Even if terrorists rush to apply for a trusted traveler program and some get accepted, commercial flights would still be more secure than if no trusted traveler program existed in most circumstances, according to a new report from the RAND Corporation.

“If our model of detection performance is reasonable, it is clear that, a trusted traveler program could produce security benefits,” the report concludes [1], even if terrorists try to game or exploit the system.

RAND's conclusion, however, is theoretical: a government-run trusted traveler program does not exist yet, even though Congress gave the Transportation Security Administration (TSA) authority to create one back in 2001 when the agency was founded.

But the report comes as TSA Administrator John Pistole has repeatedly said in speeches that his agency will begin to cautiously move away from the "one-size-fits-all" model of passenger security screening currently employed at U.S. airports. In a speech last week, Pistole told the American Association of Airport Executives (AAAE) at its annual Aviation Security Summit that TSA  has begun to develop a "long-term security construct" [2]using "identity-based screening," in other words, a trusted traveler program.

The creation of a trusted traveler program would be an acknowledgement that nearly every passenger that boards a plane only wants to land safely-- an assumption Pistole agrees with. “The vast majority of the 628 million annual air travelers present little-to-no risk of committing an act of terrorism,” he told the AAAE last week.

Although a trusted traveler program could be created in a myriad of ways, the basic framework remains simple.

Fliers provide personal information, including biometrics, and submit to a background check to verify whether they present a threat to commercial aviation or not. If accepted into the program, trusted travelers receive reduced and expedited security screening and thus a more convenient and comfortable travel experience. Most trusted traveler advocates believe this would mean passengers would no longer have to arrive at the airport early, take off their shoes, remove their laptops from their carry-on bag, or submit to controversial  full body scans or enhanced pat-downs. (Security screeners would reserve the right to increase the intensity of the screening if a trusted traveler raised suspicions or where chosen randomly for secondary screening.)

While making flying more comfortable for vetted fliers, the program should also deliver increased security benefits as freed-up resources are allocated to the public security line, according to trusted traveler advocates. The worry, however, is that terrorists could game a trusted traveler program, receive reduced screening, and smuggle a weapon on board a plane in an attempt to hijack it or perpetrate another 9-11-style attack.

According to RAND’s modeling, for a trusted traveler program to be successful it must balance its desire to deter terrorists from applying to the program while at the same time delivering clear benefits to innocent travelers who take the time to apply and pay the registration fee. The major variable then, according to the report, is how effective the background check will be. That's because what makes the program desirable to the flying public--less intrusive security screening--also makes it attractive to a terrorist.

A well-performing program, says RAND, must implement a background check process that results in a high “true positive rate”--accurately determine those who present a threat to commercial aviation--and a low “false positive rate”--those innocent fliers denied trusted traveler status but who present no threat to commercial aviation.

Achieving this, however, presents any  trusted traveler progam with a Catch-22. “Though more-intensive background checks minimize the importance of attacker exploitation attempts, they may do so either at the expense of public participation or increased program costs to the government,” RAND explains, although the think tank believes thorough background checks are “critical, even at the expense of the highest participation rates.”

RAND Senior Physical Scientist Brian Jackson, a co-author of the report, said there are many ways the government could tweak the program to reduce the number of terrorists who apply for the program. One is advertising to trusted traveler applicants that if their application is denied, their information could be passed onto the FBI for further investigation. The government might not even have to follow through on the suggestion, Jackson says, the threat itself could be enough to dissuade terrorists from applying.

Another option suggested by the report is to have an applicant's social networks examined during the background examination, thereby increasing the perceived risk that if a terrorist applies for the program he may do so at the risk of outing his comrades.

But Catch-22s arise again: taking such actions, which could be perceived as threatening or intrusive, could alienate innocent travelers from applying for the program, Jackson and his coauthors remind policymakers.

Aside from terrorists applying for trusted traveler status, RAND notes any trusted travel program also has to consider the possibility that terrorists could coerce an innocent trusted traveler to carry a bomb on board a plane or that a trusted traveler could radicalize, known as the “good gone bad” scenario.

To account for such scenarios, RAND concludes any trusted traveler program must be flexible, incorporating the revetting of trusted travelers and random security checks once they reach the checkpoint. The latter, Jackson advises, must be done in a way that doesn’t negate the value of the program. If a trusted traveler undergoes random security checks a good proportion of the time she travels, she may feel the costs of the program outweigh its benefits.

Finally there’s the larger political risk that confronts TSA and members of Congress who support a trusted traveler program.

“The effectiveness standard for a trusted traveler program cannot...assume that no terrorist will ever compromise the system,” the report warns. “If policymakers are unprepared to weather and rationally respond to such criticisms after an attack, then a trusted traveler program may not be viable in spite of its potential security benefits.”
 

♦ Photo by william couch/Flickr [3]

Thumbnail: