Just a few weeks ago, we wrote about noted TSA-critic and security expert
(among other things) Bruce Schneier debating
former TSA boss Kip Hawley over at the Economist. While that debate was
interesting, you might be forgiven for reading a WSJ piece written by Hawley
and wondering if Hawley wasn't secretly replaced by Schneier. In the article, Hawley admits that the TSA
screening process is ridiculously broken, and even makes a few statements that
are almost word for word repeats of criticism Schneier
has directed in the TSA's direction for years. Here's
More than a decade after 9/11, it is a national embarrassment that our airport security system remains so hopelessly bureaucratic and disconnected from the people whom it is meant to protect. Preventing terrorist attacks on air travel demands flexibility and the constant reassessment of threats. It also demands strong public support, which the current system has plainly failed to achieve.
The crux of the problem, as I learned in my years at the helm, is our wrongheaded approach to risk. In attempting to eliminate all risk from flying, we have made air travel an unending nightmare for U.S. passengers and visitors from overseas, while at the same time creating a security system that is brittle where it needs to be supple.
Any effort to rebuild TSA and get airport security right in the U.S. has to start with two basic principles:
First, the TSA's mission is to prevent a catastrophic attack on the transportation system, not to ensure that every single passenger can avoid harm while traveling. Much of the friction in the system today results from rules that are direct responses to how we were attacked on 9/11. But it's simply no longer the case that killing a few people on board a plane could lead to a hijacking. Never again will a terrorist be able to breach the cockpit simply with a box cutter or a knife. The cockpit doors have been reinforced, and passengers, flight crews and air marshals would intervene.
Second, the TSA's job is to manage risk, not to enforce regulations. Terrorists are adaptive, and we need to be adaptive, too. Regulations are always playing catch-up, because terrorists design their plots around the loopholes.
All of that sounds good... but why wasn't that the way the TSA acted under Hawley's 3.5 year tenure at the helm? As he explains it, some of it was merely giant bureaucratic institutional momentum. Some of it was political. Some of it was his own fault. Basically, there were a number of reasons — not all of which are particular convincing for the public that's sick of the TSA, something that Hawley admits. While he does say that there are some things that make more sense than people realize (for example, he says that there are more reasons for requiring people to take off their shoes than people realize), there are other things that he admits are pretty stupid, such as the liquid restrictions. He notes that there are plans on someone's desk (which existed while he was at the TSA) that would allow people to bring the liquids they wanted — basically by setting up separate lines for those bringing larger volumes of liquids, which can be scanned with relative ease with a software upgrade.
In the end, he suggests a few key changes to the TSA process to improve not just the airport experience, but also the safety of flying. And he notes all of these could be implemented in a matter of months if the TSA wanted to do it:
1. No more banned items: Aside from obvious weapons capable of fast, multiple killings—such as guns, toxins and explosive devices—it is time to end the TSA's use of well-trained security officers as kindergarten teachers to millions of passengers a day. The list of banned items has created an "Easter-egg hunt" mentality at the TSA. Worse, banning certain items gives terrorists a complete list of what not to use in their next attack. Lighters are banned? The next attack will use an electric trigger.
2. Allow all liquids: Simple checkpoint signage, a small software update and some traffic management are all that stand between you and bringing all your liquids on every U.S. flight. Really.
3. Give TSA officers more flexibility and rewards for initiative, and hold them accountable: No security agency on earth has the experience and pattern-recognition skills of TSA officers. We need to leverage that ability. TSA officers should have more discretion to interact with passengers and to work in looser teams throughout airports. And TSA's leaders must be prepared to support initiative even when officers make mistakes. Currently, independence on the ground is more likely to lead to discipline than reward.
4. Eliminate baggage fees: Much of the pain at TSA checkpoints these days can be attributed to passengers overstuffing their carry-on luggage to avoid baggage fees. The airlines had their reasons for implementing these fees, but the result has been a checkpoint nightmare. Airlines might increase ticket prices slightly to compensate for the lost revenue, but the main impact would be that checkpoint screening for everybody will be faster and safer.
5. Randomize security: Predictability is deadly. Banned-item lists, rigid protocols—if terrorists know what to expect at the airport, they have a greater chance of evading our system.
I think it's reasonable to criticize him for not doing more to get these changes in place while he was still in charge, but at least he's speaking out now. One key point in all of this, which often goes unnoted in the discussions of security theater, is that it often makes us less safe by the incentives it creates for TSA scanners. Above, one of his suggestions is to get rid of banned items, because of the "easter-egg hunt." As he notes elsewhere in the article, one of the problems with today's system is that agents become so focused on finding the specific "banned items" that they miss real threats. He relates the story of a test where agents were so focused on finding cigarette lighters that they missed bomb parts packed in the same bag around the lighter.
Of course, the problem in actually getting Hawley's ideas implemented remains the biggest hurdle. As much as the public hates the TSA screening process, no one is willing to make a change like this, because when an attack inevitably gets through (as it would with or without today's procedures), then the "new" security screening process will inevitably be blamed. As such, whoever agreed to put in place such a security regime would inevitably be sacrificed for "failing" in his or her job. So, you shouldn't necessarily expect any significant changes any time soon. Instead, it'll be yet another showing of traditional security theater... for old time's sake.
FORTRAN is a good example of a language which is easier to parse using ad hoc techniques. -- D. Gries [What's good about it? Ed.]