I dislike our national obsession with anniversaries and tendency to convert solemn occasions into maudlin ones; to fetishize perceived collective victimization rather than simply recognizing real victims. That kept me from joining in the outpouring of September 11 reflection, now mercifully receding. But I have reflections on the reflections.

The anniversary commentary has, happily, included widespread consideration of the notion that we overreacted to the attacks and did al Qaeda a favor by overestimating their power and making it easier for them to terrorize. Even the Wall Street Journal allowed some of the bigwigs they invited to answer their question of whether we overreacted to the attacks to say, “yes, sort of.”

Unsurprisingly, however, the Journal’s contributors, like almost every other commentator out there, did not define overreaction. It’s easy and correct to say we’ve wasted dollars and lives in response to September 11 but harder to answer the question of how much counterterrorism is too much. So this post explains how to do that, and then considers common objections to the answer.

That answer has to start with cost-benefit analysis. As I put it in my essay in Terrorizing Ourselves, a government overreaction to danger is a policy that fails cost-benefit analysis and thus does more harm than good. But when we speak of harm and good, we have to leave room for goods, like our sense of justice, that are harder to quantify.

Cost-benefit analysis of counterterrorism policies requires first knowing what a policy costs, then estimating how many people terrorists would kill absent that policy, which can involve historical and cross-national comparisons, and finally converting those costs and benefits into a common metric, usually money. Having done that analysis, you have a cost-per-life-saved-per-policy, which can be thought of as the value a policy assigns to a statistical life—the price we have decided to pay to save a life from the harm the policy aims to prevent.

Then you need to know if that price is too high. One way to do so, preferred by economists, is to compare the policy’s life value to the value that the target population uses in their life choices (insurance purchases, salary for hazardous work, and so on). These days, in the United States, a standard range for the value of a statistical life is four to eleven million dollars. If a policy costs more per life saved than that, the market value of a statistical life, then the government could probably produce more longevity by changing or ending the policy. A related concept is risk-risk or health-health analysis, which says that at some cost, a policy will cost more lives than it saves by destroying wealth used for health care and other welfare-enhancing activities. One calculation of that cost, from 2000, is $15 million.

In a new book, Terror, Security, and Money: Balancing the Risks, Benefits, and Costs of Homeland Security,* John Mueller and Mark Stewart use this approach to analyze U.S. counterterrorism’s cost-effectiveness, generating a range of estimates for lives saved for various counterterrorism activities. I haven’t yet read the published book, but in articles that form its basis, they found that most counterterrorism policies, and overall homeland security spending, spend exponentially more per-life saved than what regulatory scholars consider cost-effective.

That is a strong indication that we are overreacting to terrorism. It is not the end of the necessary analysis however, since it leaves open the possibility that counterterrorism has benefits beyond safety that justify its costs. More on that below.

Objections to this mode of analysis have four varieties. First, people have a visceral objection to valuing human life in dollars. But as I just tried to explain, policies themselves make such valuations, trading lives lost in one way for lives lost in another. So this objection amounts to an unconvincing plea to keep such tradeoffs secret and make policy in the dark.

Second, people challenge the benefit side of the ledger by arguing that terrorists are actually far more dangerous than the data says. Analysts say that weapons of mass destruction mean that future terrorists will kill far more than past ones. One response is that you should be suspicious anytime someone tells you that history is no guide to the present. It tends to be the best guide we have, for terrorism and everything else. Our analysis of terrorists’ danger should acknowledge that the last ten years included no mass terrorism, contrary to so many predictions. Another response is that one can, as Mueller and Stewart have, include high-end guesses of possible lives saved to show the upwards bounds of what counterterrorism must accomplish to make it worthwhile. The results tend to be so far-fetched that they demonstrate how excessive these policies are.

A third objection is to claim that some counterterrorism costs are actually terrorism’s costs. Government should spend heavily to avoid terrorism, this logic says, because our reaction to the attacks we would otherwise fail to prevent will cost far more. In other words, if an expensive overreaction is inevitable, it helps justify the seemingly excessive up-front cost of defenses.

One problem with this objection is that it approaches tautology by treating a policy’s cost as its own justification. See, for example, Atlantic writer Jeffrey Goldberg’s recent response to John Mueller’s observation in the Los Angeles Times that more people die annually worldwide from bathtub drowning than terrorism and the article’s suggestion that we might therefore be overreacting to the latter. Goldberg argues, essentially, that we have to overreact to terrorism lest we overreact to terrorism. Then, after his colleague James Fallows points out the logical trouble, Goldberg, without admitting error, switches to argument two above, while failing to acknowledge, let alone respond to, Mueller’s several books and small library of articles shooting that argument down.

Another problem with the inevitable overreaction argument is that overreaction might happen only following rare, shocking occasions like September 11. Future attacks might be accepted without strong demand for more expensive defenses. Moreover, the defenses might not significantly contribute to preventing attacks and overreaction.

The best objection to Mueller and Stewart’s brand of analysis is to point out counterterrorism’s non-safety benefits. The claim here is that terrorism is not just a source of mortality or economic harm, like carcinogens or storms, but political coercion that offends our values and implicates government’s most traditional function. Defenses against human, political dangers provide deterrence and a sense of justice. These benefits may be impossible to quantify. These considerations may justify otherwise excessive counterterrorism costs.

