National Security

Transportation SNAFU Administration

Talking points for your holiday TSA rant.

Good news, travelers! The Transportation Safety Administration has announced that some snow globes (the ones small enough to fit into those little plastic baggies) are now allowed in your carry-ons.

The joy of holiday travel is here. Between now and New Year's, roughly 40 million passengers will pass through TSA checkpoints in 450 airports across America. According to one senior TSA official, passenger "throughput" in security lines is four times slower now than it was before 9/11. But you knew that already.

We may roll our eyes as screeners bomb-swipe stuffed lambies and pat down grandma, but terrorism experts have long considered the holiday season a high-threat period. And for good reason. The record shows that terrorists like blowing up airplanes, and they like it even more during Christmas, when passenger lines are long and vulnerable, planes are packed, security folks are harried, and the news cycle is slow. Even fizzled bombs have been considered "successes" by terrorist groups. When the Christmas Day bomber failed to detonate his undies in 2009, he still succeeded in getting tremendous publicity and triggering billions in additional U.S. aviation security measures -- responses which apparently delighted his terrorist sponsors back in Yemen.

Years after 9/11, aviation security is still serious business. It has also become rife with misperception, waste, and absurdity. So I set out to answer four questions this week: What are the best innovations in U.S. aviation security since 9/11? What works poorly? What's just plain weird and scary? And what should you know before leaving home this holiday season?

The good news

The most innovative improvement I found is LAX's ARMOR program, which uses a sophisticated computer algorithm to schedule randomized times and locations for canine searches throughout the terminal and police checks of incoming airport ground transportation. I'm normally highly skeptical of "random" anything in aviation security, since it's impossible to tell the difference between clever, unannounced checks designed to keep would-be terrorists off guard and sloppy implementation of standard security protocols by TSA folks armed with approximately two weeks of training and a GED. (The two weeks part is true, the GED is not. In some cases, TSA screeners can actually be hired without a high school diploma).

But ARMOR is smart. It's designed to eliminate predictable security patterns that terrorists can exploit. Random checks also give the impression that police are everywhere -- because they are, just not all at the same time. And LAX police have found that because officers are not walking the same beat and doing the same things every day, they are more alert. Since ARMOR began in 2007, arrests for all sorts of criminal activity at the airport have gone up, an increase that appears to stem from better policing, not more criminality. The technology is already being used in maritime, rail, and other transportation sectors.

Bomb-sniffing dogs are also a plus. They're accurate, fast, mobile, less invasive than pat downs or other security measures, and often kind of cute. Bomb-sniffers include beagles, labrador retrievers, and other familiar breeds that don't scare the kids but do scare (and smell) terrorists hiding explosives. The TSA has 64 canine teams deployed for passenger screening, with plans for more as well as research to better understand the factors that can improve dog bomb detection (like fatigue and the optimal duration of a search shift).

The TSA is finally starting to get serious about risk-based management, or what TSA Administrator John Pistole calls "reducing the size of the haystack." Until recently, the agency's strategy consisted of catching every box cutter and bomb at every gate at every airport in America. Now, the TSA's trusted traveler program, TSA PreCheck, allows travelers to volunteer personal information and pay a fee in exchange for expedited screening. This is long overdue, good for business, and even better for security, enabling screeners to focus on the people who should be screened. Erroll Southers, who served as chief of intelligence for LAX police and was nominated to be President Obama's TSA administrator, put it this way: "Any time we know more about the passenger, we win. We've got to keep looking for the bomber, not the bomb." So far, the program operates in 35 airports and 4.6 million passengers have used it.

The bad

Just about everything else. Privately, many experts say the 3:1:1 rule, which requires you to use those annoying little bottles and baggies, isn't very effective because terrorists can find many other ways to smuggle explosives. Same thing with shoes. Nobody walks shoeless in an Israeli airport, and Israelis know a thing or two about terrorism. One leading Israeli aviation security expert told me that he found the U.S. shoe removal requirements "silly, ineffective, annoying and even humiliating." These rules stick because removing them is bad politics, making people feel less safe even if they aren't.

