This article makes some big leaps. It says in the fourth paragraph: "Since 9/11, the U.S. has spent more than $1.1 trillion on homeland security." It seems to imply that this is mostly because of wasteful TSA-like spending.
The Department of Homeland Security's FY11 budget authority was around $56 bil. The TSA only accounted for 14% of that money. [1]
Just for perspective -- top 5 slices of DHS's FY11 pie: U.S. Customs and Border Protection (20%), U.S. Coast Guard (18%), Transportation Security Administration (14%), Federal Emergency Management Agency (12%), Immigration and Customs Enforcement (10%).
Don't get me wrong, I'm not a huge fan of the TSA... I think we all feel a little silly as grownups waiting around in a security line in our socks. But I don't think all the hand waving about "security theater" is really justified. And there are probably quite a few things that fall under "homeland security" that aren't so controversial. Disaster response? Maritime search and rescue? Enforcement of fisheries conservation regulations? Border protection?
[1] All numbers from DHS's "FY 2011 Budget in Brief"
There have been quite a few articles over the last decade pointing out that the creation of DHS as a whole has been quite a waste of time and money with little benefit.
Katrina showed many of the problems with FEMA, though it seems to have improved since then. I'm not sure why enforcement of fisheries conservation belongs under DHS, and as someone who does a good bit of offshore fishing I'm not very happy with they way they over-regulate/enforce on recreational fishermen who would have a hard time making a dent in most populations while (seemingly) turning a blind eye to commercial efforts destroying them.
Others I don't have any insight into, but it seems that DHS has mostly the creation of a huge number of bureaucrats who's major responsibilities involve insuring that the money allotted is spend so that the same or more can be requested for the next fiscal year, with the actual agencies under it getting a smaller piece of the pie and more barriers to actually doing work than before.
You're probably thinking of the National Marine Fisheries Service under NOAA for recreational fishing (under Dept. of Commerce, not Homeland Security). The Coast Guard, under DHS, enforces Magnuson-Stevens and the other conservation acts farther offshore where the commercial vessels fish.
And your point is well taken about DHS (as a department), but administrative organization seems to me to be a completely different problem than sinister-sounding "security theater," which is how the article paints pretty much all efforts associated with "homeland security".
I presume it includes homeland security grants as well as TSA. The LA Times reports http://www.latimes.com/news/nationworld/nation/la-na-911-hom... that "Attacks, Federal And State Governments Are Doling Out About $75 Billion A Year On Domestic Security".
That presumes that "the U.S." means federal and state spending, and even over 10 years that plus the TSA budget is still only $850 billion, so I don't know how they tally the rest.
You didn't have to take off your shoes or take anything out of your bags. And they wouldn't randomly force you through a scanner that takes nude pictures of you.
I'm a little disappointed with the article when compared to my expectations given the title.
Besides using a fraudulent boarding pass, the journo didn't "test" the TSA in any meaningful way. This wasn't like the experiment where a guy got a gun on a plane using his wheelchair, for example. While the article has great information and I agree with almost all of it, I would like to see people demonstrating the uselessness of the TSA rather than just talking about it.
Like three weeks ago I was leaving vegas and accidentally left a pocket knife (4" blade) in my bag.. I opted out of the full body scan, (rumors of cancer, and the line was shorter) for a pat down... it's an intense pat down im pretty sure they definitely touched some private sensitive areas, they also left the 4" knife in my bag theres tons of stories like this too..
Funny enough Thanksgiving 2010 I accidentally left a similar sized pocket knife in my pocket. I elected for the full body scanner which did not pickup the knife. Instead I was reminded I had it when the regular old metal detector at the cruise line picked it up. On another trip while i was still in the service I accidentally flew with chained live rounds (machine gun ammo) in my back pack. Again no security picked it up. I am a fairly small sample size but thanks to these incidents I am thoroughly convinced that the TSA is utterly worthless. On the plus side they banned the carry on of lighters for our chartered flight to Kuwait. This was the same flight that we all hand carried our weapons on, go figure.
I flew with a 3-inch knife three times in the US and Europe last year without being noticed (accidentally packed when I was leaving home, wasn't checking a bag, so took my chances).
A friend flew with a large aerosol can and a full box of live 12-gauge shotgun shells the day after the liquid bomb scare (supposedly super high security that day), and only noticed later when he unpacked his carry-on.
