Homeland Security Watch

Day One at DHS started with Secretary Napolitano at the helm issuing five Action Directives centered on the Protection mission for the Department. The directives request internal reviews to be conducted on how DHS protects critical infrastructure, conducts risk analysis, shares information with state and local authorities, “integration” of DHS engagement of states, localities, and tribes, and protection measures aimed at air, surface, and maritime transportation sector. The last one includes a “side by side comparison of the threat environment, resources and personnel devoted to each transportation sector.”

“One of my top priorities is to unify this department and to create a common culture. These action directives are designed to begin a review, evaluation and dialogue between the various functions of this department and me,” said Secretary Napolitano.

Further directives are expected to come soon concerning preparedness, response, recovery, and immigration.

Following is the text describing the directives as issued at DHS:

• Critical infrastructure protection. This core mission of DHS entails a broad mandate to reduce the vulnerability of key systems and structures to natural and manmade threats. DHS oversees the national critical infrastructure list and manages 18 infrastructure sectors established under Homeland Security Presidential Directive-7, with primary responsibility for information technology, telecommunications, chemical, transportation, emergency services, and postal and shipping. This entails extensive dealings with other federal agencies, states, and the private sector, involving collaboration, data collection, risk analysis, and sharing of best practices. What is the current status of the critical infrastructure list, relations with the 18 sector security councils and the other departments that have critical infrastructure protection roles? What are the plans to enhance protection? How do we enhance private sector participation? An oral report is due Jan. 28.

• Risk analysis. Given the extensive number of vulnerabilities to manmade and natural disasters and the limitations on resources, determining national priorities and the judicious distribution of resources are a major element of the department’s mission. What is the status of risk analysis metrics and what is the plan and time frame for setting up a full-blown system to govern the establishment of critical infrastructure programs, the priorities among national planning scenarios, and the distribution of grants to state, local, and tribal entities? More broadly, how can DHS enhance risk management as the basis of decision making? An oral report is due Jan. 28.

• State and local intelligence sharing. Core to the department’s ability to successfully carry out its mission is sharing information within the department, and between DHS and other federal, state, local, tribal, and private sector entities. Across the department there are currently multiple operational, technological, programmatic, and policy-related activities underway to focus on improved information sharing.

o Given the importance of this mission, please provide a complete inventory of all operational, programmatic, technology, and policy related activities currently underway.

o Provide an evaluation of which activities hold the most promise for achieving the smooth flow of information on a real time basis.
The inventory and evaluation should take into account the voices of all stakeholders, especially state, local and tribal entities.
The evaluation should also consider the private sector’s perspective and its relationship to these stakeholders.

o The inventory and evaluation should focus on ensuring that the department’s information sharing efforts are closely linked to government-wide efforts to establish the Information Sharing Environment as called for the Intelligence Reform and Terrorism Prevention Act of 2004.

o DHS Intelligence & Analysis should evaluate whether DHS is meeting all of its information sharing missions as described in Section 201(d) of the Homeland Security Act of 2002, P.L. 107-296, especially Section 201(d)(1).

An oral report is due Jan. 28.

• Transportation security. TSA is directed to provide a review to the Secretary of the current strategies, plans and programs for security of the air, surface, and maritime transportation sector, to include a side by side comparison of the threat environment, resources and personnel devoted to each transportation sector. TSA shall coordinate, as necessary, with all pertinent components and offices in DHS, as well as with all relevant outside bodies and advisory councils. An oral report is due Jan. 28.

• State, local and tribal integration. To promote policies to more fully integrate American state, local, and tribal governments in the development of policies and programs to protect our nation and help it recover from natural and manmade disasters consistent with the homeland security interests of the United States, the DHS Office of Intergovernmental Affairs shall:

o Immediately contact every relevant governmental association, e.g. the National Governors Association, National Association of Counties, League of Cities and Towns, U.S. Conference of Mayors, National League of Cities, National Emergency Management Association, and the National Congress of American Indians, announcing that DHS intends to revitalize its relationship with state, local, and tribal governments effective immediately with the intent of creating a working partnership.

o Immediately plan for an accelerated process of soliciting and collecting input from our state, local and tribal partners on how to improve the programs and processes of DHS.

o This input should include, but not be limited to, the following topics:
a. Critical infrastructure
b. Grant making
c. Interoperability
d. Intelligence collection and dissemination
e. Emergency services
A preliminary written report is due Feb. 10.

On November 17, DHS Secretary Michael Chertoff and TSA Administrator Kip Hawley convened the next blogger roundtable, this time at TSA Headquarters. Topics covered Secure Flight, general aviation security regulations, holiday security measures, technology investments, and other issues. This may have been the final roundtable Secretary Chertoff convenes with the bloggers. However, it was the first time HLSwatch.com was singled out by the Secretary for a recent post with which he took issue. After the usually round-the-table introductions, S1 said the following with a smile:

Mr. Czerwinski: Jonah Czerwinski. Good to see you again, Mr. Secretary.

Secretary Chertoff: By the way I’m going to call you out on one thing. So you disagree with my saying that when I do risk, I put the most weight on consequence? And you said, but on Wall Street they disagree with that. They think it’s more a matter of probability than consequence. I rest my case.

Mr. Czerwinski: They may not be the people to watch–

Secretary Chertoff: Right. It was my position on consequence, which I’ve articulated for a couple years now, is what I’ve now learned that in the trade they call it the fat tail. If you read Black Swan so it’s inside baseball.

Mr. Czerwinski: I noted that, thank you.

Secretary Chertoff: All right, shoot.

Sheesh. Chertoff was referring to my 29 OCT 08 post entitled Chertoff Addresses the Beta, in which I suggest that he described risk assessment in his speech to the Wharton School in such a way that could trigger extremes of excessive caution or excessive spending. I made the ill-timed analogy of how risk is assessed on Wall Street. Oops. The full roundtable transcript is available on the TSA blog.

