Intelligence & Operations: MH370

With so few hard facts about the fate of MH370, we are at the 'connecting the dots' phase of the incident. This is a rare public example of what happens daily in the world of counterterrorism, where intelligence dots are abundant, often fragmentary and open to different analysis. Below are some of the issues that are in play now.


-- The scenario that I raised in my previous post ( ) is an example of taking very few available dots and combining them into indicators of a potentially catastrophic attack. I was reverse-engineering a plot with which I was familiar and noticing that the dots available right now could point to such an attack. And if so, that attack is in progress.


-- You can see in news coverage how the "failure of imagination" works. Analysts give a radius within which MH370 must be located, but what if this was planned in advance and the plotters figured out how to maximize their distance and minimize the landing runway requirements. They don't have to obey FAA rules for landing a 777, they just have to be able to do it. What if they strip the plane to minimize runway length at take-off, not to FAA standards, but after practice on a simulator, just enough to work? MH370, the rogue version, could be in places that our experts do not imagine. This happened in 2006 on the UK liquids plot in aviation. AQ developed and used a liquid formula that was declared impossible by experts, so TSA's training on how to stop liquid explosives, based on that expert opinion, was ineffective against the impending attack. (Thus the baggie.)


-- In my previous post, I was using information contained in news coverage, but also context information that I learned in the course of my job at TSA. Some of that context is shared in the points below.


--"Jaffar the Pilot", who is identified as al Qaeda's current head of operations, ( ) is well-known in counterterrorism circles. His name is Adnan Shukrijumah and he was indicted in connection with the Zazi plot to bomb the NY subway in 2010. He was close to UBL and is very bright, imaginative and technically gifted. He was nicknamed "the Pilot" for a reason and he is known to understand how aviation attacks can deliver catastrophic results. If MH370 is a real plot, Shukrijumah is well-qualified to be its architect. (Bill Gaches, a former head of TSA's Office of Intelligence and a long-time NSA executive reminded me of Shukrijumah in one of our exchanges about MH370.)


-- The intelligence community has been intensely searching for Shukrijumah since 2002 and there is evidence that he has been circling the US, looking for attack opportunities.  ( ) Brian Jenkins, a counterterrorism analyst at Rand, gave some interesting background about Shukrijumah and his alleged involvement in nuclear plots in his book "Will Terrorists Go Nuclear?"  ( )


--We don't know a) if Shukrijumah is involved; b) if radioactive material is involved; or c) even if this is an AQ plot. But nobody wants to be looking backward a month from now wondering why we didn't connect the dots, which in retrospect could look very bright.


-- The reason TSA was created after 9/11 was to prevent terror attacks on or using transportation. TSA is an operational agency. That is very different from an agency with an investigative core such as the FBI or an intelligence/analysis mission like the CIA. TSA is paid to consider every intelligence dot in the context of a transportation attack and to take actions as TSA feels prudent. Obviously, not all dots fit that kind of plot in reality -- but TSA is responsible to make sure that it stays ahead of even the most imaginative plots in time to stop them. (See my previous post with the quotes from the 9/11 Commission:


-- Agencies of the US government are loathe to take action (spend $$, upset somebody) unless the intelligence dots line up to a "credible," "imminent," "specific," plot. Of course, when you have all that information, somebody goes out and makes an arrest. Threat over. Two things result from that dynamic: 1) preventive action is continually deferred until there is no risk of spending $$ or upsetting someone; or, 2) action is taken to prevent an attack which is subject to the criticism that the decision-maker ordering the action is too jumpy or lacks a specific credible imminent plot to justify making waves. The risk of not being jumpy is that an attack occurs and decisionmakers excuse themselves from blame by saying that the intelligence was not clear.


-- Action in this case, can be as simple as just being ready. TSA will be working with the FAA and agencies in other countries to at least make contingency plans. There are escalating steps beyond just talking (some of which I highlighted in the post referenced above). Close coordination with intelligence agencies and the FBI will help TSA assess just how far -- and when -- they need to go up that ladder. If we find out later today that the plane crashed in the ocean and the incident is over, TSA's work serves as an excellent live-fire drill. None of it's work will be publicly reported but it will help this generation of TSA leaders be ready to stop an imaginative attack when it does come.

Mar 2014
Share |

Operational considerations on MH370

Now that the Malaysian government has declared that MH370 was deliberately diverted, a new set of issues moves to the fore. Here are some of those issues.


-- July 22, 2004 The 9/11 Commission: "The 9/11 attacks were a shock, but they should not have come as a surprise." "The most important failure was one of imagination. We do not believe leaders understood the gravity of the threat." "Al Qaeda's new brand of terrorism presented challenges to U.S. governmental institutions that they were not well-designed to meet. Though top officials all told us that they understood the danger, we believe there was uncertainty among them as to whether this was just a new and especially venomous version of the ordinary terrorist threat the United States had lived with for decades, or it was indeed radically new, posing a threat beyond any yet experienced."


-- #1 on aviation security risk rankings has long been the potential of a stolen aircraft delivering a weapon to a critical target. Specifically, stealing MH370 was likely the first act of a more complex plot. The end stage could be to fly the stolen aircraft from South America or Africa, using false credentials posing an as an air freighter, for instance, and to crash it into a major US city. If the "cargo" is radioactive material, then a truly catastrophic attack would be delivered. The throwweight of a 777 alone would be enough to destroy a specific target.


-- After initially landing in secrecy, MH 370 could have been repainted as a freighter and moved to a safer staging area (in Africa or South America) where it would blend in with other cargo aircraft. At that point, the plotters would establish the bona fides of the airplane and file a flight plan to Canada, the west coast or mid-west. They would probably disguise the flight as a regular cargo flight.


-- A hallmark of al Qaeda attacks is that in preparation and execution, they are meticulous in following all the rules. MH370 was perfect in every way until it disappeared. We should expect that the attack leg of the plot will also be exactly by the book. They will use clean pilots and file all the necessary paperwork. They will approach US airspace prepared to answer US air traffic controllers' questions in pitch perfect form. Everything will appear to be in order as their flight path takes them close to the ultimate target (like New York or Washington, DC) as they proceed to their declared destination in Canada or the west coast, etc. The pilot would then dive to the target and execute the attack.


-- al Qaeda has probably learned from a series of failed attacks that they have a weakness at the delivery end of their attacks. While al Qaeda conceptual planning and engineering ingenuity have been very good, the operatives that they have used to deliver the attacks have often been found wanting. (Richard Reid, Abdulmutallab) Using a technically proficient member of the flight crew in the execution of this attack appears to be an adjustment based on previous learnings.


-- DHS Secretary Michael Chertoff in the 2007 timeframe directed TSA (in conjunction with its close operating partner, FAA) and CBP to prepare measures to prevent such an attack. Seven years later, those initial efforts have become more sophisticated and burnt-in.


-- There are a number of tools at TSA's disposal. The most important relationship is with the FAA's air traffic control organization and its security team. The FAA is superb at taking a security objective, as identified by TSA, and turning it into immediate action through the air traffic controllers. They can reroute aircraft, speed them up, slow them down, and talk directly to the flight crew. As one example, aircraft give off lots of 'metadata' and that provides a useful cross-check about the validity of incoming call signs.


-- Aviation security officials around the world will join forces to share information and make it harder for a rogue aircraft to move around. Of particular note is the EU's ability to harmonize security actions. Whatever measures TSA considers can be bolstered by the EU and its Member States.


-- Other US agencies can crunch data in the background and pick out anomalies about incoming aircraft or their flight crews and flag certain flights for more active follow-up.  Airlines, air cargo carriers and business jets all will be involved to implement the necessary security measures so that legitimate air travel in these busy corridors does not become overly congested -- which would create its own problems.


--Defense Department assets are also available to TSA to help in the verification of aircraft identity as well as any necessary "follow-up" action. For instance, the FAA can give an aircraft a specific routing so that fighter aircraft can fly very close to the flight under observation without being seen by anybody.


-- Institutional jurisdiction is important now that the MH370 incident has moved into an operational phase, not just an investigation of a missing aircraft. When an air accident occurs, the FAA and NTSB have primacy until it becomes a criminal matter -- and then the FBI takes over. Within the US government, the FBI is probably leading the effort right now. That should continue for the purposes of investigating what happened and tracking down the perpetrators. Now that it appears likely that MH370 is an ongoing terrorist attack, TSA will be taking leadership of the operational efforts to prevent a completed attack using the tools referenced above.


--There is a rule for determining agency jurisdiction (between the FBI and TSA) when confronted with an on-going aviation terrorist incident. It is called the "door open - door closed" rule. If the cabin door is open, the FBI is in charge and gives the tactical orders to resolve the incident. TSA follows the FBI's lead. If the cabin door is closed (as it is in flight), TSA is in charge and works with the relevant agencies including the FBI, NORAD and the FAA to resolve the incident. TSA is much better equipped to coordinate government and private resources in aviation incidents than anybody else and its enabling statute ("ATSA") makes it a matter of law.


-- The deluge of fragmentary and often conflicting information makes it absolutely critical that there is one focal point for the US government's operational decisions regarding MH370. In this case, that one voice is TSA Administrator John Pistole. Should a Cabinet-level leader be required, it would be DHS Secretary Johnson. Much of the activity will involve international and private sector partners, so speaking with one voice can be the difference between a failed finger-pointing disaster and decisive action to eliminate the threat.


-- TSA will now have implemented its highest level of critical incident management which means that there will be a 24x7 rotation of senior officals until the fate of MH370 is resolved. TSA regularly exercises this capability and it is coordinated at the high tech Freedom Center in northern Virginia.  Many other government organizations will match-up with TSA capabilities and have representatives at the Freedom Center.

Mar 2014
Share |

Thoughts on Malaysia 370

-- as of mid-day Tuesday, March 11:


While authorities the world over search for answers about what happened to Malaysia Flight 370, the "TSA perspective" has to assume that the incident is terrorist-related and TSA must be prepared if indeed there is a threat of follow-on attacks. My comments below are not what I think actually happened (I don't know), but are some issues that come to mind if this is a terrorist attack.


-- Cross-checking the seat assignments versus the passenger manifest is a valuable tool since certain seats are better from a bomber's perspective (Abdulmutallab's seat 19A for example). Other seat assignments are better from a hijacker's perspective. If a passenger requested one of those seats, that might reinforce suspicions of terrorist intent. Obviously, the manifest is being screened my many countries' intelligence agencies to identify suspicious passengers. The flight crew will now be of great interest given the possible change in flight path.


-- A bomb can destroy an aircraft without causing the entire aircraft to explode. A smaller bomb that breaches the hull in the passenger compartment can cause the airframe to pull itself apart without necessarily causing the fuel tanks to explode.


