Administrator Kip Hawley's Final TSA Blog Post

TSA opened up this web dialogue about a year ago to get feedback from the public and engage with them on the issues that they presented. We have learned a great deal from those of you who have posted and I am grateful for your engagement with us. While some of the individual comments are painful to read and/or based on something that is factually wrong, taken as an aggregate there are undeniable, unavoidable themes.

One of those themes is that TSA's security is intellect-free. The broad categories seem to be about doubting the reality of the current threat, perceived vulnerabilities, and experiences that defy common sense.

With this post, I would like to touch on threat and vulnerabilities and focus on how TSA is introducing more 'smart' security at the airport.

Threat information comes in many forms, virtually all of it coming to us with restrictions on how we can use it. The good news is that we get it -- and use it -- to craft our security activities, and we literally do that every day. The bad news is that a condition of getting the really detailed and actionable information is that we cannot fully explain to the public the 'why' behind what we do. Ellen Howe's previous post discusses how we have tried to get out as much as we can on the 'why,' most recently, with the Ad Council.

The point on vulnerabilities is that since there are vulnerabilities in every system, what's important is to identify them and then compensate for those vulnerabilities with other measures. TSA is involved in risk-management - understanding our vulnerabilities, looking at what terrorists may be planning, and devoting our main efforts to reduce the risk of attacks with catastrophic consequences.

You might look at it like mapping out a spectrum of attacks causing catastrophic consequences, then overlaying it with vulnerabilities, and then circling in red the vulnerabilities associated with high-consequence attack scenarios where we know terrorists are plotting. We look for compensating measures across the spectrum to protect against vulnerabilities or plotting of which we are unaware. But first of all, we take action to close down any vulnerabilities circled in red. When we see an intersection of threat, vulnerability and consequence, TSA takes action as we have with liquids and shoes even though we know that they will not be popular. We are more likely to consider convenience issues in other areas of the spectrum and devote considerable effort in working with our airport and airline colleagues to make things work with the least possible inconvenience. There are technology answers -- but we have to close the gap until the technology answer works and is deployed.

Part of the problem with the 'common sense' theme is that our rhetoric of smarter, flexible, unpredictable, stay-ahead-of-the-terrorist strategy can clash with your personal experience. Some measures are in place now and others rolling out that will sharply reduce that disconnect. I will mention a few examples in each of our key areas: people, technology, and process.

First off with our people, TSA is about two-thirds of the way through retraining our entire airport workforce, from Federal Security Director to front-line Officer. (Headquarters elements are also included.) This training is worthy of its own post but it is two full days in length and covers the gamut from human factors to updated information on terrorist weapons and tactics. It is all about being smart about how we do our security job and how to think in terms of identifying real - and sophisticated - threats and less about running through a checklist.

Secondly, we are also about two-thirds through a major deployment of much more sophisticated carry-on bag scanners, AT-X-ray. About 600 of the new, smarter AT's are deployed already with another 300 more in the next few months. These are the machines that will be able to detect threat liquids (or powders, gels, etc.) automatically and will allow TSA to change the baggie requirement and clear up many of the head-scratching moments you now endure. (Probably about a year away.)

Finally, I have spoken about wanting to break up the rigidity of checkpoint screening and mentioned a goal of changing it up, spreading it out, and calming it down. With a re-trained workforce that has better technology, we can make the existing process calmer. There are opportunities also to make process changes that will make things smoother. For instance, where we have rigid and predictable criteria for extra screening (like last minute travel changes and one-way tickets), we can get more security value by using less obvious criteria like randomness or behavior and make things less congested at the checkpoint.

While this forum will continue to hear from our vigorous critics, I hope that in addition to the words of the indefatigable Blogger Bob and his colleagues, you will see that TSA has backed them up with actions in the year that the EoS Blog has been in business.

Our on-line presence is much clearer, deeper, and more accessible - and improvements will continue. Black Diamond, laptop bags, clearer signage, better explanations of the “why”, are all examples of actions taken by TSA that were helped by this blog discussion. You've helped us prioritize your pain points and we do, in fact, work to reduce those.

