-
https://911digitalarchive.org/files/original/5f2632a01d18e904772878d3e9d9ce25.PDF
d5dfef6a2c03666acdadcc7f9919f05c
PDF Text
Text
March 18, 2003
The President
The White House
Washington, DC 20500
Re:
OSC File No. DI-02-0207
Dear Mr. President:
In accordance with 5 U.S.C. § 1213(e)(3), I am transmitting a report provided to me
pursuant to 5 U.S.C. § 1213(c) and (g)(2) by the Honorable Norman Y. Mineta, Secretary of
Transportation. The report sets forth the findings and conclusions of the Secretary upon
investigation of disclosures of information by Bogdan Dzakovic, who was formerly employed
as a Special Agent on the Federal Aviation Administration's (FAA) "Red Team."
Mr. Dzakovic alleged that officials within FAA's Civil Aviation Security (CAS) Division in
Washington, D.C. deliberately covered up or suppressed Red Team findings that reflected
negatively on the airline industry.
After determining, pursuant to 5 U.S.C. § 1213(6), that the information Mr. Dzakovic
provided established a substantial likelihood of an abuse of authority and a substantial and
specific danger to public safety, I referred his allegations to the Secretary of Transportation for
investigation pursuant to 5 U.S.C. § 1213(c), on February 5, 2002. Thereafter, the Secretary
delegated his authority to conduct an investigation and to review and sign the agency report to
the Honorable Kenneth M. Mead, Inspector General, Department of Transportation (DOD.
The DOT's Office of Inspector General (OIG) conducted an investigation of
Mr. Dzakovic's disclosures. Inspector General Mead sent a report to this office on August 16,
2002. As described in greater detail below, the OIG's Report substantiates the crux of
Mr. Dzakovic's disclosure: that the FAA's Red Team program was grossly mismanaged, and
that the result was the creation of a substantial and specific danger to public safety. The OIG
Report did not, however, find that CAS management deliberately covered up or suppressed
Red Team findings.
OSC forwarded the OIG's Report to Mr. Dzakovic for comments on August 28, 2002.
We received comments from Mr. Dzakovic on November 5, 2002, and from his attorney on
December 4, 2002. Thereafter, on the basis of the comments, we asked Inspector General
Mead to clarify some of the findings in the OIG Report to which Mr. Dzakovic took exception.
�The President
Page 2
In addition, in a letter dated January 30, 2003, - I requested that Secretary Mineta
provide specific information about the actions the new Transportation Security Administration
(TSA) had taken or was committing to take in response to the OIG's findings. See 5 U.S.C.
§1213(d) (5) (specifying that the agency report must include a description of corrective actions
to be taken or planned as a result of the investigation). I also asked Secretary Mineta to
provide further information regarding Mr. Dzakovic's employment situation because Mr.
Dzakovic had advised OSC that he had not been given meaningful duties since he made the
disclosures that were the subject of the OIG Report. Finally, I asked Secretary Mineta to
provide a description of the action that had been taken to hold appropriate individuals
accountable for the acts of mismanagement identified in the OIG Report. See 5 U.S.C.
§1213(d) (5) (A) (agency report should include description of any disciplinary action taken as a
result of the investigation).
By letter of February 24, 2003, Admiral James M. Loy, the Under Secretary of
Transportation for Security, responded on behalf of Secretary Mineta. We provided
Mr. Dzakovic an opportunity to review Admiral Loy's letter and to comment on its contents.
We have carefully examined the original disclosures and reviewed the agency's
response and Mr. Dzakovic's comments. Pursuant to 5 U.S.C. § 1213(e)(2), I have
determined 'that: 1) the OIG's investigation and the findings in the OIG's Report appear
reasonable; 2) the information supplied in TSA's letter fulfills the statutory requirement that
the agency identify the corrective actions it intends or plans to take in response to the findings
in the OIG Report; 3) the agency -response to our inquiry regarding accountability does not
appear reasonable because it does not identify the individuals responsible for the management
failures identified in the DIG Report, nor does it explain what measures have been taken to
hold them accountable; and 4) OSC will resolve the issue of whether Mr. Dzakovic has
suffered retaliation for his disclosures through the investigation of his pending prohibited
personnel practice complaint with this office.
In accordance with 5 D.S.C. §1213(e)(3), I am transmitting for your consideration,
copies of the OIG Report, the letter from Admiral Loy, and Mr. Dzakovic's comments.
I.
A.
The Whistleblower's Disclosures
Background: The Red Team
Mr. Dzakovic began working for the FAA in 1987 as a Federal Air Marshal. In 1995,
he became a special agent on the FAA's Special Assessments Team, commonly known as the
"Red Team." The Red Team was disbanded after the events of September 11, 2001. when
DDT's aviation security program was restructured and overhauled, and the TSA created.
�The President
Page 3
According to the Red Team's charter document, entitled "Concept of Operations," the
FAA established the Red Team in 1990 to fulfill commitments that former FAA Administrator
Admiral James B. Busey made in testimony before the President's Commission on Aviation
Security and Terrorism, the House Foreign Affairs Committee, and the House Government
Operations Subcommittee. Those commitments to improve airline security were made in the
aftermath of the 1988 bombing of Pan Am Flight 103. The "Concept of Operations"
document states that the purpose of the Program was to "assess that aviation security
requirements are applied and effective under actual operating conditions."
