Op-Ed: The scary truth about TSA’s PreCheck security vulnerabilities

Passengers walk through the PreCheck lane at Milwaukee's Mitchell International Airport on Oct. 22, 2013.
Passengers walk through the PreCheck lane at Milwaukee’s Mitchell International Airport on Oct. 22, 2013.
(Mike De Sisti / Associated Press)

When President Trump’s nominee for Homeland Security secretary, John Kelly, takes over, he will be greeted by briefers with binders full of information about the department’s daunting responsibilities, from hurricane response to border control. In the Department of Homeland Security world, risks abound.

One that should top the list, but will probably not be highlighted, is the Transportation Security Administration’s PreCheck program at airports. It’s a popular program, but its vulnerabilities represent a clear and present danger that demands urgent attention.

The briefers will explain that PreCheck is an example of “intelligence-driven, risk-based security strategy” that “expedite[s] screening for known and trusted travelers.” Those are beautiful agency buzzwords, but the gap between lofty soundbite and on-the-ground reality is wide, and it is scary.


PreCheck sounds sensible: Travelers apply, pay an annual fee, agree to a background check and get interviewed. If no flags appear, they are pre-cleared to go through a separate, shorter security line — shoes and jackets stay on, no body scanners, just a metal detector unless they are randomly picked for a more thorough check.

PreCheck, however, is fundamentally flawed. It’s a security hologram — it looks plausible, it’s pleasing to the eye, but its protective value is illusory.

It’s not a stretch to believe a reasonably competent terrorist could construct an identity that would pass PreCheck’s front end.

The first vulnerability in the system is its enrollment process, which seeks to verify an applicant’s identity. We know verification is a challenge: A 2011 Government Accountability Office report on TSA’s system for checking airport workers’ identities concluded that it was “not designed to provide reasonable assurance that only qualified applicants” got approved. It’s not a stretch to believe a reasonably competent terrorist could construct an identity that would pass PreCheck’s front end.

The other step in PreCheck’s “intelligence-driven, risk-based security strategy” is absurd on its face: The absence of negative information about a person doesn’t mean he or she is trustworthy. News reports are filled with stories of people who seemed to be perfectly normal right up to the moment they committed a heinous act. There is no screening algorithm and no database check that can accurately predict human behavior — especially on the scale of millions. It is axiomatic that terrorist organizations recruit operatives who have clean backgrounds and interview well.

Just to be clear, unless a PreCheck passenger is randomly tagged for a more thorough check, he or she need only avoid setting off a metal detector to gain access to the secure areas of airports. In other words, these travelers could carry a pound of C-4 plastic explosive in their pockets and get onto any airplane in America.


Finally, the way PreCheck works at airports is a separate, well-chronicled disaster. TSA headquarters gave its airport staff an impossible mandate: dedicate fast security lanes, with expedited screening, to the trickle of PreCheck passengers while jamming everyone else into the remaining lanes. The TSA has been able to fix nightmarish passenger delays only by spending millions of tax dollars on additional staff and overtime at airports around the country.

The briefing book will no doubt repeat Homeland Security’s current assertion that to improve wait times, TSA needs to drive up membership in PreCheck and hire even more staff. But that’s an expensive and still inherently risky approach. It does not correct the program’s risk-assessment and enrollment vulnerabilities.

Instead, TSA should implement short-term measures — for example, turn on the body scanners and use them liberally, even for PreCheck passengers — to reduce the existing vulnerabilities while they work with airlines, airports, passenger groups, local law enforcement and others to design a better checkpoint process for every passenger.

The problems with PreCheck lie not with TSA staff or checkpoint personnel, who deserve our respect and support, but with the agency’s political leadership, which has stretched the capabilities of its risk-based security system too far. In about a month, John Kelly will most likely have the opportunity and the responsibility to do something about that.

It will take courage to demand a review that might well overturn PreCheck. By creating fast lanes for some travelers, PreCheck has become one of TSA’s few public relations successes. For everyone’s safety, however, let’s hope that with this change in leadership, PreCheck gets a hard, fresh look.

Kip Hawley, the author of “Permanent Emergency: Inside the TSA and the Fight for the Future of American Security,” was TSA administrator from 2005 to 2009.

Follow the Opinion section on Twitter @latimesopinionand Facebook