Is It Really Possible to Trust Travelers?
A specter haunts the airport security checkpoint. He or she is a U.S. citizen or possibly a legal immigrant who has been in the country for years. This person has no criminal record and, therefore, despite the manifold tools developed by law enforcement and the intelligence community since September 11, 2001, triggers no alarms.
This “clean-skin terrorist” is the boogeyman of the counterterrorism and homeland security profession, and the primary reason why the Transportation Security Administration (TSA) has failed to implement a trusted traveler program to make the security screening process faster, more cost-effective, and less intrusive. But that’s about to change.
In July, TSA Administrator John Pistole, the nation’s top transportation security official, announced that the agency would begin testing a trusted traveler program this fall at airports in Atlanta, Dallas, Detroit, and Miami. While Pistole was short on details, the pilot program will give some frequent fliers of American Airlines and Delta Air Lines as well as some members of Customs and Border Protection’s Trusted Traveler programs expedited security screening.
Pistole’s announcement comes at a time when full body scanners and enhanced pat-downs have led civil rights advocates and some members of Congress to question the logic behind TSA procedures that treat everyone as a potential terrorist. Aviation security stakeholders have welcomed Pistole’s statements, believing that, finally, a risk-based approach to passenger screening will get off the ground.
“I think people are now realizing that budgets have ballooned within TSA, specifically for aviation screening, and that passenger levels are going to be on the rise,” says Erik Hansen, director of domestic policy for the U.S. Travel Association (USTA). Consequently, “the current course [of screening everyone] is unsustainable.”
While the TSA itself has never had a trusted traveler program, it did support some private sector initiatives under its Registered Traveler program. The most notable was Clear, created by Verified Identity Pass Inc. in 2005. It charged a fee in exchange for presumably streamlining air travelers’ airport screening. To qualify, travelers paid the $199 application fee, submitted biometrics (iris and fingerprints) and personal information, and underwent a TSA-supplied threat assessment. But the guarantee of reduced screening never came to fruition, because TSA refused to screen Clear members differently from other passengers.
“TSA was not persuaded that [Clear’s process] was adding to security,” says Stewart Baker, the first assistant secretary of policy at the Department of Homeland Security (DHS) and now a partner at Steptoe & Johnson LLP in Washington, D.C.
As TSA Deputy Administrator Gale Rossides made clear in the Federal Register in 2008, the agency’s own threat assessments done for Registered Traveler-approved companies couldn’t guarantee a passenger wasn’t a threat. “TSA concluded that an individual’s successful completion of a TSA-supplied threat assessment did not eliminate the possibility that the individual might initiate an action that threatens the lives of other passengers,” she wrote. “Therefore, screening of these individuals should remain the same as screening of other passengers.”
While Clear members did get to the security checkpoint faster because they had their own lane, they still had to take off their shoes, remove outer garments, and remove their laptops from their cases. Thus, the program did little to alleviate the stress on passengers or the strain on agency resources.
Despite enrolling approximately 200,000 members, Clear went belly up in 2009. “It didn’t produce enough revenue to cover the high costs that Clear, in particular, seemed to incur in equipment and staff and marketing and so forth,” says Bob Poole, director of transportation policy at the libertarian Reason Foundation, who has also consulted on post-9-11 aviation security with Congress and the White House.
(That could change in the future. Clear has been resurrected by the company Al-Clear, which has overhauled the service and is currently operating out of Denver International Airport and Orlando International Airport. It might find a role in any future trusted traveler program.)
Erroll Southers, associate director of the National Homeland Security Center for Risk and Economic Analysis of Terrorism at the University of Southern California and the Obama administration’s first choice to head the TSA, says the reason TSA wouldn’t provide registered travelers with reduced screening is obvious. “The push back was always this clean-skin terrorist [concern],” he says.
And that fear translated into a lack of political will to stare risk in the face. “There was an attitude in Congress and sometimes in TSA and within DHS that you couldn’t accept any level of risk whatsoever,” says Hansen.
That doomed any efforts to set up an effective trusted traveler program.
The Way Forward
If trusted traveler is going to succeed this time around, it must increase the convenience of getting through security without sacrificing security, experts say. While no two trusted traveler models are exactly alike, experts agree that TSA must concentrate its efforts on three core areas—identity verification, background checks, and redundant layers of security. TSA must also roll out the program intelligently, using extremely low-risk populations as its test bed. How it chooses to address these areas, however, could dampen travelers’ enthusiasm for the program.
