UNCLASSIFIED COMMISSION SENSITIVE
TEAM 7 DRAFT MONOGRAPH on
CIVIL AVIATION AND TRANSPORTATION SECURITY
Sam Brinkley William Johnstone John Raidt
DRAFT
FOR INTERNAL USE ONLY
DRAFT
CIVIL AVIATION SECURITY: PRELUDE TO 9-11 Executive Summary The story of how terrorists on September 11, 2001 were able to hijack four U.S. civilian jetliners and use them as weapons of mass destruction against the American homeland begins with fundamental questions about the status of the civil aviation security system that was supposed to stop them. • • •
•
How did the U.S. civil aviation security system evolve to achieve its status as of September 11,2001? Who was responsible for setting, implementing and enforcing aviation security policies and procedures? What did civil aviation authorities perceive to be the security threat to commercial aviation, its vulnerabilities to terrorism and the consequences of a successful attack? And what did they do about it? Precisely what security measures were the hijackers required to defeat in order to execute their crime on September 11,2001?
Pivotal Incidents and Aviation Security From the inception of the U.S. civil aviation system in the 1920's up to the modern era, two forms of attack against U.S. commercial aircraft have remained the most urgent and consequential — air piracy, most commonly referred to as hijacking, and sabotage, primarily in the form of bombing. The national system for protecting passengers, aircraft and airports from attack was neither created nor developed by policy makers in anticipation of criminal and terrorist intentions, but rather in reaction to major incidents—a phenomenon observed by numerous public aviation commissions and commentators over the past 25 years. As threats manifested themselves through successful attacks, including headline, watershed disasters, new defensive measures and approaches were implemented by policy makers seeking to solve the prevailing "security problem" of the time. •
Q
The 1955 bombing of a United flight for the purpose of insurance fraud
The sabotage of this flight after take-off from Denver, Colorado, killing 44, gave rise to limits on the value of passenger insurance policies. The attack was followed three years later by the hijacking of a Cuban airliner en route from Havana to Miami1 and a series of midair collisions."2 These incidents together with "the approaching introduction of jet airliners spurred Congress to create an independent Federal Aviation Administration (FAA), extending the agency power to oversee both the "safety and security" of civilian aviation, as well as to "promote" the aviation industry.3 Li these early years, the primary focus of air commerce regulators was on issues of "operational safety," while the thrust
DRAFT
FOR INTERNAL USE ONLY 1
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
of security policy was on enforcing generally applicable statutes against fraud, theft and assault. •
The rash of aircraft hijackings to Cuba between 1968 and 1972
The industry's age of relative innocence was shattered by an epidemic of hijacking between 1968 and 1972. Congress responded by passing major new aviation security laws, the centerpiece of which was a requirement that air carriers submit their passengers to pre-boarding checkpoint screening in order to enforce prohibitions on the possession of "deadly weapons, explosives and incendiaries" aboard commercial aircraft. The new body of law created a federal regulatory system in which the FAA was responsible for establishing and enforcing security policies and standards, while commercial air carriers and airports were responsible for carrying them out. During this period political and religious conflict in the Middle East created a breeding ground for terrorist activity, some of which in the years to follow was aimed at the United States over its policies in the region. •
The 1988 downing of Pan Am 103 by a terrorist bomb
The Pan Am 103 disaster shifted the security focus from hijacking to the sabotage threat as authorities endeavored to develop the technological means to detect improvised explosive devices (lED'S). Laws passed in response to the incident created new positions within the FAA to oversee security, and required the FBI and FAA to formally assess the contemporary aviation threat posed by rogue states and terrorist movements, and to evaluate systemic vulnerabilities to their tactics. •
The destruction of TWA 800 over the Atlantic Ocean in 1996
This tragedy reinforced aircraft sabotage as the major security concern, as hijacking was perceived to be in check. The heightened concern over bombs, prompted a major push to increase the screening of checked baggage for explosives (even though the federal investigation into the disaster eventually concluded that the cause of the crash was not an explosive). The incident occurred at a time when both the domestic aviation security system and U.S. national security complex at large perceived a rising threat from the proliferation of highly capable terrorist groups willing to target and maximize casualties among civilian populations in pursuit of extreme political or religious aims—a trend illustrated by the 1993 bombing of the World Trade Center, the 1997 bombing of the Federal building in Oklahoma City, the 1998 bombings of the U.S. embassies in Africa and the foiled 1995 Bojinka plot by Ramzi Yousef, an Al Qaeda affiliate, to destroy 12 U.S. airliners simultaneously through coordinated bombings.
DRAFT
FOR INTERNAL USE ONLY 2
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
Aviation Security Roles and Responsibilities As the United States responded to attacks upon commercial aviation, particularly to high profile disasters, the roles and responsibilities for planning, operating and enforcing the nation's aviation security system took shape. Well before September 11, 2001 these crucial functions had become vested in five primary institutions: 1) The Federal Aviation Administration: Responsible for setting and enforcing regulations "to protect passengers and property... against an act of criminal violence or aircraft piracy." These rules imposed upon certified airports and air carriers to achieve that objective were set forth in 14 CFR parts, 107,108 and 109. The FAA's enforcement tools included the imposition of fines and withholding an air carrier's or airport's federal certificate to operate. Beginning in 1986 part of FAA's responsibility "to protect passengers and property" included gathering and evaluating intelligence on threats to the civil aviation system. 2) Air Carriers: Responsible for screening passengers and baggage for weapons and prohibited items (weapons, explosives and incendiary devices), controlling access to aircraft and training air crews in emergency response. The security requirements imposed upon commercial air carriers were set forth hi 14 CFR Parts 108 and 129, and an FAA-approved Air Carrier Standard Security Program (ACSSP) that specified the ways and means by which air carriers would meet federal aviation security requirements.. 3) Airport Authorities: Responsible for controlling access to sensitive airport facilities including the Air Operation Area (AOA) and providing law enforcement services to airport facilities. The security requirements imposed upon commercial airports were set forth in 1.4 CFR Parts 107 and 139, and the FAA-approved Airport Standard Security Program (ASSP) that specified the ways and means by which airports would meet federal aviation security requirements. 4) The U.S. Intelligence Community; Responsible for collecting and sharing with the Federal Aviation Administration information bearing on threats to aviation, and, together with law enforcement, for stopping such plots from being carried out. , 5) Congress: responsible for making aviation security law, performing oversight of the national civil aviation system, and funding federal aviation security responsibilities. Each of these institutions possessed a unique set of perspectives, priorities, roles and authorities and was subject to diverse influences and competing objectives in the aviation security arena.
DRAFT
FOR INTERNAL USE ONLY 3
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
The FAA was required by law to regulate the safety and security of civil aviation while at the same time promoting the aviation industry—a dual mandate that was the subject of continuous question by critics. U.S. Air Carriers were profit-seeking enterprises that sought to minimize costs, including security expenses, and maximize revenues in order to succeed in a highly competitive business environment hi which they had a moral, legal and economic obligation to protect the safety and security of their aircraft and passengers. U.S. Airports were public hubs of economic activity in competition for air carrier revenues, travel business and customer satisfaction. As such they were, in most instances, high profile venues for both lawbreakers and local law enforcement authorities. The U.S. Intelligence Community was responsible for collecting information on threats to national security, providing its services to many government "customers" including the Federal Aviation Administration. Its ability to collect information on behalf of its customers was constrained by legal strictures and practices intended to protect personal rights, especially within the United States. The Intelligence Community's ability and willingness to share information with fellow agencies and the public was constrained by agency customs and procedural strictures intended to protect methods of collection and sources of information. >. Congress was required to set aviation security policy, fund the federal components and oversee the system as it dealt with the many competing priorities and political influences affecting the national agenda including issues of budgeting, economics, national security, and the regulation of an industry from which it also received political contributions. The architecture of the civil aviation security system, and the standards by which it would function, were the product of these institutions, and the tug of war between competing public policy interests: cost versus benefit; public convenience versus precaution; regulation versus partnership; differing perceptions about credible threat and acceptable levels of risk; and the implacable clash between economics and public safety.
Civil Aviation Security Defenses By the morning of September 11,2001 national civil aviation security had come to feature six major vectors of defense—what its architects and operators referred to as a "layered" system of protection: •
[ « "* "•> ^ CMY *>**^ '
Intelligence Collection
Considered by the FAA to be the first tier of the nation's layered aviation security system, intelligence collected by the U.S. Intelligence Community was relied upon by the F AA and me law enforcement community to help identify, assess and interdict ihreats-ta j;ivii aviation. The FAA maintained a 24-hour watch which received a steady flow of DRAFT.
FOR INTERNAL USE ONLY 4
DRAFT
FOR INTERNAL USE ONLY
DRAFT
DRAFT
threat related information from intelligence agencies, particularly the FBI, CIA, and State Department. The information was used by the FAA to establish Intelligence Case Files (ICF's) to track security threats and issues. The FAA's analysis of the information collected in these files formed the basis for aviation security policies and special directives to the industry. •
Passenger Pre-screening
The next vector of commercial aviation defense was passenger prescreening, comprised of two main elements both designed to help prevent dangerous people and/or their weapons from accessing commercial aircraft. The first pre-screening element was the FAA listing of individuals known by U.S. authorities to pose a threat to commercial aviation. Based on information provided by the Intelligence Community, the FAA was authorized to issue directives to air carriers requiring them to prohibit listed individuals \ frornjjoarding aircraft or. in designated cases, to assure that the passenger received "\ enhanced screening before enplaning. . , *>
— : second element of prescreening was a program to identify those passengers on each commercial flight who, based on their profile, may pose more than a "minimal tWaf" tn aviation. InJ998. the FAA issued a directive requiring air carriers to implement an FAA-approved computer-assisted passenger prescreening program (CAPPS)—software designed to identify the pool of passengers most likely to contain a terrorist. The program employed an algorithm of "factors" and "weights," derived from each passenger's ticket purchase, passport and frequent flyer data, (excluding the individual's race, creed, religion or national origin), to identify "selectees." The consequence of "selection" was restricted to screening the passenger's checked baggage for explosives. •
Checkpoint screening
,. ......
Perceived by the FAA, the aviation industry and passengers as the most obvious and vital element of aviation security, federal rules required air carriers "to conduct screening... to prevent or deter the carriage aboard airplanes of any explosive, incendiary, or a deadly or dangerous weapon on or about each individuals person or accessible, property, and the carriage of any explosive or incendiary ir^check baggage." 4 Passengers were screened by government certified metal detectors operated and maintained according to FAA rules and calibrated to detect guns and large knives. Knives fewer than four inches in length were not prohibited primarily because FAA did not consider such items to be "menacing" and most state and local laws permitted them to be carried in a concealed fashion. Carry-on items were screened by government certified x-ray machines capable of detecting the shapes of items possessing a designated level of density. In most instances, passenger screening operations were conducted by companies under contract with the responsible air carrier.
