Second public hearing of the National Commission on Terrorist Attacks Upon the United States
Statement of Bogdan Dzakovic to the
National Commission on Terrorist Attacks Upon the United States
May 22, 2003
Good afternoon, it is an honor and a privilege to have been invited to speak at this hearing. My contribution is to explain, based on personal experience, how abuses of secrecy are a clear and present danger to homeland security. That occurs when secrecy sustains vulnerability to terrorism caused by government breakdowns.
I know this, based on seven years with the Federal Aviation Administration's (FAA) Red Team, which conducted undercover tests on airport security through simulated terrorist attacks. Although we breached security with ridiculous ease up to 90% of the time, the FAA suppressed these warnings. Instead we were ordered not to write up our findings (in some cases) and not to retest airports where we found particularly egregious vulnerabilities to see if the problems had been fixed. Finally, the agency started providing advance notification of when we would be conducting our "undercover" tests and what we would be checking.
As background, after the bombing of Pan Am 103 a 1990 Presidential Commission directed the FAA to develop "measures to improve testing of security systems". This was the birth of the Red Team. The Red Team, by definition, is an adversary team designed to replicate tactics that terrorists might use against us.
With the crash of TWA 800 off New York City, the FAA Reauthorization Act of 1996 (P.L. 104-264) further reinforced this concept of a Red Team by stating in part, "…the Administrator [of FAA] shall conduct periodic and unannounced inspections of security systems of airports and air carriers to determine the effectiveness and vulnerabilities of such systems…".
Furthermore, the White House Commission in 1997 stated in part, "…Red Team type testing should also be increased by the FAA, and incorporated as a regular part of airport security action plans. Frequent, sophisticated attempts by these Red Teams to find ways to dodge security measures are an important part of finding weaknesses in the system and anticipating what sophisticated adversaries of our nation might attempt…."
As a former Team Leader of the Red Team it was my sole job to execute this mandate. Some of my colleagues and I, using Red Team type tactics, did find major vulnerabilities in aviation security. We reported these through our chain of command. The managers in FAA (including the highest offices in FAA) deliberately choose to ignore our warnings. This is particularly grievous in light of the ever-growing terrorist threat of which they were also aware. For example, FAA issued 15 terrorism warnings to the air carriers in the year prior to 9-11. On April 6, 2000 the Associate Administrator of FAA for Security stated in open testimony before the Committee on Commerce, Science and Transportation Subcommittee on Aviation Security, "…[M]oreover, members of foreign terrorist groups and representatives from state sponsors of terrorism are present in the United States. There is evidence that a few foreign terrorist groups have well-established capability and infrastructures here…."
Then the terrorists attacked on September 11, 2001, killing nearly 3,000 people. Immediately afterwards, numerous government officials from FAA as well as other government agencies made defensive statements such as, "How could we have known this was going to happen?" The truth is, they did know. What happened on 9-11 was not a failure in the system, it was a system designed for failure. FAA very conscientiously and deliberately orchestrated a dangerous façade of security, ignoring the laws cited above. They knew how vulnerable aviation security was. They knew the terrorist threat was rising, but gambled nothing would happen if we kept the vulnerability secret and didn't disrupt the airline industry. Our country lost that bet.
There are serious indications that the FAA deceived the public about what happened on 9-11. On the afternoon of September 11, 2001, I was working in one of the FAA operations centers collecting information on details of what happened during the hijacking. We received information that a firearm was used on one of the hijacked aircraft. At the time I gave it little thought. If you are going to hijack an aircraft why not bring a firearm? I knew from working in the Red Team how easy it is to do. Several years earlier the FAA had canceled testing with firearms, after a national Red Team study found over two thirds made it past security.
That evening the Administrator of FAA requested an Executive Summary covering the day's activities, and this information about a gun was included in the Summary. Day's later, without any explanation or questioning of the Summary's author, the Administrator publicly announced that no guns had been used in the hijacking. Several months passed when the press re-surfaced this issue. FAA's initial response was that no so such Executive Summary existed. Later, when confronted with the document, FAA admitted the Executive Summary existed, but denied its accuracy. Sometime later I learned that another operations center also received a report that a firearm was used. They conducted a cursory investigation but did not talk to all the pertinent witnesses. There were also reports of a possible explosive threatened on a flight. I hope this Commission investigates and credibly determines whether the public was deceived, and if so, why.
