TSA Officers Focus on Security, not Good Looks

The internet is abuzz with posts, tweets and news articles regarding allegations that TSA officers required a passenger to go through a body scanner multiple times because she was attractive.

First, I want to reassure all passengers that TSA does not profile passengers.   

Second, I’m pleased to inform all concerned parties that every single one of our millimeter wave units in the field, including those at Dallas/Ft. Worth (DFW airport), have been equipped for quite some time with privacy software that no longer displays a specific image of the person being screened.

The monitor is mounted on the scanner itself, and here’s what both the passenger and officer see:

That’s it. In fact, if there are no alarms, a green screen with “OK” is all that’s displayed. There is no longer a need for an officer to review images in a remote location because there are no longer any privacy concerns with the image. 

Even when we did review the images in a remote room, they looked more like fuzzy photo negatives than the images that some make them out to be. Furthermore, it’s not TSA’s policy to scan passengers multiple times. 

We have no record of the passenger filing a complaint when this allegedly occurred more than six months ago. Had it been reported to TSA at that time, we could have reviewed CCTV and interviewed the officers. We were instead notified about these allegations by the media more than six months after the alleged incident. 

In situations such as these, passengers should use Talk to TSA to contact a customer support manager at the airport they traveled through. Passengers can also call our contact center. We want to hear from you, good or bad. We take your feedback seriously and will use the details you provide to look into your concerns. 

Our backscatter units (another type of body scanner) will eventually use the same software and still required the need of an officer in a remote private location to view the images. That officer never sees the passenger, just their image. In case you’re wondering, DFW only has millimeter wave units.

When it all comes down to it, our officers are focusing on keeping passengers safe, not their good looks.

Blogger Bob Burns  
TSA Blog Team 

If you’d like to comment on an unrelated topic you can do so in our Off Topic Comments post. You can also view our blog post archives or search our blog to find a related topic to comment in. If you have a travel related issue or question that needs an immediate answer, you can contact a Customer Support Manager at the airport you traveled, or will be traveling through by using Talk to TSA.

Bollywood Confidential

A rumor is going around that Bollywood superstar Shah Rukh Khan had an Advanced Imaging Technology (AIT) image of himself leaked by UK Security officers at Heathrow. This rumor, though juicy, is unfounded.

TSA reached out to the UK's Department for Transport (DFT) and learned that, just like advanced imaging technology machines in U.S. airports, they do not have printers or the ability to store images in the airport setting.

Additionally, DFT pointed TSA to the source of the rumor: an interview with BBCs Jonathan Ross. Though he doesn't explicitly say that he's joking, we can confirm in all seriousness that the machines don't do what he jokingly describes.

Thanks,

Blogger Bob
TSA Blog Team

Advanced Imaging Technology: Storing, Exporting and Printing of Images

It's being reported that the Advanced Imaging Technology (also known as body scanners) being used by TSA has the ability to store, print and export images.

The truth is, the procurement specifications require these machines be capable of functioning in both a screening operation environment at the airport, and in a test mode environment. A test mode would be used at our testing facilities at the Transportation Security Integration Facility (TSIF) and the Transportation Security Lab (TSL). As you can imagine, the ability to store, export and print are crucial in a testing environment. TSA documents and manages approved configurations for all procured equipment, which are verified both in the factory and in the field prior to operational use.

All functionality to store, export or print images is disabled before these machines are delivered to airport checkpoints. There is no way for Transportation Security Officers in the airport environment to place the machines into test mode.

The Privacy Impact Statement (PIA), versions of which have been out since 2007, have each said the same thing: "While the equipment has the capability of collecting and storing an image, the image storage functions will be disabled by the manufacturer before the devices are placed in an airport and will not have the capability to be activated by operators."

AIT machines do have USB, hard disc and Ethernet capabilities, but these are for limited data transfer only - an officer's user ID, log-in and log-out time, and statistical data. Images cannot be transmitted or stored. Also, these machines are not networked, so they cannot be hacked.