The security needs in aviation (and surface transportation) are significant and on-going. Real security risk mitigation can only happen when all parties - including the public - are active, positive participants. The men and women of TSA are amazing in their commitment to protect you and it has been an honor to serve with them. I hope that, going forward, your personal experience with our people, bolstered by better technology and process, will bring us together in support of our common objective - untroubled transportation to our chosen destination and a safe, smooth return home.

Thank you for your interest and participation,

Kip

The Path Forward on Liquids

When it comes to liquids, everybody involved with checkpoint operations -- passengers, airlines, airports, and TSA employees -- agrees that there has to be a better way. Here’s my take on the path forward.

For this discussion, I am using “liquids” as short-hand for liquids, aerosols, and gels and other novel types of explosives.

Intelligence shows that terrorists innovate in explosives formulas as well as the way they would bring them onboard an aircraft. That won’t change any time soon. If liquid restrictions are eased eventually it will be because of improved process and technology, not diminished threat.

Technology

TSA uses several technologies that are effective against liquid and other novel explosives.

Standard X-Ray is deployed everywhere and can effectively identify the presence of liquids and their containers. It is not reliable in differentiating all threat liquids from non-threat liquids. It is effective in the 3-1-1 environment by identifying whether there are liquids hidden in a bag – thus it is useful as a compliance tool.

Advanced Technology “AT” X-Ray is the next generation of X-ray equipment that has technology to examine the dimensions and density of objects within a carry-on bag. 500-600 (out of a total of about 2,000 lanes) will be deployed by the end of 2008. TSA will come close to doubling that number in 2009. AT X-Ray has two major advantages over standard X-Ray:

1) Better image resolution from the hardware side – it uses multiple view points; and

2) Smarter software. The image resolution benefit is immediate; the software will be improved over time.

More than 6,500 Trace Detection “ETD” units are deployed at both checkpoints and checked baggage areas to detect minute particles of explosives residue through the collection of trace samples. TSA has several hundred handheld ETD’s that are capable of detecting explosives particles as well as vapor.

Computed Tomography (CT) Scanners are checkpoint-sized versions of the large checked baggage scanners that have MRI-like capability that will detect anything – solids and liquids. They are large and expensive so TSA does not have many of them. We will be deploying them in smaller airports to screen both carry-on and checked baggage.

Several hundred bottle scanners - handheld or bench-top devices –are deployed throughout the country to provide TSA with the capability to differentiate liquid explosives from common, benign liquids. We use them to test exception liquids (medical needs above 3.4 ounces) and for spot checking passengers and bags.

Spectrometers, very advanced handheld units that can resolve any threat regardless of the chemistry involved, have been issued to TSA Bomb Appraisal Officers at major airports.

Hundreds of dropper-based or test strip-based chemical analyzers kits are deployed at smaller airports to resolve any concerns about individual exempt liquids larger than 3-1-1 in carry-ons.

About 40 Whole Body Imagers are deployed to larger airports around the country to date, and about 80 more will be deployed by spring-time. These are the walk-in portals that scan the body and can detect concealed items, including liquids.

And while they’re not actually a technology, it is important to note that about 2,000 TSA officers have been specially trained in Behavior Detection.

In addition, every officer in the country is receiving two days of specialized training – going on right now – to get at evolving threats, including liquids. To keep current, TSA runs IED drills every shift across the country, every day.

K-9 Teams (over 500) are another effective explosives detection capability and we use them in passenger areas, around the airport, and have several hundred additional teams just for air cargo.

Path Forward

We are deploying the best technology and training as fast as we can get it. The goal is to remove all the restrictions on liquids when we have automated systems that can accurately separate threat from non-threat liquids. Here’s the plan:

Now: We are pretty close to having a network of AT-X-Ray deployed so that nearly 70% of daily passengers will be using major airports with AT. TSA is getting the hardware installed so that when the software is ready in the next year or so, all we have to do is a software upgrade. We will be testing software versions in the coming months.

Fall-2009: Size restriction removed, but all liquids will have to be placed in a separate bin. AT X-Ray software will be advanced enough to tell the difference between threat and non-threat but not yet proven to tell the difference when it is hidden in a bag.

End of 2010: No restrictions. AT X-Ray will have upgraded software that is proven to detect threat liquids in any configuration and is deployed in enough places so that TSA can change the rules to meet one uniform standard for the country.