I suspect that Mueller and Stewart would agree that this argument is right except for the last sentence. Its logic serves any policy said to combat terrorism, no matter how expansive and misguided. We may want to pay a premium for our senses of justice and security, but we need cost-benefit analysis to tell us how large that premium now is. Nor should we assume that policies justified by moral or psychological ends actually deliver the goods. Were it the case that our counterterrorism policies greatly reduced public fear and blunted terrorists’ political strategy, they might indeed be worthwhile. But something closer to the opposite appears to be true. Al Qaeda wants overreaction—bragging of bankrupting the United States—and our counterterrorism policies seem as likely to cause alarm as to prevent it.

*Muller and Stewart will discuss their book at a Cato book forum on October 24. Stay tuned for signup information.

(Cross-posted from TNI’s The Skeptics.)

Bathtubs, Terrorists, and Overreaction is a post from Cato @ Liberty - Cato Institute Blog

With the Department of Homeland Security constantly spinning out new projects and programs (plus re-branded old ones) to investigate you, me, and the kitchen sink, it’s sometimes hard to keep up. But I was intrigued with a report that behvaior detection officers are getting another look from the Transportation Security Administration. Behavior detection is the unproven, and so far highly unsuccessful (Rittgers, Harper), program premised on the idea that telltale cues can reliably and cost-effectively indicate intent to do harm at airports.

But there’s a new behavior detection program already underway. Or is it interrogation?

Due to a bottleneck at the magnetometers in one concourse of the San Francisco airport (no strip-search machines!), I recently had the chance to briefly interview a Transportation Security Administration agent about a new security technique he was implementing. As each passenger reached him, he would begin to examine the traveler’s documentation and simultaneously ask the person’s last name. He confirmed to me that the purpose was to detect people who did not immediately, easily, and accurately respond. In thousands of interactions, he would quickly and naturally learn to detect obfuscation on the part of anyone carrying an ID that does not have the last name they usually use.

As a way of helping to confirm identity, it’s a straightforward and sensible technique. Almost everyone knows his or her last name, and quickly and easily repeats it. The average TSA agent with some level of experience will fluently detect people who do not quickly and easily repeat the name on the identity card they carry. The examination is done quickly. This epistemetric check (of a “something-you-know” identifier—see my book, Identity Crisis) occurs during the brief time that the documents are already getting visual examination.

Some people will not repeat their name consistent with custom, of course. The hard of hearing, speakers of foreign languages, people who are very nervous, people who have speech or other communication impediments, and another group of sufferers—recently married women—may exhibit “suspicious” failure to recite their recently changed surnames. Some of these anomalies TSA agents will quickly and easily dismiss as non-suspicious. Others they won’t, and in marginal cases they might use non-suspicious indicia like ethnicity or rudeness to adjudge someone “suspicious.”

The question whether these false positives are a problem depends on the sanction that attaches to suspicion. If a stutterer gets a gauntlet at the airport each time he or she fails to rattle off a name, the cost of the technique grows compared to the value of catching … not the small number of people who travel on false identification—the extremely small number of people who travel on false identification so as to menace air transportation.

We used this and closely related techniques, such as asking a person’s address or the DMV office where a license was issued, at the bar where I worked in college. It did pretty well to ferret out people carrying their older friends’ IDs. Part of the reason it worked well is because our expert doormen could quickly escalate to further inquiry, dismissing their own suspicions or denying entry to the bar very quickly. The cost of getting it wrong was to deny a person entry to the bar and sometimes possession of a license. These are relatively small costs to college students, unlike the many hours in time-costs to a traveler wrongly held up at the airport. According to my interview, suspicion generated this way at the airport requires a call to a supervisor, but I did not learn if secondary search is standard procedure, or if cases are handled some other way.

TSA agents are not doormen at bars, of course, and the subjects they are examining are not college kids out to get their drink on. These are government agents examining citizens, residents, and visitors to the United States as they travel for business and pleasure, often at high cost in dollars and time. The stakes are higher, and when the government uses a security technique like this, a layer of constitutional considerations joins the practical issues and security analysis.

I see three major legal issues with this new technique: Fourth Amendment search and seizure, the Fifth Amendment right against self-incrimination, and Due Process. When questioning joins an ID check at the airport, it’s a deepening of a search that is already constitutionally suspect. The Fifth Amendment issues are interesting because travelers are being asked to confess through their demeanor whether they are lying or telling the truth. It would seem to cross a Fifth Amendment line and the rule against forced self-incrimination. The Due Process issues are serious and fairly straightforward. When a TSA screener makes his or her judgment that a person is not responding consistent with custom and is therefore “suspicious,” these judgement calls allow the screeners to import their prejudices. Record-keeping about suspicion generated using this technique should determine whether administration of this epistemetric check violates constitutional due process in its application.

In its constant effort to ferret out terrorist attacks on air transportation, the TSA is mustering all its imagination. Its programs raise scores of risk management issues, they create constitutional problems, and they are a challenge to our tradition of constitutionally limited government. The threat that a person will use false identification to access a plane, defeating an otherwise working watch-list sytem, to execute some attack is utterly small. At what cost in dollars and American values do we attack that tiny threat?