TSA has been forthcoming with the traveling public about this technology, including the strong privacy protections we have in place. We've posted many times on Advanced Imaging Technology and you can read more on our blog and at TSA.gov.

Also, contrary to popular rumor, AIT portals cannot "beam you up."

On a slightly unrelated note, there are many different inaccurate images circulating out there. Below, you will see accurate examples of what our officers see while using advanced imaging technology. Anything else you see is inaccurate.



Thanks,

Blogger Bob
TSA Blog Team

Encryption Is the Issue In Case of Missing Laptop

The Transportation Security Administration (TSA) continues to investigate the circumstances surrounding the loss of a Clear®- owned laptop computer on July 26 that contained unencrypted data of approximately 33,000 customers. TSA has verified that a laptop was discovered by Clear® officials yesterday at San Francisco International Airport (SFO). It was voluntarily surrendered to TSA officials for forensic examination.

TSA’s regulatory role in this matter is as follows: Every commercial airport is required to have an approved airport security plan. So Registered Traveler is part of that comprehensive plan at the airports where it operates. Under the airport security plan, the sponsoring entity, (SFO in this case) is required to assure its vendors have an approved information security program. Because the computer at SFO was not encrypted it is in violation of the airport’s security plan.

TSA also has the ability to go directly to vendors when the plan is not being adhered to so TSA is conducting a broad review of all Registered Traveler providers’ information systems and data security processes to ensure compliance with security regulations.

Clear® needs to meet the information security requirements that they agreed to as part of the Register Traveler program before their enrollment privileges will be reinstated. Encryption is the wider issue as opposed to one incident with one laptop. So for now, Clear® enrollments remain curtailed.

Current customers will not experience any disruption when using Registered Traveler.

Eos Blog Team

Answers to Your Top 10 Questions

Here are the top ten questions we received from our recent request. We tallied the number of times we received each question or a similar version of it and noted the total for each question below. Thanks to the Office of Chief Counsel, Privacy Office and Kip for helping us provide you with the answers.

10) What immediate measures can a person take when encountering a less than friendly TSA agent? 12 of our readers asked this question.

First, you can request a lead or supervisor. If you're not satisfied after speaking with a lead or supervisor, you can request a manager. If you're in a hurry and don't have time to talk, or if you are not comfortable making your complaint in person, you can visit our new Got Feedback? web page. "Got Feedback?" is a new program that allows passengers to contact us via e-mail with very specific questions, comments, complaints, etc. Rather than your e-mail being sent to a single mail box where it sits in the queue waiting for a response, it is actually sent directly to the TSA Customer Support Manager at the airport your feedback concerns. Upon request, the Customer Service manager will contact you. Click here to read more about the "Got Feedback?" program.

Our officers have a tough job, and they are there to protect you and your family. Everyone at TSA appreciates the support of the traveling public, including those who express their support with their courteous behavior and words of support.

9) Do any members of the Blog team actively perform screening functions? 12 of our readers asked this question.

Not currently. When Bob joined the blog team, he was a Behavior Detection Officer based out of Cincinnati and a former Transportation Security Officer who performed screening duties. Bob eventually came to headquarters as a full-time blog team member. So, while Bob has 5 ½ years experience in various screening functions, he is no longer a TSO/BDO.

While not in a screening function, Jay is a Federal Security Director for an airport in the Midwest. He oversees screening operations at about 10 airports of varying sizes. Also, we had a TSO contribute as a guest blogger and write an article on Checkpoint Evolution.

There are currently many TSOs and other field employees actively involved commenting on the blog, and we appreciate their participation.

We will continue to invite members of the workforce to weigh in on the blog to keep it relevant to what is happening in airports. The blog will improve as we add new folks with various areas of expertise.

8) Why do you have access to my political affiliation? 13 of our readers asked this question.

