This article makes some big leaps. It says in the fourth paragraph: "Since 9/11, the U.S. has spent more than $1.1 trillion on homeland security." It seems to imply that this is mostly because of wasteful TSA-like spending.
The Department of Homeland Security's FY11 budget authority was around $56 bil. The TSA only accounted for 14% of that money. [1]
Just for perspective -- top 5 slices of DHS's FY11 pie: U.S. Customs and Border Protection (20%), U.S. Coast Guard (18%), Transportation Security Administration (14%), Federal Emergency Management Agency (12%), Immigration and Customs Enforcement (10%).
Don't get me wrong, I'm not a huge fan of the TSA... I think we all feel a little silly as grownups waiting around in a security line in our socks. But I don't think all the hand waving about "security theater" is really justified. And there are probably quite a few things that fall under "homeland security" that aren't so controversial. Disaster response? Maritime search and rescue? Enforcement of fisheries conservation regulations? Border protection?
[1] All numbers from DHS's "FY 2011 Budget in Brief"
There have been quite a few articles over the last decade pointing out that the creation of DHS as a whole has been quite a waste of time and money with little benefit.
Katrina showed many of the problems with FEMA, though it seems to have improved since then. I'm not sure why enforcement of fisheries conservation belongs under DHS, and as someone who does a good bit of offshore fishing I'm not very happy with they way they over-regulate/enforce on recreational fishermen who would have a hard time making a dent in most populations while (seemingly) turning a blind eye to commercial efforts destroying them.
Others I don't have any insight into, but it seems that DHS has mostly the creation of a huge number of bureaucrats who's major responsibilities involve insuring that the money allotted is spend so that the same or more can be requested for the next fiscal year, with the actual agencies under it getting a smaller piece of the pie and more barriers to actually doing work than before.
I presume it includes homeland security grants as well as TSA. The LA Times reports http://www.latimes.com/news/nationworld/nation/la-na-911-hom... that "Attacks, Federal And State Governments Are Doling Out About $75 Billion A Year On Domestic Security".
That presumes that "the U.S." means federal and state spending, and even over 10 years that plus the TSA budget is still only $850 billion, so I don't know how they tally the rest.
I'm a little disappointed with the article when compared to my expectations given the title.
Besides using a fraudulent boarding pass, the journo didn't "test" the TSA in any meaningful way. This wasn't like the experiment where a guy got a gun on a plane using his wheelchair, for example. While the article has great information and I agree with almost all of it, I would like to see people demonstrating the uselessness of the TSA rather than just talking about it.
Like three weeks ago I was leaving vegas and accidentally left a pocket knife (4" blade) in my bag.. I opted out of the full body scan, (rumors of cancer, and the line was shorter) for a pat down... it's an intense pat down im pretty sure they definitely touched some private sensitive areas, they also left the 4" knife in my bag theres tons of stories like this too..
Agreed, but this is a major building-block in that it allows evildoers to make multiple trips through security to deliver small amounts of items without detection.
You don't even need photoshop to modify your boarding pass.
(These steps work with Opera, I'm not sure about other browsers)
1. Go to print your boarding pass
2. View source
3. Modify any information (such as adding something to show First Class/A-List/etc)
4. Click Apply Changes to make the changes to the HTML show up in the page
5. Click Print
A perfect boarding pass with any information you want.
What could someone do that's on the watch list? By a ticket under an assumed name, then print out two boarding passes, one with their real name that matches their ID, then another with the assumed name.
Since the no-fly list check is only done when the ticket is purchased, use the real ID with real name boarding pass at security to get through (they won't check you against the list). At the gate, go ahead and give them the real boarding pass with the fake name (they won't check your ID at that point).
* I am in no way advocating that you do this, just that it's possible and demonstrates a weakness in security
Do you have references that the list is only checked at purchase time? As for the security hole.. you have a credit card under the assumed name as well? If they were smart they could simply flag first time fliers and anyone who flies under a ticket purchased by someone else for extra checks. Cash ticket purchases require real ID at the ticket counter or Western Union and presumably you'd get checked there as well.
I wish we could get rid of the TSA and spend that resources somewhere else, CIA, FBI, NSA, hell send it to DoE, NSF, maybe fund (more) research in practical(?) renewable energy.