The founding problem is the impetuous placement of federal government agents in the role of securing domestic passenger aviation. There are areas where government is integral to securing airports, airlines, and all the rest of the country—foreign intelligence and developing leads about criminal plots, for example—but the day-to-day responsibility for securing infrastructure like airports and airplanes should be the responsibility of its owners.

If the TSA were to go away, air security measures might be similar in many respects, but they would be conducted by organizations who must keep travelers happy and safe for their living. The TSA hasn’t anything like private airports’ and airlines’ incentives to balance security with convenience, privacy, cost-savings, and all other dimensions of a satisfactory travel experience. Asking people their names at airport security checkpoints is an interesting technique, and not an ineffective one, but it should probably be scrapped because it provides so little security at a relatively great cost.

Behavior Detection as Interrogation is a post from Cato @ Liberty - Cato Institute Blog

My Washington Examiner column this week is on TSA, the federal agency that’s its own reductio ad absurdum.

In the latest TSA atrocity, the agency forced a wheelchair-bound, 95-year-old leukemia patient to remove her adult diaper, for fear she might be wired to explode. “It’s something I couldn’t imagine happening on American soil,” her distraught daughter told the press: “Here is my mother, 95 years old, 105 pounds, barely able to stand, and then this.”

My God, what is she on about? Proper procedure was followed!

As I point out in the column:

in a classic case of “mission creep,” TSA is taking its show on the road and the rails.

Remember when, pushing his bullet-train boondoggle in the 2011 State of the Union, President Obama cracked that it would let you travel “without the pat-down”? Not funny—also, not true.

Earlier this year, Amtrak passengers in Savannah, Ga., stepped off into a TSA checkpoint. Though the travelers had already disembarked the train, agents made women lift their shirts to check for bra explosives. Two weeks ago, armed TSA and Homeland Security agents hit a bus depot in Des Moines, Iowa, to question passengers and demand their papers.

These raids are the work of TSA’s “Visible Intermodal Prevention and Response” (VIPR or “Viper”) teams—an acronym at once senseless and menacing, much like the agency itself.

All this is happening at a time when al Qaeda looks more harried, pathetic, and weaker than ever. But hey, you can never be too careful, right?

Feel Safer?

Beware the Depends Bomber? is a post from Cato @ Liberty - Cato Institute Blog

Rep. Robert Aderholt (R-AL) is the chairman of the House Appropriations Subcommittee on Homeland Security. That’s the subcommittee that makes spending decisions for the Department of Homeland Security and the programs within it, including the REAL ID Act.

Earlier this month, a constituent of his from Fyffe, Alabama posted a question on Mr. Aderholt’s Facebook page:

Rep. Aderholt, I’ve seen reports that the “REAL ID ACT” will be implemented in May of this year, giving the govt the ability to track every person who has a drivers license via encoded GPS. Is this actually the case and if so, what is the House going to do to stop this Orwellian infringement of our Liberty. Also, HOW could this have happened in the first place!

Mr. Aderholt has not replied.

But Right Side News recently reported on a hearing in which DHS Secretary Janet Napolitano presented her agency’s budget request. The DHS has not requested funds for implementing REAL ID. But according to the report, Chairman Aderholt “pointedly reminded” the committee of the need for funding of REAL ID.

It is good of Representative Aderholt to give his constituents a means to contact him and to invite public discussion of the issues. It’s an open question whether he will listen more closely to the voice of his constituents or to influences in Washington, D.C. who would like to see law-abiding American citizens herded into a national ID system.

Does Rep. Aderholt Support or Oppose Having a National ID? is a post from Cato @ Liberty - Cato Institute Blog

Until now, Florida has not been one of the states to buck the federal government’s national ID mandate, established in the REAL ID Act of 2005. A pair of grand jury reports in 2002 had moved the state to tighten its driver licensing processes prior to any federal action, so it was already doing many of the things that the Department of Homeland Security is now seeking to require of states in the name of REAL ID.

Full compliance with REAL ID remains a distant hope, so DHS has set out a list of 18 “milestones,” progress toward which it is treating as REAL ID compliance. Full compliance with REAL ID includes putting driver information into a network for nationwide information sharing—including scanned copies of basic identity documents. It includes giving all licensees and ID holders a nationally uniform driver’s license or ID card so their identity can be checked at airports, federal facilities, and wherever the Secretary of Homeland Security determines to have federal checkpoints.

Again, the state of Florida meets DHS’ milestones. Starting from an already strict driver licensing regime, the state’s bureaucrats have been doing (and asking the legislature to do) things that match up with the requirements of the national ID law. But now, thanks to the work of Florida’s Tenth Amendment Center, Floridians Against REAL ID, and others, the legislature is beginning to pay attention.

Why is it so hard for law-abiding citizens and residents of Florida to get or renew their licenses? What kinds of barriers to progress are being thrown in front of lawful immigrants from Haiti, who haven’t the documentation required to get a license and thus a job?

