July 26, 2006 | Backgrounder on Department of Homeland Security
Although well-intentioned, much of the effort to enhance aviation security since September 11, 2001, has done little to make the skies significantly safer. Despite large amounts of taxpayers' money and passengers' time, little has been accomplished that actually increases aviation security. The time has come for Congress to start over and mandate a new approach.
The Wrong Risk Model
Two months after the 9/11 attacks, Congress enacted the Aviation and Transportation Security Act (ATSA). This law created the Transportation Security Administration (TSA), initially as part of the Department of Transportation but later folded into the Department of Homeland Security (DHS).
Among its most significant provisions, the ATSA federalized airport security under the TSA, creating a large government workforce of passenger and baggage screeners to replace the private contract screeners previously employed by airlines. As part of this federalization, Congress mandated that all checked bags be inspected for explosives by December 31, 2002. (This deadline was later pushed back another year).
The federalizing of airport security is built on two assumptions:
These assumptions resulted in the creation of the TSA, a federal bureaucracy that has cost a considerable amount of money without making Americans noticeably safer.
Tight implementation deadlines imposed by Congress, the resulting huge investments in baggage-screening equipment, limited space in terminals to add checkpoint lanes, and limits on the numbers of screeners combined to create enormous inefficiencies. Spending on checked-baggage screening equipment alone totaled $2.5 billion as of September 2004, despite the low throughput and high error rate for costly explosive detection system (EDS) machines. Because Congress mandated deadlines, only a handful of airports were able to reconfigure their entire baggage-processing systems to permit installation of the EDS machines in baggage areas. Most airports had to make do by installing these van-sized machines in their ticket lobbies. This setup requires passengers to transport their suitcases to baggage screeners who hand-feed them into the EDS machines-an inherently slow and labor-intensive process.
Manual loading of EDS machines also led to the hiring of unexpectedly large numbers of baggage screeners. At one point, the total screening workforce approached 60,000 (compared to the pre-9/11 screener force of under 20,000). Balking at the cost, the Transportation Subcommittee of the House Committee on Appropriations imposed a cap of 45,000 full-time screeners in 2003, which imposes a cost on travelers in terms of slower processing of bags and people.
Most troubling is that all of this expense and energy has actually achieved very little in making Americans safer. Early in 2005, separate reports to Congress by the DHS Office of Inspector General and the Government Accountability Office (GAO) reached the same conclusion: Based on testing of airport screening operations, there is no evidence that performance is better today than it was before the TSA put its own screeners into airports. With half of its annual budget of almost $6 billion devoted to baggage and passenger screening, the TSA has not demonstrably improved the protection of planes from dangerous objects. All that has been accomplished is to shift the workload from private sector to government screeners, who perform the same tasks at greater cost.
The misplaced federal effort mandated by Congress would not be so bad if, after taxpayers and airline travelers had funded the TSA's enormous start-up costs, we could at least expect more efficient passenger screening. However, the prospects for that are bleak. Part of the rationale for federalizing airport security was to provide a consistently high level of security nationwide, regardless of the myriad differences in airport sizes and functions. This was a bad idea. The differences in airport operations crucially affect both passenger and baggage processing. A one-size-fits-all approach drives inefficiency. TSA officials know that Congress's expectation that the TSA provide national standardization prevents them from addressing airport-specific differences.
Commercial aviation is an inherently dynamic industry. For example, the variability in annual passenger numbers at the 100 largest U.S. airports can be dramatic. From 2003 to 2004, 26 of the top 100 airports experienced increases of 11 percent to 50 percent, while three experienced declines of 5 percent to 35 percent. The proportion of double-digit percentage changes is even greater for smaller airports, affecting 40 percent of the 101st-150th largest airports. When an airline changes its service to such an airport, the TSA may take six months or more to catch up. During that time, the airport will operate with too few or too many screeners. TSA operations reflect the old truism that governments cannot adapt as quickly and efficiently as the private sector can.