In almost 100 flights over the last three years, I almost always carry liquid in excess of three ounces in my backpack without putting it in a separate bag (toothpaste, contact solution). It has only once been inspected.
I regularly carry on rock climbing gear, including a "nut tool" which is shaped like an 8-inch steel blade. It's not actually sharp, but there is no way to tell that in the scanner and I have yet to have it hand-inspected.
Perhaps to distract? The same way you might put $500 in a drawer near your front door, in hopes that a thief will find the $500 and, satisfied, bail before finding the $50,000 in jewelery (or what have you) in your bedroom?
I've always been amazed that with all the effort to keep "dangerous" objects off the plane, they still hand out aluminum soda cans which can easily be crushed/bent/torn into quite dangerously sharp forms. Why bother carrying a weapon on board when they're provided free of charge in flight?
Last time I was on a plane I'm fairly sure they still said "When putting bottles of wine in the overhead compartment, please be careful because if they fall out onto people it can be dangerous."
They're giving you hints and tips.
(Also chlorine-based cleaning products are readily available from the cleaner's cupboard in the departure lounge.)
I have a Founders Card. It's just a little credit card sized membership card... made of aluminium. The edge is sharp. I've flown over 40 times this year and haven't been stopped even once.
I've tested TSA quite a few times and documented it all. I don't post most of it online though.. I'd hate to get it misinterpreted. ;)
you do not have to sneak a 'weapon' on board a plane to bring it down..911 attacks was mainly focused on social engineering to get victims to cooperate with terrorists..if there was no cooperation attacks would have not succeeded
What? The attackers had an easier time because hijackings didn't usually involve flying into a building / killing everyone on board.
Prior to 9/11 most hijackings were about taking hostages, flying to a friendly country, then awaiting your ransom. As a passenger, your job was just to sit tight, don't do anything stupid, and wait for the resolution. The hijackers didn't have to socially engineer anything, they just relied on the assumptions of the time.
After 9/11, passengers got more aggressive. The shoe bomber and the underwear bomber were shut down and restrained by alert passengers.
Were it not for a scheduled drill that happened to bear just enough similarity to what was actually going on to confuse first-responders, the terrible events of that day might have been limited to the air. The chances of such a coincidence happening again are so incredibly low as to be nil.
That's what gets me—we were basically just outrageously unlucky that day. The universe rolled all ones. And we've structured our security procedures with the idea that straight ones are rolled every day.
The Vanity Fair article (which is great by the way) makes it very clear that, given policies in place on 9/11, there was very little chance of the military being able stop the hijackers even if the drill hadn't been scheduled for that day.
One major issue was the terrible communication between the FAA and the military. Not only did the FAA feed the military a lot of incorrect information (One example being the report that AA Flight 11 was heading towards DC after it had already hit the north tower), but they were extremely late in reporting the actual hijackings to the military.
It was only because an ID tech at NEADS (The Northeast Air Defense Sector which was in control of all the scrambled jets on the eastern seaboard) called the FAA's Washington Center trying to ascertain the whereabouts of the already crashed Flight 11 that the military even got wind of the AA 77 hijacking. NEADS also didn't receive any reports about the United 93 hijacking until 35 minutes after the FAA first suspected the hijacking was taking place and 4 minutes after the plane had already crashed into a Pennsylvanian field. Reports of the hijackings shot quickly up the FAA's chain of command, but they were not reported to the military in a timely manner.
Even when the military did get word of the hijackings in time to theoretically do something about it, they were unable to track the planes on their woefully antiquated radar. With so many planes in the air and the transponders on each of the hijacked planes disabled, NEADS old radar systems didn't stand a chance. The commanders at NEADS were unable to give their fighter pilots instructions any more specific than to head to Manhattan or to the White House. And even then, in the case of the White House, NEADS was unable to supply their fighter pilots accurate coordinates (which is amazing to me).
Lastly, even if the fighter pilots had been able to intercept any of the hijacked planes, they wouldn't have been allowed to shoot them down in the first place. It wasn't until 10:18, 15 minutes after the last hijacked plane crashed into a field, that President Bush gave the military authorization to fire on hijacked planes.