-- If a bomb was involved, it could well be a prototype that was being tested for a larger set of attacks later. The liquids plot from 2006 was directed at blowing up 19 airliners over the north Atlantic so that they all would disappear without a trace -- thus making it hard to put in effective counter-measures. If the "baggie" rule was enforced in Malaysia, a liquids-based bomb is highly unlikely (it is FAR more difficult to mix up a bomb onboard than commonly thought, a sophisticated laboratory with a professional bomb-maker achieves roughly a 30% success rate, operatives -- much lower). The powder-based bomb of Abdulmutallab was fatally flawed in its design so the most likely remaining option would be high explosives smuggled onboard. The recent DHS advisory calls attention to shoe bombs which would be a credible option in this case. A cargo bomb would likely have to blow up the fuel tanks and would necessarily be very large and thus easily detectable by current screening methods.


-- Radar evidence that Flight 370 turned around directs attention to the crew and what happened in the cockpit. If this is a terrorist event, stealing the plane could be the objective. If the airplane flew "below radar" to a pre-selected friendly runway, terrorists would be in possession of a massive weapon for a 9/11-type attack. In this scenario, the plot would likely involve masking the 777 and using fake flight plans to position it for its ultimate attack.


-- TSA will be in touch with counterparts around the world to prepare security measures that they can implement instantaneously if need be. TSA has an official permanently stationed in Beijing and will likely have someone now in Malaysia to stay coordinated with the search effort. TSA will also be very active within the US government counterterrorism agencies to run every bit of evidence through a filter that asks, 'how could this fit into a terror plot?' and 'what counter-measures can we deploy to be on the safe side?' Federal Air Marshals will be refreshed on what they should do in certain scenarios and their deployments will probably be stepped up.


-- TSA's playbook also keeps a team focussed on 'what if this incident is a diversion?' and they are alert to indicators that there is another whole plot that is trying to operate while everybody is looking for Malaysia Flight 370.


-- Checkpoint video from Kuala Lumpur will yield valuable insight into the passengers and the security screening employed on Flight 370. TSA will check on the types of screening equipment/protocols to rule out certain kinds of weapons or explosives.


-- The first reports of any incident are always wrong and TSA will revisit the assumptions made early-on based on what was initially reported and possible erroneous information that may be buried in the first accounts.


If nothing else, this incident serves to remind us that effective security depends on a world-wide network.




Mar 2014
Share |

Bulgaria Bomber "Profile"

Bulgarian Bomber 2Bulgarian Bomber

The man who allegedly blew up the bus at the Bulgarian airport used American identification documents, was white, had long hair and looked like a typical tourist down to his baseball cap, shorts and sneakers. Click here to watch the video.

It appears that the man was actually a Swedish citizen named Mehdi Ghezali. The Times of Israel reports that Ghezali may have been held in Guantanamo (2002-2004) and unsuccessfully sought to enter Afghanistan in 2009.

Another example of the plentiful supply of terror operatives who can easily elude stereotyping... 

Jul 2012
Share |

Behind the Scenes Look at Registered Traveler and TSA technology

Scientific American released an excerpt yesterday from Permanent Emergency.  This excerpt gives you a behind the scenes look at the Register Traveler program saga, including its history and security vulnerabilities.  Additionally, as I've mentioned before, when I left office in 2009, TSA was on track to install AT x-rays to detect liquid explosives in US checkpoints by the fall of '09.  The 3-1-1 liquids rule should be a thing of the past.  European airports have already deployed AT systems that have been certified for liquid threat detection.  Read the excerpt below to learn how the Baggie could be a thing of the past.  

The following is an excerpt from Permanent Emergency: Inside the TSA and the Fight for the Future of American Security, by Kip Hawley and Nathan Means(Palgrave Macmillan, 2012).

One day in 2007 Stephanie Rowe, who was in charge of the identity- based programs at TSA, including Registered Traveler, accompanied me to a meeting with Ted Olson, one of the most respected and powerful lawyers in the country. Stephanie, who normally poured her considerable energies into solving TSA’s mission challenges rather than political issues, had no idea who he was at the time, but one glance at the marble and dark wood accents in Olson’s downtown Washington office told her that she was definitely in one of the preeminent halls of DC power.

We sat down opposite Olson and his client, Steve Brill, the founder of the CourtTV cable channel and American Lawyer magazine. The subject of our meeting was Registered Traveler, a proposed public-private partnership that would allow frequent flyers to submit a background check and pay $100 to move more quickly through airport checkpoints. Brill was a major investor in the program, and while I had green-lighted the program in 2005, it had floundered as companies offering the service had done little other than take the money and let “members” cut to the front of security lines.

Before long, Olson became angry with me, believing I was stonewalling innovation and hiding behind the mantle of “security.” I’m used to taking some heat, and I knew that Steve had him torqued up in anticipation of what I would say, so out of respect for Olson, I took one for the team and listened unperturbed to Ted’s impassioned lambasting.

Stephanie, on the other hand, was outraged. I could feel the steam coming out of her ears as she fidgeted and rattled in the chair next to me. When she got home that night she went on a tirade to her husband, David, about the conversation. After she was done, David said, “You really don’t know who he is, do you?” He gently explained that she had just been in a meeting with the former US Solicitor General, the legal counsel to President Bush’s 2000 campaign, and, on a personal level, a man who had tragically lost his own wife on the American Airlines flight flown into the Pentagon on 9/11. Olson was also a close friend of Secretary Chertoff though he never used that relationship to put further pressure on us.

The idea that the TSA should segment passengers into higher- and lower-risk populations was not a bad concept—indeed, it was part of our original mandate. With 2 million people a day, the TSA could provide better security and quicker lines for everyone if a number of preapproved people went through an expedited security screening.

But it wasn’t until 2003, at the urging of then–secretary of Homeland Security Tom Ridge, that the TSA opened a Registered Traveler program office. Because the TSA leadership was too busy fighting fires, the agency decided to let the private sector figure out the details of Registered Traveler before coming back for approval. By the time I arrived in 2005, RT, as it was known, was concluding a successful technology pilot in DC, Minneapolis, and Orlando. A small population of frequent flyers had been issued biometric RT cards and, after verifying their identity at special card readers, were able to proceed to the front of the security line. Expectations were high. The promise of bypassing long queues and demeaning security treatment fired the imagination of the American frequent flyer.

In October 2005, after a few months on the job, I was invited to a congressional hearing on RT that offered a rare chance for the TSA to score a clear public-relations win and maybe gain a few fans, at least among frequent flyers. Unfortunately, there was a security issue. The so-called vetting for RT members was only an immigration status and terrorist screening database check. Meaning that if you weren’t an illegal alien or already on the FBI’s radar as a terror suspect, you were good to go. Under these criteria, the July 2005 London Underground bombers would all have been eligible for RT cards. So at the hearing I announced that the private sector had to work out a business model to both fund RT and add security value while not inconveniencing the general public and then come back to us for a security evaluation. Then I went back to work on other, more pressing issues.

Continue reading

Jun 2012
Share |

CBS This Morning

I spoke today with CBS This Morning about using risk based security to improve checkpoint operations at our airports.  Here's a recap of our conversation: 

Hawley said the conversation between TSA and lawmakers has been ineffectual. "Mostly they're talking past each other," Hawley told Charlie Rose, "as TSA had positive programs like PreCheck. But then the Congressmen see every weekend in their district how angry the public is."

"Why are they talking past each other?" Rose asked.

"Well, I think it really boils down to the administration (being the White House and DHS) has got to decide whether they want to have John Pistole make some changes, or whether they want to stand behind him," Hawley said. "But right now they're leaving him hanging out by himself where he just marches up with his talking points and the congressmen attack him. I think that the administration should say to TSA, 'Get this fixed. Take the prohibited items, reduce it, get another way to do the pat-down, start listening to the people rather than talking past them.'"

Click on the video below to watch the full interview

CBS This Morning - 06082012

Jun 2012
Share |

Permanent Emergency Reviewed

It's been over a month since Permanent Emergency's release, and I’m happy to report that the conversations about risk-based airport security continue.

Recently, GovLop founder Steve Ressler's blog post “TSA Mission: Impossible? Insight From Former TSA Administrator Kip Hawley” was featured on Huffington Post. This post discussed a sit down podcast interview I had with Chris Dorobek a couple of weeks ago. During this interview, I had the opportunity to discuss more about using the complexity theory to manage risk. This includes slimming down the prohibited items list by removing things like sharp objects and safely allowing liquids over 3 ounces through the checkpoint. TSA’s mission is just as important as ever and terrorists aren’t backing down. To stop them from attacking our aviation system, unpredictability at the checkpoint is critical.

Also, in case you missed it, there was a review of Permanent Emergency in the Washington Post recently. Thanks to Karen Greenberg for not only reading it, but for taking the time to write her thoughts about the book down on paper (or in this case on the interwebs).

Jun 2012
Share |

TSA Pushing to Improve


TSA, Under Fire, Wants to Upgrade Its Service

Despite Recent Mistakes, Agency's Head Says Training Programs, Checkpoint Changes Will Improve Process



As anyone who travels regularly knows, airport screening has had its share of blunders, embarrassments and controversy.

And the Transportation Security Administration is, once again, attempting to change that.

The 10-year-old agency has been under fire from Congress and the public for treating all travelers like potential terrorists, inconsistently applying complex rules at checkpoints and putting people in distressing situations. Amid emerging threats, the agency has lurched through new technologies, some of which didn't work out.

Training and supervision are factors, TSA Administrator John Pistole acknowledges, and he has put new programs in place to improve communications and even promote common sense. He also blames continued checkpoint problems on the sheer scale of checking 1.7 million people per day and the delicate nature of screening people, where agents are charged with the objective of finding underwear bombs on the bad guys without being offensive to the good ones.

Will problems keep happening? "I think there will continue to be incidents," Mr. Pistole said, "but as we move more to risk-based initiatives, we'll see fewer and fewer."

According to recent news accounts: A mother was told incorrectly she couldn't take an ice pack and empty bottles for breast milk through airport security. Two elderly women had to pull down their pants to show medical devices. A teenager was wrongly ordered to go through a body scanner with her insulin pump, even though the machine can, and did, damage the device. A 4-year-old girl became hysterical when an officer insisted on patting her down simply because she hugged her grandmother, who was awaiting a pat down.


There is a police blotter, too. A TSA screener was ticketed for hurling a cup of hot coffee at an airline pilot who asked a group of screeners to clean up their profanity-laced conversation. TSA screeners in Los Angeles, Buffalo, N.Y., and White Plains, N.Y., have been charged with helping people smuggle drugs through airport security checkpoints. And there have been multiple arrests around the country in which screeners were accused of lifting cash, computers and other valuables from passenger bags.

The TSA does routinely have its successes. Last week alone, officers found 30 loaded guns in passenger carry-on bags. There were seven drug busts as a result of imaging technology, with contraband hidden on bodies and in clothing. One passenger was caught with a tube of toothpaste in her groin area, placed there after officers told her she couldn't bring the tube through. Those kinds of episodes, TSA says, show the agency could find explosives just as it finds drugs and toothpaste.

The agency is responsible for enforcing complex rules as thousands of officers screen millions of passengers across 450 airports in the U.S. So mistakes are bound to happen, Mr. Pistole said.

"I'd like to say we can guarantee 100% security and 100% customer satisfaction and it's just not realistic," Mr. Pistole said. Though the agency strives for that, "I don't know any government agency or business that has 100% customer satisfaction."


