Abstract
This article conducts a financial cost and security benefit analysis of the United States government’s “no fly” list. On September 11, 2001 the no fly list contained sixteen names of terrorists and other individuals deemed threatening to the U.S. Since then, the list has grown considerably, reaching over 755,500+ names at one point. This growth has led to significant attention paid to the social costs of the list, from the civil liberty concerns about being detained at airports and prevented from flying, to privacy concerns about the government maintaining a classified list of individuals who have difficulty being removed from the list once they are on it. Very surprisingly, there has been little attention paid to the financial costs of the list relative to the benefits. This is striking given the significant amount of attention paid by scholars and policy analysts to anti-terror and national security strategies. Fundamentally, it is unclear how one can create a strategy for how national security dollars should be spent without knowing how many dollars are involved and where they are going. The study presented here puts forth a conservative estimate of cost at approximately $536 million since September 11, 2001, with a reasonable estimation range that approaches $1 billion. This study should be viewed as a first step in asking and answering an important question: what are the costs, relative to the benefits, of anti-terrorism policies and security strategies?
Suggested Citation
Holmes, Marcus. “Just How Much Does That Cost, Anyway? An Analysis of the Financial Costs and Benefits of the ‘No-Fly’ List.” Homeland Security Affairs 5, Article 6 (January 2009). https://www.hsaj.org/articles/111
INTRODUCTION
The purpose of this article is to identify the financial costs relative to the benefits of the “no-fly” list. Numerous scholars, security experts, lawyers, non-governmental organizations (NGOs), journalists, and bloggers have commented on the well-known flaws in the current terrorist watch list system. Lawyers have pointed out the many civil liberty issues associated with the list and its hindrance of due process. 1 The American Civil Liberties Union (ACLU) has repeatedly published the many flaws it sees in the way that the list is administrated. 2 Bruce Schneier, a popular security columnist and blogger, documents the various reasons why the no-fly list serves no benefit at all, providing only “security theatre” rather than actual protection. 3 Each of these analyses is useful and contributes to an understanding of whether or not the no-fly list is, in aggregate, helpful in protecting citizens against terrorism, and at what social and civil liberty cost.
What is missing, however, is an analysis of the no-fly list from a financial perspective. This article is interested in understanding the monetary costs of the program. As such, it seeks to answer some basic and fundamental questions that have not yet been answered (or asked): How much does the no-fly list cost to create and maintain? What are the costs of the consequences, both intended and unintended, of the list? How many resources, both governmental and private, are involved in the operation of the list? And, what are the benefits, both tangible (i.e. monetary) and intangible, that the list provides? This is an important set of questions because without understanding the monetary costs of a protection program relative to the benefits, it is difficult to assess whether or not the program is worth the costs. Further, without such an understanding it is impossible to intelligently decide how anti-terror money should be allocated. It is surprising that, given the importance of these questions, they have not been asked and addressed in a systematic fashion.
Consequently this article represents a “first take” at addressing these questions by assessing the financial costs of the no-fly list program. It does not, however, seek to serve as a comprehensive answer to the question of “is the no-fly list worth the money we are putting into it?” The reason is that one cannot begin to conduct such an analysis without aggregating the costs and benefits first and then placing the no-fly list in context of the other anti-terror programs and their associated costs. The no-fly list might very well be worth the expense if it is the government’s only tool in preventing terrorist attacks. It might also be the case that the list is less valuable given redundancy in the “layered security” model of securing air travel. These are important questions and ones that can only be addressed after having identified the financial costs and benefits of the program. Thus this article should be viewed as the first step in what will hopefully become a systematic and comprehensive approach to understanding whether or not the no-fly list provides added value in the context of the government’s anti-terrorism campaign.
As will be analyzed below, it is estimated that the costs of the no-fly list, since 2002, range from approximately $300 million (a conservative estimate) to $966 million (an estimate on the high end). Using those figures as low and high potentials, a reasonable estimate is that the U.S. government has spent over $500 million on the project since the September 11, 2001 terrorist attacks. Using annual data, this article suggests that the list costs taxpayers somewhere between $50 million and $161 million a year, with a reasonable compromise of those figures at approximately $100 million. Clearly the no-fly list is a program that is not without substantial cost. It represents, at least financially, a large part of the government’s protection of air travel. 4 In order to begin to analyze whether or not the benefits are worth the costs, both must be identified and analyzed. It is that task to which the article will now turn.
METHODOLOGY
Source Material and Estimation Error
One likely reason for why a financial cost/benefit approach has not been conducted, at least in an unclassified manner, 5 is that it is difficult to do. The biggest reason for the difficulty is that the government does not publish the aggregated costs of programs such as the no-fly list. As will be illustrated below, the no-fly list is a product of numerous government agencies and private sector involvement and thus represents a rather diffuse network of resources working together for common cause. This ensures that a variety of perspectives and sufficient technical expertise are aggregated into the program, but it also means that the no-fly list is not one program represented by a single line-item in a budget request. Rather, it is made up of pieces of multiple programs spanning public and private spheres, many of which are classified and unknown to the public.
The second reason why conducting a financial cost/benefit approach is difficult is that much of the information pertaining to the list is classified. Sources I spoke to between November 2007 and January 2008, who are close to the list, could only provide general feedback and guidance – anything remotely specific would fall under the classified domain. While this guidance was extremely useful, and constitutes one of my main methods of vetting the figures contained in this article, it meant that the data-gathering phase was done without much insight or help from those close to the program. Conducting a cost/benefit analysis when the details of the program are intentionally hidden from taxpayer view is challenging.
The approach taken in this article is to estimate the costs based on what is available and then have individuals close to the list, to the extent that they are able, validate that the estimates are reasonable (or, in some cases, too high or too low). As such, many of the estimates contained in this article are based on data culled from press reports, public interviews with government officials, Congressional testimony, and occasionally specific budget requests and reports. These estimates were then provided to individuals in the security field who proffered limited, but extremely helpful, feedback.