In my case, about a month after 9-11, I filed a Whistleblower Disclosure against FAA with the United States Office of Special Counsel (OSC). Last year the Special Counsel found a substantial likelihood I was right, and ordered Secretary Mineta to investigate. OSC flunked the agency's first draft report, which I had attacked as a cover-up. This past March, the OSC accepted a second report from the Transportation Security Administration (TSA), which concluded that, "…the Red Team was grossly mismanaged and that the result was the creation of substantial and specific danger to public safety…" in connection with 9-11. The Special Counsel still flunked the report as failing to meet legal requirements, however, because it failed to address accountability for confirmed wrongdoers.
At the time of the September 11, 2001 attacks I was a 14 year veteran of the Security Division of the FAA. I started off as field agent and Federal Air Marshal based in a major metropolitan area, then served as a Team Leader in the Air Marshal program, and since 1995 I had served as a Team Leader in the Red Team. We were extraordinarily successful in destroying U.S. Flag commercial aircraft and killing large numbers of innocent people in these simulated attacks. This occurred with such regularity and ease as to present a frightening picture of the sorry state of aviation security on a worldwide basis, including our domestic airports. This was all prior to 9-11. Immediately after our Red Team warnings were vindicated, however, we were grounded. Later, I was removed from my position as a Red Team Leader with no explanation and placed in a career limbo.
What was of even more concern to me was that the individuals who occupied the highest seats of authority in FAA were fully aware of this highly vulnerable state of aviation security and did nothing. My immediate boss reported directly to the Associate Administrator for Aviation Security; and he reported directly to the Administrator of FAA. In 1998, I sent a memo through my chain of command to the Administrator of FAA attempting to have these issues addressed. The Administrator didn't even have the courtesy to acknowledge receipt. The Secretary of Transportation did respond to my letter but there was no follow-up.
Coupled with this; virtually every expert on terrorism for several years prior to 9-11 had been screaming about the ever growing threat to the United States by a new breed of terrorists willing to inflict mass casualties on civilians. The first major wake-up call occurred in 1994, when terrorists planned on blowing up a dozen US commercial aircraft over the Pacific Ocean. This was thwarted by an accidental fire in the apartment where the bombs were being constructed. The second major wake-up call occurred in 1995 when terrorists planned on crashing an airliner into the Eiffel Tower in Paris. Only quick and decisive action by French commandos prevented this disaster. There were also additional indicators.
The specific issues I outlined in my Whistleblower Disclosure included the following:
- In 1996 I worked on a 6-month project in which we injected simulated bombs through the checked baggage system at a major European airport. We were successful in getting 31 out of 31 of these simulated explosives on US commercial aircraft. No action was taken to remedy this security problem and we have never been back to this airport to re-test security. In fact our results were so deplorable that FAA prevented us from testing in this manner at any foreign airport ever again.
- In year 2000-01, in other testing conducted at a different major European airport the Red Team obtained equally abysmal results, even though this airport had the latest bomb detection equipment. FAA Security management was equally remiss in not correcting these problems.
- In 1998, I was the team leader testing the access control system at a major domestic airport. We were successful in breaching their multi-million dollar computer controlled access system approximately 85% of the time. No action was taken to remedy this security problem and we have never been back to this airport (or any airport) to re-test access control security.
- In 1998, the Red Team completed extensive testing of screening checkpoints at a number of domestic airports. Basically our test results were the inverse of the results FAA field offices achieved (i.e.: where a field office reported an airport having a 90% success rate in detecting FAA test objects; we would report a success rate of about 10%. In one case we even had documented an airport detection rate of about 3%).
- In the 1997-8 time frame, I was the team leader for some testing at another major domestic international airport. Purely by accident we conducted testing at an extremely busy time when cruise ships were loading and unloading passengers at the same time. The airport was extremely overcrowded with people. Security simply broke down in these conditions. After failing all of our tests and reporting this fact through my chain of command, I reported this abhorrent state of security to my immediate manager. He ordered me not to make a written report on this, and to stop all further testing at this airport.
- Since 1998, almost all of our domestic work had been limited to testing the CTX explosives detection machines. By August of 1999, our test results were so poor that my boss ordered us to no longer do surreptitious (i.e.: unannounced) testing. Instead, we were ordered to notify the appropriate FAA field office a couple of days before we were to commence our "secret" testing. My first 2 missions after receiving these instructions resulted in both of these airports achieving a 100% success rate regarding our testing. I stopped notifying the field after that, and the results returned to their normal low success rates.
