Bathtubs, Terrorists, and Overreaction
I dislike our national obsession with anniversaries and tendency to convert solemn occasions into maudlin ones; to fetishize perceived collective victimization rather than simply recognizing real victims. That kept me from joining in the outpouring of September 11 reflection, now mercifully receding. But I have reflections on the reflections.
The anniversary commentary has, happily, included widespread consideration of the notion that we overreacted to the attacks and did al Qaeda a favor by overestimating their power and making it easier for them to terrorize. Even the Wall Street Journal allowed some of the bigwigs they invited to answer their question of whether we overreacted to the attacks to say, “yes, sort of.”
Unsurprisingly, however, the Journal’s contributors, like almost every other commentator out there, did not define overreaction. It’s easy and correct to say we’ve wasted dollars and lives in response to September 11 but harder to answer the question of how much counterterrorism is too much. So this post explains how to do that, and then considers common objections to the answer.
That answer has to start with cost-benefit analysis. As I put it in my essay in Terrorizing Ourselves, a government overreaction to danger is a policy that fails cost-benefit analysis and thus does more harm than good. But when we speak of harm and good, we have to leave room for goods, like our sense of justice, that are harder to quantify.
Cost-benefit analysis of counterterrorism policies requires first knowing what a policy costs, then estimating how many people terrorists would kill absent that policy, which can involve historical and cross-national comparisons, and finally converting those costs and benefits into a common metric, usually money. Having done that analysis, you have a cost-per-life-saved-per-policy, which can be thought of as the value a policy assigns to a statistical life—the price we have decided to pay to save a life from the harm the policy aims to prevent.
Then you need to know if that price is too high. One way to do so, preferred by economists, is to compare the policy’s life value to the value that the target population uses in their life choices (insurance purchases, salary for hazardous work, and so on). These days, in the United States, a standard range for the value of a statistical life is four to eleven million dollars. If a policy costs more per life saved than that, the market value of a statistical life, then the government could probably produce more longevity by changing or ending the policy. A related concept is risk-risk or health-health analysis, which says that at some cost, a policy will cost more lives than it saves by destroying wealth used for health care and other welfare-enhancing activities. One calculation of that cost, from 2000, is $15 million.
In a new book, Terror, Security, and Money: Balancing the Risks, Benefits, and Costs of Homeland Security,* John Mueller and Mark Stewart use this approach to analyze U.S. counterterrorism’s cost-effectiveness, generating a range of estimates for lives saved for various counterterrorism activities. I haven’t yet read the published book, but in articles that form its basis, they found that most counterterrorism policies, and overall homeland security spending, spend exponentially more per-life saved than what regulatory scholars consider cost-effective.
That is a strong indication that we are overreacting to terrorism. It is not the end of the necessary analysis however, since it leaves open the possibility that counterterrorism has benefits beyond safety that justify its costs. More on that below.
Behavior Detection as Interrogation
With the Department of Homeland Security constantly spinning out new projects and programs (plus re-branded old ones) to investigate you, me, and the kitchen sink, it’s sometimes hard to keep up. But I was intrigued with a report that behvaior detection officers are getting another look from the Transportation Security Administration. Behavior detection is the unproven, and so far highly unsuccessful (Rittgers, Harper), program premised on the idea that telltale cues can reliably and cost-effectively indicate intent to do harm at airports.
But there’s a new behavior detection program already underway. Or is it interrogation?
Due to a bottleneck at the magnetometers in one concourse of the San Francisco airport (no strip-search machines!), I recently had the chance to briefly interview a Transportation Security Administration agent about a new security technique he was implementing. As each passenger reached him, he would begin to examine the traveler’s documentation and simultaneously ask the person’s last name. He confirmed to me that the purpose was to detect people who did not immediately, easily, and accurately respond. In thousands of interactions, he would quickly and naturally learn to detect obfuscation on the part of anyone carrying an ID that does not have the last name they usually use.
As a way of helping to confirm identity, it’s a straightforward and sensible technique. Almost everyone knows his or her last name, and quickly and easily repeats it. The average TSA agent with some level of experience will fluently detect people who do not quickly and easily repeat the name on the identity card they carry. The examination is done quickly. This epistemetric check (of a “something-you-know” identifier—see my book, Identity Crisis) occurs during the brief time that the documents are already getting visual examination.