Q DRAFT
FOR INTERNAL USE ONLY
5
DRAFT
DRAFT
•
FOR INTERNAL USE ONLY
DRAFT
Baggage screening
Federal rules required that passenger bags on flights at most airports be screened for explosives either by detection devices, K-9 screening or physical search. In the absence of this capability, the air carrier was permitted to practice Positive Passenger Bag Match to assure that no bag was loaded into the hold without its owner on board the aircraft, under the presumption that a bomber would not commit suicide. •
Access controls
FAA rules designated security-sensitive airport zones, including the Air Operations Area as Special Identification Display Areas (SIDA). Only individuals cleared, authorized and credentialed by the airport under FAA standards were to be permitted access. Access points to SIDA areas were to be controlled using approved portal features and access procedures. •
V
-\
Aircraft protection
If the pre-flight vectors of aviation security designed to stop dangerous people and/or weapons from accessing the aircraft failed, the final line of defense was on-board. FAA operated a Federal Air Marshal program to place specially-trained law enforcement officials aboard high-risk flights. FAA rules required Air Carriers to train flight crew in FAA-approved tactics for responding to in-flight emergencies. Weaknesses in the System While the aviation security system was intended to be a multi-layered, integrated system of protection, each of the layers had significant flaws that were recognized to varying degrees by Congress, the FAA and the industry.
Intelligence: Although FAA's Office of Intelligence maintained liaisons with the FBI, CIA and Department of State, the agency unsuccessfully sought access to greater levels of raw data from the Intelligence community and perceived a "blind spot" in domestic D»&,^^ intelligence that FAA officials attributed to the FRT'g focy? "n criminal investigating ^-^ r? ^ rather than intelligence gathering. PLACEHOLDER TO CONFIRM EITHER *_ sU "ADDITIONAL ANECDOTAL EVIDENCE OR DOCUMENTARY EVIDENCE TO BE t- u~<"\ SURE THIS STATEMENT IS TRUE. MAY MOVE THIS TREATMENT TO THE "DISCUSSION SECTION" AFTER THE 9-11 NARRATIVE; PLACEHOLDER FOR ?OUR ANALYSIS OF THE ICF'S TO BEAR OUT THE PAUCITY OF DOMESTIC INFORMATION—AGAIN MAY RESERVE THIS TREATMENT FOR THE DISCUSSION SECTION) ?(y r - £*« %
Computer pre-screening: Automated profiling was an inexact science that identified many individuals who posed no particular threat to aviation as "selectees" and operated without empirical evidence that it captured all of those who were. While the system was DRAFT.
FOR INTERNAL USE ONLY 6
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
designed, in part, using hijacker profiles, it was targeted only at those who checked bags. and the consequences of "selection" were limited to screening the selectees' baggage for explosives. This reflected FAA's view that non-suicide bombing was the most substantial risk to domestic aircraft and a confidence that the combination of checkpoint screening and on-board emergency procedures were sufficient to counter a moribund hijacking threat. Checkpoint screening: Metal detectors, x-ray machines and the screeners who operated this equipment were the primary bulwark of the aviation security system. By 2001, however, any confidence that checkpoint screening was functioning sufficiently was belied by numerous (PLACE HOLDER: ASCERTAINING AN EXACT NUMBER OF REPORTS) publicized studies by the General Accounting Office5 and the Department of Transportation's Office of Inspector General6 which over the previous twenty years had documented systemic and chronic weaknesses in the system. The high failure rate of screeners to detect weapons was discerned by the FAA using tests designed only to evaluate the system's ability to detect prescribed "test items" used by government auditors. The test protocols did not reflect the wide range of prohibited weapons that the metal detectors and x-ray equipment in place were operationally Jncapable of detecting nor did it account for the weapons and operational tactics that a committed terrorist would most likely employ.
o
Aircraft protection: On board defenses were the final layer of protection in the concentric layers of aviation security. By 2001, however, the Federal Air Marshal program had declined to a small fraction of its strength in the 1970's, and the FAA deployed marshals only on high risk international flights.7 The domestic program withered because of the system's confidence hi checkpoint screening operations, the absence of hijacking events and the cost of the program that required the air carriers to "give-up" seats to marshals that could otherwise be sold to paying customers. Federal aviation regulations required that aircrew be trained hi the tactics to address inflight emergencies including a hijacking protocol based on cooperation. Years of experience in dealing with "traditional," non-suicide hijacking in which the plane was commandeered either to provide transportation or to use for bargaining purposes resulted in a philosophy of appeasement and negotiation. Pilots and flight attendants were trained to refrain from any attempt to overpower hijackers.8 Aviation security commentator John Nance,described the hijacking protocol as follows: To the extent that the politically-motivated hijacking was even considered, it was lumped with all the other whose perpetrators had not suicidal intent, and thus could arguably be talked into a safe and non-lethal surrender, given enough time and aircrew patience.9
DRAFT
FOR INTERNAL USE ONLY 7
DRAFT
w
DRAFT
FOR INTERNAL USE ONLY
DRAFT
The World of September 11. 2001
In the lead-up to September 11,2001, the aviation security system had been enjoying a period of relative peace. No U.S. flagged aircraft had been bombed or hijacked in over a decade. Demand for air service was robust and beginning to outpace the capacity of the system. Heeding calls by the public for improved efficiency and customer service, and by the industry for increased capacity, Congress focused its legislative and oversight attention on these issues, including enactment of a "passenger bill of rights" aimed at assuring a more convenient and comfortable passenger experience. The FAA, as well, was centered on issues of customer service, capacity and economics. (PLACEHOLDER FOR ANALYSIS OF RULEMAKING TO PROVE THIS CONTENTION). The agency's security agenda was dominated by efforts to implement a three-year old Congressional mandate to deploy explosives detection equipment at all major airports and on attempts to complete a nearly five-year old rulemaking effort to improve the performance of checkpoint screening operations. The latter rule sought to mandate certification of checkpoint screening companies, improve screener training and impose stricter background checks on screeners and airport employees. Meanwhile, profit-challenged air carriers, feeling the effects of deregulated competition, increased fuel costs, and constrained spending by business travelers remained focused on their tenuous financial position, as they responded to the demand by passengers, the FAA and Congress for unproved customer service. (PLACEHOLDER FOR SPECIFIC INFORMATION ON THEIR FINANCIAL STATUS) f: £ Perceived Aviation Security Threat On the national security front, aviation security authorities were aware of the increased "chatter" being picked up by U.S. intelligence agencies that caused a growing sense during the summer of 2001 that terrorist attacks were in the offing.
u
Court convictions that spring of Al Qaeda affiliate Ahmed Ressam for a plot to bomb the Los Angeles International Airport during the millennium and of the Al Qaeda conspirators who blew up two U.S. embassies in Africa in 1988, heightened fears among aviation security specialists that Islamic radicals would seek retrihntmn aga.jpgtJJ_S targets, possibly U.S. aircraft. Throughout that summer, and indeed, since (PLACEHOLDER FOR DATE WE WENT
^. \n^ Priorities TO AVSEC III) the domestic aviation system was operating at Security Alert Level III— the level required when "Information indicates that a terrorist group or other hostile entity with a known capability of attacking civil aviation is likely to carry out attacks against U.S. targets; or civil disturbances with a direct impact on civil aviation have begun or are DRAFT
FOR INTERNAL USE ONLY 8
DRAFT
FOR INTERNAL USE ONLY
DRAFT
DRAFT
imminent." (PLACEHOLDER FOR SHORT DESCRIPTION OF AVSEC III REQUIREMENTS; REQUIREMENTS FOR AVSEC IV AND WHAT SECURITY MEASURES THAT WOULD IMPOSE).
.
Though civil aviation security authorities at the FAA received a steady stream of data U^Lu- j V' from the intelligence community throughout the year leading up to September 1 1 , 200 1 , i-~. (Ku an in-depth study of the FAA's Intelligence Case Files, Intelligence Notes, security v briefing documents, and supporting files, as well as interviews with key FAA intelligence and civil aviation security officials produced no documentation nr other evidence to suggest thatIhe_F-AA-^essessgd intelligence prior to September 1 1, 2001 that a plot to juiackcommercial aviation and use them as weapons ofjnass_destruction against InTEeUnited States^ was in the offing. Nevertheless, FAA security analysts did perceive an increasing terrorist threat to U.S. civil aviation at home. Numerous FAA documents, including agency accounts published in the Federal Register, security directives to air carriers and airports, and intelligence files produced by the agency's Office of Civil Aviation Intelligence clearly expressed the FAAls_understandingthat terrorist groups were active in the United States and maintained a historiclnterest in targeting aviation, including hijacking. Despite these facts, the FAA deemed that the threat was predominantly against U.S. carriers operating overseas. (PLACEHOLDER PENDING A ROLL-UP OF EVIDENCE ON WHY THEY BELIEVED THIS TO BE THE CASE; AND THE NATURE OF TABLE TOP AND OTHER EMERGENCY EXERCISES AT FAA—SEE MANNO & McDONNELL MFR's) To the extent that a domestic U.S. threat was perceived, it was considered to be most likely in the form of a non-suicide bombing. (PLACEHOLDER FOR SUMMER 2001 SD's AND IC'S SUBSTANTIATING THIS POINT) Nevertheless, the possibility of a suicide hijacking occurring in the United States was considered by civil aviation security authorities. Prior to September 11,2001, the FAA produced a CD- ROM presentation for air carrier and airport authorities describing the increased threat to civil aviation. The presentation cited the possibility of suicide hijacking but stated that "fortunately, we have no indication that any group is currently thinking in that direction." 10 -^
,
«
>
•Cju-eJ
UfUJt.