One of the valuable criticisms of such an approach is that it is subject to much subjectivity. That is, choosing one number to represent an estimated cost requires the analyst to pick among many possible variations of cost and use that number to represent an aggregate cost. In anticipating this criticism, costs are estimated across three tiers: low, medium, and high. Choosing a Cost-Benefit Framework
There are a number of cost-benefit frameworks available to social science scholars. 8 Many are derived from economics and focus on largely tangible (typically monetary) costs and benefits. The difficulty with choosing a framework for this article is that we are dealing with explicit financial costs but both tangible and intangible benefits. 9 That is, we can estimate what the monetary costs of the system are, but in comparing them to the benefits we have both monetary benefits (such as the future realized value of preventing a plane crash) and intangible benefits (such as the ability to monitor potentially dangerous individuals). The two are alike in that they both benefit the U.S. government and citizenry, but unlike in that one can be measured in dollar terms and the other can not. Nevertheless, as Arrow and others argue, in such cases where cost and benefits are assessed in different terms (value in money vs. value in social policy), cost/benefit analyses can still be helpful, and indeed, should be mandatory if not binding. 10 The Office of Management and Budget, in realizing the importance and difficulty in assessing government policies, has published its own recommended framework for conducting cost/benefit analysis. It is useful for our purpose because it explicitly addresses this problem of tangible and intangible benefits: Both intangible and tangible benefits and costs should be recognized. The relevant cost concept is broader than private-sector production and compliance costs or government cash expenditures. Costs should reflect the opportunity cost of any resources used, measured by the return to those resources in their most productive application elsewhere. 11 Thus, the OMB framework serves as the main methodological framework for this article as it explicitly addresses governmental policy, on the one hand, and intangible as well as tangible costs and benefits on the other. Finally, before conducting an analysis of the costs of the no-fly list program, it is important to define precisely what it is that is being investigated. The no-fly list is essentially a “watch list” that prevents watched individuals from flying on commercial aircraft. The list itself dates back to the 1980s in a very limited fashion (on September 11, 2001 only sixteen names were on the list). 12 After the 9/11 attacks the number of the names on the list grew tremendously, with some reports suggesting that the list grew to 755,000+. 13 It is now believed that the list contains roughly 40,000 names after a sustained effort to reduce the list to “key” individuals by scrubbing it of duplicates, reasonably certain safe flyers (such as U.S. Senators), and the like. 14 While the government does not publish how names are put on the list, the public record suggests that the names are compiled from classified evidence conducted by a variety of government agencies. 15 While the Transportation Security Administration (TSA) maintains the list, various agencies (see below) have input into it. 16 It is important to note also that in popular speech the “no-fly list” is often equated with the “selectee list.” The two should be disaggregated. The selectee list is the Secondary Security Screening Selection that randomly selects passengers for additional screening and inspection. These individuals are allowed to fly after they have been cleared through security. Individuals on the “no-fly list” are not allowed to fly until they are cleared from the list and this requires more than a simple x-ray and body search. This article is interested in the costs of the no-fly list in particular, but future work should include an analysis of the selectee list as well. The broad mechanics of the list have been made available for public consumption. The government sends an updated version of the list to airlines on a regular basis. It is the responsibility of the airlines to check passenger names against the list. 17 It has been noted that TSA has long had plans to take on some of the responsibility of name-checking (particularly of names that are too sensitive to be sent to the airlines), first through the Computer Assisted Passenger Pre-screening System (CAPPS II) program and now through a similar program entitled “Secure Flight.” 18 Development of this system has been delayed and it is unknown when it will be operational. Finally, the government is also developing a program entitled “Registered Traveler,” a public/private partnership between TSA and the Registered Traveler Interoperability Consortium (RTIC), which allows those individuals who pose a minimum security risk to submit themselves to background checks and subsequently submit to an easier and more streamlined airport security checkpoint experience. Having outlined the key aspects of the no-fly list, the article will now turn to estimating the costs of creating, maintaining, and dealing with the consequences of the list itself. A burn rate, or the cost of a given policy/program in terms of (1) the number of individuals involved, (2) their billing rate, and (3) the number of hours devoted to the project, is a useful way of estimating costs over time. Government agencies require potential contracting firms to provide an estimated burn rate in their response to proposals, 20 and the OMB notes in their literature on conducting cost-benefit analyses the importance of identifying incremental costs over time. 21 Calculating a burn rate for the no-fly list relies on estimating the number of individuals involved in the day-to-day operations of the list, those responsible for dealing with the consequences and ancillary effects of the list, and their respective billing rates. These individuals are drawn from both the government and private sectors and constitute no-fly list resources. Estimating the number of individuals associated with the list is difficult because there is no one central agency or contracting firm responsible for its implementation. Sources in the security community and government documents from the U.S. GAO note that there are individuals drawn from over ten government agencies and multiple private firms. 22 The non-exhaustive list includes: the Department of Homeland Security (DHS), Transportation Security Administration (TSA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), National Crime Information Center (NCIC), Defense Advanced Research Projects Agency (DARPA), National Counterterrorism Center (NCTC), Customs and Border Protection (CBP), Central Intelligence Agency (CIA), and various private government contracting firms such as Acxiom Corporation. 23 Given the broad scope of involvement and complexity of integrating the efforts among the various entities listed above, security professionals estimate that it is likely the number of individuals working on the list on a full-time basis is at least 250, with another 500 involved in some capacity on a partial-time basis. This represents the conservative or low estimate. Individuals I spoke with at various government contracting firms note that mid-range figures are likely in the 500 full/1000 partial range, with some estimating that the numbers could exceed 1000 full/1500 partial. Having estimated the number of individuals involved with the list, the next step is calculating their billing rate and amount of time devoted to the project. Turning to rates first, the U.S. Office of Personnel Management (OPM) provides a yearly salary scale ranging from approximately $17,000 to $124,000. 