The Red Team was comprised of a small, elite team of security agents who traveled to
major airports throughout the country and abroad to conduct airport security testing -- chiefly,
covert penetration testing. The core purpose of the Red Team's testing was to provide the
FAA with realistic data on the state of aviation security. According to the OIG Report, the
Red Team (which consisted of approximately 4-8 personnel at any given time), operated as
part of a larger special assessment staff, whose responsibilities included using the Red Team's
findings to develop enhanced security measures and formulate long-range strategic policy.
Before the passage of the Aviation and Transportation Security Act of 2001, air carriers
were accountable to the FAA for compliance with FAA security regulations by air carrier
employees and their contract security screeners. The FAA's day-to-day regulatory oversight
of airport security was provided by CAS Field Offices (CASFOs) nationwide, and CAS
Liaison Offices (CASLOs) internationally.
The Red Team's covert testing was separate and apart from the testing conducted by the
CASFOs and CASLOs. The latter testing was subject to standardized FAA protocols that the
agency established in the context of its civil enforcement program. According to the DIG
Report, those protocols were established with an eye toward "fairness" to the airline industry.
When tests were conducted by local FAA staff as part of the civil enforcement system,
simulated explosive devices would be placed in uncluttered bags, in a way that would be
readily visible to X-ray machine operators. The Red Team, on the other hand, would disguise
such devices within cluttered bags, to simulate what a real terrorist might do. It used "out of
the box" testing techniques.
B.
Mr. Dzakovic's Allegations
In his disclosures to OSC, Mr. Dzakovic alleged that the Red Team's test results often
differed dramatically from the results generated by other FAA security teams, and showed the
state of airport security to be in far worse condition. The crux of Mr. Dzakovic's disclosures
was that FAA management deliberately suppressed negative Red Team findings or otherwise
manipulated tests and data in order to protect the airline industry. He cited several incidents in
support of this overall characterization of FAA management's actions.
�The President
Page 4
First, Mr. Dzakovic alleged that Admiral Cathal Flynn, former Associate Administrator
for CAS, and Leo Boivin, former Manager of the Red Team, instructed Red Team agents to
forgo returning to airports that yielded especially poor testing results. For example,
Mr. Dzakovic cited an incident that occurred in 1998 at the Luis Munoz Mann International
Airport in San Juan, Puerto Rico (San Juan Airport), discussed in greater detail below.
Mr. Dzakovic also alleged that in August 1999, Mr. Boivin ordered members of the
Red Team to start providing advance notice to local FAA field offices before visiting airports
for security testing, in violation of the Red Team's usual protocol. Mr. Dzakovic expressed
the belief that Mr. Boivin intended to manipulate the Red Team's results in order to protect the
airline industry.
In addition, Mr. Dzakovic alleged that Tony Fainberg, then-Manager of the FAA CAS
Office of Policy and Planning, abused his authority by instructing Mr. Dzakovic to exclude
data from a study he conducted on the reliability of the Threat Image Projection (TIP) software
program. TIP is an FAA-designed computer program that superimposes computerized images
of weapons onto X-ray machines that screen carry-on luggage. It is used to train and test
baggage screeners and to keep them alert while on the job_ Mr_ Dzakovic stated that during a
November 1998 and January 1999 study, he was directed to exclude certain data in order to
make TIP seem more effective than it actually was.
II.
The Office of Inspector General's Findings
Mr. Dzakovic's allegations were investigated by the DOT 01G. The OIG interviewed
Mr. Dzakovic, other current and former FAA employees, and employees of the newly formed
TSA. They also reviewed the Red Team's mission files, documents provided by Mr.
Dzakovic, and other pertinent documentation.
A.
Gross Mismanagement of the Red Team Program
The OIG Report substantiated Mr. Dzakovic's allegation that the FAA grossly
mismanaged the Red Team Program and failed to employ its findings to improve airport
security. As Mr. Dzakovic alleged, the OIG found that the Red Team consistently found and
reported -- throughout its existence -- high rates of test failure, reflecting often stark localized
and systemic security vulnerabilities." Notwithstanding these findings, the security
vulnerabilities continued, even after September 11, 2001, when the Red Team stood down and
the OIG began to conduct undercover testing at the President's request. The OIG itself noted
"an alarmingly high incidence of testing failures" during this interim period while TSA
developed its own covert testing program. The OIG found that, even though the Red Team
consistently reported serious security problems to CAS headquarters, its testing "generally did
not have the desired effect of creating sustained improved performance by airport screening
companies."
�The President
Page 5
The OIG Report identified a series of significant "programmatic weaknesses" that led
to this result. The "programmatic weaknesses" ranged from a failure to implement standard
operating procedures for conducting testing to a failure to establish procedures to ensure that
negative test findings were effectively addressed and corrected.
First, the Report notes that the Red Team lacked standard operating procedures that
clearly governed the conduct of its operations. The only document the OIG found that
described the mission, operation, and activities of the Red Team was drafted by Mr. Boivin in
1994 and entitled "Concept of Operations." As the OIG Report explains, this document failed
to describe, with any degree of specificity, key aspects of Red Team operations -- such as the
types of tests to be conducted, the criteria to be used for the selection of testing locations, or
the content of Red Team reports.
