The following is an excerpt from Permanent Emergency: Inside the TSA and the Fight for the Future of American Security, by Kip Hawley and Nathan Means(Palgrave Macmillan, 2012).
One day in 2007 Stephanie Rowe, who was in charge of the identity- based programs at TSA, including Registered Traveler, accompanied me to a meeting with Ted Olson, one of the most respected and powerful lawyers in the country. Stephanie, who normally poured her considerable energies into solving TSA’s mission challenges rather than political issues, had no idea who he was at the time, but one glance at the marble and dark wood accents in Olson’s downtown Washington office told her that she was definitely in one of the preeminent halls of DC power.
We sat down opposite Olson and his client, Steve Brill, the founder of the CourtTV cable channel and American Lawyer magazine. The subject of our meeting was Registered Traveler, a proposed public-private partnership that would allow frequent flyers to submit a background check and pay $100 to move more quickly through airport checkpoints. Brill was a major investor in the program, and while I had green-lighted the program in 2005, it had floundered as companies offering the service had done little other than take the money and let “members” cut to the front of security lines.
Before long, Olson became angry with me, believing I was stonewalling innovation and hiding behind the mantle of “security.” I’m used to taking some heat, and I knew that Steve had him torqued up in anticipation of what I would say, so out of respect for Olson, I took one for the team and listened unperturbed to Ted’s impassioned lambasting.
Stephanie, on the other hand, was outraged. I could feel the steam coming out of her ears as she fidgeted and rattled in the chair next to me. When she got home that night she went on a tirade to her husband, David, about the conversation. After she was done, David said, “You really don’t know who he is, do you?” He gently explained that she had just been in a meeting with the former US Solicitor General, the legal counsel to President Bush’s 2000 campaign, and, on a personal level, a man who had tragically lost his own wife on the American Airlines flight flown into the Pentagon on 9/11. Olson was also a close friend of Secretary Chertoff though he never used that relationship to put further pressure on us.
The idea that the TSA should segment passengers into higher- and lower-risk populations was not a bad concept—indeed, it was part of our original mandate. With 2 million people a day, the TSA could provide better security and quicker lines for everyone if a number of preapproved people went through an expedited security screening.
But it wasn’t until 2003, at the urging of then–secretary of Homeland Security Tom Ridge, that the TSA opened a Registered Traveler program office. Because the TSA leadership was too busy fighting fires, the agency decided to let the private sector figure out the details of Registered Traveler before coming back for approval. By the time I arrived in 2005, RT, as it was known, was concluding a successful technology pilot in DC, Minneapolis, and Orlando. A small population of frequent flyers had been issued biometric RT cards and, after verifying their identity at special card readers, were able to proceed to the front of the security line. Expectations were high. The promise of bypassing long queues and demeaning security treatment fired the imagination of the American frequent flyer.
In October 2005, after a few months on the job, I was invited to a congressional hearing on RT that offered a rare chance for the TSA to score a clear public-relations win and maybe gain a few fans, at least among frequent flyers. Unfortunately, there was a security issue. The so-called vetting for RT members was only an immigration status and terrorist screening database check. Meaning that if you weren’t an illegal alien or already on the FBI’s radar as a terror suspect, you were good to go. Under these criteria, the July 2005 London Underground bombers would all have been eligible for RT cards. So at the hearing I announced that the private sector had to work out a business model to both fund RT and add security value while not inconveniencing the general public and then come back to us for a security evaluation. Then I went back to work on other, more pressing issues.
By 2007, when Stephanie and I met with Brill and Olson, RT was still moving along, but remained essentially a “cut to the front of the line” benefit without any value added in the background check or changes to the security process at the gate. I had given Stephanie responsibility for RT, but her main priority was fixing issues related Secure Flight, the TSA’s own program, which required passengers to register basic personal information before flying. The info was then matched against the no-fly list, a task previously handled by the airlines.
Even after the meeting at Ted Olson’s office, RT remained on Stephanie’s back burner until she found herself spending more and more time dealing with Steve Brill, who was spending a ton of money to promote Registered Traveler. Brill, Stephanie soon learned, had reached people higher up the food chain throughout the federal government. His connections sometimes made her work difficult, and the constant pressure from senior staff at the DHS, Capitol Hill, and elsewhere made her life miserable. She took comfort in the fact that if the political heat forced her to leave TSA, she could always go back to the private sector and draw a much larger paycheck.