24 A conservative figure that estimates the cost of government employee benefits is approximately 50 percent (Cox & Brunelli, 1994). 25 That is, if the salary of a federal employee is $50k/year, the adjusted cost to taxpayers, inclusive of benefits, is approximately $75k/year. Sources in the security community note that among federal employees working on the no-fly list, there are very few at the lower ends of the pay scale, with most falling somewhere in the top third. On the private side, government contracting firms typically bill out their resources somewhere in the $100k-$500k/year range. This number varies depending on the expertise of the contractor, the profit margin of the firm, the type of work being conducted, etc. For the purposes of this article, it is worth using a conservative blended billing rate precisely because there are a large number of factors that lead to billing rate fluctuation. A conservative figure of $100k/year, inclusive of both government employees with benefits and private firm contractors, is a reasonable estimate, but is potentially much higher and not likely to be much lower. Finally, not all employees mentioned above spend their full-time working on the no-fly list. The nature of the list suggests that there are likely a large number of individuals who do spend most of their time devoted to it, either in creating technology programs to support it, dealing with name removal requests, etc. There are a larger number of individuals, however, who work on the list part-time as needs arise. The FBI, TSA, and DHS, for instance, often collaborate on suspected individuals in order to determine whether or not they should be placed on the list. This type of activity does not consume an employee’s entire day, but does require time and effort. Consequently, part-time no-fly list employees can spend varied amounts of their day working on various list activities. In order to estimate this amount of work, gradations of time spent on the list will increase as estimates of low/medium/high increase. At the conservative end, it is estimated that partial-time employees spend 25 percent of their time working on the no-fly list; the medium range figure is 50 percent and the high range figure 75 percent. This estimate allows considerable variation in the amount of time required of resources and seems reasonable among the security professionals that have reviewed the numbers. Having identified the major components of the burn rate and estimated their value, a simple calculation yields burn rate figures for the low, medium, and high estimates. At the conservative end, the burn rate is estimated to be $7.5 million per year. The middle-range figure is estimated to be $20 million per year and the upper-range figure at least $43 million a year. 26 Importantly, these figures only represent the personnel burn rate. 27 They do not include other costs, such as technology systems, costs to non-government employees or costs to the private sector. It is to those costs that we now turn. The no-fly list operates both as a database of names and a system for ensuring that those named individuals do not board airplanes. The first component, the database, is maintained by DHS and TSA. The second component, the method of cross-checking passengers with the database, is maintained by the individual airlines. 28 The government supplies the watch list to the air carrier whose automated information technology (IT) systems screen passengers. According to the GAO, 99 percent of all passengers on domestic flights are screened through the use of these computer systems; the other remaining 1 percent of passengers are “manually screened” because the airlines do not have an automated system. 29 Finally, for international flights, air carriers are required to provide a list of passengers to Customs and Border Protection before take-off. 30 These two components can be disaggregated and their costs estimated individually. On the government side, the Associated Press in 2006 reported that the TSA had spent more than $200 million on three aspects of the no-fly list: Transportation Worker Identity Credential (a program for allowing “safe” individuals access to secure port areas), Secure Flight, and the Registered Traveler Program (a program that allows individuals to submit themselves to background checks in order to receive less thorough screenings at airports). 31 Once Secure Flight was suspended, in February 2006, Leslie Miller of the Associated Press reported that the total cost of the program was $200 million. 32 Estimating the cost of the government side of the equation then is relatively straightforward. The $200 million in investment of Secure Flight since 2002 presumably includes human resources as well as the technology product, so the cost must be discounted slightly. A conservative estimate of the government’s technology costs for this program is $150 million. A mid-range estimate is $200 million, the quoted cost according to the Associated Press. Finally, an upper-range figure is $250 million which would include any updates and new developments since the AP’s story broke in early 2006. The airline technology products used to cross-check passenger names with the government-supplied no-fly list is more difficult to estimate because the air carriers have not published their compliance costs. Steven Lott of Aviation Daily, a trade journal for the airline industry, notes that as of July 2006 there was no uniform way for airlines to transmit their passenger lists to CBP, which accounts for the numerous in-air diversions and delays (to be discussed below) caused by airlines transmitting passenger lists after takeoff. 33 In order to correct this problem, DHS has asked the airlines to adopt one of two systems. The first would have airlines transmit passenger information individually when each passenger checks into the flight, up to fifteen minutes before departure. Lott estimates the cost of this system to be $189 million in the first year and more than $600 million through 2015. The other solution, called APIS 60, is similar to the current system of sending passenger lists in bulk, but would cost more money to implement as a standardized process. It would require all passenger information to be sent to the government sixty minutes before plane departure. This would likely have an effect on check-in times, requiring passengers to be checked into their flights early in order to provide the sixty-minute window for name processing. Lott estimates $250 million in the first year for this and up to $1.9 billion over the next ten years. On August 9, 2007, DHS announced that the two options had been adopted as a rule and airlines would have to begin procedures to comply. 34 These figures, as part of Lott’s analysis, help us to understand the potential costs associated with compliance, but they also provide a benchmark to estimate current costs. Lott notes that APIS 60 is similar to what airlines currently do, but is more expensive. Given that the more expensive, standardized version is $250 million – for the first year alone – a very conservative estimate for what it has cost the airlines to comply with no-fly list passenger screening to date is likely something well above $50 million. A middle range estimate of $100 million seems more likely, given the six years that have elapsed since 9/11 and the need to get systems up and running quickly across the industry. An upper range figure of $250 million would assume that the one-year cost of setting up this new system, while higher than the current system, is roughly equivalent to six years of running a less costly system. One of the recognized problems with the no-fly list is that, until very recently, the list was exceedingly large and false positives were quite common. In the last few years, stories of Senator Ted Kennedy and a host of other non-terrorist individuals being flagged by the no-fly list and not allowed to fly have appeared in the local and national news. 35 The reason for this is largely because the no-fly list does not list individuals; it lists names, which can lead to the misidentification of individuals. This is most clearly seen in dealing with Arabic names that have a number of English transliterations: in many cases, multiple derivatives of a name are put on the list in hopes of matching a particular individual. 