Congressional Testimony - FAA Whistleblower

Good afternoon, it is an honor and a privilege to have been invited to speak at this hearing. My contribution is to explain, based on personal experience, how abuses of secrecy are a clear and present danger to homeland security. That occurs when secrecy sustains vulnerability to terrorism caused by government breakdowns.

I know this, based on seven years with the Federal Aviation Administration's (FAA) Red Team, which conducted undercover tests on airport security through simulated terrorist attacks. Although we breached security with ridiculous ease up to 90% of the time, the FAA suppressed these warnings. Instead we were ordered not to write up our findings (in some cases) and not to retest airports where we found particularly egregious vulnerabilities to see if the problems had been fixed. Finally, the agency started providing advance notification of when we would be conducting our "undercover" tests and what we would be checking.

As background, after the bombing of Pan Am 103 a 1990 Presidential Commission directed the FAA to develop “measures to improve testing of security systems”. This was the birth of the Red Team. The Red Team, by definition, is an adversary team designed to replicate tactics that terrorists might use against us.

With the crash of TWA 800 off New York City, the FAA Reauthorization Act of 1996 (P.L. 104-264) further reinforced this concept of a Red Team by stating in part, “…the Administrator [of FAA] shall conduct periodic and unannounced inspections of security systems of airports and air carriers to determine the effectiveness and vulnerabilities of such systems…”.

Furthermore, the White House Commission in 1997 stated in part, “…Red Team type testing should also be increased by the FAA, and incorporated as a regular part of airport security action plans. Frequent, sophisticated attempts by these Red Teams to find ways to dodge security measures are an important part of finding weaknesses in the system and anticipating what sophisticated adversaries of our nation might attempt…”.

As a former Team Leader of the Red Team it was my sole job to execute this mandate. Some of my colleagues and I, using Red Team type tactics, did find major vulnerabilities in aviation security. We reported these through our chain of command. The managers in FAA (including the highest offices in FAA) deliberately choose to ignore our warnings. This is particularly grievous in light of the ever-growing terrorist threat of which they were also aware. For example, FAA issued 15 terrorism warnings to the air carriers in the year prior to 9-11. On April 6, 2000 the Associate Administrator of FAA for Security stated in open testimony before the Committee on Commerce, Science and Transportation Subcommittee on Aviation Security, “…[M]oreover, members of foreign terrorist groups and representatives from state sponsors of terrorism are present in the United States. There is evidence that a few foreign terrorist groups have well-established capability and infrastructures here….”

Then the terrorists attacked on September 11, 2001, killing nearly 3,000 people. Immediately afterwards, numerous government officials from FAA as well as other government agencies made defensive statements such as, “How could we have known this was going to happen?" The truth is, they did know. What happened on 9-11 was not a failure in the system, it was a system designed for failure. FAA very conscientiously and deliberately orchestrated a dangerous façade of security, ignoring the laws cited above. They knew how vulnerable aviation security was. They knew the terrorist threat was rising, but gambled nothing would happen if we kept the vulnerability secret and didn't disrupt the airline industry. Our country lost that bet.

There are serious indications that the FAA deceived the public about what happened on 9-11. On the afternoon of September 11, 2001, I was working in one of the FAA operations centers collecting information on details of what happened during the hijacking. We received information that a firearm was used on one of the hijacked aircraft. At the time I gave it little thought. If you are going to hijack an aircraft why not bring a firearm? I knew from working in the Red Team how easy it is to do. Several years earlier the FAA had canceled testing with firearms, after a national Red Team study found over two thirds made it past security.

That evening the Administrator of FAA requested an Executive Summary covering the day’s activities, and this information about a gun was included in the Summary. Day’s later, without any explanation or questioning of the Summary's author, the Administrator publicly announced that no guns had been used in the hijacking. Several months passed when the press re-surfaced this issue. FAA’s initial response was that no so such Executive Summary existed. Later, when confronted with the document, FAA admitted the Executive Summary existed, but denied its accuracy. Sometime later I learned that another operations center also received a report that a firearm was used. I discussed. They conducted a cursory investigation but did not talk to all the pertinent witnesses. There were also reports of a possible explosive threatened on a flight. I hope this Commission investigates and credibly determines whether the public was deceived, and if so, why.

