Running late for a flight from Boston to San Francisco today, I was delighted to discover that my boarding pass made me eligible for the “TSA Pre-âˆš” line. Instead of waiting in a labyrinthine line, removing my bottles of shampoo, my shoes and my laptop, I found myself as the only person waiting to use the metal detector, with TSA agents assuring me that I could simply take my phone out of my pocket, leave my bags on the conveyer belt and step through. It took less than 30 seconds to clear security. It felt great. And it felt like cheating.
I fly about 100,000 miles a year, mostly with Delta, so I’m just shy of Delta’s highest tier of frequent fliers. Some months ago, Delta offered me the option of sharing my frequent flier status with the TSA, in order to expedite security checks. Unlike programs like Clear, which requires a substantial annual fee, a special ID card and biometric scans of flyer’s retinas, opting into this program was free and involved selecting a checkbox. I opted in, and promptly forgot about it, until checking into a flight at Detroit a few months ago, I found myself invited into the Pre-âˆš line and whisked through security. It was surprising, weird and pleasant – I thought about tweeting about how pleasant the experience was, until I realized that I was also pretty uncomfortable with a system that seemed to provide such unequal treatment for frequent flyers and occasional travelers.
The logic behind Pre-âˆš is pretty straightforward. I’ve flown a lot in the past two decades, and haven’t threatened the safety of passenger, plane or crew – if we project future behavior based on past behavior, I look pretty unlikely to smuggle dangerous items onto a plane. TSA has limited resources to passengers, so they should focus on the unfamiliar, who are less predictable and more threatening. And since frequent travelers experience the most frustration with TSA delays, changing their experience with security procedures is likely to have the most impact on perceptions of the TSA and their function.
But there are some unexpected consequences in making security more pleasant for frequent travelers. Bruce Schneier’s observation that most airport security measures represent “security theatre” rather than actual security enhancements – like reinforced cockpit doors – comes into very sharp relief when your shampoo no longer needs special scrutiny, and your shoes are assumed to be explosive-free. It’s harder to tolerate the petty rules that govern flight security – “Sir, I’m throwing out your toothpaste because the tube once held 125ml, and though it’s obvious it’s almost entirely empty, the rules say that anything over 100ml can’t fly, so good luck brushing your teeth tonight” – when it’s made abundantly clear that they’re completely arbitrary, largely disconnected from actual security threats and enforced as public performance. There’s an odd cognitive dissonance in having the TSA abandon security theatre so totally – while I know the rules that have just been waived are arbitrary and ineffective, I find myself experiencing brief anxiety at realizing that the rules have been relaxed for me and others who fit some unknown sort of profile. (More on that in a moment.)
There are a variety of reasons to be discomfited by Pre-âˆš. Consumer advocate Ralph Nader notes that splitting the security experience into a smooth one for frequent travelers and a harsh one for infrequent fliers suggests that we’re unlikely to loosen travel restrictions across the board. Frequent fliers are the people most likely to complain about TSA procedures and push for reform, and if they’re accommodated separately, political pressure to reduce security theatre is lessened. “The only thing that has developed tolerance for this mass nonsense that is going on at the T.S.A. checkpoints is that everybody is supposed to be exposed to it…. Once that is shattered there is going to be a lot of resentment among those who watch others zip through while we wait and nudge forward and get shouted at to take our shoes off.”
He’s right, which is probably why the two Pre-âˆš lines I’ve been through are physically separated from the normal TSA screening area – I know I’m getting the light treatment, but the infrequent travelers don’t, and the security theatre is for them, after all. So long as I’m treated well, I have no incentive to lobby for change, and if the infrequent fliers can’t see my experience, they won’t know how arbitrary and unnecessary the procedures they’re going through are. Long security lines could be a source of solidarity, but we lose that possibility when frequent travelers get special privileges. Writing in Salon, Michael Lind takes this argument to an extreme, suggesting that frequent fliers clubs are a way of privileging the rich and reflect the deep inequalities of our society. “Why donâ€™t we just make the new class-based discrimination official? Instead of leaving it to airlines and other corporations to construct the new apartheid piecemeal and informally, let the government issue a Premium Elite Citizen Card, valid for multiple purposes.” I’m far from convinced that treating your most frequent customers well by letting them board an airplane first constitutes apartheid, but I’d agree that blurring a line between a status offered by an airline for frequent passengers to a status that gives you a different experience with a government agency, the TSA, is complicated and uncomfortable.