The worst of the worst is full body scanners. Remember the outcries that the TSA would become a Hustler magazine photo booth, sacrificing privacy for security? Turns out the security gain wasn't much. John Halinski, the TSA's assistant administrator for global strategies, said last May that none of the full body scanners (there are two major types, one that uses X-rays and one that uses millimeter waves) has nabbed a single suspected terrorist. The Government Accountability Office has questioned whether full body scanners would have caught the 2009 underwear bomber. Many experts believe these machines would almost certainly be unable to detect "cavity bombs" hidden where the X-rays don't penetrate and the sun does not shine. X-ray scanners elevate passenger cancer risks, which is why they are already banned in Europe. They are expensive, about $200,000 each just for the hardware. And did I mention X-ray scanners take so long, they are now being removed from major airports like LaGuardia to speed up security? Ninety-one of these clunkers currently sit in a Texas warehouse.

The ugly

Helpfully, the TSA has revealed the top 20 airports where employees steal from passengers. #1: Miami. iPads and laptops are the most popular items.

Then there are your fellow travelers, who pack ridiculously dangerous and stupid things far more often than you'd think. In the first week of December alone, TSA screeners discovered 41 firearms (36 of them loaded), 40 stun guns, 4 grenades, 2 eight-inch knives (one hidden inside a cane), and a rocket launcher. And that's just the stuff they found. Terrorist attacks on airplanes are, thankfully, low-probability events. Scary carry-on items are not.

Travel tips

  • Cooperate. Be prepared for delays. Remember that every time you're the focus of a screener, somebody else doesn't get enough scrutiny. You know you're not a bad guy. TSA doesn't.
  • If you have the choice (and you often do), select a regular metal detector over a full body scanner, especially for kids. It takes less time and is medically safer.
  • If you get pulled aside for a pat down, you don't have to stand there with 1,000 people watching. TSA doesn't advertise this, but you have the right to get a pat down in a private room, by someone of the same gender, with a companion of your choice present.
  • Have your act together. Get shoes off, belts undone, liquids and computers out, change and papers removed from pockets before you hit the front of the line. And if you're one of those guys that are always in front of me, think about wearing pants that stay up without a giant metal-studded belt. I think I speak for many when I say that view is one Christmas present we'd rather not have.

Joe Raedle/Getty Images

National Security

Spooks, Incorporated

Does every company need its own CIA?

Since 9/11, a quiet intelligence revolution has been brewing inside many of America's leading companies. Hotel chains, cruise lines, airlines, theme parks, banks, chemical companies, consumer products manufacturers, pharmaceutical companies, and even tech giants have been developing in-house intelligence units that look and act a lot like the CIA.

These organizations don't steal competitor trade secrets or wiretap your phones. But many conduct surveillance of customers, visitors, and employees to collect information and spot potential threats. Some run "red team" exercises that involve dressing in disguise and casing company locations to test the security. For all of them, the main job is analyzing "hot spot" developments around the world, around the clock -- from violence in Syria to environmental protestors in California -- anything that could threaten the brand reputation, personnel, or business interests of their parent company.

Typically these in-house intelligence units have nondescript names like "the Office of Global Safety and Security." (Most of these companies do not like to talk openly about their intelligence activities for fear it will scare away customers or hurt their brand reputations.) But don't let the names fool you. These offices are staffed with former CIA, FBI, and military professionals who have close ties to the U.S. government and conduct global threat reporting by working through formal channels and informal networks around the globe. This is the privatization of American intelligence that you've never heard of. And it's part of the innovative and growing business of political risk management.

Concern about political risks to business is as old as the hills. In ancient Babylon, trade insurance covered looting and pillaging, the political risks of the day. Thomas Jefferson launched America's first unconventional war in 1801 because thieving thrones in Tripoli, Tunis, and other Barbary states of North Africa were sacking U.S. merchant ships and holding them for ransom. In modern times, oil companies have been at the forefront of political risk management, seeing competitive advantages to understanding turmoil in oil-rich countries. Royal Dutch Shell has been doing scenario planning since the 1970s.

