Homeland security: Eroding your human rights without any benefit-cost analysis

Lynne Kiesling

Over the past six months the TSA has started using whole-body imaging scanners as primary screening devices without explicit Congressional authorization. Congress has only authorized the TSA’s privacy officer to solicit public comment and publish a privacy impact statement (according to EPIC’s lawsuit), and their authorization of TSA practices is implicit in their budget authorization. But TSA’s response is to use scanners as primary, and to bully passengers into accepting it by making the opt-out frisk onerously invasive. For example, two women have recently made public the invasive frisks that they’ve endured and the pain it caused them: journalist Amy Alkon and former Miss USA Susie Castillo (note, in particular, Castillo’s video accompanying her post, and the response from TSA spokesperson Luis Casanova, claiming that the screener in her case followed proper procedure, which in a rational world would means that the procedure is morally bankrupt). To quote Amy Alkon from a comment on her post:

It is not just “unfortunate” that I (and many others) have had this experience. It is a dangerous threat to our rights and part of the near constant attempts to degrade them in the name of safety these days. This is not “the price you pay for wanting to fly.” This is the price you pay for complacency about government rights grabs. If I or any person smart enough to hold their own in this comments section wanted to get a weapon or a bomb on a plane, they could.

But, sleep tight, sheeple.

The DHS and TSA are following these policies without Congressional authorization and without performing either economic analysis or risk assessment, relying solely as executive agencies on the continuing support of the executive branch. (The TSA also fails to comply with the public comment and disclosure requirements of the Administrative Procedure Act, which is one aspect of EPIC’s lawsuit against them.)

Yet this technology is so fallible that in addition to failing to identify a gun on an agent 5 times as she passed through a scanner to test it, it will flag you for an anomaly even for a piece of lint in your trouser pocket. That anomaly marks you for a frisk, after having been scanned, so the “either-or” proposition turns into an intrusive “both-and” for many people (although we don’t know for sure how many, because the TSA refuses to compile and share such data).

In a recent post, Salon’s “Ask the Pilot” author Patrick Smith essentially summarizes my thinking on how ineffective, ludicrous, and offensive TSA policies are, and I encourage you to read his observations (and the comments on the post). In suggesting alternatives, he highlights the important political economy motives that are involved in the large expenditures on such ineffective technologies:

And I’m still waiting for somebody to explain the logic of the body scanners. Let’s ignore for a minute the audacity of these machines and our capitulation to their existence. (If, a decade ago, we were told that people would soon have to appear naked in order to board an airplane, such a claim would have been met by laughter and outrage. But here it has come to pass.) We’re asked to believe the scanners are a critical tool. Yet they are being deployed domestically rather than at airports overseas, and only sporadically at that. Should a bomber notice a scanner at one checkpoint, he merely needs to choose the next one down.

And here’s where it’s easy to be cynical. Instead of body scanners, why not rely on bomb-sniffing dogs? They’re highly effective, unobtrusive, and cheaper — not to mention cuter. I suspect it’s because there isn’t a big corporation somewhere that stands to earn billions of dollars from the deployment of dogs. It’s doubtful the scanners are making us safer. But rest assured they’re making somebody wealthy.

The one-two scan-frisk punch is both ineffective and a violation of our inalienable right to be free from unreasonable search, a right that in the US is supposed to be enforced by government employees who take an oath to uphold the Constitution. And yet the DHS and TSA have not performed any benefit-cost analysis to show whether their large tax-funded expenditures are worth it; even though the GAO has pushed them to do so, the feckless and irresponsible Congress has failed to hold the agencies accountable for this analysis. Such a benefit-cost analysis must include a risk assessment – not just a relative risk assessment among a set of security measures, but an absolute risk assessment of the probability of a terrorist attack and the value of its harm relative to other risks that we incur in our normal daily routines. Bruce Schneier makes this point eloquently in all of his writing about the security theater that we endure and pay for, and recently did so in a TED talk that I recommend.

Since Congress has failed in its fiduciary duty to American taxpayers, academic researchers have stepped into the breach and provided a benefit-cost analysis using the limited public data available. As this month’s Midwest Political Science Association annual meetings, Ohio State political scientist John Mueller and Australian civil engineering professor Mark Stewart presented a benefit-cost analysis of overall DHS (including TSA) expenditures over the past decade, as well as an analysis of the methodologies that DHS and TSA use to identify and prioritize their activities. Gulliver in the Economist also picked up on the paper over the weekend. The paper’s abstract:

The cumulative increase in expenditures on US domestic homeland security over the decade since 9/11 exceeds one trillion dollars. It is clearly time to examine these massive expenditures applying risk assessment and cost-benefit approaches that have been standard for decades. Thus far, officials do not seem to have done so and have engaged in various forms of probability neglect by focusing on worst case scenarios; adding, rather than multiplying, the probabilities; assessing relative, rather than absolute, risk; and inflating terrorist capacities and the importance of potential terrorist targets. We find that enhanced expenditures have been excessive: to be deemed cost-effective in analyses that substantially bias the consideration toward the opposite conclusion, they would have to deter, prevent, foil, or protect against 1,667 otherwise successful Times-Square type attacks per year, or more than four per day. Although there are emotional and political pressures on the terrorism issue, this does not relieve politicians and bureaucrats of the fundamental responsibility of informing the public of the limited risk that terrorism presents and of seeking to expend funds wisely. Moreover, political concerns may be over-wrought: restrained reaction has often proved to be entirely acceptable politically.