In my case, about a month after 9-11, I filed a Whistleblower Disclosure against FAA with the United States Office of Special Counsel (OSC). Last year the Special Counsel found a substantial likelihood I was right, and ordered Secretary Mineta to investigate. OSC flunked the agency's first draft report, which I had attacked as a cover-up. This past March, the OSC accepted a second report from the Transportation Security Administration (TSA), which concluded that, “…the Red Team was grossly mismanaged and that the result was the creation of substantial and specific danger to public safety…” in connection with 9-11. The Special Counsel still flunked the report as failing to meet legal requirements, however, because it failed to address accountability for confirmed wrongdoers.

At the time of the September 11, 2001 attacks I was a 14-year veteran of the Security Division of the FAA. I started off as field agent and Federal Air Marshal based in a major metropolitan area, then served as a Team Leader in the Air Marshal program, and since 1995 I had served as a Team Leader in the Red Team. We were extraordinarily successful in destroying U.S. Flag commercial aircraft and killing large numbers of innocent people in these simulated attacks. This occurred with such regularity and ease as to present a frightening picture of the sorry state of aviation security on a worldwide basis, including our domestic airports. This was all prior to 9-11. Immediately after our Red Team warnings were vindicated, however, we were grounded. Later, I was removed from my position as a Red Team Leader with no explanation and placed in a career limbo.

What was of even more concern to me was that the individuals who occupied the highest seats of authority in FAA were fully aware of this highly vulnerable state of aviation security and did nothing. My immediate boss reported directly to the Associate Administrator for Aviation Security; and he reported directly to the Administrator of FAA. In 1998, I sent a memo through my chain of command to the Administrator of FAA attempting to have these issues addressed. The Administrator didn’t even have the courtesy to acknowledge receipt. The Secretary of Transportation did respond to my letter but there was no follow-up.

Coupled with this; virtually every expert on terrorism for several years prior to 9-11 had been screaming about the ever growing threat to the United States by a new breed of terrorists willing to inflict mass casualties on civilians. The first major wake-up call occurred in 1994, when terrorists planned on blowing up a dozen US commercial aircraft over the Pacific Ocean. [“Project Bojinka,” which also contained Kamikaze plans.] This was thwarted by an accidental fire in the apartment where the bombs were being constructed. The second major wake-up call occurred in 1995 when terrorists planned on crashing an airliner into the Eiffel Tower in Paris. Only quick and decisive action by French commandos prevented this disaster. There were also additional indicators.

The specific issues I outlined in my Whistleblower Disclosure included the following:

1) In 1996 I worked on a 6-month project in which we injected simulated bombs through the checked baggage system at a major European airport. We were successful in getting 31 out of 31 of these simulated explosives on US commercial aircraft. No action was taken to remedy this security problem and we have never been back to this airport to re-test security. In fact our results were so deplorable that FAA prevented us from testing in this manner at any foreign airport ever again.

2) In year 2000-01, in other testing conducted at a different major European airport the Red Team obtained equally abysmal results, even though this airport had the latest bomb detection equipment. FAA Security management was equally remiss in not correcting these problems.

3) In 1998, I was the team leader testing the access control system at a major domestic airport. We were successful in breaching their multi-million dollar computer controlled access system approximately 85% of the time. No action was taken to remedy this security problem and we have never been back to this airport (or any airport) to re-test access control security.

4) In 1998, the Red Team completed extensive testing of screening checkpoints at a number of domestic airports. Basically our test results were the inverse of the results FAA field offices achieved (i.e.: where a field office reported an airport having a 90% success rate in detecting FAA test objects; we would report a success rate of about 10%. In one case we even had documented an airport detection rate of about 3%).

