Transportation Security Aggravation
Debating the balance between privacy and safety in a post-9/11 aviation industry.
In the wake of the 9/11 terrorist attacks, air travel has gone through a disruption whose effects are still being felt: continuing fear and anxiety on the part of passengers and airlines alike, the creation of a massive new federal bureaucracy of doubtful efficiency and efficacy, and airport hassles that were once unimaginable and now seemingly intractable, to name just a few. More than three years after the worst terrorist attacks on American soil, the best way to balance passenger safety, privacy, and convenience is far from settled.
In December 2004, reason invited Robert W. Poole Jr. and Jim Harper to debate and discuss the best policy for secure air travel. Poole is director of transportation studies at the Reason Foundation and a former editor of this magazine. Harper is director of information policy studies at the Cato Institute and editor of Privacilla.org, an online think tank dedicated to privacy
issues. Comments can be sent to letters@ reason.com.
Steps Toward Sensible Airline Security
Robert W. Poole Jr.
Against a comprehensive terrorist threat whose true dimensions are necessarily unknown, a free and open society has endless points of vulnerability. Attempting to "harden" all likely targets is a losing strategy–and a recipe for bankruptcy. But airplanes are very fragile, and if airliners were left unprotected and were thus subject to frequent destruction, a commercial airline industry would be unlikely to survive, with enormous negative consequences for mobility and our economy. Hence some degree of defense seems wise in the case of commercial aviation.
The single most effective thing that's been done in this regard is to retrofit much stronger cockpit doors, to deny terrorists access to pilots and controls should they manage to get on board. But the rest of aviation security policy is an inconsistent mix of overkill and underprotection. Mandating 100 percent inspection of checked bags for explosives, but not of carry-on bags, makes no sense. Neither does inspecting 100 percent of passengers for metal but not for explosives. Likewise, why inspect 100 percent of bags but not the cargo that flies alongside them?
Current security policy toward passengers and their bags operates as if every person and every bag were equally likely to pose a threat. The costs imposed–both wasted time from showing up an hour early and the hassles and indignities of screening–are very large. But the only alternative (short of doing nothing, which would make planes too attractive as targets) is to base airport security policy on known or expected risk, targeting inspection resources where they are most likely to make a difference.
One way to do this is to encourage a fraction of travelers to volunteer for pre-clearance. By getting the equivalent of a security clearance and an ID card that proves the person who shows up at the airport is the person who was cleared, such "registered travelers" and their bags could bypass most of today's intrusive screening. The other end of the risk continuum includes those about whom virtually nothing is known and those who, based on intelligence information, pose a possible risk. If those people can be identified, they can be subjected to screening somewhat more rigorous than what is today applied to all air travelers (e.g., the backscatter X-ray machines that see through clothing). With those policies in place for the low-risk and high-risk groups, those in the middle (most ordinary, nonfrequent fliers) could be screened in a manner similar to that in which we all were prior to 9/11.
We also need to fundamentally rethink the function of the Transportation Security Administration (TSA). Although the TSA is charged with protecting all forms of transportation, it devotes the vast majority of its staff and budget to airlines, presumably because Congress overreacted to 9/11. Yet cargo containers entering our ports and crossing our borders are also potential threat vectors, and railroads carrying hazardous chemicals are also vulnerable targets. So TSA ought to do a serious analysis of where America could get the most bang for our bucks in transportation security, and recommend changes to Congress accordingly. That would likely mean much less emphasis on airlines and somewhat more emphasis on other modes.
The other major problem with the TSA is its built-in conflict of interest. As created by Congress, TSA is both the security policy maker/regulator and a major provider of security screening services. That's as unwise as it was to put the now-defunct Atomic Energy Commission in charge of both promoting and regulating nuclear power. The TSA should be divested of its service provision role as part of refocusing its mission on security policy for our entire transportation system.
