In this issue:
- Ridge’s Legacy: Failure to Make the Hard Trade-Offs
- Screening Opt-Out Looking More Viable
- Addressing the Breast-Bombs Problem
- New Approaches, New Benefits of Registered Traveler Program
- News Notes
In the wake of Homeland Security Secretary Tom Ridge’s resignation, several reporters called and asked for my thoughts on what he had accomplished. While I commended his success in assembling numerous agencies into the new Department of Homeland Security, my overall assessment was rather negative. What America should have gotten via the creation of this super-agency was the ability to prioritize security expenditures. Since resources are limited, where do we get the most bang for the buck in allocating those limited resources? With all the relevant agencies (Transportation Security Administration, Coast Guard, Customs, Border Patrol, etc.) in one department, one would hope that a cadre of analysts would be tasked with asking those questions, across the board. They could sort out whether it would be better to spend $10 billion on, say, equipping airliners with anti-missile systems, or greatly expanding cargo-container screening at ports and border crossings, or better verifying the identities of those visiting the United States, or beefing up security of critical infrastructure in electricity, pipelines, railroads, and water supply.
Alas, if any kind of analysis like this has been done within DHS, it has not had any discernable effect on public policy. A recent GAO analysis of just one area – transportation security R&D – found that 79.5% of TSA spending and 71.9% of DHS spending was for aviation. Pipelines and transit got zero, while maritime security got a whopping 5.9% at TSA and 1.8% at DHS.
When I make this case to reporters, the typical response is: But the big obstacle to analysis-based security policy is Congress. They have legislated the inordinate focus on aviation at the expense of other transportation modes and of all other areas of vulnerability. And that, of course, is true. But my response is that the true test of leadership is being willing to confront well-meaning but poorly informed political decisions. Is it inconceivable that a Homeland Security Secretary could go to Congress and say: “We understand that you see individual problems and want to direct funding to them. But now, more than three years after 9/11, we have learned a great deal. Our analysis, based on the very best intelligence, is that given $X billion to spend, we will improve security the most by doing X, Y, and Z-and that means not doing A, B, and C. Not that A, B, and C are useless; it’s just that we cannot afford to do everything, so we must focus on those things that will produce the most value for the dollars spent.”
In support of this approach, let me cite the pre-election video by Osama bin Laden. In that tape, he boasted that for every $1.00 that al-Qaida has spent on terror strikes, it has cost the United States $1 million in economic fallout and military spending. Headlines about the tape highlighted its central theme: “Bleed America into Bankruptcy.” That’s the problem with Congress’s tendency to make security policy on the basis of feel-good sound bites.
For incoming DHS Secretary Bernard Kerik, let me recommend a recent article by Prof. John Mueller, who holds the Woody Hayes Chair of National Security Studies at Ohio State University. His article, “A False Sense of Insecurity?” was published in the Fall 2004 issue of the Cato Institute’s Regulation magazine. Mueller argues for taking a less-hysterical look at the actual risks to Americans from terrorism, and asks how much we should be willing to pay for feel-good actions that do little to change the already small probabilities of serious harm. He also suggests a greater focus on disaster-response preparations, as opposed to endless (and endlessly costly) target-hardening measures.
Just ahead of the Nov. 19 date on which it would begin accepting applications from airports wishing to opt out of TSA-provided passenger and baggage screening, the Transportation Security Administration announced two important changes that will make the program more workable for airports and private contractors. First, it switched from having occasional, short windows of time for applying to opt out; instead, the window will be open indefinitely, so that airports can apply whenever they are ready. Second, TSA agreed to apply the same liability protection already available to its technology contractors to the firms it will certify as airport screening contractors. That removes a major risk factor that had been seen as limiting both airport and contractor interest in the program.
The renamed program, now called the Screening Partnership Program (SPP) will also permit more flexibility in hiring, training, and staffing levels than the five-airport pilot program that preceded it, according to the TSA. Hiring and training will apparently be possible at the local level rather than being centralized. And although each airport will still get the same budget allocation for screening as before, the SPP airports will be able to (1) supplement this budget to hire more screeners, if they choose, and (2) make more creative use of part-time and full-time people to make the TSA-provided budget go farther, especially to provide more screeners on the line during peak times. These features should make the program more attractive to those airports still suffering from excessive lines and waiting times at checkpoints.
A good resource on the details of the SPP is the November 2004 GAO report, “Preliminary Observations on TSA’s Progress to Allow Airports to Use Private Passenger and Baggage Screening Services.” (GAO-05-126) The opening of the opt-out window comes shortly after the release of two reports from the Department of Homeland Security Inspector General’s office that are critical of the TSA screening program. The first documents low morale, understaffing, excessive overtime, and an increased attrition rate (22% in 2004 compared with 15% the previous year). It also confirmed earlier reports that found no significant differences in performance between TSA screeners and those working for private screening firms at the five pilot program airports. The second report focuses on inadequacies in screener training and testing.
So far, several large and medium airports have expressed interest in the new SPP, including Baltimore-Washington, Denver, and Washington-Dulles. All five of the pilot-program airports (San Francisco, Kansas City, Rochester, Jackson Hole, and Tupelo) will continue with their existing contractors for another year before going out to bid on the contracts. Last week Elko, Nevada became the first airport to apply under SPP, and industry sources expect 15-20 other small airports to do likewise, along with perhaps 10-15 medium and large airports.
The Washington Post editorialized on the issue last week (Dec.2), citing ongoing problems with airport screening. “If private screeners offer a sliver of hope of improvement, airports should be allowed to use them,” it concluded. That laying on of hands may encourage other pundits to give the program a chance, and may even encourage wavering airport directors to go forward.