Fortunately, we won a small victory after that playful jab at my criticism of the Secretary’s risk assessment formula. The roundtable concluded as follows:

Secretary Chertoff: I have to say, people say, why do you do blogging? I’m not saying this to feed your egos. I said, I thought that by and large, in terms of focused, sustained, engaged, and knowledgeable questions, the bloggers who cover us regularly do a great job, and it is useful for me to get feedback because I actually do read these – I read the good ones, I don’t read the nutty ones – to get feedback about stuff that is working and not working, and I think that it is a great way for us to communicate, because we do get, you know, good questions come from a knowledge base. You guys do follow this stuff on a regular basis.

Mr. Czerwinski: When you hand over the “Leadership Journal,” can we get you to guest blog at some point?

Secretary Chertoff: Yeah, I probably will.

Fellow bloggers in attendance included:

Rich Cooper – Security Debrief

Barbara Peterson – Conde Nast Traveler & Daily Traveler

Matt Phillips – Wall Street Journal & The Middle Seat Terminal

Tom Smith - ACI-NA

Benet Wilson – Aviation Week & Towers and Tarmacs

Chad Wolf – Security Debrief

Have a great Thanksgiving everybody. I’ll keep up with developments and update HLSwatch.com over the long weekend if something is time sensitive. If, however, the next few days are as uneventful as I hope, I’ll see you on DEC 1.

During the closing days and weeks of the 2008 presidential race, Barack Obama wrote a series of letters to John Gage, National President of the American Federation of Government Employees, to explain his priorities for the federal workforce if he becomes President of the United States. Then-candidate Obama dedicated one letter to DHS and another specifically to the TSA.

In his letter to Gage about DHS, Obama expressed concerns about DHS workforce policies. The lack of collective bargaining and the unintended consequences of “pay-for-performance” on morale and results served as the core of the letter. Obama intends to restore collective bargaining. He wrote that he will “ensure that each nominee [in an Obama-Biden Administration] has a clear understanding of the labor-management collective bargaining process and my commitment to assuring its fairness. The same goes for my appointments to the Federal Labor Relations Authority and the Federal Services Impasses Panel.”

He stressed that DHS workers should be rewarded for high quality work, but that the Bush Administration’s “failure to fund the initiative [“pay-for-performance” system] guaranteed that rewarding one employee would be at the expense of another. This is unfair and serves to reduce morale, rather than improve it,” Obama wrote.

In a separate letter directed specifically at the TSA, Obama cited issues raised by Transportation Security Officers (TSO) about the need for collective bargaining rights. “Advocating for TSOs to receive collective bargaining rights and workplace protections will be a priority for my administration,” Obama wrote to Gage in late October.

That other DHS officers serving as Border Patrol Agents, Federal Protective Officers, or Capitol Police, for example, all have collective bargaining rights makes this inequity a top workforce priority for Obama. Citing high attrition rates among the TSO workforce, Obama intends to re-examine the Performance Accountability and Standards System (PASS) for TSOs to “determine whether it meets minimum standards of fairness, transparency, and accountability.” If it does not, expect the Obama-Biden Administration to replace the PASS system with the General Schedule wage system used by the rest of the federal government, including other DHS agencies.

This afternoon, I have the opportunity to meet with TSA Administrator Kip Hawley and DHS Secretary Michael Chertoff. I hope to ask them about these plans, as well as current initiatives like Secure Flight.

There are about 300 flights a day to the U.S. that originate from the 27 EU countries. How the cargo on those planes is screened has been an issue over which the U.S. and EU have negotiated for years. DHS wants our European counterparts to apply the same security standards we do on flights from the U.S. across the Atlantic. With a little help from a Congressional deadline, the European Commission and TSA struck an agreement yesterday to apply U.S. standards for air cargo screening for half of the cargo on U.S.-bound passenger flights by February 2009 and all cargo on all flights by 2010.

The agreement, signed on the 30th by TSA chief Kip Hawley and Zoltan Kazatsay, Deputy DG for Energy and Transport at the European Commission, meets a Congressionally mandated deadline under the 9/11 Commission Act to require screening of 100 percent of cargo on passenger planes by August 2010. Kudos to TSA and the DHS Policy shop for successfully concluding this effort.

Under the agreement, the EU and the U.S. will use the same screening equipment, provide the same training to screeners and impose the same security requirements for the facilities where the cargo is screened. Currently, 95 percent of flights within the U.S. and departing from the U.S. undergo cargo screening.

Earlier this year DHS and the airlines went head-to-head over who should be responsible for checking passengers’ names against the federal no-fly list. DHS said they would maintain a list of names of people that would either be subject to additional screening (“selectee”) or not be permitted to fly (“no-fly”). It did not take long for the air lines to object, claiming an undue burden on their operations, and DHS fretted over inconsistent application of the list by the private air carriers. Eventually, all agreed the situation wasn’t working and today Secretary Chertoff issued a new “rule” reversing the process.

Under the new rule, part of Secure Flight, airlines will submit encrypted flight reservation information to TSA. TSA will compare that data with a constantly maintained/updated no-fly list and selectee list. Then TSA will send the results back to the airline “if there’s a problem,” said Chertoff during a press event today. It is unclear if the airlines only hear back from TSA in the event of a “hit” on the list. It may be the case that if TSA doesn’t comment, then the air lines are clear to board the passenger. Silence equals acceptance?

The private sector fell short in carrying out baggage screening, and so we gave it back to TSA. The private sector failed to meet expectations on the no-fly lists, and so it goes back to TSA. This would seem like a clear cut victory for the airlines. They offload all the risk to TSA at the screening lanes and with checking the no-fly lists.

But this is a win for the traveling public, too. Someone once said that “government is the name we give to those things we decide to do together.” This is a classic example. It never made sense to outsource this important process to the private sector.

And then the Secretary made it interesting: Ever wonder how many names are on that watch list? Well Chertoff decided to share some details. Estimates have ranged up to 1 million names. According to the Secretary, “there are fewer than 16,000 — that’s one six — 16,000 unique individuals who are selectees in TSA’s database.” (He further clarified, “That’s 16,000. One six.”)