Airport security should become the responsibility of each airport owner, as it is in Europe, under TSA oversight. Today the TSA screens bags and passengers, but the airport controls access to the tarmac, secures the airport perimeter, and carries out other security functions, resulting in a needlessly fragmented system. Airport security would be more coherent if it were no longer divided in this way. A single security staff, reporting to the airport director, could be cross-trained in a number of functions. This approach would make it easier to beef up staff in screening lanes during peak periods, with the extra people going off to do other security jobs when traffic is lighter instead of standing around. And as in Europe, airports should be free to hire certified private security firms to perform these services.
In short, airline security needs to be rethought from the ground up, along with the rest of transportation security. The kinds of risk-based policies that are partially in place for cargo need to be applied to airline passengers as well. That change would concentrate limited security resources where they will do the most good, reducing the hassle factor for a large majority of air travelers.
Kill the TSA, Don't Reform It
It is correct that airline security should be rethought from the ground up. But ground-up rethinking should really start at the ground. The TSA should be eliminated, not refocused.
Most arguments for federal government involvement in transportation security follow a logic that is not logic at all. Usually thoughtful policy experts utter things like: "I just think there is a federal role. I mean, look at what happened."
Robert Poole's justification for government provision of security to private industry is better: Airplanes are uniquely fragile, he says. But this logic proves too much. Yes, 9/11 demonstrated aviation's vulnerability. But a successful attack on a shopping mall, the food or water supply, chemical manufacturing, or any other target would make those institutions seem uniquely fragile too. All infrastructure and systems have important weaknesses. If the premise for federal authority were vulnerability, it would be boundless.
TSA security measures have been inconsistent and mindlessly reactive. This is because bureaucracies are poor at assessing and balancing risk. They are much better at surfing public opinion and following political cues. Witness the TSA's obsession with small, sharp things early in its tenure and the shoe fetish it adopted after Richard Reid demonstrated the potential hazards of footwear. This is not a foresighted, research-based, risk-assessing organization.
Highly effective, nonregulatory systems exist to analyze and respond to risk. They operate well, though not perfectly, when they are allowed to. They start with the tort system, which places responsibility for avoiding foreseeable harms with the parties in the best position to avoid them. Through insurance contracts, businesses in every sector of the economy spread risk and often purchase expert advice on loss avoidance.
An obvious question: If these systems are so good, how did they fail us on 9/11? Unfortunately, no one had seriously contemplated that airplanes might be commandeered and used as missiles. Our private-sector risk avoidance systems are good but not perfect. No real-world system–public or private–foresaw the 9/11 terrorists' actions, so audacious in planning and so lucky in execution.
Things always seem more foreseeable in hindsight. And the airlines recognized after 9/11 that some court somewhere might heap bankrupting liability on them by finding that the attacks and their results were predictable. Moving swiftly to capitalize on emotion and patriotism, the airlines sought to shield themselves from liability, acquire an infusion of taxpayer dollars, and push their security obligations onto the government.
Hence the impossibly murky airline security system we have today. Lines of authority are unclear. Lines of passengers are long. Rules are unclear. Responsibility is unclear.
Airlines should be given clear responsibility for their own security and clear liability should they fail. Under these conditions, airlines would provide security, along with the best mix of privacy, savings, and convenience, in the best possible way. Because of federal involvement, air transportation is likely less safe today than it would be if responsibility were unequivocally with the airlines.
The costs of the status quo are tremendous. Taxpayers are funding another new and sure-to-grow bureaucracy. Air travel has rebounded, but certainly not to the levels it should have reached by now. Thousands of would-be travelers are staying away. Those who do travel are wasting millions of hours per year standing in lines. And they are shedding dignity by the bushel as they undergo compulsory frisking by TSA law enforcers.
The air travel industry is already beginning to figure out the bad bargain they struck when they pushed their security responsibilities onto the government. But they will not take into account another tremendous cost of abandoning their responsibility: erosion of civil liberties.
