Airline passenger screening system faces delays
A GAO study finds that efforts to create a better screening system are falling behind
Computerworld - WASHINGTON -- The General Accounting Office warned today that the Transportation Security Administration's high-tech system to screen airline passengers for terrorist connections faces significant testing and deployment delays, which could affect the program's ultimate success.
According to a report by the GAO, the TSA has not only fallen behind in testing the new Computer-Assisted Passenger PreScreening System (CAPPS II), but also has yet to fully identify all of the functions it would like the system to perform. In addition, the TSA has not yet completed work on at least seven key technical challenges that could stand in the way of the system's final deployment.
"These issues, if not resolved, pose major risks to the successful deployment and implementation of CAPPS II," the GAO concluded.
In a written response to the report, Janet Hale, undersecretary for management at the Department of Homeland Security, said the CAPPS II system can now receive data from the Airline Data Interface (ADI), cleanse and format the data, perform a risk assessment and then assign a risk "score" to individual passengers.
But because the TSA isn't yet authorized to test the system using real passenger names and data, the DHS hasn't been able to advance system development beyond its current state, said Hale.
The U.S. has relied on a computerized system since the late 1990s to analyze airline passengers for potential security risks. Shortly after the Sept. 11, 2001, terrorist attacks, however, Congress directed the TSA to operate a more developed system that is directly linked to airline reservation systems. That led to CAPPS II, which is being designed to access a more diverse set of personal data on passengers, including commercially available credit data. However, airlines are reluctant to share customer data with the government because they're concerned about possible privacy violations, and that has contributed to delays in testing the CAPPS II system.
There are other significant issues facing U.S. airport security, according to a former top Israeli airport security official and the director of security at Virgin Atlantic Airlines. According to these officials, who spoke Tuesday during an online Terror and Technology conference sponsored by IDPartners LLC, the U.S. runs a major risk by focusing too much on information technology and other high-tech solutions to uncover terrorist plots against airports and airlines.
Because the terrorist threat against airlines is a relatively new experience in the U.S., "there is a tendency to solve problems through the use of technological means," said Rafi Ron, president of New Age Security Solutions and the former head of security at Ben Gurion Airport in Tel Aviv. "Focusing on technology sometimes makes you lose your overall perspective. That can lead to unbalanced planning, unbalanced investment and misuse of funds."
Rather than rely on IT systems for the bulk of security monitoring, Ron said airport authorities should use personnel training programs in behavior pattern recognition, which has been highly successful in Israel. Behavior analysis can "fill the gap of a purely technological approach," said Ron. "Technology is not yet good enough to provide us with a 100% solution."
So far, Boston's Logan Airport has taken the lead in the U.S. in employing Ron's training methods in behavior pattern recognition. At Logan, local law enforcement personnel now study the behaviors of all airline passengers in public areas and look for suspicious behaviors -- the exact details of which remain secret for security reasons.
Victor Anderes, director of security Virgin Atlantic North America, agreed that U.S. airports need to find a better balance between high-tech and low-tech security. "We need to be cautious in terms of how we use technology," said Anderes. "There is a tendency to go high tech, but terrorists are moving toward low-tech measures." That puts a premium on human intervention in the security process, he said.
IT systems do have an important role to play, particularly in the area of physical access control, said Anderes. Biometric technologies, for example, continue to be deployed throughout various airports around the country to ensure that only authorized employees gain access to secure areas. "If we don't use that type of technology to control access, then whatever we do is going to be labor intensive, costly and subject to human error," said Anderes.
Anderes also warned of an urgent need to improve interagency communications and information sharing throughout U.S. airports. More than two years after the Sept. 11 terrorist attacks, too many different agencies still have overlapping and sometimes conflicting jurisdictions in and around airports, he said.
"The perfect airport would have a harmonized approach between all of the stakeholders," said Anderes. "One of the biggest challenges we face at airports is that ultimately there is no one agency or person who dictates what happens [there]."