Threat Assessment, Ideology, and Airport Security — A Response to Ilya

I appreciate Ilya’s post below on the political economy of airport security, although it differs in some ways from my experience following surveillance law and national security law since I started at the Justice Department in 1998. I thought I would offer a quick explanation of my own take on these issues drawn from that experience.

In my experience, politicians have the right incentives in this area. The American public consistently cares very passionately about these questions, and a very broad range of politicians want to “do the right thing” in this area. Different politicians strike the balance in different places, of course, owing to their different assessments of the threats both to safety and civil liberties — as well as the different assessments of their constituents. But I think the incentives are the right ones.

The core problem is not incentives but rather the extraordinary difficulty of threat assessment. Assessing the terrorist threat requires us to figure out what an undetermined group of people with cultures and life experience totally different from our own might do in response to various policies enacted around the world using constantly changing technologies we barely understand enforced by a sprawling global bureacracy we can’t fully comprehend. That’s really really hard to do.

The difficulty of threat assessment means that we often fall back on two proxies: ideology and our very recent experience. We fall back on ideology because it gives us easy shortcuts. It can tell us how much to trust the government, how much to fear the terrorist threat, etc., creating the illusion of familiarity that we interpret as guideposts to answering the unknown. We then do our best to fit in new evidence to confirm our preexisting views.

We rely on recent experience to gauge the threat on the dubious assumption that the near future will be like the near past. If we just had a recent attack, we assume we’re in for a future of a lot of attacks. If we haven’t had an attack in a while, we assume the threat has gone away. That instinct probably made sense when we were cavemen trying to figure out when the dinosaurs would attack next, but it doesn’t serve us very well when we know so much about the threat beyond when attacks have been successful. Either way, the tendency to legislate after an attack but not before it largely reflects the crutch of recent experience. When an attack is recent, the sense of the threat is higher and legislatures are ready to act: The instinct of “do something” is not just an abstraction, but rather an instinct do “do something about a specific threat” the public has on their minds.

If I’m right about this, what are the implications for future policy?

The first implication is obvious but still important: Decisionmakers should rely as much as possible on facts and as little as possible on ideology. The more decisionmakers can learn about the problem, in as much detail as can be mastered, the better off we are at figuring out best practices in response to it. Second, if you’re lucky enough to be able to control the timing, the best time to enact security policy is probably when an attack is neither very recent nor very distant. As a rough approximation, that approach will probably minimize the biases of recent experience.