He went on state that most people on the list “are not even American citizens” and the vast majority of the names are for further screening (selectee status); they are not necessarily banned from flying. That number is closer to 2,500, of which approximately 10% are American citizens, according to the Secretary.

By Nathan A. Sales

Should customs officers be able to search your laptop computer at the border the same way they inspect your suitcase?

Not if public opinion is any guide. Earlier this year, the Washington Post caused some heartburn when it reported that border officials occasionally “look at information stored in electronic devices such as laptops without any suspicion of a crime.” One U.S. Senator calls the searches “truly alarming.”

He’s not alone. Laptop searches can do real harm to ordinary travelers’ privacy interests. When told that the government claims the power to rummage through computers, BlackBerries, and flash drives at the border, many people react with shock, even revulsion. A laptop search seems terribly invasive. The average traveler may be willing to hand over his suitcase for inspection, but his laptop seems a bridge too far.

Yet it’s also true that laptop searches are an important tool in the government’s efforts to detect terrorists and combat child exploitation. In fact, federal courts have decided twelve cases involving laptop searches at the border, and every single one has involved child pornography.

My sense is that suspicionless laptop searches generally are consistent with the Fourth Amendment. Under the Supreme Court’s border-search doctrine, “non-routine” searches (e.g., invasive searches of the body) are off-limits unless officers have a reasonable suspicion of wrongdoing. By contrast, “routine” searches (e.g., searches of property) need not be based on any suspicion whatsoever. Routine searches are constitutional simply by virtue of the fact that they occur at the border.

How does the border-search doctrine apply to laptops? The consensus among lower courts is that laptop searches are “routine”; officers therefore don’t need reasonable suspicion before conducting them.

The courts are probably right, for a simple reason: technological neutrality. The privacy protections we enjoy shouldn’t depend on whether we store our data in digital format or on paper. Customs can inspect mail, address books, and photo albums with no suspicion at all. Why should the rule change when we keep our correspondence, contacts, and pictures on a laptop? The mere fact of computerization shouldn’t make a difference.

Of course, laptops are different from other property. They contain more personal data than other items that cross the border; the information can be quite sensitive; and the government might keep data from a laptop for a long time, maybe indefinitely. But while laptops are different, they don’t deserve a blanket exception to the border-search doctrine. In fact, laptop searches have the potential to be less, not more, intrusive than traditional border inspections of physical objects. With keyword searches, automated computer processes can identify specific data points that might warrant further investigation. That means human beings don’t need to rifle through the laptop’s hard drive manually.

While the Fourth Amendment imposes few restrictions on laptop searches, policymakers should adopt some additional safeguards. In particular, the government should formalize the standards it uses to pick travelers for laptop searches, to ensure people aren’t singled out for impermissible reasons like race or religion. It also should adopt rules for retaining information from laptops; if a search uncovers no evidence of crime, customs would be hard pressed to justify keeping any data. And the government should apply special protections to sensitive data like trade secrets and privileged correspondence. Supplemental standards like these would equip the government with the tools it needs, while helping to prevent the privacy interests of law-abiding travelers from becoming collateral damage in the war on terrorism.

Readers interested in this topic may wish to download my recent article, “Run for the Border: Laptop Searches and the Fourth Amendment.”

Nathan A. Sales served as deputy assistant secretary of homeland security for policy development from 2006-2007 and is now on the faculty of George Mason University School of Law.

Suspected terrorists have recently been tracking airplane crew members of the Israeli national airline, El Al, in Toronto, purportedly in preparation for an attack on airline personnel. Al Haaretz reports today that Israeli intelligence thinks Hezbollah seeks to attack Israeli targets abroad to avenge the February assassination of Imad Mughniyeh, Hezbollah’s number two and suspected of being involved in the 1983 bombing of the U.S. barracks in Beirut. Hezbollah blames Mossad for the assasination.

I wouldn’t exactly call this alarmist either:
• July 2002: Two people are killed by a gunman firing on El Al passengers at LAX before an Israeli security official shot and killed the gunman.

• May 2003: EL Al canceled a flight to Kenya after receiving an intelligence warning of a planned attack.

• September 2003: An El Al flight from Tel Aviv to Los Angeles diverts to Montreal because of a warning of a terror attack planned for its layover in Toronto.

• November 2005: Seven Dutch youths arrested for planning to attack an El Al plane.

• June 2006: Swiss authorities uncover an attempt by a Muslim terror cell to attack an El Al plane in Germany.

• November 2006: Germany arrests six on suspicion of planning to blow up an El Al plane leaving from Frankfurt.

• Summer 2008: Hezbollah cell caught collecting against Israeli targets in Canada, including the Israeli Embassy in Ottawa.

All too often, the visceral reaction to a story about homeland security is “huh?” The latest example for me is this headline in last week’s USA Today, “TSA weighs gun ban in unsecured areas.”

The gist of the article is that, prompted by the request of Atlanta’s Hartsfield-Jackson Airport, the Transportation Security Administration is pondering whether airports may ban firearms from terminals, parking lots, and other parts of the airport before screening checkpoints. At checkpoints and beyond, firearms, as well as other weapons – knives, bombs, etc. – are, of course, banned. The rationale for that ban, of course, is that firearms can be used to kill masses of people past the checkpoint, including people on board airplanes.

The “huh” factor here comes from two things. First of all, if guns are banned past the checkpoint because they can be used to kill people, doesn’t it go without saying that they should likewise be banned before the checkpoint because they can be used to kill people? In other words, isn’t the point of the present ban to prevent mass killing? If so, why should guns be banned past the checkpoint but not before it?

Second, if there’s no practical difference between the pre-checkpoint area and the post-checkpoint area in terms of the possibility that guns can be used to kill people, what is TSA “weighing?”

Yes, of course, there is the Second Amendment. Under certain circumstances, people may legally carry firearms. However, implicitly, the foregoing sentence means that there are other circumstances under which people legally may not carry firearms. The circumstance that legally permits airports to ban firearms past the checkpoint – people on board airplanes could be killed – is the same circumstance that should make banning firearms anywhere on airport property a no-brainer.

