Should TSA Change Its Policy?

Posted by Jim Harper

News that Transportation Security Administration officers required a 95-year-old cancer patient to remove her adult diaper for search lit up the social media this weekend. It’s reminiscent of the recent story where a 6-year-old girl got the pat-down because she didn’t hold still in the strip-search machine. TSA administrator John Pistole testified to a Senate hearing that the agency would change its policy about children shortly thereafter.

So, should the TSA change policy once again? Almost certainly. Will it ever arrive at balanced policies that aren’t punctuated by outrages like this? Almost certainly not.

You see, the TSA does not seek policies that anyone would call sensible or balanced. Rather, it follows political cues, subject to the bureaucratic prime directive described by Cato chairman emeritus and distinguished senior economist Bill Niskanen long ago: maximize discretionary budget.

When the TSA’s political cues pointed toward more intrusion, that’s where it went. Recall the agency’s obsession with small, sharp things early in its tenure, and the shoe fetish it adopted after Richard Reid demonstrated the potential hazards of footwear. Next came liquids after the revelation of a bomb plot around smuggling in sports bottles. And in December 2009, the underwear bomber focused the TSA on everyone’s pelvic region. Woe to the traveler whose medical condition requires her to wear something concealing the government’s latest fixation.

The TSA pursues the bureaucratic prime directive—maximize budget—by assuming, fostering, and acting on the maximum possible threat. So a decade after 9/11, TSA and Department of Homeland Security officials give strangely time-warped commentary whenever they speechify or testify, recalling the horrors of 2001 as if it’s 2003. The prime directive also helps explain why TSA has expanded its programs following each of the attempts on aviation since 9/11, even though each of them has failed. For a security agency, security threats are good for business. TSA will never seek balance, but will always promote threat as it offers the only solution: more TSA.

Because of countervailing threats to its budget—sufficient outrage on the part of the public—TSA will withdraw from certain policies from time to time. But there is no capacity among the public to sustain “outrage” until the agency is actually managing risk in a balanced and cost-effective way. (You can ignore official claims of “risk-based” policies until you’ve actually seen the risk management and cost-benefit documents.)

TSA should change its policy, yes, but its fundamental policies will not change. Episodes like this will continue indefinitely against a background of invasive, overwrought airline security that suppresses both the freedom to travel and the economic well-being of the country.

In a 2005 Reason magazine “debate” on airline security, I described the incentive structure that airlines and airports face, which is much more conducive to nesting security with convenience, privacy, savings, and overall traveler comfort and satisfaction. The threat of terrorism has only dropped since then. We should drop the TSA.

TSA’s Pistole Says ‘Risk-Based,’ Means ‘Privacy Invasive’

Posted by Jim Harper

There is one thing you can take to the bank from TSA administrator John Pistole’s statement that he wants to shift to “risk-based” screening at airports: it hasn’t been risk-based up to now. That’s a welcome concession because, as I’ve said before, the DHS and its officials routinely mouth risk terminology, but rarely subject themselves to the rigor of actual risk analysis.

What Administrator Pistole envisions is nothing new. It’s the idea of checking the backgrounds of air travelers more deeply, attempting to determine which of them present less of a threat and which prevent more. That opens security holes that the risk-averse TSA is unlikely to actually tolerate, and it has significant privacy and Due Process consequences, including migration toward a national ID system. 

I wrote about one plan for a “trusted traveler”-type system recently. As the details of what Pistole envisions emerge, I’ll look forward to reviewing it.

The DHS Privacy Committee published a document several years ago that can help Pistole with developing an actual risk-based system and with managing its privacy consequences. The Privacy Committee itself exists to review programs like these, but has not been used for this purpose recently despite claims that it has.

If Pistole wants to shift to risk-based screening, he should require a full risk-based study of airport screening and publish it so that the public, commentators, and courts can compare the actual security benefits of the TSA’s policies with their costs in dollars, risk transfer, privacy, and constitutional values.

TSA’s Strip/Grope: Unconstitutional?