"It's unequivocally not our policy to use political, religious, or other sensitive personal topics as identity validation. If it happened, it was wrong and will not be repeated." Administrator Kip Hawley

Perhaps you're asking this question because of a recent story about a person who said that their identity was verified at a checkpoint by asking their political affiliation. Early on, there was a case where the operations call center ran a passenger's information through their database (which includes commercial data) for a passenger without ID, and found no significant information to verify their identity. One thing that did come up was political donations for a person with the same name. Political donations are a matter of public record and accessible to anyone with basic Internet search skills. As a last ditch effort to help the passenger, a decision was made to ask them about their political affiliation. It was a mistake.

7) Why has TSA restarted the pointless gate screening? If the sterile area is in fact sterile, there's no need to screen those who have already been screened. 13 of our readers asked this question.

In reality, we do very little screening of bags at gates. We do, however, conduct a great deal of additional security in the sterile area. For instance, we have Behavior Detection Officers and K-9 teams on regular patrols as well as undercover Federal Air Marshals throughout the sterile area. Not to mention video coverage. We want to pick up on people who may be doing surveillance or attempting to prepare for a later attack. We are interested in activity around gates, but also restaurants, Duty Free shops, and other common areas.

As to gate screening itself, we have special purpose checks for specific items and behaviors. We may also have a particular interest in different flights. We layer in some random activities so as not to raise attention when we do have a specific interest. You may see our inspectors with new portable explosives detection devices that go onboard an aircraft ahead of boarding and check employees with access to the aircraft, including catering.

TSA’s overall strategy is to incorporate mobile, unpredictable, intelligence-driven security measures in ways that frustrate a terrorist planner seeking to engineer attacks against an easier, stationary target. We do not, as the question suggests, do gate screening of bags merely to re-do what we already did at the checkpoint.

Click here to watch a short video on gate screening.

6) I had a TSA agent tell me that each airport is free to implement security standards beyond those listed on the TSA site -- meaning that they could restrict items from being allowed in carry-on baggage that are explicitly allowed according to the TSA site. 14 of our readers asked this question.

There is a standard list of prohibited items that is available on our Web site to anybody with an internet connection, including terrorists. Clearly we have to pay attention to those items, since they are obvious tools of would-be attackers.

We cannot, however, fixate on those items and think that if we stop them, we're safe. Terrorists know TSA's standard operating procedures and work on how to engineer around them. Look no further than the August '06 London bomb plot with liquid sports drinks. If those terrorists had made it to the checkpoint, many of the items they were bringing would have been extremely hard to identify.

TSA is moving the focus of our officers from a checklist mentality to an empowered environment where officers use their experience and training -- and trust their instincts. The TSA workforce has screened more than 3 billion people, about half the population of the earth. We have a good handle on what "normal" looks like. Anything out of the "normal" range may get additional scrutiny, whether or not it is on the prohibited items list. That could mean a variety of things from a more thorough physical search to a seemingly casual conversation. It depends on what the anomaly might be. We know that with many layers of security the thinking, engaged and experienced TSO will be the one to stop an attack.

TSA is committed to using the judgment and experience of our officers to keep the security advantage. TSA is embarking on a two-day training for all officers that will tie together the latest intelligence analysis, more advanced explosives detection skills, and ways to engage with passengers in a way that promotes a calmer environment and better security result. It uses the physical checkpoint to our advantage to improve security.

5) Why doesn't TSA consider items being stolen from checked bags a security threat? Dangerous items could just as easily be ADDED to luggage. 15 of our readers asked this question.

We do! We consider every opportunity for someone to get a weapon or a bomb onto a plane and use a variety of methods to ensure there's something in place to mitigate that threat.

Specifically, there are video monitoring systems in places where individuals have access to checked bags, both airline baggage handling areas and TSA inspection stations.
Beyond that, we have a multi-layered approach to security, because if one layer gets breached, another layer or layers can step in to fill the gap. Let's focus on layers that directly affect your question.

TSA does background checks on and issues credentials to all employees who work in the secure area of the airport – which includes people handling baggage. TSA also conducts random employee screening every day in airports to ensure only people with proper and valid credentials get into the secure area.

