I’m old enough to remember what it was like to fly before 9/11 — there were no TSA lines, there was no PreCheck, and there certainly wasn’t any requirement to take off your shoes. In fact, there wasn’t any TSA at all.
But 9/11 radically changed the way we move through an airport. The formation of the new Department of Homeland Security and the new Transportation Security Administration led to much more rigorous and invasive security measures for travelers trying to catch their flight.
This year is the 20th anniversary of the Department of Homeland Security and the TSA, and I think it’s safe to say that nobody enjoys waiting in the airport security line. And in the post-9/11 world, things like PreCheck are the great innovation of the department.
At least according to Dan McCoy, who is the TSA’s chief innovation officer, who told me that PreCheck is “a hallmark government innovation program.”
But what do programs like PreCheck and the larger surveillance apparatus that theoretically keep us safe mean for the choices we make? What do we give up to get into the shorter security line, and how comfortable should we be about that?
This week, The Verge launches “Homeland,” our special series about the enormous influence of the Department of Homeland Security and how it has dramatically changed our country’s relationship with technology, surveillance, and immigration. So we have a special episode of Decoder with Dan McCoy to see where the TSA fits into that picture.
Okay. Dan McCoy, the chief innovation officer of the TSA. Here we go.
This interview excerpt has been edited and condensed. You can find a full transcript further below.
Nilay Patel: The founding of the TSA is connected to a very pivotal moment in my life. It was founded right after September 11th in 2001. I was in my second year of college. It was formally made part of the Department of Homeland Security when that agency was created in 2003. We are basically right at the 20-year mark of these agencies. It feels like a good time to step back and think about what it is they do, how they work, and where they can go.
Let’s just start with your role specifically, since I don’t think most people know that TSA has a chief innovation officer. What is it that you do?
Dan McCoy: So, what I do for innovation at TSA does perplex a lot of people. There are always these conceptions that I am very tech-focused and very experience-focused. A lot of government innovation groups have been really focused right now on emerging venture capital and emerging technology, and how to integrate them. I would best describe my role as chief facilitation officer for innovation.
At that 20-year mark, how do you take a step back and ask, “Where do we want to purposefully innovate? How do we build the culture, the capacity, the manpower, and the assessment tools to actually let that innovation happen?”
How is the TSA structured and how do you navigate that to facilitate innovation as you are describing?
I don’t know if this is a Reed Hastings line somewhere, that ideas are great, but until you move them through the process and they actually start to add value, they are just ideas. We have thousands of ideas across the TSA.
What my team is doing now — and this is part of the innovation doctrine that we are rolling out — is building that pipeline of ideas and centrally locating it, so that we can identify what ideas are really going to be impactful and are getting underrepresented in the groups they are in. Why are they getting underrepresented? Is it the structure of the organization? Do we need to go drive training around design thinking, agile development, or lean model development into that specific area? We then let that natural diffusion of innovators, that 2% in that group, really take hold and say, “We are going to solve our own problems.”
I would say the only real innovation I have felt in the last 20 years of the TSA is PreCheck and Clear, and I’m signed up for both of them because I am a very impatient man who does not like to stand in line. Every time I go to the airport, I think, “I have allowed some amount of increased government surveillance of me because I am impatient.” I am uncomfortable with that balance every time, but then I get through the thing faster and I’m like, “Well, it was worth it.”
That feels like the big innovation: that we have created two classes of travelers. One is okay with increased surveillance and the other is taking off their shoes. Is that something that we should innovate on? It feels like the ripest area at the customer experience that also keeps everybody safe.
I am just so happy you were the first one to bring up PreCheck as an innovation, because this is something that there was a lot of conversation about when I came into TSA. “What are we doing around new technology? How are we adopting artificial intelligence and machine learning? What is our policy going forward on IoT [Internet of Things]?”
It had me saying, “Can everybody take a step back and acknowledge that the biggest breakthrough innovation we have had since inception is TSA PreCheck?” It is a process innovation, it is a network innovation, and it is a partner innovation. It is not tech-focused in how it is delivered, but it adds a tremendous amount of value to the traveling public and to TSA operations. We have a whole other class going through the checkpoint that we have additional information around.
I understand your point about giving up more information, and the unease around it. We have worked so closely with civil liberties groups through PreCheck in the data collection we are doing. As we are doing more around biometrics and mobile driver’s licensing, that trust component is front and center in how we are rolling that out. That is second only to, “is it increasing security?”
