Although well-intentioned, much of the effort to enhance aviation security since September 11, 2001, has done little to make the skies significantly safer. Despite large amounts of taxpayers' money and pas­sengers' time, little has been accomplished that actu­ally increases aviation security. The time has come for Congress to start over and mandate a new approach.

The Wrong Risk Model

Two months after the 9/11 attacks, Congress enacted the Aviation and Transportation Security Act (ATSA). This law created the Transportation Security Administration (TSA), initially as part of the Depart­ment of Transportation but later folded into the Department of Homeland Security (DHS).

Among its most significant provisions, the ATSA federalized airport security under the TSA, creating a large government workforce of passenger and baggage screeners to replace the private contract screeners pre­viously employed by airlines. As part of this federaliza­tion, Congress mandated that all checked bags be inspected for explosives by December 31, 2002. (This deadline was later pushed back another year).

The federalizing of airport security is built on two assumptions:

1. All passengers are equally suspicious and should receive the same scrutiny, and
2. The principal purpose of airport security is to keep dangerous objects (e.g., knives, guns, and bombs) off of airplanes.

These assumptions resulted in the creation of the TSA, a federal bureaucracy that has cost a consid­erable amount of money without making Ameri­cans noticeably safer.

Tight implementation deadlines imposed by Congress, the resulting huge investments in bag­gage-screening equipment, limited space in termi­nals to add checkpoint lanes, and limits on the numbers of screeners combined to create enor­mous inefficiencies. Spending on checked-baggage screening equipment alone totaled $2.5 billion as of September 2004, despite the low throughput and high error rate for costly explosive detection system (EDS) machines.[1] Because Congress man­dated deadlines, only a handful of airports were able to reconfigure their entire baggage-processing systems to permit installation of the EDS machines in baggage areas. Most airports had to make do by installing these van-sized machines in their ticket lobbies. This setup requires passengers to transport their suitcases to baggage screeners who hand-feed them into the EDS machines-an inherently slow and labor-intensive process.

Manual loading of EDS machines also led to the hiring of unexpectedly large numbers of baggage screeners. At one point, the total screening work­force approached 60,000 (compared to the pre-9/11 screener force of under 20,000). Balking at the cost, the Transportation Subcommittee of the House Committee on Appropriations imposed a cap of 45,000 full-time screeners in 2003, which imposes a cost on travelers in terms of slower processing of bags and people.

Most troubling is that all of this expense and energy has actually achieved very little in making Americans safer. Early in 2005, separate reports to Congress by the DHS Office of Inspector General and the Government Accountability Office (GAO) reached the same conclusion: Based on testing of airport screening operations, there is no evidence that performance is better today than it was before the TSA put its own screeners into airports.[2] With half of its annual budget of almost $6 billion devoted to baggage and passenger screening, the TSA has not demonstrably improved the protection of planes from dangerous objects. All that has been accomplished is to shift the workload from private sector to government screeners, who perform the same tasks at greater cost.

TSA Blues

The misplaced federal effort mandated by Con­gress would not be so bad if, after taxpayers and airline travelers had funded the TSA's enormous start-up costs, we could at least expect more effi­cient passenger screening. However, the prospects for that are bleak. Part of the rationale for federaliz­ing airport security was to provide a consistently high level of security nationwide, regardless of the myriad differences in airport sizes and functions. This was a bad idea. The differences in airport operations crucially affect both passenger and bag­gage processing. A one-size-fits-all approach drives inefficiency. TSA officials know that Congress's expectation that the TSA provide national stan­dardization prevents them from addressing airport-specific differences.

Commercial aviation is an inherently dynamic industry. For example, the variability in annual passenger numbers at the 100 largest U.S. airports can be dramatic. From 2003 to 2004, 26 of the top 100 airports experienced increases of 11 percent to 50 percent, while three experienced declines of 5 percent to 35 percent. The proportion of double-digit percentage changes is even greater for smaller airports, affecting 40 percent of the 101st-150th largest airports.[3] When an airline changes its ser­vice to such an airport, the TSA may take six months or more to catch up. During that time, the airport will operate with too few or too many screeners. TSA operations reflect the old truism that governments cannot adapt as quickly and effi­ciently as the private sector can.