Moreove^the FAA^was aware of previous threats to conduct suicide hijacking, including the use of aircraft as a weapon of mass destruction in plots associated with Usama Bin Laden who had declared war against the United States in 1996 and 1998. The FBI, ^ however, had deemed the threat to civil aviation domestically to be "low." (PLACEHOLDER: RECEIVED TESTIMONY ABOUT THE FBI ESTIMATE; WORKING TO DEVELOP EVIDENCE). (PLACEHOLDER FOR DESCRIPTION OF SD'S AND IC'S THAT SUMMER AND OF OPEN INTELLIGENCE CASE FILES)
DRAFT
FOR INTERNAL USE ONLY 9
DRAFT
/* A. •*.*<
C
'
DRAFT
^n^ ^ % JP .I
LV, f>. '
•In D-*/i-" -> •
fHiV* **L 51'V
FOR INTERNAL USE ONLY
DRAFT
In August. 2001 FAA officials were informed that thp FRT had arrested Zacarias [.. Moussaoui, a foreign flight school student in the United States suspected of being a (d u. potential "suicide hijacker." While the FBI's agent handling the case reported to headquarters that Moussaoui may be involved "with others" in a "suicide hijacking" plot, the F-A^Vs liaison to the FBI dismissed the report as mere speculation and deemed the matter to be under control with the arrest of the subject.
ll
(PLACEHOLDER TO SEE WHETHER THE LIAISON TALKED WITH THE M Jf ' ARRESTING AGENT ABOUT HIS SUSPICION OR WHETHER THE FAA SHOWED .Jf*\Y INTEREST IN PURSUING THE MATTER AT ALL). v 1 *L»* » ; .yC ^ V \ pj • ^^, Neither the liaison nor his supervisors at the FAA were aware of a report sent to FBI headquarters by a Special Agent in Phoenix expressing his suspicions about flight school students attending flight school in the area. Neither were they aware of a 1996_request_of_ a tasking by the FBI to two dozen field offices to monitor flight schools for suspicious activity, or a 1998 memo to headquarters from the Oklahoma City Field Office expressing concern about flight training by Middle Eastern subjects. S"
PLACEHOLDER TO CONFIRM WITH HARD EVIDENCE THE 1996 TASKING AND THE 1998 MEMO FROM OKLAHOMA CITY) (PLACEHOLDER FOR OTHER KEY INTELLIGENCE ISSUES PENDING EXAMINATION OF THE FAA ICF'S/Intelligence Case Files) Without intelligence information to uncover and interdict a terrorist plot in the planning stages or prior to the perpetrator gaining access to the aircraft hi the lead-up to September 11, 2001, it would be up to the other layers of aviation security to counter the threat. Prescreening (PLACEHOLDER: LOOKING TO SEE IF WE CAN CONFIRM THAT ALL THE MAJORS WERE AUTOMATED) As of September 11, the list of individuals FAA sought to prohibit from flying was comprised of 12 people, including subjects wanted hi connection with the 1995 plot to blow up a dozen U.S. aircraft in the Pacific, among them Khalid Shaikh Mohammad (the admitted mastermind behind the attacks of September 11 2001). Another list contained six, individuals who wer*reqiiir<*Htr> iwiv* a r^gimrn-°f enhanced screening, including, physical search before being allowed to board a commercial aircraft. Checkpoint screening The summer of 2001 brought no relief about concerns related to poor checkpoint screening. In its final rulemaking action of July 17,2001 seeking to update the basic security requirements for airlines and airports, the FAA itself noted that, "publicity about problems with U.S. domestic civil aviation security measures increases the potential for attack here."11 DRAFT.
FOR INTERNAL USE ONLY 10
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
Despite the shortcomings in the system, the fact that neither a hijacking nor a bombing had occurred domestically in quite some time was perceived by many within the system as confirmation that it was working.12 This in part explains the view of the Department of Transportation's chief of intelligence and security who testified to the commission that "we thought we'd won" the battle against hijacking.
Accordingly, most of the FAA's safety emphasis and resources leading up to September 11, 2001 were focused on the continuing effort to deploy explosives detection systems to screen checked bags. (PLACEHOLDER TO SEE IF PPBM WAS JUST FOR SELECTEES OR ALL PASSENGERS AT CAT X) (rU— -^ ' — I-—* &*~ ^ °^3—"\t Pro
o
Under the "layered" approach to aviation security, should a terrorist or criminal successfully defeat checkpoint screening which the facts showed was well within the realm of probability, the back-up line of defense was in-flight security resources and procedures. By 2001 no Federal Air Marshals were assigned to domestic flights.13 Although suicide terrorism had been in vogue over many years, based on past experience hijacking was presumed not to be suicidal, and while efforts were underway to more aggressively protect air crew against air rage under the FAA's flight standards rules the hijacking protocol under aviation security regulations called for appeasement based on the presumption that hijackers had no suicidal intent. The Challenge The facts show that on September 1 1 , 200 1 : • • •
•
o
Checkpoint screener performance and the detection rate of prohibited items at airport checkpoints was generally poor, and these facts were widely known. An entire range of deadly weapons were undetectable: by the screening equipment in place at screening checkpoints. "Selectees" of the passenger prescreening risk profiling system were subject only to an explosive search of their checked bags, meaning that even those considered more than a minimal risk to the aircraft were not subject to additional scrutiny of their person or carry-on baggage. The official aircrew protocol for hijacking was one of cooperation and appeasement.
Accordingly, the challenge for would-be hijackers of domestic flights of U.S. civil aviation air carriers boiled down to: avoiding prior notice by the American intelligence and law enforcement communities, carrying weapons that were either permissible or not detectable by the screening systems in place, and understanding the in-flight hijacking protocol. A review of publicly available literature and/or the use of "test runs" would likely have improved the odds of achieving those tasks.
DRAFT
FOR INTERNAL USE ONLY 11
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
Plotters who were determined, highly motivated individuals, who were largely immune to whatever "deterrent" value was possessed by the civil aviation security system, who escaped notice in FAA Security Directives (which essentially supplied the pre-9/11 "no fly" lists for the air carriers), who used weapons with a metal content less than a small handgun, and who did not conform to the traditional, non-suicide hijacking paradigm were likely to be successful in hijacking an aircraft. ###
DRAFT
FOR INTERNAL USE ONLY 12
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
CIVIL AVIATION SECURITY PRELUDE TO 9-11 Evolution of the aviation security system The story of how terrorists on September 11,2001 were able to hijack four U.S. civilian jetliners and use them as weapons of mass destruction against the American homeland begins with fundamental questions about the status of the civil aviation security system that was supposed to stop them. • • •
•
How did the U.S. civil aviation security system evolve to achieve its status as of September 11,2001? Who was responsible for setting, implementing and enforcing aviation security policies and procedures? What did civil aviation authorities perceive to be the security threat to commercial aviation, the vulnerabilities of the nation's aircraft and airports to terrorism, and the consequences of a successful attack? And what did they do about it? Precisely what security measures were the hijackers required to defeat in order to execute their crime on September 11,2001?
Accurately answering central questions about the nature and quality of the civil aviation security system in place on September 11,2001 requires a clear understanding of the history from which that system evolved—an analysis that hi turn will shed important light on the system serving the United States today. From its infancy in the early 20th century when a small fleet of bi-planes transported U.S. mail point-to-point across the country to the present era in which thousands of jet aircraft carry millions of people and their property to far-flung destinations across the globe, U.S. civil aviation has been the target of crime. While many different forms of unlawful activity have affected U.S. airports and aircraft, the two primary security threats have remained consistent over the system's history — air piracy, most commonly referred to as hijacking, and sabotage, primarily hi the form of bombing. Whether hijackers or bombers, the perpetrators of violence against commercial aviation have generally fallen under one of three categories: •
Q
• •
Criminals in pursuit of some personal goal or financial gain, such as repatriation or the collection of insurance money Deranged individuals striking out irrationally Terrorist groups and affiliates, either state or non-state sponsored, that are organized and financed to pursue a particular political, religious or social cause.14
DRAFT
FOR INTERNAL USE ONLY 13
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
Aviation Security author Andrew Thomas summed up the endemic threat to civilian airport facilities and commercial aircraft when he wrote in 2003: Aviation provides a tremendous amount of opportunity to individuals or groups seeking to achieve their violent ends...Criminals have traditionally looked upon aviation as an environment ripe with offerings. Billions of tons of cargo, hundreds of millions of passengers, and the ability to move easily...For terrorists, aviation has long been a target rich environment and international stage to trumpet their political, social or religious beliefs.15
The evolution of the U.S. civil aviation system leading up to September 11,2001 is a story of cause and effect. As the prevailing threat to aviation security manifested itself through attacks on the system, the focus of the nation's defense of airports and commercial aircraft changed. The composition of the security system continued to accrete and evolve in reaction to the latest incident, changing public priorities and the myriad of economic, political and social influences that shape public policy. It is the story of elemental tensions and the tug of war between competing prerogatives inherent in public and corporate policy setting: cost versus effectiveness; regulation versus laissez faire; precaution versus response; perception versus reality; and the continuous clash between economics and public safety. In the four decades leading up to September 11,2001, the origins, intensity and tempo of the security threat to the world's civil aviation system, particularly the terrorist threat, was heavily influenced by international political factors and circumstances: •
Persistent religious and political turmoil in the Middle East beginning in the 1960's, which created a breeding ground for numerous attacks on civil aviation across the globe in the years to follow.
•
The fascination with hijacking by Cuban ex-patriots in the late 1960's and early 1970's, which resulted in the commandeering of over 170 aircraft hi the four-year period between 1968 and 1972.
•
The violent designs of rogue states especially in the 1980's, epitomized by the downing of Pan Am 103 by Libyan terrorists hi 1988.
t
Ethnic and regional conflicts unleashed by the end of the Cold War in the early 1990's.
•
The proliferation of highly capable terrorist groups willing to target civilian populations in pursuit of extreme political or religious aims, that gave rise to the 1994 plot by Fundamentalist Islamic Extremists to blow-up 12 U.S. aircraft over the Pacific.16
DRAFT.
FOR INTERNAL USE ONLY 14
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
The desirability of America as a target for attack was enhanced by U.S. superpower status and the far-flung reach of the nation's aviation system: While the frequency of attacks upon U.S. civil aviation waxed and waned in the years following the system's creation in 1926 with passage of the Air Commerce Act, by the evening of September 10,2001 a total of (#) U.S. flagged commercial aircraft had been the target of attack, including # of bombings, # of hijackings. (#) aircraft had been destroyed and # of people had lost their lives as the result of criminal and terrorist actions. Over that same period (#) foreign flagged aircraft had been destroyed and # of lives had been lost in attacks overseas.17 (PLACEHOLDER FOR EXACT NUMBERS TO BE PROVIDED BY FAA/TSA). The vulnerability of U.S. airports and civilian aircraft to violent attack at any point in the system's history was a function of the changing mix of security measures in place to counter the prevailing threat, including the criminal and terrorist tactics. In general, however, the vulnerability of aviation to attack was constantly intensified by the rapid pace of technological advancement. The development of improvised explosive devices (IBD'S) and_plastic weaponry ^" increased the system vulnerabilities, even as layers of security utilizing advanced technology were deployed to help counter violent threats, such as metal detectors and explosives detection equipment for checked baggage. As the size and reach of the civil aviation industry grew so did the system's exposure to attack and the consequences of violence. By the year 2000, U.S. airlines were conducting 25,200 flights per year throughout the world carrying 1.8 million passengers (1.6 million of whom were domestic), with an estimated economic impact of over $800 billion in GDP (8 percent of the total) creating approximately 10 million jobs.18 Not until the year following the events of September 11,2001 did the domestic passenger load ever experience an annual decrease in the United States. The consequences of an assault on civil aviation also intensified as it became more and more clear that terrorists were seeking to maximize the casualties of their attacks. This trend was illustrated by the 1993 bombing of the World Trade Center, the 1997 bombing of the Federal building hi Oklahoma City, the 1998 bombings of the U.S. embassies hi Africa and the foiled 1995 Bojinka plot by Ramzi Yousef, an Al Qaeda affiliate, to destroy 12 U.S. airliners simultaneously through coordinated bombings. Not until the downing of Pan Am 103 hi 1988 and the response to the disaster, was the framework of civil aviation security system that was in place on 9-11 fully in effect — the product of a complex evolution.