Next Steps

TSA is working with our partners around the world to share technology both ways and this has resulted in a faster development process and will mean that there could be common design standards with major partners like Canada, the EU, and Australia.

It is also likely that when the U.S. takes steps on liquid restrictions, we will do so in harmony with others, as we did with the 3-1-1 (three ounce container/one quart bag/one bag per person) liquids rule. It is fair to say that we and our global partners see the threat in the same way and know that a common, high level of security encompassing a large part of the world is in everybody’s best interests.

Right now at home, we’re looking at some short term options based on passenger feedback and input from airports and airlines. We think there is an opportunity to build on the Diamond Self-Select lanes systems that we have tried in 2008.

The Diamond Self-Select lanes system, where expert travelers and families choose the lane best suited for them, has worked well. The expert lanes are fast and the Family lanes are hassle-free and they are at 45 airports today. TSA, airports, and airlines can further develop that concept, and we’re looking at something along the following lines.

- Limit the Black Diamond (Expert) lanes more formally beyond self-select.

• By number or size of carry-ons?
• By 3-1-1 only, no exception liquids?

- Focus liquid detection technology at the Family/Special Needs lanes and ask those with exception liquids to go there – speeding up the other lanes in the process?

Liquids restrictions are with us for the better part of the next year but we all realize that a simple, hassle-free security process is good for passengers and security too. Thank you for coming to TSA.gov and I am looking forward to your feedback.
Kip Hawley




***Update 10/27/08***
3 oz or 3.4 oz? What gives???

OK, here’s the scoop. If the U.S. would have switched to the metrics system in the 70s, this wouldn’t be an issue.

When the TSA lifted the total liquid ban and implemented the 3-1-1 program, the permissible amount of liquids, aerosols and gels was 3oz. Press releases went out, WebPages were updated, and signs were printed and shipped out nationwide to 457 airports. A lot of work went into the 3-1-1 campaign.

When the TSA rolled this out, the European Union was not on board yet. When the EU decided to allow liquids to travel, the amount permitted was 100ml. Well, as we all know, 100ml = 3.4oz. not 3 oz.

In order to align with the EU, we decided to allow liquids in containers up to 3.4oz, but we decided to keep our signage the same. The 3-1-1 program was so successful, that it would have been a shame to change it to 3.4-1-1. J

TSOs nationwide should be allowing liquids up to 3.4oz. If they are not, you can ask for a supervisor or you can use our Got Feedback program.

Bob
EoS Blog Team

TSA’s Take on the Atlantic Article

Bruce Schneier and others have raised a number of good issues about TSA’s role in aviation security but veer off course when our work is described as ‘security theater.’ Some examples from a recent article in the Atlantic magazine are worth examining and I would put them in three categories as they represent three different layers of security: 1) items carried through checkpoints on the body; 2) watch-lists and boarding passes; and 3) behavior detection. The comments about TSA not hassling the reporter for carrying a Hezbollah flag or AQ T-shirt are more in the entertainment category along with the thought of splashing water on your face to simulate sweating as a demonstration that behavior detection doesn’t work.

Items carried on the person, be they a ‘beer belly’ or concealed objects in very private areas, are why we are buying over 100 whole body imagers in upcoming months and will deploy more over time. In the meantime, we use hand-held devices that detect hydrogen peroxide and other explosives compounds as well as targeted pat-downs that require private screening.

Watch-lists and identity checks are important and effective security measures. We identify dozens of terrorist-related individuals a week and stop No-Flys regularly with our watch-list process. Dozens more people with security concerns are identified through finding altered or forged documents, including boarding passes. Using stolen credit cards and false documents as a way to get around watch-lists makes the point that forcing terrorists to use increasingly risky tactics has its own security value. Boarding pass scanners and encryption are being tested in eight airports now and more will be coming.

Behavior detection works and we have 2,000 trained officers at airports today. They alert us to people who may pose a threat but who may also have items that could elude other layers of physical security.

The bigger point is that there are vulnerabilities everywhere and we use multiple layers of different security measures to protect us all from instances where one vulnerability can be exploited. The standard for TSA is not perfection, but material reduction of risk.

Clever terrorists can use innovative ways to exploit vulnerabilities. But don’t forget that most bombers are not, in fact, clever. Living bomb-makers are usually clever, but the person agreeing to carry it may not be super smart. Even if “all” we do is stop dumb terrorists, we are reducing risk.