Although ATSA provides for options that might eventually lead to a great reliance on the private sec­tor for passenger screening, the likelihood that such efficiencies will ever be realized is minimal. ATSA allowed five airports to opt out of TSA-provided screening as part of a pilot program to test using TSA-certified security firms as an alternative. Air­ports expected the TSA to define criteria for such firms, certify those that met the criteria, define the rules for airports to implement outsourced screen­ing, and then let those airports with acceptable plans issue requests for proposals (RFPs) and select the firm submitting the best proposal. The airport would then contract with the firm under the supervision of a TSA federal security director (FSD) who oversees all other security operations at that airport.

While the TSA did certify a number of firms through the pilot program, it did not allow airports to issue RFPs, select their preferred bidder, or enter into a contract. Instead, after selecting airports for its study, it assigned one of its certified firms to each one. The TSA then entered into a contract with each firm and directly supervised its operation at each airport. Additionally, ATSA provided that on or after November 2004, all airports could choose between TSA-provided screening and contract operations. As this date approached, the TSA defined its Screening Partnership Program along the same highly centralized lines.[4]

The TSA's private screening program was preor­dained to fail and attracted few takers. As the GAO noted in an April 2004 report, "private screening contractors have had little opportunity to demon­strate and achieve efficiencies."[5] The GAO pointed out that contractors lacked the authority to deter­mine staffing levels and conduct hiring, so all staff additions would require authorization by a TSA assessment center-a process that typically takes several months. The report noted the case of a pilot-program airport in which the inability to hire new individuals "contributed to screener perfor­mance issues, such as absenteeism or tardiness, and screener complacency, because screeners were aware that they are unlikely to be terminated due to staffing shortages."[6]

The GAO also reported that FSDs at non-pilot-program airports expressed similar frustrations at the TSA's centralization of hiring and training. In a survey of all 155 FSDs, the GAO found that "the overwhelming majority…reported that they needed additional [local] authority to a great or very great extent."[7] The modest privatization pro­vision in ATSA has done little to prevent the TSA from evolving into a typical bureaucratic and inflexible government agency.

Lessons Not Learned

Four years of experience have taught that the U.S. government cannot do the job any better than the private sector. This should come as no surprise. Vir­tually every other country that has used govern­ment screeners has reached the same conclusion. When countries first tried to thwart airplane hijack­ing in the 1970s, most nations initially used govern­ment employees to beef up airport security through a government transportation or justice agency.

Beginning in the 1980s, European airports began to develop a performance-contracting model under which the government set and enforced high per­formance standards, which airports then carried out by hiring security companies or occasionally using their own staff. Belgium was the first to adopt this model in 1982, followed by the Netherlands in 1983 and the United Kingdom in 1987. The 1990s saw a new wave of conversions to the public-pri­vate partnership model, with Germany switching in 1992, France in 1993, Austria and Denmark in 1994, Ireland and Poland in 1998, and Italy, Portu­gal, Spain, and Switzerland in 1999.

In 2001, the GAO examined the security screen­ing practices of Canada, Belgium, France, the Neth­erlands, and the United Kingdom.[8] Its report focused on the superior performance of the Euro­pean airports, all of which use the performance-contracting model. The GAO reported four areas of significant differences between U.S. and European screening practices at the time:

• Better overall security system design (e.g., allowing only ticketed passengers past screen­ing and stationing law enforcement personnel at or near checkpoints);
• Higher qualifications and training require­ments for screeners (e.g., 60 hours in France versus 12 hours as then required by the Federal Aviation Administration in the United States);
• Better pay and benefits, resulting in much lower turnover rates; and
• Screening responsibility lodged with the air­port or national government, not with airlines.

When Congress passed the ATSA, it ignored the fact that, as a result of high standards and govern­ment monitoring, nearly every European airport had adopted performance contracting over the past two decades. Israel and a number of nations in the Caribbean and the Far East also use this model. No country has emulated the United States and had its national government take over the actual operation of its passenger-screening system.

Unpromising Future

The prospects for any significant improvement in passenger and baggage security are grim. Instead of charging each airport with securing its opera­tions under national regulatory supervision as is common in most other nations, Congress addressed the 9/11 security failure by vesting in the TSA not only regulatory responsibility, but also ser­vice provision duties of airport screening. The TSA was to be both regulator and operator of baggage and passenger screening, while access control, perimeter patrols, and law enforcement functions were to be executed by the airports themselves under the supervision of FSDs.