Changes to improve checkpoint handling of travelers are coming. This weekend, relaxed screening of people 75 years old and up will go into effect nationwide. That means anyone born in 1937 or before will be able to keep on their shoes and light jackets, and some belts.

Mr. Pistole said many of the agency's 45,000 checkpoint screeners have rote procedures down but lack good communications skills for dealing with the public. So he's running all through a "tactical communications" course; 28,000 have completed it and the rest will finish by the end of summer.

A longtime veteran of the FBI, Mr. Pistole has also created an "academy" for TSA supervisors. It recently graduated its second class of about two dozen supervisors.

About 43% of its screening officers, who earn between $25,000 to $61,000 a year, not including extra pay for high-cost living areas, have some college education, TSA said. Its attrition rate fell to 7.2% of the workforce turning over in fiscal year ended Sept. 30, down from 18% seven years ago. More than half of the TSA workforce has been on the job more than five years.


Since taking over in July 2010, Mr. Pistole has moved TSA away from "one-size-fits-all'' screening, deploying new procedures to make things better for frequent travelers, children and now people 75 years or older. TSA's "PreCheck" program lets travelers who undergo background checks go through special screening lanes with their shoes on and liquids and laptops left inside carry-on bags. Mr. Pistole changed screening for children under 12 last fall so they could leave shoes on and avoid, in most cases, invasive pat downs.

Mr. Pistole said the agency runs criminal background checks on all hires, but arrests of officers have raised questions about continuous vetting and supervision of employees. He has cited those cases in town hall-style meetings with TSA staff as incidents that tarnish the reputation of everyone at the agency. "It does concern me," he said.

When the agency messes up, it will sometimes apologize. In March, the TSA apologized after an officer incorrectly told a nursing mother she either had to leave behind an ice pack and empty bottles for breast milk, or go fill them up with breast milk before flying. The officer involved also received retraining.

The agency also apologized after two women in their 80s complained of having to drop their pants to expose medical devices at New York's Kennedy International Airport in November. Again, JFK personnel received refresher training on screening passengers with disabilities or medical conditions.

But after a family complained about a pat down of a crying 4-year-old girl in Wichita, Kan., last month, TSA defended its officers, saying they followed procedures.

The girl ran up and hugged her grandmother, Lori Croft, while she awaited a pat down. Because they touched, TSA decided the girl had to be patted down as well. The girl became hysterical, and the family told the Associated Press that TSA officers began yelling at them, calling the crying girl an uncooperative suspect, and patted her down while she was held by her mother.



May 2012
Share |

Firedoglake Book Salon





FDL Book Salon Welcomes Kip Hawley,

Permanent Emergency: Inside the TSA and

the Fight for the Future of Security


Tweet   Host: Bruce Schneier

Sunday, May 20, 2012 1:05 pm Pacific time


Welcome Kip Hawley ( and Bruce Schneier (Schneier on Security)

Permanent Emergency: Inside the TSA and the Fight for the Future of Security

Welcome to the Firedoglake Book Salon. For the next two hours, we’ll be talking to Kip Hawley. Hawley was the TSA administrator from mid 2005 to early 2009. He has a new book, Permanent Emergency: Inside the TSA and the Fight for the Future of American Security, that chronicles his time at the TSA. For most of us, the TSA is our only contact with the “war on terror,” and I’m sure we’ll have a lot of talk about


I’m Bruce Schneier, and I’ll be your host. I’m a security technologist and author who has written extensively about airline security, terrorism, and security in general. Hawley and I have debated several times in the past, most notably in this Q&A from 2007 and in The Economist earlier this year. Hawley reviewed my latest book, Liars and Outliers, on his blog earlier this week.

I have just finished reading Permanent Emergency, and I learned a lot about the TSA and their approach to airport security — stuff I had never seen before. I can’t even begin to summarize it here; perhaps the best thing you can read to get up to speed on Hawley’s thinking is his op ed for The Wall Street Journal from last month. My commentary on it is here.

Please ask away. Probing is good. Challenging is good. We’re not the mainstream media and we’re not going to limit this to softball questions, but I’d like the conversation to remain civil. I have some questions prepared to get things started but we’re counting on you.

Okay, go!

138 Responses to “FDL Book Salon Welcomes Kip Hawley, Permanent Emergency:

Inside the TSA and the Fight for the Future of Security”

BevW May 20th, 2012 at 1:51 pm


Kip, Bruce, Welcome to the Lake.

Bruce, Thank you for Hosting today’s Book Salon.


Kip Hawley May 20th, 2012 at 1:52 pm


Thanks Bev and Bruce for hosting. Looking forward to the discussion! – Kip


BevW May 20th, 2012 at 1:56 pm


In response to Kip Hawley @ 2 (show text)

Hi Kip, thanks for being here today.


Bruce Schneier May 20th, 2012 at 2:02 pm


Kip, your book has the first coherent explanation of the liquid ban I have ever read. For the benefit of

those who have not read the book, can you explain 1) which liquid explosive you were concerned about,

2) why you were unwilling to allow a 12-oz. bottle of liquid through airport security but were willing to

allow four 3-oz. bottles plus an empty 12-oz. bottle, and 3) what was the security reason for the baggie?


Kip Hawley May 20th, 2012 at 2:02 pm


I appreciate your scheduling this around the Celtics-76ers game. With all respect to the “L” in FDL…


Kip Hawley May 20th, 2012 at 2:04 pm


In response to Bruce Schneier @ 4 (show text)

Hello Bruce – 1) highly concentrated liquid hydrogen peroxide with a sugar fuel and some other things. An

extremely powerful explosive.


BevW May 20th, 2012 at 2:06 pm


For our new readers/commenters:

You will have to refresh your browser to follow along.

PC = F5 key, MAC = Command+R keys

If you want to ask a question – just type it in this box.

If you are responding to a comment – use the Reply button under the number.


Kip Hawley May 20th, 2012 at 2:08 pm


2) Our labs found that the mixture was extremely finicky and that mixing it was not simple. Our

professional chemists in labs had difficulty making the bomb and found mixing to be problematic. AQ

valued bomb-makers and were not sending them out on suicide missions. The times they asked

operatives to do minimal bomb-making (Richard Reid & Abdulmutallab), they botched it. It was risk

management in the end. A possibility but remote in my opinion.


Synoia May 20th, 2012 at 2:08 pm


What’s the plan for Lithium batteries?

With a laptop battery one could blow a hole in the side of a plane with one, under the right simple


A cell phone battery could cause a major fire.


Kip Hawley May 20th, 2012 at 2:09 pm


3) the baggie allowed the liquids to be gathered so officers would’y have to hunt for them and the vapor

lock captured hydrogen peroxide vapor for easy testing.



dakine01 May 20th, 2012 at 2:09 pm


Good afternoon Bruce and Kip and welcome to FDL this afternoon.

Kip, I have not read your book so forgive me if you answer this but why does so much of the effort by TSA

seem to be more Security Theater than actual steps that protect people?

Case in point, I spent most of 2002 traveling each between St Louis to Albany, NY and back. For 6 weeks

in a row, as I was leaving Albany on Friday afternoon, I would be pulled aside a the gate for extra

searches. I know TSA was trying to be ‘random’ but after the 4th week, the TSA folks were just shaking

their heads and recognizing that it was more theater seemingly than actual protection.

Is the show supposed to make us feel safer or feel better? If so, it isn’t working…


laurelei23 May 20th, 2012 at 2:10 pm


Hi, there are quite a percentage of people who cannot “read” body language, and most of them seem to

be TSA agents. Would think it should be one of the tests given to applicants, then enhanced with training.


Elliott May 20th, 2012 at 2:11 pm


Is air travel down because of all this?

It sounds soo unpleasant these days, I’d look for any other way to get to Point B.

(lol Rube)


Kip Hawley May 20th, 2012 at 2:11 pm


In response to Synoia @ 9 (show text)

Thanks Synoia — not speaking for the agency but we looked at lithium a lot and did not consider it a

threat to penetrate the hull. It could contribute to a bomb as an energy source but not as the main

explosive charge. Fire hazard is real which is why the FAA has rules on them.



Synoia May 20th, 2012 at 2:14 pm


In response to Kip Hawley @ 14 (show text)

What rules on laptop batteries? They do appear to be very high risk for malefactors.


Kip Hawley May 20th, 2012 at 2:14 pm


In response to laurelei23 @ 12 (show text)

Great question. The behavior observation specialists are selected from TSOs who have experience at

checkpoints and they recruit the ones who have the behavior skills. Actually TSA recruiting and testing

seeks to identify people who are good at pattern recognition. One challenge is getting people into the

right slots where their talents are put to best use. Still an on-going issue.



Bruce Schneier May 20th, 2012 at 2:15 pm


As you remember, a lot of chemists dismissed the idea of an effective liquid bomb back when the ban was

imposed. I hope they’ll re-look at their analysis in light of what you’re now saying. Certainly I don’t have

the chemistry expertise to judge the veracity of your explanation.

What I really want to know is why an explanation took so long. Why didn’t the TSA explain the ban in

these simple terms back in August 2006? Why doesn’t the TSA explain it now? Why did it take you leaving

office and writing a book before anyone gave a clear explanation of the liquids ban?


Suzanne May 20th, 2012 at 2:16 pm


welcome to fdl kip and thanks for hosting bruce.

kip i found this book to be a particularly good read — and not what i expected. your writing was easy to

read and i learned a lot — both about the tsa and the fed response to disasters such as katrina. thank you

so very much for writing it and joining us today.

why did you want to write this book?


Kip Hawley May 20th, 2012 at 2:16 pm


In response to Synoia @ 15 (show text)

FAA has rules and this raises the key point about risk management. Is TSA there to stop malefactors who

could use lithium batteries or lighters to start a fire or should TSA be primarily concerned with things like

bombs that could have catastrophic results?



emptywheel May 20th, 2012 at 2:17 pm



I haven’t had a chance to read you book yet. But one thing I’ve seen is the FBI use an attack in a sting–

such as an attack on the Metro–and then use that sting as an excuse to have TSA do random searches on

Metro and other subways.

This was under Pistole, not you. BUt it really seemed to be Pistole’s former agency setting up stings so as

to create teh need to police a resource.

What was the relationship between FBI and TSA–and do you have any idae whether it has changed under



Dearie May 20th, 2012 at 2:17 pm


How much formal education is required prior to allowing an agent to feel up a grandmother at a small (5

gates or less) regional airport? And what is the average hourly rate for newly hired TSA ‘agents’?


Bruce Schneier May 20th, 2012 at 2:18 pm


In response to Elliott @ 13 (show text)

It’s hard to know how much air travel is down because of the TSA. We have a lot of anecdotal evidence

that some people are not flying because of the full-body scanners and enhanced pat downs. One study

concluded 500 additional people die in the U.S. each year because they decide to drive instead of fly.


Kip Hawley May 20th, 2012 at 2:21 pm


In response to Bruce Schneier @ 17 (show text)

Bruce, we tried to explain it in simple terms back in 2006 and since and I just plain failed to get it across.

