Jun 212012
 

The time has come for the TSA to stop abusing innocent travelers, and to get real about focusing only on terrorists.

The TSA is focused on finding specific outlawed things on people and in their possessions as they pass through airport security.  As we have regularly explained over several years, this is a misplaced focus.

The problem with this approach is that tomorrow’s attack will exploit a vulnerability that the TSA has not yet thought of.  Every recent actual and foiled terrorist attack has involved a vulnerability that was not previously on the list of forbidden/dangerous items.  Whether it be box cutters, liquids, or shoe bombs, none of these things were being screened or banned prior to the use (or attempted use) of them by terrorists.

The TSA needs to focus on people, not on what they have with them.  If they can find the suspicious people, then they can at that point focus all their poking and prodding and radiating on just those people, while allowing normal ordinary safe people (99.999999% or more of all airline passengers) to continue on their way free of molestation or dangerous X-ray exposures.

Look at all those 9’s above.  Yes, less than one in one hundred million passengers might possibly be a terrorist.  A TSA officer, at present, has better odds of winning the lottery than finding a terrorist.

The TSA itself is slowly recognizing the need to try to find people, rather than things.  But it is not responding appropriately to this need.  It has BDOs – its behavior detection officers – on patrol in airports now.  Unfortunately, these people have proven to be 100% useless.  While great at harassing ordinary people, and catching parking ticket scofflaws, they’ve yet to find a terrorist.

This is not a new revelation either – we have also written about this regularly before, for example, this Dec 2010 article.

The TSA has even taken its first halting steps towards accepting that some passengers are less of a threat than others.  At least in theory, if you are now very old (or very young) you might get through security with less hassle.  And if you are one of the lucky few invited to sign up for their priority preferred system (‘Pre Check’), you again might get through security with less hassle, in some airports, some of the time.

But the TSA continues to treat the rest of us as all equally suspicious; a totally nonsensical approach.  However, there is an underlying issue that needs to be addressed – if they are to struggle to get smarter in what they do and who they do it to, how will they have a very high-probability way of effortlessly identifying low risk and high risk passengers?

CAPPS II – Ahead of its Time

Back in 2003, there were plans mooted for the TSA to data-mine public databases and combine data points such as your credit rating, your tax return, and/or various other things, together with your frequent flier information, details of your travel reservation, and such other security type data the TSA could put together and use this to create some sort of a score to rate your level of potential terrorism.  This was to be termed CAPPS II – Computer Assisted Passenger Prescreening System 2.

CAPPS II was to follow on from an already existing much more basic system, CAPPS.  This was and still is the system that panics if you buy a one way ticket, and pay for it with cash, at the last minute, deeming, in its simplistic way, this means you’re a terrorist bomber flying a suicide mission.

At the time it was proposed, CAPPS II was shouted down by many critics – including ourselves,  It was seen not only as a dangerous new level of intrusion into our lives and our personal privacies, but also as an opaque unanswerable system prone to ‘false positives’ – ie, you might be selected as a potential terrorist and not know how or why you were selected.

It did not proceed to implementation, being cancelled in 2004.

Other Databases Have Grown

But that was then.  This is now.  In the intervening years since the CAPPS II proposal, a lot has happened.  We might not have a CAPPS II database, but we have rampantly growing No Fly lists and even larger Watch Lists of people deemed to be suspicious for reasons the rest of us can only guess at.

Change occurred in the rest of the country and world, too.  The internet, still young, has now become vast and all encompassing, and what was first thought to be an anonymous means of doing things has now evolved into a system that tracks our every click.

Google became a public company.  Facebook appeared and grew to dominate much of the internet, while learning more and more about ourselves, our friends, and every part our lives – not by stealth, but because we volunteer that information to it.  Facial recognition technology can now look at a photo we post online and identify the other people in the photo with us, building up a network of who we know.

Everyone now has personal cell phones they use for calling and texting to other people, providing new databases of information about who we contact that were not previously possible when we were all sharing regular landline phones with other people.

In part because of the growing abundance of new source data that we are revealing about ourselves, and the growing ‘footprints’ we leave behind on our internet activities and our life in general, and in part due to the continued reduction in computer costs and the growth in computer power, private databases have become incredibly more sophisticated (as have federal databases too).