Some people will not repeat their name consistent with custom, of course. The hard of hearing, speakers of foreign languages, people who are very nervous, people who have speech or other communication impediments, and another group of sufferers—recently married women—may exhibit “suspicious” failure to recite their recently changed surnames. Some of these anomalies TSA agents will quickly and easily dismiss as non-suspicious. Others they won’t, and in marginal cases they might use non-suspicious indicia like ethnicity or rudeness to adjudge someone “suspicious.”
The question whether these false positives are a problem depends on the sanction that attaches to suspicion. If a stutterer gets a gauntlet at the airport each time he or she fails to rattle off a name, the cost of the technique grows compared to the value of catching … not the small number of people who travel on false identification—the extremely small number of people who travel on false identification so as to menace air transportation.
Beware the Depends Bomber?
My Washington Examiner column this week is on TSA, the federal agency that’s its own reductio ad absurdum.
In the latest TSA atrocity, the agency forced a wheelchair-bound, 95-year-old leukemia patient to remove her adult diaper, for fear she might be wired to explode. “It’s something I couldn’t imagine happening on American soil,” her distraught daughter told the press: “Here is my mother, 95 years old, 105 pounds, barely able to stand, and then this.”
My God, what is she on about? Proper procedure was followed!
As I point out in the column:
in a classic case of “mission creep,” TSA is taking its show on the road and the rails.
Remember when, pushing his bullet-train boondoggle in the 2011 State of the Union, President Obama cracked that it would let you travel “without the pat-down”? Not funny—also, not true.
Earlier this year, Amtrak passengers in Savannah, Ga., stepped off into a TSA checkpoint. Though the travelers had already disembarked the train, agents made women lift their shirts to check for bra explosives. Two weeks ago, armed TSA and Homeland Security agents hit a bus depot in Des Moines, Iowa, to question passengers and demand their papers.
These raids are the work of TSA’s “Visible Intermodal Prevention and Response” (VIPR or “Viper”) teams—an acronym at once senseless and menacing, much like the agency itself.
All this is happening at a time when al Qaeda looks more harried, pathetic, and weaker than ever. But hey, you can never be too careful, right?
Feel Safer?
Does Rep. Aderholt Support or Oppose Having a National ID?
Rep. Robert Aderholt (R-AL) is the chairman of the House Appropriations Subcommittee on Homeland Security. That’s the subcommittee that makes spending decisions for the Department of Homeland Security and the programs within it, including the REAL ID Act.
Earlier this month, a constituent of his from Fyffe, Alabama posted a question on Mr. Aderholt’s Facebook page:
Rep. Aderholt, I’ve seen reports that the “REAL ID ACT” will be implemented in May of this year, giving the govt the ability to track every person who has a drivers license via encoded GPS. Is this actually the case and if so, what is the House going to do to stop this Orwellian infringement of our Liberty. Also, HOW could this have happened in the first place!
Mr. Aderholt has not replied.
But Right Side News recently reported on a hearing in which DHS Secretary Janet Napolitano presented her agency’s budget request. The DHS has not requested funds for implementing REAL ID. But according to the report, Chairman Aderholt “pointedly reminded” the committee of the need for funding of REAL ID.
It is good of Representative Aderholt to give his constituents a means to contact him and to invite public discussion of the issues. It’s an open question whether he will listen more closely to the voice of his constituents or to influences in Washington, D.C. who would like to see law-abiding American citizens herded into a national ID system.
Is the REAL ID Rebellion Coming to Florida?
Until now, Florida has not been one of the states to buck the federal government’s national ID mandate, established in the REAL ID Act of 2005. A pair of grand jury reports in 2002 had moved the state to tighten its driver licensing processes prior to any federal action, so it was already doing many of the things that the Department of Homeland Security is now seeking to require of states in the name of REAL ID.
Full compliance with REAL ID remains a distant hope, so DHS has set out a list of 18 “milestones,” progress toward which it is treating as REAL ID compliance. Full compliance with REAL ID includes putting driver information into a network for nationwide information sharing—including scanned copies of basic identity documents. It includes giving all licensees and ID holders a nationally uniform driver’s license or ID card so their identity can be checked at airports, federal facilities, and wherever the Secretary of Homeland Security determines to have federal checkpoints.