TSA initiates internal investigations or ‘stings’ if we have a concern. When caught, arrests are made and serious federal charges are brought. Also, behavior detection officers are trained to spot suspicious behavior anywhere in the airport.

It's also important to note that employees who work in the airport often see the same people day in and day out, and know when something doesn't seem right. While they don't always work for TSA, they are another set of eyes and ears keeping watch for your safety.

4) Where is the Privacy Impact Assessment for the form that TSA provides to people who claim to be unable to present credentials at TSA airport checkpoints? 15 of our readers asked this question.

The Privacy Impact Assessment, or PIA, that covers the information collection and handling associated with identity verification is the Operations Center Information Management System PIA. Identity verification is one of several types of information associated with airport security efforts that fall within the coverage of this PIA.

For bonus points, we'll answer another question that some have asked: whether the form itself requires an OMB control number. Since the form entails no burden beyond identifying the individual and home address, it is exempt from Paperwork Reduction Act requirements pursuant to 5 CFR 1320.3(h)(1).

3) Given that it's trivially easy to forge a boarding pass, how does presentation of validated IDs do anything to ensure that people on selectee/no-fly lists don't enter the sterile area? 16 of our readers asked this question.

An excellent question. TSA's document checkers are looking at IDs and boarding passes. They are aware of the techniques that forgers use and are looking out for them. We are working with the airlines both in the U.S. and world-wide on this issue. There are encryption and other methods of validating a boarding pass. Some are sophisticated, some are very low-tech and simple. Some airlines are now using encrypted electronic boarding passes that appear on a passenger's cell phone or PDA. The International Air Transport Association, which secures international cooperation and uniformity in aviation regulations and standards, is moving all of its members to use this technology by the end of 2010.

Even so, it is important to remember that the different layers of security work together. We're not only checking IDs and boarding passes at the checkpoint, we have measures throughout the airport, at the gate, and on the aircraft, that identify someone who may be dangerous.

Lastly, one of the other Top Ten questions dealt with random gate screening, which is another way of closing the loophole. The random check can also be used to ensure additional security measures when our information suggests it is warranted.

2) In the context of ensuring air travel safety, what is the difference between two people, both of whom are willing to cooperate with TSA's invasive interrogations, one of whom politely declines to show ID, the other of whom claims he lost or misplaced his ID? 20 of our readers asked this question.


Bottom line is identity matters. We need to verify who is getting on the plane.
The best and quickest way for us to assure identity is with a photo ID issued by a federal or state government. We work with passengers who have something less than that, including no ID. Most passengers in that situation help us quickly resolve the matter by sharing whatever information they have, sometimes verified through our Ops Center in Virginia. Someone declining to show an ID that they have on them endures a lot of hassle for not much of a point since it is far more intrusive for us to resolve it through the Ops Center than showing a legitimate ID up front. It is only when someone refuses to identify themselves or attempts to use fake ID that we would deny entry to the sterile area based on ID.

Ever since airport security started decades ago, it was based on "things" – making sure a bad thing like a gun or a bomb didn't get on a plane. Problem is, terrorists kept finding new ways to disguise their tools to be almost identical to ordinary objects; most recently, bottles of sports drinks and batteries with explosives inside. They will continue to find more novel threats. That is why the additional layer of identity verification matters more now than ever. Watch lists are a valuable tool in keeping people with known ties to terror plotting off planes.

1) TSA cites 49 C.F.R. § 1540.107 and 1540.105(a)(2) as the law giving them authority to demand identification as a condition of granting access to a sterile area of an airport. 49 C.F.R § 1540.5 appears to limit such passenger screenings to searches for weapons, explosives, and incendiaries as the only requirement for granting access to the sterile area. How does TSA reconcile this conflict? 27 of our readers asked this question.