Further, the Red Team did not have standard operating procedures that governed the
use of its reports to improve airport security. Moreover, CAS management apparently did not
consider "follow-up testing" to be part of the Red Team's mission. Instead, follow-up on Red
Team test results (including additional testing) was considered to be the responsibility of other
elements within CAS: specifically, the CASFOs and the CASLOs. CAS did not, however,
implement an effective system for ensuring that the Red Team's findings were acted upon by
these offices or that corrective actions taken had their intended results.
On the contrary, the OIG found that the coordination between Red Team management
and other elements in Civil Aviation Security that were responsible for following up on Red
Team findings was inadequate. For example, CAS headquarters received the Red Team's
written reports, but did not track the resolution of deficiencies identified through Red Team
testing at the local level. In fact, CAS headquarters issued letters of correction to air carriers
that were based on Red Team findings, but did not routinely share those letters with the Red
Team or with the CASFOs and CASLOs, which were supposedly responsible for follow-up.
This failure to integrate the Red Team's findings with oversight at the local level
undermined airport security. As the OIG explained, "receipt of these documents by the
CASFOs and CASLOs -- charged with responsibility for providing direct, day-to-day security
oversight -- would have enhanced their ability to provide effective follow-up." Further,
"coordination and tracking of the resolution of deficiencies identified through Red Team
testing, by CAS headquarters, would have led to consistently improved performance by the
screening companies." Thus, while "FAA did take some follow-on actions, namely letters of
correction to air carriers and fines, these follow-on actions were not readily visible and, given
the consistently poor results of testing over time, the intended outcome of sustained
improvement in airport security was not apparent."
�The President
Page 6
In sum, as the OIG noted, a "robust covert testing program such as the Red Team is
essential for effective oversight of airport security." The OIG Report describes a poorly
managed and ineffective covert testing program. Accordingly, the DIG has substantiated
Mr. Dzakovic's contention that the Red Team program was grossly mismanaged and that the
result was a serious compromise of public safety.
B.
Failure of Red Team to Conduct Follow-Up Testing
As noted above, Mr. Dzakovic alleged that Admiral Flynn and Mr. Boivin instructed
Red Team agents to refrain from conducting follow-up testing at airports that yielded poor test
results.
The OIG did not substantiate this allegation. As described above, the OIG concluded
that "follow-up testing was not one of the Red Team's prescribed roles."' Similarly, the Red
Team had no standard operating procedures governing how airports would be selected for
testing. Thus, as with the suppression allegation, the report suggests that the failure of the Red
Team to conduct follow-up tests is a reflection of poor management decisions and the overall
mismanagement of the program, rather than a deliberate effort to cover up security problems. ?
1.
In his comments on the OIG Report, Mr. Dzakovic suggested that the OIG had
overlooked evidence that would support his allegation that CAS management deliberately
decided not to do any further testing when test results were so poor. For example,
Mr. Dzakovic observed that the Red Team never again did nationwide checkpoint testing after
its extensive testing of screening checkpoints domestically in 1997 and 1998 garnered what he
characterizes as "abysmal results."
The OIG stated that this finding was based on the testimony of Admiral Flynn and
Mr. Boivin, and is supported by information contained in the Red Team's "Concept of
Operations" document.
The OIG Report noted that the Red Team had, on occasion," returned to the same airports
to perform additional tests. Mr. Dzakovic has observed that when the Red Team went back to
airports it had visited in the past, it did so to conduct different types of tests and not to see if
any improvements had been made in systems previously found deficient. When we questioned
the OIG about this point, the OIG advised us that it found evidence in one case (a handwritten
note in a mission folder) that a return trip was scheduled specifically for follow up purposes.
Because of its conclusion that follow-up testing was not part of the Red Team's mission, the
OIG did not otherwise inquire into whether the tests conducted on its occasional return trips
were for new inspection items or to follow up on previously failed checks.
2
�The President
Page 7
We asked the OIG to address Mr. Dzakovic's Contention on this point. The OIG
advised us that the aggressive testing of screening checkpoints in 1997 and 1998 to which Mr.
Dzakovic referred was "special emphasis testing." It was specifically requested by CAS
Operations to help determine the validity of CASFO testing results. The OIG advised us that,
although the Red Team did not do a similar nation-wide test again, it continued throughout its
existence to test for compliance with the "Air Carrier Standard Security Program," which
included checkpoint testing (X-ray, metal detector, and hand wanding).
2.
As further evidence of the deliberate cover-up of negative results, Mr. Dzakovic
noted that there was no FAA follow up when there was a 100% failure rate for the checked
baggage X-ray screening system testing the Red Team conducted in Frankfurt, Germany, in
1996. This testing mission was described in a May 21, 1996, letter from Admiral Flynn to
German authorities. According to the letter, the Red Team originally intended to conduct 60
assessments of the checked baggage X-ray screening system. There were no detections of the
simulated explosive device in the test suitcases for the first 13 assessments. Testing was
suspended to give the U.S. carriers a chance to improve their performance. A few months
later, testing resumed and there was a failure to detect in another 18 test suitcases.
Accordingly, Mr. Flynn advised that he had decided to conclude the testing project
.