The TSA's dual role creates a serious conflict of interest. As one airport director said to a Chicago Tribune reporter in the early days of the TSA, "The problem inherent in the federally controlled screening process is that you end up having a fed­eral agency sitting in the middle of your terminal, essentially answerable to nobody."[9] This point was underscored in a report by Bearing Point on the five pilot-program airports: "Because the screeners at a private contractor [pilot-program] airport are not government employees, the FSD is able to take a more objective approach when dealing with screener-related issues raised by stakeholders such as airport management or air carriers."[10] Under the TSA's current structure, that will never happen.

The Need for Legislation

Fundamentally, the fault does not lie with the TSA, but with Congress, which mandated how the government should address the problem. Congress myopically opted for focusing on how government could make the pre-9/11 security inspection regime better rather than addressing the crucial issue of finding the most efficient and effective way to keep terrorists off of planes. Congress created the problem, and fixing it will take a law from Congress to refocus the government on the job of stopping terrorists rather than rooting through our luggage.

Congress can start by converting the TSA into a much more modest Aviation Security Agency (ASA). Most of the TSA's non-screening functions can and should be performed effectively in other parts of the DHS. In fact, the Bush Administration's fiscal year 2006 budget proposal called for shifting several key programs out of the TSA into a new Screening Coordination and Operations office within the DHS that would include Secure Flight (the successor to CAPPS), Registered Traveler, and Transportation Worker Identity Credential (TWIC). This change, if approved by Congress, would "strip the TSA of its biggest and most high-profile pro­grams and leave it largely as a manager of 45,000 security screeners."[11] This would be a step in the right direction.

However, ATSA still requires the federal govern­ment to provide screening services for airports that did not opt out after November 2004. This should be changed. Instead, Congress should push the gov­ernment to get out of the screening business and devolve screening to individual airports, requiring only that the new ASA set performance standards, approve contracts, and monitor compliance.

The centerpiece of this more modest agency would be its compliance responsibilities. Compa­nies that do not meet set standards of performance not only would be fined, but also would have their contracts terminated. Since most contracts are long-term arrangements, the incentive for high per­formance would thus be very high.

The new ASA would set and enforce standards. The performance standards and enforcement pro­cess should focus on four areas:

• Certification of the security companies, in which the government agency reviews the financial fitness of each firm and the back­grounds of its officers and directors;
• Licensing of individual employees, initially as trained security officers and then as specialized aviation security agents;
• Standards for compensation and benefits to ensure that people of sufficient caliber are recruited and that they are motivated to remain with the company; and
• Training, both initial and recurring, of manag­ers and operating personnel. The ASA would develop the goals and objectives for the train­ing, and companies would devise the curricu­lum, subject to ASA approval.

ASA supervision should also include periodic audits of the qualifications and training of manag­ers and staff as well as random, unannounced test­ing at the screening sites.

The DHS could continue to administer funds to support passenger and baggage screening, whether provided by the airport's own workforce or by gov­ernment-certified contractors. To take advantage of the flexibility of the private sector, Congress should require allocations to be made far more frequently than once a year (ideally, every month), and each airport should receive a lump sum to use as it sees fit for government-approved screening operations. Airports would be subject to reporting and audit requirements to ensure that funds were spent solely for security purposes. Monthly allocations would better match resources with workload. Adjusting funding allocations every month among the 446 American airports with screeners and the local flex­ibility to increase and decrease staffing as needed should result in a much better match of screening workforce to actual workloads.

In addition to matching funding to passenger flow, this system should leave the funds unencum­bered by many of the current requirements. Cur­rently, TSA screeners are paid on a national wage scale, regardless of local living costs, while TSA-certified screening contractors must provide identi­cal wages and benefits. These ATSA provisions were intended to prevent a return to minimum-wage screeners with high turnover. With hiring and operations under the control of each airport, the airport or its contractor would be free to decide which job functions and compensation approaches would best get the job done while still meeting all TSA training and performance standards.

If federal screening funds were allocated to the airports, it would clearly be in their interest to finance the investment in new screening systems that would achieve the best return on investments. This would include installing in-line EDS systems that screen checked baggage as a normal part of the baggage loading process, enabling fewer personnel to inspect bags up to four times faster. Once the costs of the equipment and facility modernization are paid off, the savings could be used for other security improvements, such as more passenger screening lanes and screeners.

Congress will also have to address liability. With the TSA as the provider of airport screening ser­vices, any terrorist incident connected to passenger or baggage screening would make the TSA the most likely target for ensuing lawsuits. However, if such an incident occurred at an airport that opted for a TSA-certified contractor, the airport might be at greater risk for not having followed the standard approach.