36 The American Civil Liberties Union (ACLU), in attempting to prevent the high number of false positives and attacks on civil liberties, sued TSA and the FBI in April 2003 on behalf of Rebecca Gordon and Jan Adams, two individuals who were not allowed to fly because their names appeared on the no-fly list. 37 TSA and DHS eventually settled for $200,000 in damages and attorney fees. An additional outcome of the case, however, was that it brought into court many previously hidden documents about the inner-workings of the list. One of these documents noted that, in November 2005, TSA indicated that 30,000 people in the previous year alone (from 2004 to 2005) had contacted the agency to have their names removed from the list. 38 This suggests that, at least until 2005, roughly 30,000 individuals a year had been identified as false positives. As the ACLU complaint points out, the only way that one can find out if one is on the no-fly list (other than filing a lawsuit to bring the records into court) is to attempt to fly. 39 If one is on the list and attempts to fly, he/she is stopped at the airport by local law enforcement and airport security. Having identified how many false positives there are in a given year, we can begin to make sense of the associated costs. Estimating the cost of these false positives involves a number of disparate activities: the cost of the passenger being detained at the airport and missing his/her flight; the cost of airport security/personnel detaining the passenger; if a false positive, the cost of arriving at the airport early each time one flies to allow time to be cleared; the cost of not flying in order to avoid the hassle; and the cost of attempting to get off of the list once one has been identified as a false positive. Before estimating these costs, however, a burn rate for passenger time needs to be established. Similar to the burn rate conducted above for government resources, a similar rate is needed for passengers since their time is valuable as well. Unlike the difficulty in assessing governmental resource burn rates, doing so for airline passengers is relatively straightforward as the airlines themselves have devoted many research resources evaluating the costs of delays. One estimate is that, on average, airline passenger time can be valued at approximately $50/hour. 40 With this rate established, we can estimate cost by examining how long each false positive requires of an individual. With respect to the time spent being detained by the local authorities, it is difficult to account for the significant variability in experience. Some individuals report being held for hours in airport back rooms while others are able to leave relatively quickly. 41 If we assume, for a very conservative figure, an average of two hours dealing with airport security, then we can begin to estimate cost. 30,000 passengers a year who are identified as false positives and spend on average two hours dealing with this hassle, translates to roughly $3 million a year. If we assume, however, that there are fewer false positives now that the list has been scrubbed over the last year, we can discount the yearly figure to roughly $2 million a year. A middle range figure would account for a longer experience in dealing with the false positive because a two hour delay with airport security would undoubtedly mean a missed flight and presumably increased cost. Assuming a longer period of five hours dealing with this problem extrapolates to $7.5 million a year. Finally, a higher range figure of ten hours dealing with each false positive – from the passenger’s perspective – is possible, given the added expense and hassle of missed flights, being forced to fly the next day, etc. Such a figure results in a cost of $15 million a year. In addition to costs from the passenger perspective, there are also airport/local law enforcement costs in dealing with false positives. When a name is flagged on the no-fly list, local airport security is called in order to detain the passenger in question. 42 There are approximately 450 commercial airports in the United States, plus approximately 200 international airports with flights bound for the U.S. that would all have local law enforcement in place to deal with false positives on an “as-needed” basis. We can estimate this cost by assuming a standard airport security salary of $35,000/year on the conservative end, plus security officials working on no-fly related issues, including false positives, on a part-time (25%) basis. This equates to approximately $5.5 million a year in no-fly list associated costs for the use of airport security personnel. Finally, a large cost associated with false positives is passengers attempting to be removed from the list. One of the criticisms of DHS has been that if a passenger is placed on the no-fly list mistakenly, it can be a very laborious process getting off of the list. There are reports of individuals being asked to sign notarized copies of documents and letters, producing birth certificates, copies of passports, and – reportedly – even voter registration cards. 43 There is a cost entailed in producing each of these documents, but the largest cost undoubtedly is the time required to gather the respective documents. DHS does not publish how many individuals attempt to be removed from the list each year, but given the known number of false positives, we can base cost estimates on that figure. If, for instance, 10 percent of the 30,000 individuals on the false positive list attempt to be removed from the list, and gathering the required documents takes approximately ten hours per individual, the cost translates to approximately $1.5 million/year. A less conservative estimate of the number of individuals attempting to be removed from the list is a quarter of this number, or 7,500. This translates to a cost of $3.75 million/year. Finally, if we estimate an upper-range figure of approximately 50% of the false positives pursuing the process of name removal, the cost is $7.5 million/year. 44 Granted, there is undoubtedly fluctuation in these estimates because it is unclear whether or not the 30,000 false positives represent distinct individuals or some individuals being flagged more than once in a given year. This estimate, however, does provide an approximation of the cost at the three probability levels. One of the ramifications of the no-fly list over the last several years has been the number of flight diversions and delays due to list operations. A KLM flight from Amsterdam to Mexico, on April 10, 2005, is a representative example. The plane was en route from Amsterdam to Mexico and was due to cross over U.S. airspace. The U.S. government ordered the plane to return to the Netherlands before reaching the United States because it said two of its passengers were barred from entering U.S. territory. 