I write in opposition to the [United States Transportation Security Administration]’s proposed Large Aircraft Security Program (LASP), Docket No. TSA–2008–0021.  I am a United States citizen residing in Canada, and a private pilot licensed by Transport Canada and the FAA. I fly for fun. [Background: this blog post consists of a public comment I just submitted to the docket.]

Security is valuable, and I’m in support of sensible measures to advance security. But security measures are trade-offs, and the trade-off has to be a good one. The benefits must outweigh the costs. The TSA’s proposed LASP fails this test spectacularly.  The costs will be huge, the benefits meagre. Additionally, the TSA’s justification is based on flawed reasoning.

1. The TSA fails to provide a credible threat model, let along justify it, against which the LASP will defend. They say, “terrorists may view general aviation aircraft as more vulnerable and thus attractive targets. If hijacked and used as a missile, these aircraft would be capable of inflicting significant damage.” On this slender word “may” hangs the the entire case for the program.  The TSA cites no evidence for a threat that general aviation aircraft are more attractive a target for terrorist use than, say, rental trucks (viz Oklahoma City bombing 1995, World Trade Center bombing 1993). The TSA doesn’t review the evidence where aircraft of the size TSA targets have collided with buildings, and the buildings survived (viz B-25 collision with Empire State Building, 1945).

2. The TSA fails to evaluate the opportunity cost of their proposal. Simply put, would the money which TSA proposes industry and government to spend, be better spent on other security measures outside TSA, such as anti-terrorist detective work, policing, and general-purpose emergency response?  Knowledgeable commentators such as Bruce Schneier make the case that, in general, policing and emergency response offers a better security value for the dollar than TSA’s programs.

3. The TSA’s break-even analysis of the proposal is flawed (see Federal Register / Vol. 73, No. 211 / Oct 28, 2008, pp. 64822-64284). The TSA considers various scenarios, and the reduction in risk necessary to provide a benefit greater than the cost. Ignoring for a moment the many costs not included in TSA’s estimates, TSA overlooks the reality that security measures obstructing one threat are more likely to motivate a change in attack vector than to frustrate the attack overall. We assume terrorists want to attack the USA and cause terror, not to use general aviation per se. Thus, instead of “a catastrophic situation in which a large aircraft is used to deliver a nuclear or biohazard device to an urban center”, TSA should be drawing a scenario where a terrorist attacker is determined enough to get a nuclear or biohazard device and try to blow up an urban center, but when they can’t put the device on an aircraft, they give up and go home instead of renting a truck instead.  An attacker who would give up instead of switching attack mode would be foolish or uncommitted; I do not think the threats which TSA takes seriously are either. Thus the probability that TSA’s proposal will be effective in preventing the attack entirely are low indeed. In contrasts, the costs of the proposal are high, with a high degree of confidence. This proposal is highly unlikely to break even.

4. A large part of the cost and complexity of the proposal stems from the requirement for Watch-List Matching of Passengers. But TSA does not make a case that watch list matching is an effective security measure. All they say is, “Watch-list matching of passengers on large aircraft is an important security measure, because it can prevent individuals who are believed to pose a risk from boarding a large aircraft and, potentially, gaining control of the aircraft, to use it as a weapon.”  Again, from slender words “can prevent” and “potentially”, the TSA suspends an intrusive program with huge costs. Just because it’s done now for commercial aviation doesn’t make it a good idea. There are many informed commentators who argue that our present watch list is ineffective, and carries a huge opportunity cost (see Bruce Schneier).

5. Part of the cost of the proposal is the cost of false positives from watch list matching: interrupting the flight of passengers who do not, in fact, pose a security threat. The public’s experience with TSA’s existing watch-list matching is that false positives do occur, and they are disruptive.  It is to be expected that false positives will occur with the LASP proposal also.

6. This proposal does not arise from TSA working cooperatively with the general aviation community to find ways to address genuine security needs with appropriate measures.  TSA invented this propsal in a vacuum.  For that reason alone, it should be withdrawn, and TSA should re-start the procedure in cooperation with the general aviation community.  The GA community is ready to take security seriously.  TSA should work with the community.

There are many more arguments that could be made.  I urge TSA to scrap this appalling proposal, take a deep breath, and go about addressing the security needs of the United States in a better informed manner.  A much better cost-benefit tradeoff is possible.

[Update, Mar 16: my formal submission opposing TSA’s LASP has finally been made public on regulations.gov.]