Behaviour Detection Demystified: A Glimpse into the TSA’s Capability

Behaviour Detection Demystified: A Glimpse into the TSA’s Capability

Since its inception, the Transportation Security Administration’s (TSA) Behaviour Detection programme has been criticised for allegedly being a racial ‘profiling technique’ and not scientifically valid. In spite of these criticisms, the TSA continues to deploy this capability. Jennifer Blanchard delves into the reasons why a capability focused on human behaviour is so critical to any security infrastructure and attempts to put the profiling allegations to rest.

It’s 5:30 in the morning on a Tuesday at one of the busiest airports in the United States. While passengers go about their usual business – printing boarding passes, checking bags and waiting to go through the line at the security checkpoint – TSA Security Officers (TSOs) are working. Some passengers see these officers as mere travel document checkers or bag screeners, but for many of the officers, there’s more to them than meets the untrained eye. Some of them are trained in Behaviour Detection (BD), a concept that is poorly understood, which has been problematic in gaining support for its inclusion into the broader security landscape. As passengers proceed through the usual security screening process, trained officers are inconspicuously interacting with passengers and observing for signs of suspicious behaviour.

TSA’s Behaviour Detection Capability Defined

Behaviour detection, at its core, is a method of observing human signals, both behavioural and physiological that can alert an officer that someone requires additional screening. It is not the TSA’s nor the TSO’s intent to subject travellers to hours of unnecessary screening activities or interrogations, nor are they attempting to label anyone a terrorist or criminal. During the application of BD, officers observe for a combination of verbal and non-verbal indicators to evaluate someone’s behaviour. Each of the behavioural indicators that the officers have been trained to detect were identified by academic research literature (e.g., deception detection), operational experience (e.g., law enforcement agencies from around the world), and documented cases of terrorism as well as criminal activity. With the exception of only a few indicators, some form of behavioural clustering is required. Only the most critical, or those that may indicate an attack is imminent, precipitate immediate action. Otherwise, an individual is seamlessly ‘referred’ for additional screening, which is similar to a standard secondary search and includes a brief interview component.

It is through this referral process that a resolution is reached regarding whether an individual is considered a higher risk and thus required to undergo further intervention from law enforcement or other security entities. The data collected through BD includes cases with known ties to terrorism and a myriad of criminal-type incidents: drug smuggling, fraudulent identification scams, money laundering, and individuals carrying bomb parts in their checked baggage, just to name several. Terrorism is funded through activities such as these and stopping them during this stage is paramount to hindering those potential future acts. The apex of BD in this context, is that it does not discriminate between activities. Similar behaviour, whether you are a drug smuggler or a terrorist will manifest due to the underlying stress or fear response that the human body may emit when trying to conceal something. These behaviours can occur unbeknownst to the person displaying them and some are rather difficult to control (e.g., physiological behaviours). This provides a way for officers to route individuals to additional screening to ensure something else isn’t going on and to ensure the safety of the travelling public.

TSA has long sustained a layered approach to security screening, in which each layer contributes to TSA’s mission: to ‘protect the nation’s transportation systems to ensure freedom of movement for people and commerce’. No single layer of security is intended to be performed on its own; each layer plays a critical role in a series of actions that work together to mitigate possible threats. The TSA has incorporated some form of BD for the last eleven years as part of its layered security methodology – and with good reason; terrorists are innovative and evolve faster than technology can keep up.

Behaviour detection is one of the only capabilities that is not restricted to identifying a single method of attack – any individual attempting to circumvent security or cause unrest can be identified as high-risk by observing human behaviour, even internal threats. It is vital for the global community to implement strategies that can identify and detect individuals who not only have the means to carry out an attack (e.g. a bomb), but also identify those who harbour ill intent and the desire to harm innocent civilians. Without BD as a supplemental layer of security, it may not be possible to proactively mitigate a threat before it happens.

