Tag: transportation security administration

Strip-Search Machines: A Loss Seeds the Win

Last week, the D.C. Circuit Court of Appeals rejected a Fourth Amendment challenge to the Transportation Security Administration’s strip-search machine policies, but it found that the TSA violated the Administrative Procedure Act in rolling them out. Too bad that the court arrived at the Fourth Amendment issues before they were ripe.

The bulk of the decision was devoted to the TSA’s law violation in creating strip-search machine policies without doing a notice-and-comment rulemaking. That’s the procedure federal agencies are required to carry out when Congress has delegated them legislative authority. Congress did delegate such authority when it told the Department of Homeland Security to develop technologies that detect nonmetallic, chemical, biological, and radiological weapons in 2004’s Intelligence Reform and Terrorism Prevention Act.

“[T]he TSA has advanced no justification for having failed to conduct a notice-and-comment rulemaking,” the court wrote, adding that it expects the agency “to act promptly on remand to cure the defect in its promulgation.”

The TSA will likely spout “constantly changing threat environment” boilerplate to try and argue that it can avoid notice and comment under the APA’s “good cause” exception. An agency can skip notice and comment “when the agency for good cause finds … that notice and public procedure thereon are impracticable, unnecessary, or contrary to the public interest.”

But the threat environment is not “constantly changing” at the level of abstraction relevant for the strip-search machine policy—some people are out there who might try to get dangerous articles onto planes—and these machines will be in place for decades, if not permanently, under the TSA policy. They will affect the privacy and security of billions of air passenger journeys. Even if there were need for haste in rolling out the machines, nothing makes it uniquely difficult, or anything other than appropriate, for the TSA to engage in a public process to substantiate its actions.

When the TSA does a rulemaking, it will have to lay out its strip-search machine policies and—crucially—justify them. Notice-and-comment rules are subject to court review, and reversal if they are “arbitrary, capricious, an abuse of discretion, or otherwise not in accordance with law.” That is a rather low standard, but it’s a higher standard than the agency has ever met before—none at all.

The TSA will have to exhibit how its risk management supports the installation and use of strip-search machines. How did the TSA do its asset characterization (summarizing the things it is protecting)? What are the vulnerabilities it assessed? How did it model threats and hazards (actors or things animated to do harm)? What are the likelihoods and consequences of various attacks? Risk assessment questions like these are all essential inputs into decisions about what to prioritize and how to respond.

Congress dictated detection of various harmful agents, a form of interdiction. (The other responses to risk are acceptance, prevention, and mitigation.) Given the array of choices available to it, how did the TSA select strip-search machines?

Crucially, how well do strip-search machines reach the risks identified in their risk assessment? This is a cost-benefit question. How much do strip-search machines cost to purchase, maintain, and operate? The costs denominated in dollars include money spent on buying the machines, configuring airports, and paying TSA salaries to operate the machines and process passengers. Such costs also include opportunity costs imposed on travelers when the time they spend at airports lengthens to accommodate extended security screening and variable delays. Yet more costs are denominated in lost privacy and dignity to the traveler. These are substantial, though hard to quantify.

Security benefits are also hard to quantify, but the agency should do so if it is to justify its policies as something better than random or intuitive reaction. DHS and TSA officials endlessly talk about risk and risk management, but they cannot honestly say they are doing risk management if they are not thinking these issues all the way through. I’ve offered a methodology for valuing security benefits, and security experts (as well as students) have analyzed the costs and benefits of homeland security programs. The TSA can do it too.

Watch in the rulemaking for the TSA to obfuscate, particularly in the area of threat, using claims to secrecy. “We can’t reveal what we know,” goes the argument. “You’ll have to accept our generalizations about the threat being ‘substantial,’ ‘ever-changing,’ and ‘growing.’” It’s an appeal to authority that works with much of the American public, but it is not one to which courts—a co-equal branch of the government—should so easily succumb.

If it sees it as necessary, the TSA should publish its methodology for assessing threats, then create a secret annex to the rulemaking record for court review containing the current state of threat under that methodology, and how the threat environment at the present time compares to threat over a relevant part of the recent past. A document that contains anecdotal evidence of threat is not a threat methodology. Only a way of thinking about threat that can be (and is) methodically applied over time is a methodology.