While having a drill scheduled for the same day certainly didn't help, I don't think there was any chance that "the terrible events of that day might have been limited to the air."
What's more, on the one 9/11 plane that was taken down by it passengers (United 93), the passengers fought back only after hearing about the fates of the planes in New York and D.C., making it clear that an extended vacation in Cuba was not what was about to happen.
Agreed, but this is a major building-block in that it allows evildoers to make multiple trips through security to deliver small amounts of items without detection.
You don't even need photoshop to modify your boarding pass.
(These steps work with Opera, I'm not sure about other browsers)
1. Go to print your boarding pass
2. View source
3. Modify any information (such as adding something to show First Class/A-List/etc)
4. Click Apply Changes to make the changes to the HTML show up in the page
5. Click Print
A perfect boarding pass with any information you want.
What could someone do that's on the watch list? By a ticket under an assumed name, then print out two boarding passes, one with their real name that matches their ID, then another with the assumed name.
Since the no-fly list check is only done when the ticket is purchased, use the real ID with real name boarding pass at security to get through (they won't check you against the list). At the gate, go ahead and give them the real boarding pass with the fake name (they won't check your ID at that point).
* I am in no way advocating that you do this, just that it's possible and demonstrates a weakness in security
Do you have references that the list is only checked at purchase time? As for the security hole.. you have a credit card under the assumed name as well? If they were smart they could simply flag first time fliers and anyone who flies under a ticket purchased by someone else for extra checks. Cash ticket purchases require real ID at the ticket counter or Western Union and presumably you'd get checked there as well.
All the TSA agent does is compare your ID to your boarding pass. Being a frequent flyer, I can say that I've never seen anything to indicate they have even the capability to compare a name to the no-fly list database, let alone being able to do it for all passengers.
I did read an article a while back that explained the TSA no-fly check procedures but I can't locate it.
It's possible that when the pass is scanned at the gate by the airline employee, the original name might be displayed on their monitor (just guessing--I have no idea if it is), and an astute employee might notice the name change. However I can't remember the last time an airline employee at that stage has paid any attention to anything at all.
What original name? The only name the airline gets is the fake name that the terrorist provides. The only name the TSA gets is the real name from the ID and the boarding pass. The airline and the TSA don't communicate with each other. All the TSA checks is that you have a boarding pass and an ID. They don't verify that the boarding pass is valid (i.e. that you're an actual passenger on a flight scheduled to depart that day).
EDIT: In case it's not clear, the terrorists prints a fake boarding pass to get past TSA, and keep the "real" boarding pass in their pocket for the airline.
If that's a concern, print one pass for the TSA check (with a name which matches the id) and another pass for the gate check (with a name which matches the ticket).
It's trivially easy to get a credit card under any name you want. Most credit cards will generously offer to give you more cards with your family members names on them. Just make up a name and you get an additional card with that name.
The bill still comes to you, but that's on the credit card company's end.
Here's a story about someone doing exactly that, not to buy airline tickets, but to wreak other havoc with "Michael Jackson"'s credit card: http://www.zug.com/pranks/mj/
I've recently ordered two additional family member credit cards (two different card processors / companies) and both of them required a SSN# for the additional member. Can anyone claim first-hand knowledge of their credit card company not requiring a SSN# for an additional cardholder?
I've had a Bank of America Visa Credit Card where I added a second person and the name was wrong (I had given the correct information over the phone), no SSN necessary. I have a Capital One card and no SSN was required when I got a secondary card made with my full real name on it.
I'm in the US with a visa. When I opened my bank account (Capital One), I told them I didn't have a SSN yet and they opened it anyway.
The clerk told me I would have to give them my SSN when I got it, which I never did (half because I forget and half because the less information I give about myself, the better off I am)- that was about 2 years ago.
I have a Chase Visa card with a Southwest Airlines tie-in for a fictional person (they offered an extra 5k airline miles at signup if I got an additional card for a "family member"). No SSN was requested.
I wish we could get rid of the TSA and spend that resources somewhere else, CIA, FBI, NSA, hell send it to DoE, NSF, maybe fund (more) research in practical(?) renewable energy.
But killing the TSA is never going to happen. No career politician is going to commit political harikiri to shut it down.
- I do not mind the free hand rubs at the airports though.
