The DHS Office of Inspector General released a redacted version of a report yesterday entitled “TSA Can Improve Aviation Worker Vetting.” The report examines TSA’s performance of its responsibility to conduct background checks on the two million workers (beyond its own employees) that have access to secure areas of airports. One of the findings of the report has been the basis for some disturbing media headlines last night and today, a sampling of which are linked below:
“IG Report: TSA failed to identify 73 workers ‘linked to terrorism’.” (Fox News)
“TSA Missed 73 Workers on Terror Watchlist” (The Daily Beast)
“Investigation Finds the TSA Didn’t Catch 73 Terrorism-Linked Employees.” (Slate)
The general impression that one gets from the media stories to date is that terrorism suspects have slipped through the cracks and are working at U.S. airports, posing a significant threat to the U.S. aviation system. But that is not what the IG report actually says.
As the terrorist watchlisting system is currently implemented, the National Counterterrorism Center (NCTC) manages the detailed, classified repository of watchlisting-related identity information in its TIDE database, which is then exported to the unclassified Terrorist Screening Database (TSDB), run by the FBI, subsets of which are then used by various screening agencies (e.g. Department of State for visas, CBP for border screening, TSA for domestic aviation). There are very clear rules in place as to what types of identities in TIDE and the TSDB can be used for which screening and vetting purposes, based on factors such as the relevant threat and the impact on civil liberties.
This IG report examines TSA’s responsibility to carry out background screening of airport workers, and notes that it doesn’t carry out such screening by checking against all TIDE records:
TSA did not identify these  individuals through its vetting operations because it is not authorized to receive all terrorism-related categories under current interagency watchlisting policy.
The report notes that the excluded TIDE records were for certain categories of terrorism-linked individuals that TSA has not been allowed to screen against to date (details of which are redacted from the report), and that more than a year ago then-TSA Administrator John Pistole formally requested that it be able to conduct vetting against such records, a request that has yet to be approved by the interagency group that oversees watchlisting policies. Such a decision to change current policy would need to be made judiciously, weighing the threat posed by individuals that fall in these TIDE categories (who presumably present a lower relative threat than individuals in other TIDE categories that are currently used for vetting) versus the civil liberties-related impact of conducting vetting that could cause individuals to lose their jobs based on a weak or unproven association.
As a result of such a review, and taking into account current threat-related intelligence, it may be warranted to expand the scope of TSA’s airport worker vetting. But let’s be clear: the current situation is not a “failure” or “omission” on TSA’s part, but the result of a deliberate policy decision. The media coverage of this IG report to date unfortunately lacks such nuance, and is instead hyping the implications of this report in a way that unfairly foments public mistrust of TSA and could lead to rash policy decisions on this issue.