A Conflict of Interest
Even more fundamental than the failure to apply risk-based policies to air travel is the institutional conflict which Congress built into TSA from the outset. This one agency is both a major provider of aviation security and the regulator of aviation security. That is a conflict of interest, just as was built into the old Atomic Energy Commission, which both promoted and regulated nuclear power.
A similar conflict has long existed in air traffic control, with a single government agency historically both providing ATC services and regulating the safety of those services.
Fortunately, a recent ICAO policy required all signatories to separate these functions by the end of 2003, which is why the FAA created a new regulatory office to oversee the safety of the new Air Traffic Organization. Overseas, some 38 countries have physically separated ATC from their transport ministries over the past 15 years, setting it up as a separate corporate entity, regulated at arms-length by the transport agency.
But in its post-9/11 haste to reassure the public about aviation security, Congress ignored such institutional conflicts. It "federalized" airport screening by mandating that federal employees physically provide those services.
The alternative, actually followed by most large European airports and supported by the original House bill, would have called for strong federal standards and oversight of passenger and baggage screening provided by airports themselves. This approach would have the advantage of unifying all airport security functions (passenger and baggage screening, access control, perimeter protection, etc.) rather than having them divided between the TSA and the airport.
A TSA federal security director would still provide regulatory oversight, but the airport would be free to use whatever mix of employees and TSA-certified contractors it found optimal.
Time to Revisit Congress
Here again, the TSA and parent DHS could and should have expended the political capital to go back to Congress and ask for the law to be changed. The November 2004 opening of the window for airports to opt out of TSA-provided security would have been a logical hook upon which to hang this issue. Not many airports are applying for the opt-out program, as defined by TSA within the constraints of the 2001 law.
Although TSA might have been able to grant a bit more flexibility to airports choosing opt-out, the basic problem is that the law keeps too much control with TSA. If the airport cannot even select its preferred contractor and manage that relationship, there is a serious problem of over-centralization.
Instead of asking Congress for a few tweaks, the airport (and airline) community ought to aim at redefining the TSA's role. Convert it from being an airport screening provider with a veneer of concern about other transportation modes into a true all-transportation security policy-maker and regulator.
Delegate actual service provision for all airport security tasks to the airports themselves, giving them ample scope to "make or buy" services as needed, from TSA-certified contractors. Those two changes ? shifting airport security policy to a risk-based model and getting TSA out of the service delivery business ? would be worthy goals for the airport industry to work towards in 2005.