TSA Software Bug Creates Airport Bomb Scare 276
192939495969798999 writes "An article at CNN's website reports on a serious software bug at the Atlanta airport." From the article: "TSA screeners are given tests around the clock to check their alertness. Images of bombs and other suspicious devices that are hard to detect are put up on the X-ray machine, followed after a brief delay by an alert that reads, 'This is a test.' After reviewing a tape of the images, Hawley said the software failed to alert the screener of the test."
Fun with false images (Score:5, Insightful)
I didn't know the TSA employed such software to test their screeners. This incident raises the possibility of tampering with the software to either:
Given these possibilities, and given the fact that Wednesday's incident proves that such a thing is possible, I'm betting the TSA is currently debating whether or not the decision to make the scanners capable of displaying false images in the first place was a wise one.
Re:Fun with false images (Score:5, Insightful)
3. Display "This is a test" right after Mr. Terrorists luggage containing dangerous items has passed through the X-Ray machine.
Re:Fun with false images (Score:2)
Re:Fun with false images (Score:3, Insightful)
Honestly I'm not terribly concerned about safety. The ONLY reason the 911 terrorists succeeded was because of our policy of cooperating with hi-jackers which was based on the presumption that they wanted to survive the effort themselves. That policy is no more. Frankly I feel we'd be better off if everyone came on board armed with knives or sidearms (if properly trained).
Re:Fun with false images (Score:2)
Re:Fun with false images (Score:2)
Letters made out of the stuff that shows up in xrays such as... I dunno... metal?
Re:Fun with false images (Score:5, Insightful)
This is very, very similiar to the "click ok to continue" problem which plagues Windows, and is really the root cause of many spyware installs. If warnings are too frequent, users treat them as irritations that they need to get around rather than important info that they need to read, understand, and pass judgement on. In this case, all that needs to be done is to up the frequency, something that shouldn't be too hard to do.
Re:Fun with false images (Score:3, Insightful)
With "Click OK", you are expected to respond to a warning/message box. You become desensitized to the warning and just click "OK". The system provides no feedback about this whatsoever. Click OK, and you're finished, you don't learn the repercussions of your act until weeks later (if ever).
With the airport software, the screener has to respond to images of contraband on the screen. In theory, after each test image appears, there will be a messag
Re:Fun with false images (Score:5, Funny)
Re:Fun with false images (Score:3, Insightful)
This is all standard psychology: People aren't good at finding rare exceptions in repetative data. That is one of the reasons we invente
Re:Fun with false images (Score:5, Interesting)
does it heck... they'll still be bored to tears...just petrified of missing one of the random tests... can you imagine driving along the highway minding your own business when software in the car does an awareness check on you by popping up an image of a kid running across the road??? well this is similar...
they've got devices coming out for cars and trucks that test driver awareness far more subtly than just popping up a test picture at random... the software actually monitors the drivers eye movements and other parameters... so there shouldn't be anything stopping them from doing something similar for this x-ray scanner application...
Then again, perhaps it would be better to dump the human out of the loop altogether and rely on AI to determine if an item of luggage warrants further attention... but these days it's still cheaper to use people to do it and pay them peanuts at the same time...
Re:Fun with false images (Score:2)
We need a science of AI first before we can do that.
but these days it's still cheaper to use people to do it and pay them peanuts at the same time.
A machine is (almost) always cheaper than a human. It can work 24 hours a day, doesn't need health insurance, doesn't need days off, etc, etc. The problem is that some jobs can only be done by hu
Re:Fun with false images (Score:3, Insightful)
Those can tell you if the driver is awake, but not if they are paying attention. Fortunatly, someone driving a car has to pay attention fairly routinely just to stay in the l
Re:Fun with false images (Score:2)
I'm not familiar with the devices in question, but I imagine it's fairly easy to tell if the driver is aware - when you're driving your eyes are constantly moving to scan the road for hazards. If you stop concentrating it's reasonable to think that you'll probably stop moving your eyes (so much) or at least the pattern of eye movement would change.