We asked the OIG to clarify the follow up actions FAA took in response to the
Frankfurt test results. The OIG advised us that CAS had expected that the results of the Red
Team testing at Frankfurt would be poor. At the time, the OIG stated, X-ray machines
produced poor quality black and white images, that made it difficult for screeners to distinguish
the items in a cluttered suitcase. In fact, the OIG explained, CAS had directed the Red Team
to conduct the testing in Frankfurt for the specific purpose of obtaining data that could be used
to demonstrate to Congress that funding was needed for the development and deployment of
advanced EDS (Explosives Detection System). The OIG advised us that this system is
presently deployed.'
The OIG also provided further information relevant to its finding that, in fact, follow
on actions had been initiated in Frankfurt, Germany, although, "as in other instances, it was
not communicated to Red Team members." It advised us that, following the Frankfurt tests,
Robert Blunk, the then-CAS Regional Division Manager for Europe, Africa, and the Middle
East, along with his inspectors, conducted training of the air carriers' screeners using the stillimage X-ray photographs of all of the threat bags that had contained inert explosive devices.
In addition, the OIG informed us, Mr. Blunk held meetings with the then most senior official
in the German Ministry of Transportation. These meetings were held to emphasize the need
In his comments, Mr. Dzakovic attributed the poor test results to inattentive operators,
rather than inadequate technology. He also was critical of the more advanced technology as
expensive and ineffective.
3
�The President
Page 8
for a "multi-layer approach" to security—i.e. one that relies on many, rather than a single,
means of security testing.
According to the OIG, when presented with the 1996 test results, Germany agreed to
develop and implement a multi-layer approach. The OIG also advised that Germany is reputed
to presently have a highly refined security system.
Finally, we also asked the OIG for further information concerning
3.
Mr. Dzakovic's allegation that, over time, the range of tests that the Red Team was
performing became progressively narrower until the Team eventually was only performing
CTX Explosives Detection System (CTX) testing. Mr. Dzakovic had advised us that an
examination of the Red Team's "statistical binder" would demonstrate a pattern of abandoning
particular kinds of tests when failure rates were high.
At our request, the OIG examined and analyzed the statistical binder. The OIG advised
us that the Red Team conducted four primary types of testing during its existence: positive
passenger baggage match (PPBM)(a test to ensure that an airline notes a passenger's failure to
board an aircraft, and removes his or her luggage); testing to identify opaque objects in
checked bags; the Air Carrier Standard Security Program, which includes checkpoint X-ray,
metal detector, and handwandings); and CTX testing. It also found that the Red Team was
often asked to conduct "special emphasis testing." This special emphasis testing included
"conventional-new system comparison testing" in 1992, 1996, and 1997; "limited access
control testing" in 1999, 1995 and 1997; the TIP study and checkpoint verification testing in
1998; and evaluation of K-9 explosive detection dogs in 2000.
The OIG advised us that more aggressive penetration-type testing by the Red Team was
needed. It did not, however, find any pattern showing that a particular type of testing was
discontinued after it consistently produced poor results. Rather, the OIG stated, the Red Team
continued to conduct all forms of testing throughout its existence, despite consistent reports of
problems noted and high failure rates.
In short, the review of the statistical binder provides support for Mr. Dzakovic's
allegation (and the OIG's finding) that CAS management failed to use the Red Team's test
results to improve aviation security; it does not appear to support Mr. Dzakovic's allegation
that CAS management abandoned particular forms of testing deliberately in response to poor
results.
C.
Advance Notification of Red Team Visits
In support of his allegation of a deliberate cover-up or suppression of poor test results,
Mr. Dzakovic alleged that, in August 1999, Mr. Boivin instructed the Red Team to notify
�The President
Page 9
FAA Federal Security Managers (FSMs) 5 in advance Of security testing. The OIG investigated
this allegation. It confirmed that Mr. Boivin had issued such an instruction in connection with
Red Team testing of CTX machines.
When questioned about the pre-notification policy, Mr. Boivin asserted that he
instituted the practice as a cost-saving measure because, when Red Team agents arrived at
airports unannounced, they often found that CTX machines were out of service awaiting
maintenance or were shut down in the absence of a trained operator. He explained that prenotification consisted of contacting a Federal Security Manager to inquire whether the airport
had an operational CTX machine and, if so, whether a trained operator was available.' Mr.
Boivin advised that the Federal Security Manager was not given an exact date or time of the
testing. He maintained that the Red Team did not provide advance notice for any form of
testing other than the testing of CTX machines. The OIG Report states that several Red Team
members corroborated the information provided by Mr. Boivin.
The OIG analyzed the testing data to determine whether the pre-notification policy for
CTX testing resulted in the skewing of test results. According to the report, there was no
appreciable difference in Red Team testing results after, as compared to before, the prenotification policy was instituted in August 1999. In fact, the OIG concluded that the overall
test failure rate actually increased slightly after the advanced notification policy was announced
by Mr. Boivin.