Surely it isn’t the case that the lives of those in airports who are planning to board airplanes are worthier of protection than the lives of those who are at airports for other reasons – to drop off family or friends; to shop or dine at restaurants or shops before checkpoints; or to work in parts of the airport before checkpoints. If not, as I say, TSA’s deliberative process can and should be short.

That is not to say that there wouldn’t be legal challenges. (Remember the judge who sued his dry cleaners for ruining his favorite pants, seeking $65 million in damages?) But that’s what TSA’s lawyers are for. Those lawyers stand a good chance of ultimately prevailing, if the recent upholding of the ban by a federal judge Monday is any indication. In any event, TSA policy makers should take out their “Approved” stamp; firmly affix it to Hartsfield-Jackson’s application; and move on to weighing closer questions.

Clark Kent Ervin is Director of the Homeland Security Initiative at The Aspen Institute. Ervin served as the first Inspector General of the United States Department of Homeland Security from January 2003 to December 2004. Prior to his service at DHS, he served as the Inspector General of the United States Department of State from August 2001 to January 2003.

DHS announced today passenger prescreening measures to improve matching against government watch lists.  To do this, DHS is publishing two regulations:

(1) Advance Passenger Information System (APIS) Predeparture Final Rule, which enables DHS to collect manifest information for international flights departing from or arriving in the United States prior to boarding; and

(2) Secure Flight Notice of Proposed Rule Making (NPRM), which lays out DHS plans to assume watch list matching responsibilities from air carriers for domestic flights and align domestic and international passenger prescreening.

According to the DHS announcement, the changes are intended to improve targeting for determining which passengers pose a threat.  The result should be more accurate assessments of potentially dangerous passengers while easing the imposition on legitimate travelers.   This includes “better resolution for misidentified passengers,” the announcement says.  I presume this means applying more effective redress protocols to enable passengers wrongly identified as being on a watchlist so that they may be removed from it.  Presently, it is not clear how this change affects the existing DHS Traveler Redress Inquiry Program (DHS TRIP).

APIS results from a mandate in the 2004 Intelligence Reform and Terrorism Prevention Act (IRTPA).  The new measure will require air carriers to submit passenger data 30 minutes prior to departure or as each passenger checks in for the flight.  According to the statement:

Receiving both APIS and PNR data at least 30 minutes before a plane departs allows DHS to perform security checks against federal watch lists prior to passenger boarding, taking this responsibility from carriers and eliminating potential flight diversions due to watch list concerns.  For vessels departing from foreign ports bound for the United States, current requirements to transmit passenger and crew arrival manifest data between 24 to 96 hours prior to arrival will remain unchanged, but requires vessel carriers to transmit APIS data 60 minutes prior to departure from the United States. The APIS final rule follows an NPRM [notice of proposed rulemaking] published in the Federal Register on July 14, 2006.

 The Screening Coordination Office, which is led by Kathy Kraninger at DHS, is leading an effort to provide air carriers with “consolidated data submission requirements,” according to the statement.  This is to be done by integrating Secure Flight data and the APIS data into one stream. This is a helpful fact sheet describing implications of this change.

Once published in the Federal Register, the APIS final rule and the Secure Flight NPRM will be open for comment via the Federal e-Rulemaking Portal.

TSA last week announced contract awards to begin testing millimeter wave imaging machines and backscatter machines at airports in Phoenix, Los Angeles, and New York’s JFK. These passenger imaging technologies screen passengers for weapons, explosives, and other metallic and non-metallic threats under layers of clothing.

The announcement includes contract awards to American Science & Engineering (backscatter), L-3 Communications (millimeter wave), and Rapiscan Systems (backscatter). Total cost of the initial contracts is ~$2.3 million, with options to escalate. More information available here.

Looks like the U.S. and EU overcame the most recent tussle concerning how the two allies will share private or personal information in pursuit of terrorists (and other criminals, or course).  The press release from this afternoon is available here.  Following are the main points:

• The Department of Homeland Security will collect 19 types of PNR data.
• The data will be maintained for seven years in an active file, and eight years thereafter in a dormant file with limited access.
• How DHS collects PNR data from airline reservation systems changes, too. Air carriers will now transmit PNR data directly to DHS.
• European air carriers get legal assurance that they will not be in violation of EU privacy law.

The new GAO study, rolled out in testimony this week by Director of Homeland Security and Justice Issues Cathleen Berrick, suggested that DHS and the Transportation Security Administration should improve their risk-based decision making methods, planning and program evaluations, and the ways in which TSA collaborates with relevant stakeholders.

GAO cites Secure Flight – the domestic passenger prescreening system – as an example of disjointed or insufficient management attributes that have kept this program off schedule.  It’s worth reading the sections of this critique that make the case for better coordination across TSA and the international passenger screening efforts under the auspices of Customs and Border Protection.  This dimension of the report forces a more interesting discussion about how the different, but closely related, mission areas of the DHS components (TSA, CBP, S&T) could better reinforce one another and reduce duplication where similar objectives could be pursued with shared methods, data, technology, etc.  Screening of passengers lends itself perfectly to this ongoing challenge.

The new study also takes a look at how TSA and others could better partner with relevant private sector stakeholders.  Primary opportunities for better collaboration include:

• Reducing the time it takes to screen air cargo in order to diminish the disruption to delivery time for air carriers;
• Training individual cargo inspectors on more effective inspection technology;·       
• Supporting the development and deployment of improved inspection technologies; and
• Determining the best approach to implementing a “risk-based management approach to securing air cargo.”

The GAO report, entitled Aviation Security: Progress Made in Systematic Planning to Guide Key Investment Decisions, but More Work Remains, is found here.  A one-page summary also is available.