45 The plane had been in the air for more than four hours before returning to Europe and caused 278 passengers delays of approximately twenty-four hours. The Washington Post reported, in July, 2005, that the two men removed from the flight were questioned but not arrested. In sum there have been seven total diversions, and presumably countless delays, due to no-fly list processing incidents that are not reported. The aim of this section is to assess the costs of these delays. One of the better estimates of the cost of flight diversions comes from the medical community. Medical events constitute the major recurrent reason for flight diversions. From heart attacks to seizures, passengers routinely get sick on airplanes and the aircraft diverts to a close airport in order to seek medical attention for the sick individual. A study of neurological sickness diversions estimates that the cost of each diversion is somewhere between $15,000 and $893,000, depending on the route (international vs. domestic), the length of the delay, whether or not fuel must be dumped to achieve optimal weight before landing, etc. 46 For our purposes a reasonable range for the cost of diversions is likely $500,000-$893,000, as all seven known diversions have been on international flights. Extrapolating a conservative figure of $500,000 per diversion, this results in a total cost of $3.5 million since 2002 ($500,000 x 7 diversions). A medium-range figure of $700,000 per diversion results in a cost of $4.9 million. Finally, at an upper limit of $893,000 per diversion, the total cost due to the no-fly list is roughly $6.25 million. As discussed above, these figures only represent actual diversions, instances where the plane was forced to land somewhere other than its intended destination. The figures do not include delays due to no-fly list processing, as that data is not published by the airline industry. Finally, there are other costs associated with the no-fly list that will not be examined thoroughly here because assessing a financial figure for each of them is difficult. Lawsuits against U.S. government agencies, typically DHS, TSA and the FBI, with respect to no-fly list related issues (such as harassment) are numerous and presumably quite costly for both sides of the case. A recent search in the WestLaw database identified fourteen disparate case filings against the U.S. government regarding the no-fly list. One prominent case, filed by the ACLU, resulted in a settlement of $200,000 by TSA and DHS for the victims of unnecessary harassment and detainment. 47 It is unknown how many resources are spent responding to these cases, but the numbers are likely significant 48 and a potentially fruitful area of further research. The government’s cost-benefit framework suggests that just as costs can be tangible (such as money spent on a particular product) and intangible (such as opportunity costs), so too can the benefits of a particular policy. Therefore in analyzing and assessing the benefits of the no-fly list, it is important to cover not only the financial returns, or tangible benefits to taxpayers, but more intangible benefits as well, such as the use of the list as a deterrent to committing terrorist acts with airliners. Arguably the intangibles of the no-fly list provide greater benefit, since the aim of the list is prevention and not necessarily a monetary return on investment. It is to those intangible benefits that we shall turn first. If the no-fly list is successful in what it aims to do, the largest benefit to the country is stopping potential plots that are in the works by not allowing dangerous individuals to board airplanes and commit terrorist attacks on/with the aircraft. The argument is straightforward: if the current implementation of the no-fly list existed on September 11, 2001 and the would-be hijackers were on the list, it would have been impossible for them to fly. This is the argument that is made by Kip Hawley, TSA Administrator. In an interview with Bruce Schneier, Hawley noted that the no-fly list is worthwhile “because it works.” Hawley further pointed out that “[TSA does] not publicize how often the no-fly system stops people you would not want on your flight. Several times a week would low-ball it.” 49 Two questions immediately arise from these comments: is it true that the no-fly system works in preventing would-be terrorists from boarding airplanes, and, what is to be made of the claim that “several” potentially dangerous individuals are prevented from boarding airplanes a week? The problem with the first claim, that the no-fly system works, is that it is relatively easy to bypass the system with a little ingenuity. For instance, the no-fly list’s core mechanism is a matching a name to photograph identification. 50 As noted above, the process is for a passenger’s name to be cross-checked against the list and then verified as the name matching the individual by checking photo identification. This process assumes a number of key points. First, an assumption is made that the ticket was purchased using the passenger’s real name. If a would-be terrorist knows that he or she is on the no-fly list, the next logical step would be to purchase the ticket under an assumed name that is not on the list. Second, the process also assumes that the photo ID is real and represents the true identity of the individual in question. It would be relatively easy, for instance, for someone to make a reservation under an assumed name and either manufacture an ID or use the real identification of the assumed individual. Third, this process is made easier by the increase in “print-at-home” boarding passes, which are easy to forge and allow would-be terrorists to put any name they like on the boarding pass. These three aspects of the no-fly list make it simple for an individual to purchase a ticket under someone else’s name, use a real ID to enter the boarding terminal with a forged boarding pass, and then fly on the ticket that has someone else’s name. 51 Some security experts have gone so far as to create a “fake boarding pass generator” on the Internet to illustrate how easy it is to forge a boarding pass. 52 Importantly, this is not just a theoretical exercise. A CBS affiliate in Kansas City, in an undercover investigation, was able to enter the TSA secure area by producing a fake ID. 53 The undercover individual was not stopped or asked any additional questions. Thus, if the no-fly list is stopping individuals who wish to commit terrorist attacks, those individuals have not employed all of the strategies that are at their disposal; this should raise questions as to whether or not the no-fly list achieves the benefits its administrators claim. The second claim made of the no-fly list is that it does stop terrorist events, or at least dangerous individuals, on a routine basis; we do not hear about them because the government keeps that information close to the vest (except when questioned, such as in the Schneier interview). Three questions arise from this claim. First, why would the government want to keep such information secret? Perhaps more importantly, why does the empirical record of other terrorist prevention activities suggest that the government’s strategy is very often the opposite? It lets everyone know about potential activities before they are well formed. Finally, if what Hawley claims is true, are there many more potential terrorists in this country than is commonly believed (since they are being stopped several times a week) or is the no-fly list ineffective at stopping terrorists? Is it casting a much wider net and catching non-dangerous individuals as well? With respect to publicizing no-fly list successes, it would seem that as a deterrent mechanism the government would want