How do you make PreCheck biometric only, with fingerprints and facial matching? I think it is a little bit similar to Clear, as you mentioned a second ago. Now when Nilay walks up with even less patience, the facial match is done and he can go about his day. You are not divesting any form of identity going forward. Building around that is a real opportunity for us to innovate. I think the TSA PreCheck program is a hallmark government innovation program.
How do you think about that balance? You only talked about it a little bit. If I step back — and I am old enough to remember what flying was like before September 11th — the goal was not tons of surveillance or identity verification. It was, “It would be cool if you didn’t have knives and guns on the plane.” How do you get back to that state? I look at the increased amount of surveillance as a net negative.
I think it is fascinating that you are talking about it as a net positive, like, “We will do more surveillance and your life will be easier. We, the government, will be able to trust that you are a secure person because we know you have not bought a bunch of fertilizer in the last six months.” What PreCheck is effectively doing is keeping tabs on you, so that when you get to the airport it knows your profile is safer than average. How do you get back to that place of, “What we are going to focus on is the scanners and the detection of what is in your bag. We do not have to surveil you, we just have to know that you in this moment do not pose a threat.”
This is definitely a hard one to answer from my part. From the innovation perspective, there is intelligence and analysis in the backend that is doing a lot of this work. We have partnerships with the FBI for those background investigations that you are talking about. If you ask an end user to design the best app, they want it to look slick and be frictionless as far as mobility and application development. That is only until you probe them with, “Well, do you want your data to be secure? Do you want to know that you are not being tracked?” I think that is what I equate the TSA process to. Most of my life, TSA has been the way that we go through the airport.
We want to maintain that level of security that we know we need in our post-9/11 environment. What we want to do is make sure that we are building that level of clear trust with passengers, that this is the data we have and we are working off of. What I think most passengers want is less friction going through the process and the backend understanding that data is safe and secure. If I can drive a point to your question, I do not know if we are ever going to go back to only a goal-line defense of screening for threats.
We have seen the benefits of a multi-layered approach, which is to disrupt, deter, and detect. “Detect” is our goal line; it is an interception in the end zone on something that could have gone awry. The “deter” is that we have new technology, we have new capabilities, and we have trained officers. You probably should not try anything in the aviation space. Then the “disrupt” is the whole national security ecosystem saying, “We should think about what attack vectors and what vulnerabilities may be targeted, because we want to disrupt those where they are.”
“Well, do you want your data to be secure? Do you want to know that you are not being tracked?”
I hear that you want to deter things early, but the criticism of the TSA has always been, “Well, that is just a lot of security theater and you are just scaring the bad guys away with ineffective things.” I just wonder, from your perspective as the innovation officer, do you ever think, “We can innovate on that and maybe get through the very difficult balance of privacy and security. Maybe we can find ideas from throughout the agency to make that equation better for people.” I think it has become more intrusive over time.
That’s fair, and it is the public’s take on the way we are working today.
My hope is that we can take a different approach to what you have laid out. Can we shift the scales back one way or another? I am not the decision-maker closest to that problem to know. What we want to have happen is that someone in that area has the lens, that they are our innovator in that space, to go, “Maybe it is time to disrupt this a little bit, or at least shift the mission model a little bit. There has been some change that we have seen at another agency in the industry.”
FinTech is a really data-secure ecosystem where you give up a lot of data. If there is a change there, maybe it can apply to what we are doing. Our hope from the innovation team is that those people exist, are educated on what we want them to do, and are empowered to do it. We hope that those new approaches that are beneficial to the whole agency and traveling public will take place where they should, in that business unit.
I know Clear has a database of faces; I don’t love it, but again, I am impatient. At least they are a private company. If they do something wrong, people can sue them. It feels like there is that check where if Clear blows it, they can lose their contract and that is existential for them. TSA doesn’t get to lose its contract. If you give the government the database of faces and they screw up, it feels like the remedies are less existential.
We are doing it in a process right now. The first step in this direction is our one-to-one matching. You take your ID and insert it into the machine, and the face on this ID is Nilay. We match that Nilay has presented himself, so we are good here. That is our first level.
Over time, we are moving to a one-to-end match, which today is in partnership with Customs and Border Patrol. They have a one-to-end system for reentry into the United States that they use that’s in a pilot phase. This is why the innovation process is so important, to not only get the technology right, but to get that trust right. We are in a pilot that we are constantly gathering feedback from civil liberties groups. We are constantly getting feedback from industry standards mechanisms, like the International Standards Organization (ISO) and National Institution of Standards and Technology (NIST), where they are coming in and assessing the trustworthiness of this system.
You are right, if there is a breach at Clear, they are going to lose customers and that is going to be existential. We don’t necessarily have that, but what we do have is that those failures become incredibly public. We are aware of that.