January 18, 2021

TSA Oversight Says Agency’s Suspicionless Surveillance Program Is Worthless And The TSA Can’t Prove It Isn’t

By Tim Cushing
The TSA’s “Quiet Skies” program continues to suffer under scrutiny. When details first leaked out about the TSA’s suspicionless surveillance program, even the air marshals tasked with tailing non-terrorists all over the nation seemed concerned. Marshals questioned the “legality and validity” of the program that sent them after people no government agency had conclusively tied to terrorist organizations or activities. Simply changing flights in the wrong country was enough to initiate the process.

First, the TSA lost the support of the marshals. Then it lost itself. The TSA admitted during a Congressional hearing that it had trailed over 5,000 travelers (in less than four months!) but had yet to turn up even a single terrorist. Nonetheless, it stated it would continue to trail thousands of people a year, presumably in hopes of preventing another zero terrorist attacks.

Then it lost the Government Accountability Office. The GAO’s investigation of the program contained more investigative activity than the program itself. According to its report, the TSA felt surveillance was good but measuring the outcome was bad. When you’re trailing 5,000 people and stopping zero terrorists, the less you know, the better. Not being able to track effectiveness appeared to be a feature of “Quiet Skies,” rather than a bug.

Now it’s lost the TSA’s Inspector General. The title of the report [PDF] underplays the findings, stating the obvious while also understating the obvious: TSA Needs to Improve Management of the Quiet Skies Program. A good alternative title would be “TSA Needs to Scrap the Quiet Skies Program Until it Can Come Up with Something that Might Actually Stop Terrorists.”

I mean…

TSA did not properly plan, implement, and manage the Quiet Skies program to meet the program’s mission of mitigating the threat to commercial aviation posed by higher risk passengers.

In slightly more detail, the TSA did nothing to set up the program correctly or ensure it actually worked. The IG says the TSA never developed performance goals or other metrics to gauge the effectiveness of the suspicionless surveillance. It also ignored its internal guidance to more effectively deploy its ineffective program.

Here’s why:

This occurred because TSA lacked sufficient, centralized oversight to ensure the Quiet Skies program operated as intended.

There were some positives, but they were limited. The DHS and TSA set up information sharing programs, and performed quarterly reviews to remove passengers from the Quiet Skies watchlist. But that’s about it. And, as the IG points out, these steps don’t add up to anything that might quantify its success rate or justify its existence.

The failure had a trickle down effect, showering the air marshals who thought the program was useless (if not illegal) with second-hand shame.

After almost two years of flight coverage, FAMS [federal air marshals] could not provide outcome-based performance measures to show that its surveillance of Quiet Skies passengers who had already received enhanced screening at checkpoints was the most efficient use of its limited resources.

As for the good news about the periodic removal of people from the TSA’s suspicionless surveillance, it’s not without its bad news. The IG says the TSA didn’t do it in a timely fashion or, you know, correctly.

The Implementation Plan requires TSA and DHS to conduct quarterly oversight reviews of Quiet Skies’ risk-based, intelligence-driven rules created and updated by I&A. However, in 2017 and 2018 TSA identified software algorithm and system malfunctions that resulted in passengers not being removed from the Quiet Skies List after [redacted].

And the TSA had problems with the people it had added to this watchlist, failing to ensure they got all the surveillance and checkpoint friskings they apparently deserved.

As currently designed, TSA cannot ensure all Quiet Skies passengers receive enhanced screening at checkpoints in accordance with its Implementation Plan.

[…]

We reviewed results from TSA inspections conducted from October 2015 through February 2019, in which inspectors found incidents related to the Boarding Pass Printing Result requirement. From our review of 16 incident reports, we identified [redacted] in which the boarding passes either were not designated as needing enhanced screening or the aircraft operator did not ensure the passenger received enhanced screening at the checkpoint.

Unfortunately, the number of failures is redacted. But given the TSA’s track record elsewhere, it’s probably safe to assume the failure rate was above 50%.

The IG recommends the TSA fix everything that’s broken. That’s most of the program, it appears. The TSA agrees… to a point. The TSA disagrees that it did not “properly plan or manage” the program, including its lack of metrics. According to the TSA’s response, the fact that a few dozen targets (out of the thousands trailed by the TSA) showed up on other watchlists is an indication the program is a success.

In October 2020, TSA’s I&A reviewed Quiet Skies encounters between 2014 and 2019, and found that 58 individuals designated for additional scrutiny by Quiet Skies are now “watchlisted” in the Terrorist Screening Database as a KST [known suspected terrorist]. This data indicates that Quiet Skies are approximately 30 times more likely to pose an actual high risk than a randomly selected passenger, validating Quiet Skies’ value in identifying higher-risk travel.

Nice try. But TSA already threw all plausibility out the window back in 2018 with this testimony before Congress.

The officials said about 5,000 US citizens had been closely monitored since March and none of them were deemed suspicious or merited further scrutiny, according to people with direct knowledge of the Thursday meeting.

Tell me again how 58 watchlist hits is a satisfactory metric. Cherry-picking numbers doesn’t change the facts already on the record. When you go 0-for-5,000, managing to cross-reference 10-12 targets a year with another highly-questionable database isn’t a win.

Source:: https://www.techdirt.com/articles/20201205/18514245827/tsa-oversight-says-agencys-suspicionless-surveillance-program-is-worthless-tsa-cant-prove-it-isnt.shtml