The conversation about Pre-âˆš is more than a little different in frequent fliers forums. Fliers keep score of how often they’re waved into the Pre-âˆš line and how often they have to suffer ordinary security experiences. And they get annoyed at the unpredictability of the system, noting that if they knew they’d be granted Pre-âˆš every time they flew, they could arrive at the airport later. One flyer calls the program “amazing and useless at the same time“, because he can’t count on a quick screening experience.
This randomness is unlikely to disappear from the program, as it’s a major security feature. The TSA has published some of the criteria it uses to determine who’s eligible for pre-screening: frequent travelers who’ve opted in, who don’t have weapons or explosive violations on their criminal records. This suggests that would-be terrorists could start looking for frequent fliers with clean criminal records and recruit them as suicide bombers. One of the protections against that vulnerability is to ensure that Pre-âˆš flyers experience more intense scrutiny on some flights so that there’s no guarantee that a cleared traveler is a surefire path through less intense screening.
Because the screening is, in part, random, it’s going to raise questions about fairness. How do we know the TSA isn’t engaging in racial profiling, prohibiting travelers with Arab heritage from participating in Pre-âˆš? Friends who’ve been closely involved with Wikileaks report that they are now selected for secondary screening virtually all times they travel, making clear that profiles, based at least in part on behaviors or political views, can affect your TSA experience. It’s reasonable to expect that, if Pre-âˆš continues, frequent travelers will complain that they’re systematically being left out, punished for some part of their profile they can’t review or challenge.
Here, the TSA faces a challenge that surfaces in a wide range of settings: the difficulty of publishing algorithms. A truly fair Pre-âˆš system would involve publishing the algorithm the TSA uses to determine who’s safe to fly, and allowing travelers to review whether they qualified and why. But publishing that algorithm increases the chances that it will be gamed – if we discover that flying 20 times in a year is a key factor for clearance into the program, it’s easy to imagine an adversary flying 20 times with clean hand baggage and a bomb smuggled on the 21st flight.
Google faces a similar problem with their search algorithm. Countless merchants have complained that Google ranks their sites too low in search results, sending business to their competitors. The more paranoid (or, perhaps, more savvy?) suspect that Google is running an extortion racket, offering high “organic” placement to those who purchase ads, punishing those who don’t. Google could address this fear by publishing their algorithm and allowing sites to see how they ranked on different components of the algorithm. They don’t, because this would be hugely useful to the many people who’d benefit from gaming the system. (The entire SEO industry is based around the premise that search algorithms can be gamed with sufficient knowledge – actually providing that information would be of massive benefit to SEO firms and their clients, and likely to very little user benefit.)
It’s possible to make an algorithm transparent and gaming resistant – it’s just very hard. You need to engineer algorithms where signals are expensive to fake. The purest form of Google – the “BackRub” algorithm – is vulnerable to gaming because the signal (the number of pages linking to a page) is inexpensive to fake – create a “linkfarm” of pages pointing to your page, and you’re all set. Google’s algorithm may need to be obscure because in an online environment, virtually all signals can be faked, given enough skill and effort.
TSA Pre-âˆš could well be another matter. If the main signal the program uses is lots and lots of trips without incident, that’s a reasonably expensive signal. Our aspiring terrorist might need to take hundreds of trips, spending tens of thousands of dollars, before establishing a sufficiently clear reputation. Or she might have a great advantage, now knowing precisely what type of frequent flier she needs to recruit to smuggle on the all-important 125 ml of scary liquid. I certainly don’t count on TSA making the algorithms behind Pre-âˆš transparent, but it would be a small step towards addressing questions of fairness the program is likely to face.
We’ve seen a strong push for open data in the US, a movement based on the idea that data should be available to the general public in machine-readable, API-addressable form, unless there’s very strong reasons to keep it secret. I’d like to see a similar push around transparent algorithms, a principle that our government should be disclosing algorithms that affect the lives of citizens, in as many circumstances as possible. I suspect we’d learn a great deal about making algorithms transparent and gaming-resistant if it were significantly harder to rely on security via obscurity.