Updated DHS Schedule:

Thursday, February 15

Deputy Secretary Michael P. Jackson will testify before the House Homeland Security Committee on the department’s 2007 goals: 9:00 AM EST/311 Cannon House Office Building/Washington, DC/OPEN PRESS

Friday, February 16

Secretary Michael Chertoff will deliver remarks to the American Chamber of Commerce: 7:45 AM CST/ Intercontinental Presidente Hotel/ Campos Eliseos 218/ Col Polanco Mexico City, Mexico/ OPEN PRESS

U.S. Citizenship and Immigration Services Chief of Citizenship Alfonso Aguilar will deliver the keynote address on citizenship and immigration issues at the Puebla State Forum on U.S.-Mexico Immigration Reform Puebla: 8:30 AM CST/ State Congress/ Puebla, Mexico/ OPEN PRESS

U.S. Coast Guard Commandant Admiral Thad W. Allen will provide remarks on recreational boating safety and maritime security at the annual meeting of Boating Writers International:  8:30 AM EST/ Miami Beach Convention Center:/ 1901 Convention Center Drive/ Miami Beach, FL/ OPEN PRESS

US-VISIT Acting Director Robert Mocny will testify before the House Appropriations Committee Subcommittee on Homeland Security on the fiscal year 2008 budget request for US-VISIT: 10:00 AM EST/ 2362 Rayburn House Office Building/ Washington, DC/ OPEN PRESS 

The New York Times ran a story last week making light fun of certain aviation screening rules (hat tip: Wonkette), one which described some of TSA’s more bizarre screening rules, including rules for snowglobes and most notably, helper monkeys:

Like dogs, some specially trained monkeys are classified as service animals to assist handicapped people. But you really have to wonder if these sample sentences — from the security administration’s rules for how transportation security officers at walk-through metal detectors should handle monkeys — were written with a straight face:

“When the handler and the monkey go through the W.T.M.D. and the W.T.M.D. alarms, both the handler and the monkey must undergo additional screening.” The rules add that security officers “have been trained not to touch the monkey during the screening process” and that “the inspection process may require that the handler take off the monkey’s diaper as part of the visual inspection.”

The Federal Register contained a notice today by the TSA on a new information collection requirement related to a program that has not previously disclosed, based on a quick Google search of its name:

The Rice-Chertoff Initiative (RCI) Department of Homeland Security Traveler Redress Inquiry Program (DHS TRIP) was developed as a voluntary program by DHS to provide a one-stop mechanism for individuals to request redress who believe they have been: (1) Denied or delayed boarding; (2) denied or delayed entry into or departure from the United States at a port of entry; or (3) identified for additional (secondary) screening at our Nation’s transportation hubs, including airports, seaports, train stations and land borders. The DHS TRIP office will be located at, and managed by, TSA. In order for individuals to request redress, they are asked to provide identifying information, as well as details of the travel experience.

The one-year anniversary of the launch of the Rice-Chertoff Initiative is later this month; this program is the result of Chertoff’s promise in that speech to establish a “government-wide traveler screening redress process before the end of this year [2006].”

For more on this issue, see this earlier post.

A few months ago, Heritage Foundation scholar Jim Carafano wrote a memo proposing the need for the government to develop a “national air security strategy,” similar to the National Strategy for Maritime Security. Around that same time, the White House issued a still-classified directive (HSPD-16 / NSPD-47) on aviation security, about which few details are publicly known.

Consistent with this recommendation and directive, the federal government seems to be developing a National Strategy for Aviation Security. A Google search of this phrase reveals a link to the entry page for a TSA webboard where there is a menu option titled “National Strategy for Aviation Security.” The Google search also reveals a couple of other references to the Strategy, i.e. the program for an aviation conference in Oregon, within which one of the speakers’ bios references it.

The development of this Strategy prompts a number of questions. Is it still under development, or has it been finished and quietly disseminated inside the federal government? Are there plans to make it public, or will this be like the frequently-panned National Strategy for Transportation Security, which was a classified document and never published? Which non-governmental stakeholders have been consulted in the development of this Strategy?

Hopefully we’ll see a public version of this National Strategy in the next year, following the model of the National Strategy for Maritime Security, which has served its purpose since publication as a useful reference strategy for all maritime security stakeholders.

The operations research journal Interfaces is publishing an entire issue of homeland security-related articles this month, and highlighted one of the articles in it in a press release in mid-November. That article, entitled “How Effective is Security Screening of Airline Passengers?” attempts to answer a question that has long bedeviled TSA and other aviation screening agencies: what is more effective, risk-based screening or random screening?

The authors, Susan Martonosi at Harvey Mudd and Arnold Barnett at MIT, build a model that includes variables for primary screening effectiveness, secondary screening effectiveness, % of passengers elected for random screening, the effectiveness of the prescreening system, and the terrorists’ deterrence threshold. They test the model several times using different assumptions for these variables, and get results for a range of scenarios that suggest that neither risk-based secondary screening nor random secondary screening is inherently better than the other:

As this simple mathematical model suggests, neither side has made a persuasive case about the effectiveness of airport passenger-profiling systems. Supporters of such systems have focused mostly on the ability of the algorithm to identify terrorists (C), an ability they may well overestimate. They say little about screening effectiveness of both low-risk passengers and selectees (p1) and (p2), yet these effectiveness parameters are crucial to the overall success rate of the system. Skeptics may have given insufficient weight to deterrence (Ï„), because of which, the selection and screening system might prevent attacks even though it falls well short of perfect. Probing the system, as we have seen, could sometimes prevent a terrorist act rather than ensure its success.

They conclude the article by suggesting that improving the baseline screening for all passengers might be a better investment than improving prescreening or secondary screening. Overall, a good article, and a useful exercise in trying to analyze an issue too often guided by intuition or emotion. You can see the descriptions of some of the other articles in this issue of Interfaces at this link.

The actions depicted on this video are NOT recommended by Homeland Security Watch:

The latest in homeland security-related humor, courtesy of Andy Borowitz:

Traveling Liquid and Gel Salespeople Protest FAA Rules

Angry Goo Sellers March on Washington

Two months after the Federal Aviation Administration instituted tough new restrictions on liquids and gels on all domestic flights, traveling liquid and gel salespeople marched on Washington en masse today to protest the FAA’s action.