With this information in hand, a court would not only be ready to assess the TSA’s rule under the Administrative Procedure Act’s “arbitrary and capricious” standard. It would be ready to assess the reasonableness of the TSA’s strip-search machines and procedures under the Fourth Amendment.

Without that information, the D.C. Circuit plugged the strip-search machines into the strangely incoherent “administrative search” exception to the Fourth Amendment. In two pages of analysis (out of the opinion’s seventeen), the court found that strip-search machines are administrative “because the primary goal is not to determine whether any passenger has committed a crime but rather to protect the public from a terrorist attack.”

Come again?

It seems the court could have taken judicial notice that terrorist attacks are carried out through one or more criminal behaviors. People who have weapons or other dangerous articles at airport checkpoints are subject to arrest and prosecution. Crime control and public protection are one in the same, even in counterterrorism.

The “administrative search” exception to the Fourth Amendment seems to rest on the willingness of a court to abstract away the fact that individuals are prevented from proceeding where they would go (seized) while their persons, papers, and effects are rummaged (searched) for the purpose of discovering violations of the criminal laws. Earlier in the opinion, in fact, the court mocked the idea that the TSA might not “engage in ‘law enforcement, correctional, or intelligence activity.’” It surely does. This is not “administrative.” It’s criminal law enforcement.

Perhaps with a full record—a notice-and-comment rulemaking with a docket full of information and analysis—the D.C. Circuit and other courts will have the opportunity to revisit whether the TSA’s strip-search machine policies are constitutionally reasonble, or whether they’re unexamined reaction. Last week’s “loss” on the Fourth Amendment issue sets the stage for sounder thinking on the strip-search machine policy.

All of this would be obviated, of course, if airline security were restored to private hands.

State Officials Needn’t Heed Feds’ Threats

Federal officials blitzed Texas this week to fight a bill pending in Austin that would control TSA groping of air travelers in that state, reports Forbes’ “Not-So-Private Parts” blogger Kashmir Hill.

Federal government officials descended on the Capitol to hand out a letter … from the Texas U.S. Attorney letting senators know that if they passed the bill, the TSA would probably have to cancel all flights out of Texas. As much as they love their state, the idea of shutting down airports and trapping people in Texas was scary enough to get legislators to reconsider their support for the groping bill…

The federal government’s threat to shut down air travel is serious, but empty. As we’ve seen time and again with the REAL ID Act, the federal government does not have the political will to attack passenger air travel in the name of increasing surveillance and intrusion.

In fact, earlier this year, the Department of Homeland Security didn’t even bother to threaten any repurcussions for states before it once again pushed back a May 2011 (false) deadline for REAL ID compliance. (Previous instances noted here and here.) The REAL ID Act allows the federal government to refuse licenses and ID cards from non-complying states at airport checkpoints, but it’s just not going to happen.

The DHS announcement notes $175 million in spending on REAL ID so far. That waste continues to accrue so long as Congress appropriates money for the national ID program, which will never be implemented.

While we’re on the subject of empty threats from federal officials—and do see Julian Sanchez’s post hitting the same subject—it has been more than four years since then-Secretary of Homeland Security Michael Chertoff said about the REAL ID Act:

If we don’t get it done now, someone is going to be sitting around in three or four years explaining to the next 9/11 Commission why we didn’t do it.

Secretary Chertoff was wrong—factually wrong on the imminence and nature of the terror threat, and ethically wrong to tout terror threats in an attempt to defeat the will of our free people.

With our stubborn insistence on freedom, the American people and state leaders have done a better job of assessing the threat environment than the Secretary of Homeland Security. As I said when I testified on this topic to the Pennsylvania legislature, state leaders should continue to recognize that they are as equipped, if not better equipped, than federal officials to judge what is right for their people. Counterterrorism and airport security are not an exception to that, though federal imperiousness in these areas remains at a high.

House Approps Strips TSA of Strip-Search Funds

The fiscal 2012 Department of Homeland Security spending bill is starting to make its way through the process, and the House Appropriations Committee said in a release today that “the bill does not provide $76 million requested by the President for 275 additional advanced inspection technology (AIT) scanners nor the 535 staff requested to operate them.”

If the House committee’s approach carries the day, there won’t be 275 more strip-search machines in our nation’s airports. No word on whether the committee will defund the operations of existing strip-search machines.