I strongly, heartily, fervently encourage you to read their analysis; while not ideal and obviously constrained by having to rely on some assumptions grounded in limited publicly-available data, their analysis makes conservative assumptions biased toward the case for increased expenditure. And yet they find that in order for this one trillion dollars increase in security spending to be worth it, we have to deter four attacks per day. This is a shocking result.

Their analysis starts with a question that too few people ask: is this expenditure worth it? They then critique DHS procedures that fail to perform benefit-cost analyses or accurate risk assessments:

Indeed, at times DHS has ignored specific calls by other government agencies to conduct risk assessments. In 2010, the Department began deploying full-body scanners at airports, a technology that will cost $1.2 billion per year. The Government Accountability Office specifically declared that conducting a cost-benefit analysis of this new technology to be “important.” As far as we can see, no such study was conducted. Or there was GAO’s request that DHS conduct a full cost/benefit analysis of the extremely costly process of scanning 100 percent of U.S.-bound containers. To do so would require the dedicated work of a few skilled analysts for a few months or possibly a year. Yet, DHS replied that, although it agreed that such a study would help to “frame the discussion and better inform Congress,” to actually carry it out “would place significant burdens on agency resources.”

Clearly, the DHS focuses all or almost all of its analyses on the contemplation of the consequences of a terrorist attack while substantially ignoring the equally important likelihood component of risk assessment as well as the key issue of risk reduction. In general, risk assessment seems to be simply a process of identifying a potential source of harm and then trying to do something about it without evaluating whether the new measures reduce risk sufficiently to justify their costs. (p. 4)

Of all of the disturbing points raised in the paper, Mueller’s and Stewart’s discussion of “probability neglect” and probability analysis is high on the list. Probability neglect is the tendency of people to focus on worst-case scenarios but not their likelihood, which is a substantial distortion when we are talking about very low probability, high cost events. DHS methods use this cognitive bias to their advantage. I can’t tell whether DHS uses probability analysis incorrectly due to their innumeracy or because it enhances their ability to extend their agenda and budget, but in either case this is unacceptable. Not only do they exploit probability neglect; they also do not apply probability analysis correctly:

What is necessary is due consideration to the spectrum of threats, not simply the worst one imaginable, in order to properly understand, and to coherently deal with, the risks to people, institutions, and the economy. The relevant decision-makers are professionals, and it is not unreasonable to suggest that they should do so seriously. Notwithstanding political pressures, the fact that the public has difficulties with probabilities when emotions are involved does not relieve those in charge of the requirement, even the duty, to make decisions about the expenditures of vast quantities of public monies in a responsible manner. …

A second stratagem for neglecting probability that is sometimes applied at DHS is to devise a rating scale where probabilities of attack are added to the losses. Thus, as a Congressional Research Service analysis points out, to determine whether a potential target should be protected, DHS has frequently assessed the target’s vulnerability and the consequences of an attack on it on an 80-point scale and the likelihood it will be attacked on a 20-point ranked scale. It then adds these together. Thus, a vulnerable target whose destruction would be highly consequential would be protected even if the likelihood it will be attacked is zero, and a less consequential target could go unprotected even if the likelihood it will be attacked is 100 percent.

This procedure violates the principles espoused in all risk assessment techniques such as those codified in international risk management standards supported by 26 countries including the United States. In these risk is invariably taken to be a product in which the attack probability is multiplied by the losses, not added to them. Essentially, what often seems to be happening is that DHS has a pot of money to dole out, and it has worked out a method for determining which projects are most worthy while avoiding determining whether any of them are actually worth any money at all. (pp. 6-7)

After describing their benefit-cost analysis and the results summarized in the abstract, they close with a much-needed discussion of “political realities”. Simply put, one common argument for Congress’ fecklessness on this topic is that individual members have no incentive to rein in DHS/TSA and hold them accountable for results and performance metrics because they fear that being seen as “soft on terrorism” will reduce their probability of election success. Mueller and Stewart provide evidence going back to the 1980s showing that such fears are overstated (but overstating fears seems to be the modus operandi here, doesn’t it?).

Moreover, individually and in aggregate Congress has a fiduciary duty to taxpayers to perform oversight and hold federal agencies accountable for how they spend taxpayer money. Why hasn’t Congress held these agencies accountable for the one trillion dollars spent over the past decade, which is clearly excessive? I endorse their statement that:

Political realities supply an understandable excuse for expending money, but not a valid one. In particular, they do not relieve officials of the responsibility of seeking to expend public funds wisely. If they feel they cannot do so, they should either resign or forthrightly admit they are being irresponsible, or they should have refused to take the job in the first place. To be irrational with your own money may be to be foolhardy, to give in to guilty pleasure, or to wallow in caprice. But to be irrational with other people’s money is to be irresponsible, to betray an essential trust. In the end, it becomes a dereliction of duty that cannot be justified by political pressure, bureaucratic constraints, or emotional drives. (p. 22)

Given this analysis, what are you going to do to fight such a fiscally irresponsible erosion of our rights? Among other things, I am going to call the offices of my three Congressional representatives, talk specifically to the staff member responsible for security issues, and send him/her this paper (which is a preview of their forthcoming book). I’m not sanguine about the impact of such an effort, so I solicit your suggestions for how we can, individually and collaboratively, rectify such irresponsibility. Otherwise I fear that T.S. Eliot and Thomas Jefferson were right:

This is the way the world ends

This is the way the world ends

This is the way the world ends

Not with a bang, but with a whimper

All tyranny needs to gain a foothold is for people of good conscience to remain silent.

UPDATE: I’ve fixed the link to the “Ask the Pilot” post, and corrected the attribution to Salon.