Liability has already been an issue with EDS machines and other technologies needed in secu­rity protection. In response, Congress passed the Support Anti-Terrorism by Fostering Effective Technologies Act, better known as the SAFETY Act. It provides a process through which companies providing homeland security technologies or ser­vices can become certified by the DHS and win a limit on their liability. FirstLine and Covenant, two of the leading private screening companies, have recently received this designation. If the TSA with­draws from the provision of screening services and this function is devolved to airports, the airports would face the same liability concerns. Under this new set of alternatives, there would be a more level playing field between in-house and contracted screening if airports were eligible to receive the same degree of SAFETY Act protection as desig­nated screening companies receive. Congress took a step in that direction with language included in the Department of Homeland Security Appropria­tions Act of 2006 that made airport operators not liable for any claims for damages relating to their decision to opt out of TSA-provided screening.[12]

A New Model for Aviation Security

Unburdened by the responsibility of running a 45,000-person screening force, the DHS should turn its attention to developing a 21st century international passenger and cargo security system that does not waste resources by treating every per­son and package as an equal risk that requires scru­tiny checks and screening. A new model system would allocate security resources in proportion to the risk, relying on "focused security" that puts the most resources against the greatest risks.

This approach would begin with the fundamen­tally different assumption that the function of avia­tion security is to identify and isolate dangerous persons, not dangerous objects per se. The chal­lenge is to keep bad people from causing harm, either in the terminal area or to the planes them­selves. The TSA currently devotes the lion's share of its airport resources to only one of these threats: preventing would-be hijackers from boarding planes with weapons. Far less money and effort is spent on securing airport terminal lobbies and the ramp areas where planes park and on keeping air­line tickets out of the hands of known and sus­pected terrorists.

An improved risk-based approach to identifying dangerous people would entail separating passen­gers within the terminal checkpoints into at least three defined groups, based on the quantity and quality of information known about each:

1. Low-risk passengers, about whom a great deal is known;
2. "Ordinary" passengers (mostly infrequent flyers and leisure travelers); and
3. High-risk passengers, about whom nothing is known or there is specific negative information.

Different measures for passenger and bag screen­ing should be applied to each group so as not to waste system resources and passenger time on pro­cedures that contribute little to airport security.

Low-risk passengers are defined as those who have a current federal security clearance or who have been issued a biometric identity card after passing a background check for a registered trav­eler (RT) program. Passengers in this group would go through express lanes at checkpoints with something akin to pre-9/11 protocols (no removal of clothing or electronics). Their checked bags would not have to be EDS-screened. As a safeguard against the small probability that a dangerous per­son might slip into this category, a certain percent­age of these people and bags would be randomly selected for ordinary passenger screening.

Ordinary travelers might go through something like today's level of passenger screening but with a much-reduced list of banned objects, such as light­ers, nail files, and razors. A fraction of this group would be randomly selected for secondary screen­ing (which involves being taken aside for a more thorough inspection of their persons and carry-on bags), as described above.

High-risk passengers include those with no paper trail, about whom so little is known that the safest thing to do is to assume the worst and thor­oughly screen both their persons and their checked and carry-on bags. Everyone in this group would receive a more rigorous version of today's second­ary screening, including screening of bodies and carry-ons for explosives as well as see-through scanning or a thorough pat-down to detect non-metallic objects. The same protocol would apply to those whose names appear on government-main­tained watch lists, although individuals on the no-fly list would simply be detained rather than screened in most cases.

Aviation experts Michael Levine and Richard Golaszewski first suggested separating out low-risk travelers and expediting their processing at air­ports.[13] According to a detailed simulation model of the operations of a theoretical RT program, Car­negie Mellon researchers found that average throughput time could be cut nearly in half for first-class and elite frequent flyers, while coach pas­sengers and those still using the regular lanes would also see decreases in processing time.[14]

In 2004, the TSA launched a five-airport pilot program to test a watered-down version of the RT concept. At each airport, enrollment was limited to frequent flyers of a single airline, with a maximum of 10,000 participants nationwide. There was no shortage of volunteers signing up, even though members still had to endure the identical check­point processing. Initial expectations were that after limited testing, the TSA would roll the pro­gram out to a much larger number of airports and airlines. Instead, the agency decided to open the field to private-sector firms in 2005.[15]

The first offering came from Verified Identity Pass, which was selected in spring 2005 by Orlando International Airport over a competing proposal from Unisys to provide a potentially nationwide "known traveler" program open to all airlines.[16] Verified currently handles the enroll­ment process, which began on June 21, 2005, with the exception of background checks and clearance decisions, for which the TSA is responsible. The company initially charges members $79.95 per year and is working out co-marketing agreements with airline frequent-flyer programs. Because par­ticipating airports must make room for express lanes and special kiosks that verify each member's identity biometrically, Verified shares a percentage of its revenue with participating airports.