There were also other major problem areas we identified in areas such as cargo security, Threat Image Projection (TIP), and the Computer Assisted Passenger Pre-Screening System (CAPPS). Apparently about half the hijackers on 9-11 were identified by CAPPS, but so what?
The bottom line of FAA's response to its Red Team findings is that the Red Team was gradually working its way out of a job. The more serious the problems in aviation security we identified, the more FAA tied our hands behind our backs and restricted our activities. All we were doing in their eyes was identifying and "causing" problems that they preferred not to know about.
Further details regarding my Whistleblower Disclosures are contained in my over 500 pages of documentation submitted to the OSC. I should also point out that I have not been the only person engaged in this Whistleblower process. A number of other former FAA and/or current Transportation Security Agency (TSA) employees from around the country also contributed statements and documentation supporting my allegations. Also, a couple of recently retired employees provided documentation. One of these (Brian Sullivan) provided a letter (among other items) written by an FAA Security Special Agent on May 18, 1999 to the Department of Transportation's Office of Inspector General (OIG) in which the agent stated, in part, "…as a result of this situation, Logan International Airport is in a critical state of non-compliance with Federal Aviation Security Regulations..." As you may recall, two of the aircraft that were hijacked on 9-11 left from this same airport. The IG took no credible action to
investigate or correct these identified problems prior to 9-11, and they certainly took no action after 9-11.
Their statements are available in a public file at OSC, or through my attorneys at the Government Accountability Project (GAP). Their statements only are on the public record, because GAP did its own investigation with the witnesses and evidence the OIG ignored. While the OSC agreed with my general assessment that FAA Security was grossly mismanaged and operated in a manner that threatened public safety, there are additional items that need to be addressed. While the OSC agreed the new TSA's promises of reform "appear reasonable," that is not reassuring to me. Based on years of effort, I know the government's airport security bureaucracy is a master both of maintaining appearances, and of passive resistance to genuine reforms. Every one of the whistleblowers interviewed by GAP warned that the airports are not safer now than before 9-11. The main difference is that life is now more miserable for passengers.
After about two years working in the Red Team I became extremely concerned about this impending aviation security disaster and tried working through normal channels to have these issues addressed by FAA management. This proved to be a wasted effort, as with my 1998 letter to the FAA Administrator.
I then joined up with some other individuals from around the country, and we started working together on this problem. Steve Elson (a former Red Team member, now retired) and I went to the Department of Transportation's OIG. This too proved to be a wasted effort. A senior official in the Inspector Generals Office actually explained to us that because of the political situation between the FAA and the IG's office, the IG couldn't take any action against FAA. The same person later told me that unless I gave him "…a dead body and a smoking gun, he can't do anything against FAA." Well, we now have nearly 3,000 dead bodies, a smoking cannon, and the IG still refuses to take action against FAA.
We then went to the General Accounting Office (GAO) and expressed our concerns to them. The GAO people we spoke to were extremely concerned about our revelations, but explained they have no authority to actually do anything. They get their marching orders directly from Congress. I learned later that the GAO has a long history of reports that documented the same sorry state of aviation security that we found on the Red Team.
We then visited a number of the offices of Senators and Representatives who were on the Transportation subcommittees that were supposed to oversee FAA Security, and provided them the same documentation about this dangerous state of aviation security. They too did nothing.
And so 9-11 happened. About a month later I filed my whistleblowing disclosure with OSC, which directed Secretary Mineta to report back on my charges. Mineta, in turn, ordered the IG to investigate my allegations. Over a year later the OSC announced the results of the investigation conducted by the IG. Keep in mind that this is the same IG's office that I had previously contacted prior to September 11, 2001.
The gist of the IG's investigation indicated agreement with my general allegations but "…did not disclose any evidence…" that supported any of my specific charges. If this had been a [simple] murder investigation, their report would read something like: Our investigation reveals that the victim was murdered, but we found no evidence that anyone actually committed the murder.