Fortunatly, someone driving a car has to pay attention fairly routinely just to s
Re:Fun with false images (Score:2)
And all of that looks much like looking around at the scenery, or looking for animals in the fields, or... None of which is concentrating on the road.
A suffi
Re:Fun with false images (Score:2)
You obviously don't drive very much, do you?
Re:Fun with false images (Score:4, Informative)
The fake bomb images are there to IMPROVE performance.
The DHS & TSA fund research into optimizing human search. This implementation is a practical application of very recent research.
I refer you to
http://search.bwh.harvard.edu/pdf/WolfePrevalence
which is part of the research of Jeremy Wolfe's lab
http://search.bwh.harvard.edu/ [harvard.edu]
Just read the first the first few paragraphs of the Nature paper I linked to understand the point.
Re:Fun with false images (Score:3, Insightful)
I've had design meetings practically come to blows when similarly asinine suggestions were made in the context of things that by comparison were about as critical as a recipe database. Yes, you would think in "system to positively identify bombs" the flowchart box labeled "automatically and without further inquiry disregard positive image of bomb" would raise a few eyebrows. Geezuz.
Re:Fun with false images (Score:3, Insightful)
More importantly: After enough false alarms, the screeners will more likely not react should a real bomb appear. "Oh well, surely just another software fault, just like the three we've had earlier this week. We better don't scare our passengers again
Re:Fun with false images (Score:2)
Re:Fun with false images (Score:3, Insightful)
The TSA funds fundamental research in sustaining human performance in search tests to ensure that these baggage screeners are performing well.
One thing that has been found is that the human brain cannot keep searching efficiently for something that never appears, you just tend to zone out. We're not robots after all, and searching day in and day out for a 1 in a million event that may not occur for months or years is not a task we're equipped to do.
By giving
Re:Fun with false images (Score:2)
False image is displayed. System does not notify user that the image is false:
As we have seen, the terminal grinds to a halt until a programmer can validate that ther really is no bomb.
Actor hired by the TSA, carrying proper ID, passes a false bomb:
The actor and bomb, both easily verified by the use of ID and a trained bomb responder, are taken aside and safely dealt with. The terminal continues on business as usual in a matter of mi
Re:Fun with false images (Score:2)
To do the job of this software hack you would need actors working every airport in the country, day and night. The costs would be staggering.
Re:Fun with false images (Score:2)
Another possibility is to have the software notify the supervision prior to the image and require acknowledgement, and notify the screener after. That way, false alarms are minimized since the management should be aware, and no test is conducted without human
Re:Fun with false images (Score:2)
Re:Fun with false images (Score:2)
Here's some research.
http://search.bwh.harvard.edu/pdf/WolfePrevalence
Re:Fun with false images (Score:2)
The good news.... (Score:5, Funny)
Re:The good news.... (Score:2, Interesting)
No no, this happened in the US, not in the UK.
The US security would have gunned down the people around the suspicious traveler and missed him entirely.
Besides, the flight attendents for Delta pass out weapons during the flight. They come by with a cart full of aluminum soda cans which make very effective shanks. Just flatten the center of the can, give it a twist and voila! A metal cutting edge.You can even serrate it with a diamond hole puncher:
http://www.onlineriver.com/doorway/holepunchworld. cfm [onlineriver.com]
bwahahahahah! (Score:2, Funny)
inconvenient but reassuring (Score:5, Insightful)
Re:inconvenient but reassuring (Score:2)
Well, it wasn't exactly a "parallel-universe" as much as this chick from the future who took back her gun parts before this scientist dude put them back together and accidently killed himself, thereby sending shockwaves into the future, and creating the destruction of all mankind. Then there were lots of cool explosions around the time gate just before the brains in a bottle blew up. It's quite simply, really.