In his comments on the OIG Report, Mr. Dzakovic expressed skepticism over the
legitimacy and sufficiency of the rationale Mr. Boivin provided to the OIG for the advanced
notice of CTX testing. He stated that he did not recall the Red Team encountering a problem
with inoperable CTX machines before the pre-notification policy was instituted. Further, he
observed that when a CTX machine was inoperable, the air carrier was required to have a
manual back-up system in place for screening selected luggage. Therefore, according to
Mr. Dzakovic, even if the Red Team had on occasion encountered inoperable CTX machines
The OIG Report advises that Federal Security Managers were "CAS specialists assigned as
on-site liaisons to large airports and resident air carriers for the purpose of monitoring and
coordinating security activities, as well as assisting in the development and implementation of
comprehensive security plans."
The OIG Report explains that the use of CTX machines by air carriers was voluntary until
1997, and between 1997 and September 2001, "CTX usage was required for passenger
baggage selected for additional screening by the Computer-Assisted Passenger Pre-screening
System, and then only if there was a machine available, a qualified operator, and the machine
was functional."
�The President
Page 10
during testing trips, they were still faced with the equally important task of testing the air
carrier's manual back-up screening system!
We requested additional information from the OIG regarding the plausibility of
Mr. Boivin's explanation for the pre-notification policy. The OIG stated that they found
Mr. Boivin's explanation plausible in light of their own experience with earlier-generation
CTX machines, which they found unreliable. They advised that they had often encountered
inoperable CTX machines in the course of performing their own security testing. They did not
inquire further into Mr. Boivin's asserted justification because of this experience, because of
their analysis of the test results, and because the FSMs were FAA employees who were not
responsible for air carrier CTX performance.
The OIG also responded to Mr. Dzakovic's observation that the Red Team could have
tested back-up systems even if the CTX machines were not operable. The OIG advised us
that, at the time, there were no back-up systems for CTX machines. It also explained that
testing back-up systems generally was not considered an option on these missions; rather, the
Red Team was specifically tasked with collecting test results from operable CTX machines. In
retrospect, the OIG acknowledged, had the Red Team operations been better managed, its
mission plans could have been written to cover such contingencies."
Mr. Dzakovic also maintained that Mr. Boivin's pre-notification policy was inconsistent
with the fundamental mission and purpose of the Red Team. He explained that the Red Team
was primarily established for the purpose of conducting "realistic" airport security testing, a
necessary component of which is the absence of advanced notification. In support, he cited the
Red Team's 1994 "Concept of Operations" document, which expressly provides that Red
Team testing should be unannounced.
Mr. Dzakovic also maintained that Mr. Boivin's pre-notification instructions were not
limited to CTX testing, as found by the OIG, but extended to other forms of testing as well.
He advised us that he could provide a witness to substantiate this allegation. The witness
initially agreed to be interviewed by the OIG, albeit on an anonymous basis, over the phone.
Ultimately, however, the witness declined to submit to such an interview, asserting that he/she
feared retaliation.
' When OSC inquired further, Mr. Dzakovic advised that the Red Team's Operation Plans for
these testing missions did not provide for testing back-up systems because the Red Team was
unable to anticipate when a CTX machine would be inoperable. Therefore, only the test
results from operating CTX machines could be officially reported; when back-up systems were
tested-- which only occurred incidentally, due to an inoperable CTX machine--the test results
were always recorded under the "non-test" category.
�The President
Page 11
When we inquired about this issue, the OIG agited that the pre-notification policy
violated guidelines set forth in the Red Team's Concept of Operations document. However,
the OIG explained that, as the author of the Concept of Operations policy and the manager of
the Red Team, Mr. Boivin was authorized to change the policy. It noted that policy change by
e-mail (as occurred here) was poor practice and reflected the manner in which the Red Team
was apparently managed.
Mr. Dzakovic also questioned the OIG's finding that the Red Team reported a slightly
higher test failure rate after the pre-notification policy was instituted. He contended that he
personally encountered an anomalous 100% success rate during the two testing trips he
conducted upon prior notification and asserted that the OIG must have failed to include the
results of these two trips in their calculations. He also opined that the higher test failure rates
following pre-notification noted by the OIG could be attributed in part to other factors, such as
the transition during this time to test objects that were more difficult for screeners to recognize
and the decision by most of the agents to discontinue providing pre-notification in spite of
Mr. Boivin's instructions. In fact, Mr. Dzakovic stated that Ed Kittel, then-Acting Manager of
the Red Team, abolished the pre-notification policy shortly after it was instituted by Mr.
Boivin.
When we asked the OIG to respond to Mr. Dzakovic's observations, they stated that
their analysis of the Red Team's findings after institution of the pre-notification policy included
all Red Team trips, including the two mentioned by Mr. Dzakovic. They advised that
considering the number of CTX tests that were conducted and the inconsistency among Red
Team members in complying with the pre-notification requirement, it would be impossible to
base a firm conclusion concerning the effect of pre-notification on two tests. The OIG
observed that, in fact, Mr. Dzakovic had participated in testing missions reporting 100%
success rates before the pre-notification policy was in place, and that, in August 1999,
immediately following implementation of the policy, Mr. Dzakovic participated in a mission
that reported a failure.
D.