Although ATSA provides for options that might eventually lead to a great reliance on the private sector for passenger screening, the likelihood that such efficiencies will ever be realized is minimal. ATSA allowed five airports to opt out of TSA-provided screening as part of a pilot program to test using TSA-certified security firms as an alternative. Airports expected the TSA to define criteria for such firms, certify those that met the criteria, define the rules for airports to implement outsourced screening, and then let those airports with acceptable plans issue requests for proposals (RFPs) and select the firm submitting the best proposal. The airport would then contract with the firm under the supervision of a TSA federal security director (FSD) who oversees all other security operations at that airport.
While the TSA did certify a number of firms through the pilot program, it did not allow airports to issue RFPs, select their preferred bidder, or enter into a contract. Instead, after selecting airports for its study, it assigned one of its certified firms to each one. The TSA then entered into a contract with each firm and directly supervised its operation at each airport. Additionally, ATSA provided that on or after November 2004, all airports could choose between TSA-provided screening and contract operations. As this date approached, the TSA defined its Screening Partnership Program along the same highly centralized lines.
The TSA's private screening program was preordained to fail and attracted few takers. As the GAO noted in an April 2004 report, "private screening contractors have had little opportunity to demonstrate and achieve efficiencies." The GAO pointed out that contractors lacked the authority to determine staffing levels and conduct hiring, so all staff additions would require authorization by a TSA assessment center-a process that typically takes several months. The report noted the case of a pilot-program airport in which the inability to hire new individuals "contributed to screener performance issues, such as absenteeism or tardiness, and screener complacency, because screeners were aware that they are unlikely to be terminated due to staffing shortages."
The GAO also reported that FSDs at non-pilot-program airports expressed similar frustrations at the TSA's centralization of hiring and training. In a survey of all 155 FSDs, the GAO found that "the overwhelming majority…reported that they needed additional [local] authority to a great or very great extent." The modest privatization provision in ATSA has done little to prevent the TSA from evolving into a typical bureaucratic and inflexible government agency.
Lessons Not Learned
Four years of experience have taught that the U.S. government cannot do the job any better than the private sector. This should come as no surprise. Virtually every other country that has used government screeners has reached the same conclusion. When countries first tried to thwart airplane hijacking in the 1970s, most nations initially used government employees to beef up airport security through a government transportation or justice agency.
Beginning in the 1980s, European airports began to develop a performance-contracting model under which the government set and enforced high performance standards, which airports then carried out by hiring security companies or occasionally using their own staff. Belgium was the first to adopt this model in 1982, followed by the Netherlands in 1983 and the United Kingdom in 1987. The 1990s saw a new wave of conversions to the public-private partnership model, with Germany switching in 1992, France in 1993, Austria and Denmark in 1994, Ireland and Poland in 1998, and Italy, Portugal, Spain, and Switzerland in 1999.
In 2001, the GAO examined the security screening practices of Canada, Belgium, France, the Netherlands, and the United Kingdom. Its report focused on the superior performance of the European airports, all of which use the performance-contracting model. The GAO reported four areas of significant differences between U.S. and European screening practices at the time:
When Congress passed the ATSA, it ignored the fact that, as a result of high standards and government monitoring, nearly every European airport had adopted performance contracting over the past two decades. Israel and a number of nations in the Caribbean and the Far East also use this model. No country has emulated the United States and had its national government take over the actual operation of its passenger-screening system.
The prospects for any significant improvement in passenger and baggage security are grim. Instead of charging each airport with securing its operations under national regulatory supervision as is common in most other nations, Congress addressed the 9/11 security failure by vesting in the TSA not only regulatory responsibility, but also service provision duties of airport screening. The TSA was to be both regulator and operator of baggage and passenger screening, while access control, perimeter patrols, and law enforcement functions were to be executed by the airports themselves under the supervision of FSDs.
The TSA's dual role creates a serious conflict of interest. As one airport director said to a Chicago Tribune reporter in the early days of the TSA, "The problem inherent in the federally controlled screening process is that you end up having a federal agency sitting in the middle of your terminal, essentially answerable to nobody." This point was underscored in a report by Bearing Point on the five pilot-program airports: "Because the screeners at a private contractor [pilot-program] airport are not government employees, the FSD is able to take a more objective approach when dealing with screener-related issues raised by stakeholders such as airport management or air carriers." Under the TSA's current structure, that will never happen.