The same policy experts who see a federal role in airline security "just because" seem not to see that the TSA's airport security procedures are an unconstitutional search and seizure within the meaning of the Fourth Amendment. Intrusions on the individual right to be free of search and seizure are allowed, but they must be reasonable. The TSA stops everyone without regard to individualized suspicion. Either that policy is unreasonable, or every search is reasonable in the era of terrorism. Let's hope it's not the latter.
Allegedly to reduce the incidence and intrusiveness of such searches, the government is pressing forward with plans to do background checks on travelers, again without regard to suspicion. The reviled Computer Aided Passenger Pre-Screening System, better known as CAPPS II, has been renamed Secure Flight, but it still relies on searching databases of information about travelers. National ID legislation to streamline and strengthen this process passed at the end of the 108th Congress. These erosions of liberty result directly from the government's acquisition of the airlines' role in securing their operations.
When security is provided by the airlines, searches and background checks can be a condition of travel because constitutional restrictions do not apply to private actors. Airlines, eager to retain customers, will provide security in the least offensive and intrusive way consistent with the highest levels of safety. This may well include special lines with faster service for travelers who have undergone background checks. But only if security is private can we be assured that this choice will remain a genuine choice and not become mandatory.
There is no realistic business model in which airlines would skimp on security. Because of 9/11, the threats are now well recognized. The tort liability would be devastating if an airline failed to harden its defenses against threats, known or imagined, in light of the new knowledge. If an airline were inclined to go lax on security, hoping for the best rather than working to guarantee it, its insurers would quickly step in to correct it.
Businesses throughout our economy have taken a fresh look at their security procedures in light of the terrorist threat. Without fanfare or tremendous expense, likely targets of terrorist attack are being hardened. This is a winning strategy. Indeed, maintaining security as a private responsibility is the only acceptable strategy–unless we plan to destroy American life in order to save it.
Government's Essential Role in Travel Security
Robert W. Poole Jr.
Jim Harper and I agree on several points. But we appear to differ on a fundamental one: the need for government involvement in aviation security.
This need stems from the underlying fact that America (indeed, the whole West) is engaged in a war not of our choosing. Islamist terrorism is a deadly global threat, different in nature from that of Soviet communism but no less global and ongoing. And since Job No. 1 of government is national defense, it is very properly involved in defending Americans against this diffuse but deadly enemy.
In my opening comments, I noted the limitations of target hardening as a defensive strategy against terrorism. Operations researcher Manuel Trajtenberg of Tel Aviv University has applied game theory to the war between terrorists and society. Terrorists have to decide whether or not to strike and, if so, which targets to hit. Potential targets must decide how much to invest in their own security. And government decides what and where to invest in fighting terrorism. In his model, Trajtenberg compares two different government approaches: fighting terrorism at its source or hardening particular targets. Applying plausible numbers to his model, he finds that the former strategy is hundreds or thousands of times more effective than protecting individual targets.
So when I said that aviation security needs to be rethought from the ground up, it was with this kind of analysis in the background. In my view, the most important thing the federal government can do to counter terrorism is to find and kill the terrorists. That, in turn, depends on extensive intelligence work. And that provides the key to rethinking the role of whatever federal entity exists (call it the TSA or simply X) to address terrorist threats here at home.
The TSA or its replacement should be primarily an analytical agency, one that uses intelligence information to sort out and prioritize the terrorism risks facing America on its own territory. Only a federal entity with full access to comprehensive intelligence information can be in a position to carry out such analyses and make intelligent recommendations as to what kind of target hardening provides sufficient deterrence against such large potential losses as to be worth the investment.
Harper puts great stock in the role of insurance as a way of both incentivizing efficient levels of target hardening and of coping with the risks of loss from such events. I agree but must point out a huge caveat: If a risk is unquantifiable, it is uninsurable. In the wake of 9/11, aviation terrorism coverage was simply not available. Nobody in the insurance (or airline) business could quantify the risks, so nobody would offer a policy. Today, after three years of government efforts, however ham-handed, to strengthen aviation security, some very expensive coverage is starting to be available.
