recommended reading

Recent TSA Scanner Upgrade Protected Your Privacy but Didn't Improve the System

Michael Dwyer/AP

The Transportation Security Administration needs to do more research before upgrading airport body scanners, according to federal auditors. 

"By not measuring system effectiveness based on the performance of the technology and [screening officers] who operate the technology or taking into account current processes and deployment strategies," officials "are not ensuring that future procurements meet mission needs," Government Accountability Office officials said in a March report released on Wednesday.

TSA last year finished installing software for the machines that replaces imagery of passengers' actual body parts with generic pictures of body parts. GAO noted the refresh was intended to address privacy concerns for all so-called advanced imaging technology-- or AIT -- systems, "however, it has not met proposed milestones for enhancing capabilities." 

TSA so far has stationed almost 740 systems at airports and will spend an estimated $3.5 billion in lifecycle costs on current and future systems, according to the audit. 

As of March 2014, TSA was not on track to meet an installation goal for enhancements "and these efforts have not resulted in enhancing AIT capabilities because currently deployed [privacy-protecting] systems are qualified at the same Tier I level as the systems originally deployed in 2009," the auditors said. 

A key lapse was that the agency did not gather mandatory "data on drills using improvised explosive devices," or homemade bombs, at the checkpoint that could demonstrate how well screeners are addressing abnormal activity, GAO officials said. 

TSA personnel at about 50 percent of airports did not report conducting these tech trials, during a period from March 2011 through February 2013. TSA officials told auditors the drills are not being enforced because they are unclear which office should oversee enforcement of the directive. 

GAO officials also discovered that the agency is not assessing the number of pat-downs screening officers conduct when a machine indicates something is amiss, which could provide a better picture of the number of false alarms that occur in the field.

Lawmakers slammed TSA for not checking the accuracy of machines and urged pulling the plug on funding for now. 

"Since TSA has failed to analyze and utilize AIT false alarm rates, we have no idea how many passengers are being subjected to pat-downs due to technological failures," House Homeland Security Committee Ranking Member Bennie G. Thompson, D-Miss., said. "TSA should not spend a single dollar on additional AIT machines until all of the deficiencies identified in this report are resolved.”

In a March 21 letter responding to a draft report, TSA officials agreed with recommendations by the auditors on how to proceed with future body scanner purchases.

"The Transportation Security Administration is aware that the advanced imaging technology units are of particular importance and remains committed to continuously assessing and improving the AIT program’s testing procedures," wrote Jim Crumpacker, director of the Homeland Security Department GAO liaison office.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download

When you download a report, your information may be shared with the underwriters of that document.