TSA security model: epic fail

On any given day, I’ll find several complaints about the TSA in my Twitter stream. Yesterday, one in particular stood out among the typical grousing about long lines and pointless shoe-removals. It contained language that suggested the agency had screwed up in yet new ways (and as someone with family members and friends who travel frequently, even weekly–and who’s thus heard plenty–that’s saying something).

So I reached out to the person behind the tweet and asked if he’d like to tell his story. He was kind enough to reply almost right away with a promise to send me the language of his written complaint. Here it is:

Yesterday evening, I was traveling Alaska airlines back to Seattle from a 2-day business trip to San Diego with with three co-workers.

The security line was not terribly long, but it was taking a relatively long time to process passengers.

It appeared to me that the station was understaffed. The agents boldly proclaimed that “all liquids and gels must be removed from your baggage” repeatedly, something I have never heard in Seattle or any other airport, although, yes, I am aware of the 3 oz. baggie rule. This rule, and any requirement to physically remove them from baggage, is inconsistently (re: poorly) enforced.

As we approached, I observed that the backscatter machine was completely turned off, and the TSA staff was using a retracting barrier to gate everyone directly towards the metal detector. This is good news for me, as I opt out every time.

If I recall the count correctly, the passenger standing three people in front of me proceeded through the metal detector. Just after he did so, a female TSA agent (a supervisor, I would assume), said, “We’re switching” (her words) to another agent. He physically moved the retracting barrier to close off the metal detector, like a binary on/off switch. Now everyone was supposed to go through the backscatter machine. An already slowly proceeding line then ground to a halt.

The male passenger two in front of me proceeded through the backscatter device without complaining. The male passenger in front of me stated, “I’m opting out.”

An agent radioed out, “We have a male opt-out,” and I retorted quickly, as I was up next, “No, you have two,” and they updated their radio call.

(Personally, the theatrics behind that radio call are more humiliating than any groping that occurs during the pat-down, and I wish that that messaging would be stated differently, and less aggressively.)

A female co-worker, directly behind me, was asked to step through. She pointed to the device, and says, “That? No. I’m opting out too.” ┬áThe agent sent out a radio “We have a female opt-out.”

Now, with a backlog of two males and one female to “pat down,” the same female TSA agent said, “Shut it down” in what sounded like a really perturbed tone of voice, disappointed that this ridulous binary on/off approach to backscattering opt-outs has caught her by surprise.

Almost simultaneously, my manager, who was in line behind my female peer, said to the agent, “If you’re going to ask me to go through that, I’m also opting out.” ┬áThe guy gave my boss a really condescending attitude and said, “You realize, by saying that, that I am supposed to make you go through an opt-out pat-down, don’t you?” His tone of voice was unnecessarily hostile and aggressive.

They then switched the fabric “gate” back and every passenger began proceeding through the metal detector, my threatened manager being the first to do so. So while the three of us were “patted down,” my manager and another peer made it through the metal detector, as did all the other passengers I observed until I left the TSA area.

I am an information security professional. I have done many years of threat modeling. Outside of the fact that I do not believe that the overpriced backscatter or millimeter wave devices can actually detect the threat they were intended to prevent, what I observed last night was a complete security failure. Complete.

By doing this “binary switch” method of scanning a series of passengers and only using one mode of detection or the other, and failing to ensure any level of randomness or unpredictability, the supervisor and the agents at this gate implemented the assignment of passengers to the backscatter machine in such a manner that any potential threat to security would only need to have 3-5 passengers in front of them opt out, overload the pat-down queue, and allow a “real threat” to make it through because the agents would have switched back to using the metal detector, and the explosives that the backscatter was designed to detect would not be detected.

Again, this is a fundamental security failure. If the TSA is going to require that every airport implement these expensive and cumbersome procedures, they need to be consistent, truly random, and security focused — built around a strong, secure, and true security threat model.

(Photo: Flickr/Mike Licht Notions Capital)