The program’s goal was to get RTs through the checkpoint as easily as possible. The proposal even included a proprietary product, called a ClearCard, that would replace a government-issued ID. But RT ultimately offered zero additional security value. The “background checks” were little more than a marketing point. Though Brill and the program’s other sponsors wouldn’t have known it, virtually all of the serious al-Qaeda operatives involved in major aviation plots would have easily cleared RT-type screening. I wanted the checkpoints to be easier and faster too, but I couldn’t possibly allow RT cardholders to keep their shoes on when I knew that al-Qaeda was training operatives with clean backgrounds and shoe bombs. I also wasn’t crazy about the idea of giving our imprimatur—and therefore, the government’s stamp of approval and public money—for a private-industry “security” venture.
Because Brill was tireless in his lobbying, PR, and media efforts, I suggested ideas to develop the product, like training behavior-detection officers or doing off-airport security screening in midtown Manhattan. He was earnest but uninterested in getting involved in the security process—he saw that as our job. Brill just wanted to get RTs through checkpoints quickly, and preferably wearing their shoes and jackets, with their laptops in their cases. After an excruciating and lengthy process, and tantalizingly close to the holy grail for frequent fliers, Brill finally uncovered a new technology that could have changed the whole picture: a combined biometric card reader and ShoeScanner.
The ShoeScanner was a technology pioneered by GE that would, in theory, allow travelers to walk through a small, floor-based, explosives detection system with their shoes on. It was a great idea. Everybody hated taking their shoes off, and offering this service to travelers would be a huge boon to the ClearCard program. It also encouraged me to get behind RT. But after we had publicly heralded a trial of the device at Orlando International, George Zarur found something in the technology that, in an ironic twist, our much-maligned overly bureaucratic process had missed during the ShoeScanner’s expedited review. For the next month, George tested what the device did, and it was not enough to stay in airports. Instead of partnering with private industry to improve and speed up security, we ended up with egg on our face. But pulling the units was our only choice.
The battle finally culminated in Congress, a body that had long been a booster of the RT program. Secretary Chertoff was good enough to accompany me to the closed-door congressional hearing. “Explain to me,” Chertoff said, “why a member of the American public should send his information to the government, ask us to issue an ID, and then turn around and pay $100 to an outside businessman to go to the head of our line?” Chertoff hammered home the security points with his relentless logic. We never got the improved, expedited security that could have improved our credibility and in the end, the whole saga was just a distraction from what we knew to be active plotting against aviation. But at least the full-court press on Registered Traveler was over.
The ShoeScanner was not the only imperfect technology George sniffed out. Back in 2002, he had been instrumental in helping the TSA meet its mandate to purchase and install those massive CT-based EDS machines that scan checked baggage. Having had a front-row seat to the process, George knew it hadn’t been the cleanest operation, but in the years since, he had realized that another device based on older AT technology, widely used standard x-ray machines with more than one pulse generator, provided almost exactly the same security value at less than half the cost of the CT machines.
The main difference between different x-ray scanners is the number of angles they provide. “Regular” checkpoint x-rays, the kind that had been in use since the 1960s, cost about $40,000 and only provide a top-down view of luggage, which can present a serious security limitation. AT scanners run around $150,000 and see three or more angles, providing a good, sharp image of what is inside most suitcases. CT scanners are at the far end of the spectrum in terms of cost—close to $1 million—and imaging, providing a 360-degree view of a bag. But while CTs provided the most complete picture, ATs were not only considerably cheaper, they were faster and much easier to maintain. In 2001, when the decision on which EDS machines to deploy was made, AT technology was known in the United States and used extensively in Europe. But despite all their benefits, the AT devices were a non-starter.
The Federal Aviation Administration’s Research Development and Human Factors Laboratory in Atlantic City, staffed by a rock-star group of scientists, had given CTs their sole nod of approval—a decision that meant spending $1 billion on those machines versus $150 million for the ATs. And there was not much debate. The lab’s seal of approval decided which vendor would win million-dollar contracts, and the lab had determined that the ATs were unable to detect one particular threat (among hundreds) that could take down a plane. Nobody was going to sign off on an order for a device that the lab claimed left an open door in the nation’s security. That is why, for so many years, the enormous EDS checked-bag scanners have sat in the lobbies of airports from Washington Dulles to Portland, Oregon. An unanticipated consequence was that AT manufacturers, seeing the writing on the wall that TSA would only sign off on the MRI-type machines, abandoned efforts to improve AT scanners. This left a virtual monopoly on billions of dollars or orders for two companies, Invision and L3, until TSA, largely through George Zarur, gave the signal in the 2006 timeframe that TSA would consider AT as a viable competitor. More than ten years later, cheaper, more reliable, faster alternatives to MRI-based scanners might finally be a TSA-approved alternative in 2012.