San Juan Airport Incident
The OIG interviewed Mr. Dzakovic, Mr. Boivin, and Carrie Hancasky, former Red
Team Special Agent, concerning events that occurred during the Red Team's April 1998 visit
to the San Juan Airport. Mr. Dzakovic had alleged that an airline had failed a PPBM test and
that when Carrie Hancasky, a fellow Red Team member, approached the airline station
manager, he had remarked that "When it gets this busy, we can't do security." He further
alleged that when he called Mr. Boivin to alert him to the situation and the remark, Mr. Boivin
told him to discontinue the testing and not to document the remark. Mr. Dzakovic states that
he wrote a report but, in accordance with Mr. Boivin's direction, did not include the remark.
�The President
Page 12
The OIG was unable to substantiate Mr. DzakOvic's allegations. Ms. Hancasky could
not recall whether the station manager had made the remark described by Mr. Dzakovic. She
did recall that the air carrier's automated PPBM system was disabled at the time due to a
power outage. She testified that the air carrier chimed to have conducted manual PPBM
checks instead.
According to the OIG Report, Mr. Boivin testified that he could not recall this
particular testing mission, but he nevertheless denied instructing Mr. Dzakovic to omit the
station manager's remark from the trip report. He asserted that, had he been informed about
such a remark, he would have directed Mr. Dzakovic to report it to the local CASFO for
investigation and potential enforcement action.
The OIG reviewed the Red Team's written report for this testing mission. The report
documented the Red Team's decision to suspend testing pending restoration of the air carrier's
out-of-service automated PPBM system. It also raised the question of whether Ms. Hancasky's
checked bag ever left the Miami Airport, the Red Team's point of departure. According to the
Red Team report, the agency responded to this incident by notifying the San Juan CAS Field
Unit, and the field unit, in turn, conducted a follow-up investigation. In the course of the
follow-up investigation, the field agents discovered that Ms. Hancasky's bag had never left
Miami. The FAA nonetheless issued a Letter of Correction to the air carrier for failing to
follow proper manual PPBM procedures.
We asked the OIG to explain why Mr. Boivin suspended further testing at the San Juan
airport following this incident. The OIG advised us that the testing was stopped in accordance
with the Red Team's Concept of Operations because a serious security situation had been noted
and because, as required by the Concept of Operations, Ms. Hancasky identified herself to the
airline station manager. The OIG stated that her self identification rendered her unable to
effectively perform additional testing. The OIG further told us that while Mr. Dzakovic
maintained that the station manager did not know that he was an FAA inspector, the airport
was aware that FAA had been conducting testing. Accordingly, the validity of additional test
results would be called into question.
E.
Manipulation of TIP Testing
The OIG also investigated Mr. Dzakovic's allegation that Mr. Fainberg had directed
him to manipulate data in the study he had conducted on the effectiveness of the TIP software
program in November 1998 and January 1999 in Reno, Nevada. The OIG could not
substantiate this specific allegation because of conflicting testimony, although it did find other
irregularities in the testing methodology used. The OIG Report notes that Mr. Fainberg's
analysis of TIP was "simply a paper study that was not definitive," and that a validation study
of TIP was conducted at the FAA's Technical Center in 2000. It also observes that TIP was
still in the research and development phase during the time of Mr. Fainberg's study, that it has
�The President
Page 13
continued to evolve, and that another generation of TIP is currently being developed at the
FAA's Technical Center. Finally, the OIG observed that TIP was never intended to be a
substitute for covert testing with realistic threat objects.
III. TSA's Statement Regarding Corrective Action
As noted above, I asked Secretary Mineta to identify the steps TSA had taken or was
planning to take to address the findings in the OIG Report. Admiral Loy responded by letter
of February 24, 2003.
In that response, Admiral Loy outlined a number of specific steps that TSA has taken,
and policies it has implemented, in an effort to ensure that TSA's covert testing program will
be an effective one, and that the mistakes of FAA CAS management will not be repeated.'
Admiral Loy's letter states that covert testing is the responsibility of the Special
Operations Program within TSA's Office of Internal Affairs and Program Review (OIAPR).
His letter outlines the steps that OIAPR took to create a skilled special operations team, which
included, among other things, consulting with the OIG to discuss its findings regarding the Red
Team. Admiral Loy's letter identifies the airport security systems that the Special Operations
Team is currently testing and its plans for future testing. In addition, Admiral Loy's letter
describes how the Special Operations Teams will select airports for testing.
The letter outlines the protocol that has been established for providing information on
the results of covert tests, including immediate feedback to screeners and their supervisors, as
well as training. According to Admiral's Loy's letter, OIAPR has established a protocol for
the distribution of its reports and recommendations for corrective action. In addition, OIAPR
has created a recommendation tracking system and will follow up if a timely response is not
received from program officials. OIAPR will also maintain a database to analyze overall
trends and patterns, monitor performance, and compare an airport's performance over time.
Other changes instituted by TSA are described in Admiral Loy's letter.
In responding to my concern about accountability for those individuals responsible for
the mismanagement of the Red Team program, Admiral Loy states that the former members of
the Red Team have been given other positions within TSA, FAA, or other DOT offices, and
that none has been assigned to OIAPR. "By not allowing any of the former Red Team
members the opportunity to conduct covert testing," he states, "any concerns regarding the
Much of what is in Admiral Loy's letter has been identified as "Sensitive Security
Information" under the provisions of 49 C.F.R. 1520. Accordingly, the public file will
contain a redacted version of Admiral Loy's letter (5 U.S.C. §1219), and those portions of its
contents that are designated "Security Sensitive" will be not be discussed in this letter.
