Blogs

Here's a rather alarming, yet slightly humorous article about the failings of the TSA from this month's issue of the Atlantic Monthly (thanks to Doug Laird of consulting firm Laird & Associates for directing me to it).

Jeffrey Goldberg writes about his experience dodging various TSA rules, what he calls "security theater." In the end, he manages to board a plane using a fake boarding pass, no ID and purposely acting suspicious in an effort to see if TSA will detain him. Goldberg even sits down with Kip Hawley, director of the TSA, to talk about vulnerabilities, which Hawley more or less concedes to. But that wasn't the most interesting part of the article, I thought (it's a great piece and I highly recommend making the click, though, so we're all on the same page).

Goldberg discusses some of the new initiatives the TSA is taking in regards to how it screens and profiles passengers.

We handed our boarding passes and IDs to the security officer, who inspected our driver’s licenses through a loupe, one of those magnifying-glass devices jewelers use for minute examinations of fine detail. This was the moment of maximum peril, not because the boarding passes were flawed, but because the TSA now trains its officers in the science of behavior detection. The SPOT program—“Screening of Passengers by Observation Techniques”—was based in part on the work of a psychologist who believes that involuntary facial-muscle movements, including the most fleeting “micro-expressions,” can betray lying or criminality. The training program for behavior-detection officers is one week long.

We just blasted out a newswire with an article about LAX utilizing Israeli experts to evaluate security measures at the airport. Israel doesn't mess around when it comes to security (check out Sam's blog about his trip to Israel. Scroll to the bottom, there are several entries on his trip). Of the many sophisticated techniques employed by Israelis (like screening people BEFORE they enter a building, what a concept!) they focus largely on behavior screening. As a security measure they talk (i.e. briefly interrogate) every passenger as they come through security to evaluate that person's behavior. And that's why they have one of the safest airports in the world.

Goldberg also discusses how easy it is to circumvent the TSA's no-fly list:
It’s easy for a terrorist to check whether the government has cottoned on to his existence, Schnei­er said; he simply has to submit his name online to the new, privately run CLEAR program, which is meant to fast-pass approved travelers through security. If the terrorist is rejected, then he knows he’s on the watch list.

To slip through the only check against the no-fly list, the terrorist uses a stolen credit card to buy a ticket under a fake name. “Then you print a fake boarding pass with your real name on it and go to the airport. You give your real ID, and the fake boarding pass with your real name on it, to security. They’re checking the documents against each other. They’re not checking your name against the no-fly list—that was done on the airline’s computers. Once you’re through security, you rip up the fake boarding pass, and use the real boarding pass that has the name from the stolen credit card. Then you board the plane, because they’re not checking your name against your ID at boarding.”

What if you don’t know how to steal a credit card?

“Then you’re a stupid terrorist and the government will catch you,” he said.

I think it's interesting how the CLEAR system plays into this. Sounds like otherwise one wouldn't know whether they're on the list or not (although it's a safe bet that serious terrorists probably have a variety of aliases, credit cards, passports and such at their disposal).

Lastly, Goldberg touches on something that I just learned about today (and will subsequently be writing an article about for our December paper. Keep your eyes out.). He briefly mentioned how Hawley said the TSA plans to encrypt boarding passes with passenger information.

(Hawley said that boarding passes will eventually be encrypted so the TSA can follow their progress from printer to gate.)

I spoke with John Barclay, the CEO of Laser Data Command, which developed the encrypted cards/boarding passes. He told me the TSA just completed testing the integrity of the system. Barclay said that while an official report hasn't been released (I'm so on the cutting edge of security news!), he expects nothing less than a glowing review and said the TSA could begin employing the technology at any point. More on that later.

In the midst of all the noise surrounding Obama's presidential win, I completely forgot that the White House isn't the only building in Washington that will be under new management.

Here's today's statement from Michael Chertoff:
At the Department of Homeland Security, we are actively planning to leave the department strong in January 2009, an effort that has been a priority for my leadership team since early last year. Historically, we know transitions may be periods of increased vulnerability. We are keenly focused on ensuring a smooth hand-off to the new administration and working closely with the incoming transition team.
DHS has been aggressive in preparing internally for the upcoming transition, to ensure there are no gaps in the leadership team or in our planning efforts. Our transition is led by the Under Secretary for Management, who appointed U.S. Coast Guard Rear Admiral John Acton as the Director for DHS Presidential Transition in June 2008 to implement the department’s internal efforts, as well as coordinate with the new administration’s appointees.
Last year, we established a succession plan for all component agencies, ensuring that the top leadership in each component includes career executives who will preserve continuity of operations before, during and after the administration transition. We’ve trained and exercised those senior career employees to ensure that each component and office within DHS has capable leadership ready to move up and take the reins during an administration transition, and assist new appointees to be ready on day one. In addition, we are going beyond briefing materials to develop and implement improved processes to equip the new appointees with the tools they need, and the information and relationships required to be effective in their jobs.
In the coming weeks and months, we intend to include the transition team in the ongoing series of tabletop exercises that we have been running for some time, to educate the new administration on incident response procedures. On behalf the department, I extend my congratulations to the President-elect, and stand ready to work with the Senate and new appointees to quickly confirm the new senior leadership for the department.

I, for one, wish that I had a guy to handle transitions when they have come up in the past. Probably, would have saved me a few sleepless nights.

But in all seriousness, I'm very interested to see who the new appointees will be and what they see as the future of the department. You?

For those of you who didn't stay up past midnight eastern to watch Obama's acceptance speech, here is a photo from last night. The stage he presented his speech on was lined with presidential-caliber bulletproof glass.

So I was a little late getting to work today because I was doing my civic duty by waiting in line to vote. It actually wasn't so bad because I live in Portland, Maine (which is by far the biggest city in Maine, mind you), but I did have to wait for about 45 minutes. I didn't mind the wait. Actually, I purposely held off casting my vote until election day because I wanted to have the whole experience. I wanted to stand in line with my neighbors, go into the seclusion of the voting booth and go home with my "I voted today" sticker (which is disappointingly ugly, by the way). And I did. Now all I can do is wait and see what happens tonight. Unfortunately I don't have cable, but I did manage to get myself invited to a friend's election party, so I'm grateful I'll be able to share some of my election anxiety with others. Oh, and because I'm so jacked up on election craziness, this post has nothing to do with security-related issues, in case you were waiting for that disclaimer.