Again, the state of Florida meets DHS’ milestones. Starting from an already strict driver licensing regime, the state’s bureaucrats have been doing (and asking the legislature to do) things that match up with the requirements of the national ID law. But now, thanks to the work of Florida’s Tenth Amendment Center, Floridians Against REAL ID, and others, the legislature is beginning to pay attention.
Why is it so hard for law-abiding citizens and residents of Florida to get or renew their licenses? What kinds of barriers to progress are being thrown in front of lawful immigrants from Haiti, who haven’t the documentation required to get a license and thus a job?
Rep. Geraldine Thompson (D-Orlando) has lived in Florida since 1955 and was elected to the Florida legislature in 2006. She was born in New Orleans and is not able to get a copy of her birth certificate. The Florida Department of Motor Vehicles would not accept her Florida House ID card as proof of her identity!
Several members of the Florida legislature are concerned that the state is scanning and databasing the basic identity documents of Floridians, exposing those documents and the people of Florida to unknown cybersecurity risks. If these databases were hacked, Floridians’ data would be treasure trove for identity fraud. A breach of an entire state’s identity data could collapse the system we now rely on to know who people are. This is not an improvement in security for Floridians.
Florida’s Cuban ex-pat population has some idea of what could result if they were herded into a national identity system. They are too familiar with central government control of access to goods, services, employment, and other essentials of life. Advocates of national ID systems here in the United States have already argued for using REAL ID to control access to employment, to financial services and credit, to medicines, to housing, and more.
In my testimony to the Florida legislature, I noted that the federal government is impotent to enforce REAL ID. The political costs of a DHS attack on air travel (if it refused to recognize drivers’ licenses from non-compliant states at airport checkpoints) would be too high. Indeed, word is spreading that DHS will soon extend the REAL ID deadline once again.
What’s clear from my visit to Florida is that legislators there respond to what they hear from their constituents. It’s unclear what the Florida legislature will do to reassert control of its driver licensing policy from the concerted action of the federal government and its motor vehicle bureaucrats.
One of the questions they might ask is, “Who committed Florida to comply with REAL ID?” That’s item number seventeen in the DHS’ eighteen-point material compliance checklist.
Terror Arrest Does Not Justify REAL ID Revival
The zeitgeist on Capitol Hill in Washington, D.C. may be for limited, constitutional government, but that doesn’t mean that big-government conservatives aren’t going to use the reprieve voters gave Republicans in the fall to once again advance big-government goals. On Monday, House Judiciary Committee Chairman Lamar Smith (R-Texas), Homeland Security Committee Chairman Peter King (R-N.Y.) and Crime, Terrorism, and Homeland Security Subcommittee Chairman James Sensenbrenner (R-Wisc.) sent a letter to Department of Homeland Security Secretary Janet Napolitano encouraging her to fully implement our national ID law, the REAL ID Act of 2005.
The deadline for state implementation of the national ID law lapsed nearly three years ago. Half the states in the country have affirmatively barred themselves from implementing REAL ID or they have passed resolutions objecting to the national ID law. But the Department of Homeland Security has repeatedly extended the deadline and reduced the compliance bar to suggest progress on the flagging national ID effort. With another faux implementation deadline looming in May, the DHS is almost certain to issue a blanket extension of the compliance deadline again soon.
Smith, King, and Sensenbrenner don’t want that to happen. They cite the arrest of Khalid Aldawsari in Texas as a reason for “immediate implementation of REAL ID.”
According to the government’s affidavit, Aldawsari planned to acquire a false birth certificate and multiple false drivers licenses, assumedly to assist in his getaway after executing his formative bombing plans. But if you read the affidavit, you can see just how remote and speculative his use of any false identification is compared to the real acts that go into his plans. You can also see the web of identifiers that law enforcement use to effectively track and surveil their targets, including phone numbers, license plates, physical addresses, immigration records, email addresses, and Internet Protocol addresses. Aldawsari was nowhere near slipping through the net, and having a false driver’s license would have made no difference after a North Carolina chemical supply company reported to the FBI his suspicious attempt to purchase the chemical phenol. Nor would false identification have made a difference had he succeeded in an attack of any significance.
Having a national ID is the fantastical way of addressing the fantastical part of Aldawsari’s alleged plot. Thankfully, the real plot was disrupted using real law enforcement techniques, which include the reporting of suspicious behavior and narrowly targeted, lawful surveillance.