Rep. Geraldine Thompson (D-Orlando) has lived in Florida since 1955 and was elected to the Florida legislature in 2006. She was born in New Orleans and is not able to get a copy of her birth certificate. The Florida Department of Motor Vehicles would not accept her Florida House ID card as proof of her identity!

Several members of the Florida legislature are concerned that the state is scanning and databasing the basic identity documents of Floridians, exposing those documents and the people of Florida to unknown cybersecurity risks. If these databases were hacked, Floridians’ data would be treasure trove for identity fraud. A breach of an entire state’s identity data could collapse the system we now rely on to know who people are. This is not an improvement in security for Floridians.

Florida’s Cuban ex-pat population has some idea of what could result if they were herded into a national identity system. They are too familiar with central government control of access to goods, services, employment, and other essentials of life. Advocates of national ID systems here in the United States have already argued for using REAL ID to control access to employment, to financial services and credit, to medicines, to housing, and more.

In my testimony to the Florida legislature, I noted that the federal government is impotent to enforce REAL ID. The political costs of a DHS attack on air travel (if it refused to recognize drivers’ licenses from non-compliant states at airport checkpoints) would be too high. Indeed, word is spreading that DHS will soon extend the REAL ID deadline once again.

What’s clear from my visit to Florida is that legislators there respond to what they hear from their constituents. It’s unclear what the Florida legislature will do to reassert control of its driver licensing policy from the concerted action of the federal government and its motor vehicle bureaucrats.

One of the questions they might ask is, “Who committed Florida to comply with REAL ID?” That’s item number seventeen in the DHS’ eighteen-point material compliance checklist.

Is the REAL ID Rebellion Coming to Florida? is a post from Cato @ Liberty - Cato Institute Blog

The zeitgeist on Capitol Hill in Washington, D.C. may be for limited, constitutional government, but that doesn’t mean that big-government conservatives aren’t going to use the reprieve voters gave Republicans in the fall to once again advance big-government goals. On Monday, House Judiciary Committee Chairman Lamar Smith (R-Texas), Homeland Security Committee Chairman Peter King (R-N.Y.) and Crime, Terrorism, and Homeland Security Subcommittee Chairman James Sensenbrenner (R-Wisc.) sent a letter to Department of Homeland Security Secretary Janet Napolitano encouraging her to fully implement our national ID law, the REAL ID Act of 2005.

The deadline for state implementation of the national ID law lapsed nearly three years ago. Half the states in the country have affirmatively barred themselves from implementing REAL ID or they have passed resolutions objecting to the national ID law. But the Department of Homeland Security has repeatedly extended the deadline and reduced the compliance bar to suggest progress on the flagging national ID effort. With another faux implementation deadline looming in May, the DHS is almost certain to issue a blanket extension of the compliance deadline again soon.

Smith, King, and Sensenbrenner don’t want that to happen. They cite the arrest of Khalid Aldawsari in Texas as a reason for “immediate implementation of REAL ID.” 

According to the government’s affidavit, Aldawsari planned to acquire a false birth certificate and multiple false drivers licenses, assumedly to assist in his getaway after executing his formative bombing plans. But if you read the affidavit, you can see just how remote and speculative his use of any false identification is compared to the real acts that go into his plans. You can also see the web of identifiers that law enforcement use to effectively track and surveil their targets, including phone numbers, license plates, physical addresses, immigration records, email addresses, and Internet Protocol addresses. Aldawsari was nowhere near slipping through the net, and having a false driver’s license would have made no difference after a North Carolina chemical supply company reported to the FBI his suspicious attempt to purchase the chemical phenol. Nor would false identification have made a difference had he succeeded in an attack of any significance.

Having a national ID is the fantastical way of addressing the fantastical part of Aldawsari’s alleged plot. Thankfully, the real plot was disrupted using real law enforcement techniques, which include the reporting of suspicious behavior and narrowly targeted, lawful surveillance.

Terror Arrest Does Not Justify REAL ID Revival is a post from Cato @ Liberty - Cato Institute Blog

There is one thing you can take to the bank from TSA administrator John Pistole’s statement that he wants to shift to “risk-based” screening at airports: it hasn’t been risk-based up to now. That’s a welcome concession because, as I’ve said before, the DHS and its officials routinely mouth risk terminology, but rarely subject themselves to the rigor of actual risk analysis.

What Administrator Pistole envisions is nothing new. It’s the idea of checking the backgrounds of air travelers more deeply, attempting to determine which of them present less of a threat and which prevent more. That opens security holes that the risk-averse TSA is unlikely to actually tolerate, and it has significant privacy and Due Process consequences, including migration toward a national ID system. 

I wrote about one plan for a “trusted traveler”-type system recently. As the details of what Pistole envisions emerge, I’ll look forward to reviewing it.

The DHS Privacy Committee published a document several years ago that can help Pistole with developing an actual risk-based system and with managing its privacy consequences. The Privacy Committee itself exists to review programs like these, but has not been used for this purpose recently despite claims that it has.

If Pistole wants to shift to risk-based screening, he should require a full risk-based study of airport screening and publish it so that the public, commentators, and courts can compare the actual security benefits of the TSA’s policies with their costs in dollars, risk transfer, privacy, and constitutional values.