would-be terrorists to know that the no-fly list works; that it catches dangerous individuals, and therefore, it is not wise to try to fly if you have thoughts of committing a terrorist act. This is particularly true given the amount of information available on the Internet about how to bypass the no-fly list, such as the forged boarding pass generator. If the government wanted to counteract the effect of that type of information being available, it would seem reasonable to show the public that despite these apparent flaws, the no-fly list works well in stopping dangerous individuals. A response to this argument is that there is greater benefit derived from keeping the successes of the list relatively secret because it keeps terrorists continually guessing and unsure about how effective the government is at tracking them and preventing their action. This argument might have some merit, but the empirical record of the government with respect to publicizing potential terrorist threats and foiled plots suggests that they do not subscribe to the secrecy strategy. There are numerous examples of the government pursuing a strategy of publicity rather than secrecy when it involves letting the country know about terrorist plots and threats. Two examples, one from a small-scale potential attack and one from a large-scale potential attack, should illustrate the point. In June 2005, the U.S. government held a press conference in Lodi, California to make public a foiled terrorist plot that involved Hamid Hayat and his father Umer, who had allegedly had connections to Pakistani terrorist camps. 54 The FBI chief of Sacramento said in the public statement that Al Qaeda was active in the Lodi, California area and it included “individuals who have received terrorist training abroad with the specific intent to initiate a terrorist attack in the United States.” 55 The subsequent investigation and trial did not elucidate any specific intent, but rather revealed an individual who may or may not have been sympathetic to Islamic jihad. Nevertheless, in this case the government, without any direct knowledge of a specific threat or imminent attack, made public the information they had, thus belying the argument that secrecy over publicity is the preferred strategy of deterrence. The second example is drawn from a much larger potential terrorist attack originating in the United Kingdom. From August 9 to August 10, 2006, British authorities arrested twenty-four suspects alleged to have been plotting an attack against the United States using U.S.-bound aircraft and liquid explosives. A day later Michael Chertoff, head of DHS, called the plan “sophisticated” and “imminent,” with the plan “getting really quite close to the execution phase” and “in the final stages of planning before execution.” 56 The subsequent investigation of the plot revealed that the government had no solid evidence the plan was close to execution. Specific planes or a date had not been set, a number of the suspects did not have passports, and, perhaps most important, British authorities had been monitoring the group for months and were confident that an attack was not imminent. 57 Nevertheless, as was the case with Hamid and Umer Hayat, the government came forth before all of the facts were available and noted that a potentially very serious threat had been thwarted. These two examples of the government making public potential threats before they are imminent raises the question of why there is a disconnect between the no-fly list secrecy strategy, as verbalized by Hawley, and the publicity strategy pursued during other cases. It could be that the government makes the secrecy/publicity decision on a case-by-case basis and thought there was value in notifying the public of the first two threats, but not no-fly list threats. It is conceivable also that the government only wants to alert the public to specific threats. That is, someone being stopped at the airport because he/she might be dangerous can be conceived of as a threat, but it is a diffuse threat. There are no specific plans or intentions that are automatically divined by stopping someone from boarding an aircraft; the individual may or may not have had intentions of wrongdoing even though they were on the list. Yet the empirical reality seems to suggest that the government sees value in making anti-terror successes public. Given the two examples above, one could reasonably come to the conclusion that if the no-fly list had stopped a significant threat, we would have heard about it. The more confusing aspect of Hawley’s statement is that the no-fly list stops “several” individuals the government does not want flying a week. This would suggest that there are potentially would-be terrorists attempting to board aircraft on a routine basis. Empirically this is difficult to reconcile with the FBI’s own admission that they have found zero terrorist cells in the United States since 9/11, 58 and Al Qaeda operatives seem to be focusing their energies on Iraq. 59 Presumably, if these individuals who are being stopped are terrorists, the FBI’s statement would no longer be correct. If terrorists are prevalent enough to be boarding aircraft multiple times a week, then is it still reasonable to assert that zero terrorist cells have been found in the U.S.? Another explanation for the high-number of individuals being stopped is that they are on the list, but not necessarily terrorists. As noted above, even with the “scrubbing” that has occurred, the list is still quite long and it is not entirely clear that everyone on the list poses a threat to the US. Thus, while it might be true that the no-fly lists stops individuals on a routine basis, the extent to which those individuals posed a danger to the aircraft they were about to board remains in question. Finally, with respect to stopping potential plots, the effectiveness of the no-fly list is questionable because of the unknown danger posed by those on the list. As Bruce Schneier points out, the no-fly list is “a list of people so dangerous they cannot be allowed to fly under any circumstance, yet so innocent we can’t arrest them even under the Patriot Act.” 60 This is a real and important critique. If the individuals on the no-fly list are dangerous, and we have information to suggest that they are dangerous, why aren’t they arrested and at least brought in for questioning? Again, the empirical record suggests that the government’s approach when dealing with potential terrorists is to bring them into custody in order to figure out how real the threat is. This is what occurred with the Hayats and the would-be U.K. bombers. This remains an important question about the benefits of having the no-fly list: how dangerous are the individuals on the list? Presumably if they posed an immediate threat to the United States they would be arrested and the government would not wait for them to turn themselves in by attempting to fly. One response to this question is that a benefit of the no-fly list is not just in arresting individuals, but rather tracking their movements. One argument for the potential benefit of the no-fly list is that it allows the government to track and keep individuals inside the United States. If an individual is believed to have connections to terrorist training camps in Pakistan, there might be value in preventing that individual from going to Pakistan to be trained, aid in training, or otherwise conduct dangerous activities. The problem with this argument is that it is belied by actual law enforcement experience. Sources in the security community note that, in general terms, it is better to have dangerous individuals outside of the United States rather than inside. While the government might be able to keep better track of individuals within its borders, the individual’s ability to conduct terrorist activities against the U.S. is hampered if that person is residing outside its borders. 