U DRAFT
FOR INTERNAL USE ONLY 15
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
Formative Years: Lead-up to Pan Am 103: 1926-1988 The initial framework for U.S. commercial aviation policy was set forth by the Air Commerce Act of 1926 when this audacious new form of public transportation was beginning to take wing. Section two of the law set out the policy objectives of the Act that included the establishment of aviation facilities and aids to navigation, the development of air commerce, and the investigation of accidents.19 The law contained no provision for securing aircraft or airports from criminal attack and "in the earliest days of aviation., .aviation security was only a minor concern."20 In this early era, public policy makers focused their attention on issues related to the promotion, operational safety, efficiency and dependability of the fledgling industry. The formulation of a comprehensive agenda for preventing criminal and terrorist attacks upon aviation was not perceived as a pressing priority. The lack of focus on security issues in these formative years stemmed partly from the relative rarity of security incidents, particularly those conducted within U.S. jurisdiction. From 1947 to 1967, commercial aviation was the target of 65 attacks worldwide, 13 of which were perpetrated by terrorists. Both the number of attacks and the percentage of those sponsored by terrorists would increase dramatically in the decades to follow.21 From 1926 to 1967, the United States experienced a total of 14 criminal attacks on commercial aircraft, nine hijackings (the first of which occurred in 1961), and five bombings of U.S. air carriers.2 Bombs and criminals
/ ~!C
Although the number of hijackings was slightly greater in this era, domestic bombings were perceived as the more serious threat, primarily because they involved greater loss of life. The most catastrophic air disaster in this early period occurred in 1955, when a United Airlines aircraft was destroyed soon after takeoff by a dynamite bomb that had detonated in the baggage compartment, killing 39 passengers and five crewmembers. The motive for the crime was insurance fraud.23 Another sabotage incident, also related to insurance fraud, occurred in early I960.24 In response, the FAA moved to limit the amount of airline trip insurance coverage passengers could obtain, while certain air carriers implemented programs to screen baggage for explosives. (PLACEHOLDER: WHAT MEASURES; WHICH CARRIERS AND WHY) The combination of these measures was thought to have been effective in countering the bombing threat at that time, with an FAA report indicating that "domestic airline sabotage declined until there were no fatal incidents in the 1970's."25
DRAFT.
FOR INTERNAL USE ONLY 16
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
Through this period airlines and airports gave security matters little attention. The main thrust of activity was to implement low-technology security applications, such as airport fences, intended as a safety measure to separate aircraft from wildlife rather than terrorists.26 For the most part, the federal government in general, and the Department of Commerce in particular maintained its focus on safety regulation, air space management and industry management, while the security function for commercial aviation such as it was remained vested with the air carriers and the local jurisdictions that owned the nation's airport facilities. (PLACEHOLDER: WHAT WAS THE SECURITY PRACTICE AT THE TIME; WHAT WAS REQUIRED BY REGULATION UP TO 1958 AND THE FAA) Even after Congress established the Federal Aviation Agency in 1958 to oversee the rapidly growing civil aviation industry and prepare for the coming era of jet commercial aircraft, security was barely a blip on the new agency's radar screen. The FAA's focus continued to be dominated by the issuance and enforcement of safety regulations and air traffic control. The FAA's founding statute contained a declaration of policy setting out five priorities centering on promoting the development of the industry and aeronautical safety of civil aviation operations. The Act's security provisions were focused on issues of national defense, such as the zoning of airspace to protect defense operations. The idea that commercial aviation might be a special target for violent attack, and given the fragile nature of the enterprise, might require special precautions was not reflected in the law. The role of the FAA's Office of Investigations and Security was confined mainly to the certification of airline employees for training and technical capability, the flight crew inspections and investigations of airports and aircraft facilities and the distribution of security information. Not until jgTOjvas the office re-designated as the Office of Air Transportation Security and given the responsibility tft Hpa1 w'*h "hijarVing security, bomb threats, aircraft and cargo security, and for developing and implementing Horrent systems for theprevention of criminal acts against air transportation."27 Early Vectors of Aviation Security The first major effort to address criminal assault of aircraft and aviation facilities was undertaken in 1961 when Congress passed legislation to impose specific criminal penalties for interference with air operation, including the death penalty hi aggravated cases. To help enforce these new criminal statutes the FAA trained a special force of safety inspectors for duty aboard commercial flights when requested by Airline management or the Federal Bureau of Investigation. This cadre of aviation law enforcement officers was the forerunner of the Federal Ah- Marshal program. 28
y DRAFT
FOR INTERNAL USE ONLY 17
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
In August 1964, the FAA implemented a rule requiring the "closing and locking" of crew compartment doors of commercial passenger aircraft to deter cockpit intrusion.9 (PLACEHOLDER: WHEN WAS THIS RULE REPEALED) (PLACEHOLDER: BE MORE SPECIFIC ABOUT THE RULES/STANDARDS AND SECURITY PROCEDURES IN 1958, EVEN AFTER THE FAA ACT).30 (PLACEHOLDER: HOW WAS BAGGAGE SCREENING IMPROVED; WAS THIS THE FIRST FORM OF BAGGAGE SCREENING.WHAT WAS THE LEVEL OF FEDERAL INVOLVEMENT. WHAT WAS THE BREAKDOWN OF SHARED RESPONSIBILITY. HOW DID THE SYSTEM RESPOND TO THE BOMBING THREAT) (PLACEHOLDER: EXPLAIN THE GROWTH IN THE IDUSTRY; THE CREATION OF THE FAA; AND THE SECURITY APPROACH, IF ANY OF THE FAA ACT) (GIVE AN EXAMPLE OF WHAT THE SYSTEM LOOKED LIKE) (PLACEHOLDER: WHEN DID IT BECOME SPECIFICALLY ILLEGAL TO BRING A WEAPON ON A PLANE, RATHER THAN JUST MISUSE IT OR TO HIJACK A PLANE SPECIFICALLY, RATHER THAN PROSECUTED UNDER SOME OTHER CRIMINAL STATUTE LIKE KIDNAPPING OR WHATEVER? CHECK WELLS BOOK—AND GET QUOTE FROM PAGE 17. ADD / SOMEWHERE THAT IT WAS NOT A CRIMINAL OFFENSE TO CARRY A WEAPON ON BOARD, ONLY PROHIBITED). The Hijacking Epidemic Beginning in 1968, the threat to civil aviation took a distinctive turn as hijacking began to take center stage from sabotage as the primary threat to civil aviation. Between 1968 and 1972 the commercial aviation system in the United States, both foreign and domestic, suffered an epidemic of hijackings carried out predominantly by individuals seeking transport to Cuba.31 One hundred seventy three U.S. flagged aircraft were hijacked during this period compared to two bombing incidents over the same time span.32 The late 1960s and early 1970s also brought the early stages of the terrorist threat to U.S. civil aviation. The first terrorist hijacking of a U.S. air carrier and the first terrorist bombing of a U.S. ah* carrier occurred in August 1969 and September 1970 respectively. The incidents were described as "relatively simple affairs involving one or two people armed with pistols and hand grenades."33 It should be noted, however, that the latter event actually represented the simultaneous destruction of two U.S. airliners (a TWA flight and Pan Am 93) in two different countries (Jordan and Egypt, respectively). Two foreign carriers were also destroyed the same day. The Popular Front for the Liberation of Palestine (PFLP) was responsible in all four cases.34 By the mid-1980s U.S. air carriers DRAFT.
FOR INTERNAL USE ONLY 18
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
would face "an increasingly sophisticated and lethal threat from three different terrorist sources: radical Palestinians, state sponsors of terrorism, and radical Islamists."35 The rash of incidents produced a public demand for action. In 1970, President Nixon responded by ordering the stand-up of a Sky Marshal Program designed to place armed federal agents on board commercial aircraft. The original 1,300 marshals were a temporary force drawn from FAA, Bureau of Customs, FBI, CIA and Military personnel. A corps of officers recruited and trained by the U.S. Customs Service, called Customs Service Officers (CSOs), subsequently replaced them. The FAA's Director of Civil Aviation Security assigned these agents to flight duty. The Sky Marshal force began to be phased out not long after reaching its fully authorized strength of 1,500 in August of 1971 because of perceptions that a new passenger screening system was effectively dealing with the hijacking threat.36 Prior to the creation of the air marshal program, FAA Administrator Dave Thomas had created the FAA Task Force on Deterrence of Air Piracy, which recommended a program of passenger screening to stop weapons from being carried on to aircraft. Later that year, Eastern Air Lines, TWA, Pan Am, and Continental participated in the test of an "operational screening system for boarding airline passengers" with "weapon-detection devices" to be used in coordination with "FAA's evolving psychological profile to identify and isolate suspicious individuals for further surveillance or search."37 ^'~\s test was the first step toward a mandatory checkpoint-screening regimen at the '-•^/ nation's airports designed to keep dangerous items off of aircraft using metal detection devices, which was to be seen as the central line of the aviation security system's defenses against hijackings all the way to the present day. The psychological profiling component was the antecedent for future efforts to identify potentially dangerous individuals who posed a threat to aircraft, hicluding the system known as the computer-assisted passenger prescreening system (CAPS), that was in place on September 11,2001. At this stage, however, use of the hijacker profiles was voluntary for U.S. air carriers and was accorded a "low priority" by them.38 No final resolution had been reached as to who (the federal government, the airlines or local airport authorities) should conduct and pay for passenger profiling, weapons screening and checkpoint security.39 While the question of roles and responsibilities in aviation security would continue to be controversial over the next 30 years, the issue of who would be responsible for passenger screening and checkpoint security was to be resolved by 1972 in a manner that basically held true until the aftermath of September 11,2001. Regulation and the Growing Federal Role In 1972, the testing phase for checkpoint screening gave way to an urgent push for widespread implementation. On February 1st the FAA issued new rules that required air DRAFT
FOR INTERNAL USE ONLY 19
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
carriers to screen passengers using one or more measures including behavioral profile. magnetometer, identification check or physical search. „ Ten months later the FAA tightened the rule through an emergency order requiring that every passenger be screened either by magnetometer or physical search to prevent weapons and other dangerous items from being carried onto aircraft.40 The following year, Congress codified the mandatory screening order with amendments to the Federal Aviation Act.41 Mandatory checkpoint screening using detection equipment as a primary layer of commercial aviation defense was born. The rule included (PLACEHOLDER: ADD ENFORCEMENT MECHANISM AND PENALTIES AVAILABLE), on top of a March, 1972 rulemaking by the FAA making each air carrier permit to operate contingent on its compliance with security regulations. The/4i> Transportation Security Act of 1974 The wave of anti-hijacking policymaking by both the legislative and executive branches of government in this period culminated with passage in 1974 of the Air Transportation Security Act. Known also as the Antihijacking Act of 1974, the law codified a range of checkpoint screening rules for air carriers and other "security policies and procedures that had already been put into effect at the nation's airports by FAA regulations and directives," including the provision of a law enforcement presence by airport operators. In addition the law imposed new civil and criminal penalties for the unauthorized carriage of weapons onto commercial aircraft, imposed a mandatory death penalty for hijackings hi which loss of life resulted. While criminal statutes prohibiting air piracy and aircraft sabotage fell under the jurisdiction of the FBI, Congress assigned to the FAA "exclusive responsibility for the direction of any law enforcement activity affecting the safety of persons aboard aircraft in flight." This sought to resolve a jurisdictional dispute between the FBI and the FAA over the issue, and was subsequently implemented in a 1975 Memorandum of Understanding (MOU) between the heads of the two agencies.43 (PLACEHOLDER FOR THE ESTABLISHMENT OF THE AVIATION SECURITY SECTION OF TITLE 49 OF THE USC, and 14 CFR) The law also implemented the 1971 Hague Convention on international hijackings and sabotage calling for the apprehension and prosecution or extradition of aircraft hijackers and saboteurs. The Act did not include a Senate-approved provision "providing $35-million a year for two years to establish under the Federal Aviation Administration (FAA) an air transportation security force" to enforce aviation security law and conduct passenger screening at the nation's largest airports.45 The Senate proposal, authored by Senator Howard Cannon (D-NV), Chairman of the Senate Aviation Subcommittee, and supported by the airlines DRAFT.