Behaviour Detection is Not Racial, Ethnic or Religious Profiling

Assessing passenger risk is a delicate balance of protecting civil rights, privacy, and the need to effectively screen individuals. One major misconception regarding the BD capability is that it is a form of racial, ethnic or religious profiling. In reality, BD is solely focused on the behaviour of individuals passing through the airport. Although an individual’s appearance may contribute to an officer’s evaluation, for example, if that factor is an obvious alarm (e.g. visible detonation switch), but the process of using behavioural indicators ensures that profiling of any type – either consciously or subconsciously – does not occur. Relying on a person’s appearance as it relates to their race, ethnicity, or religion would more than likely allow the real threat to pass by undetected because officers would then be focused on the wrong thing.

“…an individual is seamlessly ‘referred’ for additional screening, which is similar to a standard secondary search and includes a brief interview component…”

Cognitive biases exist within all of us and affect our decision-making ability and the ability to remain unbiased. We are human after all, but the TSA attempts to mitigate potential biases by using a well-researched set of indicators with operational definitions. The alternative is to have officers use their own judgments of what is suspicious, which could lead to inaccurate assessments and reliance on biases. The mere act of using a set list of indicators eliminates internal biases from dominating an officer’s decision-making skill.

To take this a step further, specific criteria must be met to assess indicators, which strengthens standardisation. For example, some behaviours can only be assessed when certain location parameters are met (e.g. when approaching a high stress point such as a metal detector). Additionally, it is not just simple observation, but active engagement, that makes it easier and more robust for assessing the indicators used by the TSA. Without this type of guided protocol, there would be no regulation across officers or airports, no way to measure success, no method for determining accountability in referrals, and a higher likelihood that profiling could happen. If officers rely on their own stereotypes and assumptions, this capability will fail. Maintaining a standard in BD assessments ensures that TSOs are not inadvertently creating security vulnerabilities by potentially allowing threats to penetrate the proverbial security bubble.

Scientific Substantiation

Behaviour detection is a difficult concept to scientifically validate. Proponents of the programme understand the caveats related to BD whilst understanding the worth of introducing a capability that, in essence, does not cost nearly as much as inserting new technology each time the threat evolves. One of these caveats is that testing this capability cannot be done through the traditional mock threat methodologies because genuine behaviour related to high stakes malfeasance looks different than simulated, or acted out behaviour of the same type. Additionally, real world data is sparse due to the low base rate of actual operational terrorists transiting through US airports. However, behaviours linked to smuggling-type activities are closely related to the deception-detection academic literature, and insights can be gleaned from that body of work to help substantiate the use of BD.

“…behaviour detection is one of the only capabilities that is not restricted to identifying a single method of attack…”

Another major caveat is that, whether known or unknown, a terrorist must be operational at the time of scrutiny. There has to be some form of active deceit where the stakes are at their highest for behaviours to manifest. Adequate research and operational support exists that outweighs the risk of solely relying on technological solutions.

In 2011, the Department of Homeland Security (DHS) Science and Technology (S&T) Directorate, with the full support and participation from the TSA, set out to attempt the first ever field research study to try and provide quantifiable results that would lend support for this type of security method. This research was ground breaking and provided the first ever look at how TSA’s BD methodology fared compared to a random selection method. At a high-level, the BD method was significantly more successful at selecting high-risk passengers than the random selection method. This study was never purported to be the answer to validation, nor was it designed as such. It was a first step, and one that no other agency or country has attempted.

Since 2011, the TSA has pursued efforts to evolve the capability to align with the threat landscape. Optimising the protocol and behaviours was completed and additional areas of research executed. Some of these efforts are on-going and the hope is to continuously evolve the capability and continue to work with experts from around the world.

Behaviour Detection is a Viable and Strategic Security Asset

Including a behaviour detection component within the larger security strategy can help detect and deter potential acts of violence and hostile intent, something that technology cannot do. Without it, a security system is only as strong as the last incident that occurred and is vulnerable to unknown threats. Moreover, this capability can identify activities that need special intervention, such as human trafficking and active shooter scenarios.

The TSA and larger global community are working together to create a capability that is accepted and implemented within security paradigms while also exposing its worth. Because BD is scalable, flexible, and threat neutral, it’s the ace in the hole.

Jennifer Blanchard
Jennifer Blanchard

Jennifer Blanchard is a TSA Transportation Security Specialist within the Office of Requirements and Capabilities Analysis, Human Performance Branch. She has been involved with behaviour detection research and protocol development for over twelve years and is dedicated to improving security within the aviation environment and beyond.