The Need for Legislation
Fundamentally, the fault does not lie with the TSA, but with Congress, which mandated how the government should address the problem. Congress myopically opted for focusing on how government could make the pre-9/11 security inspection regime better rather than addressing the crucial issue of finding the most efficient and effective way to keep terrorists off of planes. Congress created the problem, and fixing it will take a law from Congress to refocus the government on the job of stopping terrorists rather than rooting through our luggage.
Congress can start by converting the TSA into a much more modest Aviation Security Agency (ASA). Most of the TSA's non-screening functions can and should be performed effectively in other parts of the DHS. In fact, the Bush Administration's fiscal year 2006 budget proposal called for shifting several key programs out of the TSA into a new Screening Coordination and Operations office within the DHS that would include Secure Flight (the successor to CAPPS), Registered Traveler, and Transportation Worker Identity Credential (TWIC). This change, if approved by Congress, would "strip the TSA of its biggest and most high-profile programs and leave it largely as a manager of 45,000 security screeners." This would be a step in the right direction.
However, ATSA still requires the federal government to provide screening services for airports that did not opt out after November 2004. This should be changed. Instead, Congress should push the government to get out of the screening business and devolve screening to individual airports, requiring only that the new ASA set performance standards, approve contracts, and monitor compliance.
The centerpiece of this more modest agency would be its compliance responsibilities. Companies that do not meet set standards of performance not only would be fined, but also would have their contracts terminated. Since most contracts are long-term arrangements, the incentive for high performance would thus be very high.
The new ASA would set and enforce standards. The performance standards and enforcement process should focus on four areas:
ASA supervision should also include periodic audits of the qualifications and training of managers and staff as well as random, unannounced testing at the screening sites.
The DHS could continue to administer funds to support passenger and baggage screening, whether provided by the airport's own workforce or by government-certified contractors. To take advantage of the flexibility of the private sector, Congress should require allocations to be made far more frequently than once a year (ideally, every month), and each airport should receive a lump sum to use as it sees fit for government-approved screening operations. Airports would be subject to reporting and audit requirements to ensure that funds were spent solely for security purposes. Monthly allocations would better match resources with workload. Adjusting funding allocations every month among the 446 American airports with screeners and the local flexibility to increase and decrease staffing as needed should result in a much better match of screening workforce to actual workloads.
In addition to matching funding to passenger flow, this system should leave the funds unencumbered by many of the current requirements. Currently, TSA screeners are paid on a national wage scale, regardless of local living costs, while TSA-certified screening contractors must provide identical wages and benefits. These ATSA provisions were intended to prevent a return to minimum-wage screeners with high turnover. With hiring and operations under the control of each airport, the airport or its contractor would be free to decide which job functions and compensation approaches would best get the job done while still meeting all TSA training and performance standards.
If federal screening funds were allocated to the airports, it would clearly be in their interest to finance the investment in new screening systems that would achieve the best return on investments. This would include installing in-line EDS systems that screen checked baggage as a normal part of the baggage loading process, enabling fewer personnel to inspect bags up to four times faster. Once the costs of the equipment and facility modernization are paid off, the savings could be used for other security improvements, such as more passenger screening lanes and screeners.
Congress will also have to address liability. With the TSA as the provider of airport screening services, any terrorist incident connected to passenger or baggage screening would make the TSA the most likely target for ensuing lawsuits. However, if such an incident occurred at an airport that opted for a TSA-certified contractor, the airport might be at greater risk for not having followed the standard approach.
Liability has already been an issue with EDS machines and other technologies needed in security protection. In response, Congress passed the Support Anti-Terrorism by Fostering Effective Technologies Act, better known as the SAFETY Act. It provides a process through which companies providing homeland security technologies or services can become certified by the DHS and win a limit on their liability. FirstLine and Covenant, two of the leading private screening companies, have recently received this designation. If the TSA withdraws from the provision of screening services and this function is devolved to airports, the airports would face the same liability concerns. Under this new set of alternatives, there would be a more level playing field between in-house and contracted screening if airports were eligible to receive the same degree of SAFETY Act protection as designated screening companies receive. Congress took a step in that direction with language included in the Department of Homeland Security Appropriations Act of 2006 that made airport operators not liable for any claims for damages relating to their decision to opt out of TSA-provided screening.