Posted by Jim Harper

Writing in the Washington Post, George Washington University law professor Jeffrey Rosen carefully concludes, “there’s a strong argument that the TSA’s measures violate the Fourth Amendment, which prohibits unreasonable searches and seizures.” The strip/grope policy doesn’t carefully escalate through levels of intrusion the way a better designed program using more privacy protective technology could.

It’s a good constutional technician’s analysis. But Professor Rosen doesn’t broach one of the most important likely determinants of Fourth Amendment reasonableness: the risk to air travel these searches are meant to reduce.

Writing in Politico last week, I pointed out that there have been 99 million domestic flights in the last decade, transporting seven billion passengers. Not one of these passengers snuck a bomb onto a plane and detonated it. Given that this period coincides with the zenith of Al Qaeda terrorism, this suggests a very low risk.

Proponents of the TSA’s regime point out that threats are very high, according to information they have. But that trump card—secret threat information—is beginning to fail with the public. It would take longer, but would eventually fail with courts, too.

But rather than relying on courts to untie these knots, Congress should subject TSA and the Department of Homeland Security to measures that will ultimately answer the open risk questions: Require any lasting security measures to be justified on the public record with documented risk management and cost-benefit analysis. Subject such analyses to a standard of review such as the Adminstrative Procedure Act’s “arbitrary and capricious” standard. Indeed, Congress might make TSA security measures APA notice-and-comment rules, with appropriate accomodation for (truly) temporary measures required by security exigency.

Claims to secrecy are claims to power. Congress should withdraw the power of secrecy from the TSA and DHS, subjecting these agencies to the rule of law.

Does Risk Management Counsel in Favor of a Biometric Traveler Identity System?

Posted by Jim Harper

Writing on Reason’s Hit & Run blog, Robert Poole argues that the Transportation Security Administration should use a risk-based approach to security. As I noted in my recent “‘Strip-or-Grope’ vs. Risk Management” post, the Department of Homeland Security often talks about risk but fails to actually do risk management. Poole and I agree—everyone agrees—that DHS should use risk management. They just don’t.

With the pleasure of remembering our excellent 2005 Reason debate, “Transportation Security Aggravation,” I must again differ with Poole’s prescription, however.

Poole says TSA should separate travelers into three basic groups (quoting at length):

  1. Trusted Travelers, who have passed a background check and are issued a biometric ID card that proves (when they arrive at the security checkpoint) that they are the person who was cleared. This group would include cockpit crews, anyone holding a government security clearance, anyone already a member of the Department of Homeland Security’s Global Entry, Sentri, and Nexus, and anyone who applied and was accepted into a new Trusted Traveler program. These people would get to bypass regular security lanes  upon having their biometric card checked at the airport, subject only to random screening of a small fraction.
  2. High-risk travelers, either those about whom no information is known or who are flagged by the various Department of Homeland Security (DHS) intelligence lists as warranting “Selectee” status. They would be the only ones facing body-scanners or pat-downs as mandatory, routine screening.
  3. Ordinary travelers—basically everyone else, who would go through metal detector and put carry-ons through 2-D X-ray machines. They would not have to remove shoes or jackets, and could travel with liquids. A small fraction of this group would be subject to random “Selectee”-type screening.

He believes, and has argued for years, that dividing ”good guys” from “bad guys” will effectively secure. It’s certainly intuitive. Poole’s a good guy. I’m a good guy. You’re a good guy (in a non-gender-specific sense).

Knowing who people are works for us in every day life: Because we can find people who borrow our stuff, for example—and because we know that we can be found—we husband our behavior and generally don’t steal things from each other, we, the decent people with a stake in society.

Poole’s thinking takes our common experience and scales it up to a national program. Capture people’s identities, link enough biography to those identities, and—voila!—we know who the good guys are and who are the (potential) bad.

But precisely what biographical information assures that a person is “good”? (The proposal is for government action: it would be a violation of due process to keep the criteria secret and an equal protection violation to unfairly divide good and bad.) How do we know a person hasn’t gone bad from the time that their goodness was established?