Stopping the ‘James Bond’ terrorist is truly a team effort and I whole-heartedly agree that the best way to stop those attacks is with intelligence and law enforcement working together. Anyone who knows would tell you that TSA is, in fact, an intelligence-driven operation, working daily with our colleagues throughout the counter-terrorism community in that common effort.

Kip Hawley

Yet Another ID Post...With Some Answers to Your Questions

The ID topic has elicited lots of emotion. Many posters feel very strongly on this topic and I respect that discussion and their positions. This is a case where taking steps for aviation security touch other, related controversies that are larger societal/political issues. To the extent that there are legal issues relating to TSA’s actions, they will be resolved elsewhere.

I would like to move on to other topics since we are not going to solve the several complex issues here and we do have lots of other security issues to discuss.

The essential point is that validating a passenger’s identity matters a great deal from a security point of view. Our intelligence, military, and law enforcement colleagues -- at great risk to themselves -- develop sensitive information about potential attacks and the people behind them. They get that information to us so that TSA can do its part and keep those people off aircraft. It is our obligation to protect passengers and crew using the best information that we can get. That is what we are doing.

We will leave this open for further discussion and then move on with our next post. But before we move on, I wanted to provide answers to some of your questions.

Q: If requiring ID is truly instrumental in keeping the flying public safe, why did it take the TSA until June of 2008 to institute that policy?

A: Building blocks.

TSA put up a national security baseline in 2002. This involved creating the organization, staffing, buying and installing equipment -- and the very familiar magnetometer/x-ray checkpoint. No-Fly and Selectee lists were established and given to airlines for them to match versus their ticketed passengers. Airlines continued the pre-9/11 practice of hiring contractors locally to check ID’s. That created a basic physical screening process at the checkpoint (TSA operated) and a basic person screening process through the airlines.

In 2006 and 2007 TSA strengthened the person screening process by adding a new layer (behavior) and improving the watchlist matching. Along with the Terrorist Screening Center (TSC), TSA scrubbed the No-Fly and selectee lists and essentially cut them in half. (CIA and FBI are the major players nominating people to the Watchlists, TSC maintains a consolidated, accurate, government-wide watchlist, and TSA operationally makes sure No-Flys don’t fly.) The system is vulnerable to people evading watchlists if they use a fake identity with the airline and then show a fake ID at the checkpoint. This vulnerability was called out by many on-line posters (and noticed by us) and we took a major step last year to upgrade the ID checks by integrating the checking of ID’s with the rest of TSA’s security. That is why you now have TSA officers, with lights and loupes examining ID’s throughout the system.

The ID requirements we’re talking about here, are the next building blocks to be added. First, to require identity verification and better define the hierarchy of good ID’s -- hence the ‘gold standard.’

We know that terrorists use fake ID's to evade security scrutiny. While I recognize that there are very valid philosophical issues and debates around ID’s, for TSA, this issue is about closing vulnerabilities and stopping attacks.

There is considerable operational complexity to resolving the identity of a person without an ID real-time at the checkpoint. It is getting done now but is still clunky at times. We will get better over the coming months. In answer to the question, all of the building blocks mentioned above, needed to be in place. They are now and aviation is safer as a result

Q: What will TSA do if a majority of the states refuse to issue REAL ID cards to their respective citizens?

A: We would attempt to verify identity with other means, it would just take longer.

Q: If TSA believes that 1) checking ID increases safety to the flying public and 2) the no-fly list is there to catch terrorists, then why are the TSOs that check IDs at the airport not comparing names to those on the no-fly list?

A: Because those checks are done before the boarding pass is issued. It is done in the background by a combination of the airlines and TSA. The system is automated and close matches are resolved on a one by one basis. For more on issues about passengers who have problems because someone else with their name is on the list, please see DHS Trip.

Q: Since it has been claimed by TSA that the 3-1-1 rule was implemented due to the circumstances surrounding the London bomb plot, what position will TSA take if the defendants are found not-guilty?

