The DHS Inspector General released a report today that looks at TSA’s Continuity of Operations (COOP) plan, finding it “cumbersome” and non-compliant with federal regulations. From page 6 of the report:

As shown in Table 1, the TSA Headquarters (HQ) COOP Plan and Program do not fully comply with FPC 65. The TSA HQ COOP Plan and Program only partially address the 11 required elements that define a viable COOP.

TSA has developed a cumbersome COOP plan that would require more than 200 agency personnel to conduct 138 mission-essential functions at two or more different locations during the most extreme emergency situations. However, the plan provides only a minimal COOP capability because: TSA management has not adequately analyzed and approved the plan to ensure that only essential functions and associated emergency staff are included in the plan; established a viable alternate work site; or [REDACTED TEXT]. In addition, TSA program offices have not made COOP planning a priority and TSA management, until FY 2006, has provided only a fraction of requested COOP funding.

Given TSA’s relative young history as an agency, this isn’t all that surprising, and it sounds like TSA is finally working to address these deficiencies. It’s critical that all of the key operating entities within DHS have strong COOP plans, because a large part of their whole reason for existing is contingent upon operational continuity after an attack or disruptive event.

The Congressional Research Service released a new report this month on aviation security pre-screening:

RL33645: Terrorist Watchlist Checks and Air Passenger Prescreening, September 6, 2006

The full Homeland Security Watch collection of CRS reports is available here.

TSA has issued draft standards for the Registered Traveler program, a set of zipped files which you can download at this link. The standards are currently open for public comment until October 4, 2006.

DHS Deputy Secretary Michael Jackson and TSA Administrator Kip Hawley announced changes to the aviation screening rules imposed after the August 10th plot:

• Small bottles (less than 3 oz.) of toiletries, cosmetics, toothpaste, etc. will now be allowed through the passenger checkpoint, screened separately in a clear Ziploc bag.
• Drinks purchased inside the passenger checkpoint will now be allowed on planes.

The full details are available on TSA’s website.

The Washington Post has a story today that discusses plans within DHS to reallocate screening and explosive detection funds away from the “puffer” machines and toward technology that can better detect liquid explosives:

The proposal calls for a shift of $20 million from the puffers to fund improvements in X-ray technology. After the upgrades, the X-ray machines would be able to take multiple images of the contents of carry-on bags, giving screeners an extra chance to detect suspicious items, including bottles or containers that might hold explosives, officials and experts said.

Machines used in U.S. airports today generally examine bags from only one angle. Government audits have shown that it is sometimes difficult for screeners to detect banned items or weapons, depending on where they are placed in a carry-on.

Security officials are seeking new technology to counter the threat of liquid explosives, a month after British authorities said they uncovered a plot to blow up transatlantic flights. The upgraded machines would not identify explosive compounds but would help screeners pick up shapes of items that could contain liquid explosives, officials said.

“What gives me the capability to find explosives now?” Kip Hawley, head of the Transportation Security Administration, asked in an interview. “The answer is X-rays. We’re looking at where we can get the biggest bang for the buck.”

The article also indicates that the puffer machines are not living up to expectations, and have had high maintenance costs and failure rates in the aviation environment - thus the rationale for the potential shift of funds.

USA Today has a cover story this morning about the Registered Traveler (RT) program, describing recently-announced TSA plans to impose additional fees totaling $120 on people enrolling in a Registered Traveler program, including $30 for a terrorism-related background check, $20 for a criminal background check, and $70 to pay for the TSA screeners who would staff RT lines, according to the USA Today story. Combined with the expected $80 cost of enrolling in one of the private sector programs, that would mean a $200 initial outlay for anyone who wanted to enroll in the program.

At that price, I’d expect that the number of people who would enroll would we so small that it would effectively destroy the entire Registered Traveler business model. As with the PASS card program, where cards look to be overpriced at $50, the federal government’s inability to drive down costs (and then pay for it via a higher volume of enrollees) is likely to leave this type of program stillborn.

That said, I do have some sympathy with TSA’s arguments that the full cost of this program should be borne by enrollees. The benefits of Registered Traveler accrue almost solely to its enrollees, and not to the nation’s security as a whole, and it makes sense that RT participants should pay for any marginal costs associated with the program. But are the TSA screeners marginal costs in this case? Not entirely: they would be screened today in existing lines, and deploying them to these RT lines would involve both fixed and variable costs. And travelers already pay for part of the cost of TSA screeners via the existing aviation security fees. For this $70 portion of the total cost, I think a more nuanced analysis of cost allocations is in order.

Recent stories in USA Today and CIO Magazine survey the status of the dispute between the United States and the European Union over the sharing of Passenger Name Record (PNR) data. The prior US-EU agreement was struck down by the European Court of Justice in May, prompting the two parties to move forward to develop a new agreement.

The urgency of this process was heightened by the UK aviation plot, which led to emergency measures to expand information-sharing. And it has strengthened DHS’s public stance on this issue, as witnessed by Sec. Chertoff’s recent comments and the statements in the USA Today article:

Homeland Security officials are hoping to renegotiate their agreement with the EU, which expires at the end of the month under a legal snag, in talks that have been given a tailwind by the London plot.

Foremost, Chertoff wants to be able to share the passenger information with the U.S. intelligence agencies and retain it for significantly longer than 42 months.

The intelligence community’s free access to the travel data would act as an additional layer of security over the Visa Waiver program, which now suffers from troubling holes. That 20-year-old program allows passport-toting citizens of 27 U.S.-friendly nations, including England, to enter the United States without a visa or the accompanying interview by a U.S. consular official.

Given the recent revelations about secret intelligence programs for communications and finance, I’m not surprised that Europeans are concerned about allowing unfettered access to data on their citizens. Ultimately, I believe that the European governments will support these measures, based on their direct experiences with the international terrorist threat.

But what’s really needed is a new model. For too long, this debate over PNR information-sharing has been driven by a model where information moves one way, from Europe to the United States. But what about flights from the United States to Europe? And what about broader international travel? If we want to develop a sustainable information-sharing system for international travel, then we need a model that is multipolar and decentralized, facilitating the broad exchange of information, in a manner similar to Interpol’s systems for sharing information on wanted fugitives and lost and stolen passports. This would give all nations, not just the United States, a stake on this issue, and by doing so ultimately strengthen American security.

For those of you that missed it earlier this week, take a minute to check out Secretary Chertoff’s op-ed in the Washington Post. He argues for more effective use of detailed airline passenger information (Passenger Name Record or PNR data) to identify high-risk passengers. Chertoff identifies problems arising from international restrictions on the use and sharing of this data:

The U.S. government has collected PNR data on travelers aboard international flights to the United States since the early 1990s. This information is of such value that after the Sept. 11 terrorist attacks, Congress mandated its continued collection. But in the past few years European privacy concerns have limited the ability of counterterrorism officials to gain broad access to data of this sort.

For example, under an agreement with the European Union, U.S. Customs and Border Protection receives this information regularly, but it cannot routinely share it with investigators in another DHS component, Immigration and Customs Enforcement, or with the FBI — never mind with our allies in London. This information might yet identify associates of those arrested in the plot in Britain, but the rules blind us in routinely searching for that connection.

Yet another reminder that homeland security is not just a domestic issue. Effective HLS policies require strong international relationships and better channels for sharing threat information.