What TSA is doing

The press has been spending a lot of time on TSA’s new policy.   This New York Times story is representative (I’ve linked to it here because it has the first ever MSM reference to Skating on Stilts).

Despite all the attention, though, there’s a surprising lack of certainty about exactly what TSA is doing that’s different.  After making some assumptions that weren’t quite right, I think I now understand and can explain what TSA has done.

First, after the December 25 attack, TSA announced the 14-country rule, which essentially put travelers on the selectee list if they were born in or traveled through one of fourteen countries.  It’s not clear how new that policy really was, but after December 25, the administration announced it as part of the response package.  The attention that the policy got was a two-edged sword.  It led to a counter-campaign by rights groups and international reps who argued that the policy was seriously overbroad.  It was also self-defeating, since al Qaeda could avoid the policy just by picking a 15th country.

The 14-country approach wasn’t a long-term solution.  So some time in January or February, with little fanfare,  TSA seems to have begun doing something much more significant.  It borrowed a page from the Customs and Border Protection playbook, looking at all passengers on a flight, running intelligence checks on all of them, and then telling the airlines to give extra screening to the ones that looked risky.

This is a big deal.  The new approach allows us to use all of our intelligence about risky travelers, so we don’t have to rely exclusively on static lists, which only include about  5% of the suspected terrorists we have  intelligence on.

This system is apparently only in place for international flights, in part because that’s where the risk is greatest and in part because it works better there.  It works on international flights because everyone on those flights must have a passport.  So it is hard for people to use fake ID to defeat identity-based security measures.  (For domestic flights, no passport is required, so many travelers will used drivers licenses, and identity standards for  licenses are still quite weak, thanks to an unholy alliance of governors and groups that seem to think that privacy is improved by making identity theft cheap and easy.)

This new system is also a sign that the creation of DHS is in fact paying dividends.  If we still had three separate cabinet departments doing customs, border immigration, and air security, there is no possibility that TSA would be borrowing from and cooperating with border agencies to use their techniques and perhaps their IT systems to screen passengers.

Finally, this step was taken without any big announcement, probably because no one wanted to reveal the system to our adversaries.

So what happened last week?  It looks as though the administration tweaked the system further.  Now, when TSA scrutinizes the passenger list, it won’t just be looking for known terrorist identities but  also for fragmentary identities.  So, if we know that a Nigerian is training for an attack and that his first name is Umar, we’ll select a lot of Nigerian Umars for screening.  This is a good thing, but not in my view as significant as the earlier step.

For some reason, though, last week the administration didn’t have a good plan for explaining what it was doing.  If I had to guess what happened, I suspect that the White House woke up late to the risk that dropping the 14-country rule could be seen as “weak on terror.”  So they took what had been a  low-key and confidential upgrade in security measures and turned it into a new-security announcement to balance the 14-country announcement.  Either that or  a leak forced a haphazard early announcement.

One last point:  The emerging TSA strategy puts a premium on knowing who’s getting on a plane as early as possible, both to do careful analysis and to avoid delays in boarding and screening.  So TSA will need access to travel reservation data, not just to the passport information gathered at the airport when people check in.  But the European Union has been  engaged in a passionate if misguided campaign since 2003 to keep such information out of TSA’s hands.  Recently, the European Parliament declared that it was rejecting signaled its intent to reject a 2007 agreement on travel reservation data.

Ironically, Europe is probably picking a bigger fight over reservation data with the Obama administration than it the one it had with the Bush administration.  For the last administration, using travel reservation data was just one among a dozen or more counterterrorism initiatives, so a European attack on that initiative was just one more fight to preserve a piece of the last administration’s strategy.  But for this administration, using intelligence to screen passengers is a signature, maybe the signature, counterterrorism initiative.

The European Union doesn’t seem to have many friends in this White House as it is.  If it tries to undo the centerpiece of the administration’s counterterrorism strategy, Brussels’s stock will decline further and faster than the European Parliament probably intended.