TSA’s Pistole Says ‘Risk-Based,’ Means ‘Privacy Invasive’
There is one thing you can take to the bank from TSA administrator John Pistole’s statement that he wants to shift to “risk-based” screening at airports: it hasn’t been risk-based up to now. That’s a welcome concession because, as I’ve said before, the DHS and its officials routinely mouth risk terminology, but rarely subject themselves to the rigor of actual risk analysis.
What Administrator Pistole envisions is nothing new. It’s the idea of checking the backgrounds of air travelers more deeply, attempting to determine which of them present less of a threat and which prevent more. That opens security holes that the risk-averse TSA is unlikely to actually tolerate, and it has significant privacy and Due Process consequences, including migration toward a national ID system.
I wrote about one plan for a “trusted traveler”-type system recently. As the details of what Pistole envisions emerge, I’ll look forward to reviewing it.
The DHS Privacy Committee published a document several years ago that can help Pistole with developing an actual risk-based system and with managing its privacy consequences. The Privacy Committee itself exists to review programs like these, but has not been used for this purpose recently despite claims that it has.
If Pistole wants to shift to risk-based screening, he should require a full risk-based study of airport screening and publish it so that the public, commentators, and courts can compare the actual security benefits of the TSA’s policies with their costs in dollars, risk transfer, privacy, and constitutional values.
Shades of Warning: What It Means to Inform
Ben Friedman helpfully supplies more information to go with my positive reaction to the Department of Homeland Security’s decision to scrap color-coded threat warnings.
Our colloquy leaves somewhat open what should replace color-coding. Because most threat warnings are false alarms, and because exhortations to vigilance will tend toward the vagueness of the color-coding system, Ben hopes “DHS winds up being tighter-lipped.”
His points are good ones, but they don’t dissuade me from my belief that DHS should “begin informing the public fully about threats and risks known to the U.S. government.”
The right answer here centers on who is better at digesting threat information—experts in the national security bureaucracy or the public?
There is a great deal of expertise in the U.S. government focused on turning up threat information and digesting it for policymakers. However, that expertise has limits, often manifested as threat inflation, as Ben notes, and as myopia. Daniel Patrick Moynihan’s Secrecy: The American Experience illustrates the latter well (especially the edition with Richard Gid Powers’ fine introduction).
The public consists of hundreds of millions of subject matter experts in every walk of life. They include owners and operators of all our infrastructure, reporters and commentators in the professional and amateur press, academics, state and local law enforcement personnel, information networks, and social networks of all kinds. We have security-interested folk in the hundreds of millions spread out across the land, all in regular communication with each other. We’re a tremendously powerful information processing machine. I believe this public can do a better job of digesting threat information than “experts,” particularly when it comes to terrorism threats, which can—theoretically, at least—manifest themselves pretty much anywhere.
Warning Without Color
Jim Harper noted yesterday that the Department of Homeland Security (after lengthy review) has decided to scrap its color-coded alert system. The change is long overdue–the alerts implied, absurdly, that danger was equally distributed across the nation. The fact that the Department never used the blue and green threat levels (general and low risk), which most accurately describe the true danger most Americans face from terrorism, showed the systems’ inherent threat inflation. Eventually, everyone started ignoring the threat level, officials stopped changing it, and system became a charade.
Jim argues that, in place of the colors, the Department should inform “the public fully about threats and risks known to the U.S. government,” treating us like adults with a shared responsibility for protecting ourselves. According to a report from the National Journal‘s Chris Storm, DHS agrees, sort of. Storm links to a DHS document on the new warning policy, which states:
- DHS will implement a new system that is built on a clear and simple premise: When a threat develops that could impact the public, we will tell you. We will provide whatever information we can so you know how to protect yourselves, your families, and your communities.
- The new system reflects the reality that we must always be on alert and be ready. When we have information about a specific, credible threat, we will issue a formal alert providing as much information as we can.
- Depending on the nature of the threat, the alert may be limited to a particular audience, like law enforcement, or a segment of the private sector, like shopping malls or hotels.
- Or, the alert may be issued more broadly to the American people, distributed — through a statement from DHS — by the news media and social media channels.
- The alerts will be specific to the threat. They may ask you to take certain actions, or to look for specific suspicious behavior. And they will have an end date.
