Probability and the TSA

The motto "Be careful what you ask for, you might just get it" is one that TSA IT Strategy Branch Chief Russell Wooten might usefully consider. His request for "ideas on how the Transportation Security Administration (TSA) can improve its capabilities in utilizing its current security technology, upgrading its security technology, or improving its security processes?" landed in the inbox of Sommer Gentry who is a maths professor at the US Naval Academy. Her advice for Mr. Wooten bears careful study. For instance, the explosive screening swab test:

Using Bayes' Rule, we can calculate that even if explosives detection technologies were nearly perfect: catching every actual explosive and only falsely alarming on one in every ten thousand passengers, then only one out of five million positive test results actually indicates presence of an explosive device.
At that level of false positives, the screeners will rapidly lapse into a belief that every alert is a false positive, and let the real bad guys through. Oops! Still, surely backscatter body scanners (AIT) make some contribution to safety, despite slowing passenger progress through security checkpoints?
A recent RAND study of airport vulnerabilities at LAX concluded that "small, portable explosives have been the most likely and most lethal means of attacks at airports" and that "The greatest risks for casualties for most types of attacks are in the high-density areas passengers encounter before reaching the security checkpoint, particularly lines for ticketing and for passing the security checkpoint." Thus, AIT is not only ineffective, it is actually dangerous because it leaves passengers waiting in long lines vulnerable.
Oh. Maybe not.

One is left wondering whether the security theatre of the TSA has actually succeeded in deluding the TSA itself into thinking that it is defending air passenger safety, when all it appears to do is inconvenience passengers and call that "deterrence from attack". It certainly doesn't catch any actual bad guys - the Underwear Bomber avoided TSA scrutiny by the simple expedient of starting from Amsterdam and aiming to detonate his bomb over USA airspace. Mind you, I wouldn't have been surprised if he had managed to go through backscatter scanning without raising any alarms.


  1. The Cato Institute has an interesting recent podcast on this issue: http://www.cato.org/multimedia/daily-podcast/tsa-admits-strip-search-machines-are-invasive

    They make a very interesting point (one they made some time ago if you search) that by having a central organisation in charge of security you are at greater risk. The reason being that a security hole in one airport is the same at all airports which leaves you vulnerable to simultaneous attacks. Their answer, as you would expect, is to leave it to individual airports and airlines.

  2. Thanks SimonF - I like that, hadn't considered that angle. I suppose in theory it might make you more vulnerable to isolated attacks as there's greater likelihood that at least one airport while have a vulnerability that suits an attacker; however, the attacker has no control over which airport(s) are affected. And it's not like there's any shortage of vulnerabilities currently with the TSA screening.


All comments are subject to retrospective moderation. I will only reject spam, gratuitous abuse, and wilful stupidity.