But killing the TSA is never going to happen. No career politician is going to commit political harikiri to shut it down.
- I do not mind the free hand rubs at the airports though.
America's had a decade of airport frustations and no new (successful) attacks to re-inflame their fears. While it may be impossible to undo the existence of the TSA, a "common sense" reform initiative would probably be very popular, possibly even bi-partisan.
Sadly, the biggest obstacle would probably be the fear of eliminating jobs, which no politician wants to be known for, even if those jobs are mostly a waste of human labor. This is a broader problem of government bloat, and probably out of the scope of this discussion.
Before the TSA, we had xray luggage scanners and metal detectors world wide. Now how the majority of the public interacts with the TSA at airports, you go through a metal detector or body xray and xray luggage scanners. What else has changed?
I've thought about that and I wonder if it couldn't be gotten rid of by scaling back its activities over time and merging its duties into another organization until it gets swallowed whole.
This is not a place for political discussion (so please don't make it one, people!), but he certainly qualifies as a career politician, having been in congress 35 years.
EDIT: lots of downvotes... I'm just stating a fact in response to the DrJ's statement... what is the cause for your downvoting?
One point I've read elsewhere is that successful Islamic terrorists are a single-use resource, what with their habit of killing themselves during the attack. This means all their terrorism skills are lost with the successful attack, and the pool of competent terrorists shrinks. Not to mention, the wealth of experience and on-the-ground information is lost as well.
The people with the knowledge are the bombmakers etc; the people carrying the bombs need very little knowledge apart from "push the button at the right time".
Who here did not think of Bruce Schneier after reading in the lead paragraph: "...that’s the conclusion of Charles C. Mann, who put the T.S.A. to the test with the help of one of America’s top security experts"?
The last time I went through the airport they did the hand wipe thing. I said "You think terrorist are smart enough to wear gloves when working with chemical explosives?" She shrugged and said "All Clear!"
And yeah... the next wave of 'terrorist' attacks won't be airports, but probably consumer-level areas or something that directly affects a large number of every day people (or, just, threatens to): malls, restaurant chains, etc.
I posited this idea to friends/family back in 2002: have a large number of geographically distributed attacks on salt/pepper/condiments at chain and independent restaurants around the country at the same time. Dozens/hundreds would get sick or die, and confidence in the food supply would be disrupted for weeks at minimum. "terror-proof" condiment dispensers would be developed, and required on flights (cause our anti-terrorists will still be focused on flying), and it would cost probably $500 in drugs to spike salt/pepper shakers around the country.
People thought I was crazy (or a terrorist), but I could swear I read of this being reported on (on a small scale) in 2005 or 2007 - Miami perhaps?
I don't understand. The agents at the gate always check the boarding pass validity (with the code scanner) and check the name on it against my ID. I haven't tried it but i can imagine that the system wouldn't allow two boarding passes with the same code. Is it that here in Europe we do things properly or did I misunderstood the faking of the boarding pass?
In the United States two people look at your boarding pass: the TSA (at the entrance to security screening), and the airline (while boarding the plane).
The TSA also checks your ID. In most airports, the TSA is NOT online and merely looks at the printed boarding pass to make sure the name matches what is on your ID, your flight is for today, etc. In most cases the airline does not bother checking ID again, assuming that the TSA checked it.
You would not get on a plane with a fake boarding pass, but you do get into the secure area.
Because IDs are not checked by the airline, forging a boarding pass would allow you to board a plane with any name you want on the ticket -- the name on the ticket doesn't have to be your "real" name (it doesn't have to match your photo ID). This means that the TSA's various "no fly" lists, which are just lists of names of people that they've compiled that are "too dangerous to fly", are easily defeated.
Your boarding pass is scanned by a barcode reader, and the computer does seem to pick up invalid passes, but I don't think that is the point.
The TSA has made some kind of a big deal about only allowing "ticketed passengers" into the gate areas. However, their check of this comes down to ensuring you have a piece of ID that matches the name on a piece of paper you bring from home.