The National Association of Traveling Liquid and Gel Salespeople, a group which represents over 150,000 of the nation’s itinerant goo sellers, organized today’s march, which began at the Capitol building and ended in front of the White House.

Carol Foyler, the executive director of the liquid and gel salespeople’s group, said that her association’s members were being “unfairly profiled” by the FAA and had every intention of making the “oppressive” regulations a key issue in next week’s midterm elections.

“Liquid and gel salespeople are what made this country great,” Ms. Foyler said. “America’s laborers built the railroad, but it was our moisturizers and hand creams that kept their skin supple and radiant.”

Perhaps true…but alas, they’re less powerful than the resealable quart-size plastic bag lobby…

A story in today’s Washington Post adds a new twist to the UK aviation plot from August:

A group of alleged terrorists arrested in London in August planned to blow up airliners over U.S. cities to maximize casualties, rather than over the Atlantic Ocean as many intelligence officials originally thought, according to recent remarks by a senior FBI official.

The comments by Mark Mershon, head of the FBI’s New York field office, indicate that U.S. and British intelligence officials now think that the airliner plot was aimed at maximizing the potential loss of life and economic impact.

“The plan was bring them down over U.S. cities, not over the ocean,” Mershon said Oct. 24 at the Infosecurity 2006 conference in New York, according to Government Security News, which first reported the remarks this week.

This could have perhaps been the plotters’ intention, but it seems like an odd choice, given the fact that most inbound flights to the U.S. from the UK spend little or no time flying over heavily-populated parts of U.S. cities during the last part of their routes; or if they do, it’s not something that a terrorist group could accurately predict in advance, since the exact routes typically vary.

A few months ago, the White House quietly issued a classified joint Homeland Security Presidential Directive / National Security Presidential Directive - HSPD-16/NSPD-47 - and has not released its contents. The San Francisco Chronicle ran a story about the directive in mid-August, noting that it contained the following contents:

The order, confirmed to The Chronicle by officials with knowledge of its contents, focuses on threats to aircraft from passenger baggage and air cargo — including detection of conventional, nuclear, radiological, and chemical devices — securing the airspace over the continental United States, and developing technologies to detect and prevent missile attacks on aircraft.

The directive, known as both National Security Presidential Directive 47 and Homeland Security Presidential Directive 16, also orders the agencies to implement a plan to check airline passenger lists against the government’s watch lists and to assume the costs of conducting the database searches. The cost of checking passenger lists currently falls to the airlines.

Recently a notice appeared in the Federal Register that is the first government confirmation of HSPD-16/NSPD-47 that I’ve seen. The notice describes a new Plan for the Emergency Security Control of Air Traffic, which cleary defines DOD, DOT, and DHS roles in the event of an emergency airspace incident, and establishes a “ESCAT Air Traffic Priority List (EATPL)” which serves as an order of priority for use and entry into U.S. airspace in the event of the activation of this plan.

This EATPL seems a bit out of balance to me, putting state and local law enforcement and first response activities near the end of the air traffic priority list, after a long list of military air assets. In a scenario where an attack has taking place and out-of-region emergency services are needed, it seems as if this priority list create a risk that state and local response assets would be stuck at the back of the queue, behind military assets who may be necessary to secure airspace and facilitate continuity of government, but who aren’t going to save any civilian lives. Hopefully this is an issue that is being discussed between DHS and DOD; otherwise this could lead to of the same command-and-control response breakdowns that we saw in the response to Hurricane Katrina.

Note to self: don’t create script to allow anyone to print out fake airline boarding passes:

A website that let anyone with an Internet connection and a printer create fake airline boarding passes has been shut down after federal agents visited the creator.

FBI agents raided Christopher Soghoian’s home over the weekend, seizing computers and other equipment, Soghoian wrote on his blog. They first visited him Friday afternoon with a request to take the site down, but when he got online, he found that the site had already been removed, he wrote.

….Soghoian’s “Northwest Airlines Boarding Pass Generator” let people create boarding passes that look virtually identical to the ones printed from the Northwest Airlines website. They could be used to get past airport security, but not to get on an airplane, because the airline would have no record of the reservation, Soghoian said.

Here’s Soghoian’s blog. While it probably wasn’t the wisest move to create this script and put it online, I think that making a criminal case out of this is an unfortunate response. Instead, the FBI and/or the airlines should be focusing on strengthening the security of commercial aviation documents - perhaps by working with Soghoian and offering him a job.

Just published in the new issue of Washington Technology: an op-ed by my boss (and sometime co-author) Scott Gould and the Reform Institute’s Dan Prieto headlined “The data trail: Best vector to secure aviation.” Check it out.

The DHS inspector general released a report yesterday that looks at TSA’s staffing of non-administrative positions at major airports. It finds a system in which airports’ administrative staffing decisions bore little relation to the size of the airport. For example, the chart on page 6 of the report shows airports that had 300-400 screeners and over thirty administrators, for a 10:1 ratio; whereas larger airports with over 1,000 screeners in some cases had 10-15 administrators, for up to a 100:1 ratio.

The report describes a current initiative within TSA to reapportion the administrative workforce, an effort launched in 2004 which thus far has not been implemented. Hopefully it will be soon. And it also looks at the use of TSA screeners for administrative purposes, which has led directly to the screener workforce racking up hundreds of thousands of hours of overtime in recent pay periods.

The report offers up four concluding recommendations:

1. Conduct a workforce analysis of FSD administrative staff and develop a staffing model to identify the number of employees actually needed at airports. This analysis should identify key mission areas and responsibilities; and take into consideration the time and nature of administrative work performed by screeners when assessing its workforce requirements.
2. Review proposed adjustments to FSD staffing levels and ratios of administrative to screener personnel. In particular, proposed changes to Hawaii’s administrative staff caught our attention as warranting more review.
3. Continue to study technologies or systems that will automate data entry functions at airports.
4. Reclassify administrative positions using more inclusive position titles to incorporate more of the functions employees perform and facilitate the hiring of administrative personnel.