But political risk matters more now than ever, thanks to the convergence of three things:

1.      Supply chain improvements like "just in time" inventory management, which ships goods from factories to consumers as fast as possible but leaves no stockpiles to keep business operating if anything goes awry;

2.      Globalization, which has made it possible to make and sell products in more countries, to more consumers -- and, in the process, generates more nodes of disruption;

3.      The information revolution, which enables small groups to transmit messages to mass audiences in real-time.

These three factors have given rise to a fundamental business paradox: Businesses face greater global opportunities and vulnerabilities than ever before. Far-flung supply chains can dramatically lower costs, but they are hard to see and manage, leaving many managers unaware of just how exposed their business is to supplier delays, political events, and natural disasters far, far away. In the old days, the "free world" and "Soviet bloc" were two different universes. Not anymore. Now everything is connected. Sweden's Ikea has stores in Russia. My CIA alarm clock was made in China. Unrest in Cairo can cause legging shortages in California. And communications happen everywhere. Wifi can be found in Bedouin tents, on the top of Mount Everest, and on buses in rural Rwanda. Kenyan fisherman may lack electricity, but they can check weather conditions and fish market prices on their cell phones. All of this connectedness means that political risks -- civil strife, instability, insurgency, coups, weak legal standards, corruption -- have more spillover effects. What happens in Vegas does not stay in Vegas.

In 2011, Orange Business Services, the business communications arm of one of Europe's large mobile phone providers, thought the protests in Tunisia couldn't possibly affect their operations in Egypt. One week later, they were proven wrong. The domino revolutions of the Arab Spring had cascading effects on a number of industries, ranging from telecom in Europe to the tea trade in Africa. Instability in the Middle East was by no means an outlier. There were nearly three dozen attempted coups in the last decade, seven between 2008 and 2010 alone, ranging from Thailand to Niger to Ecuador. The Fund for Peace's Failed States Index has listed more than 100 countries in the "alert" or "warning category" for state failure since it began in 2007. That's more than half the countries in the world. In a 2011 survey of the 100 largest high-tech companies, 81 percent of executives said they were worried about natural disasters, wars, conflicts, and terrorist attacks, a jump of 26 points from the previous year. As Ian Bremmer notes, major geopolitical changes have occurred about once a decade for the past 50 years: de-colonization in 1950s and 1960s, détente in the 1970s, the Cold War's end in the 1980s, 9/11 and terrorism in the early 2000s. The Arab Spring is the latest. Undoubtedly, there will be others. Large political changes happen far more often than we think.

Little changes also matter more now, too. Thanks to the IT revolution, lone individuals and small groups can have a supersized impact if their messages go viral. Julian Assange used the internet to turn his ragtag WikiLeaks operation into a phenomenon that roiled diplomats across the globe. In 1998, the NGO Global Witness, which started with three friends in a London apartment, exposed the role of conflict diamonds in Angola's civil war. By 2003, their work helped prompt U.N. sanctions against Sierra Leone, Angola, and Liberia, and cowed the diamond giant DeBeers into a certification scheme to clean up the industry. Two years ago, before the Arab Spring erupted, a Stanford colleague of mine met with Syria's president, Bashar al-Assad. The Syrian strongman said, presciently, that he was not worried about a U.S. invasion. He was worried about Facebook. He should have worried more: in the internet age, small local movements often don't stay small and local for long. In business as well as politics, power has gone asymmetric.

Understanding the changing nature of political risk and how to mitigate it is a growing industry. In large part, this is because the U.S. government has left an intelligence gap. In many countries, intelligence services regularly share information with businesses to give them a competitive advantage in the global arena. But U.S. intelligence agencies do not. Since 9/11, the private sector has been filling the gap. In-house intelligence units are the most pioneering examples, but they have plenty of company. There are now scores of open-source intelligence services, analysis shops, and consulting firms led by former high-level officials with names like Chertoff, Albright, Rice, Hadley, and Gates.

So when you think "convergence," don't just think about drones and spooks. There is a burgeoning convergence of intelligence and business. The CIA may not be getting into corporate espionage, but American companies are getting into intelligence. They're just not talking about it much.