A New Model for Aviation Security
Unburdened by the responsibility of running a 45,000-person screening force, the DHS should turn its attention to developing a 21st century international passenger and cargo security system that does not waste resources by treating every person and package as an equal risk that requires scrutiny checks and screening. A new model system would allocate security resources in proportion to the risk, relying on "focused security" that puts the most resources against the greatest risks.
This approach would begin with the fundamentally different assumption that the function of aviation security is to identify and isolate dangerous persons, not dangerous objects per se. The challenge is to keep bad people from causing harm, either in the terminal area or to the planes themselves. The TSA currently devotes the lion's share of its airport resources to only one of these threats: preventing would-be hijackers from boarding planes with weapons. Far less money and effort is spent on securing airport terminal lobbies and the ramp areas where planes park and on keeping airline tickets out of the hands of known and suspected terrorists.
An improved risk-based approach to identifying dangerous people would entail separating passengers within the terminal checkpoints into at least three defined groups, based on the quantity and quality of information known about each:
Different measures for passenger and bag screening should be applied to each group so as not to waste system resources and passenger time on procedures that contribute little to airport security.
Low-risk passengers are defined as those who have a current federal security clearance or who have been issued a biometric identity card after passing a background check for a registered traveler (RT) program. Passengers in this group would go through express lanes at checkpoints with something akin to pre-9/11 protocols (no removal of clothing or electronics). Their checked bags would not have to be EDS-screened. As a safeguard against the small probability that a dangerous person might slip into this category, a certain percentage of these people and bags would be randomly selected for ordinary passenger screening.
Ordinary travelers might go through something like today's level of passenger screening but with a much-reduced list of banned objects, such as lighters, nail files, and razors. A fraction of this group would be randomly selected for secondary screening (which involves being taken aside for a more thorough inspection of their persons and carry-on bags), as described above.
High-risk passengers include those with no paper trail, about whom so little is known that the safest thing to do is to assume the worst and thoroughly screen both their persons and their checked and carry-on bags. Everyone in this group would receive a more rigorous version of today's secondary screening, including screening of bodies and carry-ons for explosives as well as see-through scanning or a thorough pat-down to detect non-metallic objects. The same protocol would apply to those whose names appear on government-maintained watch lists, although individuals on the no-fly list would simply be detained rather than screened in most cases.
Aviation experts Michael Levine and Richard Golaszewski first suggested separating out low-risk travelers and expediting their processing at airports. According to a detailed simulation model of the operations of a theoretical RT program, Carnegie Mellon researchers found that average throughput time could be cut nearly in half for first-class and elite frequent flyers, while coach passengers and those still using the regular lanes would also see decreases in processing time.
In 2004, the TSA launched a five-airport pilot program to test a watered-down version of the RT concept. At each airport, enrollment was limited to frequent flyers of a single airline, with a maximum of 10,000 participants nationwide. There was no shortage of volunteers signing up, even though members still had to endure the identical checkpoint processing. Initial expectations were that after limited testing, the TSA would roll the program out to a much larger number of airports and airlines. Instead, the agency decided to open the field to private-sector firms in 2005.
The first offering came from Verified Identity Pass, which was selected in spring 2005 by Orlando International Airport over a competing proposal from Unisys to provide a potentially nationwide "known traveler" program open to all airlines. Verified currently handles the enrollment process, which began on June 21, 2005, with the exception of background checks and clearance decisions, for which the TSA is responsible. The company initially charges members $79.95 per year and is working out co-marketing agreements with airline frequent-flyer programs. Because participating airports must make room for express lanes and special kiosks that verify each member's identity biometrically, Verified shares a percentage of its revenue with participating airports.
It is not clear which checkpoint requirements the TSA might be willing to waive for members of the program. If it approves something like the Carnegie Mellon model, the timesaving benefits for both members and non-members should be significant. There should also be some reduction in checkpoint screening personnel requirements, depending on the proportion of average daily passengers that shifts to express lines that require less screener interaction with passengers.
Once many low-risk passengers have been self-selected out of the mix, the remaining task is to use all feasible information to separate high-risk passengers from all the rest. One tool for doing this is a government-maintained watch list, continuously updated, which the TSA would use to check all passenger reservations. Despite significant efforts among a number of federal agencies to create and maintain such a unified list, nearly four years after 9/11 the outcome still leaves much to be desired.
