The MIT report is here:

http://www.swiss.ai.mit.edu/6805/stu...tm#_Toc9406728

and is linked from the website at http://dontspyon.us/carnival.html

It's been a while since I read the Carnival Booth paper, but if I recall, the basic premise is that if the terrorists know in advance they are suspects on their test runs (i.e., see SSSS on their BP, are pulled aside for extra screening, etc.), then they will merely send their non-flagged companions to perform the actual missions after testing the system to see who is non-flagged.

IIRC the basic recommendation was to make "extra screening" invisible to the pax and/or to screen everyone equally and/or to use random searches, which don't suffer from the "testing" problem.

The document is somewhat out of date (refers to the old "Have your bags been in your possession?" questions and CAPPS I). The paper has also been critcized for not being peer-reviewed or published in any recognized forum; IIRC it is a graduate class paper; something more akin to a technical report (like a whitepaper) than a peer-reviewed conference or journal publication. But none of that necessarily makes the conclusions more or less valid.