To use an example from the story, you could have 20 people who are not travelers each smuggle a component of a bob through security (a portion of a liquid, ptex, etc.) and then give those components to a single flyer with a valid ticket (who would have presumably gone through security with NO contraband at all, so as not to burn his identity if he accidentally went through a line with an alert agent).
There is also the simple matter of basic vulnerability testing. If you have to spend $500 on a ticket to get a trip through the TSA line, it's very costly to test the edges of the system. If you can go through the line 4x per day at 3 different airport terminals, or multiple airports that are in close proximity to each other, then you can easily run 100 test scenarios in a week about how the lines are managed, processed, etc.
As an example, I travel frequently and don't like dealing with the full-body scanners. In most airports at the busy times they "randomly" select some passengers to just go through the metal detectors because the body-radiators are slow. With about 80% accuracy I can watch how the lines are being handled and time my fiddling around with items on the xray belt to be "randomly" selected to skip the full body scanner. It takes a few cycles of observation to start to see the patterns though.
1. Buy a plane ticket under someone else's name. Presumably yours is blocked/flagged due to the airlines being able to check the no-fly list.
2. Use that ticket to forge a boarding pass in your name. Use this, along with your official ID, at the security checkpoint. All the TSA does is read it and validate date/time/what the know of flights off the top of their head. Nothing in their setup validates your boarding pass against airline records or the no-fly list.
3. At the gate, hand them the original boarding pass. They'll check it against computer records, but won't bother to check your ID against the pass.
4. Congratulations, you've bypassed a critical portion of American airline security.
This, honestly, is most of why the recent "advanced screening" systems piss me off. Our current security measures are woefully ineffective because of these kinds of loopholes, but instead of plugging those loopholes we simply pile on more half-assed systems.
The no-fly list could be a great tool for us, if used properly. Instead it's nearly trivial to circumvent for the bad guys and an enormous pain in the ass for any honest person who happens to wander into a name conflict.
I agree with most of the points in this article, but saying that all people who forge boarding passes will use latex gloves seems false.
From my point of view the point of multiple screenings is to increase the difficulty and complexity of pulling off a particular attack. Sure, individually you can think of a way to counter each one, but as you add constraints you reduce the pool of people willing and able to pull it off. (So now you need a person who wants to cause terror, who is willing to blow themselves up, who can forge simple documents, who remembered to wear latex gloves, who can act cool enough to avoid extra screenings when walking past guards with machine guns, etc, etc, etc). Sure some eliminate more than others, but you multiply enough .95s together and you get a small number.
You seem to be looking at this the wrong way. Instead, consider that once a person has decided they want to cause terror so much that they are willing to blow themselves up, they'll go to great lengths to make sure their one opportunity to do so succeeds.
These chances of passing these screenings aren't independent. They aren't just die rolls where a terrorist needs to roll 6 five times in a row for their plot to succeed. If they can improve their chances on one screening they can and will improve their chances on the rest (which was the point he was trying to make).
Now consider how much time and money is spent for each additional screening that's put into place, both for those putting it in place and the millions that have to jump through all the extra hoops each day to travel. Worth it?
It's more "all people who forge boarding passes with the intent of using the plane as part of a terroristic plot will use latex gloves if they also have a bomb."
The point was that multiple layers are only useful if they test different thing. I'm more inclined to believe that those two layers are "tantamount to performing the same test twice" because they can both be done before the fact, and planned for.
The problem about multiplying enough 0.95s together is the number of false positives that occur. The article mentions one, where an air marshal killed a deranged passenger in Miami. That's an extreme case. Hidden is the, what, 5 minutes needed for screening * 700 million passengers per year giving over 6,000 extra person-years wasted waiting on security every year.
The thing is, it's not a bunch of .95s. It's a .00000001 and a bunch of .9999999s. If a person wants to cause terror and is willing to blow themselves up, they're probably already very resolved and willing to do virtually anything else necessary to bypass the security measures you mention and any others.
I like to think the TSA and their ridiculous measures actually are there purely for the "security theater"... both to reassure the ignorant public, and to misdirect potential terrorists.
Of course, I also hope the TSA, DHS, etc have more effective measures in place behind the scenes. I don't know if that's the case, but it would make sense to keep them secret.