One of the reasons I wrote the book was to try to answer the complicated questions like 3-1-1. It took 6

pages (159-165) and my co-writer Nathan Means really contributed a lot to making it understandable.

Plus we had the actual scientist and explosives expert who were involved involved in the process (and are

also characters in the book).



Dearie May 20th, 2012 at 2:21 pm


Is it true that the ban on cigarette lighters was dropped because it cost TSA too much to dispose of the

apprehended lighters rather because cigarette lighters are now ‘safe’ in the air?


dakine01 May 20th, 2012 at 2:22 pm


In response to Bruce Schneier @ 22 (show text)

Yet traffic deaths are at record lows and miles driven are also lower


emptywheel May 20th, 2012 at 2:23 pm



I had read your earlier debate with Kip.

I’m wondering–in addition to the liquids explosive, what else did you learn in the book. Anything you’d

say differently than you did in your earlier debate?

And did Kip’s explanation about the liquid explosives convince you?


Kip Hawley May 20th, 2012 at 2:24 pm


In response to Suzanne @ 18 (show text)

Further to why I wrote the book (in addition to help explain a lot of misconceptions), I had learned an

awful lot about TSA’s strengths and weaknesses and wanted to pass what I had learned off to the next

Administrator. As you know, it took a year and a half to get one so somewhere in there. I decided to ‘open

source’ my security thinking and share it with the crowd to maybe debate and resolve some of the big on-

going problems.



Bruce Schneier May 20th, 2012 at 2:26 pm


In response to Kip Hawley @ 23 (show text)

“Bruce, we tried to explain it in simple terms back in 2006….”

I challenge you to find records of any such explanations.

The TSA was able to afford writers to make explanations understandable back in 2006. Especially since

the value to the TSA of explaining to people what is going on is enormous.

The TSA made the same mistake with full-body scanners in 2010. They classify any reports on the

machines’ efficacy, even of their safety. They refuse to explain why they’re necessary. They refuse to

justify the cost. I really don’t want to wait for Pistole’s post-TSA book before I read a clear six-page

explanation of what the TSA is thinking.


Kip Hawley May 20th, 2012 at 2:27 pm


In response to Dearie @ 24 (show text)

No, the lighters were a distraction for our officers whom I wanted focussed on bomb parts and a waste of


I gave a tip of the hat to none other than our host when I announced it in 2007: “Taking lighters away is

security theater,” Mr. Hawley said. “It trivializes the security process.”



Kip Hawley May 20th, 2012 at 2:29 pm


In response to Dearie @ 21 (show text)

TSO’s have to have high school or equivalent and a new Officer makes about $27,000 or so. Not exactly

sure I am up to date on that but ballpark. The key is that the good ones have a career path and bonus

potential for high performance.



Bruce Schneier May 20th, 2012 at 2:31 pm


In response to emptywheel @ 26 (show text)

I did learn a lot reading the book. I’m saving some of it for future questions; we still have 97 minutes left

in this discussion. Some of it, like the liquids ban justification, I don’t have the science to evaluate. And

some of it — with all due respects, Kip — I don’t know whether to believe or to write it off as an attempt

to rewrite history. The fact is that we have never had visibility into the TSA and their decision making

process. This is why they have no real credibility anymore when they say “trust us.”


Dearie May 20th, 2012 at 2:32 pm


Are ALL TSA agents given full and rigorous background checks before being allowed to do “enhanced pat

downs” (AKA: gropes, feel-ups)?

You can probably intuit that I flew recently and it was miserable. Matron Rached actually ‘felt up” my

braids….quite disconcerting….and this was after I’d already been herded through the porn machine……

Air travel used to be a luxury; now it is a humiliating and stupid experience. Thanks for that.


Bruce Schneier May 20th, 2012 at 2:32 pm


In response to Kip Hawley @ 29 (show text)

Don’t think I didn’t notice when you used the phrase “security theater.” That phrase is my best shot at



Bruce Schneier May 20th, 2012 at 2:33 pm


In your Wall Street Journal essay, you said that the technology in existing x-ray machines is sufficient to

justify getting rid of the liquids ban:

Existing scanners could allow passengers to carry on any amount of liquid they want, so long as

they put it in the gray bins. The scanners have yet to be used in this way because of concern for

the large number of false alarms and delays that they could cause. When I left TSA in 2009, the

plan was to designate “liquid lanes” where waits might be longer but passengers could board

with snow globes, beauty products or booze. That plan is still sitting on someone’s desk.

Many of us were surprised; we knew about new technologies that could detect explosives in liquids, but

we had no idea currently deployed technology could do this as well. You book goes into this too, but can

you explain what you mean?


Kip Hawley May 20th, 2012 at 2:34 pm


In response to Bruce Schneier @ 28 (show text)

I will post on my blog later but quickly, here’s my 2008 blog post

and in 2006 at the time



emptywheel May 20th, 2012 at 2:35 pm


In response to Kip Hawley @ 30 (show text)

What is that career path?


Kip Hawley May 20th, 2012 at 2:35 pm


In response to Bruce Schneier @ 28 (show text)

and this

from September 2006


Kip Hawley May 20th, 2012 at 2:37 pm


In response to emptywheel @ 36 (show text)

Can move up supervisory ladder or go to Behavior Detection Officer, technical route in equipment

maintenance, Bomb Tech, Inspector, and Federal Air Marshal. One year when I was there, a former TSO

finished #1 in his class of Air Marshals.



emptywheel May 20th, 2012 at 2:39 pm



I fly out of GRR now–so a small airport, with lots of recognizable frequent fliers.

We recently got backscatters (or maybe got forced to use them because of the latest UndieBomb Saudi

plot). It seemed like it took 3X the number of people to train people to use the machine, to get everything

including boarding pass out of the pocket, to watch the bags piling up on the other side, and the

communicate the clean scan. I feel like this was because it’s a small airport (that is, one person had to do

the “training” for just one line). But I wonder–is this normal in the roll-out of backscatters? Is it a possible

response to TSA’s discovery of problems with the backscatter scans?


Kip Hawley May 20th, 2012 at 2:41 pm


In response to Bruce Schneier @ 34 (show text)

Yes, I guess I am sensitive about the topic since I am the guy known as the person who foisted the baggie

on the public.

We were almost set to go at the end of 2008 to get rid of the baggie. We had installed brand new

technology at every airport and designated “liquid lanes” so that the public could put large liquids in the

gray bin and they would go through the scanner like your carry-on. Our scientists and some in the

industry had developed algorithms that were superb at finding threat liquids…


Bruce Schneier May 20th, 2012 at 2:43 pm


In response to Kip Hawley @ 37 (show text)

Yeah, I just read those three links. None of them say “liquid hydrogen peroxide with a sugar fuel.” None of

them talk about the skill differential between the bomb maker and the bomb carrier. None of them say

“vapor lock captured hydrogen peroxide vapor for easy testing.” Those links were all along the lines of

“trust us, we’re the TSA.” And it didn’t work.


Kip Hawley May 20th, 2012 at 2:44 pm


In response to Bruce Schneier @ 34 (show text)

… but they had high false positives. I was pushing to get the algorithm deployed as a software update

before leaving in January 2009. The clock ran out and then “things happened” that first repealed my

requirement that manufacturers share their test data. Then TSA got convinced that they should wait for a

“better machine” (versus just a software upgrade) that would allow detection of threat liquids inside the


My WSJ piece references that and says, “GET OUT THE SOFTWARE ALREADY AND LET PEOPLE CHOOSE!”



Dearie May 20th, 2012 at 2:45 pm


Full and rigorous background checks for ALL ‘agents’ who interact with the public?


Squekyshoes May 20th, 2012 at 2:48 pm


In response to Bruce Schneier @ 41 (show text)

Hah, so the bar for success now is predicting the future? And do you expect the TSA to write the bomb

recipe for al-qaeda? Maybe even go ingredient shopping for them? Get real, schneier.


Kip Hawley May 20th, 2012 at 2:49 pm


In response to Bruce Schneier @ 41 (show text)

Back then Bruce, a lot of that was either Classified or sensitive with colleagues in other countries. You

bring up a good point about the book. Quite a bit of the book describes things that used to be Classified.

I went to each security agency and worked with them to clear off on what I wanted to use. First time this

particular approach has been done. I have fully learned the lesson that “trust me, it’s secret” doesn’t work.

That’s why we did the Blog (then unedited my officialdom, unlike now where postings have to be cleared

up the political chain.)

I got the message on transparency but it was not universally loved within the government. (!)



Bruce Schneier May 20th, 2012 at 2:52 pm


In response to Kip Hawley @ 45 (show text)

I assumed that you had to get the book cleared for publication. When you say “each security agency,”

which ones in particular? What what were the sorts of things — I presume you can only talk in generalities

here — that these agencies edited out of the book?


Kip Hawley May 20th, 2012 at 2:52 pm


In response to Dearie @ 43 (show text)

Background checks. Read Bruce’s Liars & Outliers (after you’ve read Permanent Emergency) and it will

cause you to think deeply about the nature of trust and how one establishes that one is trustworthy. Trust

is also a moving target because some people move in and out of being trustworthy and are trustworthy on

different things. Huge issue in security, not just at TSA. But to answer your question, yes – such as it is…



tuezday May 20th, 2012 at 2:53 pm


In response to Squekyshoes @ 44 (show text)

It works for the FBI and CIA, why not the TSA.


Dearie May 20th, 2012 at 2:55 pm


Kip@47: Is that a ‘yes’ or a ‘no’? Full and rigorous background checks on ALL ‘agents’ who interact with

the public?

Perhaps I’m just still in a fume about being groped, but I do not understand your answer.


emptywheel May 20th, 2012 at 2:56 pm


In response to Kip Hawley @ 45 (show text)

I noted you didn’t answer my question about the FBI stings using things they rolled out as TSA targets a

few weeks later. Shall I assume that’s classified then? Which would suggest there’s something there.

It is crystal clear that FBI chose to “sting” a target w/a Metro attack just weeks before Pistole rolled out the

effort to do random searches on public transport.


Bruce Schneier May 20th, 2012 at 2:58 pm


In response to Dearie @ 49 (show text)

Kip, I believe that Dearie is specifically asking about background checks against sex-offender databases.

Not an unreasonable question, considering what they’re doing to travelers.


Kip Hawley May 20th, 2012 at 2:58 pm


In response to Bruce Schneier @ 46 (show text)

TSA, CIA, FBI, NSA, NCTC, ODNI specifically. Plus I consulted with friends abroad who had equities and

also other former officials, not to mention lawyers. It was a surprisingly positive process. I would say a

batting average of .750 with TSA since I pretty much knew what would fly with them and about .500 with

the others.

They flagged a lot of the operational detail and some things that personally identified current players but

we had a feisty debate and they backed off of some and I others. The level of detail in PE is truly amazing.

When I say that person X (identified in the book) made a call at y hour or entered a building at z time.

They are literally accurate. Only in places where I really had to did I change and tried to use an analogy to

give the reader the right feel.