The attacker we face with air security measures is not among the decent cohort whose behavior is channeled by identification. That attacker’s path to mischief is nicely mapped out by Poole’s proposal: Get into the Trusted Traveler group, or find someone who can get in it. (It’s easy to know if you’re a part of it. They give you a card! You can also test the system to see if you’ve been designated “high-risk” or “ordinary.”)

With a Trusted Traveler positioned to do wrong, chances are good that he or she won’t be subjected to screening and can carry whatever dangerous articles onto a plane. The end result? Predictable gnashing of teeth and wailing about a “failure to connect the dots.”

All this is not to say that Poole’s plan should not be adopted. If he can convince an airline of its merits, and the airline can convince its shareholders, insurers, airports, and their customers, they should implement the program to their heart’s content. They should reap the economic gain, too, when they prove that they have found a way to better serve the public’s safety, convenience, privacy, and transportation needs.

It is the TSA that should not implement this program. Along with what are significant security defects, it is the creation of a program that the government might use to control access to other goods, services, and infrastructure throughout society. The TSA would migrate toward conditioning all travel on having a government-issued biometric identity card. Fundamentally, the government should not be making these decisions or operating airline security systems.

A very interesting paper surfaced by recent public attention to this issue predicts that annual highway deaths will increase (from an already significant number) by between 11 and 275 because of people’s avoidance of privacy-invasive airport procedures. But what caught my eye in it were the following numbers:

During the past decade, terrorist attacks, with respect to air travel in the United States, have occurred three times involving six aircraft. Four planes were hijacked on 9/11, the shoe bomber incident occurred in December 2001, and, most recently, the Christmas Day underwear bomber attempted an attack in 2009. In that same span of time, over 99 million planes took off and landed within the United States, carrying over 7 billion passengers.

Especially because 9/11′s ”commandeering” attack on air travel has been essentially foreclosed by hardened cockpit doors and passenger/crew awareness, these numbers suggest the smallness of the chance that somone can elude worldwide investigatory pressure, prepare an explosive and detonator that actually work, smuggle both through conventional security, and successfully use them to take down a plane. It hasn’t happened in nearly 100 million flights.

This is not an argument to “let up” on security or to stop searching for measures that will cost-effectively drive the chance of attacker success even closer to zero.  But more thorough risk management analysis than mine or Bob Poole’s would probably show that accepting the above risk is preferable to either delaying and invading the bodily privacy of travelers or creating a biometric identity and background-check system.

“Risk of Accidents Ameliorated!” Doesn’t Sell Papers

Posted by Jim Harper

What a headline on the Washington Examiner today! It’s a good illustration of the propensity of media to overplay terrorism.

“Terror threat to city water,” the headline blares in large type. “Chlorine changed to protect D.C., Va. supply.”

The actual story is about the Army Corps of Engineers’ switch from chlorine gas to a liquid form of chlorine called sodium hypochlorite. Gaseous chlorine is relatively more dangerous and difficult to contain if it’s released, so the change is a prudent safety step.

It has as much to do with protecting against accidental release as any terror threat. And an accidental release is not a threat to the water supply; it’s a threat to people near the facilities or transportation corridors where cholrine gas could be released.

The idea of terrorism may have gotten the Corps moving forward, but nothing in the story says there was any specific threat by anyone to attack the D.C. water treatment infrastructure.

This is a story about risks being ameliorated, and it’s pretty boring—except for the headline!!

The Cost of Government Guarantees

Posted by Jagadeesh Gokhale

John Kay’s column in yesterday’s Financial Times criticizes government guarantees to banks because they involve hidden but large costs. According to Kay:

  • Such guarantees distort competition: sheltered banks outperform rivals not because of greater efficiency, but because capital becomes cheaper to obtain.
  • Sheltered banks gain too-big-to-fail status, which creates barriers to entry for smaller, more efficient banks.
  • Relief from business risk leads to more risk taking, AKA moral hazard.
  • Cheaper private risk management incentives are reduced within and outside the bank.