5) In the 1997-8 time frame, I was the team leader for some testing at another major domestic international airport. Purely by accident we conducted testing at an extremely busy time when cruise ships were loading and unloading passengers at the same time. The airport was extremely overcrowded with people. Security simply broke down in these conditions. After failing all of our tests and reporting this fact through my chain of command, I reported this abhorrent state of security to my immediate manager. He ordered me not to make a written report on this, and to stop all further testing at this airport.

6) Since 1998, almost all of our domestic work had been limited to testing the CTX explosives detection machines. By August of 1999, our test results were so poor that my boss ordered us to no longer do surreptitious (i.e.: unannounced) testing. Instead, we were ordered to notify the appropriate FAA field office a couple of days before we were to commence our “secret” testing. My first 2 missions after receiving these instructions resulted in both of these airports achieving a 100% success rate regarding our testing. I stopped notifying the field after that, and the results returned to their normal low success rates.

There were also other major problem areas we identified in areas such as cargo security, Threat Image Projection (TIP), and the Computer Assisted Passenger Pre-Screening System (CAPPS). Apparently about half the hijackers on 9-11 were identified by CAPPS, but so what?

The bottom line of FAA’s response to its Red Team findings is that the Red Team was gradually working its way out of a job. The more serious the problems in aviation security we identified, the more FAA tied our hands behind our backs and restricted our activities. All we were doing in their eyes was identifying and “causing” problems that they preferred not to know about.

Further details regarding my Whistleblower Disclosures are contained in my over 500 pages of documentation submitted to the OSC. I should also point out that I have not been the only person engaged in this Whistleblower process. A number of other former FAA and/or current Transportation Security Agency (TSA) employees from around the country also contributed statements and documentation supporting my allegations. Also, a couple of recently retired employees provided documentation. One of these (Brian Sullivan) provided a letter (among other items) written by an FAA Security Special Agent on May 18, 1999 to the Department of Transportation’s Office of Inspector General (OIG) in which the agent stated, in part, “…as a result of this situation, Logan International Airport is in a critical state of non-compliance with Federal Aviation Security Regulations...” As you may recall, two of the aircraft than were hijacked on 9-11 left from this same airport. The IG took no credible action to investigate or correct these identified problems prior to 9-11, and they certainly took no action after 9-11.

Their statements are available in a public file at OSC, or through my attorneys at the Government Accountability Project (GAP). Their statements only are on the public record, because GAP did its own investigation with the witnesses and evidence the OIG ignored. While the OSC agreed with my general assessment that FAA Security was grossly mismanaged and operated in a manner that threatened public safety, there are additional items that need to be addressed. While the OSC agreed the new TSA's promises of reform "appear reasonable," that is not reassuring to me. Based on years of effort, I know the government's airport security bureaucracy is a master both of maintaining appearances, and of passive resistance to genuine reforms. Every one of the whistleblowers interviewed by GAP warned that the airports are not safer now than before 9-11. The main difference is that life is now more miserable for passengers.

After about two years working in the Red Team I became extremely concerned about this impending aviation security disaster and tried working through normal channels to have these issues addressed by FAA management. This proved to be a wasted effort, as with my 1998 letter to the FAA Administrator.

I then joined up with some other individuals from around the country, and we started working together on this problem. Steve Elson (a former Red Team member, now retired) and I went to the Department of Transportation’s OIG. This too proved to be a wasted effort. A senior official in the Inspector Generals Office actually explained to us that because of the political situation between the FAA and the IG’s office, the IG couldn’t take any action against FAA. The same person later told me that unless I gave him “…a dead body and a smoking gun, he can’t do anything against FAA.” Well, we now have nearly 3,000 dead bodies, a smoking cannon, and the IG still refuses to take action against FAA.