In its response, TSA concurs with most of these recommendations, and indicates that it has recently started a comprehensive workforce review.

This is a smart response to the August aviation plot in the UK, tackling what many experts have believed to be the biggest vulnerability in the commercial aviation security regime today:

Airport workers are finding themselves subject to surprise screenings as the government issues new security tactics at airports nationwide. The changes are a direct response to this year’s foiled plot to blow-up America-bound airplanes.

Baggage handlers, gate agents, ramp workers and other airport employees who in the past were not subject to any security searches before the enter restricted and secure areas are now being targeted in this latest government effort to make airports safer.

….Sources say that the London terror plot foiled in August prompted U.S. officials to ramp up security after United Kingdom officials disclosed that some of the men arrested were airport workers. Until today, airport workers in the U.S. only went through an initial background check in order to get hired.

There probably aren’t sufficient resources today to have comprehensive inspection procedures for airport workers, and it probably wouldn’t deliver a high security return-on-investment. But developing a system of random spot checks is an effective investment, and can act as a strong deterrent against a plot that involves an airport ‘insider’ as a conspirator or accomplice. This should be quickly expanded nationwide, and random checks should take place not just at entry doors and gates but also at places deep inside the airport, and include the air cargo and general aviation areas within major airports - not just the passenger terminals.

As I noted last week, a segment on 60 Minutes on Sunday night looked at the issue of the government’s no-fly list, based upon an investigation that studied a copy of the list. The investigators found numerous flaws with it, most notably the fact that 14 of the 19 9/11 hijackers (presumably dead) were still on the list, and people with common names such as “Robert Johnson” are repeatedly flagged when they fly. The transcript of the segment is available here.

The segment was based largely on the reporting found in the new book “Unsafe at Any Altitude” by Susan Trento and Joseph Trento. I read a review copy of the book over the weekend, and while it was a compelling read, I’m not quite sure what to make of it.

The main argument of the book is that private aviation screening firms were falsely scapegoated after 9/11, and that today’s TSA performs worse at aviation screening than these private companies. The book tells the story of Frank Argenbright, the founder and namesake of one of the major screening companies at the time, arguing that he was personally scapegoated because of screening problems at the company in Philadelphia in 2000, even though (the book argues) the screeners at the company’s airports in Dulles and Newark performed their duties appropriately on the morning of 9/11.

The book suggests that TSA employees today “detect only about half the dangerous articles sent through airport security in tests,” in contrast with a “80 to 95 percent detection rate” by private screeners prior to 9/11. I’ve been a strong advocate of federal-run screening at the TSA, fearing an overly cost-driven race to the bottom if it is reprivatized, but this part of the book makes a credible case for examining a return to private sector screening - something that TSA is looking at today via the Screening Partnership Program.

So why am I not sure what to make of the book? Because amid this narrative are a few mind-boggling revelations, which if true, would require complete reassessments of the conventional wisdom about 9/11.

For example, on page 137 and page 192:

The biggest secret was that Saudi Arabian government agents whom the CIA had relied on for inside information on al Qaeda were, in fact, working for Osama bin Laden. Two of those agents were among the hijackers on American Airlines Flight 77 out of Dulles. Those two men were the ones the CIA and FBi had asked [Argenbright manager] Steve Wragg to watch on the video at Dulles Airport. The CIA had known since 2000 that they were in the United States, but it hadn’t notified the FBI until June 2001. The FBI had been looking for them all summer in connection with the October 2000 bombing of the Navy’s USS Cole off the coast of Yemen, but had not been able to find them.

….Prior to 9/11 senior CIA officials had convinced themselves that GID, the Saudi intelligence service, had placed agents inside al Qaeda. Because these two men - Khalid al-Mihdhar and Nawaf al-Hazmi - were thought to be Saudi agents, the CIA did not tell the FBI about them when they came into the United States from a terrorist summit meeting in Malaysia. Had the CIA shared what it knew, the FBI might have had a chance to at preventing the 9/11 attacks.

Read that passage twice. The authors are suggesting something that I’ve never heard before, and couldn’t find in any of the authoritative sources on 9/11 over the weekend - that two of the 9/11 hijackers were thought to be Saudi agents inside al-Qaeda but were actually double-double agents, and true members of al-Qaeda - who could have been easily tracked down in San Diego had information on them been shared with the FBI and other agencies. The ability to assess the verity of this claim is above my paygrade, but I have a hard time believing that 60 Minutes would associate itself with a book without vouching for its credibility.

Some other key revelations in the book:

• The reason that 14 of the 19 9/11 hijackers are still on the no-fly list is that U.S. intelligence agencies fear that the real hijackers stole the identities of other Saudis prior to 9/11;
• The first chapter of the book tells the story of Eric Gill, an Argenbright employee at Dulles who stopped an attempt by five Middle Eastern men dressed as airport employees to enter the secure zone of Dulles Airport on the night of 9/10/01…and later identified two of the men among the 9/11 hijackers;
• The book claims that “the CIA is routinely placing employees undercover with airlines and even as sky marshals” (page 195);
• The book describes incidents of finding bombs at airports after 9/11 that have heretofore been unreported, including one “found taped to a bathroom wall at the airport in Seattle.” (page 183)

Overall, I’m hesitant to accept everything in the book as fact, given the prevalence of anonymous sourcing, until there is further cross-checking of their findings. But for those who follow aviation security and intelligence issues, it’s a worthwhile read, and likely to stir up some lively discussion in the coming days and weeks. Here’s the link to it on Amazon.