There is No Software Design That Is So Good ... (Score:5, Insightful)
Re:There is No Software Design That Is So Good ... (Score:2)
(I'M KIDDING!!! I love Perl.)
Not clever to desensitise them (Score:5, Interesting)
Re:Not clever to desensitise them (Score:3, Insightful)
It depends on what they do with the tests. If there are severe consequences for the operator if they miss one of the test images, then I doubt they'll be desensitized. On the other hand, if there's no consequence for being a slacker, you'll see a group of operators hudding around the display la
Re:Not clever to desensitise them (Score:2)
Re:Not clever to desensitise them (Score:4, Insightful)
Re:Not clever to desensitise them (Score:5, Interesting)
I'm sure if they miss several of the test images they could get fired or reprimanded. Just like any job, once you are monitered people are forced to work better, for example my job, if a copy of my desktop was captured and sent to my boss at a random interval I would not be making this post.
Re:Not clever to desensitise them (Score:2)
Hope you're never my boss! By the way my bosses would never question a little personal web browsing so long as it doesn't interfeer with getting my work done.
Re:Not clever to desensitise them (Score:3, Insightful)
That doesn't even make any sense. This is training, you WANT people to see these things. You WANT them to have experience reacting to stuff they think is real. How do you expect them to identify bombs in suticases if they've never seen examples,
Re:Not clever to desensitise them (Score:2)
It's one thing to learn to identify a bomb on an X-ray machine. It's quite another to have them randomly flash the image through when you're actually doing the work then a "just kidding" message.
Hell that's like always training with live ammo. Sure you'll get soldiers who are use to the pressure but expect to send a few
Re:Not clever to desensitise them (Score:3, Insightful)
The only way to test the screeners and keep them alert is to give them events to respond to. The problem with the system as d
Re:Not clever to desensitise them (Score:2)
You do realise they shoot suspected terrorist bombers and ask questions later don't you?
Come on. There's a flaw in y
"calm" is not "desensitized" (Score:5, Insightful)
The same ones that know that combat simulations help cops and soldier generally make more level-headed decisions. The same ones that know that simulating in-flight emergencies in flight simulators takes the "holy crap!" out of handling such things. There are VERY good reasons that you want your bag screeners to be able to react calmly or subtly to what they see on the screen in front of them. They may need to be able to signal armed support, depending on their assesment of the person in line, without Freaking Out while they're looking at their equipment. These are supposed to be professionals, and it sounds like the person involved acted like one (absent the "this is a test" message).
Re:"calm" is not "desensitized" (Score:3, Insightful)
To use your own example you don't simulate in flight emergencies on real flights. You do it in a controlled environment usually in a simulator. If you don't have access to that or want to do more realistic simulations you're very careful about recovery conditions (eg. you simulate an engine failure by throttling back to idle, but you don't actually cut your engine).
Similarly it
Re:"calm" is not "desensitized" (Score:3, Insightful)
Unfortunately, there are plenty of situations where training has to occur in situ for it to be realistic. Obviously you're not going to perform
Re:"calm" is not "desensitized" (Score:2)
There's another thing to be mindful of here and that is that military applications are different to civilian (or at least should be). Your average citizen should not expect to be put in a life or death situation, whereas that is what the military is paid to do - defend even at the cost of t
Re:"calm" is not "desensitized" (Score:2)
Adrenaline is not your friend. Sure, when we where hunter/gatherers it could help put a little pep in your step when the tiger charged, but in modern times, adrenaline almost always makes you make bad decisions in emergency situations. The point of having drills over and over is to get you to keep your head level and not freak out and run. There are many more proper responses to emergencies than fight or flight.
Re:Not clever to desensitise them (Score:2)
This Braniac did (Score:3, Insightful)
Jeremy Wolfe, possibly the world's foremost expert on human performance in visual search tasks did.