When will we get congressional and presidential candidates vowing to shut down the TSA? "I'll shut down the Dept of Education!" was a bit rallying cry for Bachmann a couple months ago, partially with the justification that "It was only started in 1979!". Well, the TSA was started less than 10 years ago, so let's shut that down first.
The 3 oz liquid rule was always a bit laughable to me too. Print 6 fake boarding passes, bring 6 friends, give them 3 ounces of whatever, take 21 ounces on the plane. Makes no sense to me.
And still I have to buy a special tiny tube of toothpaste for the safety of the nation.
The article didn't mention what happened when they tried to use the photoshopped boarding pass to board. Maybe they had another real boarding pass somewhere else? Maybe they didn't actually board a plane?
Their system makes sure you're supposed to be on the plane when they scan your boarding pass to get on the plane right?
They didn't try to use it to board the plane, he just wanted to show that you don't actually have to buy a plane ticket to be waved into the 'secure' area of the airport.
[+] [-] ims|14 years ago|reply
The Department of Homeland Security's FY11 budget authority was around $56 bil. The TSA only accounted for 14% of that money. [1]
Just for perspective -- top 5 slices of DHS's FY11 pie: U.S. Customs and Border Protection (20%), U.S. Coast Guard (18%), Transportation Security Administration (14%), Federal Emergency Management Agency (12%), Immigration and Customs Enforcement (10%).
Don't get me wrong, I'm not a huge fan of the TSA... I think we all feel a little silly as grownups waiting around in a security line in our socks. But I don't think all the hand waving about "security theater" is really justified. And there are probably quite a few things that fall under "homeland security" that aren't so controversial. Disaster response? Maritime search and rescue? Enforcement of fisheries conservation regulations? Border protection?
[1] All numbers from DHS's "FY 2011 Budget in Brief"
[+] [-] dpeck|14 years ago|reply
Katrina showed many of the problems with FEMA, though it seems to have improved since then. I'm not sure why enforcement of fisheries conservation belongs under DHS, and as someone who does a good bit of offshore fishing I'm not very happy with they way they over-regulate/enforce on recreational fishermen who would have a hard time making a dent in most populations while (seemingly) turning a blind eye to commercial efforts destroying them.
Others I don't have any insight into, but it seems that DHS has mostly the creation of a huge number of bureaucrats who's major responsibilities involve insuring that the money allotted is spend so that the same or more can be requested for the next fiscal year, with the actual agencies under it getting a smaller piece of the pie and more barriers to actually doing work than before.
[+] [-] dalke|14 years ago|reply
That presumes that "the U.S." means federal and state spending, and even over 10 years that plus the TSA budget is still only $850 billion, so I don't know how they tally the rest.
[+] [-] sliverstorm|14 years ago|reply
I was a kid the last time I flew before 9/11, but didn't they still use metal detectors back then?
[+] [-] nathanb|14 years ago|reply
Besides using a fraudulent boarding pass, the journo didn't "test" the TSA in any meaningful way. This wasn't like the experiment where a guy got a gun on a plane using his wheelchair, for example. While the article has great information and I agree with almost all of it, I would like to see people demonstrating the uselessness of the TSA rather than just talking about it.
[+] [-] siphor|14 years ago|reply
[+] [-] Lagged2Death|14 years ago|reply
If getting though security with fraudulent identification is not a problem, why does the TSA bother to attempt to prevent it?
[+] [-] DanBC|14 years ago|reply
[+] [-] bigtech|14 years ago|reply
[+] [-] Osiris|14 years ago|reply
(These steps work with Opera, I'm not sure about other browsers) 1. Go to print your boarding pass 2. View source 3. Modify any information (such as adding something to show First Class/A-List/etc) 4. Click Apply Changes to make the changes to the HTML show up in the page 5. Click Print
A perfect boarding pass with any information you want.
What could someone do that's on the watch list? By a ticket under an assumed name, then print out two boarding passes, one with their real name that matches their ID, then another with the assumed name.
Since the no-fly list check is only done when the ticket is purchased, use the real ID with real name boarding pass at security to get through (they won't check you against the list). At the gate, go ahead and give them the real boarding pass with the fake name (they won't check your ID at that point).