FOR INTERNAL USE ONLY 20
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
envisioned Federal law enforcement officers as supporting air carrier screeners, not performing the screening functions themselves. They would only search after a bag or person alarmed a metal detection device and then only after consent was given.46
The creation of a federalized screening force was to be revisited by Congress 30 years later in the legislative aftermath of the September 11, 2001 attacks. International Response Concurrent with U.S. efforts to address the hijacking threat at home, the problem was the focus of attention internationally. In 1 974, the International Civil Aviation Organization (1C AO) that had been created in 1944 by international convention to establish International Standards and Recommended Practices (SARP's) covering 18 technical fields of aviation, including security standards, published Annex 17. Annex 17 established a basic security program of minimum obligations imposed on air carriers, airports and member nations. To assist the international community in implementing the Annex, ICAO published the Security Manual for Safeguarding Civil Aviation Against Acts of Unlawful Interference that was updated five times between 1974 and 2001, most recently in 1996.47 While a large and growing body of international law and customs had been developed over the years with the goal of providing aviation security, the success of this effort remained in question. Writing in 1999, Rodney Wallis, former Director of Security for the International Air Transport Association (IATA) and a participant in the drafting of several revisions to Annex 17 to the Chicago Convention, concluded: r~\
'
Unhappily, despite ICAO's efforts, effective security exists in only a minority of countries around the world. It is frequently missing, even from those states which comprise ICAO's governing council. ICAO's strategic action plan has the potential to overcome this shortcoming, but to do so it will have to effectively promote its products around the world. Practice has shown that it will require hard work to persuade many states to enhance their individual security efforts.4*
Standardized Security With a large new body of aviation security law, rendered by acts of Congress and international convention, the air carriers sought a program by which the industry could uniformly implement its security responsibilities. In 1975, under the auspices of its umbrella trade organization, the Air Transport Association, the industry authored a standard security program for all air carriers. The program set out (PLACEHOLDER: GIVE THE ESSENTIAL ELEMENTS. SEE CHRONOLOGY)
U DRAFT
FOR INTERNAL USE ONLY 21
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
The FAA approved the plan and officially designated it as the Standard Security Program, later renamed as the Air Carrier Standard Security Program (ACSSP).49 This document became the baseline for aviation security activities undertaken by the industry to implement the body of civil aviation laws and regulations. Subsequent changes in aviation security policy would not only amend the relevant code of federal regulations pertaining to air carriers (originally, in 1972, under 14 CFR Part 121.538, but subsequently under 14 CFR Part 108, which went into effect in September of 198150) but referred to the corresponding changes necessary in the ACSSP.
A / .j L •*.( •*-
A similar baseline plan, known as the Airport Standard Security Program, was established for airports and was carried out pursuant to 14 CFR Part 107, "Airport Security," which went into effect in 1973.^
g i^-t^• ^- "*> .
The security operations of the airports and air carriers on September 11,2001 were guided by the terms of these standard security programs. State-Sponsored Terrorism and Aviation Security It was during the epidemic qf hijackings the provoked the spate of new laws, regulations and international efforts to shore up aviation security that international terrorists joined criminal elements in targeting U.S. civil aviation, mostly overseas. The first terrorist hijacking of a U.S. air carrier occurred in August 1969 (PLACEHOLDER: NAME AND REFERENCE THE INCIDENT; JENKINS SAYS 1968), and the first bombings of U.S. air carriers overseas occurred in September 1970 (PLACEHOLDER: NAME AND REFERENCE THE INCIDENT. SEE CHRONOLOGY) These attacks were relatively simple involving one or two people armed with pistols and hand grenades. By the mid-1980s, U.S. and other air carriers faced an increasingly sophisticated and lethal threat from three different sources: radical Palestinians, state sponsors of terrorism, and radical Islamists.52 Examples are: On June 14,1985, TWA Flight 847 from Greece was hijacked to Lebanon; U.S. Navy diver Robert Stethem was killed by the hijackers, who were Lebanese Shiites. On June 23,1985, Air India Flight 182 from Toronto and Montreal crashed at sea after an explosion in the front cargo hold. AH 329 passengers were killed. On the same day at Tokyo's Narita Airport, a checked bag designated for an Air India flight exploded, killing two baggage handlers. Sikh extremists were suspected. On November 23,1985, an EgyptAir flight was hijacked enroute from Athens to Cairo and diverted to Malta. After several passengers were shot, including three Americans, an Egyptian commando unit stormed the plane. Fifty-nine of the 96 passengers died in the gun battle and fire. The hijackers were three Arab males. On December 27,1985, simultaneous attacks occurred at two European airports in open terminal areas. Sixteen people were killed and 74 wounded in the Rome airport; three
DRAFT.
FOR INTERNAL USE ONLY
22
DRAFT
DRAFT ~"
FOR INTERNAL USE ONLY
DRAFT
persons were killed and 45 wounded in Vienna's airport. The hijackers were members of the Abu Nidal organization.
;
On April 2,1986, a bomb onboard TWA Flight 840 from Rome, Italy exploded. Four passengers (all Americans) were killed but the flight made a safe landing in Athens.
<*~
On September 5, 1986, terrorists assaulted Pan Am Flight 73 in Karachi, Pakistan. Terrorists had dressed similarly to airport security personnel. After an auxiliary power unit failed, the terrorists opened fire on the passengers, killing 27 and injuring 125. The hijackers were members of the Abu Nidal organization. This was the last terrorist hijacking of an American air carrier prior to September 11, 2001.
\.'<,.
n . VvV -^ f l *
'
on November 29, 1987, a bomb exploded on Korean Airlines Flight 858. All 115 passengers and crew were killed. The perpetrators were North Korean agents.53
The terrorist threat worldwide to aviation, as well as other symbols of U.S. power and prestige, began to grow and was the focus of various national security policy directives. Terrorist Policy and the New Threat In 1985 President Ronald Reagan issued National Security Decision Directive 207 setting out a broad U.S. policy in response to the growing threat of terrorism. I '"*"**'
This directive resulted in the creation of a new branch of the FAA in 1986 responsible for gathering intelligence and assessing the threat to civil aviation and providing threat information to the industry and policy makers. (PLACEHOLDER: DESCRIBE THE INTELL OFFICE AND ALSO THE INCREASING TERRORIST THREAT ACROSS THE GLOBE. PERHAPS SOME LANGUAGE ASSOCIATED WITH THE STAND-UP QF THE INTELLIGENCE FUNCTION AT FAA WOULD SERVE THIS PURPOSE) Even before the growing terrorist threat had exacerbated the security risk to aviation, many experts questioned whether the FAA was functionally capable of performing the safety and security role with which it was vested. The period leading up to 1988 is summarized by Alexander T. Wells in his history of Commercial Aviation Safety.
: I ^-^
Until the late 1960's and early 1970's, airlines and airports gave security matters little attention. Low-technology security applications, such as airport fences, were intended as a safety measure to separate aircraft from wildlife rather than terrorists. Eventually, a few air carriers were hijacked to Cuba. This led to a great deal of money being spent on security by the air carriers and the FAA on x-ray systems, magnetometers, training programs for screening personnel, and air marshals, after which the relative level of security immediately rose. In the United States, the threat of hijacking, as well as the actual incidences of hijackings, diminished over time, giving way to more frequent occurrences of both threats and actual assaults against American flag carriers in Europe, Asia, and Africa, peaking with the bombing of Pan Am Flight 103 over Lockerbie, Scotland, in December 1988.54
DRAFT
FOR INTERNAL USE ONLY 23
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
Pan Am 103 (1988): New Threat and the National Response On December 21, 1988 a terrorist bomb, concealed in a checked bag unaccompanied by the Libyan agent who planted it, exploded in the cargo hold of Pan Am Flight 103 over Lockerbie, Scotland killing 270 people.55 Shortly after the incident, the Administration's top anti-terrorism official, Paul Bremer, testified that the Pan Am 103 disaster reflected a new trend in aviation terrorism toward sabotage and away from the customary hijacking threat.56 In the words of the textbook, Commercial Aviation Safety, The decade of the 1980s was a disastrous one for aviation. The period confirmed the existence of a dangerous trend toward greater violence against air transportation. Overall, 25 planes were sabotaged by explosives, causing 1,207 casualties as compared to 650 deaths caused by 44 explosions in the 1970s and 286 deaths in the 1960s.57
New Focus on Aviation Security In response, the Administration announced a battery of initiatives to strengthen antiexplosives procedures at facilities considered high-risk, located mostly overseas. The procedures included mandatory x-ray screening of all baggage and a 100 percent passenger/bag match requirement.58 (PLACEHOLDER: GIVE A FEW SENTENCES ON THE PROCEDURES AT FOREIGN AIRPORTS VIZ A VIZ U.S. AIRPORTS. THIS IS IN THE AIR CARRIER STANDARD SECURITY PROGRAM). Four months after the downing of Pan Am 103, Secretary of Transportation Sam Skinner announced the Department's plan to spend over $100 million to purchase equipment specifically designed to detect explosives, unlike the x-ray machines in use at the time.59 (PLACEHOLDER: STILL WORKING ON: List number of Security directives, and rules implemented in 1989-1990; and the general flavor of changes in the ACSSP's to prove explosives detection was the new emphasis). On April 3,1989, Secretary Skinner established the Aviation Security Advisory Committee (ASAC) to be chaired by the FAA Assistant Administrator for Aviation Security. The Committee was composed of government officials (from the federal and state levels) as well as representatives of stakeholders in the aviation system (including airlines, airports, trade groups, aviation employee unions and relevant public interest groups. It was to serve as an advisory body mandated to make recommendations on methods, equipment and procedures to improve civil aviation security.60
DRAFT.