You can read about his research on his publications page here.
http://search.bwh.harvard.edu/recent_publications. htm [harvard.edu]
Check out the one called "Rare items often missed in visual searches. " This research, among others in the field, is funded by the DHS for precisely this purpose. May I add that the turnaround time from primary research to application is excellent. Jeremy and
Re:This Braniac did (Score:2)
By the way, you used a computer to type this post didn't you?
Re:This Braniac did (Score:2)
You do realise it takes both practical people and academics to make the world go round right? Just as you realise that being condescending isn't going to make you any friends? Or perhaps you fit a different stereotype...
Re:Not clever to desensitise them (Score:2)
quote from big trouble: (Score:5, Funny)
Airport Security Checker: What is this?
Snake: A garbage disposal.
Airport Security Checker: A garbage disposal?
Snake: Portable.
Airport Security Checker: You'll have to turn it on.
Snake: It's got a timer.
[turns the switches of the bomb on]
Snake: Grounds up your garbage, while you're out.
Re:quote from big trouble: (Score:2)
Re:quote from big trouble: (Score:3, Funny)
Re:subtle 9/11 humor (Score:2)
Sounds pretty good to me (Score:5, Insightful)
Willie Williams, the airport's federal security director, said the screener saw something suspicious and notified a supervisor. The two manually rechecked all the bags on the conveyor belt but could not find anything resembling what was seen on the screen, Williams said.
Put aside the software failure and I'd say this was a more successful test than the actual test. I mean, if screeners know this kind of thing is going to happen every so often and they see something suspicious, they may become a bit jaded after a while and assume it's a test, even if the indication doesn't appear. This screener took no chances and called a supervisor and then went about trying to find the device. I believe that's how the system is supposed to work.
So the software failed, but in the end it didn't really fail, because it showed someone was doing their job as they were supposed to be.
Re:Sounds pretty good to me (Score:2)
So if they become jaded and just let anything pass assuming it's a "test" then they would fail the test.
So I don't think this will result in them letting bombs and weapons through because they assume it's a test.
Re:Sounds pretty good to me (Score:2)
Well, the supervisor didn't seem to know it was a test, or he wouldn't have gone to all the trouble to stop the conveyor and search for the bag. So in essence it tested not just the screener, but the screener's supervisor as well.
So I don't think this will result in them letting bombs and weapons through because they assume it's a test.
Maybe not, but never underestimate the apathetic state of the go
Re:Sounds pretty good to me (Score:2)
For instance, I flew to Ottawa [from Toronto] a few weeks back. I had a motherboard with me. I told the security guy "please don't open that box it's static sensitive". So he didn't.
That right there should be a red flag.
Often I carry dozens of adapters and cables and boxes and such in my knapsack. Sometimes they actually take their time looking at the mess [occasionally sending it through a 2nd ti
Re:Sounds pretty good to me (Score:2)
Re:Sounds pretty good to me (Score:2)
These "self-important" folk who put off everyone else for their own selfish needs... well if they were so important the meetings would wait for them. Or if they were so professional they'd be smart enough to book flights with enough time to get where they need on time.
I like that while I fly I don't need to be replying to emails or that I can take a 20 minute "tom time" break between events and shit.
And really, I don't dress up and talk all MBA'ish but I still work at the
Re:Sounds pretty good to me (Score:2)
--jeffk++
Re:Sounds pretty good to me (Score:2)
Re:Sounds pretty good to me (Score:2)
Re:Sounds pretty good to me (Score:2)
Actually, the sad thing is that it was the software that failed and the human factor that did the right thing. I always thought the opposite was more likely to happen.
Re:Sounds pretty good to me (Score:2)
Re:Sounds pretty good to me (Score:3, Interesting)
So in your opinion it didn't fail, and it's a reasonable arguement but what about from the traveller's perspective? I have been on the recieving end of a mistaken item in my bags.
airportsecurity: "What do you have in your bag that is a metal coil?!"
