The TSA is revising carry-on restrictions at the end of April with the most notable change that small knives will be permitted on board again. The rules change will align the US with European Union policies, which includes allowing pocket knives with a blade up to 6cm through the checkpoints. There are some other items permitted, too, including lacrosse sticks and golf clubs, but it is the knives bit which has raised the most attention with the announcement.
TSA Administrator John Pistole pretty much conceded that the small knives are not a threat to planes. In a presentation to the 22nd AVSEC World conference in New York Pistole stated that the last three months of 2012 saw an average of 47 such knives seized daily at LAX alone. He also suggested that screening for them was a waste of time based on the risk they pose, "Frankly, I don’t want TSA agents to be delayed by these."
It is almost hard to believe that the TSA is managing to change their tune on certain items, acknowledging hat the risks they’ve previously been up in arms about might not be so real. Not that I’m complaining, mind you, but I’m surprised they’re willing to stand up and admit that things have gone a bit too far to the "anything in the name of security" direction and come back towards reality a bit. Also perhaps of note is that Pistole suggested the reason box-cutters were not included in the revised rule is that there is "just too much emotion involved with those." Probably not a huge deal either way if they are permitted or not.
It is not at all hard to believe that some flight attendants are upset about the change, suggesting that the move will endanger them and other passengers. The President of Southwest‘s FA union is asking that the change be rescinded immediately, according to Fox News. Of course, I don’t recall tales of knife fights amongst passengers in the past, back when even larger knives were permitted, but that’s a whole different story.
At the same conference European Commission director for security and policy coordination Marjeta Jager stated that they want to start rolling back the liquids ban much more aggressively. They still expect to have screening of one sort or another on the liquids, but Jager expects to allow them through checkpoints, starting with permitting duty free goods on connections. "The restriction on liquids must go. It was a measure we took in 2006 as a temporary solution and it has taken too long to apply technologies to lift this restriction."
The TSA remains convinced that non-metallic explosives are the true threat to aviation security and they want that to be the focus of their screening efforts. That means the pat-downs and body scanners aren’t going anywhere anytime soon. As for snow globes, they seem to still be on the prohibited list so I guess not everything is rational. At least not yet.
Two interesting bits this morning about the TSA, both focused on how the Agency might actually be doing more harm than good in their efforts to complete their mission. First up, a story in Business Week suggesting that the TSA is responsible for increasing the number of deaths on the nation’s highways. The general premise is that driving is significantly less safe than flying and the inconveniences and frustrations of dealing with the TSA has caused more people to drive on trips where they might have flown. That increase in cars on the roads translates to an increase in crashes. From the story,
To make flying as dangerous as using a car, a four-plane disaster on the scale of 9/11 would have to occur every month, according to analysis published in the American Scientist. Researchers at Cornell University suggest that people switching from air to road transportation in the aftermath of the 9/11 attacks led to an increase of 242 driving fatalities per month—which means that a lot more people died on the roads as an indirect result of 9/11 than died from being on the planes that terrible day. They also suggest that enhanced domestic baggage screening alone reduced passenger volume by about 5 percent in the five years after 9/11, and the substitution of driving for flying by those seeking to avoid security hassles over that period resulted in more than 100 road fatalities.
To be fair, the piece is an opinion article. Or at least it appears to be. So there is certainly the other side of the story to be told. Not so sure that makes the situation any better, but the numbers associated with the costs of the current approach to aviation security, both in dollars and in lives, is worth spending some time pondering.
The second bit is most certainly self-serving for me to share, mostly because it includes a clip of me on a national news broadcast. The topic is the TSA’s poor implementation of security related to the barcodes on boarding passes. Having the content of the barcodes in plain text is a bit silly but not really all that bad. Having the text unsigned and unverifiable at the checkpoint is pretty idiotic. Just not a smart way to architect the systems, particularly when the IATA standard for the barcode format supports the ability to have such a signature in the data. Oh, and the TSA absolutely knew about the ability to require the digital signature because they do require it for mobile boarding passes and they know how to check if it is there or not.
