John Pistole
U.S. Transportation Security Administration administrator John Pistole last month fielded several questions from the U.S. House of Representatives Transportation and Infrastructure Committee and conceded that airport passenger-screening procedures need a refreshed, risk-based approach that would depart from the "one-size-fits-all" status quo. The agency, he said, hopes to use data received through Secure Flight to develop passenger profiles and gauge individual risk. Pistole also provided insight on TSA's relationship with private rail operators on counter-terrorism security measures. Excerpts from the committee hearing follow.
There's a trusted-traveler program that many people are inquiring about. Where are you on that?
I am very much interested in using a risk-based approach. By using information that we already know about every passenger through Secure Flight--just name, date of birth and gender--we know whether or not they are on a watchlist. But as far as some type of trusted-traveler program, if individuals are willing to give us more information about themselves so we can do a history check and other checks, then we might be able to afford them a different type of security screening. I have several working groups on this, looking at a number of different options ... I decided in November to change the screening of pilots because these are risk-based programs. If they are in charge of the aircraft, frankly I was not concerned if they had a prohibited item on their person because they can put the flight down. It's not the physical screening that is going to counter that; it's what's in the person's head. We are working with the airlines and the pilot associations to expand the projects that we had called "crew pass" to allow them to use the identity passes as a way of getting to their flight as opposed to going through screening. I'm talking with the flight attendants association also, and we are in a discussion about that. I am interested in expanding that to not only trusted travelers, but with how we define that.
What goes into that risk-based approach for passenger screening?
Right now we are not there. We do use a one-size-fits-all approach, which I don't think is either efficient or beneficial for the traveling public for security. What I would like to do is spend more time with those that we assess based on all of the information [given] to us ... but do we have any other information either from intelligence or information that has been volunteered to us by the passenger? That is where we are moving to. I am committed to doing something this year that would demonstrate a different paradigm for how we go about passenger screening--who we are screening and how we screen them.
Will much of that be based on intelligence gathering?
There are obviously privacy issues that we want to be very attuned to, but if a frequent traveler, for example, is willing to volunteer and provide the information like they do for other trusted-traveler programs, like Global Entry, then yes. I am interested in making sure that we can verify the identity of the person and then make a risk-based assessment. We will never eliminate risk unless people stop flying, so that's not an option. We don't eliminate risk but we try to mitigate risk in an informed fashion, and that's what I'm committed to doing.
What happens if the rail line is used as a weapon?
I share that concern and recognize the vulnerabilities in access to rail that is not necessarily associated with aviation. An ideal model [is] where the industry [reduces risk] voluntarily and it's not a regulation, but good business sense. We work closely with the Amtrak police or other rail police to address the security chiefs of all the different passenger rails, and what we hope to ensure is that if we are pushing out intelligence, they can make informed judgments on what actions they should take. Since I started last July, we have been looking at not only pushing out intelligence to the TSA workforce, but those partners in industry who are ultimately responsible for implementing the safeguards that need to be in effect. I have met with both the executives and security officers from freight rail, passenger rail and [airlines], and there have been several developments, and we are very committed to working in a partnership to provide the latest intelligence. Of course, it's usually strategic intelligence; it may be a threat to, for example, Amtrak or the Northeast Corridor. There may be something about the terrorists--such as in Madrid or London or Moscow or Mumbai--that want to attack rail without any tactical actual intelligence, but we are pushing out intelligence in a classified setting and unclassified as appropriate on both strategic and tactical.
How long are the pilots for new imaging software expected to go before we can recognize the new result?
The testing began in Las Vegas, Washington National Airport and in Atlanta, and we are doing 45 to 60 days of field-testing to assess whether the results that we had in the lab will be commensurate with real passengers and real screening. I know from Las Vegas it's going well and we are working through some issues. For example, an individual with a ponytail may show as an anomaly on the machine because they could be slightly out of the algorithm that is normal, but that's easily resolved with just a visual inspection. Part of the training for the transportation security officer is how to resolve that. It's [a] generic icon of a person that is the same for every passenger, as opposed to every individual with the area highlighted with an anomaly.