FOR INTERNAL USE ONLY 24
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
President's Commission on Aviation Security and Terrorism
•Q
£ r?
On August 4, 1989 President George Bush signed Executive Order 12686 creating the President's Commission on Aviation Security and Terrorism. The panel, composed primarily of members of Congress, examined the Pan Am 103 disaster and on May 15, I 199Q issued a comprehensive report, including 64 recommendations to improve aviation security.61 The Commission concluded that, "the U.S. civil aviation security system is \y flawed and has failed to provide the proper level of protection for the traveling public."62 In November of 1990, Congress passed the Aviation Security Improvement Act (PL 104604) to implement a number of the Commission's key recommendations. These included the creation of several new aviation security and intelligence billets; mandatory agency reports on aviation threats and system vulnerability; and, new FAA authorities to impose security measures at airports, including flight cancellation.63 (PLACEHOLDER: LEGISLATIVE RECOGNITION OF THE ASAC) Notably the legislation also implemented a key commission recommendation with regard to performance problems with the TNA units sought by Secretary Skinner and the Department of Transportation, requiring that Explosive Detection Systems not be deployed until the Secretary could certify their reliability or otherwise assure they contributed to security.64 Plots and Threats In the period after the implementation of the new aviation security system as prescribed by the Presidential Commission and enacted by Congress, the evidence seemed to suggest that threats to domestic civil aviation had been dealt with effectively, and the remaining risk was primarily overseas. For example, between 1992 and 1996, there were a total of 89 hijacking incidents, of which none either occurred in trie United States or involved a U.S. air carrier. During that same period, two bombings and two attempted bombings of civilian aircraft occurred, once again all overseas and all involving non-U.S. air carriers. However, one of these (the December 1994 bombing of a Philippines Airlines aircraft) later proved to be a test-run of a plot devised by Ramzi Yousef to place explosive devices on twelve U.S.-registered aircraft flying routes in the Western Pacific.65 An accidental fire in a Manila apartment in the early morning hours of January 7,1995 led to a discovery by Filipino police of what appeared to be a "bomb factory," plus a number of documents. At first, suspicion turned to a possible bomb threat against the Pope who was to visit the city two weeks later, but whftn T T g "ffHa1* wp™»•^W** *'", an. FAA security representative recognized a series of numbers on one of the documents as flight codesv which helped lead to the realization that th*» pint farf h*^ tn fa^h foHy* _747s^owned bv United. Delta and Northwest, on flights originating in Manila. Tokyo. Singapore, Bangkok, Taipei and Seoul. A laptop computer in the apartment which
DRAFT
FOR INTERNAL USE ONLY 25
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
contained much of the plot details was subsequently traced to Ramzi Yousef, architect of the 1993 World Trade center bombing. An FAA official, Cal Walbert, was able to figure out the bomb assembly to have been used in the plot, and then "for three weeks, aviation authorities in the United States and \c hectored and cajoled airline officials, demanding that they push their people I to iinprgpedented levels of vigilance and intrusiveness. and industry officials, who could j seldom remember the authorities being so agitated, responded." Ramzi Yousef was "* arrested on February 7,1995 in Islamabad, and after several months had passed without incident, the heightened security measures were eased.66 After the discovery of the Bojinka plot and the linkage of several of the plotters to Osama Bin Laden, FAA intelligence was increasingly concerned about Bin Laden's interest in civil aviation as a target. With Bojinka's mass casualty concept, plus the aviation security system's knowledge (however incomplete) about the presence of radical Islamic fundamentalists within the United States, the head of FAA Intelligence, Patrick McDonnell, thought there was a definite need to tighten domestic, aviatirm gemrity 67 By the mid-1990s, the civil aviation security system in the United States had essentially reached the configuration in place on September 11,2001. While the response, both legislative and administrative, to the Pan Am 103 tragedy had indeed beefed up the FAA's security structure and authorities, and had produced some impetus for deployment of more advanced explosive detection technology, the overall U.S. civil aviation security structure where the FAA set and enforced standards while the aviation industry implemented them.
TWA 800 (1996): Events, Threats and Response On the night of July 17,1996, TWA flight 800, which had departed from New York's JFK International Airport bound for Paris, France, crashed into the Atlantic Ocean near East Moriches, NY killing all 230 individuals on board. Though terrorism was initially suspected, the National Transportation Safety Board (NTSB) later determined that the probable cause was an accidental explosion of a fuel tank.68 The Gore Commission final report described the changing threat to civil aviation in this time period as follows:
i - - •'- . -J l^jcuv -"-^M C/xJuJ^ • * ' L
ws-^i
v
The Federal Bureau of Investigation, the Central Intelligence Agency, and other intelligence agencies have been warning that the threat of terrorism has been changing in two important ways. First, it is no longer just an overseas threat from foreign terrorists... The second change is that in addition to well-known, established terrorist groups, it is becoming more common to find terrorists working alone or in ad-hoc groups, some of which are not afraid to die in carrying outtheirjjesigns.69
Notwithstanding the NTSB's findings it was clear even before the downing of TWA 800 ~) that the United States was facing a new, more dangerous, threat environment as DRAFT.
FOR INTERNAL USE ONLY 26
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
illustrated by the 1993 bombing of the World Trade Center in New York, by radical Islamic fundamentalists. A New Domestic Aviation Security "Baseline" Aviation authorities were not ignorant of this new threat. In response to a perceived increase in the domestic threat, in thejast half of 1 995. DOT Secretary Pena asked FAA to require airports and air carriers within the United States tn i measures. "In part because of disruptions in airline and airport operations caused by contingency plan-based security measure adjustments,"71 in July of 1996 FAA's Aviation Security Advisory Committee jcreated a Baseline Working Group (BWG), composed of federal officials, representatives of the aviation industry and public interest groups. The BWG's charge was to "review the threat assessment of foreign terrorism within the United States, consider the warning and interdiction capabilities of intelligence and law enforcement, examine the vulnerabilities of the domestic civil aviation system (in particular checked baggage and checkpoint screening), and consider the consequences of a successful attack." The goal was "to strengthen the domestic aviation security "baseline" to a level commensurate with the new threat environment."72 In December 1996 the BWG issued its Domestic Security Baseline Final Report, which called for "effectiveness," rather than cost or expediency to be the primary determining factor in establishing a baseline for security. This new system was to be built in to the standard security programs for airlines and airports, thus making it both more enforceable from the FAA's standpoint and more predictable from the aviation industry's vantage as compared to security measures based on temporary Security Directives or Information Circulars.73 ,, .•„,The BWG also recommended an end to "unfunded federal mandates" on the various components of the civil aviation security system by providing "a Congressional appropriation from the General Fund" to meet "the full cost of implementing and maintaining an improved domestic security baseline."74 Finally, it called for a series of measures to rapidly improve the security system, via the timely deployment of available technologies (including liquid explosives scanning devices and trace portals for the larger airports), and "institutional and procedural changes" in the system (including expansion of the Federal Security Manager program, designation by air carriers and airport operators of a security head "who should be a senior management official" and streamlining the rulemaking process for security). The group estimated the ten-year cost of implementing its recommendations to be $9.9 billion.75 ~ ~The Office of Management and Budget (OMB) strongly objected to the BWG majority on the issues of the source and amount of funding to be provided, and submitted me following statement with respect to these issues: DRAFT
FOR INTERNAL USE ONLY 27
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
OMB staff strongly disagree with these recommendations. They are inconsistent with the current practice of FAA programs, contradicting long-standing government- wide budget policy, and reflect an unrealistic outlook regarding the availability of discretionary funds. JEitst, aviation iyit"tn nsf rs nirjentlv pay for on-going aviation security rrwts These are considered to be costs incurred by the private aviation industry for doing business in modern society... Continuing efforts to balance the budget will significantly limit the amount of General Fund monies available to support this, or other potentially worthy expenditures... Finally, a dedicated funding system for operating costs, if not paid by the users, provides little incentive for cost discipline in the provisions of these services and will result in waste and increased cost to the public.76
Though the BWG had been conceived of as a way to break the usual cycle of aviation security measures being driven solely in response to disasters and emergencies, the Group held its first meeting on the same day that TWA 800 exploded, and its analyses and recommendations served primarily as a basis for the work of the Presidential Commission which was established one month later. White House Commission on Aviation Safety and Security (1997) In response to mounting concerns about the terrorist threat to aviation, as manifested by the Bojinka plot and precipitated by the explosion of TWA Flight 800, on August 22, 1996, President Bill Clinton created the White House Commission on Aviation Safety and Security, chaired by Vice President Gore and commonly referred to as the Gore Commission.77 The Gore Commission's rn2sLaignifipant s**m"ty rp™m inflations, issnH in February 1997, were^ directed at dealing with the bomb threat. These included: 1) Immediate deployment of explosives detection technology to the airports for baggage screening. 2) Partial implementation of full bag-passenger match on domestic flights. (This measure, which had previously been applied overseas, was explicitly linked to the need to determine the presence of explosives in checked baggage. Under it, a checked bag was not to be loaded onto an aircraft until it could be matched to a boarded passenger.) 3) Additional deployment of canine explosives-sniffing teams. (There were 87 such teams deployed in 1996, not all of which met the same performance standards.) 4) Establishment of automated profiting- Lo identify pa^ngers-s^wko-mfirit additional M , attention." (The Commission specifically endorsed the automated profiling $ ^ I lx d-Jv-- ^ \m then "under development by the FAA and Northwest Airlines," which subsequently became known as the Computer Assisted Passenger Prescreening System, or CAPPS.) 5) Federal certification of screening companies and minimum training requirements for screeners. i J) 6) Elevation of aviation security to a national security issue which should entail t "substantial" federal funding, defining this to be approximately $100 million a l year for capital improvements to achieve the Commission's objectives.78 DRAFT.