Maureen Dowd of the New York Times was but one of many columnists and reporters writing about the humiliation of increasing numbers of women whose breasts have been “groped” or crotch probed with a TSA screener’s wand in recent weeks. And men have been complaining, too, at hands probing into their pants.This increase in intrusive screening of selected passengers results from a new TSA directive in response to the apparent downing of two Russian airliners by bombs concealed beneath the clothing of women passengers. Just as in the United States , Russian airport screening was designed – even after 9/11 – without taking seriously the threat of suicide bombing. Thus, as Rep. John Mica has long complained, there is no routine screening for explosives of either passengers or carry-on bags.
To be sure, TSA has been testing two less-intrusive alternatives. One is the sniffer booth or “puff portal,” in which a passenger stands for 15 seconds while puffs of air are inserted and air samples analyzed for explosive particles. A handful of them are being tested at JFK, Biloxi , Providence , Rochester , San Diego , and Tampa. The other is the backscatter X-ray imaging booth, which provides see-through images that can spot just about anything hidden beneath a passenger’s clothes. Currently being tested at London Heathrow airport, and planned for further testing by TSA, the machines might never go into regular use here because of prudishness. Plus, the cost of outfitting every screening lane with one or both of these machines, and the additional time delays that would impose, makes this one of those solutions we can only hope does not get implemented.
So what DO we do about the threat of suicide terrorists on planes? To get a more sensible answer, we need to step back and take an arm’s length look. In creating the TSA and mandating the present approach to screening, it was assumed that the prime purpose is to keep dangerous objects off airplanes. But as Chip Barclay, president of the American Association of Airport Executives, has pointed out, “Suicide terrorists themselves have proven to be more deadly than any gun, so the logic of looking for these human weapons seems obvious and compelling.” He went on to elaborate: “Planning to treat all one billion annual passengers forecast for 2014 as equals in their potential for being terrorists is an exceptionally poor strategy.”
What’s needed, instead, is a risk-based approach that identifies the handful of travelers about whom nothing is known or who present bona-fide risk factors. Those people should be taken aside for secondary screening, using the more intrusive technologies like backscatter X-ray, leaving the vast majority of travelers free of such procedures. Yes, that would be “profiling,” but the alternative (large-scale groping) is worse.
TSA has not gone beyond its five-airport pilot program for testing the Registered Traveler program (under which frequent-flyer volunteers can apply to be pre-cleared for fast-lane access at airports). It has extended the pilot indefinitely, to the delight of the 10,000 or so participants.
Instead of expanding its own program, TSA has agreed to accept proposals from private-sector firms offering RT services to airlines and airports. Thus, the future of RT may well be as a business service provided in cooperation with TSA (under which TSA provides the background clearance, but airlines and service providers do just about everything else).
The prototype for such arrangements, we have learned, will be launched soon at Orlando International Airport . The key players are Verified Identity Pass, Inc. (the service provider), AirTran Airlines (and probably several others by the time of the launch), and the airport itself, which is serving as the sponsor for interfacing with TSA. The agency gave its initial approval in October, and the start-up will be sometime in the first quarter of 2005.
Verified ID is the brainchild of Steven Brill, founder of American Lawyer and Court TV. Key partners in the venture are ChoicePoint (leading provider of identification and verification services) and Civitas Group (a joint venture of Charlie Black’s BKSH & Associates and Sandy Berger’s Stonebridge International). Their business model is based on a common system being used not only for airport fast-lane access but also for access control at government facilities, aerospace firms, chemical plants, etc. Those who have already been screened by Verified ID for employment at security-sensitive facilities can be enrolled in the Registered Traveler program at no extra cost, and use the same biometric card for both purposes. This feature will help ensure a large enrollment in the RT program, ensuring that it will actually lead to shorter lines at airport checkpoints for non-members, as well. (Go to http://www.verifiedidpass.com/ for further details.)
Also, a new RAND Corporation study highlights another potential benefit of a large-scale RT program: a less-costly baggage-screening program. Building on its previous work in modeling the flow of checked bags through an explosive detection system (EDS) baggage screening process, RAND modeled a system in which a fraction of the checked bags of RT members would not have to go through the EDS process. This fraction would change dynamically, depending on various conditions, and no passenger would know whether his bag would or would not be screened by EDS. In a typical simulation run, the researchers found that under plausible assumptions about machine reliability and performance standards, a large-scale RT program that exempted up to 50% of bags from EDS processing would cut the cost of baggage screening by more than half. The report, by Russell Shaver and Michael Kennedy, is “The Benefits of Positive Passenger Profiling on Baggage Screening Requirements.”
Russian Airport Security Alternatives. Both Russian planes that were downed by suicide bombers in August departed from Moscow’s privately run Domodedovo airport, which competes for traffic with state-run Sheremetyevo. Domodedovo is the only Russian airport with 100% screening of all checked baggage. It has US-type passenger checkpoints, with metal detectors and X-ray machines. But just like TSA security, Russian airport security is designed to look for bad objects, not bad people. So it failed to search the women who apparently had hexogen explosive concealed under their clothing. Still, since Domodedovo has the most advanced airport security system in Russia , British Airways shifted to it last year from Sheremetyevo. And even after the two crashes, security-conscious El Al shifted its operations to Domodedovo on November 1st. Sometimes less-bad is the best you can do.
Fresh Security Thinking from Canada. Two key ideas championed by this newsletter are being promoted by the head of the Canadian Air Transport Security Authority. CATSA chairman Brian Fleming told Aviation Daily (Sept.22) that although 100% screening “was fine in the beginning,” it may no longer be appropriate; he favors a risk-based system that allows for better use of resources. Moreover, he “touted the wisdom of separating regulators and security providers, saying it ensures the government doesn’t face a conflict of interest.” In Canada , while CATSA provides screening, regulatory oversight is the responsibility of Transport Canada.