* I am in no way advocating that you do this, just that it's possible and demonstrates a weakness in security
[+] [-] apaprocki|14 years ago|reply
[+] [-] DrJ|14 years ago|reply
But killing the TSA is never going to happen. No career politician is going to commit political harikiri to shut it down.
- I do not mind the free hand rubs at the airports though.
[+] [-] lukifer|14 years ago|reply
Sadly, the biggest obstacle would probably be the fear of eliminating jobs, which no politician wants to be known for, even if those jobs are mostly a waste of human labor. This is a broader problem of government bloat, and probably out of the scope of this discussion.
[+] [-] nextparadigms|14 years ago|reply
[+] [-] mahyarm|14 years ago|reply
[+] [-] Natsu|14 years ago|reply
[+] [-] pitdesi|14 years ago|reply
This is not a place for political discussion (so please don't make it one, people!), but he certainly qualifies as a career politician, having been in congress 35 years.
EDIT: lots of downvotes... I'm just stating a fact in response to the DrJ's statement... what is the cause for your downvoting?
[+] [-] pdubs|14 years ago|reply
http://www.theatlantic.com/magazine/archive/2008/11/the-thin...
[+] [-] mootothemax|14 years ago|reply
One point I've read elsewhere is that successful Islamic terrorists are a single-use resource, what with their habit of killing themselves during the attack. This means all their terrorism skills are lost with the successful attack, and the pool of competent terrorists shrinks. Not to mention, the wealth of experience and on-the-ground information is lost as well.
[+] [-] DanBC|14 years ago|reply
[+] [-] redthrowaway|14 years ago|reply
[+] [-] 0003|14 years ago|reply
[+] [-] DevMonkey|14 years ago|reply
[+] [-] bshep|14 years ago|reply
[+] [-] pppp|14 years ago|reply
[+] [-] martingordon|14 years ago|reply
[+] [-] lhnn|14 years ago|reply
[+] [-] mgkimsal|14 years ago|reply
I posited this idea to friends/family back in 2002: have a large number of geographically distributed attacks on salt/pepper/condiments at chain and independent restaurants around the country at the same time. Dozens/hundreds would get sick or die, and confidence in the food supply would be disrupted for weeks at minimum. "terror-proof" condiment dispensers would be developed, and required on flights (cause our anti-terrorists will still be focused on flying), and it would cost probably $500 in drugs to spike salt/pepper shakers around the country.
People thought I was crazy (or a terrorist), but I could swear I read of this being reported on (on a small scale) in 2005 or 2007 - Miami perhaps?
I found this: http://www.cbsnews.com/stories/2010/12/20/eveningnews/main71... but it's from 2010 and it's not what I was thinking about.
[+] [-] tikhonj|14 years ago|reply
Apparently this was longer ago than I thought: 1986. Here's a link: http://www.nytimes.com/1986/09/19/us/batch-of-rite-aid-aspir...
[+] [-] yread|14 years ago|reply
[+] [-] spolsky|14 years ago|reply
The TSA also checks your ID. In most airports, the TSA is NOT online and merely looks at the printed boarding pass to make sure the name matches what is on your ID, your flight is for today, etc. In most cases the airline does not bother checking ID again, assuming that the TSA checked it.
You would not get on a plane with a fake boarding pass, but you do get into the secure area.
Because IDs are not checked by the airline, forging a boarding pass would allow you to board a plane with any name you want on the ticket -- the name on the ticket doesn't have to be your "real" name (it doesn't have to match your photo ID). This means that the TSA's various "no fly" lists, which are just lists of names of people that they've compiled that are "too dangerous to fly", are easily defeated.
[+] [-] brk|14 years ago|reply
Your boarding pass is scanned by a barcode reader, and the computer does seem to pick up invalid passes, but I don't think that is the point.
The TSA has made some kind of a big deal about only allowing "ticketed passengers" into the gate areas. However, their check of this comes down to ensuring you have a piece of ID that matches the name on a piece of paper you bring from home.
To use an example from the story, you could have 20 people who are not travelers each smuggle a component of a bob through security (a portion of a liquid, ptex, etc.) and then give those components to a single flyer with a valid ticket (who would have presumably gone through security with NO contraband at all, so as not to burn his identity if he accidentally went through a line with an alert agent).