Bruce Schneier May 20th, 2012 at 3:00 pm


Sam Harris and I have been debating profiling. He thinks we should profile “Muslims, or anyone who looks

like he or she could conceivably be Muslim.” I argue that it would reduce security. Could you talk about

the TSA’s view of ethnic profiling at airports? I’m less interested in the political repercussions of the idea

and more of the security efficacy.



Kip Hawley May 20th, 2012 at 3:01 pm


In response to Dearie @ 49 (show text)

Sorry. YES.

(as currently defined and subject to the operational rules blah blah like Atlanta airport workers) My point

is that People who have had top security checks for real and who are trustworthy, sometimes change like

Afghanistan and Maj. Hassan, Robert Hanson, etc.


Dearie May 20th, 2012 at 3:01 pm


Amendment IV: The right of the people to be secure in their persons, papers, and effects, against

unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable

cause, supported by Oath or affirmation, and particularly describing the place to be sarched, and the

persons or things to be searched.

How quaint.


Bruce Schneier May 20th, 2012 at 3:04 pm


In response to Dearie @ 55 (show text)

Airport security checkpoints are a Constitution-free zone in many ways. Freedom of speech doesn’t work

very well there, either. (But, to be fair, the government isn’t demanding to quarter TSA agents in my home

— yet.)


Kip Hawley May 20th, 2012 at 3:05 pm


In response to Bruce Schneier @ 53 (show text)

Short and sweet.

Profiling on the basis of LOOKS is terrible security.

AQ has hundreds, literally, of agents selected specifically because they don’t look like young middle-

eastern men. Here’s one.


(many more examples!)



DWBartoo May 20th, 2012 at 3:05 pm


Kip, I am late to the party, however I hope that you might answer emptywheel’s question @ 20 regarding

the FBI.



RevBev May 20th, 2012 at 3:06 pm


In response to Bruce Schneier @ 56 (show text)

Thanks for the candor….Is all this intrusion justified by the eternal war on terror? Do you foresee any

consideration of let-up?


Dearie May 20th, 2012 at 3:06 pm


Bruce@56; They just want to ‘quarter’ their agents in my bra. Otherwise, have a lovely trip, no tipping

allowed. And after another underpants bomber (if the story is true……you know, trust and all that), my

motto is “Fly Naked!”


DWBartoo May 20th, 2012 at 3:07 pm


In response to emptywheel @ 50 (show text)

Yes, your surmises appear correct, Marcy. Kip have you anything to add to this assessment?



Kip Hawley May 20th, 2012 at 3:08 pm


In response to emptywheel @ 50 (show text)

Sorry I missed your point.The FBI arrests and TSA screening in mass transit are completely unrelated. The

mass transit issue is years old and is based on real intell. I don’t know anything about the example you

cite but there’s a big difference between law enforcement and intelligence, but I suspect you know that.



Bruce Schneier May 20th, 2012 at 3:08 pm


In response to Kip Hawley @ 57 (show text)

Are you assuming this because we know that al Qaeda has tried to recruit terrorists that don’t fit the

profile? Or is the government actually tracking “hundreds, literally, of agents selected specifically because

they don’t look like young middle-eastern men” by name?


Kip Hawley May 20th, 2012 at 3:09 pm


In response to DWBartoo @ 58 (show text)

I think I just did. Come back at me if I didn’t. Thanks, k


Kip Hawley May 20th, 2012 at 3:11 pm


In response to RevBev @ 59 (show text)

My WSJ article should tell you that I think that we can go a long ways in backing off intrusions on the

public for security. I believe the threat is very real and we need to get the public back in support of smart

security. The intrusive pat-down should stop now.



Bruce Schneier May 20th, 2012 at 3:12 pm


In response to RevBev @ 59 (show text)

I don’t believe it is. Terrorism is a risk, but it is hardly existential. That being said, I think it will take

another generation to undo the security excesses of the current one.


DWBartoo May 20th, 2012 at 3:13 pm


In response to Kip Hawley @ 62 (show text)

A big “difference”?

Do we actually “know” that, Kip?

Given the dreadful state of the Rule of Law in this nation, and whether you might like it or not, there is

considerable reason for skepticism and doubt.

Presumably that surprises you?



Kip Hawley May 20th, 2012 at 3:17 pm


In response to Bruce Schneier @ 63 (show text)

We know this from ten years of intelligence work by many countries and agencies. Very very specific.

That’s why I used Zubair in my book as the quintessential western operative that you never heard of. (My

editor could fix that sentence.) AQ has trained hundreds of western operatives, including from North

America, of all ages, colors, genders, whatever — many of whom we know by real name, some only by

nick-name. Bryan Neal Vinas was one.

Long Island altar boy, Little Leaguer, captured in Pakistan. The real deal lots on him in the press and in PE.



RevBev May 20th, 2012 at 3:19 pm


In response to Bruce Schneier @ 66 (show text)

That is very discouraging since we are generating more enemies by our actions of drones and aggression.

Is there any dialogue from security people that we may need less/fewer excesses if we mitigated our own



Kip Hawley May 20th, 2012 at 3:19 pm


In response to DWBartoo @ 67 (show text)

No, doesn’t surprise me. It’s a real issue, bigger than TSA or FBI. This is what we should be talking about.

The checkpoint mess just concentrates us on the wrong issues. If we fix the checkpoint, I think more of

the real issues will emerge.



Bruce Schneier May 20th, 2012 at 3:19 pm


The TSA was originally about airport security, but now we’re seeing it at ports, on trains, on subways, and

so on. Where does the TSA’s authority end? Is there anywhere they’re not allowed to set up security



DWBartoo May 20th, 2012 at 3:20 pm


In response to Bruce Schneier @ 66 (show text)

Assuming that civil society is not already turned into a locked-down police state, and that our economic

system has not devolved into a neo-feudal form, you are likely correct Bruce. In the meantime, “endless”

war and the crack-down on dissent, even as we see in Chicago these last few days, the cry of “terrorism”

will ruin and destroy many lives … “national security” at the price of civil rights and individual justice is a

very poor bargain, indeed.



Dearie May 20th, 2012 at 3:21 pm


Kip@70: would you be so kind as to suggest what some of the “real issues” might be and how we might

approach them?


DWBartoo May 20th, 2012 at 3:23 pm


In response to Kip Hawley @ 70 (show text)

Then, by all means, let us speak bluntly to the issue of trust and the concept of of actual reason and NOT

political expediencies.

What say you, Kip?

Shall we?



Squekyshoes May 20th, 2012 at 3:25 pm


In response to DWBartoo @ 74 (show text)

I can’t think of a less blunt way to ask whatever he is asking.


tuezday May 20th, 2012 at 3:25 pm


Hi Bruce. I’ve been a fan of your writing for years. Just wish more people agreed with your common sense

approach to security.

With that I will go back to my corner as a cantankerous devil is sitting on my shoulder.


Kip Hawley May 20th, 2012 at 3:25 pm


In response to RevBev @ 69 (show text)

I’ll take just a small piece of that. Many have written about “soft power” in terms of using America’s

peaceful strength. I totally agree. Everybody agrees with that but it’s harder since I am not convinced that

we really know what converts so many young people to bin Laden-style extremism. Clearly we could do

better with soft power but what about all the westerners and Americans who convert? We must

understand this better. Yes, I agree that isolating various ethic, cultural, religious groups by blanket

security measures is about the worst thing we can do. I got in trouble with some at TSA when I trained

TSO’s on what the Haj is all about.



JonPincus May 20th, 2012 at 3:27 pm


Kip and Bruce, thanks for the discussion. Curious about what you see as the prospects for change; and

how those of us who want change can best be advocating and organizing.


Bruce Schneier May 20th, 2012 at 3:27 pm


In response to tuezday @ 76 (show text)

I believe you can still go through airport security with a cantankerous shoulder devil, but you may have to

put him in a separate bin and send him through the x-ray machine.


Kip Hawley May 20th, 2012 at 3:27 pm


In response to Squekyshoes @ 75 (show text)

Hang on, let me think and answer another. We probably agree and I am just being dense. – k


emptywheel May 20th, 2012 at 3:27 pm


In response to Kip Hawley @ 62 (show text)

That’s impossible. Pistole said, “look at [I forget the name of the young Muslim arrested in a FBI-created

sting.” We need to patrol mass transportation.

You may be saying, “there has been evidence people wanted to attack mass transport for years.” But that

doesn’t explain why Pistole specifically cited an FBI-created sting, rather than that evidence (or even the

Zazi plot) as justification to Congress.

So perhaps my question is better framed, what push is there to tie specific surveillance to specific attacks,

even if the FBI created the plot laid out in the alleged attack? And is it done for Congress, or the public?


DWBartoo May 20th, 2012 at 3:29 pm


In response to Kip Hawley @ 77 (show text)

What do YOU think converts “so many young people to bin Laden-style extremism”?

Certainly they do NOT “hate us for our freedoms”.

What possible threat do you imagine that “we” pose to them?



emptywheel May 20th, 2012 at 3:30 pm


In response to Bruce Schneier @ 66 (show text)

We won’t be able to afford that, though. So it won’t take another generation bc we’ll go broke first.

Failing to educate the next generation of engineers bc we had to pay for the latest Mike Chertoff

technology is not sustainable even one more generation.


Kip Hawley May 20th, 2012 at 3:31 pm


In response to Bruce Schneier @ 71 (show text)

On TSA authorities, here’s the scoop:

It says that TSA has authorities in all modes of transportation. TSA supplements local authorities at their

invitation in other modes. The communications lines are much better than ten years ago and intell is

shared widely and TSA doesn’t force itself into an area. The local authorities have figured out that TSA is a

budget-friendly partner because TSA picks up its own costs.



Bruce Schneier May 20th, 2012 at 3:32 pm


Let’s talk about Sky Marshals. There is considerable analysis that concludes that the program is not worth

it. But in your book, you talk about how the Federal Air Marshal Service is about a lot more than sitting on

random airplanes waiting for hypothetical terrorists to jump up and go “boo.” Can you explain? Also, do

the pilots and flight attendants know when a Sky Marshal is aboard the plane and who he or she is?


Kip Hawley May 20th, 2012 at 3:33 pm


In response to emptywheel @ 81 (show text)

I can only speak to my experience — everything we did on specific threats originated with AQ or like




DWBartoo May 20th, 2012 at 3:33 pm


In response to emptywheel @ 83 (show text)


We cannot afford the extreme excess of our present “security” hubris nor the “cost” of maintaining

military empire while bankrupting the future.



Dearie May 20th, 2012 at 3:33 pm


Kip@84: ‘Scuse me! I think the American people pick up TSA costs. Jeez!


emptywheel May 20th, 2012 at 3:33 pm


In response to Kip Hawley @ 77 (show text)

Isn’t part of the problem that our country treats Muslim terrorists very differently from white terrorists?

Since we treat them so differently (maybe not at TSA, but certainly from a prosecutorial standpoint–FBI

even brags about how much longer the sentences are for foreign terrorists), we prevent ourselves from

assessing what makes someone embrace radical violence, regardless of the particular brand?


DWBartoo May 20th, 2012 at 3:35 pm


In response to Dearie @ 88 (show text)

Even so, Dearie.



emptywheel May 20th, 2012 at 3:36 pm


In response to Kip Hawley @ 86 (show text)

So when pitching Congress on a new need to surveil, did you feel restricted by classification of other plots

and therefore pick a convenient (if inapt) face?