TSA’s Pistole Says ‘Risk-Based,’ Means ‘Privacy Invasive’ is a post from Cato @ Liberty - Cato Institute Blog

Ben Friedman helpfully supplies more information to go with my positive reaction to the Department of Homeland Security’s decision to scrap color-coded threat warnings.

Our colloquy leaves somewhat open what should replace color-coding. Because most threat warnings are false alarms, and because exhortations to vigilance will tend toward the vagueness of the color-coding system, Ben hopes “DHS winds up being tighter-lipped.”

His points are good ones, but they don’t dissuade me from my belief that DHS should “begin informing the public fully about threats and risks known to the U.S. government.”

The right answer here centers on who is better at digesting threat information—experts in the national security bureaucracy or the public?

There is a great deal of expertise in the U.S. government focused on turning up threat information and digesting it for policymakers. However, that expertise has limits, often manifested as threat inflation, as Ben notes, and as myopia. Daniel Patrick Moynihan’s Secrecy: The American Experience illustrates the latter well (especially the edition with Richard Gid Powers’ fine introduction).

The public consists of hundreds of millions of subject matter experts in every walk of life. They include owners and operators of all our infrastructure, reporters and commentators in the professional and amateur press, academics, state and local law enforcement personnel, information networks, and social networks of all kinds. We have security-interested folk in the hundreds of millions spread out across the land, all in regular communication with each other. We’re a tremendously powerful information processing machine. I believe this public can do a better job of digesting threat information than “experts,” particularly when it comes to terrorism threats, which can—theoretically, at least—manifest themselves pretty much anywhere.

The public constantly digests risk and threat information from other walks of life. We digest information about ordinary crime, health and disease, finance and investment, driving and walking, etc., etc. There is nothing about terrorism that disables the public from making judgments about threat information and incorporating it into daily life. People can figure out what matters and what does not, and they can apply information in the spheres they know.

When I say “fully inform,” I don’t argue for broadcasting every speck of information the U.S. government collects. There are limited domains in which information sharing will reveal sources and methods, undercutting access to future information. Appropriate caveats are part of ”fully” informing, of course. Natural pressure will cause too speculative threats to be winnowed from public release. But even opening a firehose will get people the water they need to drink.

Tight lips sink ships. The presumption should fall in favor of sharing information with the public. After a period of adjustment lasting from months to a year or more, the American information system would incorporate open threat information into daily life, and the country would be more secure. People made confident by the ability to consume and respond to threat information will feel more secure, which is the other half of what security is all about.

Shades of Warning: What It Means to Inform is a post from Cato @ Liberty - Cato Institute Blog

Jim Harper noted yesterday that the Department of Homeland Security (after lengthy review) has decided to scrap its color-coded alert system. The change is long overdue–the alerts implied, absurdly, that danger was equally distributed across the nation. The fact that the Department never used the blue and green threat levels (general and low risk), which most accurately describe the true danger most Americans face from terrorism, showed the systems’ inherent threat inflation. Eventually, everyone started ignoring the threat level, officials stopped changing it, and system became a charade.

Jim argues that, in place of the colors, the Department should inform “the public fully about threats and risks known to the U.S. government,” treating us like adults with a shared responsibility for protecting ourselves. According to a report from the National Journal‘s Chris Storm, DHS agrees, sort of.  Storm links to a DHS document on the new warning policy, which states:

• DHS will implement a new system that is built on a clear and simple premise: When a threat develops that could impact the public, we will tell you.  We will provide whatever information we can so you know how to protect yourselves, your families, and your communities.

• The new system reflects the reality that we must always be on alert and be ready.  When we have information about a specific, credible threat, we will issue a formal alert providing as much information as we can.

• Depending on the nature of the threat, the alert may be limited to a particular audience, like law enforcement, or a segment of the private sector, like shopping malls or hotels.

• Or, the alert may be issued more broadly to the American people, distributed — through a statement from DHS — by the news media and social media channels.

• The alerts will be specific to the threat.  They may ask you to take certain actions, or to look for specific suspicious behavior.  And they will have an end date.

• This new system is built on the common-sense belief that we are all in this together — that we all have a role to play — and it was developed in that same collaborative spirit.

The first bullet point embraces maximum information sharing, but things get hazier after that. In the end, it’s not clear when DHS will warn all of us, warn some of us, or just warn police. Nor do we get much indication about what information warnings will include. Unlike Jim, though, I think that’s fine. Actually, there are a couple reasons why I hope DHS winds up being tighter-lipped.

First, most threat warnings are false alarms. A government that publicized every warning received by intelligence agencies would swamp the public with confusing and frightening information that people would have to learn to ignore. Better to reveal only intelligence that has been vetted.

Second, the theory of providing the public maximum information about danger (often a cover for the CYA imperative to have warned the public if an attack does occur) in practice easily degenerates into vague exhortations to be vigilant, which are almost as bad as the color-coded threat warnings. The difficulty is that the threat information is vague and that authorities worry that revealing too much detail will give away sources. The warning issued to Americans going to Europe last October, is an example, as I discussed here.