Other kinds of government guarantees, such as social insurance, also involve large hidden costs. Social Security and Medicare’s guarantee of a paid holiday with medical care for the rest of retirees’ lives generates the same types of costs:

  • Labor competition is reduced because the programs induce early worker retirements, which leads to higher wage costs, on average, and lower national output.
  • Workers who believe they will receive Social Security and Medicare will engage in lower personal saving, which means less capital formation and lower economic efficiency.
  • Retirement income guarantees induce riskier personal savings portfolios, AKA moral hazard.
  • Guaranteed retirement income means poorer financial knowledge and poorer risk management.

And now, retiree political power is too big to fail as well!

How come when Kay writes about market distortions from government guarantees for banks, he gets published; but when I do the same about government guarantees for people, I get the cold shoulder from editorial page editors?

The Search for Answers in Fort Hood

Posted by Jim Harper

The country is unpacking the recent shooting at Fort Hood and analyzing the perpetrator intensely. Along with natural shock and curiosity, a principle reason for doing so is to discover what can prevent incidents like this in the future.

When faced with any risk, including rampaging gunmen, there are four options:

  • Prevention—the alteration of the target or its circumstances to diminish the risk of the bad thing happening.
  • Interdiction—any confrontation with, or influence exerted on, an attacker to eliminate or limit its movement toward causing harm.
  • Mitigation—preparation so that, in the event of the bad thing happening, its consequences are reduced.
  • Acceptance—a rational alternative often chosen when the threat has low probability, low consequence, or both.

(There is much more to risk management, of course. This handy simplification is taken from the DHS Privacy Committee’s “framework” document.)

Taking the facts as they appear now, what lessons can we take from Fort Hood that will help protect military forces and facilities, and the country in general? Let’s go through some of them option-by-option:

Prevention: What circumstances at Fort Hood and elsewhere could be altered to prevent this ever happening again? An obvious one is gun control—if there were no guns, there could be no shooting. But this prescription is complicated by the intrusions on individual rights required to implement it. Depriving citizens of arms directly violates the Second Amendment, and effectively enforcing a gun control regime would almost certainly violate the Fourth.

Removing guns from specific locations might be more palatable and achievable, but gun rampages do not restrict themselves to restricted areas, and widespread possession of guns by law-abiding citizens is an important form of interdiction. Indeed, appropriate gun violence was the interdiction that ultimately stopped further bloodshed.

Interdiction: What steps can be taken against attackers to limit their progress toward causing harm? This is a confounding option because learning what this attack looked like as an embryo won’t tell us what the next one will look like.

Thousands of people are like Nidal Hasan in one respect or another, but they will never commit any attack. There are thousands of people with turmoil or mental illness similar to his, for example. There are thousands of military servicemembers with doubts about U.S. policies. There are thousands of Muslims in the military (whose contributions are highly valuable). There are thousands of people who have investigated or sought contact with Al Qaeda.

If the conclusion from Fort Hood were that all people who share certain traits should be investigated/interdicted, this would violate fundamental rights and values while it wasted investigators’ time: Who is troubled enough in their minds, doubtful enough of U.S. foreign policy, etc. Whose contacts with Al Qaeda or jihadi Web sites indicate a desire to perpetrate bad acts and not curiosity or enmity?

Sending investigators into this quagmire would only work as a salve until some future rampage arose from another unique set of circumstances. We would be no safer for having investigated all who were “like” Nidal Hasan in the ways we decide are material.

Mitigation: I have seen no indication that the facilities and staff of Fort Hood were ill-equipped to deal with the results of this violence. There may be marginal ways they could improve—there always are—but medical services can’t be available everywhere always. There is little prescription for change here.

Acceptance: With the confounding difficulty of prevention and interdiction before us, this option rises a little bit in currency. Television news and commentary may make it feel differently to many people, but there is a very low probability of shootings like this happening. The costs of preventing and interdicting such violence is very high. This is a candidate for “acceptance.”

Acceptance is the least “acceptable” option, of course. Nobody thinks it is ‘ok’ for this kind of thing to happen. But like so many tragedies—indeed, part and parcel of tragedy—it is the loss of innocent life for no good reason.

Fort Hood presents the country with a choice: Invest extraordinary efforts in measures that cost a great deal, that invade prized rights, and that don’t work? Or show our sorrow to the families and community of Fort Hood and make peace with the grief and tragedy of this incident.