Me:"Nothing."
airportsecurity:"Tell us what you have in your bag that is a metal coil before we check it or we will be fo
Re:Sounds pretty good to me (Score:2)
Perhaps. And perhaps in the past someone has let something pass they shouldn't have precisely because this happened and they made the assumption it was a test. It's hard to say. That's the problem -- we're going on one report about one incident and the article isn't too clear on how many times this may have happened in the past.
Re:Sounds pretty good to me (Score:2)
I asked - I couldn't help myself. It's both random and if there's suspicion of funny business. I travel with some medical equipment in a small case. It almost always gets the sniffer treatment because it looks a little suspicious. Now and then my briefcase gets the same treatment. After a couple of times of that, I asked. They pick eve
Race conditions... (Score:5, Interesting)
How frequent are these "tests" given? Once every 10 minutes...30 minutes? What are the chances that they coincide with an actual suspicious device, which the screener would then assume was part of the "test" which happened to occur simultaneously.
Re:Race conditions... (Score:3, Interesting)
I assume they "cut in" these test on the conveyor belt, meaning you see n+1 suitcases instead of n real ones. So if you see two suspicious devices and one "this is a test" message, you'll know that message doesn't cover both of them. I suppose it could happen that
Re:Race conditions... (Score:2)
suspicious device, which the screener would then assume was part of the "test" which happened to occur simultaneously
What difference would that make? Whether it's assumed to be part of a test or not, sole acceptable action is the same: report it and don't let the luggage through until the issue is resolved.
Good! (Score:4, Insightful)
As for the software, all software has bugs. I'm just glad that someone found out that it wasn't something terrible getting on a plane.
Re:Good! (Score:2)
Guess we will have to wait a few days to see if one goes down.
Re:Good! (Score:2)
Re:Good! (Score:2)
I think that is the main problem. As you said, all software has bugs. That is why humans should not work like a robot following protocols, without using their brains (this way you are using the brain of the guy who designed the protocol, who may not forecast all possibilities). I'll bet the next big strike against US will be done by someone who will find a glitch on a security protocol and will exploit it, the same w
Brazil.... (Score:3, Funny)
SAM: You got the wrong man.
JACK: (a little heated) I did not get the wrong man. I got the right man. The wrong man was delivered to me as the right man! I accepted him, on trust, as the right man. Was I wrong? Anyway, to add to the confusion, he died on us. Which, had he been the right man, he wouldn't have done.
SAM: You killed him?
JACK: (annoyed) Sam, there are very rigid parameters laid down to avoid that event but Buttle's heart condition did not appear on Tuttle's file. Don't think I'm dismissing this business, Sam. I've lost a week's sleep over it already.
SAM: I'm sure you have
JACK: There are some real bastards in this department who don't mind breaking a few eggs to make an omelette, but thank God there are the new boys like me who want to maintain decent civilized standards of terrorist eradication. We've got the upper hand for the moment, but they're waiting for us to slip up, and a little slip- up like this is just the chance they're looking for.
--- Brazil [corky.net]
This is NOT a test (Score:2)
Oh well, guess we'll shut it all down.
Okay haven't they already thought of this scenario? Isn't there an alternate verification process that doesn't involve computers?
Oh well, I learned to give up worrying altogether when flying.
Oceanic Airlines [oceanic-air.com] has a very good safety record, I think I will fly them next time.
I feel safer already.
Audio also revealing (Score:3, Funny)
This is only a test... (Score:3, Interesting)
Why malicious items? (Score:5, Insightful)
How about pictures of assorted dildos/vibrators? No, I'm serious. That'll catch your eye, male or female.
How about 'to scale' midgets (wow, that sounds awful... as much of a joke as it is) fighting in a mini suitcase?
Or a very carefully and perfectly laid out bra of panty?
Seriously, give these people something they wouldn't mind seeing (well, sans the dildo/vibrator) and you'll get (1) a chuckle and (2) some extra energy for productivity.