A: I can’t comment on the U.K. legal system but “certainty” in a criminal proceeding is very carefully defined. I can tell you from the intelligence and law enforcement information developed in this case that the threat to U.S. aircraft was chilling, lethal and the clock was ticking when they were arrested. Had that plot not been discovered, there may well have been thousands of casualties. Doubt about the reality or efficacy of that threat? Zero.

Kip

Checkpoint Evolution Up and Running at BWI: Even More Changes Announced to Reduce Hassle to Passengers

In February, Secretary Chertoff told an editorial board that he had directed TSA to do a sixty-day, no-holds-barred review of what we do at the passenger checkpoint to see if we can weed out things that used to be needed but perhaps today could be stream-lined. This effort ties in with our longer term effort to update our security measures -- to go on offense rather than just wait behind the magnetometer and try to find prohibited items. Today at Baltimore-Washington International Thurgood Marshall Airport (BWI), those efforts come together. And, starting today, they become reality.

Here are the ‘greatest hits’ that are in the works:

Airlines may now allow kiosk/at-home printing of boarding passes for almost everyone. Secretary Chertoff challenged TSA to reduce the hassle thousands of passengers have every day when they can’t print a boarding pass online or at an airline kiosk. They have problems not because they pose a threat to aviation, but because their names are the same or similar to someone whose name is really on a watch list and does pose a threat.

Think of it this way: for every actual person on the watch list, there are thousands of people – who don’t pose a threat – but whose name is close enough that they are flagged in the system and not allowed to print their boarding pass. These passengers must go to the ticket counter to resolve the issue by showing photo identification, and it’s a huge inconvenience to them. Many of these ordinary travelers feel that they have been watch-listed, which would make anyone mad.


TSA has asked airlines to create a secure system to accept passengers’ dates of birth, first at the ticket counter and subsequently in their frequent flier or other secure database. Passengers will be encouraged, but not required, to provide airlines with limited identifying information like their date of birth. If they do so once, the airline can clear them on future flights and they will be able to print their boarding passes at home or at the kiosk.

Better ID verification.

A key to an accurate watch-list process is making sure that people are who they say they are. TSA officers already are using more sophisticated methods to validate a traveler’s identity. In addition, TSA is today outlining the types of ID that will get you through security faster. Essentially, driver’s licenses with photos and passports are what we are looking for. If you left your wallet in a cab, or for some reason do not have the right ID, we will work with you, but it will take longer.

Make the physical layout work for us.

BWI’s “B” Checkpoint has a different look today – it’s the first place to rollout the Checkpoint Evolution elements. We’ve integrated all the elements to work together and get us a calmer checkpoint environment that benefits our active security measures like behavior observation. Easier divesting and bin loading, better light and less noise are examples of things that help security and also lessen hassle for passengers.

We’re excited about these initiatives, because they will improve the passenger’s experience with TSA, but more importantly, they will help our security officers carry out their critical mission. If you fly through BWI, be sure to come back to the blog and let us know what you think.

Click here for more information.

Kip Hawley

Checkpoint Changes Coming

In TSA's checkpoint of the future, passengers will approach the security kiosk, carry-on in hand, and put a biometric on the scanner. While the scanning system clears you after it confirms your identity and flight information, the technology in the kiosk will verify that there are no truly dangerous items on you or in your bag. Total elapsed time: about 1.75 seconds. Version Two will add a Teleporter so that you will not need to get on an airplane.

Your grandchildren will love it.

Technology is a wonderful thing but it's not an overnight process - it must be invented, funded, built, tested, bought, and deployed. Unfortunately, the security technology field has not sufficiently fired the imagination of scientists or the private capital markets to the point where truly breakthrough technology will soon transform the checkpoint experience. Yet the current security threat environment requires that we get smarter and more nimble, now.

We have some significant changes in store for the checkpoint starting this spring. I would like your thoughts and I hope TSA will earn your support in our common mission. Please take a look at our Checkpoint Evolution micro-site.

TSA has taken a fresh look at our checkpoint operations to see if we can improve security and the passenger experience with what we have today. We took what we know from the intelligence and security communities, we listened to our employees, we learned from passengers (including on this blog), we evaluated readily deployable technology, and have come up with changes that we have begun piloting.

There are three elements to what we are calling Checkpoint Evolution: people, process, and technology.