We then went to the General Accounting Office (GAO) and expressed our concerns to them. The GAO people we spoke to were extremely concerned about our revelations, but explained they have no authority to actually do anything. They get their marching orders directly from Congress. I learned later that the GAO has a long history of reports that documented the same sorry state of aviation security that we found on the Red Team.

We then visited a number of the offices of Senators and Representatives who were on the Transportation subcommittees that were supposed to oversee FAA Security, and provided them the same documentation about this dangerous state of aviation security. They too did nothing.

And so 9-11 happened. About a month later I filed my whistleblowing disclosure with OSC, which directed Secretary Mineta to report back on my charges. Mineta, in turn, ordered the IG to investigate my allegations. Over a year later the OSC announced the results of the investigation conducted by the IG. Keep in mind that this is the same IGs office that I had previously contacted prior to September 11, 2001.

The gist of the IG’s investigation indicated agreement with my general allegations but “…did not disclose any evidence…” that supported any of my specific charges. If this had been a [simple] murder investigation, their report would read something like: Our investigation reveals that the victim was murdered, but we found no evidence that anyone actually committed the murder.

The reason that the IG didn’t “disclose” any evidence that supported my specific allegations is not because they didn't have easy access to it. GAP's parallel investigation proved that. OIG simply didn’t include in their investigative report any documentation that I provided to them. They also seized all the Red Team files, which contained much of the specific evidence for my charges. But they didn't mention the evidence, or explain what they did with it. They didn’t include any derogatory statements that my witnesses provided. In fact; the IG didn’t even interview many of my witnesses. In essence the OIG falsified the report on my whistleblowing disclosure. But there was still so much overwhelming evidence of FAA’s dangerous culture of mismanagement that the IG had to admit enough shortcomings that the OSC supported my general allegation: FAA executed its Civil Aviation Security mission in a manner that, “…was a substantial and specific threat to public safety…”

So what happened after 9-11? Every government official with anything to say about it stated that 9-11 was due to intelligence failures. So instead of disemboweling the CIA and FBI, Congress disemboweled FAA Security and formed the Transportation Security Agency with billions of dollars of taxpayer’s money. To do what, to fix a civil aviation security system that “wasn’t” responsible for the government failures on 9-11 in the first place?

But what has TSA done? For one thing, not one person has been disciplined for mismanaging an agency that operated in a manner that was “a substantial and specific danger to public safety," contributing directly to the nearly 3,000 deaths on 9-11 as well as turning this county upside down. The OSC formally has agreed this is unacceptable. As a matter of fact, many of these same managers have been promoted within TSA and are key players in how TSA executes its missions. Those managers that didn’t transfer to TSA are still with FAA, and are managing the FAA internal investigations/security mission and its hazardous materials mission in precisely the same way as it mismanaged its previous aviation security mission.

TSA on the other hand has a lot to answer for regarding the misuse of hundreds of millions of dollars of taxpayer’s money, as well as very serious indicators that civil aviation security is little better now than it was before 9-11. In fact, I hate to see it; but TSA is showing some of the very same symptoms that FAA did prior to 9-11, that the façade is more important than the reality. This is something that terrorists can (and probably will) easily exploit.

In fact, the final report into my charges is illegally being kept secret, off the public record. The law only permits publicly withholding classified information from reports into whistleblower charges. There was no classified information in the IG report, but FAA refused to let the Special Counsel have it without a promise to maintain secrecy because the report has "sensitive but unclassified" information. This is a new concept, which allows information to have the secrecy status of being classified without any of the corresponding procedural checks and balances. This free ride is used for information whose contents don't justify being marked as classified. It is ironic that a report confirming public safety threats from abuses of secrecy is being kept secret. That is another reason I am not confident things are getting safer.

As for my own situation, in a formal letter to the OSC, the current head of TSA has reported that I am and have been gainfully and productively employed by TSA and that I am fully contributing my talents to the TSA mission. During most of 2002, my primary job was punching holes in paper and putting orientation binders together (and other menial work) for the hundreds of newly hired TSA employees. My current job is even further removed from keeping bombs, weapons, and terrorists off planes.