I guess part of what I’m trying to understand is whether these things are being sold to Congress or the

public in a certain way because of a perceived need to scare someone.

We know for a fact, for example, that the govt used the plots Abu Zubaydah “revealed” under torture for

years, even though there were surely real plots that resembled the ones he “revealed” in the midterm.



Nathan Aschbacher May 20th, 2012 at 3:36 pm


Now that all the people are piled up in a huge mass in line for security screening, what will be the next

step of restriction after some nut invariably gets into the middle of them and blows himself up?

Perhaps a TSA agent on the residential doorstep of each traveller before they leave home, and a TSA

vehicle escort all the way to the gate of departure?


Kip Hawley May 20th, 2012 at 3:38 pm


In response to DWBartoo @ 74 (show text)

What I want to talk about is our security strategy. That is what Permanent Emergency is about. But there

are so many intertwined privacy issues relating to technology and government and or private entities that

have come up in the TSA context that I think that understanding what happened with TSA can be useful in

discussing the larger societal issues. What are the government roles, how do we use regulation and when?

What about our foreign partners, how to we work together? Hard for me to describe in web chat format.

But hopefully you get what I am saying.



Dearie May 20th, 2012 at 3:38 pm


I swear! I’m a pleasant old grandma, but I really wanted to say to Matron Rached at the small regional

airport, “I pay your freakin’ salary…..get your hands of my boobs!”


Kip Hawley May 20th, 2012 at 3:38 pm


In response to Dearie @ 88 (show text)

Point taken.


darms May 20th, 2012 at 3:41 pm


Two quickies for Kip and/or Bruce -

1)Is every commercial flight in the US using bag matching for every traveler? (i.e. every checked bag is

associated with someone who boarded the plane, I know they do this in Europe)

2)Is every bit of cargo destined for a commercial flight now inspected & X-rayed?


Nathan Aschbacher May 20th, 2012 at 3:41 pm


In response to Nathan Aschbacher @ 92 (show text)

Additionally, considering that more people die each month from simple influenza related issues than have

died as the result of travel-based terrorism in the last century, what do you think is a reasonable

proportion of government resources used to mitigate travel-based terrorism relative to government

resources used to fight the infection and consequences of the flu?

100:1 in favor of the much less dangerous risk of terrorism? 1000:1? Can you corroborate why the

significantly more benign threat of terrorism should receive such outsized attention relative to influenza



Bruce Schneier May 20th, 2012 at 3:42 pm


In response to Nathan Aschbacher @ 92 (show text)

I hear this argument — that the terrorist can just below himself up at the TSA checkpoint — and I think

it’s a red herring. We can’t possibly prevent lone terrorist attacks everywhere 50 or more people come

together in close proximity. That would include restaurants, shopping malls, movie theaters, dance clubs,

government offices, churches, sports stadiums, Apple stores after the release of a new iPhone, and on

and on and on. Sometimes we’ll get lucky and the results won’t be so bad. Sometimes — like in Norway

last year — we’ll get spectacularly unlucky and the results will be horrific. Aside from investigation and

intelligence, and emergency response, there’s nothing we can do.


RevBev May 20th, 2012 at 3:42 pm


In response to Kip Hawley @ 93 (show text)

I think we are trying to figure out if anyone else is getting it. The invasive, scary stuff seems ramped up

all the time….jars, shoes, feels….where is any push back? Modulation? Maybe we just aren’t hearing it,

but the public relations stuff has been a disaster. Flights more miserable and more expensive. Do we need

to be scared to death?


Kip Hawley May 20th, 2012 at 3:42 pm


In response to emptywheel @ 91 (show text)

An example of a real issue to discuss. It may surprise you that the real government people involved in

surveillance are extremely conservative about staying within the bounds. They are not going to risk their

careers for some overzealous higher up who wants a headline. My experience was that the intelligence

that came in was carefully documented where it came from and that there was obsessive attention to

staying clear of the gray areas. This may be a case where the rhetoric on both sides swirls above a reality

that isn’t as good/bad as the debaters think.



Bruce Schneier May 20th, 2012 at 3:44 pm


In response to emptywheel @ 89 (show text)

Yes, that is very much part of the problem.

I have always thought that the “war on terror” metaphor was actively harmful to security because it raised

the terrorists to the level of equal combatant. In a war, there are sides, and there is winning. I much prefer

the crime metaphor. There are no opposing sides in crime; there are the few criminals and the rest of us.

There criminals don’t “win.” Maybe they get away with it for a while, but eventually they’re caught.

“Us vs. them” thinking has two basic costs. One, it establishes that world-view in the minds of “us”: the

non-profiled. We saw this after 9/11, in the assaults and discriminations against innocent Americans who

happened to be Muslim. And two, it establishes the same world-view in the minds of “them”: Muslims.

This increases anti-American sentiment among Muslims. This reduces our security, less because it creates

terrorists — although I’m sure it is one of the things that pushes a marginal terrorist over the line — and

more that a higher anti-American sentiment in the Arab world is a more fertile ground for terrorist groups

to recruit and operate. Making sure the Muslim majority is part of the “us” fighting terror, just like we’re

all together fighting crime, is a security benefit.


Dearie May 20th, 2012 at 3:44 pm


Nathan@97: Excellent question. And, to be trite, follow the money. Believe me, it isn’t the GED level

‘agent’ who is getting rich off the terror-terror-terror flap nor off the machines that are to keep us ever

so safe.


Kip Hawley May 20th, 2012 at 3:45 pm


In response to RevBev @ 99 (show text)

Please check out my WSJ piece. If we did the things I recommend there, it would take a lot of the distrust

away without hurting security.



DWBartoo May 20th, 2012 at 3:45 pm


In response to Kip Hawley @ 93 (show text)

“Permanent Emergency”.

Consider those words, Kip.

That vests the executive with “endless” power and, very often, make the people the “enemies” of the


It allows Congress to consider permitting propaganda to be used on the American public, it allows fear to

become the instrument of first resort.

It allows the nation to be LIED into a war.

And, it is also a lie, there IS no permanent emergency, simply an opportunity for power to expand.

And that, Kip, is how many of us see “security strategy”.

In all of its splendor.

Have to leave now, but it has been …interesting. Many thanks to all.



CTuttle May 20th, 2012 at 3:45 pm


Is this really necessary…? Cameras monitor every move in parts of Hampton Roads… For example…!


Bruce Schneier May 20th, 2012 at 3:46 pm


Kip, remember those incidents when TSA screeners found blocks of cheese with wires and such? I know

that cheese has the same density as plastic explosives, and is a plausible stand-in for a dry run to test the

efficacy of airport screening machines. I never heard the end of that story. How many cheese blocks were

found? Where? Was there a plausible explanation for the cheese-and-wire combinations? Were there

arrests? Was it all a hoax? To us sitting in no-explanations-from-the-TSA-land, it was all a bit surreal.


Nathan Aschbacher May 20th, 2012 at 3:47 pm


In response to Bruce Schneier @ 98 (show text)

Considering the number of airborne terrorist attacks, and the completely not invasive or annoying

measures to prevent them (ie. air marshals and locked-reinforced cabin doors) it seems pretty safe to say

that in security screening you’re not doing anything to prevent them either.

Furthermore all you did was dodge the question. It’s inevitable that such a thing will happen, and

considering how pointless most of what the TSA does to travelers already is, I cannot fathom how such an

event could happen and the TSA would just say, “Sorry folks, we can’t save you from everything. Just don’t

stand in big lines that we force you to stand in.”

What would be the next logical step to mitigate the incredible and existential thread of travel-based



Squekyshoes May 20th, 2012 at 3:48 pm


In response to Bruce Schneier @ 101 (show text)

Amen — best take-away from this chat.


Kip Hawley May 20th, 2012 at 3:50 pm


In response to darms @ 96 (show text)

Bag matching? — I think they are supposed to be but it’s another rule that with better scanners we could


International screening? — They just announced the answer to your question, earlier in the week and I

don’t know it. Net is that almost all of it is but there is no way 100% happens.

Check out this if you’d like a perspective on what threatens a plane and what doesn’t.



Nathan Aschbacher May 20th, 2012 at 3:50 pm


In response to Dearie @ 102 (show text)

Thanks. It annoys me to no end that these discussions get mired in tactics and minutiae of

implementation when I don’t think the proponents of any of it have even come remotely close to

validating their very existence at all.

When you listen to them talk you’d think that 747′s were flying into skyscrapers every other Sunday and

twice on Tuesday.


Bruce Schneier May 20th, 2012 at 3:50 pm


In response to Nathan Aschbacher @ 107 (show text)

“What would be the next logical step to mitigate the incredible and existential thread of travel-based


The same things that have worked in the past, and play to our strengths: investigation, intelligence, and

emergency response.


Kip Hawley May 20th, 2012 at 3:51 pm


In response to DWBartoo @ 104 (show text)

Thanks DW — the name Permanent Emergency is meant to say that we cannot sustain what we are

currently doing. I am not advocating for a PE. !


emptywheel May 20th, 2012 at 3:52 pm


In response to Kip Hawley @ 100 (show text)

There’s no two sides here, thanks. Pistole used an FBI created plot as his reason to roll out new

surveillance. That’s on the record, public, uncontested. It’s similar to the way the Admin ALWAYS uses the

alleged assassination attempt on the Saudi Ambassador–the location and weapon for which (and therefore

the outlines of the terrorist charges) were chosen by the government–in their efforts to drum up efforts

against Iran.

There is only a question of WHY he did that. You tell me the threat is real, goes back years. OK. So the

question I’m trying to ask–because the facts are not in dispute here–is why Pistole would use an FBI

created plot RATHER THAN refer to the real dangers going back years. And so I’m wondering if it’s

because of something about CONGRESS, or about the PUBLIC, in these new technologies?

In short, WHO needs to have a convenient, recent scary face–rather than a reference to classified

evidence–to be convinced these new technologies are needed? Congress? Or the public?


BevW May 20th, 2012 at 3:53 pm


As we come to the end of this great Book Salon discussion,

Kip, Thank you for stopping by the Lake and spending the afternoon with us discussing your new book

and your time with the TSA.

Bruce, Thank you very much for Hosting this Book Salon.

Everyone, if you would like more information:

Kip’s website ( and book (Permanent Emergency)

Bruce’s website (Schneier on Security) and book (Liars and Outliers)

Thanks all, Have a great week.

If you want to contact the FDL Book Salon:


Bruce Schneier May 20th, 2012 at 3:53 pm


In response to Kip Hawley @ 112 (show text)

And, to be fair, the amount of editorial control a book author has over his title is close to nil. The point of

that title is to sell books.


emptywheel May 20th, 2012 at 3:54 pm


In response to DWBartoo @ 104 (show text)

Beyond the fact that we’re ignoring the far more real emergency, climate change.