The reason that the IG didn't "disclose" any evidence that supported my specific allegations is not because they didn't have easy access to it. GAP's parallel investigation proved that. OIG simply didn't include in their investigative report any documentation that I provided to them. They also seized all the Red Team files, which contained much of the specific evidence for my charges. But they didn't mention the evidence, or explain what they did with it. They didn't include any derogatory statements that my witnesses provided. In fact; the IG didn't even interview many of my witnesses. In essence the OIG falsified the report on my whistleblowing disclosure. But there was still so much overwhelming evidence of FAA's dangerous culture of mismanagement that the IG had to admit enough shortcomings that the OSC supported my general allegation: FAA executed its Civil Aviation Security mission in a manner that, "…was a substantial and specific threat to public safety…"
So what happened after 9-11? Every government official with anything to say about it stated that 9-11 was due to intelligence failures. So instead of disemboweling the CIA and FBI, Congress disemboweled FAA Security and formed the Transportation Security Agency with billions of dollars of taxpayer's money. To do what, to fix a civil aviation security system that "wasn't" responsible for the government failures on 9-11 in the first place?
But what has TSA done? For one thing, not one person has been disciplined for mismanaging an agency that operated in a manner that was "a substantial and specific danger to public safety," contributing directly to the nearly 3,000 deaths on 9-11 as well as turning this county upside down. The OSC formally has agreed this is unacceptable. As a matter of fact, many of these same managers have been promoted within TSA and are key players in how TSA executes its missions. Those managers that didn't transfer to TSA are still with FAA, and are managing the FAA internal investigations/security mission and its hazardous materials mission in precisely the same way as it mismanaged its previous aviation security mission.
TSA on the other hand has a lot to answer for regarding the misuse of hundreds of millions of dollars of taxpayer's money, as well as very serious indicators that civil aviation security is little better now than it was before 9-11. In fact, I hate to see it; but TSA is showing some of the very same symptoms that FAA did prior to 9-11, that the façade is more important than the reality. This is something that terrorists can (and probably will) easily exploit.
In fact, the final report into my charges is illegally being kept secret, off the public record. The law only permits publicly withholding classified information from reports into whistleblower charges. There was no classified information in the IG report, but FAA refused to let the Special Counsel have it without a promise to maintain secrecy because the report has "sensitive but unclassified" information. This is a new concept, which allows information to have the secrecy status of being classified without any of the corresponding procedural checks and balances. This free ride is used for information whose contents don't justify being marked as classified. It is ironic that a report confirming public safety threats from abuses of secrecy is being kept secret. That is another reason I am not confident things are getting safer.
As for my own situation, in a formal letter to the OSC, the current head of TSA has reported that I am and have been gainfully and productively employed by TSA and that I am fully contributing my talents to the TSA mission. During most of 2002, my primary job was punching holes in paper and putting orientation binders together (and other menial work) for the hundreds of newly hired TSA employees. My current job is even further removed from keeping bombs, weapons, and terrorists off planes.
In addition to how I've been treated; a number of current and former FAA employees contributed to my rebuttal to the IG investigation with a total of over 500 pages of documentation. One made the mistake of not requesting anonymity; and she (Carrie Hancasky) has been treated in a similar fashion as me. Ms. Hancasky has a flawless work record, high integrity, and is being punished just for doing her job (i.e.: honestly answering questions in a formal investigation). This was for just being a witness. Intimidation of a witness is the most repulsive thing I have seen these bureaucrats do, and is but one of the warning signs that little of substance has changed in our government since 9-11.
The bottom line is that if massive improvements are not made in the way the new Homeland Security Agency treats its employees, we are all going to be in a lot of danger -- not only from potential terrorists, but as federal employees from our own government. The next major terrorist attack can be thwarted, if there are highly motivated, appropriately trained individuals who are encouraged to use initiative and brains. It is counterproductive to beat employees down until they are afraid to raise serious issues about loopholes in our last line of defense. Unfortunately, we are tending toward the latter type of environment.
In fact, secrecy enforced by repression is being institutionalized through another new concept of unclassified secrecy called "Critical Infrastructure Information (CII), which can be virtually anything provided by industry to the Department to assist in the "War on Terrorism." If an employee blows the whistle with this unclassified CII evidence, it is a criminal act subject to immediate termination from the government, and up to a year in jail. This new CII form of secrecy was passed as part of the Homeland Security Act. If it had been law when I blew the whistle, I could have been fired and be sitting in jail, instead of being vindicated and testifying today.
Lack of personal accountability for ALL levels of government service; repression of government professionals exercising the freedom to warn of security breakdowns caused by mismanagement; and abuses of secrecy as an excuse to cover up the government's own misconduct are three strikes against public safety. If those patterns persist, we are doomed to suffer more and more 9-11 tragedies. It is only a matter of time.