61 From this perspective the no-fly list does not provide substantial benefit by keeping individuals in the country, since it is preferable to keep terrorists out, not keep them in. The corollary to this argument is that keeping terrorists out of the country is beneficial. A no-fly list, operationalized in international airports with flights bound for the U.S., might help to keep dangerous individuals from reaching U.S. soil. Further, even if those on the no-fly list do not pose an immediate and credible threat to the U.S., there might be value in the government’s ability to keep track of potentially harmful individuals. For instance, if there are individuals living in Western Europe who are believed to harbor resentment against Western society, 62 there is value in the United States being notified of their movement and intent. If one of these individuals arrives at an international airport attempting to board a flight to the United States, the threat may not be specific to that particular flight or any particular plot against the country of departure, but nevertheless information about the movement of individuals on the list is worthwhile. High-level government officials and security experts routinely discuss the merits of layered-based security. 63 By building and maintaining movement information on suspected individuals, the government is able to derive an additional knowledge-based layer of security. This would seemingly serve a real benefit in the government’s campaign to better know and understand the enemy. Finally, as alluded to earlier, some analysts have argued that the no-fly list and other aspects of airport/flying security provide an intangible psychological benefit. Bruce Schneier has termed this concept “security theatre.” Schneier argues that security countermeasures utilized by the government after September 11 have been intended to provide the feeling or perception of improved security, without doing anything to actually improve tangible security. Given the criticisms that have been levied at the no-fly list’s effectiveness, particularly as it relates to the rise of print-at-home boarding passes and the ability to use fake IDs, etc., the no-fly list is, according to Schneier, an excellent example of security theatre. From a psychological perspective it may be that security theatre serves a legitimate function in what scholars have called “ontological security.” Ontological security is a mental state derived from the feeling of continuity and stableness in one’s life. Just as humans require physical security with our bodies, so too do we require that our day-to-day existence not be scarred by outlying events. It is possible to conceive of security theatre as a mechanism for providing ontological security to flyers and the general public. If individuals are convinced by the security they see that they are safe, they might be more likely to feel protected and go about their business than if their ontological security is threatened. Further, security theatre can also theoretically deter actors from taking certain risks. If, for instance, would-be terrorists perceive significant security measures in place, they might be less likely to follow-through with terrorist acts. In this example the security need not be “real” in any meaningful sense; it must only present a feeling of a securitized situation that would create a level of risk for a would-be terrorist. Retail stores have long adopted this stance, using such things as fake video cameras to dissuade shop-lifting, for instance. This is not to say, however, that security theatre provides only positive psychological effect. As Schneier argues, security theatre can lead to increased perception of risk. Consider, for instance, visible measures of security such as armed guards. While this might reassure the public, from an ontological security perspective, it might contribute to a sense that there is a real risk associated with the activity they are engaged in. With respect to the no-fly list this might obtain from the existence and public knowledge of the list itself; given that there are individuals the government does not want on airplanes, this might imply that flying is a risky endeavor. Having identified many of the potential intangible benefits of the no-fly list that are difficult to assess financial value to (such as the ability to track suspected individuals and deter potential attacks) it is worth considering what tangible benefit the list might serve if it is effective. There are a number of reasons to question whether or not the no-fly list is able to deliver on the intangible benefits, as outlined above, but assuming that it can, what tangible savings might the country realize? One way to assess the tangible benefits of preventing an attack is to estimate what it would cost the country if the no-fly list was not in place and terrorists were able to easily board an aircraft and bring it down. While this represents a scenario that is less likely to occur since September 11, 2001, as airline security has increased, it is nevertheless worth investigating as a middle-range possibility in terms of cost. 64 The RAND Corporation, in a 2005 paper investigating the cost and benefits of aircraft missile defense systems, estimated that the direct costs of an airliner being attacked in flight would approach $1 billion. 65 The indirect costs, which are more difficult to estimate because predicting state response to the attack is difficult (such as whether or not air travel would be shut down for a significant period of time as it was after 9/11), are estimated at close to $15 billion when all potential long-term effects are accounted for. 66 This number would, of course, increase substantially if more than one aircraft was involved in an attack. While the tangible cost of a potential airliner attack is useful in its own right in providing a sense of what type of benefit the no-fly list might provide, it can only be evaluated fully by assigning a probability to the attack, computing the probable tangible cost of the attack, and comparing that figure to the cost of maintaining the list. It is to that final task that the article now turns. Assessing whether or not the no-fly list is valuable or “worth” the money being spent is a difficult endeavor because ultimately it is a subjective one without a clear and objective answer. By way of conclusion, however, the article will end with a question in hopes that it will spur additional research and discussion on the topic. Comparing the intangible benefits to costs is difficult because a quantitative approach is not sufficient; assigning a financial figure to intangibles is difficult, and any qualitative approach would necessarily be muddied by subjective arguments about the relative merits of the intangibles. For instance, some might find high value in the government’s ability to monitor and track individuals, while others see this as an ancillary, or indeed (if it infringes on the civil liberties and rights of those being monitored) negative “benefit.” Tangible benefits are seemingly easier to compare to costs because we can attach a financial figure to each benefit, but the probability of realizing those benefits is quite subjective. To answer any question regarding the worthiness of the no-fly list the first question that must be answered is: how likely is it that there will be an attack attempt? The answer to this question is inherently subjective depending on one’s own sense of security, how one perceives world events, and how closely one pays attention to world politics. Recent polls demonstrate this subjectivity by illustrating the diversity of opinion as to whether or not Americans are likely to witness another terrorist attack in the near future. 