Awash in Wasted Cash
Draconian obsession with travel security still part of flight
- By Bruce Schneier
- May 01, 2008
Since Sept. 11, 2001, our nation has been obsessed
with air-travel security. Terrorist attacks from the
air have been the threat that looms largest in
Americans’ minds. As a result, we’ve wasted millions on
misguided programs to separate the regular travelers
from the suspected terrorists—money that could have
been spent to actually make us safer.
Consider CAPPS and its replacement, Secure Flight.
These are programs to check travelers against the 30,000
to 40,000 names on the government’s No-Fly List, and
another 30,000 to 40,000 on its Selectee List.
They’re bizarre lists: people—names and aliases—
who are too dangerous to be allowed to fly under any circumstance.
Yet they are so innocent that they cannot be
arrested, even under the draconian provisions of the
Patriot Act. The Selectee List contains an equal number
of travelers who must be searched extensively before
they’re allowed to fly. Who are these people, anyway?
The truth is, nobody knows. The lists come from the
terrorist screening database, a hodgepodge compiled in
haste from a variety of sources, with no clear rules about
who should be on it or how to get off it. The government
is trying to clean up the lists, but—garbage in, garbage
out—it’s not having much success.
The program has been a complete failure, resulting in
exactly zero terrorists caught. And even worse, thousands
(or more) have been denied the ability to fly, even
though they’ve done nothing wrong. These denials fall
into two categories: the “Ted Kennedy” problem (people
who aren’t on the list but share a name with someone
who is) and the “Cat Stevens” problem (people on the
list who shouldn’t be). Even now, four years after 9/11,
both these problems remain.
I know quite a lot about this. I was a member of the
government’s Secure Flight Working Group on Privacy
and Security. We looked at the Transportation Security
Administration’s program for matching airplane passengers
with the terrorist watch list and found a complete
mess: poorly defined goals, incoherent design criteria,
no clear system architecture and inadequate testing. (Our
report was on the TSA Web site, but has recently been
removed—“refreshed” is the word the organization
used—and replaced with an executive summary that
contains none of the report’s findings. The TSA did
retain two rebuttals, which read like products of the
same outline and dismiss our findings by saying that we
didn’t have access to the requisite information.)
Our conclusions match those in two reports by the
Government Accountability Office and one by the
Department of Homeland Security inspector general.
Alongside Secure Flight, TSA is testing Registered
Traveler programs. There are two: one administered by
the TSA, and the other a commercial program from
Verified Identity Pass called Clear. The basic idea is that
you submit your information in advance, and if you’re
OK—whatever that means—you get a card that lets you
go through security faster.
Superficially, it all seems to make sense. Why waste
precious time making Grandma Miriam from Brooklyn
empty her purse when you can search Sharaf, a 26-yearold
who arrived last month from Egypt and is traveling
The reason is security. These programs are based on
the dangerous myth that terrorists match a particular
profile and that we can somehow pick terrorists out of a
crowd if we only can identify everyone. That’s simply
What these programs do is create two different access
paths into the airport: high-security and low-security.
The intent is to let only good guys take the low-security
path and to force bad guys to take the high-security
path—but it rarely works out that way. You have to
assume that the bad guys will find a way to exploit the
low-security path. Why couldn’t a terrorist just slip an
altimeter-triggered explosive into the baggage of a registered
It may be counterintuitive, but we are all safer if
enhanced screening is truly random and not based on an
error-filled database or a cursory background check.
The truth is, Registered Traveler programs are not
about security; they’re about convenience. The Clear
Program is a business: Those who can afford $80 per
year can avoid long lines. It’s also a program with a
questionable revenue model. I fly 200,000 miles a year,
which makes me a perfect candidate for this program.
But my frequent-flier status already lets me use the airport’s
fast line and means that I never get selected for
secondary screening, so I have no incentive to pay for a
card. Maybe that’s why the Clear Pilot Program in
Orlando, Fla., only signed up 10,000 of that airport’s 31
million annual passengers.
I think Verified Identity Pass understands this and is
encouraging use of its card everywhere: at sports arenas,
power plants, even office buildings. This is just the sort
of mission creep that moves us ever closer to a “show me
your papers” society.
Exactly two things have made airline travel safer
since 9/11: reinforcement of cockpit doors and passengers
who now know that they may have to fight back.
Everything else—Secure Flight and Trusted Traveler
included—is security theater. We would all be a lot safer
if, instead, we implemented enhanced baggage security—
both ensuring that a passenger’s bags don’t fly
unless he does, and explosives screening for all baggage—
as well as background checks and increased
screening for airport employees.
Then we could take all the money we save and apply
it to intelligence, investigation and emergency response.
These are security measures that pay dividends regardless
of what the terrorists are planning next, whether it’s
the movie plot threat of the moment, or something