There is no conflict to reconcile. It is true that 49 C.F.R Section 1540.5 describes screening functions and screening locations in terms of the inspection of individuals and property for weapons, explosives, and incendiaries. However, 49 C.F.R. Section 1540.105(a)(2) doesn't use the word 'screening' at all. Section 1540.105(a)(2) simply states that persons may not enter the sterile area without complying with the systems, measures, or procedures being applied to control access to that area. TSA's identification requirement is one such system, measure or procedure that is used to determine who is permitted to access the sterile area.

By citing 49 C.F.R. § 1540.107 in our original post, we were trying to illustrate one of the ways (and indeed, the most visible way) in which TSA has used its statutory authority to establish security procedures at airports. But, it's important to note that TSA's responsibility for aviation security is not just limited to checkpoint screening. TSA has broad authority to develop policies, strategies, and plans for dealing with the changing threats to aviation security. See, for example, 49 U.S.C. §§ 114(d) and (f) (addressing TSA functions, duties, and powers); id. § 114(h) (addressing notification procedures concerning persons who may pose risk of air piracy or terrorism or a threat to the airline or passenger safety). This authority is in addition to TSA's responsibility for the screening of passengers and property. See, for example, 49 U.S.C. §§ 114(e) (addressing screening operations), 44901(a) (addressing screening of passengers and property).

Thanks,

Bob

EoS Blog Team

TSO Gun Incident

Several bloggers have commented on our blog over the past few days on an incident that involved an officer showing up for work with an unloaded gun. We’ve read these comments and worked hard to get as much information as possible. After turning every stone and working with privacy experts and anyone else that would listen about our need to tell the whole story, the bottom line is that we simply cannot.

The federal Privacy Act prohibits us from providing any details about what happened, how it happened or any disciplinary action we took. It’s unfortunate because there are always two sides to every story.

What we can say is that anyone that shows up with a gun is held accountable, officer or passenger.

Christopher

TSA EoS Blog Team

Safety & Privacy Concerns Regarding the Millimeter Wave Whole Body Imager

We've received many questions on the safety and privacy of the Millimeter Wave Whole Body Imager. As you can see from the chart above, the Millimeter Wave emits a smaller dose than simply walking outside on a sunny day.

I’ll quote a few noteworthy items from the Privacy Impact Assessment for TSA Whole Body Imaging. (PIA) I suggest you read the entire assessment for more information.

The Millimeter wave technology uses non-ionizing radio frequency energy in the millimeter wave spectrum to generate an image based on energy reflected from the body. The energy projected by the system is 100,000 times less than a cell phone transmission (.00000597 mW/cm2 for millimeter wave technology compared to 37.5 mW/cm2 for a cell phone)

The images created by whole body imaging technologies are not equivalent to photography and do not present sufficient details that the image could be used for personal identification.

While the equipment has the capability of collecting and storing an image, the image storage functions will be disabled by the manufacturer before the devices are placed in an airport and will not have the capability to be activated by operators.

The TSA is not the first organization to use Millimeter wave technology. It's currently used in various government locations across the United States, as well as international aviation and mass transit environments including:

Domestic locations Federal Court House (VA), Colorado Springs Court House (CO), Department of Corrections facility (PA), Los Angeles County Court House (CA), Cook County Court House (IL)

International airports U.K., Spain, Japan, Australia, Mexico, Thailand, Netherlands

The results in the first week of use at LAX and JFK speak for themselves.

LAX: 544 passengers were screened from 4/18 to 4/22 using Millimeter Wave technology. Only 18 passengers chose not to undergo the screening.

JFK: 1212 passengers were screened from 4/17 to 4/22 using Millimeter Wave technology. Only 33 passengers chose not to undergo the screening.

Bob

TSA EoS Blog Team

-----Update 5/25/2008-----7:00 PM EST-----

These are the signs that are displayed in front of the millimeter wave whole body imagers.

Bob

TSA EoS Blog Team

Comment Policy

The purpose of this blog is to facilitate an ongoing dialogue on innovations in security, technology and the checkpoint screening process. We encourage your comments; your ideas and concerns are important to ensure that a broad range of travelers are active and informed participants in the discussion. TSA reserves the right to modify this policy at any time.

