Technology and Process Failures at TSA

This week, the House Homeland Security Committee’s Transportation and Protective Security Subcommittee held a hearing entitled “Checkpoint of the Future: Evaluating TSA’s Innovation Task Force Initiative.” My colleague Marc Scribner and I submitted comments for the record that advise a little less emphasis on innovation, and a little more on brass tacks.

The Transportation Security Administration has a history of tripping over itself to rush out technologies that are ill-considered and invasive. TSA has shown contempt for the administrative laws that govern it. It slow-walks processes and policies that are meant to keep it responsive to the public.

The TSA is not supplying cost-effective security. It is driving down results for the airline industry and needlessly suppressing Americans’ freedom to travel. Indeed, with some programs, it might be killing people by steering travelers toward driving when they could be flying much more safely.

The “puffer machines” that TSA famously implemented and then scrapped some years ago are a signal that the agency is not smart with its technology choices. TSA’s body scanners have been a disputed program for nearly eight years because of how the agency has drawn out the processes that are meant to make it a smarter agency. It took several years and several court actions to get the agency to publish a regulation in support of its use of the automated strip-search machines. CEI is challenging that regulation in court.

The argument we’ve made is that TSA should have properly accounted for modal substitution. People perish in far greater numbers per million miles traveled by road than they do by air. Some percentage of short-haul travel has been shifted to the roadways because of TSA’s unpopular scanning procedures, producing injury and death to more people than the use of the strip-search machines plausibly saves. We believe consideration of this dynamic is required of the agency under the Administrative Procedure Act. The court has yet to rule.

In the course of producing the rule, the TSA mentioned a “risk reduction analysis” that it says supports the use of the technology. But it classified the analysis instead of sharing it with the public and security experts.

It’s possible, though unlikely, that parts of such a document merit classification—but certainly not all of it. So in 2013 and again in 2015, I requested mandatory declassification review of the TSA’s “risk reduction analysis.” The TSA failed to respond both times, so in November 2016, I appealed TSA’s constructive denial of the review to the Interagency Security Classification Appeals Board (ISCAP). The ISCAP reviews classification decisions to ensure their consistency with federal classification policy.

The ISCAP requested a copy of the risk reduction analysis shortly after the appeal was lodged in November 2016. As of April 7, 2017, the TSA has yet to forward the document to ISCAP for its review. In parallel to the drawn out rulemaking process, the TSA is now stonewalling the federal government’s own classification experts who might review its decision.

Is the TSA an agency that Congress should encourage to move forward with fascinating new technologies like facial recognition, which news reports indicate might soon be deployed? Absolutely not. The agency needs to follow the administrative laws, practice sound risk management, and use cost-benefit analysis regarding existing programs before it considers technologies that might be even more invasive than what has come before.