

Researchers Easily Slipped Weapons Past TSA’s X-Ray Body Scanners - ejr
http://www.wired.com/2014/08/study-shows-how-easily-weapons-can-be-smuggled-past-tsas-x-ray-body-scanners

======
Ethan_Mick
"The only useful airport security measures since 9/11, were locking and
reinforcing the cockpit doors, so terrorists can’t break in, positive baggage
matching and teaching the passengers to fight back. The rest is security
theater.”[0] \--Bruce Schneier

[0] [http://www.vanityfair.com/culture/features/2011/12/tsa-
insan...](http://www.vanityfair.com/culture/features/2011/12/tsa-
insanity-201112)

------
kmowery
Hi! Lead author here.

We'll be giving a talk on this work tomorrow at the USENIX Security
conference, but I'd be happy to answer questions here before then!

~~~
ejr
What were some of the challenges of carrying out these tests? And I imagine
procuring the machine may have been an issue if the manufacturers knew you
were exposing their shortfalls.

~~~
kmowery
You'd be surprised how difficult it was to bring it on campus and actually
turn it on! Over the course of the project, we worked with our IRB,
radiological safety experts, regulatory compliance, and campus public safety
before we put someone in front of the device. We set the machine up in a lab
with a concrete wall to backstop the radiation, and had a 2 meter safety zone
around it while it was actually emitting X-rays.

As for procurement, we purchased our machine on eBay from a private seller who
purchased it from a U.S. government surplus auction.

~~~
chiph
You're saying that compliance with university radiation safety protocols was
difficult -- for a machine that has been installed around the county and used
to expose millions of passengers? I think that's a big part of the story.

~~~
DanBC
Not unless the weirdnesses of ethics panels is part of the story.

------
DanBC
It is disappointing just how compliant people are with the stupid procedures.

But then you see the stories about people who are in the right, and are
complying with the TSA procedures (going as far as having letters from TSA)
who get terrible treatment.

[http://rt.com/usa/154672-tsa-breast-milk-
settlement/](http://rt.com/usa/154672-tsa-breast-milk-settlement/)

~~~
bane
It sucks, but you really have very few alternatives, only 1 of which will
actually get you onto the plane so you can get to where you're going and most
of which will ensure you'll never get on a plane again.

The procedures may be stupid, but people do weight the options and can be
surprisingly rational given that set of choices.

Given a choice of "get scanned and get on the plane" or "instigate an armed
overthrow of the TSA checkpoint" I'm probably going to go with getting on the
plane myself.

~~~
coldpie
I opt out of the nude scanners every time I fly. I've never had an
exceptionally unpleasant experience with the nut-gropers, but I'm a young,
white, male so your experience may vary.

I have a dream of everyone opting out, overloading the system and requiring a
fundamental change. But I'm always the only person doing it.

~~~
schoen
I've opted out over 50 times (and I try to help collect data about screening
methods on FlyerTalk, though I keep thinking this needs to be organized better
-- there are so many people collecting it in separate places, including
different FlyerTalk threads and different web sites). I think it's interesting
that the attitudes of screeners, as well as the thoroughness of their pat-
downs, has varied so much. (Some of them have tried to talk me out of opting
out, others have been very matter-of-fact, others have fairly vocally
criticized the body scanners or TSA itself.)

Three times there was another person opting out within my sight and at least
twice I got to talk to a fellow opt-outer (opter-out?). As I recall, their
concerns were always more health-related than privacy-related, unlike mine, so
I had a bit less common ground with them than I first expected to.

On two consecutive flights (more than a week apart and from different
airports) I alarmed the ETD and got detained and subjected to multiple pat-
downs and a hand-search of my luggage. I still haven't figured out what caused
it, but I put my shoes and backpack through the laundry and it's never
happened again. One hypothesis is that I might have gotten a drop of plant
food on my shoe, which has made me _much_ more paranoid about touching
fertilizers.

------
herbig
The article title is false. Within the article it admits the TSA no longer
uses this type of body scanner.

~~~
pmorici
"the X-ray scanners are still installed in courthouses, jails, and other
government security checkpoints around the country."

~~~
herbig
Thus the falseness of the article title. The title suggests that terrorists
can take over planes using these methods, which is not the case.

~~~
pmorici
It is validating prior claims from a blogger whom the TSA did everything they
could to discredit.

------
josho
The article notes the $1 billion spent to deploy the machines, and later
states that these machines are no longer in use. What is left unsaid is the
cost to deploy the machines that replaced this model–suggesting another
billion spent on more security theatre.

~~~
kmowery
The $1 billion number covers procurement, deployment and usage of both the
Rapiscan Secure 1000 backscatter X-ray and L3 ProVision millimeter wave AIT
systems.

The Secure 1000s have been removed; the L3 ProVisions are still deployed in
airports.

------
rwmj
I wonder how much of a dose of radiation they exposed themselves (or their
grad students) to while researching this?

~~~
kmowery
Hi! Lead author here.

We only had a person in front of the X-ray scanner a few times, to minimize
exposure. Most of the time we scanned a radiological "phantom", which is
designed to look exactly like a human under the X-ray spectrum.

~~~
pmorici
Are you going to test the millimeter wave style machines as well?

~~~
schoen
The linked article says that they haven't been able to acquire one for
testing.

~~~
kmowery
That's correct. We think the millimeter wave machines should be looked at in a
similar adversarial study, but we don't have access to one for testing.

------
Jemaclus
I wanna know how this kind of experiment actually works.

> Bill: "Hey Joe, we're gonna do an experiment, and we need you to smuggle a
> chainsaw through airport security."

> Joe: "All right. Hold my sign, I don't wanna lose it."

> TSA: "Is this a chainsaw?"

> Joe: "I'm a researcher, I swear."

> TSA: "Likely story. FULL CAVITY SEARCH, FELLAS."

> Bill: "Hmm, that didn't work. Next up, flamethrowers. Hey Frank..."

~~~
ejr
They would have used their own machine in a controlled setting to ensure it's
the machine they're testing, not the temperament of the TSA agents

    
    
      ...the University of Michigan, and Johns Hopkins plans to reveal their own results 
      from months of testing that same model of scanner

~~~
kmowery
That's correct. We have our own machine and tested it in a lab setting; we
never attempted to smuggle contraband in the field.