FOR INTERNAL USE ONLY 28
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
Implementation In the period between 1996 and the end of 2000, the FAA had moved administratively to implement, or to begin implementation of, each of these major items and many of the remaining Gore Commission security recommendations.79 However, the lack of more specific requirements and deadlines made it difficult to gauge actual implementation. Commissioner Victoria Cummock, whose husband had been lost on Pan Am 103, dissented from the final report. She wrote: Sadly, the overall emphasis of the recommendations reflects a clear commitment to the enhancement of aviation at the expense of the Commission's mandate of enhancing aviation safety and security (emphasis in original)... In summary, our final report contains no specific call to action, no commitments to address aviation safety and security systemwide by mandating the deployment of current technology, with actionable timetables and budgets.8081
For example, rulemaking on screener company certification, which officially began on January 1,2000, was still not completed as of September 10,2001 (in spite of the statutory requirements outlined below).82 The Congress generally responded affirmatively to the Gore Commission's, and the Clinton Administration's, calls for increased funding and tightened regulations for aviation security. Passage of the Federal Aviation Reauthorization Act of 1996 followed in the immediate aftermath of the Gore Commission recommendations. Among the Act's key elements were provisions to: ,, -v, • • • • • •
Direct FAA to certify screening companies and improve training and testing of security screeners Require criminal history background checks for baggage and passenger screeners Encourage FAA to facilitate the interim deployment of available explosive detection equipment Encourage FAA, the Department of Transportation, the intelligence community and law enforcement agencies to assist air carriers in developing passenger profiling programs Direct FAA and the FBI to conduct joint threat and vulnerability assessments at least once every three years at airports determined to be high risk Require airports and air carriers to conduct periodic security system vulnerability assessments, and the FAA to periodically audit such assessments as well as to conduct periodic and unannounced inspections of airport and air carrier security systems83
Three years later Congress adopted the Airport Security Improvement Act signed into law on November 22,2000. Its major provisions included: • • • •
Specifying that criminal background checks be done for airport security applicants Directing FAA to issue the final rule on the certification of screening companies by May 31,2001 Establishing new minimum standards for the training of security screeners Requiring FAA to work with airport operators and air carriers to improve airport access controls by January 31,2001
DRAFT
FOR INTERNAL USE ONLY 29
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
Directing FAA to require augmenting the Computer Assisted Passenger Prescreening System by randomly selecting additional checked baps for screening, and directing the FAA to maximize the use of explosive detection equipment in this process8^
New Threat, Same System While recognizing that "the terrorist threat is changing and growing," the Gore Commission generally ratified the existing system of shared and complementary responsibilities in civil aviation security and concluded that "because of its extensive interactions with airlines and airports, the FAA is the appropriate agency" to implement and oversee aviation security. It sought to make improvements by creating "a new partnership" between government and industry "that will marshal resources more effectively, and focus all parties on achieving the ultimate goal: enhancing the security of air travel for Americans." 5 While Congress appeared to begin to take some tentative steps to re-evaluate and revise the civil aviation security system, it too essentially accepted the basic, long-standing elements of that system. Though the Federal Aviation Reauthorization Act of 1996 formally removed the "dual mandate" by explicitly making safety and security the FAA's highest priority, the Joint Explanatory Statement of the congressional conference committee that drafted the final bill made stated: The managers do not intend for enactment of this provision to require any changes in the FAA's current organization or functions. Instead, the provision is intended to address any public perceptions that might exist that the promotion of air commerce by the FAA could create a conflict with its safety regulatory mandate.86
r
A written question submitted by the Majority staff of the Senate Commerce Committee at the 1997 confirmation hearing of Jane Garvey to be FAA Administrator asked for her comment about the continuing need to balance the missions of "promoting commercial aviation as well as aviation safety," even after enactment of the 1996 change in the FAA's mission statement which formally dropped the promotion mandate. Ms. Garvey replied, "The FAA's mission is aviation safety. However, this mission can only be achieved in partnership with industry."87 sThe Gore Commission Report, its recommendations and the implementing legislation constituted the last thrust of aviation security reform prior to the events of September 11th. The security policies and procedures that were in place as of 2000 were essentially the same ones that operated on the morning of September 11,2001.
DRAFT.
FOR INTERNAL USE ONLY 30
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
Institutions of Civil Aviation Security on September 11. 2001 The institutions of the civil aviation system responsible for establishing and implementing aviation security policies and procedures, the culture of these organizations and their methods of operating were also well established and can shed light on the quality of the system in place on 9-11. Shared Responsibilities By 1974, the main structure of the civil aviation security system that was in place on September 11,2001 had been established. It provided for a set of shared and "complementary" responsibilities, divided among Congress, the FAA, the airlines and airport authorities. The FAA was responsible for setting minimum-security requirements governing airports as defined in (14 CFR Part 108) and air carriers (14 CFR 107) with the power to enforce the standards through inspections, fines and the power to revoke operational certificates. Air Carriers were responsible for screening passengers, baggage and cargo; protecting aircraft from unauthorized access; and for training personnel in emergency procedures and tactics. The details of how they were to conduct those functions were spelled out in the Air Carrier Standard Security Program. The Airports were responsible for providing law enforcement and facility security, including the control of access to Air Operations Areas (AOA), access control and law enforcement.88 The details of how they were to conduct those functions were spelled out x (/J/-o ' * in the FAA approved Airport Standard Security Program. The Intelligence Community was responsible for identifying threats to national security and sharing relevant information with the Department of Transportation and the FAA. Congress was responsible for making aviation security law imbedded primarily in Title 49 of the United States Code, and for performing its oversight function of the implementation of those laws. It was also responsible for funding and financing the federal components of the aviation security system. The civil aviation security system overseen by the FAA on September 11, 2001 was in keeping with the system that had evolved over the previous 75 years hi attempting to reconcile the sometimes-conflicting goals of economic promotion and security enhancement.
o
Exacerbated by the de-regulation of the airline industry in the 1970s, which increased the stakes and the adversarial nature of the regulatory process, the FAA security rulemaking process, which bore the primary responsibility for creating and implementing the system in place on 9/11/01, was slow and reactive. Furthermore, the dispersed system of
DRAFT
FOR INTERNAL USE ONLY 31
DRAFT
& **£
DRAFT
FOR INTERNAL USE ONLY
DRAFT
responsibilities for civil aviation security created multiple opportunities for delaying the regulatory process and avoiding accountability. The implications of the division of responsibilities for civil aviation security were discussed in the 2001 textbook, Commercial Aviation Safety: Although the organizational changes that have been mandated in recent years have improved the situation, they remain inadequate to preclude future tragedies because the ( H~ basic features of the aviation security system remain unchanged. Of fundamental ^r^1 importance is the continuing division of responsibility among the many agencies and levels of government.89
I^ cx •
Civil Aviation Security Culture and Issues The Gore Commission had generally ratified the existing system of shared and complementary responsibilities in civil aviation security with the FAA the appropriate lead federal agency. It sought to build and improve on the existing partnership in order to "marshal resources more effectively, and focus all parties on achieving the ultimate goal: enhancing the security of air travel for Americans." The Commission's Final Report stated: Americans should not have to choose between enhanced security and affordable air travel. Both goals are achievable if the federal government, airlines, airports, aviation employees, local law enforcement agencies, and passengers work together to achieve them.90
In his book, After: How America Confronted the September 12 Era, Stephen Brill wrote about some of the consequences of the partnership: For years, the airlines - an industry whose product is regulated from Washington like almost no other - and the FAA have had a mutual support relationship.' Their personnel regularly switched sides, going from the agency to one of the airlines' large Washington lobbying offices and back again... (T)hey thought of themselves more as partners than .-»-—•<~ \~~\s^*-a adversaries, which had its positive side in the sense that overbearing regulators could -V-^3" easily strangle an industry like this. So, the airlines rarely complained publicly about the •> ' ,—^^^) FAA, and the FAA didn't hassle the airlines about issues like security. __
A second attribute of the pre-9/11 aviation security system in the United States was the different approaches it took toward safety and security. Aviation safety, which refers to counter-measures related to accidents, is based on quantifiable assessments of accident probabilities derived from a wealth of data built up over many years within civil aviation itself. Aviation security, which encompasses protective efforts against hostile or malicious acts involves the vagaries of human behavior and intentions and "is much more difficult to measure because it depends on our estimate of the threat of a hostile act."92 And such a threat estimate would typically come from "outside" the world of civil aviation (i.e. the intelligence community).
DRAFT
FOR INTERNAL USE ONLY 32
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
The National Research Council (NRC) has contrasted aviation safety, where "one agency (the FAA) has a dominant role in ensuring safety through multiple, coordinated means." With respect to aviation security "tactics and techniques emerged piecemeal, in reaction to a series of individual security failures." The NRC concluded, "Given the outstanding performance of the aviation safety system, it is notable that aviation security... was not handled in a similarly holistic fashion."93 Indeed, while safety was built-in to the basic operation of the civil aviation system from the outset (with the 1926 Air Commerce Act "passed at the urging of the aviation industry, whose leaders believed the airplane could not reach its full commercial potential without federal action to improve and maintain safety standards"94), security was generally regarded as a "disruption" to the regular operation of civil aviation. (PLACEHOLDER: WE NEED A CITATION FOR THIS LAST POINT) In an August 16,2001 speech at an Air Line Pilots Association Safety Forum, President Carol Hallett of the airline industry's trade association remarked that by the 1930s, "safety truly became an integral part of aviation. It was woven into every aspect of our industry - from design to operations, from maintenance to marketing. Safety became a discipline and a cornerstone of our operations."95 In contrast, security - other than internal security directed at such criminal acts as fraud or theft - was a relatively recent addition to airline concerns.