Another approach is to assess what is known about each passenger based on information provided at the time of ticket purchase. This is the function of the pre-9/11 CAPPS, which actually flagged some, but not all, of the 9/11 hijackers. The idea of such risk-screening systems is to use various algorithms to verify the passenger's identity and look for patterns that might suggest high risk. The TSA's proposed Secure Flight system is intended to do this, replacing CAPPS.
The original CAPPS, still in use because its replacement has been repeatedly delayed, employs rather crude and well-known algorithms (e.g., paying cash and buying a one-way ticket) and can therefore be avoided by those seeking to do harm. It apparently does not make use of travel-history data maintained in airline industry databases that are linked to the passenger name record.
In an exercise for the Reason Foundation in 2003, R.W. Mann & Company tested several different algorithms using 5 million travel records for the two-month period before and after September 11, 2001. One query identified 13 sets of travelers fitting a pattern that closely matched those of the actual 9/11 hijackers. The records pulled up by this query included all of the actual hijackers.
To supplement such tools and to deal with lobby-area persons not holding tickets, a technique of "behavioral profiling" could also be employed, as is already done at Israeli airports, Boston's Logan Airport, and Las Vegas casinos. The general idea is to monitor people's behavior unobtrusively, looking for suspicious activities, and then have security personnel follow up by questioning the people who are acting suspiciously.
Saving Money Through Smart Security
The risk-based approach would produce significant cost savings in both capital and operating costs while targeting airport security funds toward the passengers who are most likely to pose threats to people and property. Those savings, in turn, could be used to expand security in other areas and to reduce costs for passengers, airlines, airports, and taxpayers.
The risk-based model would reduce the size and cost of checked-baggage screening. The bags of RT members could be screened via high-speed X-ray machines, reducing the demand for EDS machines. The GAO reports that the TSA has not done a detailed assessment of the cost of adding in-line EDS systems at all of the remaining airports where it would make sense, but the TSA broadly estimates that it will cost from $3 billion to $5 billion. A system needing half as many EDS machines would cost about 40 percent less. (Some other factors, such as facility modifications and conveyor systems, could not be scaled down as much.) A 40 percent reduction in capital costs translates into one-time savings in the range of $1.2 billion to $2 billion, reducing the cost of the remaining in-line systems to from $1.8 billion to $3 billion.
Congress can help to address the nation's airport security needs more effectively by insisting on three fundamental changes:
Every day that the TSA is perpetuated in its current form is another day that money is wasted without any notable addition to America's security.
Robert W. Poole, Jr., is Director of Transportation Studies at the Reason Foundation in Los Angeles, and James Jay Carafano, Ph.D., is Senior Research Fellow for National Security and Homeland Security in the Douglas and Sarah Allison Center for Foreign Policy Studies, a division of the Kathryn and Shelby Cullom Davis Institute for International Studies, at The Heritage Foundation.
U.S. Government Accountability Office, Aviation Security: Systematic Planning Needed to Optimize the Deployment of Checked Baggage Screening Systems, GAO-05-365, March 2005, at /static/reportimages/84D949E64784BACC2C6A30D409B539E1.pdf (July 17, 2006).
U.S. Government Accountability Office, Aviation Security: Screener Training and Performance Measurement Strengthened, But More Work Remains, GAO-05-457, May 2005, at /static/reportimages/6568869AB129AA66D5192C2392F1179B.pdf (July 17, 2006). The classified version is U.S. Government Accountability Office, Results of Transportation Security Administration's Covert Testing for Passenger and Checked Baggage Screening for September 2002 through September 2004, GAO-05-437C. See also U.S. Department of Homeland Security, Office of Inspector General, Follow-Up Audit of Passenger and Baggage Screening Procedures at Domestic Airports (Unclassified Summary),OIG-05-16, March 2005, at /static/reportimages/C71E5CB216227C9C7386A34E4DF20AC9.pdf (July 19, 2006). The Inspector General later issued a clarification stating that "there has been no overall improvement in screener performance…since after September 11, 2001 but prior to federalization." Holly Woodruff Lyons, Senior Counsel, Subcommittee on Aviation, Committee on Transportation and Infrastructure, U.S. House of Representatives, e-mail to Robert Poole, April 19, 2005.
