THE BLOG

Identifying Threats, Not Threatening Identifiers

11/30/2010 04:14 pm ET | Updated May 25, 2011

I spent five hours last Wednesday morning watching the main American Airlines checkpoint at its Chicago O'Hare hub, where three of out five lanes had body scanners in use.

Wait times never exceeded 15 minutes.

While National Opt-Out Day flamed out before it ever got started, the national dialogue on privacy rights, the Constitution, and effective counter-terrorism is just getting going.

Television commentators, scholars, reporters, and others have raised worthwhile questions, in particular commenter AndrewDover on HuffPost. Below, I address several of these important questions.

The transportation security system should be founded on the premise that we must make the haystack smaller, not create more needles. If just a few travelers present a potential threat, screening resources should be focused on this population. When innocent people are patted down, we're casting too wide a net. I think Administrator Pistole and TSA want a smarter system, but the agency can't and won't go it alone.

From AndrewDover:

Q: How can TSA summon the guts to actually treat different risk levels differently?

The Short Answer: With support from key stakeholders.

The Long Answer: While the agency made missteps with CAPPS2 and later Secure Flight, it ultimately slowed down too much in the wake of concerns from Congress, the privacy community, and the media. The agency needs a tool to identify those people most likely to present a threat.

Today, Secure Flight just checks to see if the name you give the airline is on the watch list, and screening is usually just determined by what happens to you at the checkpoint: is there an alarm on screen? Did you opt out?

Simply put, if critics actually believe what they're saying -- i.e. that TSA is too heavy-handed, too afraid to profile, casts too wide a net, etc. -- they should stand up and support the development of a new program. We need a tool that enables TSA to target its screening resources not only to people on watch lists or at random (features which will always be part of the system), but also to potential threats traveling under false identities and/or who are not a watch list.

As the head of the ACLU in Illinois said last week, we need to figure out "who we should be watching perhaps based on evidence" and "not treating every member of the flying public as a potential terrorist." I agree, and TSA needs time and resources and flexibility to try to develop such a system.

Having run Secure Flight for 16 months, I know that unless key stakeholders are engaged, our protocols will remain as they are today: not only inconvenient, but not fully effective. Lobbing criticisms is easy and makes news, but it doesn't make us safer or protect our privacy.

Q: How can people with different risk levels be classified?

The Short Answer: Simply.

The Long Answer: Some can undergo additional screening, a very small number may be interviewed by law enforcement, and even fewer could be kept off their flights. Practically, no more than two or three classifications are possible.

Q: How do multiple federal agencies effectively share information about risky people?

The Short Answer: With difficulty.

The Long Answer: Government coordination at all levels has improved markedly in this area since 9/11 but senior political and agency leadership must always make this a priority.

Q: How do you really know who is going through a security gate?

The Short Answer: You don't.

The Long Answer: This is why a multi-layered system including physical screening, hardened cockpit doors, air marshals, trained flight attendants, etc. is essential.

From StockGear (HuffPost):

Q: It may be the case that we don't know who the bad guys ARE, but don't we have at least some idea of who they're NOT?

The Short Answer: Sometimes.

The Long Answer: The shoe bomber and underwear bomber would have evaded many "profiles," and we know that terrorists recruit "non-threatening" conduits. Randomness must remain part of our approach; by definition, most people who undergo advanced screening shouldn't, but that's a fact of life when two million people move through the system every day.

Q: Does the TSA feel that everything that 'the enemy' does requires a precise adjustment for that specific tactic?

The Short Answer: Not necessarily.

The Long Answer: In this case, however, a terrorist trying to sophisticatedly conceal explosives is a longstanding and ongoing threat and one that must continue to be defended against.

Q: From Jeffrey Rosen, writing in The Washington Post: Are body scanners and enhanced pat-downs constitutional even if they might be too intrusive, cannot be shown to precisely counter a specific threat, and could be considered non-routine?

The Short Answer: The courts and Congress will determine this.

The Long Answer: The executive needs to retain discretion in evaluating and applying security measures. A vocal minority protesting a practice that no one otherwise enjoys does not mean the reasoned judgments of security professionals are unconstitutional.

Q: From Mike McConnell, WGN Radio Chicago: Why deploy advanced technology if passengers can opt not to be subjected to its capabilities?

The Short Answer: Mike had me on his show Wednesday and questioned me repeatedly -- rightly so -- on this point. Unfortunately, there is no short answer.

The Long Answer: Our system, which recognizes that Americans have constitutionally-protected privacy rights and strong opinions about how they should be treated by their government, is far from perfect.

TSA has made a reasonable, although suboptimal, judgment that physical pat-downs will supplant sophisticated equipment in some cases. In the meantime, we need to keep developing technology that does a better job of detecting threats while being less invasive. This will include physical screening technologies but should also include advanced systems like the next-generation Secure Flight.