67 Nevertheless, with tangible benefits we at least can compare the realized return to the costs of implementation across a range of probabilities. A common methodology for assessing cost effectiveness is to multiply the costs of an event by the probability that event will happen and then compare that to the costs of a system in place to prevent the attack from occurring. For instance, if one perceives a 1 percent chance of individuals boarding a plane and bringing it down each year, with the costs of such an attack reaching $15 billion, per the RAND study cited above, then one theoretically could argue that $150 million (0.01 * $15,000,000,000) should be spent, each year, in attempting to prevent such an attack. Similarly, if one considers the probability of an attack to be 0.1 percent, then one could argue that the no-fly list is “worth” $15 million in prevention of such an attack. Given the costs identified in this article, a first-cut reasonable estimate of the probability of an attack needed to justify the cost of the no-fly system is somewhere between ~ 0.3% and 1.1%. It is important to note, however, that this analysis is true only if the no-fly list alone could stop the attack. More likely, the no-fly list reduces the likelihood of an attack by adding another layer of security to air-travel. How much value it provides in reducing the likelihood of attack is a subjective measure. More likely, the no-fly list reduces the likelihood of an attack by adding another layer of security to air travel. How much value it provides in reducing the likelihood of attack is a subjective measure that relies on the probabilities assessed by the analyst. Clearly assessing the probability of attack is difficult. From there assessing what role the no-fly list would play in a “non-event” is even more so. Precisely because the no-fly list serves as a deterrent, success is defined not by what happens but what does not happen. This makes analysis of whether the no-fly list is “worth it” a subjective call. Making that call, however, requires data of the type presented in this article. On the other hand, there have been recent attempts to quantitatively value human life and compare the costs of saving those lives to the cost of losing them. Mark Stewart and John Mueller, in looking at the cost and benefits of hardening cockpit doors and the air marshal program in Australia, use a quantitative approach on both the cost and benefit end. They note that if human life is calculated to be between $1 and $10 million, based on Australian government guidelines, then the cost of the cockpit door hardening is less than the expected benefit in terms of historical fatality numbers and the risk associated with terrorists entering cockpits. Using the same calculation, the air marshal program fails. They note that even if their estimates are in error by 100 percent, it would not change the conclusions with respect to the program. Similar calculations, using the data provided in this article, could be used in answering the “is it worth it” question. Such attempts at quantitatively assessing the value of human life will likely cause some to pause. Should we be placing monetary value on human life or if security measures have the potential of saving even one life, should we pursue them? These are not easy philosophical questions to answer. However, conducting analyses of the costs and benefits of security measures do allow us to understand where resources are going and what they might be preventing. We can then compare these expenditures to the potential of using the resources elsewhere, perhaps in vaccinations, health programs, road safety, etc., which can also be used productively to save lives. The goal of this article is not to make this assessment but rather to provide some tools and data such that a conversation can begin with respect to where our security dollars should be spent. It is hoped that the investigation this article has taken, of the costs and benefits of the no-fly list, will spur additional work in attempting to elucidate educated relative probabilities of various no-fly list-related scenarios. It is only then that the cost-effectiveness, and the financial worth of the list, can be thoroughly assessed. Marcus Holmes is a PhD candidate in political science at Ohio State University. His research interests are in international relations and political psychology with particular emphasis on social neuroscientific insights into politics. Mr. Holmes can be contacted at holmes.504@osu.edu. The author would like to thank John Mueller, Dale D. Murphy, Mark Stewart, Nathan Stickney, a large number of sources in the private sector, and three anonymous reviewers. All mistakes remain mine. NOTICE OF CORRECTION: This article was corrected and republished on February 13, 2009 to reflect the following changes: (1) addition of section entitled “Psychological Benefits of Security,” (2) new text in the Conclusion, and (3) author’s acknowledgment. These changes were made to correct an editorial oversight on the part of Homeland Security Affairs. This article was originally published at the URLs https://www.hsaj.org/?article=5.1.6 and https://www.hsaj.org/?fullarticle=5.1.6. Copyright © 2009 by the author(s). Homeland Security Affairs is an academic journal available free of charge to individuals and institutions. Because the purpose of this publication is the widest possible dissemination of knowledge, copies of this journal and the articles contained herein may be printed or downloaded and redistributed for personal, research or educational purposes free of charge and without permission. Any commercial use of Homeland Security Affairs or the articles published herein is expressly prohibited without the written consent of the copyright holder. The copyright of all articles published in Homeland Security Affairs rests with the author(s) of the article. Homeland Security Affairs is the online journal of the Naval Postgraduate School Center for Homeland Defense and Security (CHDS). https://www.hsaj.orgDefining Terms
Estimating No-Fly List Costs 19
Establishing a Federal Government Resource Burn Rate
Technology Product Costs
False Positives
Flight Diversions and Delays
Other Costs
Analysis of No-Fly List Benefits
Stopping/Deterring Potential Plots
Keeping Individuals In/Out
Psychological Benefits of Security
Tangible Benefit: Preventing a Costly Attack?
Bringing Costs and Benefits Together: Concluding Thoughts
Appendix A:
Consolidated Table of No-Fly List Costs
Players/Costs Low Estimate Medium Estimate High Estimate DHS, TSA, NCIC, NSA, DARPA, FBI, CIFA, Private Firms, etc. Burn Rate $7.5 million/year $20 million/year $43+ million/year Government Technology Products $25 million/year $33 million/year $42+ million/year Airline Technology Products $8.3 million/year $17 million/year $42+ million/year Law Enforcement Involvement (Airport Security) $5.5 million/year $5.5 million/year $5.5+ million/year Passenger False Positive Airport Time $2 million/year $7.5 million/year $15+ million/year Passenger Removal From List Costs $1.5 million/year $3.75 million/year $7.5+ million/year Airline Diversion Costs (Airlines and Passenger Delay Costs) $0.4 million/year $0.66 million/year $1+ million/year Lawsuits Against US Government $1 million/year $2 million/year $5+ million/year Total Yearly Cost ~$51 million ~$89 million ~$161 million Total Since 9/11/01 ~$300 million ~$536 million ~$966 million