Given that such general warnings create false leads, cancelled travel, anxiety, and harassment, they may do more harm than good.  In response to this argument, people point to the vigilant airline passengers who subdued the shoe and underwear bombers or the Times Square vendors who called the cops after Faisal’s Shazhad’s car failed to explode. But, at least since 2001, we hardly need the government to tell us to respond to people lighting their underwear on fire on international flights or cars burnings in Times Square. The theory that increased public vigilance is always a good thing needs testing.

Warning Without Color is a post from Cato @ Liberty - Cato Institute Blog

The Department of Homeland Security is scrapping the color-coded terror alert system. The color-code system meant to serve as a way of keeping the public informed, but because it signaled some ambiguous sense of “threat” without providing a scintilla of information the public could use, it merely kept Americans ignorant and addled.

Scrapping the color-coded threat system is only the beginning. The next step is to begin informing the public fully about threats and risks known to the U.S. government. We’re adults. We can handle it. In fact, we can help.

And Good Riddance… is a post from Cato @ Liberty - Cato Institute Blog

The holiday travel season this year revealed some of the real defects in the Transportation Security Administration’s new policy of subjecting select travelers to the “option” of going through airport strip-search machines or being subjected to an intrusive pat-down more akin to a groping. Anecdotes continue to come forth, including the recent story of a rape victim who was arrested at an airport in Austin, TX after refusing to let a TSA agent feel her breasts.

Meanwhile, the Department of Homeland Security is working on the “next big thing”: body-scanning everywhere. This “privacy impact assessment” from DHS’s Science and Technology Directorate details a plan to use millimeter wave—a technology in strip-search machines—along with other techniques, to examine people from a distance, not just at the airport but anywhere DHS wants.

With time to observe TSA procedures this holiday season, I’ve noticed that it takes a very long time to get people through strip-search machines. In Milwaukee, the machines were cordoned off and out of use the Monday after Christmas Day because they needed to get people through. Watch for privacy concerns and sheer inefficiency to join up when TSA pushes forward with universal strip/grope requirements.

And the issue looks poised to grow in the new year. Republican ascendancy in the House coincides with their increasing agitation about this government security excess.

I’ll be speaking at an event next Thursday, January 6th, called ”The Stripping of Freedom: A Careful Scan of TSA Security Procedures.” It’s hosted by the Electronic Privacy Information Center (EPIC) at the Carnegie Institute for Science in Washington, DC.

EPIC recently wrote a letter asking Homeland Security Secretary Janet Napolitano to task the DHS Privacy Committee (or “DPIAC,” on which I serve) with studying the impact of the body scanner program on individuals’ constitutional and statutory rights:

The TSA’s deployment of body scanners as the primary screening technique in American airports has raised widespread public concerns about the protection of privacy. It is difficult to imagine that there is a higher priority issue for the DPIAC in 2011 than a comprehensive review of the TSA airport body scanner program.

Will the Secretary ask her expert panel for a thorough documented review? Wait and see.

Whatever happens there, privacy concerns with DHS programs will be big in 2011.

Prediction: DHS Programs Will Create Privacy Concerns in 2011 is a post from Cato @ Liberty - Cato Institute Blog

Writing in the Washington Post, George Washington University law professor Jeffrey Rosen carefully concludes, “there’s a strong argument that the TSA’s measures violate the Fourth Amendment, which prohibits unreasonable searches and seizures.” The strip/grope policy doesn’t carefully escalate through levels of intrusion the way a better designed program using more privacy protective technology could.

It’s a good constutional technician’s analysis. But Professor Rosen doesn’t broach one of the most important likely determinants of Fourth Amendment reasonableness: the risk to air travel these searches are meant to reduce.

Writing in Politico last week, I pointed out that there have been 99 million domestic flights in the last decade, transporting seven billion passengers. Not one of these passengers snuck a bomb onto a plane and detonated it. Given that this period coincides with the zenith of Al Qaeda terrorism, this suggests a very low risk.

Proponents of the TSA’s regime point out that threats are very high, according to information they have. But that trump card—secret threat information—is beginning to fail with the public. It would take longer, but would eventually fail with courts, too.

But rather than relying on courts to untie these knots, Congress should subject TSA and the Department of Homeland Security to measures that will ultimately answer the open risk questions: Require any lasting security measures to be justified on the public record with documented risk management and cost-benefit analysis. Subject such analyses to a standard of review such as the Adminstrative Procedure Act’s “arbitrary and capricious” standard. Indeed, Congress might make TSA security measures APA notice-and-comment rules, with appropriate accomodation for (truly) temporary measures required by security exigency.

Claims to secrecy are claims to power. Congress should withdraw the power of secrecy from the TSA and DHS, subjecting these agencies to the rule of law.

TSA’s Strip/Grope: Unconstitutional? is a post from Cato @ Liberty - Cato Institute Blog

Libertarians often debate whether conservatives or liberals are more friendly to liberty. We often fall back on the idea that conservatives tend to support economic liberties but not civil liberties, while liberals support civil liberties but not economic liberties — though this old bromide hardly accounts for the economic policies of President Bush or the war-on-drugs-and-terror-and-Iraq policies of President Obama.