In addition to how I’ve been treated; a number of current and former FAA employees contributed to my rebuttal to the IG investigation with a total of over 500 pages of documentation. One made the mistake of not requesting anonymity; and she (Carrie Hancasky) has been treated in a similar fashion as me. Ms. Hancasky has a flawless work record, high integrity, and is being punished just for doing her job (ie: honestly answering questions in a formal investigation). This was for just being a witness. Intimidation of a witness is the most repulsive thing I have seen these bureaucrats do, and is but one of the warning signs that little of substance has changed in our government since 9-11.

The bottom line is that if massive improvements are not made in the way the new Homeland Security Agency treats its employees, we are all going to be in a lot of danger - not only from potential terrorists, but as federal employees from our own government. The next major terrorist attack can be thwarted, if there are highly motivated, appropriately trained individuals who are encouraged to use initiative and brains. It is counterproductive to beat employees down until they are afraid to raise serious issues about loopholes in our last line of defense. Unfortunately, we are tending toward the latter type of environment.

In fact, secrecy enforced by repression is being institutionalized through another new concept of unclassified secrecy called "Critical Infrastructure Information (CII), which can be virtually anything provided by industry to the Department to assist in the "War on Terrorism." If an employee blows the whistle with this unclassified CII evidence, it is a criminal act subject to immediate termination from the government, and up to a year in jail. This new CII form of secrecy was passed as part of the Homeland Security Act. If it had been law when I blew the whistle, I could have been fired and be sitting in jail, instead of being vindicated and testifying today.

Lack of personal accountability for ALL levels of government service; repression of government professionals exercising the freedom to warn of security breakdowns caused by mismanagement; and abuses of secrecy as an excuse to cover up the government's own misconduct are three strikes against public safety. If those patterns persist, we are doomed to suffer more and more 9-11 tragedies. It is only a matter of time.

In other news:

Unchecked intrusion at Pittsburgh International Airport baffles police

Wednesday, May 28, 2003

By Jonathan D. Silver and Mark Belko, Post-Gazette Staff Writers

The head of security at Pittsburgh International Airport said yesterday he was extremely alarmed that a man was able to sneak through a baggage area and board an empty passenger jet undetected, and he promised a sweeping review of the airport's security measures.

"I view it as very significant," Robert Blose, who is in charge of airport security for the U.S. Transportation Security Administration, said of the incident. "It raises tremendous alarms for me and, obviously, I'm extremely upset about it."

Luis Esquivel, a 21-year-old man from San Antonio, Texas, with a history of schizophrenia, remains in the Allegheny County Jail on numerous charges following the incident late Friday night.

Esquivel told investigators he was able to breach security by ducking behind a ticket counter when no one was looking. He said he then crawled along a luggage conveyer belt and pried open a door leading to the bowels of the baggage system.

From there, Esquivel says, he commandeered an unlocked United Airlines van with the keys in the ashtray and drove it through the airport's underground baggage area until he emerged onto the airfield.

Esquivel recounted that he drove a half-mile and parked near the first plane he saw, a 50-seat regional jet operated by American Eagle. Around midnight, he hoisted himself up to the enclosed walkway leading from the terminal to the plane and from there reached about four feet over to the unlocked airplane door and let himself in.

Allegheny County Police arrested Esquivel Saturday morning after a flight attendant discovered him around 5:30 a.m. snoozing in the passenger cabin.

Later that day, county police Lt. Robert Downey Jr. and two detectives took Esquivel on a tour of the airport so the suspect could reconstruct his movements. Although Downey said Esquivel's explanation seemed credible, Blose said airport officials were still checking another story that Esquivel gave to authorities. In that scenario, Esquivel claims he climbed over a wall and a plexiglas barrier in the baggage drop-off area of the Landside Building to gain access to the airfield.

Blose, who had not seen the county police report on the incident, said the TSA also was doing its own investigation.