People. The threat environment makes it clear that we need to add layers of security to be effective against adaptive terrorists. This means adding a capability to detect a potential problem even if they are not carrying anything prohibited - in other words, more focus on people, not just things. That means deploying more officers specially trained in behavior detection and document checking to identify people that intend to do harm, not just waiting to find their prohibited item in a carry-on bag.

Process. We're making improvements to the checkpoint process, including better signs to tell you what's going on at the checkpoint and why, and what you need to do at various stages. There will be areas to divest - or prepare - for screening and also an area to get everything back together after you're done. You have seen some pilots with our Diamond Select and Family lanes and we will continue to make improvements.

Technology. We don't have the end-all-be-all machine yet, but there are some technologies we will be installing in many airports throughout the year that are an improvement to what currently exists, including multi-view x-ray for carry-on bags and whole body imaging for passengers. The deployment of these machines will represent the first significant addition to the checkpoint since metal detectors and X-ray machines were introduced in the 1970s.

Our enemies have the advantage of picking their time, place, and method of attack. Those advantages are more pronounced if our defenses are rigid and predictable - they could use our standard operating procedures and technology against us.

We do have some advantages. First, airports are our turf; we have the home field advantage and can set the rules. Keeping an element of randomness and calming the checkpoint are critical.

Second, TSA's officers have experienced more passengers and bags than anyone else on earth and that knowledge is priceless. They know what doesn't seem right. In a calmer checkpoint environment, hostile intent stands out from the behavior of regular passengers just trying to navigate the system. Behavior detection officers and document checkers will use their training and skills to identify people and things that stand out from the norm and give them added scrutiny.

Third, the advantage we need to bolster most is the fact that the numbers are overwhelmingly in our favor - two million people a day fly, every one of them with a vested interest in assuring the safety of our system. We know the overwhelming majority of passengers pose no threat, so we want to improve your checkpoint experience and get your help in making those who do pose a threat stand out.

In short, we are seeking to reduce our weaknesses while improving our strengths until the futuristic checkpoint with seamless security screening becomes a reality.

Please visit our Checkpoint Evolution Web site to find out more, and share your feedback. If we partner together, we can make flying safer and a lot easier - right now. Thank you for your participation and partnership with TSA in keeping travel safe.

Kip

A Few Thoughts on Consistency and Where We're Going...by Kip Hawley

Thanks for participating in the Evolution of Security blog. In the coming weeks we will ask for your opinions about some issues we have now in discussion -- balancing intrusions into personal space (pat-downs, imaging) with better detection, devoting dedicated lanes to 'speedsters' frequent flyers and how to manage who goes to that lane -- are two examples. We will also continue to go where you take us with the issues you raise. I would like to address one of those issues now: 'why do I get different results at different airports?'

There are two main issues: a) process consistency, where we want to have the same result everywhere; and, b) purposeful variation so as not to offer a static target.

Let me say up front that we have sometimes confused the issue ourselves, seemingly excusing unwanted results with 'well we do it differently on purpose' answers. While I understand the frustration of not having a completely identical process every time, I cannot say that you will ever be able to go through completely on autopilot. Here's my perspective...

Let's take process consistency first. Imagine we were a manufacturing business and that we wanted to crank out identical, high quality widgets. That's hard to do even when you use precision equipment and consistent materials. If TSA were a manufacturer, we would be processing over 700 million unique transactions a year, using over 40,000 different people, at over 400 locations. And, rather than combating maintenance woes (although we do) and the standard banes of manufacturing quality, our enemy is active, intelligent, malicious, patient, and adaptive.

Because TSA started from scratch, we used very defined 'standard operating procedures' in order to get the new organization up and running. Over time, that detailed process control started to work against us. It had the effect of making the job checklist-oriented. ('If I follow the SOP, then I am doing my job.') The tighter we squeezed to demand tighter adherence to the SOP, the more we squeezed individual initiative and thinking out of it.

While we had great people as TSO's, we were putting them in situations where they had to do things 'because it's SOP' whether or not it made sense. It was not helpful for public credibility or for keeping our people sharp.

Since nobody would care that we followed the SOP precisely if there was a successful attack, and since our enemy can observe our SOP and plan ways to beat it -- we needed something more.

This is the purposeful variation part. The idea is to have a menu of different security measures that TSOs add randomly to the standard process.