Kip Hawley May 20th, 2012 at 3:55 pm


In response to Bruce Schneier @ 106 (show text)

Good question. There were real AQ plots and dry-runs using “stand-in” explosives like cheese. Since that

intell was highly Classified, we went through our domestic incident logs to find proxies for the real

probes. That allowed us to send it out to our workforce and train them on what we knew AQ was doing

but could use real examples (although the examples themselves were benign). The remote control toy

vehicle issue was the same. Our workforce knew the subtext but obviously not the press and it made a big

flap. No we didn’t have a war on cheese.


JonPincus May 20th, 2012 at 3:57 pm


May 2012
Share |

Schneier's Outliers: A Book Review

Liaers & Out

Bruce Schneier and I have satisfied a market need of journalists for a number of years; namely relatively informed people willing to go on the record with opposing views about the efficacy of TSA activities. My recent Wall Street Journal piece has led some to wonder how far apart Bruce and I are on TSA security issues. We generally agree on principles and strategy but diverge on issues that are influenced by operational or intelligence considerations, about which Bruce would have no reason to be aware. Bruce might say that I hide behind the secrecy shield and I might wish to retort that just because you don’t understand something, doesn’t mean it is stupid. But enough, there is more to security than checkpoints.

I think the most important security issues going forward center around identity and trust. Before knowing I would soon encounter Bruce again in the media, I bought and read his new book Liars & Outliers and it is a must-read book for people looking forward into our security future and thinking about where this all leads. For my colleagues inside the government working the various identity management, security clearance, and risk-based- security issues, L&O should be required reading.

At TSA, the most troublesome programs were the ones where we had to assign risk scores to passengers and our own or others’ employees. Whom do you trust? How do you know? Does the absence of a criminal record have any bearing on whether the person might be susceptible (witting or not) to al Qaeda recruitment? Was the airport employee who had a telephone call logged with the subject of an active FBI terrorism investigation a terror risk? Should we pull his access credential on that basis and make him unemployable in the aviation industry? How would it sound if we didn’t pull the credential and he did something; “you mean to tell me that TSA knew that this person was directly connected to the subject of an FBI terror investigation and you let him maintain access to aircraft?” The popular Registered Traveler (RT) program was premised on the trustworthiness of frequent flyers solely on the basis that they were not watch listed or illegally in the country. As al Qaeda operatives by the hundreds qualified for RT, I stopped TSA from accepting money for what can only be called security theatrical “background checks” and the program folded. Yet is has to be that some flyers are of less terror risk than others. How to think about this problem?

Bruce Schneier’s Liars & Outliers sets the context for all the millions of individual trust issues that come up in daily life as well as all over the public policy and business sectors. L&O describes a framework for us to think logically about the very nature of trust in society, indeed the atomic elements of society itself. Schneier illustrates scenarios of the interdependence of the various societal elements (“moral, social, economic, and political”) with trust and security. He identifies that our institutions are drawn to factors that can be measured and recorded, better perhaps for a paper trail than lasting indicators of trust.

L&O is fresh thinking about live fire issues of today as well as moral issues that are ahead. Whatever your policy bent, this book will help you. Trust me on this, you don’t have to buy everything Bruce says about TSA to read this book, take it to work, put it down on the table and say, “this is brilliant stuff.”


May 2012
Share |

Trust & Identity, Smarter Security



Here is a lecture I did for the Naval Postgraduate School's Center for Homeland Defense and Security, entitled "Smarter Security." It deals with many of the same trust and identity issues that come up in Bruce Schneier's book "Liars & Outliers" -- only the opinions are mine and they specifically relate to TSA.



May 2012
Share |

Understanding Bombs on Planes

If you are into the discussion of aircraft vulnerability to underwear bombs here is a lecture I did for the Naval Postgraduate School.   


Thanks to NPS for giving me permission to post this on my blog.  

May 2012
Share |

It's Not a Weapons Game

We need to move our attention away from finding pointy objects and instead focus our resources on the next generations of explosives that al Qaeda brings at us.  

I talked with Brian Williams tonight on NBC Nightly News about the threat. 

NBC Nightly News



May 2012
Share |

Underwear Brief

What can we learn from Underwear II?

First, threats to aircraft are still top of mind for al Qaeda, even post-bin Laden. Forget the line about AQ being staggered and on its last legs, just because they may not be as concentrated in Pakistan/Afghanistan doesn’t mean they don’t have a presence in many other locations.

Second, the real threat to aviation is bombs brought on board the plane. Searching for pointy objects is a waste of time. Regulations aren’t enough, flexible and smart techniques like behavior observation work better.

Third, connecting intelligence capability to TSA checkpoint operations is key and this is the perfect proof case. Well done all the way around.

Fourth, body scanners are helpful but they aren’t everywhere, particularly overseas. This means a pat down is urgently needed that is accepted by the public and consistently done properly by security officers of every culture in all locations. U-II is not an argument for the invasive pat down; it highlights the need to replace it with something sustainable.

Fifth, physics rules. TSA needs to know for sure whether the mass of the explosive in Underwear II is sufficient to take down a plane. That will inform the discussion about how far up one’s leg a security officer needs to go. The goal is not to find a trace element (deep in the crotch); we are looking for the necessary mass to take down a plane (not quite so intrusive).

Sixth, be vigilant elsewhere. We are notorious for dashing after the latest attack technique and AQ likes multi-stage attacks with diversions built-in.

May 2012
Share |

Is there science to security? Yes, and it's discussed here

Last week, Popular Mechanics wrote a piece on Permanent Emergency, focusing heavily on the idea of using complexity theory to manage airport security risks. If you’ve started reading my book, you’ll quickly notice that complexity theory is a recurring theme. When I started at TSA, I realized that 450 airports with 50,000 TSA employees screening 2 million passengers a day at checkpoints across the US looks a lot like a complex adaptive system. Like a hurricane that forms a predictable pattern even though all the raindrops are doing their own thing.

So how do we protect the traveling public when the threat is constantly changing?

Terrorists continue to look for ways around the system. If TSA officers simply operate from a set of Standard Operating Procedures, commonly called SOPs, we’re opening ourselves up for an attack. By strictly following a set of rules, the Osama bin Ladens of the world can easily pick up on our playbook. They can identify our SOPs and they know how to get explosives through a magnetometer without alarming.

Continuing to advance the technology at checkpoints to stay ahead of the curve is prudent, but technology isn’t enough. Creating an unpredictable environment is crucial. And to do this, we need to add a human element.

We need to continue to tap into the TSA’s 50,000 frontline officers. The officers understand the checkpoint environment and the passengers that go through it every day. Giving them the training and then the leeway to actually use their knowledge to assess each situation, rather than following a standard set of rules, adds a layer that is hard to crack.

In security, complexity theory can help design effective security that doesn't slow us down.

May 2012
Share |

'Lou Dobbs Tonight' Interview

Enjoyed sitting down with Fox Business News' Lou Dobbs this evening to talk about risk management and airport security.  If you missed it (or if you saw it but can't wait to watch it again), here it is.


Apr 2012
Share |

Book Tour Day 3

Permanent Emergency was off to a busy start this morning starting with a radio interview with 970 wfla. The support we're receiving from local radio stations from Tallahassee to the Twin Cities to Denver and many others has been tremendous - THANK YOU!

This afternoon I'm stopping by George Washington University to talk to the Homeland Security Policy Institute about risk management and airport security. Thanks to HSPI for setting up this event!

This evening brings even more excitement. And no, I'm not talking about the NFL draft picks - though I am hoping that the Packers pick up some stars! Tonight is Permanent Emergency's book launch party, graciously hosted by Bobby Van's in DC.  Quite a few of the cast of characters from Permanent Emergency will be in attendance. But no need to worry - we excluded the "bad guys" from the evite. My visits to DC since my TSA days are few, and I'm looking forward to seeing friends and supporters of Permanent Emergency tonight.

Books will be available for purchase at tonight's event. Did I mention my book dropped on Tuesday?

One last shameless plug before I go: I'll be airing on CBS Evening News and NBC Nightly News tonight.

Apr 2012
Share |

Why Airport Security Is Broken - And How To Fix It


Airport security in America is broken. I should know. For 3½ years—from my confirmation in July 2005 to President Barack Obama's inauguration in January 2009—I served as the head of the Transportation Security Administration.

You know the TSA. We're the ones who make you take off your shoes before padding through a metal detector in your socks (hopefully without holes in them). We're the ones who make you throw out your water bottles. We're the ones who end up on the evening news when someone's grandma gets patted down or a child's toy gets confiscated as a security risk. If you're a frequent traveler, you probably hate us.

More than a decade after 9/11, it is a national embarrassment that our airport security system remains so hopelessly bureaucratic and disconnected from the people whom it is meant to protect. Preventing terrorist attacks on air travel demands flexibility and the constant reassessment of threats. It also demands strong public support, which the current system has plainly failed to achieve.

The crux of the problem, as I learned in my years at the helm, is our wrongheaded approach to risk. In attempting to eliminate all risk from flying, we have made air travel an unending nightmare for U.S. passengers and visitors from overseas, while at the same time creating a security system that is brittle where it needs to be supple.

Any effort to rebuild TSA and get airport security right in the U.S. has to start with two basic principles:


First, the TSA's mission is to prevent a catastrophic attack on the transportation system, not to ensure that every single pa

sengercan avoid harm while traveling. Much of the friction in the system today results from rules that are direct responses to how we were attacked on 9/11. But it's simply no longer the case that killing a few people on board a plane could lead to a hijacking. Never again will a terrorist be able to breach the cockpit simply with a box cutter or a knife. The cockpit doors have been reinforced, and passengers, flight crews and air marshals would intervene.

Second, the TSA's job is to manage risk, not to enforce regulations. Terrorists are adaptive, and we need to be adaptive, too. Regulations are always playing catch-up, because terrorists design their plots around the loopholes.

I tried to follow these principles as the head of the TSA, and I believe that the agency made strides during my tenure. But I readily acknowledge my share of failures as well. I arrived in 2005 with naive notions of wrangling the organization into shape, only to discover the power of the TSA's bureaucratic momentum and political pressures.

There is a way out of this mess—below, I'll set out five specific ideas for reform—but it helps to understand how we got here in the first place.



The airport checkpoint as we know it today sprang into existence in spring 2002, over a month and a half at Baltimore/Washington International airport. New demands on the system after 9/11, like an exhaustive manual check of all carry-on bags, had left checkpoints overwhelmed by long lines and backlogs. A team of management consultants from Accenture delved into the minutiae of checkpoint activity at BWI: How long did it take to pass from one point to another? How did the behavior of travelers affect line speed? How were people interacting with the equipment?

The consultants had a million ideas for improvement, but with no infrastructure, acquiring even the most ordinary items became a quest. For example, before passengers walked through the metal detectors, they needed to place their keys, jewelry and change into a container. But the long, skinny plastic dishes in use at the time tipped over. So a team member went to PetSmart, bought a bunch of different dog bowls and tested each one. The result was the white bowl with a rubber bottom that's still in use at many airports. (Please, no jokes about the TSA treating passengers like dogs.)

One brilliant bit of streamlining from the consultants: It turned out that if the outline of two footprints was drawn on a mat in the area for using metal-detecting wands, most people stepped on the feet with no prompting and spread their legs in the most efficient stance. Every second counts when you're processing thousands of passengers a day.