It is not clear which checkpoint requirements the TSA might be willing to waive for members of the program. If it approves something like the Car­negie Mellon model, the timesaving benefits for both members and non-members should be signif­icant. There should also be some reduction in checkpoint screening personnel requirements, depending on the proportion of average daily pas­sengers that shifts to express lines that require less screener interaction with passengers.

Once many low-risk passengers have been self-selected out of the mix, the remaining task is to use all feasible information to separate high-risk pas­sengers from all the rest. One tool for doing this is a government-maintained watch list, continuously updated, which the TSA would use to check all passenger reservations. Despite significant efforts among a number of federal agencies to create and maintain such a unified list, nearly four years after 9/11 the outcome still leaves much to be desired.[17]

Another approach is to assess what is known about each passenger based on information pro­vided at the time of ticket purchase. This is the function of the pre-9/11 CAPPS, which actually flagged some, but not all, of the 9/11 hijackers. The idea of such risk-screening systems is to use various algorithms to verify the passenger's identity and look for patterns that might suggest high risk. The TSA's proposed Secure Flight system is intended to do this, replacing CAPPS.

The original CAPPS, still in use because its replacement has been repeatedly delayed, employs rather crude and well-known algorithms (e.g., pay­ing cash and buying a one-way ticket) and can therefore be avoided by those seeking to do harm. It apparently does not make use of travel-history data maintained in airline industry databases that are linked to the passenger name record.

In an exercise for the Reason Foundation in 2003, R.W. Mann & Company tested several differ­ent algorithms using 5 million travel records for the two-month period before and after September 11, 2001. One query identified 13 sets of travelers fit­ting a pattern that closely matched those of the actual 9/11 hijackers. The records pulled up by this query included all of the actual hijackers.[18]

To supplement such tools and to deal with lobby-area persons not holding tickets, a technique of "behavioral profiling" could also be employed, as is already done at Israeli airports, Boston's Logan Airport, and Las Vegas casinos.[19] The general idea is to monitor people's behavior unobtrusively, look­ing for suspicious activities, and then have security personnel follow up by questioning the people who are acting suspiciously.

Saving Money Through Smart Security

The risk-based approach would produce signifi­cant cost savings in both capital and operating costs while targeting airport security funds toward the passengers who are most likely to pose threats to people and property. Those savings, in turn, could be used to expand security in other areas and to reduce costs for passengers, airlines, airports, and taxpayers.

The risk-based model would reduce the size and cost of checked-baggage screening. The bags of RT members could be screened via high-speed X-ray machines, reducing the demand for EDS machines. The GAO reports that the TSA has not done a detailed assessment of the cost of adding in-line EDS systems at all of the remaining airports where it would make sense, but the TSA broadly estimates that it will cost from $3 billion to $5 billion.[20] A system needing half as many EDS machines would cost about 40 percent less. (Some other factors, such as facility modifications and conveyor sys­tems, could not be scaled down as much.) A 40 percent reduction in capital costs translates into one-time savings in the range of $1.2 billion to $2 billion, reducing the cost of the remaining in-line systems to from $1.8 billion to $3 billion.

Conclusion

Congress can help to address the nation's airport security needs more effectively by insisting on three fundamental changes:

• Restructuring the TSA's mission from provid­ing airport security to being an aviation security policymaker with responsibilities for policy and regulation;
• Devolving screening responsibility to the air­port level under the supervision of a federal security director; and
• Requiring that the DHS work to develop a new passenger and cargo security system that employs a risk-based model for airport security.

Every day that the TSA is perpetuated in its cur­rent form is another day that money is wasted with­out any notable addition to America's security.

Robert W. Poole, Jr., is Director of Transporta­tion Studies at the Reason Foundation in Los Angeles, and James Jay Carafano, Ph.D., is Senior Research Fellow for National Security and Homeland Security in the Douglas and Sarah Allison Center for Foreign Policy Studies, a division of the Kathryn and Shelby Cullom Davis Institute for International Studies, at The Heritage Foundation.