8
�The President
Page 14
continued mismanagement of the program or continued questionable performance by the
former Red Team members on TSA's covert testing program have been removed."
With respect to Mr. Dzakovic's employment situation in particular, Admiral Loy
reports that when TSA was created, the former FAA CAS became part of TSA, and Mr.
Dzakovic was assigned to TSA's Office of Aviation Operations to perform "various duties
assisting the new Federal Security Directors." Thereafter, in late January of 2003, Mr.
Dzakovic was assigned to a new job which Admiral Loy states will use his skill at assessing a
threat situation, disseminating information to appropriate Federal officials, and functioning
effectively in a crisis.
Admiral Loy's letter concludes with a strong commitment that TSA will not repeat the
mistakes of the past. He notes that the days of the old FAA Red Team are gone." "Also
gone," Admiral Loy states, "are the performance levels of the past and the construct of having
a Federal agency report on the performance of regulated industry employees by sending reports
to headquarters that were never acted upon." Admiral Loy observes that he has "insisted that
we completely discard" what he calls a "failed system." He commits to make system-wide
adjustments based on lessons learned in the testing operations; he also promises to "raise the
bar routinely in the interest of continuous improvement."
IV. The Whistleblower's Comments
Mr. Dzakovic provided extensive comments on the OIG and TSA reports. Although
Mr. Dzakovic concurred with the OIG's finding of gross mismanagement within CAS, he
disagreed with several of its conclusions regarding his incident-specific allegations. He
criticized the OIG's investigation of these allegations as superficial and stated that he did not
believe that the OIG had given him an adequate opportunity to provide support for those
allegations.
As discussed above, at our request, the OIG provided further clarification of its
findings in response to many of Mr. Dzakovic's comments. In response to our inquiry
regarding the conduct of the investigation, the DIG advised us that it had conducted two
interviews of Mr. Dzakovic and considered all relevant documentary evidence. Nonetheless,
at our request, the OIG agreed to re-interview Mr. Dzakovic. That interview took place on
March 6, 2003. We understand that the interview did not yield any additional information that
would change the OIG's findings and conclusions regarding the matters we transmitted for
investigation.
In Mr. Dzakovic's opinion, the OIG Report understates the extent to which CAS
management mishandled and ignored the Red Team's findings. He emphasizes that the Red
Team repeatedly alerted CAS management to serious vulnerabilities in aviation security, yet
they continually failed to take decisive action to correct these vulnerabilities. He maintains that
�The President
Page 15
management's inaction was inexcusable, especially in light of the FAA's awareness of a
growing terrorist threat during the months leading up to the September 11, 2001, attacks.
In his initial comments, Mr. Dzakovic expressed concerns about whether aviation
security would improve under TSA. He stated that, "Not one manager within FAA is being
held accountable for supporting the dysfunctional and dangerous way FAA conducted security
and for ignoring intelligence warnings leading up to 9/11." He expressed concern that several
former FAA CAS managers currently employed by the TSA might perpetuate within TSA
many of the systemic problems that plagued its predecessor agency, FAA CAS.
In his comments on the letter from Admiral Loy, Mr. Dzakovic is largely critical of the
new Special Operations Program created by TSA. Among other things, he is of the view that
the methods for testing that TSA is employing do not sufficiently replicate terrorist threats, and
that TSA is using an "audit" model of testing, rather than an "adversary" model. He concedes
that TSA is "doing well" on the dissemination and feedback of test results, although he is
concerned about whether TSA has established adequate management tools to ensure that
identified problems are corrected. Finally, Mr. Dzakovic takes strong exception to Admiral
Loy's assertion that his current position is a meaningful one.
V.
Special Counsel's Comments and Recommendations
In its report, the OIG stated that it was unable to substantiate Mr. Dzakovic's allegation
that FAA management had deliberately suppressed negative Red Team findings, or directed
Red Team personnel not to conduct follow up tests in order to protect the airline industry. As
Mr. Dzakovic expressed in his comments on the OIG Report, he takes strong exception to this
interpretation of the intentions and actions of CAS management.
From Mr. Dzakovic's standpoint, the distinction between deliberate suppression and
negligent mismanagement is an important one. He was continually frustrated by the failure of
the FAA to use the Red Team's efforts to improve aviation security and by the persistently
poor results obtained when the Team conducted covert testing. After years of such frustration,
it is not surprising that Mr. Dzakovic concluded that the Red Team's findings were being
intentionally ignored.
In the end, however, whether the FAA deliberately suppressed negative Red Team
findings (as Mr. Dzakovic believes) or grossly neglected to respond effectively to those
findings (as the OIG's Report demonstrates), the result was the same -- aviation security was
seriously compromised. The more important question, we would submit, is whether the
agency now responsible for ensuring aviation security -- TSA -- will be effective, where FAA
was not.
�The President
Page 16
Of course, the very creation of TSA was designed to address the inherent conflict
presented where airline contract screeners, rather than government personnel, were on the
front lines of aviation security. Further, Admiral Loy's letter describes the implementation of
specific corrective action by TSA in response to the OIG's findings of mismanagement of the
Red Team. His letter articulates a strong commitment not to repeat the mistakes of the past,
and to make TSA's covert testing program a robust and effective one.