America's had a decade of airport frustations and no new (successful) attacks to re-inflame their fears. While it may be impossible to undo the existence of the TSA, a "common sense" reform initiative would probably be very popular, possibly even bi-partisan.
Sadly, the biggest obstacle would probably be the fear of eliminating jobs, which no politician wants to be known for, even if those jobs are mostly a waste of human labor. This is a broader problem of government bloat, and probably out of the scope of this discussion.
Before the TSA, we had xray luggage scanners and metal detectors world wide. Now how the majority of the public interacts with the TSA at airports, you go through a metal detector or body xray and xray luggage scanners. What else has changed?
I've thought about that and I wonder if it couldn't be gotten rid of by scaling back its activities over time and merging its duties into another organization until it gets swallowed whole.
This is not a place for political discussion (so please don't make it one, people!), but he certainly qualifies as a career politician, having been in congress 35 years.
EDIT: lots of downvotes... I'm just stating a fact in response to the DrJ's statement... what is the cause for your downvoting?
I think the downvotes may be because you don't note the difference between saying you support a thing and actually pushing something through.
It's quite easy to say you support something that will never get to the floor and score political points - many politicians use this technique to score points with their "base." Ron Paul, in particular, has a number of professed views which are untested. Until Mr. Paul has enough political capital to disband the TSA and does so, it's disingenuous to credit with doing it.
Heh, I thought it was probably the implication that Paul was a career politician although he is primarily a gynecologist. He continues to deliver babies when he's in Texas and he has spent a few terms out of office (practicing medicine) since he was first elected in the 70s. Maybe that's a self-interested assumption that exposes my own leanings, though.
One point I've read elsewhere is that successful Islamic terrorists are a single-use resource, what with their habit of killing themselves during the attack. This means all their terrorism skills are lost with the successful attack, and the pool of competent terrorists shrinks. Not to mention, the wealth of experience and on-the-ground information is lost as well.
The people with the knowledge are the bombmakers etc; the people carrying the bombs need very little knowledge apart from "push the button at the right time".
The most successful terrorist attacks against the US did not use bombs, they used commodity weapons and teams that required thousands of dollars and weeks of specialized training.
Who here did not think of Bruce Schneier after reading in the lead paragraph: "...that’s the conclusion of Charles C. Mann, who put the T.S.A. to the test with the help of one of America’s top security experts"?
I respect Bruce Schneier as an expert in cryptography and computer/network security. But nothing I've seen him say about physical security seems like anything more than obvious common sense, delivered in a sort of pompous, sarcastic tone.
I also don't think the people in charge at the TSA are so stupid as to not have considered that someone might alter a boarding pass.
I'm reminded of a post here a few weeks ago, I don't recall the subject exactly but I believe it quoted Henry Kissinger, who said until you are on the "inside" of these agencies, you have no idea of the things they know, and that many things that don't make any sense from an external viewpoint DO make sense once you have all the information.
As someone who has been on the inside that last quote is almost all a smoke screen. In reality they do not know as much as they claim and many idiotic policies are there for idiotic or political reasons. Besides since government should be accountable to its people we should fully call to task idiotic or irrational behavior and the excuse of "you wouldn't understand" just does not cut it.
The last time I went through the airport they did the hand wipe thing. I said "You think terrorist are smart enough to wear gloves when working with chemical explosives?" She shrugged and said "All Clear!"
And yeah... the next wave of 'terrorist' attacks won't be airports, but probably consumer-level areas or something that directly affects a large number of every day people (or, just, threatens to): malls, restaurant chains, etc.
I posited this idea to friends/family back in 2002: have a large number of geographically distributed attacks on salt/pepper/condiments at chain and independent restaurants around the country at the same time. Dozens/hundreds would get sick or die, and confidence in the food supply would be disrupted for weeks at minimum. "terror-proof" condiment dispensers would be developed, and required on flights (cause our anti-terrorists will still be focused on flying), and it would cost probably $500 in drugs to spike salt/pepper shakers around the country.
People thought I was crazy (or a terrorist), but I could swear I read of this being reported on (on a small scale) in 2005 or 2007 - Miami perhaps?
No, that was way long ago, and may have been inspired by the tylenol stuff before it in some way.