My 8 seconds of fame is entertaining, mostly because I had to head from the studio straight from my visit to United on Friday and the only clothes I had with me were the Hawaiian shirts I was wearing during the event. But more scary than entertaining is the explanation the TSA Spokesperson gives at the end of the clip:
To identify something as a vulnerability is to not understand the entire aviation security system. One hole is not going to bring us down because we have so many other patches.
In short, it doesn’t matter how bad any one system is because there are lots of other, equally bad systems out there. And one of them is likely to catch someone trying to cause trouble. It is unfortunate that the Agency seems content to rest on the premise that they don’t have to be very good, so long as they are sufficiently intrusive. That’s not what actually creates a secure environment.
A couple weeks ago the discussion about TSA and their flawed implementation of the PreCheck program was all about how passengers could potentially see whether they were approved for the expedited screening in advance of arrival at the airport checkpoint. There was minimal discussion of the potential for customers to outright forge boarding passes, mostly because confirming that would likely require committing a felony. Fortunately the Washington Post didn’t sit back on the story. They’ve now confirmed that modifying the boarding passes is possible and that it has been done, bypassing the TSA’s ability to control who gains access to the Pre✓ lane.
Most worrisome is that the ability to restrict such forgeries is incredibly simple, to the point of being a trivial change. In fact, the airlines currently participating in program already have the technology in place. And the TSA has the systems at their checkpoints, too. By requiring a boarding pass to be digitally signed to allow access to the Pre✓ lane the bulk of the risk associated with this security hole could be mitigated. And it would be limited for real, not just in the imagination of the TSA officials who claim that the "layers" of security will serve as sufficient protection.
As it currently stands, someone on the no-fly list can easily get in to the secure part of an airport. And where Pre✓ exists they can do so through that expedited security screening facility. If that’s not a massive failure in implementation by the TSA then I don’t know what is.
The last time the TSA got this much press for screwing up a basic technology task it was because someone didn’t know how to properly create a redacted PDF. This time it is all about barcodes and boarding passes. It turns out that the data stored in the bar code on your boarding pass is not encrypted. It is a plain text string covering pretty much all the details of your flight. The TSA can scan the barcode at the checkpoint to get your name and flight info to verify your ID against, helping to protect against forged boarding passes, at least in theory. Except it is just plain text encoded in the bar code, and creating a bar code is actually a trivial task.
Even worse than not encrypting the data is that in many cases it isn’t even signed. Other than comparing the text on the paper to the digital readout on the scanner at the checkpoint it does not appear possible for the TSA to confirm whether the information being presented to them is actually what the airline issued, or even if an airline issued it. This harkens back to the boarding pass generator from a few years ago, a site the FBI eventually forced offline. But the ability to create a fake still very much exists. The only thing stopping someone from doing so is that it is illegal. Generally speaking that’s not a huge deterrent to someone intending to break the law.
Even worse is that the latest flaw also exposes the PreCheck program data. This is the supposedly random selection program whereby some passengers will sometimes get security much more like 2000 than last week. No taking off shoes No taking laptops out. None of the silly things which the TSA has worked VERY hard for the past decade to convince us are necessary to keep us safe. Assuming they know you’re probably not a terrorist due to background checks they can allow you a less stringent screening process. But it is supposedly random. Reading the clear text data makes it trivial to know in advance if one will get the PreCheck clearance. So much for random. A program which truly was an advancement for passengers is now looking less and less secure. Ouch.
It is truly unfortunate that the TSA has whiffed so badly on the implementation of this technology. There was a very real opportunity – and relatively easy technical implementation – to build a system where the data was digitally signed or otherwise validated. The standards on which the bar code systems are based include that as part of the spec. But the TSA doesn’t require it. A simple digital signature from the airline could guard against tampering. Yet it isn’t part of the system in the USA. Why not?