Score one for the conservatives in the surging outrage over the Transportation Security Administration’s new policy of body scanners and intimate pat-downs. You gotta figure you’ve gone too far in the violation of civil liberties when you’ve lost Rick Santorum, George Will, Kathleen Parker, and Charles Krauthammer. (Gene Healy points out that conservatives are reaping what they sowed.)

Meanwhile, where are the liberals outraged at this government intrusiveness? Where is Paul Krugman? Where is Arianna? Where is Frank Rich? Where is the New Republic? Oh sure, civil libertarians like Glenn Greenwald have criticized TSA excesses. But mainstream liberals have rallied around the Department of Homeland Security and its naked pictures: Dana Milbank channels John (“phantoms of lost liberty”) Ashcroft: “Republicans are providing the comfort [to our enemies]. They are objecting loudly to new airport security measures.” Ruth Marcus: “Don’t touch my junk? Grow up, America.” Eugene Robinson: “Be patient with the TSA.” Amitai Etzioni in the New Republic: “In defense of the ‘virtual strip-search.’” And finally, the editors of the New York Times: ”attacks are purely partisan and ideological.”

Could this just be a matter of viewing everything through a partisan lens? Liberals rally around the DHS of President Obama and Secretary Napolitano, while conservatives criticize it? Maybe. And although Slate refers to the opponents of body-scanning as “paranoid zealots,” that term would certainly seem to apply to apply to Mark Ames and Yasha Levine of the Nation, who stomp their feet, get red in the face, and declare every privacy advocate from John Tyner (“don’t touch my junk”) on to be “astroturf” tools of “Washington Lobbyists and Koch-Funded Libertarians.” (Glenn Greenwald took the article apart line by line.)

Most Americans want to be protected from terrorism and also to avoid unnecessary intrusions on liberty, privacy, and commerce. Security issues can be complex. A case can be made for the TSA’s new procedures. But it’s striking to see how many conservatives think the TSA has gone too far, and how dismissive — even contemptuous — liberals are of rising concerns about liberty and privacy.

Conservatives, Liberals, and the TSA is a post from Cato @ Liberty - Cato Institute Blog

Washington Times reporter Shaun Waterman has a characteristically excellent article out today about U.S. cybersecurity authorities failing to secure their own systems.

According to a new report by government auditors, systems at the U.S. Computer Emergency Readiness Team (US-CERT), part of the Department of Homeland Security, were not maintained with updates and security patches in a timely fashion and as a result were riddled with vulnerabilities that hackers could exploit.

Time and again, people look to government intervention based on what they imagine government might do under ideal conditions. Real conditions produce far weaker results.

We’re better off distributing the problem of data, network, and computer security among all the self-interested actors in the country—fallible as they are. We should not abandon the problem to a central authority whose failure fails us all.

And You Look to Government for Cybersecurity? is a post from Cato @ Liberty - Cato Institute Blog

The Washington Post reports today on an article coming out in Foreign Affairs in which Deputy Defense Secretary William J. Lynn III reveals a successful 2008 intrusion into military computer systems. Malicious code placed on a thumb drive by a foreign intelligence agency uploaded itself onto a network run by the U.S. military’s Central Command and propagated itself across a number of domains.

The Post article says that Lynn “puts the Homeland Security Department on notice that although it has the ‘lead’ in protecting the dot.gov and dot.com domains, the Pentagon — which includes the ultra-secret National Security Agency — should support efforts to protect critical industry networks.”

The failure of the military to protect its own systems creates an argument for it to have preeminence in protecting private computer infrastructure? Perhaps the Department of Homeland Security will reveal how badly it has been hacked in order to regain the upper hand in the battle to protect us.

We Fail More—So Put Us in Charge is a post from Cato @ Liberty - Cato Institute Blog

The Associated Press is reporting that persons filing requests under the Freedom of Information Act (FOIA) with the Department of Homeland Security during the last year faced scrutiny beyond what the law requires.

Career employees were ordered to provide Secretary Janet Napolitano’s political staff with information about the people who asked for records — such as where they lived, whether they were private citizens or reporters — and about the organizations where they worked.

If a member of Congress sought such documents, employees were told to specify Democrat or Republican.

This, despite President Barack Obama’s statement that federal workers should “act promptly and in a spirit of cooperation” under FOIA, and Attorney General Eric Holder’s assertion: “Unnecessary bureaucratic hurdles have no place in the new era of open government.”

The White House separately reviewed FOIA requests to see documents about spending under the $862 billion stimulus law. Read the whole thing.

DHS FOIbles is a post from Cato @ Liberty - Cato Institute Blog

Behavioral screening is a useful tool in deterring and preventing terrorist attacks. As I noted in this piece at Politico, a border patrol agent successfully used behavioral screening to stop the would-be Millennium Bomber. She noticed something “hinky” about a man driving south across the Canadian border. That “hinky” – fidgety and nervous behavior when asked routine customs questions – exposed a car full of explosives intended for the passenger terminal of Los Angeles International Airport.

Two items from the USA Today travel section highlight some mixed results with TSA behavioral screening. Today’s edition reports that behavioral screening, applied by Behavioral Detection Officers (BDOs) missed at least 16 people later linked to terror plots. On the other side of the equation, false positives can impose burdens on those who are nervous or upset for reasons other than terrorism aspirations.

