Schneier on TSA vs. Private Security: Flaws, Faults & Assumptions
Rand Paul has introduced legislation that is aiming at tightening the reins on the TSA, the US federal agency tasked with transportation security in the country. The TSA has, in the years after “9/11”, gained notoriety for their security theories, strategies and methods, and it seems that even US lawmakers have realized that something must be done about the rampaging behemoth agency.
Rand Paul’s main points are that airports should be able to use private security companies instead of TSA agents, that passengers must be granted the right to contact an attorney if they are detained, and that reasonable protests from passengers must be allowed if they feel violated. This seems like the best idea since the TSA was originally formed, doesn’t it? Bruce Schneier disagrees, and here’s our response to the self-proclaimed security guru.
Bruce writes:
This seems to be a result of a fundamental misunderstanding of the economic incentives involved here, combined with a magical thinking that a market solution solves all. In airport screening, the passenger isn’t the customer. (Technically he is, but only indirectly.) The airline isn’t even the customer. The customer is the U.S. government, who is in the grip of an irrational fear of terrorism.
Response:
This is wrong. Well, it’s both wrong and right, in fact – the airlines and the passengers aren’t the customers (not even “technically”), but neither is the US government. The airport is the customer. The airport selects the company, and the DHS approves the choice. This means that the “magical” market solution actually works – the customer of the security company (i.e. the airport) can pick and choose which security company they want, based on several criteria, and the company that can deliver the best service at the best price will prevail. There’s nothing magical about it – it’s just how any market works. Schneier, it seems is not all that well schooled in economics, either.
We have to remember that the airport needs the passengers to be happy, as much as possible. A happy passenger is more likely to spend money in the terminal, making revenue for the shops that are there and the airport itself. If the Hicksville Airport, Hair Care and Tire Center has a bunch of happy passengers that made it through security in good time due to the efficient and service minded security company, they’ve got time for half an hour in the barber’s chair. A strapped-for-time, angry passenger will just stew at the gate for whatever amount of time he/she has. Makes sense, don’t it?
Bruce writes:
It doesn’t matter if an airport screener receives a paycheck signed by the Department of the Treasury or Private Airport Screening Services, Inc. As long as a terrorized government — one that needs to be seen by voters as “tough on terror,” wants to stop every terrorist attack regardless of the cost, and is willing to sacrifice all for the illusion of security — gets to set the security standards, we’re going to get TSA-style security.
Response:
That’s just ridiculous. Any government in the western world today wants to be seen as “tough on terror”. That, however, does not automatically translate to TSA, or TSA-style security. Looking at airport security in other countries, specifically European countries, the government will control the making of regulations for airport / air travel security, and private security companies will carry out the tasks. In most cases, the regulations will be international, adhere to standards that are world wide (or as close as they come), and in many cases, they will even be made to conform to the excessive US regulations, while still avoiding the TSA-style security. There are few similarities between walking through a European checkpoint and the TSA checkpoints.
Taking a look around the internet, you’ll find thousands upon thousands of horror stories involving the TSA, but only a few from other places – there are even some stories about the “very professional and pleasant” Scandinavian checkpoints…
The conclusion that a government determined set of regulations always will result in “TSA-style security” is just plain uninformed and silly. We’re sorry – there’s just no other word for it.
Bruce writes:
We can put the airlines, either directly or via airport fees, in charge of security,, but that has problems in the other direction. Airlines don’t really care about terrorism; it’s rare, the costs to the airline are relatively small (remember that the government bailed the industry out after 9/11), and the rest of the costs are externalities and are borne by other people. So if airlines are in charge, we’re likely to get less security than makes sense.
Response:
This is just strange. Why would you put one of the airport’s customers in charge of the airport’s security? That would be akin to making Starbucks in charge of the airport security, simply because they have a couple of franchises in the terminal. It doesn’t make much sense. This is also why it’s the airport that’s in charge of the security, and the airline expects the security to go without a hitch. The airport provides a service to the airline, and the airline provides a service to the passengers. Schneier needs to try and wrap his head around that one before setting out on a wild goose chase. Again.
This is also one of the reasons why the “magic” (see above) called a “market” works – the airline expects the airport to have security, so that it can provide a service to its customer – the passenger. If the airport can’t provide that service in a sensible manner, then, as in all other places, the customer will take its business elsewhere. Remember – the airline is the airport’s customer, and the passenger is the airline’s customer. It’s pretty neat, yeah? Also, saying that airlines don’t care about terrorism is a bit…how shall we put it… ignorant. The cost of terrorism to the individual airline on an annual basis is perhaps “small”, but is Schneier really unaware that avoiding terrorism is also in the best economical interest of the airlines?
Bruce writes:
I too want to rein in the TSA, but the only way to do that is to change the TSA’s mission. And the only way to do that is to change the government that gives the TSA its mission. We need to refuse to be terrorized, and we need to elect non-terrorized legislators.
But that’s a long way off. In the near term, I’d like to see legislation that forces the TSA, the DHS, and anyone working in counterterrorism, to justify their systems, procedures, and expenditures with cost-benefit analyses.