No... I just can't find the story I'm thinking about now. All references to restaurant food poisoning are now coming up with that dec 2010 incident. :/
I don't understand. The agents at the gate always check the boarding pass validity (with the code scanner) and check the name on it against my ID. I haven't tried it but i can imagine that the system wouldn't allow two boarding passes with the same code. Is it that here in Europe we do things properly or did I misunderstood the faking of the boarding pass?
In the United States two people look at your boarding pass: the TSA (at the entrance to security screening), and the airline (while boarding the plane).
The TSA also checks your ID. In most airports, the TSA is NOT online and merely looks at the printed boarding pass to make sure the name matches what is on your ID, your flight is for today, etc. In most cases the airline does not bother checking ID again, assuming that the TSA checked it.
You would not get on a plane with a fake boarding pass, but you do get into the secure area.
Because IDs are not checked by the airline, forging a boarding pass would allow you to board a plane with any name you want on the ticket -- the name on the ticket doesn't have to be your "real" name (it doesn't have to match your photo ID). This means that the TSA's various "no fly" lists, which are just lists of names of people that they've compiled that are "too dangerous to fly", are easily defeated.
Not in the US you don't. Buy a ticket under "John Doe." Retrieve boarding pass. Print a copy. While you still have it open, photoshop it (or edit the HTML, whatever) to say "Bob McTerrorist". Show your photoshopped boarding pass and your "Bob McTerrorist" license to the TSA. Clear security. Discard your photoshopped boarding pass. Retrieve the boarding pass copy from step 3 above. Present it to the gate agent and board the plane.
Your boarding pass is scanned by a barcode reader, and the computer does seem to pick up invalid passes, but I don't think that is the point.
The TSA has made some kind of a big deal about only allowing "ticketed passengers" into the gate areas. However, their check of this comes down to ensuring you have a piece of ID that matches the name on a piece of paper you bring from home.
To use an example from the story, you could have 20 people who are not travelers each smuggle a component of a bob through security (a portion of a liquid, ptex, etc.) and then give those components to a single flyer with a valid ticket (who would have presumably gone through security with NO contraband at all, so as not to burn his identity if he accidentally went through a line with an alert agent).
There is also the simple matter of basic vulnerability testing. If you have to spend $500 on a ticket to get a trip through the TSA line, it's very costly to test the edges of the system. If you can go through the line 4x per day at 3 different airport terminals, or multiple airports that are in close proximity to each other, then you can easily run 100 test scenarios in a week about how the lines are managed, processed, etc.
As an example, I travel frequently and don't like dealing with the full-body scanners. In most airports at the busy times they "randomly" select some passengers to just go through the metal detectors because the body-radiators are slow. With about 80% accuracy I can watch how the lines are being handled and time my fiddling around with items on the xray belt to be "randomly" selected to skip the full body scanner. It takes a few cycles of observation to start to see the patterns though.
1. Buy a plane ticket under someone else's name. Presumably yours is blocked/flagged due to the airlines being able to check the no-fly list.
2. Use that ticket to forge a boarding pass in your name. Use this, along with your official ID, at the security checkpoint. All the TSA does is read it and validate date/time/what the know of flights off the top of their head. Nothing in their setup validates your boarding pass against airline records or the no-fly list.
3. At the gate, hand them the original boarding pass. They'll check it against computer records, but won't bother to check your ID against the pass.
4. Congratulations, you've bypassed a critical portion of American airline security.
This, honestly, is most of why the recent "advanced screening" systems piss me off. Our current security measures are woefully ineffective because of these kinds of loopholes, but instead of plugging those loopholes we simply pile on more half-assed systems.
The no-fly list could be a great tool for us, if used properly. Instead it's nearly trivial to circumvent for the bad guys and an enormous pain in the ass for any honest person who happens to wander into a name conflict.
I think the no-fly has even more issues than just circumvention [1]. Schneier calls it "a list of people so dangerous they cannot be allowed to fly under any circumstance, yet so innocent we can't arrest them even under the Patriot Act"[2].
Well, it isn't really about airline security, it's about revenue protection. If you're too dumb to photoshop your boarding pass, you also have no choice but to pay the $X00 "change fee" to give your tickets to somebody else.
The airlines have significant input into the TSA's processes. Why do you think they have never objected to this (especially given that it is basically a joke?)
I agree with most of the points in this article, but saying that all people who forge boarding passes will use latex gloves seems false.