The Government Accountability Office released a report today entitled “Terrorist Watch List Screening: Efforts to Help Reduce Adverse Effects on the Public.” It takes a close look at the existing watch list system, and the activities that have been taken to improve people’s ability to address the fact that they are incorrectly placed or identified on government watch lists. It contains a useful chart on Page 11 that shows the existing watchlist check process. And it notes current efforts underway to develop a government-wide redress process:

The Terrorist Screening Center, from its unique position as administrator of the consolidated terrorist watch list, has noted significant differences among agencies in providing watch-list-related redress. For instance, whereas the Transportation Security Administration has designated an official accountable specifically for redress, U.S. Customs and Border Protection does not and also has not followed consistent procedures in referring appropriate redress queries to the Terrorist Screening Center. Thus, at the Terrorist Screening Center’s request, the Department of Justice is leading an effort to develop an interagency memorandum of understanding to ensure that opportunities for redress are formally documented and that agency responsibilities are clear, with designated officials specifically accountable for supporting the continued success of watch-list-related redress. This effort, according to the Terrorist Screening Center, has been ongoing since fall 2005, and a final draft of the memorandum of understanding is expected to be ready for interagency clearances by fall 2006. The Department of Justice and the Terrorist Screening Center have acknowledged that, upon finalization of an interagency agreement that documents the redress opportunities and designates agencies’ responsibilities, it is important that appropriately updated information on redress and points of contact be made available to the public, including updates of Web-based guidance.

This is an issue that Sec. Chertoff had promised progress on by the end of 2006, in his “Secure Borders and Open Doors” speech in January, noting then that DHS’s goal “is to establish a government-wide traveler screening redress process before the end of this year to enable travelers who have complaints or have legitimate issues to resolve those questions with one-stop shopping.” Hopefully sufficient progress is being made on this front. In the absence of an effective redress system, the public’s long-term acceptance of watchlisting efforts is likely to recede.

The United States and the European Union reached a final deal on the Passenger Name Record (PNR) dispute today, a negotiation forced by the European Court of Justice ruling striking down the prior agreement in May. DHS issued a press release this morning that puts a positive spin on the outcome:

I am pleased to announce the European Union (EU) and Department of Homeland Security (DHS) have reached a final agreement regarding Passenger Name Record (PNR) data which will allow us to make full use of passenger data as needed to protect our borders. This agreement provides the information sharing that I called for in August.

Under the agreement, U.S. Customs and Border Protection will have new flexibility to share PNR data with other counter-terrorism agencies within the U.S. government, carrying out the President’s mandate to remove obstacles to counter-terrorism information sharing. The new flexibility will apply to agencies within DHS as well as to the Department of Justice, the FBI, and other agencies with counter-terrorism responsibilities; sharing will be allowed for the investigation, analysis, and prevention of terrorism and related crimes. We are pleased that this U.S.-EU agreement promotes our joint goal of combating terrorism while respecting our joint commitment to fundamental rights and freedoms, notably privacy.

I am also encouraged that the agreement will allow the department to receive PNR data earlier, thus increasing our ability to identify potential terrorists. The department will in time obtain access to PNR outside of the 72 hour mark when there is an indication that early access could assist in responding to a specific threat to flights bound for the United States.

But the EU Politix website discusses another change from the current system that is less favorable to the U.S.:

EU justice commissioner Franco Frattini said that the new system agreed with the US department of homeland security met demands from the European parliament for a rebalancing of the previous agreement.

“We decided together to guarantee a new system for transferring data, which I believe is very good news,” he told journalists.

“In the past we had a ‘pull’ system, which meant the US was allowed to pull data directly from airline databases in the EU.”

“Now have a push system – the US must make a request to the airlines to give them the information.”

“There will be no direct access for US authorities – this was one of the main topics of our discussions in the parliament.”

The ability for CBP to share information with other counterterrorism and homeland security agencies is an important win for DHS. But this last item seems to me to be a critical loss from a counterterrorism perspective. The new system will facilitate watch list checks and name matches, but it sounds like it will be difficult and cumbersome to conduct link analysis and related queries using PNR data - which is what Sec. Chertoff has insistently said was needed following the UK aviation plot. It’s possible that DHS could jury-rig a system that allows it to conduct link analysis among data elements that have been “pushed” to them, but that seems more challenging from a technology perspective and likely less effective.

The website for 60 Minutes indicates that they plan to run a piece this Sunday looking at the US government’s no-fly list, and pointing out deficiencies in it. From the preview piece on the show’s website:

60 Minutes, in collaboration with the National Security News Service, has obtained the secret list used to screen airline passengers for terrorists and discovered it includes names of people not likely to cause terror, including the president of Bolivia, people who are dead and names so common, they are shared by thousands of innocent fliers.

Steve Kroft’s investigation, in which an ex-FBI agent who worked on its al Qaeda task force says the list of 44,000 names is ineffective, will be broadcast this Sunday, Oct. 8, at 7 p.m. ET/PT.

The former FBI agent, Jack Cloonan, knew the list that was hastily assembled after 9/11, would be bungled. “When we heard the name list or no-fly list … the eyes rolled back in my head, because we knew what was going to happen,” he says. “They basically did a massive data dump and said, ‘Okay, anybody that’s got a nexus to terrorism, let’s make sure they get on the list,’” he tells Kroft.

The “data dump” of names from the files of several government agencies, including the CIA, fed into the computer compiling the list contained many unlikely terrorists. These include Saddam Hussein, who is under arrest, Nabih Berri, Lebanon’s parliamentary speaker, and Evo Morales, the president of Bolivia. It also includes the names of 14 of the 19 dead 9/11 hijackers.

The most interesting part of the story is that certain highly-sensitive names - e.g. members of al-Qaeda known to intelligence agencies but not publicy known - are deliberately left off the list, for fear that it could fall into the wrong hands:

But the names of some of the most dangerous living terrorists or suspects are kept off the list.

The 11 British suspects recently charged with plotting to blow up airliners with liquid explosives were not on it, despite the fact they were under surveillance for more than a year.

The name of David Belfield who now goes by Dawud Sallahuddin, is not on the list, even though he assassinated someone in Washington, D.C., for former Iranian leader Ayatollah Khomeini. This is because the accuracy of the list meant to uphold security takes a back seat to overarching security needs: it could get into the wrong hands. “The government doesn’t want that information outside the government,” says Cathy Berrick, director of Homeland Security investigations for the General Accounting Office.

This should be an interesting segment on Sunday. It’s also supposed to contain content from the forthcoming book “Unsafe at Any Altitude,” as noted on the book’s website.