- This new system is built on the common-sense belief that we are all in this together — that we all have a role to play — and it was developed in that same collaborative spirit.
And Good Riddance…
The Department of Homeland Security is scrapping the color-coded terror alert system. The color-code system meant to serve as a way of keeping the public informed, but because it signaled some ambiguous sense of “threat” without providing a scintilla of information the public could use, it merely kept Americans ignorant and addled.
Scrapping the color-coded threat system is only the beginning. The next step is to begin informing the public fully about threats and risks known to the U.S. government. We’re adults. We can handle it. In fact, we can help.
Prediction: DHS Programs Will Create Privacy Concerns in 2011
The holiday travel season this year revealed some of the real defects in the Transportation Security Administration’s new policy of subjecting select travelers to the “option” of going through airport strip-search machines or being subjected to an intrusive pat-down more akin to a groping. Anecdotes continue to come forth, including the recent story of a rape victim who was arrested at an airport in Austin, TX after refusing to let a TSA agent feel her breasts.
Meanwhile, the Department of Homeland Security is working on the “next big thing”: body-scanning everywhere. This “privacy impact assessment” from DHS’s Science and Technology Directorate details a plan to use millimeter wave—a technology in strip-search machines—along with other techniques, to examine people from a distance, not just at the airport but anywhere DHS wants.
With time to observe TSA procedures this holiday season, I’ve noticed that it takes a very long time to get people through strip-search machines. In Milwaukee, the machines were cordoned off and out of use the Monday after Christmas Day because they needed to get people through. Watch for privacy concerns and sheer inefficiency to join up when TSA pushes forward with universal strip/grope requirements.
And the issue looks poised to grow in the new year. Republican ascendancy in the House coincides with their increasing agitation about this government security excess.
I’ll be speaking at an event next Thursday, January 6th, called ”The Stripping of Freedom: A Careful Scan of TSA Security Procedures.” It’s hosted by the Electronic Privacy Information Center (EPIC) at the Carnegie Institute for Science in Washington, DC.
EPIC recently wrote a letter asking Homeland Security Secretary Janet Napolitano to task the DHS Privacy Committee (or “DPIAC,” on which I serve) with studying the impact of the body scanner program on individuals’ constitutional and statutory rights:
The TSA’s deployment of body scanners as the primary screening technique in American airports has raised widespread public concerns about the protection of privacy. It is difficult to imagine that there is a higher priority issue for the DPIAC in 2011 than a comprehensive review of the TSA airport body scanner program.
Will the Secretary ask her expert panel for a thorough documented review? Wait and see.
Whatever happens there, privacy concerns with DHS programs will be big in 2011.
TSA’s Strip/Grope: Unconstitutional?
Writing in the Washington Post, George Washington University law professor Jeffrey Rosen carefully concludes, “there’s a strong argument that the TSA’s measures violate the Fourth Amendment, which prohibits unreasonable searches and seizures.” The strip/grope policy doesn’t carefully escalate through levels of intrusion the way a better designed program using more privacy protective technology could.
It’s a good constutional technician’s analysis. But Professor Rosen doesn’t broach one of the most important likely determinants of Fourth Amendment reasonableness: the risk to air travel these searches are meant to reduce.
Writing in Politico last week, I pointed out that there have been 99 million domestic flights in the last decade, transporting seven billion passengers. Not one of these passengers snuck a bomb onto a plane and detonated it. Given that this period coincides with the zenith of Al Qaeda terrorism, this suggests a very low risk.
Proponents of the TSA’s regime point out that threats are very high, according to information they have. But that trump card—secret threat information—is beginning to fail with the public. It would take longer, but would eventually fail with courts, too.
But rather than relying on courts to untie these knots, Congress should subject TSA and the Department of Homeland Security to measures that will ultimately answer the open risk questions: Require any lasting security measures to be justified on the public record with documented risk management and cost-benefit analysis. Subject such analyses to a standard of review such as the Adminstrative Procedure Act’s “arbitrary and capricious” standard. Indeed, Congress might make TSA security measures APA notice-and-comment rules, with appropriate accomodation for (truly) temporary measures required by security exigency.
Claims to secrecy are claims to power. Congress should withdraw the power of secrecy from the TSA and DHS, subjecting these agencies to the rule of law.
Cato on Facebook
Cato on Twitter
Cato on Google+
Cato on YouTube
