I’m not sure why it is that so many people feel the need to look back and reflect at the end of each year. I mean, I suppose I can understand reflecting on the past year since it’s a natural break, but for a lot of people it seems like a time to reflect on everything that has happened in life so far. Don’t get me wrong. I’m not saying it’s bad. In fact, it can bring up a lot of good discussion on things that we don’t usually talk about on a macro level.
Take aviation security, for example. We always seem to get stuck in the weeds. I mean, in the traditional media outlets, we usually hear about individual regulations. Can I wear my shoes through security or not? How many liquids can I bring? And the latest one . . . what laptop batteries can I bring? (To be fair, this one isn’t about security from some outside threat but rather from the batteries catching on fire, but you get the point.)
Last week, Patrick Smith stepped back and wrote a post on his take on the state of security, and I’ve been having conversations with friends about it a lot recently as well. What are my thoughts on the current security situation? It seems to me that we are heading down the wrong path, and it’s likely to decrease security (especially of personal data) rather than improve it. Though it’s hard to get presidential candidates to comment in detail about their stances on aviation security, I think we’re just going to have to hope that the next President has a better plan that the current one. (Sadly, I don’t put much stock in that happening.)
As Patrick Smith says, “what most people fail to grasp is that the nuts and bolts of keeping terrorists away from planes is not really the job of airport security at all. Rather, it’s the job of government agencies and law enforcement.” I agree. Airport security is the last line of defense. It’s there to catch those who have made it through the countless other checks that should be occurring behind the scenes. So how is it that something that plays a more minor role in stopping terrorism end up becoming the biggest pain in the ass for millions of people? Well, it’s the most visible form of security out there, so the government feels the need to make it look like they’re doing something useful. The next time something bad happens, they can point to all the changes at the airport as proof that they were actually doing something despite the fact that it makes traveling so much more difficult for everyone.
The question we need to ask is . . . How is it helpful to have every single person screened with the same level of resource as everyone else? It’s not. I know the ACLU watchdogs just caught me on their radar and are ready to pounce, but I’ll say it. We need profiling.
Gasp! Shock! Horror! Not profiling?!?!
Of course we should profile. It’s insane that we don’t. But let me make one thing clear. We should NOT use racial profiling. That’s just stupid. You think all terrorists are Middle Eastern? Yeah, right. Even if they were, do you think if we start profiling every person who looks to be Middle Eastern that determined terrorists won’t find people from other backgrounds to do their work? They will, and we’ll just end up wasting everyone’s time, not to mention making some citizens second class. So how else can we profile?
If the government has its way, we’ll end up with a massive database under the friendly and helpful name of Secure Flight that will contain all kinds of personal information on every air traveler. We should all be very wary about this program. It is a disaster, and has been stopping and starting for years now due to various privacy and executional concerns. They keep revamping it and bringing it back, and to be honest, I’m not even exactly sure where it stands today, but it can’t be good. You can read security-deity Bruce Schneier’s take on the program back in 2004 or you can read Plane Buzz’s more recent (one year old) summary of the latest developments for more info. It won’t take much for you to realize that this is a bad, bad program.
I know the obvious question now is, “What should we be doing?” Well, I’d like to point to the Reason Public Policy Institute’s 2003 report called “A Risk-Based Airport Security Policy” (pdf). This report was sent to me by a friend whom I would consider to be extremely knowledgeable on this subject. And after reading it, I am convinced that it’s a good idea.
The premise here is that we don’t need any massive commercial database to improve security. We just need to gather passenger name record (PNR) data in a common, easily searchable format. Every time you make a reservation, it’s stored in an airline reservation system. It has the basics in there including your name, your travel itinerary, your phone number, your email address, and yes, your credit card info. You shouldn’t be surprised that any of this info is in there, because you supplied it when you made the reservation. There is nothing in there that is mined from other sources.
But, as this study points out, there is a wealth of information that can be found in these records, especially when you start running scenarios. So, give the CIA, FBI, and other intelligence agencies the ability to run scenarios based on intelligence they receive and then you will find people who are much more likely to be threats. You can also cross reference it with all the watchlists that the intelligence groups have created. Then, when those people go to the airport for their flight, they will get secondary, more thorough screening. Everyone else will be able to go back to more standard, less obnoxious screening methods that will make traveling far better, especially for the 80 year old grandma who gets randomly selected for additional screening just because it’s “not fair” to profile.
In this model, we end up using a lot less resource overall, but the biggest threats end up getting a great deal more scrutiny. Beautiful. There are other parts of this as well including a Registered Traveler program and a method for efficient screening of checked baggage, but you can read it yourself to learn more. Though it’s a 39 page file, it’s actually a pretty quick read.
I suppose the most depressing thing about this report is that we’re highly unlikely to ever see it happen. As my friend said, “Anyway, it will never happen because it is too simple and cheap. Unless it costs billions of dollars nobody will believe it can work.”
I wish that I could disagree with that statement, but sadly I can’t.
6 comments on “Better Security”
The difference here is that you are talking about profiling data – not people. As you point out, the data in use is only that which is provided by the customer and/or the reservations system.
The fault lies as much with large corporations who see dollar signs, as it is with the TSA. The prototype project for CAPPS II that was run in 2004 netted the four corporate contestants a nice bit of pocket change, and yielded nothing.
In terms of “cheap” it is not: the data providers and the integrators will definitively make money…
I don’t think it’ll be successful for another reason though: the ratio of terrorists among flying public is so small that you’ll either have false negatives (and a plane blows up) or false positives (harass innocent passengers). Better luggage screening and passenger education is the best we can do so far.
One more reason this is bad is the amount of data collected. How soon before that consolidated data is misused for other purposes?
One more thing: those trainable searches (smart profiling, overlook frequent travelers etc.) can be abused to work against the process: now the terrorists can have a new target: the identity of such a “trusted” traveler or even access to his luggage. You have this each time you have a preferential line.
Andy – This data isn’t additional data to be collected. It’s already collected by every airline when you make a reservation. So, I’m not sure what it could be misused for that couldn’t already happen today. And since the data is already collected, it shouldn’t cost much more to use it for this purpose. It’s certainly far cheaper than creating a new monstrous database with commercial data from a variety of other sources.
I would think the goal would be to err on the side of false positives. If you’re on the list, you’ll just get secondary screening. People get that all day long today for no good reason, so this will still be an improvement.
Finally some intelligent suggestion on aviation security. The current system is a disgraceful nightmare. No one will ever convince me its necessary for millions of people to take their shoes off in the airport security line because one person, one time attempted to blow up an airplane with a shoe bomb.
Aviation security is not about being politically correct. Its about utilizing scarce resources in the most efficient manner possible. I could care less whether “profiling” is a dirty word to some. Profiling allows screeners to focus limited resources where they will likely do the most good.
I understand back in 01′ from a political standpoint why the TSA bureaucracy had to be created. However, if we had been less panicky, we could have come up with a cheaper system that identified security risks much more efficiently. The fact that TSA is now in place virtually guarantees that the focus will be on manpower and employee issues rather than on true security needs.