TSA’s Classified “Risk-Reduction Analysis”

By Jim Harper

Last month, our friends at the Competitive Enterprise Institute filed suit against the TSA because the agency failed to follow basic administrative procedures when it deployed its notorious “strip-search machines” for use in primary screening at our nation’s airports. Four years after being ordered to do so by the U.S. Court of Appeals for the D.C. Circuit, TSA still hasn’t completed the process of taking comments from the public and finalizing a regulation setting this policy. Here’s hoping CEI’s effort helps make TSA obey the law.

The reason why federal law requires agencies to hear from the public is so that they can craft the best possible rules. Nobody believes in agency omniscience. Public input is essential to gathering the information for setting good policies.

But an agency can’t get good information if it doesn’t share the evidence, facts, and inferences that underlie its proposals and rules. That’s why this week I’ve sent TSA a request for mandatory declassification review relating to a study that it says supports its strip-search machine policy. The TSA is keeping its study secret.

In its woefully inadequate (and still unfinished) policy proposal on strip-search machines, TSA summarily asserted: “[R]isk reduction analysis shows that the chance of a successful terrorist attack on aviation targets generally decreases as TSA deploys AIT. However, the results of TSA’s risk-reduction analysis are classified.”

Since then, we’ve learned that TSA’s security measures fail 95% of the time when undercover agents try to defeat them.

By its nature, risk management requires analysts to make assumptions and to work with data that are often imprecise. It is crucial that analyses of this type be open and transparent, so that assumptions and data can be tested and challenged. Our comments on the proposal discussed risk management, as well as many other aspects of the proposed policy. Making the TSA’s “risk reduction analysis” available for public perusal would undoubtedly help the agency come up with a better rule. Hopefully, they’ll have the sense to declassify and publish it.

Though we remain uninformed by TSA’s incomplete administrative processes, next month CEI’s Marc Scribner and I will be on Capitol Hill discussing the sorry state of airline security, a product of TSA’s lawlessness and ill-advised secrecy.

(From time to time, critics of my work will suggest—not without reason—that working to bring TSA within the law is futile and that the agency should be shuttered. It should be. That is a goal that we can pursue at the same time as we pursue one alternative: an agency that follows the law and manages risks more intelligently.)

Topics:
Foreign Policy and National Security, Telecom, Internet & Information Policy
Tags:
TSA, strip-search machines, AIT, CEI, competitive enterprise institute, transportation security administration