There is also the simple matter of basic vulnerability testing. If you have to spend $500 on a ticket to get a trip through the TSA line, it's very costly to test the edges of the system. If you can go through the line 4x per day at 3 different airport terminals, or multiple airports that are in close proximity to each other, then you can easily run 100 test scenarios in a week about how the lines are managed, processed, etc.
As an example, I travel frequently and don't like dealing with the full-body scanners. In most airports at the busy times they "randomly" select some passengers to just go through the metal detectors because the body-radiators are slow. With about 80% accuracy I can watch how the lines are being handled and time my fiddling around with items on the xray belt to be "randomly" selected to skip the full body scanner. It takes a few cycles of observation to start to see the patterns though.
[+] [-] awj|14 years ago|reply
1. Buy a plane ticket under someone else's name. Presumably yours is blocked/flagged due to the airlines being able to check the no-fly list.
2. Use that ticket to forge a boarding pass in your name. Use this, along with your official ID, at the security checkpoint. All the TSA does is read it and validate date/time/what the know of flights off the top of their head. Nothing in their setup validates your boarding pass against airline records or the no-fly list.
3. At the gate, hand them the original boarding pass. They'll check it against computer records, but won't bother to check your ID against the pass.
4. Congratulations, you've bypassed a critical portion of American airline security.
This, honestly, is most of why the recent "advanced screening" systems piss me off. Our current security measures are woefully ineffective because of these kinds of loopholes, but instead of plugging those loopholes we simply pile on more half-assed systems.
The no-fly list could be a great tool for us, if used properly. Instead it's nearly trivial to circumvent for the bad guys and an enormous pain in the ass for any honest person who happens to wander into a name conflict.
[+] [-] unknown|14 years ago|reply
[deleted]
[+] [-] robobenjie|14 years ago|reply
From my point of view the point of multiple screenings is to increase the difficulty and complexity of pulling off a particular attack. Sure, individually you can think of a way to counter each one, but as you add constraints you reduce the pool of people willing and able to pull it off. (So now you need a person who wants to cause terror, who is willing to blow themselves up, who can forge simple documents, who remembered to wear latex gloves, who can act cool enough to avoid extra screenings when walking past guards with machine guns, etc, etc, etc). Sure some eliminate more than others, but you multiply enough .95s together and you get a small number.
[+] [-] johnthedebs|14 years ago|reply
These chances of passing these screenings aren't independent. They aren't just die rolls where a terrorist needs to roll 6 five times in a row for their plot to succeed. If they can improve their chances on one screening they can and will improve their chances on the rest (which was the point he was trying to make).
Now consider how much time and money is spent for each additional screening that's put into place, both for those putting it in place and the millions that have to jump through all the extra hoops each day to travel. Worth it?
[+] [-] dalke|14 years ago|reply
The point was that multiple layers are only useful if they test different thing. I'm more inclined to believe that those two layers are "tantamount to performing the same test twice" because they can both be done before the fact, and planned for.
The problem about multiplying enough 0.95s together is the number of false positives that occur. The article mentions one, where an air marshal killed a deranged passenger in Miami. That's an extreme case. Hidden is the, what, 5 minutes needed for screening * 700 million passengers per year giving over 6,000 extra person-years wasted waiting on security every year.
[+] [-] nlawalker|14 years ago|reply
[+] [-] unknown|14 years ago|reply
[deleted]
[+] [-] ck2|14 years ago|reply
If we want to see the TSA go away, start hassling the billionaires.
But airports are so passe anyway, TSA has moved onto buses, trains and now car searches, journalists are way behind.
[+] [-] unknown|14 years ago|reply
[deleted]
[+] [-] tlrobinson|14 years ago|reply
Of course, I also hope the TSA, DHS, etc have more effective measures in place behind the scenes. I don't know if that's the case, but it would make sense to keep them secret.
[+] [-] mgkimsal|14 years ago|reply
[+] [-] gerggerg|14 years ago|reply
And still I have to buy a special tiny tube of toothpaste for the safety of the nation.
[+] [-] miles_matthias|14 years ago|reply
Their system makes sure you're supposed to be on the plane when they scan your boarding pass to get on the plane right?
[+] [-] po|14 years ago|reply