Security: A Time to Pause

Jan. 1, 2005
The resignations of Tom Ridge and James Loy from the Department of Homeland Security give us the opportunity to step back and take a hard look at how the Transportation Security Administration has dealt with airport security

The resignations of Tom Ridge and James Loy from the Department of Homeland Security give us the opportunity to step back and take a hard look at how the Transportation Security Administration has dealt with airport security in its first few years of existence. Rather than details like inequities in funding the in-line EDS systems or the continuing problem of long lines at checkpoints, I want to focus on more fundamental issues.

The first issue concerns the degree to which political correctness has undermined sensible decisionmaking about airport security.

It's no accident that airports have received more than 90 percent of all TSA funding, despite the agency's responsibility for protecting all transportation infrastructure (ports, railroads, transit, trucking, etc.). This stems directly from Congress having mandated the very costly 100 percent screening of checked bags for explosives and equal screening of all airline passengers, as well creating a much larger and more costly staff of federal employees to do the actual screening.

I cite political correctness because inherent in today's airport screening policies is the idea that every bag and every passenger is equally likely to be a threat, and hence must receive the same scrutiny. That's why every checked bag must be screened for explosives, even if it's carried by an aerospace engineer with a Top Secret clearance.

And that's why it's presumed that if the current loophole that ignores the threat of explosives carried under a passenger's clothing were to be closed, it would have to involve forcing all passengers to walk through something like a backscatter X-ray machine. And it's why "profiling" of passengers to determine which ones are more likely to pose a threat (which was the original intent of the pre-9/11 CAPPS, developed by Northwest Airlines) has been studiously avoided.

Not only is this "everyone is equally likely" premise incorrect, it is also inconsistent with how transportation security is carried out by TSA elsewhere. In air cargo, we have risk-based policies such as the Known Shipper program. Likewise, cargo containers coming into ports are selected for inspection based on risk estimates. Were the United States to attempt anything like 100 percent physical inspection of every cargo container, or every truck trailer crossing our borders, commerce would grind to a halt. And the cost would be in the tens if not hundreds of billions of dollars.

Successes, Failures
A major failing of the Ridge era was that the newly created Department of Homeland Security did not do the hard thinking to make the case for extending the risk-based approach used everywhere else in transportation security to the passenger airline sector. That would have meant going back to Congress with proposed changes to the hastily enacted Aviation & Transportation Security Act of 2001, and that would have required the expenditure of political capital. But it would have been the right thing to do. That's what leadership is all about.

To its credit, TSA has pursued one risk-based program: the Registered Traveler approach, under which frequent flyers can volunteer for pre-clearance and expedited passage through passenger screening. But in addition to expanding this program systemwide, it needs to be extended to the checked bags of RT members. As a recent RAND Corporation analysis has demonstrated, exempting such bags from EDS screening could yield major savings for airports by reducing the size and cost of their EDS systems.

A Conflict of Interest
Even more fundamental than the failure to apply risk-based policies to air travel is the institutional conflict which Congress built into TSA from the outset. This one agency is both a major provider of aviation security and the regulator of aviation security. That is a conflict of interest, just as was built into the old Atomic Energy Commission, which both promoted and regulated nuclear power.

A similar conflict has long existed in air traffic control, with a single government agency historically both providing ATC services and regulating the safety of those services.

Fortunately, a recent ICAO policy required all signatories to separate these functions by the end of 2003, which is why the FAA created a new regulatory office to oversee the safety of the new Air Traffic Organization. Overseas, some 38 countries have physically separated ATC from their transport ministries over the past 15 years, setting it up as a separate corporate entity, regulated at arms-length by the transport agency.

But in its post-9/11 haste to reassure the public about aviation security, Congress ignored such institutional conflicts. It "federalized" airport screening by mandating that federal employees physically provide those services.

The alternative, actually followed by most large European airports and supported by the original House bill, would have called for strong federal standards and oversight of passenger and baggage screening provided by airports themselves. This approach would have the advantage of unifying all airport security functions (passenger and baggage screening, access control, perimeter protection, etc.) rather than having them divided between the TSA and the airport.

A TSA federal security director would still provide regulatory oversight, but the airport would be free to use whatever mix of employees and TSA-certified contractors it found optimal.

Time to Revisit Congress
Here again, the TSA and parent DHS could and should have expended the political capital to go back to Congress and ask for the law to be changed. The November 2004 opening of the window for airports to opt out of TSA-provided security would have been a logical hook upon which to hang this issue. Not many airports are applying for the opt-out program, as defined by TSA within the constraints of the 2001 law.

Although TSA might have been able to grant a bit more flexibility to airports choosing opt-out, the basic problem is that the law keeps too much control with TSA. If the airport cannot even select its preferred contractor and manage that relationship, there is a serious problem of over-centralization.

Instead of asking Congress for a few tweaks, the airport (and airline) community ought to aim at redefining the TSA's role. Convert it from being an airport screening provider with a veneer of concern about other transportation modes into a true all-transportation security policy-maker and regulator.

Delegate actual service provision for all airport security tasks to the airports themselves, giving them ample scope to "make or buy" services as needed, from TSA-certified contractors. Those two changes ? shifting airport security policy to a risk-based model and getting TSA out of the service delivery business ? would be worthy goals for the airport industry to work towards in 2005.