At least the TSA response to this latest problem is consistent: the multiple layers of security will protect us. Never mind that matching a passenger to an ID to their huge lists of names was considered a keystone component of the security efforts. Apparently only when they want that to matter.
Truly an embarrassing implementation by the TSA.
Mobile boarding pass image courtesy of United/Apple Passbook demo
The TSA‘s PreCheck program is the latest version of a panacea the agency has to solve the problems of their horrible inefficiency and misguided efforts at the screening checkpoint. And when it works the program actually is quite useful, saving a lot of time for passengers who are selected. But not enough customers are getting the necessary 3 beeps at the checkpoint, allowing them through the quicker screening method. One estimate has approximately 1 million passengers monthly using the new system by 2013, roughly 2% of the volume passing through checkpoints in the USA. The TSA wants the number to be between 50-75% and they’re blaming the airlines for not pushing more customers through.
The TSA might almost be turning a corner on policy. Administrator John Pistole acknowledges that most of the screening performed today is excessive:
The goal is to expand PreCheck as broadly as possible. The vast majority of travelers simply want to get from point A to point B safely. They’re not terrorists.
Of course, getting approved for PreCheck means telling the TSA a little about yourself. And it means flying through an airport where the service is available. The Agency is working to make it available at more locations – currently up to 27 airports today and should be in 35 by the end of the year – so that part is being handled somewhat. It seems the telling the TSA about yourself part is where things are breaking down. Currently the only way to get yourself checked is via a participating airline. The TSA actually isn’t doing the checking directly. From a Bloomberg article on the process:
TSA sets the classified criteria, and transmits them to participating airlines. Airlines match the qualifications, which include the number of miles flown, number of segments flown and number of destinations, against their frequent-flier lists. Airlines ask customers who qualify if they want to opt into PreCheck. Those who do are forwarded to TSA for final approval.
And the TSA is saying that airlines won’t share their data or include enough candidates to allow more to be expedited through the screening process. At the same time, the TSA acknowledges that they don’t have the systems in place, nor the ability to aggregate the information while maintaining appropriate levels of customer privacy vis a vis the different airlines involved. Douglas Hofsass, the TSA’s assistant administrator for the office of risk-based security, sums up the challenges:
Technically, we don’t have the ability right now, based on the way the eligibility requirements are transmitted to the individual carrier, the way those individuals opt in and the way those records come into us, to validate those individuals. We don’t have the ability to cascade that to other carriers when those individuals make reservations.
The TSA wants the information but doesn’t have the ability to appropriately handle or process it. And, according to Pistole, the TSA may also lack the authority to collect the information they need to analyze to make such systems work. It is a mess and it is almost as if the system was engineered to be such from the get-go.
At an IATA conference being held this week Tony Tyler, CEO of the group, notes that the current approach to security – building out more and more space to handle the ever increasing queues – is simply untenable. And that’s after millions upon millions of dollars have been spent just to get to this point.
Perhaps the most distressing part is that some big names in the industry are starting to praise the TSA’s recent changes. Air Canada‘s former CEO Montie Brewer, spoke highly of the organization while at the IATA conference .
I applaud the TSA. I never thought I would say it because they are the worst part of travel.
Apparently if you set the bar low enough then even tiny bits of progress can be incredible. A shame, really, but that’s the way things seem to work at the TSA.
Normally news of a tiny local airline which most folks have never heard of shifting its operations from one terminal to another doesn’t make the news. But SeaPort Airlines, based in Portland, Oregon, is a bit different. Their main marketing thrust when they launched service between Portland and Seattle in 2008 was that they could offer a significantly better pre-flight experience for customers because they were flying planes small enough to avoid TSA screening requirements. Even as they pulled out of the Seattle-Portland market earlier this year they were still allowing passengers to skip the screening hassle.