The TSA that Congress created is a far cry from what I'd like to see. To begin with, the failure of airport screening to prevent the 9/11 attacks stemmed directly from the Federal Aviation Administration's failure to define any sort of meaningful performance or training requirements for airport screeners. In a gross overreaction, Congress stampeded into nationalizing the screening industry while tripling screening's cost and making it far more intrusive. Yet after more than two years of full TSA operation, the agency has yet to demonstrate that the quality of screening is any better than it was pre-9/11. Thus far it has even failed at the most inherently governmental aspect of its aviation security task: providing real-time access to comprehensive intelligence information to identify people who pose a risk to aviation.
Harper and I agree that it is wrong for the TSA to "stop everyone without regard to individualized suspicion." Yet in his very next paragraph he undercuts his own position by opposing efforts to identify air travelers who may pose a threat. There are only two ways of dealing with the needle-in-a-haystack problem of finding would-be terrorists among millions of airline passengers: Either screen every passenger and piece of luggage rigorously, without regard to individualized suspicion, or use information to sort out passengers on the basis of risk. The latter approach is basic to every kind of police and security work, and it is the only policy that makes sense, from both an economic and civil liberties point of view.
But how would it work? As I mentioned in my first contribution, those who volunteer for pre-clearance constitute one low-risk group, needing little if any screening. Those showing up on serious, comprehensive watch lists constitute a high-risk group, needing rigorous screening. Individualized information is needed to sort people into both of these groups. What about somebody who shows up at the airport with no ID, or whose ID cannot be verified in any way? Common sense says he's a possible high-risk group member, certainly compared to someone with, say, a substantial credit history. This is a complex issue, but Harper's dismissal of efforts such as Secure Flight that would verify a traveler's identity is inconsistent with his position that travelers should receive more than cursory airport screening only when there are grounds for "individualized suspicion."
Much of what today's TSA does, including the airport screening that accounts for the bulk of its work force, should be done by private firms, working for the airport owner. And "registered traveler" programs can and should be run by airlines and their contract service firms as a benefit for their frequent fliers. But the core of aviation security involves making use of intelligence to identify terror threats, make aviation security policy, and provide the individualized information necessary for a risk-based security system to function. Those tasks are inherently governmental, a vital part of national defense in the war against terrorism.
Security Is Better Private
In a Fall 2004 article for Regulation magazine, "A False Sense of Insecurity?," Ohio State political scientist John Mueller, a national security expert, pointed out that terrorism is minimally destructive compared to other dangers. Terrorism does most of its damage through hasty, ill-considered, and overwrought reactions.
In almost all years, the total number of people who die at the hands of international terrorists anywhere in the world is not much more than the number who drown in bathtubs in the United States. Since the State Department began counting, about the same number of Americans have been killed by terrorism as by lightning, accident-causing deer, or severe allergic reactions to peanuts.
Mueller's point: Terrorists can be defeated simply by not becoming terrified. We pay no homage to the victims of 9/11 and their families if we allow hyperbole and fear to overcome reason. The "deadly global threat" of Islamist terrorism cited by Robert Poole has so far proven far less deadly to Americans than, say, overeating.
This is not to say that the terrorist threat is not serious. There are undoubtedly groups plotting out there who wish to build upon the spectacular luck of the 9/11 terrorists.
But the threat should be kept in perspective. The so-called war on terrorism calls for neither (further) suspending the limits on the federal government nor (further) blurring the line between private and public responsibility. Indeed, each of our major points of contention is resolved by keeping in mind the proper roles of government and the private sector.
On target hardening, Poole takes the thrust of Manuel Trajtenberg's study and concedes that the proper role of government is to find terrorists and stop them, leaving target hardening to the owners of targets. The study did not conclude that target hardening should not be done–only that the most effective way to prevent terrorism is by acting against terrorists. Strengthening targets is not a zero-sum game, of course: Raising the difficulty of one attack does not lower the difficulty of another.