I note that the corrective actions identified in Admiral Loy's letter appear to implement
the recommendations set forth in the OIG's Report at pages 4-5, with one exception. The DIG
recommended that TSA develop standard operating procedures that address testing operations.
It is unclear from Admiral Loy's letter, however, whether such operating procedures have
been developed or are planned in the future. This issue can be addressed in the context of any
oversight of TSA that occurs in the wake of this investigation.
Based upon his previous experience, Mr. Dzakovic remains deeply skeptical about
whether, in fact, TSA will do any better than its predecessor, the FAA. He has raised a
number of questions about the adequacy of TSA's Special Operations Testing Program in his
comments to Admiral Loy's letter. I would recommend that the issues Mr. Dzakovic has
raised also be addressed in the context of subsequent oversight proceedings.
The issues of accountability that I raised in my letter to Secretary Mineta should also be
examined in any follow-up to this process. Admiral Loy's letter seems to imply that the
former Red Team members (presumably including Mr. Dzakovic) were somehow responsible
for the Red Team's mismanagement. Thus, TSA purports to address the accountability issue
by not assigning former Red Team members to TSA's covert testing team.
The OIG's findings, however, did not implicate the members of the Red Team in any
malfeasance. Instead, the OIG's findings of "programmatic weaknesses" implicated those at
higher levels within FAA CAS who mismanaged the Red Team and failed to take effective
action to improve airport security. Admiral Loy's letter does not address what has been done
with respect to these individuals, some of whom Mr. Dzakovic alleges continue to have roles
in aviation security, either at TSA or as private contractors.
Moreover, while there may be legitimate reasons to make a "fresh start" at TSA, it is
unclear why a valued senior member of the FAA Red Team, like Mr. Dzakovic, has been
entirely shut out from participation in formation or operation of the new program. Admiral
Loy's letter states that Mr. Dzakovic has been assigned to a new position that will make full
use of his experience. Mr. Dzakovic, however, continues to assert that this new assignment
(like the one that preceded it) is retaliatory. He states that he is now performing "make-work"
that does not befit someone of his training and experience.
�The President
Page 17
Mr. Dzakovic's allegations of retaliation are the subject of a pending prohibited
personnel practice complaint before OSC. Those allegations will be vigorously investigated.
Finally, let me publicly recognize and thank Mr. Dzakovic for the courage he has
displayed in coming to OSC with his disclosures. I appreciate the fact that he is not entirely
satisfied with the result of the OIG's investigation, or this process generally. Nonetheless, by
coming forward, he has brought public attention to issues of great national importance. I
would respectfully urge you to continue to take advantage of his expertise and insight into
aviation security matters, as you consider the import of the findings of this investigation.
CONCLUSION
With the exception of the matters described above, I have determined, pursuant to
§ 1213(e)(2), that the findings in the agency's report appear to be reasonable and contain all of
the information required by statute.
As required by § 1213(e)(3), I have sent a copy of the OIG Report, Admiral Loy's
letter, and Mr. Dzakovic's comments to the President and the Chairmen of the Senate
Committee on Commerce, Science and Transportation, the Senate Committee on Governmental
Affairs, the House Committee on Transportation and Infrastructure and the House Committee
on Government Reform. We have also filed a copy of the report and a redacted copy of the
letter from Admiral Loy in our public file and closed the matter.
Respectfully,
Elaine.Kaplan
Enclosures
�
Dublin Core
The Dublin Core metadata element set is common to all Omeka records, including items, files, and collections. For more information see, http://dublincore.org/documents/dces/.
Title
A name given to the resource
Boston Federal Aviation Administration Filings
Subject
The topic of the resource
litigation
airport security
Description
An account of the resource
These court filings provide evidence that the terrorists responsible for the September 11th attacks were observed assessing airport security prior to the events. For example, Mohammed Atta was spotted in May '01 taking still photographs, notes and video of the screening checkpoints at Logan. He was reported to law enforcement at the airport, but they failed to follow up.
Contributor
An entity responsible for making contributions to the resource
Brian Sullivan, FAA Special Agent (Retired)
Dublin Core
The Dublin Core metadata element set is common to all Omeka records, including items, files, and collections. For more information see, http://dublincore.org/documents/dces/.
Title
A name given to the resource
Letter to President Bush from Elaine Kaplan
Subject
The topic of the resource
Airports--Security measures--United States
War on Terrorism, 2001-2009
Description
An account of the resource
A letter from Elaine Kaplan to President George Bush discusses the implications of allegations made by whistleblower Bogdan Dzakovic, a former Special Agent on the Federal Aviation Administration's (FAA) Red Team, that officials within FAA's Civil Aviation Security Division did not accurately report on the findings of the Red Team. The letter includes copies of a report from the Office of Inspector General; a letter from Admiral James M. Loy, the Under Secretary of Transportation for Security; and Dzakovic's comments.
Creator
An entity primarily responsible for making the resource
Brian Sullivan, FAA Special Agent (Retired)
Date
A point or period of time associated with an event in the lifecycle of the resource
March 18, 2003
Rights
Information about rights held in and over the resource
Public Domain