Today’s U.S. airport security policy rests on a fallacious proposition. By applying equal screening resources to all passengers and all bags, the system acts as if security officials believe that every passenger and every bag is equally likely to be a threat. This premise wastes limited security resources on low-risk passengers and bags, thereby devoting less resources to higher-risk passengers and bags. In addition, this approach has created a “hassle factor” at airports that drives away airline passengers. Credible estimates put the lost airline business due to this factor in the vicinity of $3 billion per year.
A more intelligent approach to airport security is to apportion security resources to passengers and baggage in proportion to estimated risk—just as law enforcement agencies do in other circumstances, ranging from the stalking of public figures to family violence. Risk-based airport security would mean a reduced focus on finding bad objects and an increased focus on identifying potentially bad people—those most worthy of additional scrutiny. Screening resources would then be applied in accordance with a passenger’s risk category. This report shows how a risk-based system can be implemented without posing a threat to the privacy of air travelers.
Risk-based principles are already used by the federal government with respect to border-crossing, where a number of programs (such as INSPASS and NEXUS) permit travelers to volunteer for pre-clearance, enabling them to bypass long lines when they actually pass through border facilities. Likewise, in the cargo area, “known-shipper” programs represent additional uses of risk-based decision-making. Overseas airports, in Israel and Europe, use risk-based techniques such as passenger profiling and trusted traveler programs to sort passengers into different risk groups for differential processing at the airport. Seen against this broad background, it is the security approach used for passengers and bags at U.S. airports that is out of step.
This report reviews the two key tools needed for a risk-based security model for U.S. airports. The first is a system for pre-clearing a subset of low-risk passengers, who can then receive expedited processing at airports. The current term for this is a Registered Traveler program. The second is a system for selecting out high-risk passengers for extra scrutiny. Our proposed Risk Screening System (RSS) would replace the current, flawed Computer-Assisted Passenger Prescreening System (CAPPS).
With tools of this sort in place, both passenger and baggage screening can be redesigned to reduce delays and to redirect screening resources to where they are most needed. All checked bags of high-risk passengers would be screened by the most expensive (and generally slowest) explosive detection systems, but only a random fraction of other bags would be processed by those machines, rather than faster, less costly machines. All baggage processing would be carried out in secure baggage areas, away from crowded passenger lobbies for both safety and security reasons.
Under this risk-based approach, all passengers would be thoroughly screened at the security checkpoints at the entrances of concourses. This would eliminate last minute screening at the boarding gate. To make this possible, information from the RSS must be available at passenger screening checkpoints. Hence, all passengers must obtain boarding passes from either a ticket counter or an e-ticket kiosk in the lobby. The screening checkpoints must be redesigned to provide for (1) expedited lines for Registered Travelers, and (2) additional positions at which those selected by RSS can undergo additional screening.
Both the Registered Traveler program and the Risk Screening System could pose troubling privacy issues, depending on how they are designed and used. The Registered Traveler program requires a membership database, but it will be more acceptable to passengers if that database is administered by one or more private sector firms, interfacing with Transportation Security Administration (TSA) for the actual clearance decision and with individual airlines for customer interactions.
For the risk-screening function, TSA’s proposed CAPPS-II would create a massive, intrusive database on the personal and financial details of air travelers. This is far more than required for the task of identifying highrisk travelers for enhanced scrutiny at airports. Our proposed RSS, by contrast, would rely on the information already contained in airline reservation systems (which could have singled out a small subset of air travelers including all of the 9/11 hijackers). Creation of TSA’s proposed Aviation Security Screening Records database should be forbidden by Congress.
The shift of TSA into a new Homeland Security Department offers a good opportunity to rethink the past year’s over-emphasis on passenger airline security, at the expense of numerous other vulnerabilities in U.S. transportation, let alone other vital infrastructure. Shifting to a risk-based approach to airport security should be an integral part of that rethinking.