You know, on second thought, I'm going to patent the concept, brb.
Re:Why malicious items? (Score:2, Insightful)
Re:Why malicious items? (Score:2, Insightful)
Sounds like good training...NOT (Score:2)
Speaking as an Ex-TSA-Screener (Score:2)
maybe this explains the past 5 years (Score:4, Funny)
Virtual vs. physical tests (Score:4, Interesting)
The operator would observe the item, stop the machine, look up, and the supervisor would then inform them it was a test. If you failed the test, you'd be disciplined. Fail too many, and you'd be fired.
You might think that this test would be too easy because you would see the supervisor approaching, but most of the time the operator is so focused on their screen that they don't look at the passengers. Still, there were only a limited number of fake items so you got good at recognizing them. It seems like these new electronic tests have the advantage of offering a much larger variety of images.
On the plus side, if you actually caught somebody trying to smuggle a bomb onto a plane, you were eligible for a massive $100 reward. I always thought the risk/reward ratio of X-ray work was too low, so I preferred to do less stressful jobs like escorting children and disabled passengers.
The Real Explanation? (Score:4, Interesting)
Blaming technology is an easy thing to do, and very common in Atlanta. It is an explanation that makes people laugh with frustration and lose interest quickly in the story. Even better, there's no one that has to take the fall and take the blame for the problem. It's a common tactic that's been used a lot. In a city that doesn't want to scare or blame any person or corporation, technology is an easy scapegoat.
Certainly the situation could have been a technology failure. The problem is that it took so long for them to let the public know what the cause was. The security lines were opened, what?, two hours or so after the panic that caused them to be closed. But no explanation then. No explanation came forth until the next day in fact. Either they opened up the security lines when they were unsure of what was on those screens (gleep!) or they knew what the explanation was and knew there was no real security risk. But why keep the cause secret for so long afterward if it was a simple technology error? My opinion was that they needed to find a better scapegoat; and concocting a plausible way to blame technology (as usual) took a bit of time.
While the baggage screeners might not know when random tests are run, their supervisors damn well should. If baggage inspection is a real time operation it'd be tragic if a "test" image with a fake bomb appeared over baggage with a real bomb. While the screeners are in the dark as to when the tests are run, the security system itself should clearly know when the tests are run.
Hey, here's an idea. Cut some metal words out of old scrap metal and make the phrase "This is a test" and put it inside your luggage. I wonder what kinds of things you could get through the screening system
Great, I can see it now (Score:2, Funny)
How retarded can we get?
Worked for TSA (Score:2, Insightful)
The bombs by the machine are often obvious and are placed in funny spots where normal packing wouldn't be, so it's usually fairly easy to identify them.
How to sneak stuff into luggage (Score:3, Funny)
I see the parody now: (Score:5, Funny)
snake! snake (this is a test)
And repeat.
Meanwhile, in the airport... (Score:3, Interesting)
They were real good about opening up all the security lanes to clear the backlog. Actually, I had subscribed via web to the airport line monitor service. My first page before I left to the airport was 10 minutes and this was after a buddy at the airport told me to get my butt down there for my flight early. The second page said "over 2 hours", the third was 30-45 minutes and the last said 1.5 hours to get through security. Seems like this is based on wild ass guess rather than more industrial engineering means.
Re:ROFL! (Score:4, Informative)
"Atlanta's Hartsfield International Airport is the world's busiest passenger airport, with 77,939,536 arrivals, departures, and transfers in 1999. Atlanta bypassed #2 Chicago-O'Hare in 1998 to become the world's busiest."
Re:ROFL! (Score:3, Interesting)
http://www.airports.org/cda/aci/display/main/aci_
Re:ROFL! (Score:2)
Re:Uber weakness (Score:2)
Then it would never be implemented. You can only test so long before you have to put it in the field.
And then, how do you test new people on the line? By running a test exactly like this one.