Blose said his perception is that a "pre 9/11 cavalier attitude still exists with many people, and that has to be eradicated. That can't exist in this environment. It just can't."

Esquivel's mother, Maria, said Esquivel suffers from schizophrenia. On May 17, she said, he disappeared from a boarding home in San Antonio where he had been staying for several months.

"The past week was like hell, pardon the expression. Not knowing where he was or knowing whether he was OK or anything," she said yesterday. "He's been off of his medication for the past week, so that might explain some of his erratic behavior."

Police do not believe Esquivel had any malicious intentions. Downey said Esquivel claimed he wanted to fly a plane to St. Louis. After Esquivel was led off American Airlines Flight 4114, the plane was checked and cleared for departure to Chicago.

Teddy Xidas, local president of Pittsburgh Local 40 of the Association of Flight Attendants, called the breach of security a "big concern."

"There should be nobody on that airplane," except for, perhaps, a cleaner or caterer, Xidas said. "It would be shocking, actually. It would be scary because you don't know why they're on there."

Esquivel's odyssey first took him from San Antonio to Los Angeles. Last Wednesday he bought a ticket on US Airways to Pittsburgh. He paid cash and carried nothing but a few compact discs. Esquivel told police here that authorities in Los Angeles did not question him even though he paid for his ticket in cash and had no luggage.

"That's always the sign of a drug courier," Downey said. "He said nobody bothered him."

Esquivel left Los Angeles at 11:15 p.m. Wednesday and arrived in Pittsburgh around 5 or 6 the next morning. That night, he stayed at the Hyatt Regency Hotel. He checked out at 4 p.m. Friday.

Two hours later, Downey said, county police were called to the Hyatt's restaurant for a customer -- apparently Esquivel -- who left without paying his bill. The restaurant did not want to press charges, so police dropped the matter.

Police do not know when Esquivel got to the airport, but surveillance cameras picked him up at the ticket counters in the Landside Building at 11:15 p.m. By that hour, Downey said, half the terminal was still operational. But the other half, which is home to the ticket counters of numerous other airlines, had closed around 8:30 p.m.

Airport video shows Esquivel heading to the inactive ticketing area just five minutes after a county police officer on patrol walked by.

Downey said Esquivel ducked behind a counter -- he did not know which airline's -- and crawled along the conveyer belt. He passed under the dangling rubber strips and through the hole in the wall until he came to a baggage door.

That door is supposed to be automatically locked when the belts are shut off, but Esquivel told police he pried it open and squeezed into the 3-by-3-foot space.

Downey said county police are not sure which door Esquivel managed to pry open, but Blose said that TSA inspectors had identified the door and had a "hefty" screener try to open it. He was unable to budge it.

Blose said it is each airline's responsibility to secure doors to the baggage area when not in use.

Downey said Esquivel crawled about 100 feet down the conveyer belt into what is known as the baggage matrix, a maze of conveyer belts that all converge beneath the Landside Building.

After dropping about 10 feet from the belt to the ground, Esquivel was picked up by a security camera walking past a door at 11:50 p.m. Out of camera range, he apparently got into the United Airlines van and drove through a short tunnel and up a ramp to the airfield, Downey said.

Blose said he already has ordered all unattended vehicles in secured areas of the airport to be locked and the keys removed. If a vehicle can't be secured with a key, Blose said, he's advising the owner to purchase a cable lock so it's "not available to anyone to go joy-riding in."

Lisa Bailey, manager of communications for American Eagle, said the airline was in compliance with federal rules regarding airplanes parked at gates.

She said such jets must have their doors closed and must be disengaged from the jet bridge. She said there is no need for the doors to be locked.

Last weekend's incident was the second in six months in which someone without authorized access was able to enter a secured area of the airport. In December, a Robinson businessman without the required boarding pass was able to enter the restricted boarding terminal to see off his brother by flashing an old constable's badge he was given as a gift.

http://www.post-gazette.com/localnews/20030528airport0528p2.asp

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.