Searching for Airline Security

The US Transportation Security Administration (TSA) implementation of enhanced security for air travelers has raised a well-spring of protest. What has been absent from the conversation has been a full discussion of the efficacy of these measures versus the risks.

The TSA has initiated full-body imaging and pat-down searches to prevent terrorists from smuggling hidden explosives and weapons onto aircraft. While these techniques raise the bar, they are by no means “silver bullets.” These search techniques are point solutions; they are highly invasive; and they have an as yet uncertain efficacy.

All security checks inherently involve trade-offs. The benefits of a security measure must be weighed against its costs and risks. In computer security, an old saw is that the most secure computer is one with its power source disconnected. While a powered-down computer is undoubtedly secure, it is also non-functional. It is thus useless.

The recent deployment of imaging scanners raises many questions. I have not personally seen reliable answers to these questions. While some of these questions may not be easily answered, I personally find the lack of information troubling.

Many full body imaging scanners use so-called “soft X-rays” to see through outer clothing. The goal is to make it impossible to secret weapons and explosives under clothing. In effect, the resulting picture is a picture of the individual naked. Thus, these images have been described as a “virtual strip search” with some justification. Clearly, this is invasive and strips the individual of privacy and dignity. As offensive as this is, there would be some justification if the results were actual security. However, if the procedure is ineffectual, people's privacy and dignity are discarded on an altar before the false idol of security theatre, which is nothing but legerdemain.

Much of the discussion concerning soft-X-ray and backscatter imaging has focused on the privacy impact of such devices. In the UK, the explicit nature of the images provoked legal challenges that the images of children would violate the statutes criminalizing the production of child pornography .[1]

The question should be: Are these measures effective? What is the history of strip searches in preventing contraband materials? The answer is far from reassuring. Regrettably, the best example of the efficacy of strip searches at will is prisons. Prison security personnel are free to search prisoners far beyond the virtual strip search that is being proposed, which stops at the skin. Prison security personnel are free to do full-body cavity searches. One might think that such searches prevent drugs, cell phones, and other contraband from getting though. Yet it is well documented that this is not the case. This is not a new revelation; it is the experience of hundreds of years of experience with prisoners.

The nude imagery of the full body scans has occasioned the most comment. Members of Congress have objected that “nobody is going to see my [wife, daughter, sister, mother] naked.” I applaud their chivalry. However much as their chivalry is heartfelt and appreciated, considered opposition on the technical merits would be more appreciated.

Ensuring the security of aircraft and their passengers is a difficult challenge. However, the creation of wholesale pervasive surveillance of the traveling public is of questionable efficacy, and dramatically damages our society without producing plausible benefit.

Body scans have another flaw, similar to many IT security problems. They are an example of an enumerated threat. An enumerated threat is one specific threat. Rather than saying “Verify that the code is correct”, one attempts to enumerate the different ways that the code can fail. The resulting checklist may be educational, but it is almost certainly incomplete, limited by the imagination and past experiences of those producing the enumeration.

However, the focus on modesty and the images is a distraction that obscures two critical questions:

The first question is the easiest to answer. While I freely admit that I am not an expert on this technology, I have significant questions. All accounts that I have seen have spoken about concealed weapons and explosives underneath clothing or otherwise secreted on the outside of the body. These same accounts state that the devices do not have the capability to see materials secreted in body orifices. To see materials secreted inside of the body would require a far higher radiation exposure.

This raises the obvious question: Do terrorists have a documented history of using measures that would remain undetected by such a scan. After all, one has to presume that someone secreting an explosive onto an airplane has presumed that their mission is not survivable. Regrettably, the question must be answered in the affirmative. In August 2009, there was an assassination attempt against Prince Mohammed bin Nayef, a senior member of the Saudi counterterrorism organization and a member of the Saudi royal family. Some have reported that his assailant, Hassan al-Asiri, brother of reported al Queda bomb maker Ibrahim Hassan al-Asiri, secreted an explosive device within his person.[2] Since this was a suicide mission, there was no need to physically access the detonator; reportedly the device was detonated using a cellular telephone signal. Thus, it is clear that those wishing to do harm are perfectly willing to secret such devices within recruits' bodies, beyond the reported reach of surface scanning technologies.

Repeated scanning should be simpler to assess. While I am not trained in radiation safety, I well remember an earlier, pre-digital photography encounter with “low-dose” X-ray technology. In the pre-digital photography era, the X-ray scanners for belongings were alleged to be film safe. Over time this advice was rescinded, first for high-speed (ASA 400) films; then for travelers whose photographic equipment would pass through multiple X-ray systems. This brings up an important technical point that has been known for some time: radiation exposure is cumulative.