On my first visit to the FAA lab in July 2005, I got a full tour complete with an explosives demonstration. Because the standards used to test equipment could provide terrorists the key to defeat security technology, the lab operated under a James Bond–like aura of secrecy. The engineers spent their days brainstorming about how to make cleverly disguised bombs and then try their hands at executing them. My walk through one of the Lab workshops was like being backstage at a theatrical prop shop. Luscious chocolate cakes, sports equipment, cool gadgets, and designer clothes were on display, each one a deadly bomb. On a later trip I reviewed results from different body scanners and noticed that the test subjects didn’t look like everyday passengers. I inquired about where the test subjects had come from and heard, “Ah. Well. Ah, we contracted with an Atlantic City modeling agency.”
But once I was sworn in as administrator, I got an earful from airport and airline operations people about the cost and disruption of the CT-only decision. I convened a meeting with a previously-established blue-ribbon panel consisting of airport, airline and TSA executives to revisit the question. But after I left the room, the TSA technology staff dismissed my concerns, saying that I didn’t understand the science. Since they viewed any consideration of AT technology as a security sell-out, change was coming over their dead bodies.
In 2006, when I discovered that my request to review the CT/AT issue had been killed as soon as I turned my back, I asked George to reexamine the issue independently. It was simple request, but it chafed some of the people who had done the original testing at the then-FAA labs. They may have seen it as a political infringement on pure science, but to me, it looked like the lab’s insulated existence had an unintended dark side. The scientists were judge and jury for all TSA security technology. There was no external peer review; infallibility was assumed. And not only was their network a closed circuit, they didn’t incorporate the agency’s intelligence resources into their work to understand the true nature of the threat. So, when a decision had to be made about how to replace the machines that screened carry-on baggage at checkpoints, I was a bit wary of the lab’s insistence that CT was the only way to go.
The checkpoint x-rays that the TSA inherited had first been deployed in the 1960s. Known as TRXs, they relied on a single x-ray source on the top of the box and produced grainy images. We desperately needed to upgrade them, and a kind of AT technology, based on multiple-view x-rays and known as ATXs, was available. Aside from their complete imaging of bag contents, I liked the flexibility of the ATXs because they were capable of accepting new search algorithms. Any time the terrorists tweaked explosives formulas, we could just swap out the scanning software instead of buying a whole new machine. The FAA lab, however, was pushing for the more sophisticated CT-based solution at our already overcrowded checkpoints. These machines had many of the same problems associated with their larger cousins that scanned checked baggage. They cost much more and could process only about half the 400 bags an hour necessary at our checkpoints. Moreover, their bulk completely blocked the TSOs’ view of the passengers they were screening. And they were not ready to be installed.
Seeing a steady stream of aviation plotting, I didn’t want to wait for the CTs to be perfected. By this point, I also wanted a second opinion, so I asked George to go back to the larger scientific community and his impressive range of contacts. George called up a guy he knew at the Department of Defense, who suggested doing our testing at an old hangar at Tyndal Air Force Base, just east of Panama City, Florida. Three weeks later, George and some scientists from the Lawrence Livermore national lab and DHS Science & Technology office were set up at a site on the Panhandle, isolated enough that if something went wrong, it wouldn’t draw attention. Besides, the Air Force tested bombs there.
A few days later, as they were running different hydrogen-peroxide concoctions through the AT machines, testing for possible differences in their electronic signatures, a researcher yelled out, “Wait! It looks different from water!” The hydrogen peroxide in that machine did look slightly different from water. Eventually the AT was calibrated to differentiate hydrogen peroxide from wine, water, shaving cream, and contact-lens solution—and, as margin for error or if terrorists tried using many small bottles, to detect it even in minuscule quantities. George paused in the muggy Florida air to consider the implications: a readily available and cheap technology that could recognize threat liquids.
We called in the AT vendors, gave them our data on hydrogen peroxide detection and told them to start working on an algorithm that would automatically set off an alarm when hydrogen peroxide was detected. George insisted that the companies share their system performance and image format data so that TSA could open up algorithm development to a much wider audience of image analysis experts. That was strongly resisted by the manufacturers who wanted to retain their software rights and argued that they could move faster on their own. But, by mid-2009, George no longer had the air cover that I had provided, and the decision to let TSA share test data was reversed and each vendor is now free to bundle their proprietary black box scanners on their own time and price schedule.
The rest of the world has not waited. Today, AT systems have been certified for liquid threat detection and are deployed at many European airports.