From my point of view the point of multiple screenings is to increase the difficulty and complexity of pulling off a particular attack. Sure, individually you can think of a way to counter each one, but as you add constraints you reduce the pool of people willing and able to pull it off. (So now you need a person who wants to cause terror, who is willing to blow themselves up, who can forge simple documents, who remembered to wear latex gloves, who can act cool enough to avoid extra screenings when walking past guards with machine guns, etc, etc, etc). Sure some eliminate more than others, but you multiply enough .95s together and you get a small number.
You seem to be looking at this the wrong way. Instead, consider that once a person has decided they want to cause terror so much that they are willing to blow themselves up, they'll go to great lengths to make sure their one opportunity to do so succeeds.
These chances of passing these screenings aren't independent. They aren't just die rolls where a terrorist needs to roll 6 five times in a row for their plot to succeed. If they can improve their chances on one screening they can and will improve their chances on the rest (which was the point he was trying to make).
Now consider how much time and money is spent for each additional screening that's put into place, both for those putting it in place and the millions that have to jump through all the extra hoops each day to travel. Worth it?
It's more "all people who forge boarding passes with the intent of using the plane as part of a terroristic plot will use latex gloves if they also have a bomb."
The point was that multiple layers are only useful if they test different thing. I'm more inclined to believe that those two layers are "tantamount to performing the same test twice" because they can both be done before the fact, and planned for.
The problem about multiplying enough 0.95s together is the number of false positives that occur. The article mentions one, where an air marshal killed a deranged passenger in Miami. That's an extreme case. Hidden is the, what, 5 minutes needed for screening * 700 million passengers per year giving over 6,000 extra person-years wasted waiting on security every year.
The thing is, it's not a bunch of .95s. It's a .00000001 and a bunch of .9999999s. If a person wants to cause terror and is willing to blow themselves up, they're probably already very resolved and willing to do virtually anything else necessary to bypass the security measures you mention and any others.
Or if all else fails they can blow themselves up at the security checkpoint, or on a train, or on a bus, or metro, or .... Really once a person has decided to blow themselves up their options for committing terrorism are exceedingly large. Luckily this group of people is surprisingly small but or reactions to to the risks are way overboard.
I like to think the TSA and their ridiculous measures actually are there purely for the "security theater"... both to reassure the ignorant public, and to misdirect potential terrorists.
Of course, I also hope the TSA, DHS, etc have more effective measures in place behind the scenes. I don't know if that's the case, but it would make sense to keep them secret.
When will we get congressional and presidential candidates vowing to shut down the TSA? "I'll shut down the Dept of Education!" was a bit rallying cry for Bachmann a couple months ago, partially with the justification that "It was only started in 1979!". Well, the TSA was started less than 10 years ago, so let's shut that down first.
The 3 oz liquid rule was always a bit laughable to me too. Print 6 fake boarding passes, bring 6 friends, give them 3 ounces of whatever, take 21 ounces on the plane. Makes no sense to me.
And still I have to buy a special tiny tube of toothpaste for the safety of the nation.
The article didn't mention what happened when they tried to use the photoshopped boarding pass to board. Maybe they had another real boarding pass somewhere else? Maybe they didn't actually board a plane?
Their system makes sure you're supposed to be on the plane when they scan your boarding pass to get on the plane right?
They didn't try to use it to board the plane, he just wanted to show that you don't actually have to buy a plane ticket to be waved into the 'secure' area of the airport.
The Department of Homeland Security's FY11 budget authority was around $56 bil. The TSA only accounted for 14% of that money. [1]
Just for perspective -- top 5 slices of DHS's FY11 pie: U.S. Customs and Border Protection (20%), U.S. Coast Guard (18%), Transportation Security Administration (14%), Federal Emergency Management Agency (12%), Immigration and Customs Enforcement (10%).
Don't get me wrong, I'm not a huge fan of the TSA... I think we all feel a little silly as grownups waiting around in a security line in our socks. But I don't think all the hand waving about "security theater" is really justified. And there are probably quite a few things that fall under "homeland security" that aren't so controversial. Disaster response? Maritime search and rescue? Enforcement of fisheries conservation regulations? Border protection?
[1] All numbers from DHS's "FY 2011 Budget in Brief"