Airports Council International-North America, database on airport passenger enplanements, provided to Robert Poole.
Transportation Security Administration, "Guidance on Screening Partnership Program," June 2004, at /static/reportimages/A8F07B612FAB9CA96337948E6AA4BB8F.pdf (July 17, 2006).
U.S. Government Accountability Office, Aviation Security: Private Screening Contractors Have Little Flexibility to Implement Innovative Approaches, GAO-04-505T, April 22, 2004, at /static/reportimages/B37F9E45005313BD70E10A3E774C1C46.pdf (July 17, 2006).
Ibid., p. 7.
Ibid., p. 10.
Gerald L. Dillingham, U.S. General Accounting Office, Aviation Security: Terrorist Acts Demonstrate Urgent Need to Improve Security at the Nation's Airports, testimony before the Committee on Commerce, Science, and Transportation, U.S. Senate, September 20, 2001, at http://www.gao.gov/new.items/d011162t.pdf (July 18, 2006).
Jon Hilkevitch, "Airports Not Sold on Federal Screeners," Chicago Tribune, April 6, 2002.
Bearing-Point and Abt Associates, "Private Screening Operations Performance Evaluation Report," summary report, Transportation Security Administration, April 16, 2004, p. 5, at /static/reportimages/C18C9368681F33764B979CE9043F39A2.pdf (July 18, 2006).
Sara Kehaulani Goo, "Proposed Budget Would Strip TSA of Its Biggest Programs," The Washington Post, February 9, 2005, p. A6, at http://www.washingtonpost.com/wp-dyn/articles/A9089-2005Feb8.html (July 18, 2006).
Public Law 109-90, § 547.
Michael E. Levine and Richard Golaszewski, "E-Z Pass for Aviation," Airport Magazine, November/December 2001.
Alfred Blumstein, Catharine B. Foster, David M. Hamond, Michael A. Kaufman, Timothy C. Lo, Don R. Ojoko-Adams, Matthew J. Ragan, Jordan B. Schreck, David Stopp, and Philip R. Wilson, "Enhancing Aviation Security with the SWIFT System (Short Wait Integrated Flight Travel)," Carnegie Mellon University, H. John Heinz School of Public Policy and Management Working Paper No. 2003-23, May 18, 2003.
Robert W. Poole, Jr., with George Passantino, "A Risk-Based Airport Security Policy," Reason Foundation Policy Study No. 308, May 2003, pp. 20-21, at /static/reportimages/B406B3BF713A257EACCEA60739BC2692.pdf (July 18, 2006).
Robert W. Poole, Jr., "Finally, Airport Screening Relief for Frequent Flyers," Reason Foundation Aviation Security Newsletter, Issue No. 14, June 2005, at http://www.reason.org/aviationsecurity14.shtml (July 18, 2006).
Alexandra Mark, "Well After 9/11, 'No-Fly' Lists a Work in Progress," The Christian Science Monitor, March 24, 2005, at http://www.csmonitor.com/2005/0324/p02s02-usgn.html (July 18, 2006), and Sara Kehaulani Goo, "No-Fly Gaps Irk Airlines, DHS," The Washington Post, May 25, 2005, p. A3, at http://www.washingtonpost.com/wp-dyn/content/article/2005/05/24/AR2005052401388.html (July 18, 2006).
Poole, "A Risk-Based Airport Security Policy," p. 23.
Ann Davis, Joseph Pereira, and William M. Bulkeley, "Security Concerns Bring Focus on Translating Body Language," The Wall Street Journal, August 15, 2002; "Snapshots," Airports, November 19, 2002, p. 4; Robert W. Poole, Jr., "Vegas Casinos: A Different Approach to Security," Reason Foundation Aviation Security Newsletter, Issue No. 14, June 2005, at http://www.reason.org/aviationsecurity14.shtml (July 18, 2006).
U.S. Government Accountability Office, Aviation Security: Systematic Planning Needed to Optimize the Deployment of Checked Baggage Screening Systems, p. 29.