New TSA screening policies ineffective, possibly counterproductive, IU expert tells Congress

FOR IMMEDIATE RELEASE

March 16, 2011

BLOOMINGTON, Ind. -- The Transportation Security Administration's adoption of whole-body imaging as part of airport screenings has proven ineffective and potentially counterproductive, an IU Maurer School of Law expert said in testimony before a House subcommittee.

"Even if advanced imaging technologies (AITs) were living up to their technological potential, their potential is clearly limited," Professor Fred H. Cate said on March 16 in testimony before the U.S. House of Representatives Committee on Oversight and Government Reform -- Subcommittee on National Security, Homeland Defense, and Foreign Operations.

"AITs do not detect explosives. They do not detect firearms. They do not distinguish dangerous from ordinary materials. All they are technologically capable of doing is calling attention to 'anomalies' on the person of the traveler."

Cate, who also directs Indiana University's Center for Applied Cybersecurity Research, explained that anomalies generate numerous false positives. "A piece of tissue, a dollar bill, a boarding pass, a piece of candy -- all are 'anomalies' in the world of AITs, and all must be 'cleared' by TSA agents. These false positives divert agents' attention from real risks while focusing their attention on innocuous anomalies."

But many anomalies cannot be cleared by TSA agents given the time and resources available to them. Cate provided a recent example from his own experience. "Just last week at Washington National Airport, the AIT discovered a loose aspirin in my shirt pocket," he said. "The agent patted me down and asked me what was in my pocket. When I told him it was aspirin, he politely waved me through. But the aspirin could just as easily have been potassium cyanide."

"We have spent $2 billion installing technology to identify anomalies that we cannot evaluate for the risks they pose," Cate continued. "This inability to clear false positives has led to the TSA's disastrous policy of intimate, intrusive searches. And despite their intimacy, the searches are not linked to a process for determining whether the anomaly is a real risk or a false positive."

Cate also testified that AITs cannot keep up with the ever-changing strategies of terrorists. "AITs were deployed in the U.S. to deal specifically with the so-called underwear bomber on Christmas Day 2009," he observed. "We are literally spending billions fighting yesterday's threats on the assumption that terrorists are neither smart nor innovative. Unfortunately, they are both."

Rather than focusing on backward-looking technology and burdensome procedures, Cate suggested that the TSA must be clearer about its mission. "If TSA's mission is to prevent airplanes from being turned into weapons, that mission has been accomplished," he said. "If the TSA is now targeting hijacking or destruction of airplanes, we should remember that the U.S. and many other nations have waged that battle for more than 30 years with great success -- and without AITs, pat-downs, and other showy procedures that have become known as 'security theater.' Massive expenditures targeting ineffective tools do little to advance security and ignore the far more real dangers that air travel involves."

Cate also told the committee that Congress should require the TSA to follow basic requirements for evaluating the effectiveness of AITs and all its other initiatives. He outlined a 12-point framework recommended by the National Academy of Sciences in 2008 for all security programs relying on personal data or searches.

"The TSA appears to have avoided most of these steps," Cate said. "Following these simple steps, which are widely followed in both the public and private sectors, could have avoided many of the agency's missteps during the past several months."

Fred H. Cate is a Distinguished Professor, C. Ben Dutton Professor of Law at the Indiana University Maurer School of Law; adjunct professor of Informatics and Computing; and director of the Center for Applied Cybersecurity Research at Indiana University. He is also a director of the Center for Law, Ethics, and Applied Research (CLEAR) in Health Information at Indiana University. Cate works at the forefront of privacy, security, and other information law and policy issues. He is available to comment on his testimony and on other security matters, and can be reached at 812-855-1161, or at fcate@indiana.edu.