With that as introduction, we urge you to read this NY Times article about Acxiom – a company that processes more than 50 trillion data ‘transactions’ that helps it to define everything about the lives of 500 million people, including most US adults.  Acxiom has, on average, 1500 data points about each person it tracks.

As the NYT article explains, Acxiom already knows our political views, our age, gender, race, height, weight, education, employment, marital status, and who knows what else about us.  Acxiom is not even the biggest of such companies (Epsilon is bigger), and some individual companies also have incredibly clever databases – as witness this story in Forbes about how Target deduced a teenage high school student was pregnant before her own family knew.

Whereas in 2003, CAPPS II appeared to break new ground, today we are living in a CAPPS XX or greater world, whether we like it or not.  It is ridiculous to continue to object to the mild nature of CAPPS II when all around us, private companies are amassing more data – and probably more accurately – about ourselves and selling that data to anyone willing to pay for it than CAPPS II ever contemplated.

And So, the New TSA Model

Why not have the TSA simply buy a data-feed from Acxiom, Epsilon (or for that matter, Target!) and integrate that comprehensive data with other information from security and airline booking databases.

When we buy an airline ticket, the TSA could instantly get an analysis from the public databases, cross-checked against other databases, to determine if we are a regular bona-fide American citizen with no intention of doing anything other than traveling across the country one more time, or if we are a shadowy figure with no clear past and an interest in Muslim extremism.  Regular Americans, leading calm settled lives, should bypass security entirely – they just need to be ID checked to confirm they are truly the safe person their computer record shows them to be.

Only people with some sort of question mark in their profile would be screened.  Even if you set the suspicion level paranoically high, that would mean that 95% or more of all passengers could now walk from the airport entrance direct to their boarding gate, and the 5% of other passengers would no longer have to wait in line for security screening, blurred in with all the ordinary normal safe people all around them.

Oh yes, the TSA could reduce its staffing at least ten-fold, too.

  3 Responses to “The TSA is Now Obsolete”

  1. Agree. I suggest a place where flyers (why not inside security at airports where people have time to spare) can become “Secured Flyers”. Govt can check name, SS#, Tax returns, ask questions about prior employers, children, prior residences, passports held, etc. Then take both eye and fingerprint scans and a face photo. Then give them a password to remember or bar coded card.

    If they are approved, in future go through a “Secured Flyer” lane where they enter password, use eye/fingerprint scanner — their picture pops up on large TV and they pass on (about 10 seconds). One screener on far side of bank of 5 stations could be watching faces vs. TV monitor. Maybe a random bag check for 3% or unusual activity.

    Of course, govt. could always pull anyone off the list and, maybe, requalify every 3 years.

    On the other hand, I do not know why terrorists would not target other locations — so much easier and still create fear. Large crowds are always near sporting events, celebrations, concerts, crowded sidewalks, cruise ships, bridges, etc. It may not get the headlines of a plane, but could cause problems.

    • Hi, Mike

      Thanks for your comment. But, with respect, your suggestion is still based on ‘yesterday’s thinking’.

      Today, all the information you mention is available instantly and automatically, on-line. There is no reason to do anything in advance, or to get any sort of special status. And also it should be done every time a person flies, not just once every three years.

      Just about every terrorist there is wasn’t born a terrorist, but at some point in their lives, they changed their value system, their beliefs, and their actions. Many times less than three years elapsed between the point they ceased to be normal/safe and the point at which they were blowing themselves and others up.

      Due to the system being easy, simple, and quick, we should be requalified every time we fly.

      We also don’t need to have our pictures confirmed as you suggest – that is actually bad security rather than good. What would happen if a person changed their hair color, their facial hair, etc? How often would an ‘official’ photo need to be taken. Better to register a person’s fingerprints, iris pattern or other biometrics, and then have a machine simply confirm that the person in front of it matches their stored pattern data for the ID the person is claiming to have.

      I completely agree with you about the increasing vulnerability of other places where people gather in large numbers.

  2. […] how much companies know about us these days – clearly much more than the TSA does, as I commented here.  The biggest source of their information is none other than […]

Leave a Reply