Everybody goes through the magnetometer and puts carry-ons through the x-ray and if there is an alarm, it is resolved. However, given the limits of technology and simple human fallibility, vulnerabilities inevitably exist. We are covering those vulnerabilities by adding, truly at random, additional measures. For example, in the last couple of months, I have had two versions of a quick pat-down. My computer was swabbed for an explosives check, as were my shoes even though I didn't alarm going through (Yes, I go through security just like everyone else). We also have new handheld liquid and solid explosives detection devices deployed as well as a variety of other measures. You may, and should, see what I mean in an upcoming trip.

I should also add that we have recently added other layers of security to address the same vulnerabilities that I have been discussing -- behavior detection, document checking, K-9 teams, undercover air marshals, etc.

So, our theory of how to achieve process consistency from a quality control perspective is to train well and set outcome goals that encourage individual initiative and judgment. We think that for a distributed workforce that sees endless variety in passenger situations and faces an adaptive enemy -- that is the way to go. This means that, yes, you will see some differences trip to trip on some judgment things that are not on purpose. That is the price for a thinking, switched-on front-line -- if you want people thinking, then you have to let them make decisions based on their training and experience.

You will also see some different measures applied trip to trip that are purposeful, put there to prevent someone from exploiting a vulnerability.

Thanks for working with us, Kip

More on the Liquid Rules: Why We Do the Things We Do (Commenting Disabled)

Last week, there was a post on the ars technica blog by Jon Stokes, Senior Editor and Co-Founder, posing some questions on TSA’s liquids rules similar to other questions we’ve gotten on the blog so far. Kip Hawley wrote the following response, and we wanted to post it here for TSA blog readers to see as well.

Jon,

Thanks for the question on liquids. We have lots of material on our site (tsa.gov) going into the liquids issue so that is available for background, including the video of it blowing up. I'll try here to break the question down into the sub-questions I hear most. I enjoy ars technica, especially that it is thoughtful and issue-oriented and I appreciate having the opportunity to address your question.

Was this a real threat? Yes, there was a very serious plot to blow up planes using liquid explosives in bombs that would have worked to bring down aircraft.

Why don't you just ban all liquids? Because our National Labs and international allies demonstrated to my satisfaction that there is, in fact, a scientific basis for allowing small amounts of liquids on as carry-on. We try to prohibit the minimum possible from a security standpoint. Also, the consequence of banning all liquids is a large increase in the number of checked bags, which creates its own issues.

Why can't multiple people bring on explosives in three-ounce containers and mix them post security? The tough one! Tough because there are parts of the reason that are truly classified but here goes... (read them all before throwing up your hands!)