The problem with exposing people to X-rays is not the vacation traveler who encounters one of the scanners once or twice a year. For them, the exposure may well be orders of magnitude lower than a routine dental X-ray. Rather, the problem is with frequent travelers and aviation industry workers, who will often be subject to scanning multiple times per day, many days of the year.

Outside of security, we see a similar phenomenon with paintings. Even those collections that permit photography using ambient lighting often have strict prohibitions on photography using any kind of flash. It is not the effect of a single flash that is the hazard; it is the cumulative effect of thousands upon thousands of flashes over the years that is the concern.

On November 20, 2010, John McGaw, the founding Administrator of the Transportation Security Administration obliquely referred to this problem when he referred to precisely the same cohort; extremely frequent travelers, as a possible concern, during an interview on ABC’s Good Morning America. Even if the radiation dose from the X-ray scanner is 0.1% of the radiation dose of a chest X-ray, this is a concern. Consider a business traveler who travels 200 days/year. Alternatively, consider those workers who never leave the ground, but work in the vicinity of or must go through the scanners regularly.

Even though many airports have central security screening operations, there still remain main airports, including many hubs, where changing planes almost always forces one to go out of the secured area and then enter a different secured area. Thus, a round-trip may require four or more encounters with screening. In 200 trips, that can mean 800 scans per year. Flight crews and ground personnel who go back and forth during the day have an even worse problem. They could easily need to be scanned several times per day without setting foot in an aircraft. Delivering supplies to stores in the secured area requires going through the checkpoint. Worst off may be those workers, including TSA personnel, who work in the vicinity of the scanners. While radiation exposure decreases according to the inverse of distance, these personnel will be spending the majority of their day in close proximity to these devices.

Following extensive protests that searching pilots for weapons when they will shortly have control of an aircraft has now exempted pilots in uniform with proper ID from full body scans. Other flight crew members were not included in this exemption.[3]

Radiation exposure is radiation exposure. The category does not matter. Having 800 scans from TSA, plus a chest X-ray is cumulative (using the 0.1% number, the exposure would be approximately two chest X-rays). The deployment of these measures was triggered by a failed attempt this past Christmas Eve (2009) to detonate a bomb onboard a Northwest Airlines flight from Amsterdam to Detroit.

The facts surrounding the Christmas Day episode are well-published. On Christmas Day, Northwest Airlines Flight 253 from Schlipol Airport outside Amsterdam to Detroit Metropolitan Airport outside Detroit was the target of an attempted bombing while approaching its destination. Umar Farouk Abdulmutallab, a 23-year old Nigerian national attempted to detonate an explosive device secreted in his under shorts. Fortunately, the device failed to detonate, instead starting a fire that was extinguished by the passengers and cabin crew. Mr. Abdulmutallab was then restrained by those on the scene until the aircraft landed, where Federal authorities took custody. As a response to this incident, numerous procedures were initiated, including:

It is worth noting that it is unlikely that any of these published steps would have prevented the Christmas Eve 2009 episode. On the contrary, it is becoming clear that intelligence information was not properly correlated[4] including:

My recollection is that all of these factors were long identified as factors that should arouse suspicion. Admittedly, they are not determinative, as it is not unusual for business travelers to make last minute, one way flight arrangements and travel with little luggage.

Bruce Schneier, Chief Technology Security Officer for BT, has often observed that security theatre (or theatrics) can be counterproductive; resources are expended without truly increasing security. Costly scanners that invade privacy, and expose the innocent to health challenges while not accomplishing the purpose intended, take this discussion to a whole new level. In the past, “security theatre” has been non-productive and annoying, but has not created health hazards. In the case of X-ray scanning of people, we may have crossed the line where the scanning-imposed health hazard to the traveling public and aviation workers exceeds the efficacy of the “security” measure.

[Author's Note: Much of the preceding was written shortly after the Christmas Eve 2009 bombing attempt; I held it from posting in the vain hope that reason would prevail.]


[1] BBC (2010, March 29) “Children ‘must use body scanners’”
[2] Peter Bergen (2009, September 30) “Saudi investigation: Would-be assassin hid bomb in underwear”
[3] Mike Ahlers and Jeanne Meserve (2010, November 19) “U.S. pilots to get speedier screening procedures”
[4] Dan Eggen, Karen DeYoung and Spencer S. Hsu (2009, December 27) “Plane suspect was listed in terror database after father alerted U.S. officials”


URLs for referencing this entry

Picture of Robert Gezelter, CDP
RSS Feed Icon RSS Feed Icon
Add to Technorati Favorites
Follow us on Twitter
Bringing Details into Focus, Focused Innovation, Focused Solutions
Robert Gezelter Software Consultant Logo
+1 (718) 463 1079