TSA: Terrible At Security But Finally Willing To Work On Its Problems

from the failing-forward dept

The TSA's inability to live up to the "S" in its acronym is on display again. The agency's Inspector General recently testified before a Congressional oversight committee. Fortunately, no one stepped forward to shoot the messenger -- seeing as the message was more bad news about TSA incompetence. I imagine TSA Administrator Peter Neffenger would have jumped at the chance to be the triggerman, but was fortunately limited to delivering his own prepared remarks in response.



After speaking to the "difficulty" (apparently insurmountable) of the TSA's "mission," Inspector General John Roth referred to the difficult nature (in the parental sense) of the agency itself.

My remarks were described as “unusually blunt testimony from a government witness,” and I will confess that it was. However, those remarks were born of frustration that TSA was assessing risk inappropriately and did not have the ability to perform basic management functions in order to meet the mission the American people expect of it. These issues were exacerbated, in my judgment, by a culture, developed over time, which resisted oversight and was unwilling to accept the need for change in the face of an evolving and serious threat. We have been writing reports highlighting some of these problems for years without an acknowledgment by TSA of the need to correct its deficiencies.

“In September 2015, we completed and distributed our report on our most recent round of covert testing.” This is where undercover DHS inspectors do stuff like try to smuggle bomb parts through checkpoints, and succeed … let’s see … 96% of the time. Or at least that’s how it’s gone in the past. How about now?



“While I cannot talk about the specifics in this setting [it’s classified, y’all], I am able to say that … the test results were disappointing and troubling,” and were “consistent across every airport” tested. Roth also noted that the tests were conducted by personnel “without any special knowledge or training,” which might seem odd unless you know that the TSA reacted to the earlier 96-percent-failure-rate findings partly by complaining that the IG had used personnel who were specially trained to defeat TSA’s efforts. (You know, sort of like an actual terrorist might be.) So this time, the IG deliberately chose people with no special knowledge or training to carry out its audits. I interpret this to mean that people who basically had no real idea what they were doing consistently and successfully breached security at every airport tested.

The Department’s response to our most recent findings has been swift and definite. For example, within 24 hours of receiving preliminary results of OIG covert penetration testing, the Secretary summoned senior TSA leadership and directed that an immediate plan of action be created to correct deficiencies uncovered by our testing. Moreover, DHS has initiated a program — led by members of Secretary Johnson’s leadership team — to conduct a focused analysis on issues that the OIG has uncovered, as well as other matters. These efforts have already resulted in significant changes to TSA leadership, operations, training, and policy…

We remain deeply committed to ensuring that TSA remains a high-performing, risk-based intelligence-driven counterterrorism organization. We are working diligently to ensure we recruit, train, develop, and lead a mission-ready and highly-capable workforce, placing a premium on professional values and personal accountability.

It is important to acknowledge that the OIG covert tests, as a part of their design and execution, focused on only a discrete segment of TSA’s myriad capabilities of detecting and disrupting threats to aviation security. This was not a deliberate test of the entire system and while there were areas for improvement noted by the Inspector General – with which we concurred -- that the system as a whole remains effective and, as a result of this series of tests, has only gotten stronger.

Solutions to the challenges facing TSA will require a renewed focus on the agency’s security mission, a commitment to right-sizing and resourcing TSA to effectively secure the aviation enterprise, and an industry commitment to incentivizing vetting of passengers as well as creating conditions that can decrease the volume and contents of bags presented for screening in airports.

[W]e believe that TSA’s use of risk assessment rules, which granted expedited screening to broad categories of individuals unrelated to an individual assessment of risk, but rather on some questionable assumptions about relative risk based on other factors, created an unacceptable risk to aviation security. Additionally, TSA used “managed inclusion” for the general public, allowing random passengers access to Precheck lanes with no assessment of risk. Additional layers of security TSA intended to provide, which were meant to compensate for the lack of risk assessment, were often simply not present.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Is the TSA willing to change? Possibly. But some thingschanged, like its ability to do its job. Roth's office has performed another round of covert testing. Last time this testing was performed, the IG's fake terrorists nearly aced the test However, the latest covert testing wasn't nearly as "covert," as Lowering the Bar's Kevin Underhill points out . But it didn't go much better.While the nuances of transportation security continue to elude the Transportation Security Agency, one thingchanged: an actual reaction from the TSA's parent agency, the DHS.You know, the sort of thing the DHS and TSA should have done when similar failings were found in 2014. And 2012. And 2011...The testimony/rebuttal offered by TSA Administrator Neffenger opens with statements ranging from "factually" to "laughably" false.Or this, which makes the claim that failing nearly 100% of the time proves the system is still effective.Scoring higher against an opponent of a lower skill level (the Average Joe Bomb Carrier "operatives" deployed by the OIG in 2015, rather than the "covert operatives" who performed the 2014 test) doesn't exactly signal systemic strength. But whatever, it's the system we have -- one we neither want nor deserve.And then there's this part of the statement, which could easily support a full-fledged buzzword-based drinking game all on its own."Incentivizing vetting of passengers?" Isn't that pretty much the only task the TSA performs? (I mean, when not running its Instagram account or helping the DEA walk off with a traveler's money…) After 15 years on the job, you'd think the TSA's vetting incentive program would be humming away like a well-funded machine. Apparently not, though. As the Inspector General points out, the TSA still approaches airport security in a disturbingly haphazard fashion.While I am still of the belief that a majority of the TSA's actions are a perversely expensive and intrusive form of pantomime , the least the agency could do is maintain consistency across its security "offerings." If PreCheck is only "safe" because of the vetting process , then limit it only to those who have been pre-cleared. If 99% of travelers are no threat and can be waved through expeditiously, then do that and ditch the stupid "please throw out your breast milk while your TSA-friendly locks are broken" playacting that keeps lines backed up at security checkpoints.The TSA has proven it's far better at officiousness and bureaucracy than security. And for years, it's been more interested in making excuses than fixing its problems. IG John Roth hopes this is the beginning of the end of the TSA's abysmal track record. In his comments to the Congressional committee, he expresses his support for the Inspector General Empowerment Act which would, among other things, maintain the office's independence and force agencies to cough up documents and information in a more timely fashion.But it's hard to believe the culture will change. At the TSA, aviation security is just a job -- something that only deserves a minimal level of attention or competence. And that's all we'll get, for years and years to come: government-mandated harassment that hassles far more travelers than terrorists.

Filed Under: congress, john roth, security, security theater, tsa