Archive for November 2010

Ponder this while TSA looks at your junk: Two facts, one lie, four predictions, and a bunch of logical questions

November 20, 2010

Let’s start with the one true thing we know about the TSA, and this miserable episode in which its unfortunate agents have been assigned to strip citizens bare, and lay indiscriminate hands on human bodies who’ve committed no crimes.

Fact #1- The TSA lies.

This security experiment started with a lie. TSA’s first assurance to the public about the body scans was that they can’t be stored or transmitted, because the machines have no such capability. That lie was revealed earlier this year, when the feds were sued after they stonewalled a freedom of information act request.  The court ordered the release of numerous documents, including machine specifications.

Question #1-  Since TSA lied about the capabilities of the machines, why should anyone believe its assertions that the machines don’t pose a health risk? Janet Napolitano has recruited spokesdoctors to give the machines a clean bill of health. Other experts aren’t so sure.

Back to the original lie. When the lie was exposed, TSA changed its story.  Oh yes, the machines can store images after all, but only when they’re in “training mode,” TSA said, and then went to great lengths to bully skeptics into agreement that nobody should care that the machines store images, because TSA’s ingenious procedures ensure that no naked body will ever be viewed, except by a solitary agent in an isolated room.

Question # 2- If storage and transmission functions can be switched off, what happens to the activity log? You do want a log of the machine’s activity, don’t you? No system is useful to law enforcement without an audit trail.

What if there is no log? It’s possible, but then the machines become pointless, unless their point is simply to allow the government to look into your underwear. How would you monitor the activity of the machine operator, if there is no log? How would you know whether the machine is executing its mission if there is no log? How would your prosecute a case in court without a log?

If  TSA is not keeping an audit log, then the entire exercise is just a very expensive show. If there is a log, then it should be transmitted, in real time, to a separate location where the operator can’t alter it. If the log can be stored on site in the same room with the operator, then its existence, too, would be pointless.

Question #3 – If the log can be transmitted, so can the images, right? And if there’s transmission, there’s a network. If there’s a network, mischief can occur. Who would commit such mischief? Disgruntled employees, profit-seekers with hot celebrity images, perverts whose actions can never be explained, and smart hackers who will figure out how to penetrate the network. They will do this with or without assistance from insiders. More on hacking in a moment.

A representative for Smiths Detection, a company that makes one version of the body scanners, told the Reasonable Reporter earlier this year that TSA had not, to his knowledge, specifically requested logging capability, which suggests incompetence, if it’s true.  (Here is an audio link to the ten-minute interview. You can also stream the interview by clicking the flash player below.)

You’re probably thinking that the Reasonable Reporter should have called TSA for clarification. Let’s describe how such inquiries are met. TSA believes its cheery public website is sufficient to answer all questions. If a member of the press wishes to probe more deeply, she can contact the regional TSA information officer nearest where she works.

When she does, she will discover that the regional information officer is not equipped to handle any question whose answer is not already contained on the TSA website. And, in fact, the regional information officer is completely unaware of the court-ordered release of machine specifications. The regional information officer is still using TSA’s original set of talking points, indicating that the machines do not store or transmit images.

The reporter is referred back to Washington for more information.

Fact #2 – TSA has a gag on airport managers. The friendly folks who run your local airport are not permitted to comment about the machines, under threat of large fines and other terrifying legal entanglements with federal authorities. The Reasonable Reporter will say no more about this. You may draw your own conclusions.

Now for the predictions. Predictions are almost as dangerous as terrorists bearing chemical explosives in their anal cavities. Which, by the way, would probably not be visible to TSA using the current scheme. But since it will kill nobody, and damage nothing except the Reasonable Reporter’s own reputation for prescience, here goes.

Prediction #1 – Someone, somewhere will hack TSA’s body scanner intranet at some airport, if it exists, and will post  body images, or some other trophy data to prove the conquest. Most likely, it will not be for any nefarious purpose. It will be for the purpose of demonstrating that the system can be hacked.

There’s a clear obstacle for white hat hackers, because white hats seek permission before they penetrate any system or network. Permission will not be forthcoming. It will be some smart, brazen, clueless college kid, who will risk federal prosecution for a notch on his hacker belt. It’s been known to happen. (Think Sarah Palin’s Yahoo mail.)

Prediction #2 – Janet Napolitano will resign, or be fired. Yes, this is quite a limb to walk out on. Napolitano has been shoved into the spotlight to defend this fiasco. What else can happen when it’s time to reverse course? Standard operating procedure dictates that the administration save face by wishing her well in her future endeavors.

Prediction #3 – Lots of money will be lost. If airlines feel heat from passengers, congress will feel heat from the airlines. So will airports. If airports begin to dump TSA services en masse, the feds will have to weigh the value of government jobs against intense pressure from the manufacturers of the machines, and their lobbyists. Someone will lose, and lose big.

Probably, it will be the taxpayer. If the administration decides to ditch the body scanning machines, they’ll probably be packed off to the same graveyard for useless government gadgets where millions of dollars worth of puffer machines are rumored to be gathering dust. The puffers  were once the toast of the TSA. They’re now the crazy aunt in the attic, locked away and forgotten, in a place where nobody can see them.

(This tidbit, about a warehouse full of puffers — the machine that detected trace amounts of chemicals as passengers walked through it —  is not confirmed, but comes from a reasonably credible source. And gee whiz, the puffers did disappear after a six-month test in selected airports. They had to go somewhere.)

More likely, the baby will be split. Scanners might be left in place, but reserved only for situations where reasonable suspicion exists. Pat downs would also be left in place as an alternative when reasonable suspicion exists.

Hey wait a minute! That sounds suspiciously like faithful adherence to the Fourth Amendment.

Prediction #4- Public confidence in the federal government will sink to new lows if TSA starts creating categorical exemptions. The first exemption has already been declared, to settle a lawsuit brought by pilots. The pilots will not be required to run the body scan-pat down gamut. God love the pilots. Perhaps they’ve put a stick into the spokes. Just as likely, they’ve created an Animal Farm scenario.

Confidence in courts will suffer if legal rulings favor TSA. Confidence in TSA will suffer if they don’t. Fear of the latter, of course, was incentive for the pilot exemption. The suit was based on constitutional merits, and a jury was requested. The last thing TSA needs or wants is a jury and a bunch of legal reporters looking into its underwear.