Corporations cannot pursue, arrest, or kill terrorists. That is what governments do. Concomitantly, governments lack the institutional knowledge to effectively harden private infrastructure, and they lack the incentives to properly nest security programs with business operations, customer service, and profitability.
Corporations can and must recognize the threat of terrorist acts and harden their infrastructures, both in the interest of business continuity and to avoid liability. Governments can and should collect and selectively share intelligence that suggests plausible threats to private infrastructure. This is a role not for a TSA but for true intelligence agencies.
On ID-based security, Poole places a great deal of stock in efforts to identify air travelers who may pose a threat. Many others do too. Surprisingly little analysis has gone into whether and how identification would work as a security measure against terrorism. But there is certainly a role for identification as part of a security mix. The question is whether the TSA, or the airlines, should assess individuals' propensity for dangerous acts.
The constitutional rights we all enjoy uniquely disable governments in the United States from investigating people who engage in nonsuspicious behavior such as air travel. There's a good reason for that. Our success as a nation, both economically and spiritually, derives from our freedom.
No such impediments exist in the private sector. Airlines should be free to make background checks a condition of travel. They should offer quicker security screening to those who open their lives to inquiry and require closer scrutiny of those wishing to travel anonymously. Having taken this role from the private sector, the TSA has kept airlines from working out the measures that are consistent with maximal security, customer service, privacy, convenience, and low cost.
Insurers have an important role to play in that process by fleshing out and driving home the airlines' security obligations. It is probably true that the risk of terrorism was unquantifiable in the immediate aftermath of 9/11. Actuaries, like so many others, had to adapt quickly to some new realities.
But since then, the federal government has done nothing but undermine the natural risk-prevention and risk-spreading processes of which insurance is a part. Imagine trying to insure a property against the risk of theft when the owner of the property is not responsible for locking the house. Imagine further that the homeowner could not take independent steps to secure the house from theft but had to seek regulatory permission to do so.
The Terrorism Risk Insurance Act passed in late 2002 was an industry sop just like the airline bailout. Cato Institute scholars noted early that year that Marsh and McLennan, the world's largest insurance broker, had formed a new subsidiary just days after September 11, 2001, to "sell insurance to corporate customers at sharply higher rates." The chief executive officer of XL Re, a Bermuda insurer, had told an industry conference, "The opportunity out there is tremendous." And The New York Times reported on December 17, 2001, that the industry looked so attractive that new money was pouring in to start new companies and expand existing operations. "[I]t is hard to remember a time when prospects looked better" for the commercial insurance industry, concluded the Times.
If you assume, as Poole does, that the federal gov-ernment should provide security to private industry,
then the role for the federal government does seem quite prominent. But the relative strengths of private and public actors suggest a greater role for airlines and a smaller role for government in the provision of air security. When
the costs to civil liberties are included, the case against
gov-ernment-provided security becomes overwhelming.
Most of the air security reforms Robert Poole recommends are intelligent and well taken. We are more likely to see them implemented when responsibility for air security is returned to its rightful place.
Screen Based on Risk
Robert W. Poole Jr.
Jim Harper and I seem to agree on quite a lot. In my latest Aviation Security Update newsletter, I commended John Mueller's Regulation article about exaggerated fear of terrorism. Far too much of the congressional and media response to 9/11 and Osama bin Laden has been based on hyperbole. But I do believe we are engaged in a war against deadly enemies, who must be fought not with costly feel-good measures but with intelligence work, interdiction, selective target hardening, and beefed-up disaster response capabilities.
I agree that target hardening ought to be the responsibility of each property owner, relying on advice and information from a federal agency that generates and uses comprehensive, up-to-date intelligence information. This is largely the case today when it comes to such targets as malls, office buildings, sports facilities, electric utilities, highways, ports, and railroads. Airports and airlines are unique in having been singled out for both significant new regulation and large federal funding. As I've been pointing out in my newsletter for the last several years, this stems not from any careful assessment that aviation is the most likely future terrorist target but from congressional overreaction in the weeks following 9/11.