The TSA Blog defended the program: “If you’re one of those travelers that gets frazzled easily (not hard to do at airports), you have no reason to worry. BDOs set a baseline based on the normal airport behavior and look for behaviors that go above that baseline. So if you’re stressing about missing a flight, that’s not a guaranteed visit from the BDOs.”

That would be reassuring if yesterday’s travel section hadn’t revealed that TSA screeners are keeping a list of those who get upset at intrusive screening procedures. “Airline passengers who get frustrated and kick a wall, throw a suitcase or make a pithy comment to a screener could find themselves in a little-known Homeland Security database.”

Of course, we can take comfort from the words of a TSA screener to security expert Bruce Schneier. “This isn’t the sort of job that rewards competence, you know.”

TSA Behavioral Screening is a post from Cato @ Liberty - Cato Institute Blog

Here’s a window onto the upside-down way government spending works. The Department of Homeland Security has sent a letter to states begging them to spend federally provided money on implementing REAL ID, the national ID law.

“DHS is regularly asked by members of Congress, as well as the Office of Management and Budget, if these funds are needed by the states, and whether these funds should be reallocated to other efforts,” writes Juliette Kayyam of DHS’ Office of Intergovernmental Affairs. “As both the states and the Federal government face increasingly tough budgeting decisions, it is more important than ever that these available funds be utilized.”

That’s right: Tough budget times make it imperative to spend more money.

States don’t want to implement REAL ID, and the American people don’t want a national ID, but the DHS bureaucracy is rattling cages to try to get money spent purely for the sake of spending. It’s flabbergasting.

DHS to States: Pleeease Spend This Money! is a post from Cato @ Liberty - Cato Institute Blog

The controversy over America’s immigration policy does not allow for easy answers, as the post below by Roger Pilon demonstrates. Even among those of us who advocate limited government and free markets, there is room for debate about what our immigration policy should be and the order in which needed reforms should be pursued.

Roger gives a welcome nod to the argument for “a serious guest-worker program,” which I’ve argued is essential to any successful reform effort. He also acknowledges that its implementation should be in concert with serious enforcement rather than delayed indefinitely by demands that we “control the border first.”

One place where I differ with my dear colleague is in his assertion that: “We no longer control our southern border, and Congress seems unable or unwilling to do anything about it.”

I’m not sure there ever was a time, at least in recent decades, that the U.S. government exerted “control” over the southern border in the sense that illegal entry was largely prevented. Sealing a 2,000-mile border remains a daunting challenge to those who advocate it.

If anything, our border with Mexico is more under control today than at any time in recent years. According to estimates by the Pew Hispanic Center and the Department of Homeland Security, the number of people living in the United States illegally has dropped by more than 1 million in the past two years. That strongly implies that the net inflow of illegal immigrants across the border has declined sharply.

The main reason for the drop in net illegal immigration is probably the recession, but increased enforcement has arguably played a role as well. According to a recent paper by Dr. Raul Hinojosa-Ojeda of UCLA, the federal government has dramatically increased the resources it spends to “control the border.”

Consider: The U.S. Border Patrol’s annual budget has shot up by 714 percent since 1992, from $326 million to $2.7 billion. During the same period, the number of Border Patrol agents stationed along the southwest border has grown from 3,555 to 17,415. Hundreds of miles of fencing has been constructed along the border, much of it across private property.

If this is the mark of a government “unwilling to do anything,” I would shudder at the cost and intrusion of a more concerted effort.

The bottom line is that our “enforcement only” approach to controlling the border has failed, and it will continue to fail until we create a legal alternative to illegal immigration.

Let’s Get Serious about Immigration Reform is a post from Cato @ Liberty - Cato Institute Blog

Last week, the Electronic Privacy Information Center released a petition from a group it spearheaded, asking the Department of Homeland Security to suspend deployment of whole-body imaging (aka “strip-search machines”) at airports.

The petition is a thorough attack on the utility of the machines, the process (or lack of process) by which DHS has moved forward on deployment, and the suitability of the privacy protections the agency has claimed for the machines and computers that display denuded images of air travelers.

The petition sets up a variety of legal challenges to the use of the machines and the process DHS has used in deploying them.

Whole-body imaging was in retreat in the latter part of last year when an amendment to severely limit their use passed the House of Representatives. The December 25 terror attempt, in which a quantity of explosives was smuggled aboard a U.S.-bound airplane in a passenger’s underpants, gave the upper hand to the strip-search machines. But the DHS has moved forward precipitously with detection technology before, wasting millions of dollars. It may be doing so again.

My current assessment remains that strip-search machines provide a small margin of security at a very high risk to privacy. TSA efforts to control privacy risks have been welcome, though they may not be enough. The public may rationally judge that the security gained is not worth the privacy lost.

Wouldn’t it be nice if decisions about security were handled in a voluntary rather than a coercive environment? With airlines providing choice to consumers about security and privacy trade-offs? As it is, with government-run airline security, all will have to abide by the choices of the group that “wins” the debate.

EPIC: Suspend Airport Body Scanners is a post from Cato @ Liberty - Cato Institute Blog