1. We are involved in risk management. The question to me is: "What do you have to do to make a successful attack so complex that an intelligent enemy would recognize that the odds of success are too low?"
2. Because there are limits to our ability to detect every thing every time at the checkpoint, we use layers of security. For example, I and senior leaders at TSA work every day with the intelligence and law enforcement communities world-wide to get insights in how to make our security better -- frequently adding specific training and sometimes, respecting our obligations to the intell and law enforcement communities (like our remote control toys advisory), communicating directly to the public. Also, we reduce risk by a) adding behavior detection capability, K-9 teams, surge teams and document checking out front; and b) by undercover presence throughout the area behind the checkpoint, as well as better screening of the supply chain of items in the sterile area after the checkpoint.
3. We reduce risk by deciding what we believe is necessary for a completed bomb -- the core of the 100ml (3.4 ounce) limit. Extensive testing began the morning of August 10, 2006 -- the day the liquids plot was made public -- to determine if there is a level at which any liquid brought onboard a plane represents little risk. These were tests by multiple government agencies, National Laboratories and other nations and they assisted in the 3-1-1 formulation. We announced 3-1-1 on September 26, 2006 and that allowed travelers to go on overnight trips without having to check a bag. That is the trade-off: if 3-1-1 is too complicated, you can always just check your bag.
4. The preparation of these bombs is very much more complex than tossing together several bottles-worth of formula and lighting it up. In fact, in recent tests, a National Lab was asked to formulate a test mixture and it took several tries using the best equipment and best scientists for it to even ignite. That was with a bomb prepared in advance in a lab setting. A less skilled person attempting to put it together inside a secure area or a plane is not a good bet. You have to have significant uninterrupted time with space and other requirements that are not easily available in a secured area of an airport. It adds complexity to their preferred model and reduces our risk, having the expert make the bomb and give it to someone else to carry aboard. They are well aware of the Richard Reid factor where he could not even ignite a completed bomb. Simple is truly better for them. Also, bomb-makers are easier for us to identify than so-called clean 'mules.'
5. The container itself adds complexity. A 100ml container limits the effect of, and even the ability of, a detonation. It also forces a more precise mix, and a lot more boost -- which makes it easier to detect from that side. Even creative ways to smuggle liquids in are less effective because, eventually, they still have to mix it right and get it into the right container, etc. There are also issues with what kind of container you use, but let's leave them to puzzle that out further...
6. The baggie gives us two benefits: A) It serves as a visually identifiable, easy way to limit quantity. Even if they wanted to bring multiple bottles to mix, we limit the quantity of their total liquids as well (bottles "hidden" in the carry-on bag stick out). B) The baggie serves to concentrate the vapor - substances used to create liquid explosives are very volatile and emit fumes even through sealed bottles. (We have tested.) We have liquid explosives detectors that take advantage of the vapor concentration factor in the baggie. This way, we do not have to examine what's inside every bottle, regardless of what the label says.
7. The effect of pulling out liquids and aggregating them separately allows our security officers to have a clear look at the liquids -- and, perhaps just as important, it de-clutters the carry-on bag so that we have a clearer view of that as well.
8. With our medical exceptions, they have to talk to one of our Security Officers who can use a variety of methods to tell whether it presents a problem including test strips, and hand-held detectors that are highly effective, even with closed and sealed bottles. With the larger bottles, the other features needed to make it viable would be very apparent.

A few other points, this policy has been adopted in more than 80 countries worldwide and means that there are common rules almost everywhere you fly. The choice is a total ban or this, and we are working very hard at a technology solution that should make this better all around. Think early 2009 for that.

The challenge is to reduce risk on the things we know about (shoe bombs, liquids) while having enough other measures in place to disrupt what we don't know is coming. Any time we fixate on one thing, you have to be concerned about opening up something elsewhere. Balance, flexibility, and unpredictability are key. So is going on offense by being connected to intelligence / law enforcement and being proactive with our surge patrols, undercover activities, etc. AND getting TSA and passengers back on the same side! That last one is what we're trying to do at our checkpoint with our TSOs and online with our blog.

Whatever you think about our policies -- please recognize our Security Officers who train and test every day and will do whatever it takes to make you and your families safe when you fly. They are the best in the world and are on your side; please give them a little recognition when you see them. Thanks for the opportunity to comment,

Kip

Welcome (Commenting Disabled)

Two million travelers come in contact with the Transportation Security Administration every day. It is an intense experience all around -- extremely personal in some senses but also impersonal at the same time.

There is no time to talk, to listen, to engage with each other. There isn’t much opportunity for our Security Officers to explain the ‘why,’ of what we ask you to do at the checkpoint, just the ‘what’ needs to be done to clear security. The result is that the feedback and venting ends up circulating among passengers with no real opportunity for us to learn from you or vice versa. We get feedback verbally and non-verbally at the checkpoint and see a lot in the blogs, again without a real dialogue.

Our ambition is to provide here a forum for a lively, open discussion of TSA issues. While I and senior leadership of TSA will participate in the discussion, we are turning the keyboard over to several hosts who represent what’s best about TSA (its people). Our hosts aren’t responsible for TSA’s policies, nor will they have to defend them -- their job is to engage with you straight-up and take it from there. Our hosts will have access to senior leadership but will have very few editorial constraints. Our postings from the public will be reviewed to remove the destructive but not touch the critical or cranky.

Please be patient and good-humored as we get underway. The opportunity is that we will incorporate what we learn in this forum in our checkpoint process evolution. We will not only give you straight answers to your questions but we will challenge you with new ideas and involve you in upcoming changes.

One of my major goals of 2008 is to get TSA and passengers back on the same side, working together. We need your help to get the checkpoint to be a better environment for us to do our security job and for you to get through quickly and onto your flight. Seems like the way to get that going is for us to open up and hear your feedback...

Thanks for joining us,
Kip Hawley