Response:
This is just narrow minded. Well, not just narrow minded – it’s also near-sighted. Schneier has a tendency to be categorical, and it’s usually his way or the highway, so to speak. That approach rarely solves anything, and in this case, he simply refuses to see the benefits of the proposed legislation. This will reign in the TSA. Why? Because of all the things we’ve already discussed. Schneier looks at markets as something “magical”, apparently, while a process where more and more airports kicking the TSA out in favor of cost effective and efficient private security will not only send a signal to the government – it will also send a signal to airports who choose to keep the federal agency in charge of security; people and passengers (and thereby business and money) will flock to airports that have superior, professional and private security companies installed.
Any political process takes time, but this is something that can be done almost right away, and with ripple effects that will not necessarily be slow.
Conclusion:
Bruce Schneier is a self-proclaimed security guru who has been very outspoken on the topic of airport security, and his disdain of how it’s been done over the past decade or so. That is a good thing – if there are no critics, then there won’t be any improvement. However:
– Bruce Schneier is not certified in anything but IT security and cryptography. He is not a CPP, a PSP or any other kind of physical security certification. He is not a member of ASIS. He has not worked in airport security. He is not law enforcement. In short, please look up “self-proclaimed”. He claims to have coined the term “security theatre”, in the sense that it is security only for “show” without any real impact or effect. “Security theatre” has in fact been used as a term for years by security professionals. It is also known as a “deterrent”.
It seems that Schneier just wants to be negative about this – on one hand, he wants the TSA to change, he wants lawmakers to pressure the agency and the government, and he wants security to be sensible. On the other hand, he bashes whoever tries to do just that, as Rand Paul is doing right now. Schneier needs to keep in mind that Rome was neither built nor burnt in one day, and while changing the TSA, the regulations and methods is necessary, that will too take time. Rand Paul‘s proposed legislation is, however, a giant leap in the right direction.
About Author
Schneier has a point though that allowing private security companies to handle airport security as proposed by Sen. Paul would not really be a free-market solution. In many ways, it’s like getting private companies to handle prisons or military hardware development. You get the worst of both worlds: crony capitalism.
Eliminating government regulations would indeed improve security and allow the market (of which Schneier has a naïve understanding) to reflect the complex interplay of airlines, limited resources, customers and their preferences.
I’d like to know who the author is. So we can see what credentials they have….
Schneier is a first-class security researcher with impressive credentials. The author’s need for mudslinging to make his/her point makes one wonder at the maturity of the author — clearly not a person worth taking seriously. Nor one who should be a senator (Randy?)
Who is this “Randy” person you’re talking about? 😉
On a serious note, though, Schneier is a good researcher, that is true. Whether he has impressive credentials or not is a different matter, and we still stand by the assessment that he is often too categorical, he has a tendency to wander into areas he knows little about (such as market dynamics) and that he usually treats things with a “my way or the highway” attitude, pronouncing things “stupid” if he doesn’t agree.
Whether it’s the airline as the customer or the airport as the customer doesn’t make any difference. Terrorist attacks are extremely rare. Passengers are extremely common. Therefore it make sense for them to err on the side on convenience instead of security.
Could be, Philo.
However, criminals in general are rare compared to the amount of people who (do their best to) follow the law. Does that mean we should just quit having police?
European checkpoints are almost universally similar to TSA checkpoints, with the same frustrations and crazy rules. You get (albeit occasionally) helpful, polite TSA staff; and you get arrogant, jobsworth, grumpy idiots in London, Geneva, Paris, Milan etc etc.
You’re partially right. However, most European airports have private security companies like Securitas, G4S, Adecco etc. manning the checkpoints. That (counter to what Schneier thinks) makes a difference. Also, the EU has banned the use (pending further investigation & research) the use of body scanners, specifically the active scanners that use x-ray.
Grumpy people are everywhere, but that, in our opinion, is pretty much where the similarities with the TSA stops.
“…people and passengers (and thereby business and money) will flock to airports that have superior, professional and private security companies installed.”
I’m not sure this is accurate. It may be partially accurate if one has multiple airports from which to fly and travel through as options, but in most places that’s not the case, and even when it is the case that there are two or three options, people will most generally default to the one that’s closest to their departure and/or arrival destinations. Why? Because of convenience mostly and savings in travel costs — I can’t think of very many (any) people who would spend an extra hour or two (or $100 or more if taking a cab) traveling in traffic to an airport further away just because it had a better security system.
Hi JGD.
So what you’re saying is that the x-ray body scanners, the unconstitutional searches, the increasingly strange behavior of the TSA officers and the TSA itself isn’t that big of a deal? OK.
We’ve heard your argument – even if it was a small jab at the TSA, an agency most Americans seem to think is the devil’s own spawn, no one would spend 2 hours of increased travel time or a 100 bucks getting to an airport which had polite security officers that wouldn’t steal your shit and conduct illegal searches of your luggage and your person (i.e. searches not aimed at WEI).
Thanks for your input, JGD.