One thing to note is that the testing was done by people with detailed knowledge of operational procedures, therefore they knew the weaknesses and took advantage of that. In other words, if you got 100 semi random travelers and tried to have them sneak things thru fewer than 95 would succeed.
Now, that's not to say the TSA isn't incompetent and shouldn't improve its procedures and policies, but rather the 95% is an exaggerated value.
One other observation to make. When driving down the highway over the speed limit and a patrol car becomes visible, it's quite clear the car would not catch every infringer, yet, nearly everyone slows to comply with speed limits. In other words, as Bruce says, you don't need 100% effectiveness for the system to be effective.
I got the opposite from the original CNN video. It appeared that they were using "basic" hiding techniques for these items. They weren't trying to go and reinvent the wheel by using techniques they know will get through TSA screening, but they used techniques that they figured TSA would be able to find, and they just failed.
I'm going to go re-watch the video to see if I missed something though. I'll edit this if I learn something new.
Edit: I looked for some more detailed articles and I found this quote, however it is coming from the TSA not the testing agency.
> The goal of the Red Team is to build tests that push the boundaries of our people, processes, and technology. We know that the adversary innovates and we have to push ourselves to capacity in order to remain one step ahead. With that said, our testers often make these covert tests as difficult as possible. It’s not like they’re using a cartoonish bundle of dynamite with an alarm clock strapped to it. These items are extremely hard to spot.
Edit 2: I'm an idiot the TSA was the screening agency, or at least these tests are frequently referred to as internal tests. I didn't know the Department of Homeland Security Inspector General (IG) was a part of the TSA.
Even if they were using full-on, ninja terrorist techniques, you would expect screeners to train to those standards. If they train to and pass those standards, then Joe Terrorist shouldn't be a problem.
They did use that excuse in the past. Lame after-the-failure excuse making.
But isn't it a risk/reward question? I slow down because to me the high risk of getting a $125 ticket isn't worth the ten minutes I'll save driving, if I see the police car.
However, if I were a nefarious evildoer, I may be willing to take a higher risk of getting caught in order to do whatever it is I want to do.
1. There is a vastly greater prevalence of drivers travelling over the speed limit than there are of airline hijackers.
1. It's trivially easy to distinguish vehicles travelling over the speed limit than hijackers. One might even suggest that speeding enforcemnt is significantly enabled by the ease, and low false-positive rate, of detection: speed radar.
So, if you were someone who wanted to get through the security with some kind of dangerous object, wouldn't it make sense to map out those weaknesses? Therefore they also need to be tested against.
Those operational procedures aren't secret knowledge though. Someone who really wanted to get something through can get their hands on that information.
Now, that's not to say the TSA isn't incompetent and shouldn't improve its procedures and policies, but rather the 95% is an exaggerated value.
One other observation to make. When driving down the highway over the speed limit and a patrol car becomes visible, it's quite clear the car would not catch every infringer, yet, nearly everyone slows to comply with speed limits. In other words, as Bruce says, you don't need 100% effectiveness for the system to be effective.