Harper and I also agree on the role of insurance, both in helping to spread risks and in motivating protective measures. It's encouraging to see the insurance industry coming to grips with terrorism risk (see, for example, Gordon Woo's article, "Understanding Terrorism Risk," in the January 2004 issue of The Risk Report).
Where Harper and I are farthest apart is on the role of government in what he calls "ID-based security." In his response, Harper fails to address the choice between treating every passenger the same, as most privacy advocates have been demanding, or singling out only "suspicious" passengers for serious scrutiny. Since the public demands some degree of passenger screening, the "privacy" position entails putting every passenger through intrusive hassles at enormous cost. The alternative, which I favor, is to screen passengers based on their estimated risk levels, and that requires verifying their identities and checking up-to-date watch lists.
This is a job best suited to a federal agency with full and complete access to intelligence information. You don't want that kind of information appearing on the screens of thousands of reservations and check-in clerks (and perhaps leaking out who knows where). Nor should we publicize the factors used in deciding on the risk estimate for a given passenger, which would give Al Qaeda a guide to beating the system. The TSA's much-delayed Secure Flight system will do this job for the airlines, and it's appropriate that it do so. It's also appropriate that the TSA grant "clearances" to those accepted as members of airline-run registered traveler programs; after all, who else has the intelligence information to make such decisions?
Government has a limited role to play in aviation security. It's not the grandiose role spelled out by the Aviation and Transportation Security Act of 2001, but it's a vital role in helping the private sector protect its customers and facilities against terrorist attacks.
Taking Security Into Private Hands
When debating someone as reasonable and thoughtful as Robert Poole, the most difficult struggle is to maintain points of disagreement. The threat of new terror attacks, we agree, should not lead to excessive reactions, but to carefully thought out measures. Private owners of potential terrorist targets are best suited to harden their infrastructure against attack. The tort system and insurance markets are best for assigning responsibility, for weighing and reducing risk, and for apportioning any loss.
The remaining issue–ID-based security –is a difficult one. In ordinary dealings, identifying someone has powerful effects. People who know they are known are also aware that they can be held accountable. Their bad acts may bring them social ostracism, exclusion, or civil and criminal liability.
But terrorists are not accountable to worldly justice. Identification does not restrain them this way.
The other reason for identification is to match people against lists of known terrorists and suspects. This appears to be the basket in which Poole would place his security eggs. A federal agency with "full and complete access to intelligence information" could determine the risk presented by passengers, he says, selecting those appropriate for extra screening.
But there will never be a perfect watch list, making the recipe for defeating such an approach very simple: Live quietly and fly occasionally. Once assured of being in a low-risk category, the terrorist can act.
ID-based security is intuitive but deeply flawed. It may supplement, but it will never replace, the proper focus for securing private infrastructure: assessing and addressing the tools and methods terrorists may use.
ID-based or not, the homogeneity of government-provided security can assist those planning a terrorist attack. "Blame" can be spread far and wide, of course, but the uniformity of federally regulated airline security surely helped smooth the 9/11 killers' planning. They knew that, regardless of what airline they chose, they would pass through similar metal detectors and receive similar secondary screening. They knew they would not meet additional security elsewhere in the airport. They knew the cockpits on all the planes would have similar doors. They knew the pilots would not be armed.
A heterogeneous, fully private airline security system would have raised the difficulty level and could have frustrated planning for the 9/11 attacks. Airlines and travelers should be extremely leery of the security and protection offered by government agencies and officials. The veneer of security that comes with officialdom is thin.
On the last of the 9/11 planes, passengers learned that the terrorists were flying commandeered jets into buildings. The airline security system had failed these passengers and compliance with the terrorists would not save them. Taking security into their own hands, they charged the cockpit, saving the lives of others if not themselves. This is far from a satisfying example, but it illustrates the better result when security is provided by interested parties with a real stake in the outcome.?