Saving money and reducing privacy invasion? Sounds like a win-win.

Can I Have My Airport Back Please?

Even while it was a rumor that President Obama would announce that Osama bin Laden had been killed, Americans began to digest the ramifications, asking, for example, “can I have my airport back please?”

Pleasing though it is to have in contemplation, the question is premature. Students of terrorism, such as those who attended our 2009 and 2010 counterterrorism conferences, know that the killing of bin Laden will have little direct effect on the network he spawned. Its indirect, discouraging effect on terrorism is something I mused about in an earlier post.

What about the effects on the rest of us, the people and actors in our great counterterrorism policymaking apparatus?

Osama bin Laden’s survival helped shore up the mystique of the terrorist supervillain, which has fed counterterrorism excess such as the Transportation Security Administration’s domestic airport security gauntlet. Now that bin Laden is gone, the public will be more willing to carefully balance security and privacy in our free country. By a small, but important margin, courts will be less willing to indulge extravagant government claims about threat and risk.

My friends in the national security bureaucracy may honestly perceive the contraction in their power as carelessness about a threat that they have dedicated their professional lives to combating, but the Declaration of Independence touts security only once, and freedom twice, in the phrase “life, liberty, and the pursuit of happiness.” The counterterrorism debate continues.

TSA’s Pistole Says ‘Risk-Based,’ Means ‘Privacy Invasive’

There is one thing you can take to the bank from TSA administrator John Pistole’s statement that he wants to shift to “risk-based” screening at airports: it hasn’t been risk-based up to now. That’s a welcome concession because, as I’ve said before, the DHS and its officials routinely mouth risk terminology, but rarely subject themselves to the rigor of actual risk analysis.

What Administrator Pistole envisions is nothing new. It’s the idea of checking the backgrounds of air travelers more deeply, attempting to determine which of them present less of a threat and which prevent more. That opens security holes that the risk-averse TSA is unlikely to actually tolerate, and it has significant privacy and Due Process consequences, including migration toward a national ID system. 

I wrote about one plan for a “trusted traveler”-type system recently. As the details of what Pistole envisions emerge, I’ll look forward to reviewing it.

The DHS Privacy Committee published a document several years ago that can help Pistole with developing an actual risk-based system and with managing its privacy consequences. The Privacy Committee itself exists to review programs like these, but has not been used for this purpose recently despite claims that it has.

If Pistole wants to shift to risk-based screening, he should require a full risk-based study of airport screening and publish it so that the public, commentators, and courts can compare the actual security benefits of the TSA’s policies with their costs in dollars, risk transfer, privacy, and constitutional values.

Man Acquitted of Crimes Associated with Asserting His Rights

(HT: Techdirt) It is infuriating to watch the video Phil Mocek made while attempting to assert his legal rights at the airport. The good news is that he has been acquitted of the bogus charges brought against him, including disorderly conduct, concealing his identity, refusing to obey a police officer, and criminal trespass.

The video illustrates the knowledge, fortitude, and cool it takes to assert one’s rights. We owe our thanks to Mr. Mocek, who has helped to educate the TSA and society in general about the law that applies at the airport.

Perhaps he can further the educational process by bringing an action under 42 U.S.C. §1983 for violation of his civil rights under color of law. The Transporation Security Administration’s training programs might improve, or Congress might pay attention to the constitutional black hole they have created in airports—if it costs enough to threaten their earmark money.

Rep. Clyburn Wants Special Treatment at Airports

It’s fascinating to watch a member of Congress use a tragedy like Gabrielle Giffords’ shooting to seek advantage over us common folk. On Fox News Sunday this week, Representative James Clyburn (D-SC) suggested that Members of Congress should get special treatment at airports.

Airports are some of the safest places anyone can be. Don’t use your imagination—think about it: Airports teem with security personnel and security-conscious citizens. Because their travel schedules are generally unannounced, members of Congress are not any more exposed while traveling than during their other public movements. There is some risk—we know too well because of this weekend’s tragedy—when elected officials make announced public appearances, but that small risk is something they should generally continue to accept lest they fall even further out of touch with constituents.

It is vitally important that members of Congress experience air travel as the rest of us do. If they don’t, they will continue to impose its burdens on us without getting the valuable feedback of first-hand experience.