Identification/authentication. To make the application process convenient, applicants should be able to register for the program online, says Southers. The biographical information submitted would then be checked against commercial and classified government databases to ensure that the information submitted by applicants matches other databases and that the applicant doesn’t present a threat. Access to commercial data is critical to assessing a traveler’s risk, because of the threat of clean-skin terrorists—high-risk passengers that may not yet be on a watch list, says Bennet Waters, a former TSA deputy assistant administrator and the recently named president of AlClear.
“There are other elements of information, in addition to what’s held in the classified environment, that look at things like your residential history, your employment history, and perhaps your credit history, that we know from an intelligence perspective to be associated with varying degrees of risk: transient employment, transient residential history, etc.,” he says. “No one of those taken alone says that you’re a bad person, but you start to chain deficiencies in a few of them together, and they begin to raise concerns that a person might be a higher risk…[because] we don’t know a whole lot about your background.”
Currently, TSA does not access commercial data to verify a passenger’s identity and assess their risk when they book a flight because of privacy concerns. The USTA has called on Congress to give the agency that authority.
TSA is working with the airlines to gain access to more customer data as part of its forthcoming trusted traveler program, but only with traveler consent. Waters says AlClear is already verifying enrollees’ identities by accessing the commercial databases the agency cannot (something the prior company that ran Clear did not do). As a private company, AlClear has more leeway to take this sort of action than a government agency does.
Southers believes TSA should require applicants to come to a nearby airport after submitting the registration form. Applicants would provide a combination of approved government-issued identification documents, such as a passport and a valid driver’s license, to authenticate their identities. During that visit, applicants would also submit their fingerprints, and possibly another biometric.
Southers contends that this biometric requirement would help dissuade terrorists from applying for the program because it could expose them to detection or arrest if their initial information does not check out or they act strangely or their fingerprints are otherwise in a criminal database. Or it might dissuade them because they would not want their fingerprints on file.
Background screening. After establishing a person’s identity, what level of background screening should the government require before allowing acceptance into a trusted traveler program? Many aviation stakeholders say that screening should include checking fingerprints against the FBI’s criminal databases. This is the same process airport employees with unescorted access to sensitive areas, like planes, currently receive. “If people with that degree of scrutiny are trusted on an everyday basis—several million of them—to be able to get at planes through the back door, why shouldn’t people who come into a plane through the front door be able to do so with the same kind of background check?” Poole asks.
Frequent flyers could be asked to offer TSA even more information to assess their risk before they are granted trusted traveler status, says Rear Admiral (retired) Cathal L. Flynn, a former associate administrator for civil aviation security at the Federal Aviation Administration (TSA’s precursor agency) and a charter member of the Association of Independent Aviation Security Professionals. Flynn says that five years of data about frequent flyers is enough to assess risk.
“That’s five years of transactions. You have the person’s addresses for five years, and you’ve got their travel patterns for five years. If they’re international travelers, you can assess whether they’ve gone to places of concern,” says Flynn. During a Senate committee hearing this June, Pistole confirmed he was working on something similar with domestic air carriers, but no details were forthcoming.
Other experts advocate more than a database check. Brian Jackson, senior physical scientist at the RAND Corporation, and two coauthors recently issued a report on the issue. In the report, the authors looked at how the background check might be structured to discourage any would-be terrorist from applying for trusted traveler status as a first step toward carrying out an attack.
One approach might be to let applicants know that their social networks could be examined during the background check, planting the seed in a potential terrorist’s mind that by applying for the program, he or she could put other members of the group at risk of detection. Another possibility would be to make it known that anyone who applied for the program and was rejected would have their name sent to the FBI.
It’s also important, experts say, that background checks be repeated frequently and randomly for those already in the program. What’s essential, according to Southers, is “a dynamic, repeated vetting of your population.”
But as Jackson warns, these disincentives can cut both ways. While they certainly would dissuade some terrorists from applying, they would also stop many innocent travelers from applying as well because of privacy concerns. TSA, therefore, has to produce a cocktail of disincentives that terrorists find bitter but ordinary travelers find palatable.
Layered security. Once a traveler receives trusted status, security screening does not end. The USTA recommends that the trusted traveler program include robust layers of screening that are sufficiently streamlined to provide a demonstrable benefit compared to the process for nontrusted travelers.
