Playing charades with terrorists

Here is a cruel but unavoidable reality that no politician wants to acknowledge: We can never make air travel 100 percent secure. The goal is to achieve a level of security consistent with protecting our values, our economy and our interests.

But the attempt to bomb Northwest Flight 253 on Christmas Day provoked what has become a predictable response from our political leaders following a terrorist attack, even an attempted one: Do something, or, more accurately, be seen doing something.

Immediately after the attempted attack, the Transportation Security Administration (TSA) announced a raft of new measures for international flights - including plane-side searches of all passengers and carry-on luggage headed for the United States and prohibiting passengers from holding blankets and pillows during the last hour of U.S.-bound flights. These have been made permanent, along with additional security for passengers flying from or through 14 specific countries.

As the National Academy of Sciences noted in its 2008 report, Protecting Individual Privacy in the Struggle Against Terrorists, "the policy impulse to do something (by which is usually meant something new) under these circumstances is understandable, but it is simply not true that doing something new is always better than doing nothing." Here are three reasons why:

First, the rush to "do something" runs the risk of wasting scarce resources on activities that do little or nothing to enhance our security. Take plane-side searches, for example. If metal detectors, X-ray scanners, watch lists, limits on liquids and other items that can be carried on, luggage scanning, random baggage searches, profiling and other security measures carried out in the comparative calm before boarding haven't detected contraband, what is the likelihood that a hurried search as 300 or more passengers race to board their plane will work?

Similarly, however effective the last-hour ban on blankets and pillows will prove, will it not occur to a dedicated terrorist fanatic to try to detonate a bomb earlier in the flight?

Second, the inevitable tendency to "do something" fast and visible in response to terrorist attacks increases the likelihood that we will do the wrong things at the expense of the right ones.

For example, in the case of the Northwest flight, it turns out that U.S. officials had credible evidence from Umar Farouk Abdulmutallab's family that he was likely to pose a threat to U.S. interests, and the airlines knew that he purchased a one-way ticket with cash - factors that are supposed to trigger additional scrutiny. For some reason, they didn't.

More surprising, the government's Automated Targeting System (ATS) did not identify Mr. Abdulmutallab as a risk. Based on data from numerous sources, ATS assesses the risks presented by each person seeking to enter or exit the United States by plane or ship. Airlines are required to report detailed passenger information to the government before planes destined for the United States take off.

The government should be exerting every effort to find out why the system did not work in the case of Mr. Abdulmutallab, especially because the government has recently adopted a similar approach (under the name Secure Flight) to check domestic airline passengers against watch lists.

This is one example of the "systemic failure" to which President Obama referred on Dec. 29. Another is our failure to connect the dots among the various pieces of information authorities knew about Mr. Abdulmutallab and the intelligence they had received about a Nigerian being trained by al Qaeda for a forthcoming attack.

This was the same type of failure noted by the Sept. 11 Commission in its assessment of the 2001 terrorist attacks, and it is troubling that we are still facing the same issue eight years later.

Finally, when we tie ourselves in knots in response to incidents like that on Northwest Flight 253, we run the risk of turning failed terrorist attacks into successful ones.

If new security measures (especially ill-targeted ones) cause people to stop traveling or drive another U.S. airline into bankruptcy or undermine our still-struggling economy, we may hand the terrorists a victory they could not achieve on their own.

Fred H. Cate, a distinguished professor, C. Ben Dutton professor of law and director of the Center for Applied Cybersecurity Research at Indiana University. He was a member of the National Academy of Sciences Committee on Technical and Privacy Dimensions of Information for Terrorism Prevention and Other National Goals.