Members of Congress, who often fly home to their districts for the weekend, had begun demanding wait times of no longer than 10 minutes. But security is always about trade-offs: A two-minute standard would delight passengers but cost billions more in staffing; ignoring wait times would choke the system.

After I was confirmed as TSA administrator in 2005, one of the first things I did in office was to attend screener training at the Minneapolis-St. Paul International Airport.

I sat down at a computer with Gary, a solidly built guy in his 40s with a mustache and a shaved head. Gary pointed at a screen that simulated the carry-on bag monitors at checkpoints. "What do you see?" he asked, a half smile on his face.

I stared at the series of colorful, ghostly images that Gary froze on the screen and tried to pick an easy one. "Well, that's a computer or some electronic, there are wires, maybe a battery." The sharp edges were easy to pick out, and the recognizable pattern of a motherboard jumped out. "But I don't know about that big orange blob on top of it."

"Right," said Gary. "The orange-colored part…. That means it's organic. Anything made of organic material—clothes, shoes, food—it's all going to register orange here."

As a confidence boost, Gary gave me a series of images with guns and knives in various positions. Knives lying flat were giveaways, but when viewed lengthwise, they had very little visible surface. Explosives were a whole different story. A plastic explosive like C4 is organic and dense. It appears as a heavy orange mass. Unfortunately, a block of cheddar cheese looks roughly the same. 


As we started testing with a moving scanner, Gary warned me that too many false positives would be a big problem. A "hair-trigger" strategy would get me flunked. Images with guns took about one second to identify. Clear bags took roughly five seconds to double check for blade edges. It was cluttered bags—with their multihued oranges, blues, greens and grays jumbled together—that were the killers.

I wish that more of our passengers could see the system from the perspective of a screener. It is here, at the front lines, where the conundrum of airport security is in sharpest relief: the fear of missing even the smallest thing, versus the likelihood that you'll miss the big picture when you're focused on the small stuff.

Clearly, things needed to change. By the time of my arrival, the agency was focused almost entirely on finding prohibited items. Constant positive reinforcement on finding items like lighters had turned our checkpoint operations into an Easter-egg hunt. When we ran a test, putting dummy bomb components near lighters in bags at checkpoints, officers caught the lighters, not the bomb parts.

I wanted to reduce the amount of time that officers spent searching for low-risk objects, but politics intervened at every turn. Lighters were untouchable, having been banned by an act of Congress. And despite the radically reduced risk that knives and box cutters presented in the post-9/11 world, allowing them back on board was considered too emotionally charged for the American public.

We did succeed in getting some items (small scissors, ice skates) off the list of prohibited items. And we had explosives experts retrain the entire work force in terrorist tradecraft and bomb-making. Most important, Charlie Allen, the chief of intelligence for the Department of Homeland Security, tied the TSA into the wider world of U.S. intelligence, arranging for our leadership to participate in the daily counterterrorism video conference chaired from the White House. With a constant stream of live threat reporting to start each day, I was done with playing defense.

But the frustrations outweighed the progress. I had hoped to advance the idea of a Registered Traveler program, but the second that you create a population of travelers who are considered "trusted," that category of fliers moves to the top of al Qaeda's training list, whether they are old, young, white, Asian, military, civilian, male or female. The men who bombed the London Underground in July 2005 would all have been eligible for the Registered Traveler cards we were developing at the time. No realistic amount of prescreening can alleviate this threat when al Qaeda is working to recruit "clean" agents. TSA dropped the idea on my watch—though new versions of it continue to pop up.

Taking your shoes off for security is probably your least favorite part of flying these days. Mine, too. I came into office dead set on allowing people to keep their shoes on during screening. But, contrary to popular belief, it isn't just Richard Reid's failed shoe-bomb attempt in December 2001 that is responsible for the shoe rule. For years, the TSA has received intelligence on the terrorists' footwear-related innovations. Some very capable engineer on the other side is spending a lot of time improving shoe bombs, which can now be completely nonmetallic and concealed in a normal street shoe. There's still no quick way to detect them without an X-ray.

I was initially against a ban on liquids as well, because I thought that, with proper briefing, TSA officers could stop al Qaeda's new liquid bombs. Unfortunately, al Qaeda's advancing skill with hydrogen-peroxide-based bombs made a total liquid ban necessary for a brief period and a restriction on the amount of liquid one could carry on a plane necessary thereafter.

Existing scanners could allow passengers to carry on any amount of liquid they want, so long as they put it in the gray bins. The scanners have yet to be used in this way because of concern for the large number of false alarms and delays that they could cause. When I left TSA in 2009, the plan was to designate "liquid lanes" where waits might be longer but passengers could board with snow globes, beauty products or booze. That plan is still sitting on someone's desk.

The hijackings of the 1960s gave us magnetometers, to keep guns off planes. After the Pan Am 103 bombing over Lockerbie, Scotland, a small amount of international checked baggage was scanned and people were required to fly with their luggage. After 9/11, the TSA was created and blades were banned.

Looking at the airport security system that we have today, each measure has a reason—and each one provides some security value. But taken together they tell the story of an agency that, while effective at stopping anticipated threats, is too reactive and always finds itself fighting the last war.

Airport security has to change. The relationship between the public and the TSA has become too poisonous to be sustained. And the way that we use TSA officers—as little more than human versions of our scanners—is a tremendous waste of well-trained, engaged brains that could be evaluating risk rather than looking for violations of the Standard Operating Procedure.

What would a better system look like? If politicians gave the TSA some political cover, the agency could institute the following changes before the start of the summer travel season:

  1. No more banned items: Aside from obvious weapons capable of fast, multiple killings—such as guns, toxins and explosive devices—it is time to end the TSA's use of well-trained security officers as kindergarten teachers to millions of passengers a day. The list of banned items has created an "Easter-egg hunt" mentality at the TSA. Worse, banning certain items gives terrorists a complete list of what not to use in their next attack. Lighters are banned? The next attack will use an electric trigger.
  2. Allow all liquids: Simple checkpoint signage, a small software update and some traffic management are all that stand between you and bringing all
    your liquids on every U.S. flight. Really.
  3. Give TSA officers more flexibility and rewards for initiative, and hold them accountable: No security agency on earth has the experience and pattern-recognition skills of TSA officers. We need to leverage that ability. TSA officers should have more discretion to interact with passengers and to work in looser teams throughout airports. And TSA's leaders must be prepared to support initiative even when officers make mistakes. Currently, independence on the ground is more likely to lead to discipline than reward.
  4. Eliminate baggage fees: Much of the pain at TSA checkpoints these days can be attributed to passengers overstuffing their carry-on luggage to avoid baggage fees. The airlines had their reasons for implementing these fees, but the result has been a checkpoint nightmare. Airlines might increase ticket prices slightly to compensate for the lost revenue, but the main impact would be that checkpoint screening for everybody will be faster and safer.
  5. Randomize security: Predictability is deadly. Banned-item lists, rigid protocols—if terrorists know what to expect at the airport, they have a greater chance of evading our system.

In Richmond, Va., we tested a system that randomized the security procedures encountered by passengers (additional upper-torso pat-downs, a thorough bag search, a swab test of carry-ons, etc.), while not subjecting everyone to the full gamut. At other airports, we tried out a system called "Playbook," which gave airports a virtual encyclopedia of possible security actions and let local law-enforcement, airport and TSA officials choose a customized set of counterterror measures.

Implemented nationally, this approach would give to the system as a whole a value greater than the sum of its parts—making it much harder for terrorists to learn how to evade our security protocols.

To be effective, airport security needs to embrace flexibility and risk management—principles that it is difficult for both the bureaucracy and the public to accept. The public wants the airport experience to be predictable, hassle-free and airtight and for it to keep us 100% safe. But 100% safety is unattainable. Embracing a bit of risk could reduce the hassle of today's airport experience while making us safer at the same time.

Over the past 10 years, most Americans have had extensive personal experience with the TSA, and this familiarity has bred contempt. People often suggest that the U.S. should adopt the "Israeli method" of airport security—which relies on less screening of banned items and more interviewing of passengers. But Israeli citizens accept the continued existence of a common enemy that requires them to tolerate necessary inconveniences, and they know that terror plots are ongoing.

In America, any successful attack—no matter how small—is likely to lead to a series of public recriminations and witch hunts. But security is a series of trade-offs. We've made it through the 10 years after 9/11 without another attack, something that was not a given. But no security system can be maintained over the long term without public support and cooperation. If Americans are ready to embrace risk, it is time to strike a new balance.

Read the Wall Street Journal Article


Apr 2012
Share |

An Explainer on 3 Dimensions of Security Risk Management









When evaluating security measures, risk management trade-offs have three dimensions.


1) Security

First and foremost is the security value itself. When the need is great enough (as with liquids in August 2006) it trumps all the others.


2) Operations

Your ability to consistently and efficiently execute security actions across a vast system of checkpoints is another important risk management consideration. An idea might have great security value and be very popular, but if it clogs up checkpoints and hemorrhages cost, the gears grind and sparks fly.


3) Public

A third dimension of risk management is public acceptance.


It is wise to consider all three dimensions before implementing security changes.


Of the three, security value has the smallest range of options because the dangers of giving up security benefits are so great. Execution value has a little more flex but costs money in inefficient operations and credibility with employees. Public acceptance is the one that security managers are more willing to stress in order to gain security and operational value. New unpopular measures are often introduced as temporary measures until the technology is ready to make the pain go away. The cost in public acceptance is hard to measure and security trade-offs are often explained, as "we have to do this for security."


Some examples from my recommendations in the WSJ:


Everybody removing shoes scores highly in both security value (eliminating shoe bombs from al Qaeda's arsenal) and operational value (speed of security lines). It totally fails on public acceptance. There have been scanners tested. One day…


Limiting banned items gets a spirited debate on the security value trade-off because of 9/11 and the danger of killing or threatening to kill key passengers (children, flight crew, air marshals, celebrities). On the other hand, gaining control of an aircraft with most banned items is no longer possible. Operationally, it would speed up checkpoints in a big way, save money and popular approval would be near universal.


Current technology can effectively find threat liquids so the security trade-off of introducing ‘liquid lanes,’ where all quantities are allowed, is not much but there are operational problems in segmenting checkpoint lanes into “all liquids” and “baggies only.” Passenger confusion in lane selection and long lines could result from false alarms created by the very sensitive detectors. It also is a change from a well-understood procedure that carries an operational penalty as passengers adjust. I think that public acceptance would be a huge positive (probably because I am labeled as the ‘baggie guy’) but the general wisdom is that the baggie should stick around until better machines are deployed that allow closed bag scanning with its corresponding increase in line speed.


Apr 2012
Share |



  • In this riveting expose, former TSA administrator Kip Hawley reveals the secrets behind the agency's ongoing battle to outthink and outmaneuver terrorists, illuminating the flawed, broken system that struggles to stay one step ahead of catastrophe.

    Buy Now Buy Now

Buy Permanent Emergency from these booksellers

Digital Editions Available