First among these layers would be to ensure that persons presenting themselves as trusted travelers are who they say they are and not imposters. Under the USTA proposal, that would be accomplished via kiosks where travelers would confirm their identity with biometrics collected during enrollment.
For even more security against a terrorist somehow compromising the biometric kiosk by faking biometrics or identification, according to Southers, TSA could also have trusted travelers punch in a personal identification number at the kiosk. “With all that in place, I think you’ve certainly exercised due diligence,” he adds.
But because even the best background check cannot detect the clean-skin terrorist or a trusted traveler who radicalizes into a terrorist after acceptance into the program, there has to be more to screening than simply verifying that the person belongs in the program. Thus, USTA and others recommend that after the biometric kiosks, trusted travelers pass through either an explosives detection portal or other correctly calibrated screening equipment without having to empty their pockets or take off garments. Trusted travelers would also put their carry-on bags through an explosives detection scan or the x-ray machines being used for all travelers. If no alarms were raised, trusted travelers would proceed to their departure gates.
Rounding out the security layers, the USTA recommends that behavioral detection officers and canine explosives teams be deployed at the trusted traveler checkpoint. Both Southers and Jackson agree that these measures would provide additional security without compromising screening efficiency. Southers estimates that the mere fact that trusted travelers wouldn’t have to take off shoes or remove jackets and pull out laptops could cut wait time by 50 percent, making throughput twice as fast.
Another proposal is that some trusted travelers would be randomly selected to receive the full security screen. All of the aviation security stakeholders Security Management spoke with agreed that random screening is essential to a successful trusted traveler program. Jackson, however, warned that this shouldn’t happen too often or it might create backlash against the program.
The Roll Out
So far the TSA has been tight-lipped about its trusted traveler program, aside from where it will commence and who will be eligible to participate in its first phase. But as testing begins, trusted traveler advocates stress that the TSA should only expand the program with low-risk populations that the government already knows a lot about and trusts. The best example of this would be U.S. citizens who hold top secret national security clearances, says Hansen. Other populations the USTA considers extremely low-risk are active duty military and federal, state, and local law enforcement.
By initially focusing on these low-risk populations, the TSA could straighten out any kinks in the program before opening enrollment to the real target population—frequent flyers. “If you can target those passengers, you are taking care of a lot of flights, and it’s going to make the process easier for everybody else,” Hansen says.
The exact number of frequent flyers in the United States is impossible to determine, experts say, because the airlines closely guard that type of proprietary information. But Hansen provides a broad sketch of what his organization would consider a successful program. “If there are trusted traveler lanes in the top 25 airports, and 20 percent of the traveling public is enrolled in a trusted traveler program, and those travelers are flying in sufficient numbers through those 25 airports, then we would consider that a successful program,” he says.
Risk and Response
The intellectual battle that trusted traveler advocates always had to fight was convincing TSA officials and other critics that reduced screening did not result in subpar security. “I don’t think anyone is proposing a trusted traveler program where it exempts anyone from security,” Southers says. “I think that was another falsehood that was out there. All this is about is efficiency.”
Still, advocates know that no matter how carefully crafted a trusted traveler program is, an attack could still happen, which is why TSA and DHS have to be prepared to defend the program in that eventuality.
“You have to tolerate the fact that there will be penetration of the trusted traveler line and that doesn’t mean that the program is failing,” says RAND’s Jackson. Pistole seems to have already begun this education effort, telling the American Bar Association recently that “We are not in the risk elimination business—and we never will be.”
But if trusted traveler initiative advocates aren’t willing to fight for the program if it is exploited, then there’s no reason to go forward. “If policymakers are unprepared to weather and rationally respond to such criticisms after an attack, then a trusted traveler program may not be viable in spite of its potential security benefits,” Jackson and his RAND coauthors warn in their report.
Despite that concern, Southers believes trusted traveler will be a reality. During his time as the TSA nominee, he held one-on-one interviews with approximately one third of the U.S. Senate and found that a trusted traveler program had strong bipartisan support.
Other trusted traveler advocates agree that the time is now, and Pistole is telling stakeholders that he hopes to have more details on TSA’s risk-based screening efforts by the end of the year.
“I think they’re serious internally,” says Poole. “Now whether what they come up with will be what everyone else is hoping for is another question.”