This is a moderated blog, and TSA retains the discretion to determine which comments it will post and which it will not. That means all comments will be reviewed before posting. In addition, we expect that participants will treat each other, as well as our agency and our employees, with respect. We will not post comments that contain vulgar or abusive language; personal attacks of any kind; or offensive terms that target specific ethnic or racial groups. We will not post comments that are spam, are clearly "off topic" or that promote services or products. Comments that make unsupported accusations will also not be posted. Off topic comments can be posted in our "Off Topic" post as long as they conform to the comment policy.

Any references to commercial entities, products, services, or other nongovernmental organizations or individuals that remain on the site are provided solely for the information of individuals using this blog. These references are not intended to reflect the opinion of TSA, DHS, the United States, or its officers or employees concerning the significance, priority, or importance to be given the referenced entity, product, service, or organization. Such references are not an official or personal endorsement of any product, person, or service, and may not be quoted or reproduced for the purpose of stating or implying TSA endorsement or approval of any product, person, or service.

What This Blog Is Not

• This blog is not to be used to report criminal activity. If you have information for law enforcement, please contact your local police agency.
• Do not send in questions or status inquiries about your specific case involving TSA. Instead, contact TSA directly via our main website.
• This is a place for collecting suggestions and new ideas, not a substitute channel for DHS services or general questions. See "Contact Us" on www.dhs.gov, to get help from the Department and components.
• Do not submit unsolicited proposals, or other business ideas or inquiries to this blog. This site is not to be used for contracting or commercial business.
• This blog may not be used for the submission of any claim, demand, informal or formal complaint, or any other form of legal and/or administrative notice or process, or for the exhaustion of any legal and/or administrative remedy.

TSA does not guarantee or warrant that any information posted by individuals on this blog is correct, and disclaims any liability for any loss or damage resulting from reliance on any such information. TSA may not be able to verify, does not warrant or guarantee, and assumes no liability for anything posted on this website by any other person. TSA does not endorse, support or otherwise promote any private or commercial entity or the information, products or services contained on those Web sites that may be reached through links on our Web site.

Members of the media are asked to send questions to the Office of Public Affairs through their normal channels and to refrain from submitting questions here as comments. Reporter questions will not be posted.

We recognize that the Web is a 24/7 medium, and your comments are welcome at any time. However, given the need to manage federal resources, moderating and posting of comments will occur during regular business hours Monday through Friday. Comments submitted after hours or on weekends will be read and posted as early as possible; in most cases, this means the next business day.

For the benefit of robust discussion, we ask that comments remain "on-topic." This means that comments will be posted only as it relates to the topic that is being discussed within the blog post. The views expressed on the site by non-federal commentators do not necessarily reflect the official views of the Transportation Security Administration or the Federal Government.

To protect your own privacy and the privacy of others, please do not include personally identifiable information, such as name, Social Security number, phone numbers or email addresses in the body of your comment. If you do voluntarily include personally identifiable information in your comment, such as your name, that comment may or may not be posted on the Blog. If your comment is posted, your name will not be redacted or removed. In no circumstances will comments be posted that contain Social Security numbers, addresses, email address or phone numbers. You have the option of posting comments anonymously, but if you opt not to, any information, including your login name, may be displayed on our site.

Thank you for taking the time to read this comment policy. We encourage your participation in our discussion and look forward to an active exchange of ideas.

Privacy Act Statement
Authority: 49 U.S.C. §114(f). Purpose: TSA will use this information to promote communication between the Administrator of the Transportation Security Administration, the traveling public, and throughout the TSA community. Routine Uses: TSA may share the information provided by members of the public with facility operators, law enforcement, intelligence agencies, or other government agencies as necessary to respond to potential or actual threats to transportation and national security, or pursuant to its published Privacy Act system of records notice DHS/TSA 006, Correspondence and Matters Tracking Records (CMTR), 68 FR 49503-49504. Disclosure: Furnishing this information is voluntary.