This past weekend, however, SeaPort moved inside the main terminal at PDX, losing that passenger benefit. Their end game is to ink interline agreements with major carriers (company President Rob McKinney claims one is coming "soon") so that SeaPort provides the last mile service to the few out-lying markets it serves rather than just carrying local traffic.
Our move the main terminal at Portland is among the most significant changes in the evolution of SeaPort Airlines over the past year, and which now has us highly-focused on providing air service that links small communities across America with the national air transportation via large airports.
Maybe it is the cynic in me but I’m quite saddened to hear that the company basically had to choose between two different versions of "better" service for their customers based in large part on the TSA and the annoyance they cause.
Passengers in the United Kingdom for the Olympics this summer may get a dose of US security theatre. Sky News is reporting that agents from the TSA will be on the ground for several weeks, working with British authorities to support their screening needs for flights headed to the United States. This aid will apply both to screening for US-flagged carriers and also other carriers destined to the USA according to the report, though it also suggests that the TSA agents will not be permitted to actually board the UK-flagged aircraft as part of their duties.
On the one hand, UK airports are going to be tremendously busy and they apparently didn’t get the staffing plan figured out far enough in advance to make other options viable. On the flip side, exporting the inanity of our "security" policies to other countries is unfortunate and annoying. Such is life, I suppose.
The latest installment of the podcast I’ve recently started recording is now online over at pointshoarder.com and in iTunes. This episode focuses on the oft maligned Avios program from Iberia and British Airways. I was an early adopter of annoyed rage when the BA Executive Club program changed and I can certainly understand much of the frustration there. But I’m also working on seeing the silver lining in many areas and there are definitely some diamonds in the rough, so to speak.
We also talk about the TSA PreCheck program, business trips to Maui and why, sometimes, getting on a bus is a great way to snap out of the funk associated with not flying anywhere for 5 weeks.
Give it a listen and let me know what you think, either over there or here.
Although their official operations/consolidations list has not been updated, reports are coming in that United Airlines will be consolidating their operations at Washington DC’s National Airport on Tuesday, July 10. They will be taking over two gates currently occupied by Delta in the south pier of the terminal and vacating their gates in the central pier. This is the space where Continental operated from historically.
There are two good bits which come out of this announcement. First, consolidating the operations into a single security area is great news for customers. That checkpoint also has TSA PreCheck at it so that is a win, too. Better IRROPs handling should also be possible as passengers won’t have to move to the other area in the terminal.
The second bit of good news is that this means the old Presidents Club lounge is being kept. The facility is one of very few in the network which actually has some character and connection to the local station. It has great views and a somewhat majestic feel inside.
Yeah…I’m really happy this is happening.
UPDATE: The United Lounge Locations page shows the legacy RCC closing permanently on the 10th. Sounds like the move happens that night!
My Monday morning was, all things considered, a pretty good one. Sure, I was in coach for the LAX-EWR redeye, but I made it into the lounge around 7am, took a shower and sat by the window for about three hours, getting some work done while watching the planes come and go and the sun rise over New York City. Really not so bad at all. Alas, all good things must end and I had to head to the train and make it back home and then into the office for the afternoon. Call it a case of fortuitous timing, because I had the displeasure of watching a passenger get pants’d by the TSA.
Yes, the agency that maintains as a primary treating "all passengers with courtesy, dignity, and respect during the security screening processes" was, in fact, reaching down some guys pants out in the middle of the airport.
I was dumbfounded. I still am, quite frankly.
I’m betting there was a language barrier at play. That’s certainly not an excuse, but it might at least provide some semblance of an explanation for the absolutely ridiculous scene I witnessed.
Thank you, TSA, for reminding the public that you really are a bunch of idiots with no idea about how to serve your primary mission so instead you randomly molest passengers. I guess this was just an early Valentine’s day groping for this passenger, huh?
Stay classy, scumbags.