o
Cathal "Irish" Flynn, head of the FAA's security division from 1993 through early 2001, told the Commission that, perhaps because of the sanitized nature of the threat information they received and especially because of the fact that the last hijacking of a U.S. airliner had been back in 1991, the airline leadership did not take the need for increased security seriously and resisted "expensive" counter-measures. Admiral Flynn recounted a 1994 meeting when the CEO of a major U.S. airline told him to "give us a reason to increase security and we will." Flynn further observed that the airlines were generally more receptive to requests for increased security measures overseas than in the United States because that is where they perceived the threat to be and it would be less expensive to implement96 Former Djsputy Secretary^ ofState_and terrorism expert Larry Johnson commented hi a 1996 television appearance I call (airline) security directors the Rodney Dangerfields of their industry. They get no respect because when they walk through the door to the chief executive and say we need to spend money on this system, they're not seen as bringing value to the bottom line; they're seen as causing a cost. And I know of several instances in which the airlines have resisted changes to increase security not because they're not in favor of security, but in their judgment, they don't think there's a threat there, and they don't feel it's warranted to spend the money.97
o
The general pre-9/11 security philosophy of the third major part of the civil aviation security partnership, the airport operators (which could just as correctly be applied to the other components of the security system), was summed up in the 1999 Civil A viation Security Reference Handbook prepared by the FAA. DRAFT
FOR INTERNAL USE ONLY 33
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
Under normal airport operations, security is maintained at a level commensurate with the perceived threat and the need to facilitate the movement of people, cargo, machines, vehicles and aircraft on the airport. The existing approach to airport security is for airport operators to maintain a level of security consistent with the assessed threat and to rely on well-developed and sound contingency plans to upgrade security quickly in response to intelligence information or emergency situating _Thig minimizes the disruption of airport operations, but to be effective, it is essential that airport operators, air carriers, and other airport tenants be capable of reacting immediately and in concert to a higher level of security, based on an integrated and well-understood contingency plan.98
Another aspect of the civil aviation security system has been its reactive nature. In his book Aviation Insecurity, author Andrew Thomas observed: A long-standing criticism of aviation security policy in the United States is that the last major attack on the system tends to drive the implementation of new security measures. The view holds that we are continually fighting the last war and allowing the perpetrators of violence to educate us about the vulnerabilities of the system. Throughout the thirtyyear history of aviation security, almost all of the substantive improvements have come in direct response to a particular incident.99
It was similarly described by another aviation analyst. The FAA has frequently been criticized for its bureaucratic tendency toward relative complacency until a tragedy occurs...Extensive media coverage and outraged citizens bring pressures to bear on Congress and the administration, who respond with new laws, regulations, studies and plans. For its part, FAA often responds by rushing various technologies, systems, and procedures into operation without always giving due consideration to their utility, costs, and efficiency.100
These observations were reiterated by the report of the White House Commission on Aviation Safety and Security created hi response to the Pan Am Flight 103/Lockerbie disaster that found: "the Federal Aviation Administration to be a reactive agency preoccupied with responses to events to the exclusion of adequate contingency planning— in anticipation of future threats."101 •— This reactive nature was, in part, reinforced by financially challenged air carriers demanding that new security rules have some basis in the precedent of an actual event, or a very specific threat. Writing for the airline industry, the Ah- Transport Association (ATA) submitted to the FAA its view that before imposing new security rules, such as the requirement to conduct a criminal background check on all airport and ah* carrier employees, the FAA should establish, "What terrorist incidents would have been prevented had the proposed rule been in effect?"102 In another comment on a proposed rule, this tune on revision of the Ah- Carrier Standard Security Program (ACSSP), ATA wrote to the FAA that, "We have always subscribed to threat based security measures based on specific information from the U.S. government. When FAA promulgates requirements which serve no substantive security value and are DRAFT-
FOR INTERNAL USE ONLY 34
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
not based on specific threat information," ATA would raise concerns on behalf of the airlines.103 Although the occurrence of a major event would move the system to take action, aviation security author Brian Jenkins noted in 1996 that "security authorities almost invariably failed to foresee the terrorists' adoption of attacking aviation."104
Federal Aviation Administration FAA's responsibilities and authorities with respect to civil aviation security were set forth in Title 49 of the United States Code vesting the FAA Administrator with the following charge: Protection Against Violence and Piracy—The Administrator shall prescribe regulations to protect passengers and property on an aircraft operating in air transportation or intrastate air transportation against an act of criminal violence or aircraft piracy.105
This mandate included a battery of specific civil aviation security tasks set forth primarily in Title 49 of the United States Code, Chapter 449: • • • • • • • •
Coordinating and inspecting security arrangements at large airports Requiring airports to provide a secure operating environment, consisting of the airport perimeter and aircraft operations area Establishing basic security standards for airports, supplemented by an airport-drafted and FAAapproved Airport Security Program for each airport Establishing minimum security standards for the airlines, supplemented by the airline-drafted and / FAA-approved Air Carrier Standard Security Program ^j Developing training courses for civil aviation security employees Requiring criminal history background checks for individuals employed in, or applying for, positions which have unescorted access to commercial aircraft or secured areas of U.S. airports. Overseeing research and development of aviation security devices and technologies. Analyzing intelligence information to discern threats to civil aviation; sharing such threat ^j information with the airports and air carriers as appropriate; and ordering emergency measures to / counter such threats.l06 1
In carrying out its safety and security responsibilities authorized under Section 40101 Title 49, Chapter 449 of the United States Code, FAA was to consider a number of factors "as being in the public interest," including "(1) assigning, maintaining, and enhancing safety and security as the highest priorities in air commerce. (2) regulating air commerce in a way that best promotes safety and fulfills national defense requirements. (3) encouraging and developing civil aeronautics, including new aviation technology."107 Rulemaking For many years leading up to 9/11/01, administrative procedure rules and agency practices required that FAA rulemaking to "protect passengers and property" undergo numerous and repetitive development and approval steps internally, within the Department of Transportation as well as the Executive Office of the President (Office of DRAFT
FOR INTERNAL USE ONLY 35
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
Management and Budget). This process included application of a cost/benefit analysis as well as the opportunity for in-depth public comment. The rulemaking process for FAA aviation standards included a total of 217 steps, though some of these could be skipped under certain circumstances. 108
Author Steven Brill reported his findings on the rulemaking process with respect to the status of knives at airport screening checkpoints.
ijjje \-**~£ V, Me(^ ^- k^ • <^\.~*~^-:>
As with all FAA regulatory work,...the FAA would negotiate with the airlines pushing back on anything that cost them money or their passengers time. Although no one will -now admit it in so many words, according to records in the archives of the FAA. that in fartis^vhat had resulted in the rule that razors or knives with blades of four and a half inches or less be allowed in carry-on baggage. The airlines feared that a complete ban on knives or razors would require them to hire more screeners while further inconveniencing and delaying passengers. 109 no
In addition to concerns about the timeliness and accountability of FAA rulemaking, 111 the partial de-regulation of U.S. civil aviation in the 1970s had significant consequences within that process, as described in a 2001 textbook on aviation safety and security. Over the past two decades, vigorous industry economic competition has made rulemaking a distinctly adversarial process. Carriers, labor groups, aircraft manufacturers and general aviation supporters carefully scrutinize every proposed safety regulation and question its efficacy and impact on costs. Often such activities, in concert with administrative policies and bureaucratic labyrinths, have effectively blocked safety regulations for years.112
FAA Enforcement The primary means of enforcing compliance with FAA security standards by the aviation industry was the issuance of fines, but there were significant limitations in the use of this tool, as explained to the Commission in a May 23,2003 public hearing. According to Michael Canavan, who was the FAA's security chief on September 11,2001:
f
There was a certain level of fining for different offenses. And after a while the airlines accumulated a lot of- huge amounts of money, and then the lawyers would get a hold of it, between the airlines and the Department of Transportation, and they would figure out some compromise. The thing that they never wanted was for you to go public and say Airline X has been fined X number of dollars because of A, B and C. That was the biggest hammer you had. So a lot of this would get negotiated out.113 I U
Former DOT Inspector General Mary Schiavo testified at that same hearing that her investigations had disclosed that the enforcement fines levied by the FAA on industry were typically reduced to "about 10 cents on the dollar."1 116 Another potential enforcement method was the certification process. To gain initial certification under the Federal Aviation Act, an airline must have demonstrated that it was willing and able to comply with the FAA's minimum DRAFT
FOR INTERNAL USE ONLY 36
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
standards and regulations. Furthermore, the certificate holder had to demonstrate continuing compliance and failure to do so would subject the violator to FAA inspection that could lead to amendment, modification, suspension or even revocation of the certificate. However, de-certification for security failures was never sought and rarely even threatened by the FAA. 118
FAA Security Organization The mantle of organizational leadership at the FAA is vested in an Administrator and Deputy Administrator ultimately responsible for decision making at the agency. In addition, the agency maintained an organizational structure dedicated solely to aviation security overseen by an Associate Administrator of Civil Aviation Security. This function was augmented by a special Office of Intelligence and Security located in the Office of the Secretary of Transportation. The key security positions, many of which had been originally authorized by the Aviation Security Act of 1990 (PL 101-604) were as follows: Office of Intelligence and Security Director of Intelligence and Security (DIS) was placed within the Office of the Secretary of Transportation, and reported directly to the Secretary of Transportation. The Directors responsibilities included: • • •
To receive, assess, and distribute intelligence information related to long-term transportation security To develop plans for dealing with threats to transportation security; and To serve as the Secretary's primary liaison to the intelligence and law enforcement communities. ,-. .
The Director of the Office of Security and Intelligence maintained a staff comprised of approximately 16 staff, including a liaison from the Central Intelligence^Agency. The Director of the Office on September 11,2001 advised the Commission that while his office had no operational role, he perceived his mission as being to "oversee overall transportation security, and serve as an advocate for security within the transportation industry."119 7 (The office was divided into three divisions each with its own manager and staff. • •
•
Transportation Division, included three staff, one who whom specialized in aviation was responsible for (PLACEHOLDER). Intelligence Division, staffed by two analysts—one from the Defense Intelligence Agency and one from the U.S. Coast Guard was responsible for (PLACEHOLDER); Cyber-security division, with two staff responsible for (PLACEHOLDER).
O DRAFT
FOR INTERNAL USE ONLY 37
DRAFT
VX- —n
r\
DRAFT
FOR INTERNAL USE ONLY
DRAFT
Although the office did not have a 24-hour watch, a former Director of the office informed the commission that the office maintained a direct line to the CIA's Counter Terrorism Center (CTC) and the National Security Agency.120 FAA Office of Civil Aviation Security Associate Administrator for Civil Aviation Security (ACS) headed the FAA's Office of Civil Aviation Security (CAS), which had been created in 1962 and was originally designed to deal with traditional crimes. The Associate Administrator's mission was to: (1) manage and provide operational guidance to FAA field security personnel; (2) enforce security-related requirements; (3) identify the research and development requirements of security-related activities; (4) inspect security systems; (5) report relevant information to the Director of Intelligence and Security; and (6) assess threats to civil aviation. Federal Security Managers (FSM) were appointed by the FAA at any U.S. airport where "necessary for air transportation security," including all major airports. They reported directly to the Associate Administrator for CAS, and were to: (1) assist in development of a comprehensive security plan for the airport; (2) oversee and enforce the carrying out by air carriers and airport operators of FAA security requirements; (3) coordinate FAA's response to terrorist incidents and threats at the airport; and (4) coordinate government aviation security activities at the airport and with local law enforcement. Foreign Security Liaison Officers (by September 11,2001 referred to as Civil Aviation Security Officers or CASLOs) were designated by the FAA, in coordination with the Secretary of State, at certain higher risk foreign airports. They reported directly to the Associate Administrator for CAS, • • • •
Transnational Terrorism Unit, Intelligence Operations Division (which operated a 24-hour intelligence watch on time sensitive intelligence related to aviation security), Strategic Analysis Division (which was responsible for long-term analysis), and the Sensitive Activities and Law Enforcement Support Division.122 "^
DRAFT
FOR INTERNAL USE ONLY 38
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
Office of Civil Aviation Security Operations (AGO), which was charged with implementation of civil aviation security measures including those designed to combat hijackings and sabotage. The office's components included: •
The Federal Air Marshal (FAM) Program responsible for the recruiting, training and deploying law enforcement officers to serve as a protection force on U.S. flagged aircraft.
•
International Operations Division responsible for assessing and enforcing compliance with security regulations and policies by foreign airports and air carriers serving the United States overseas.
•
Airports Operations Division responsible for assessing and enforcing compliance with security regulations and policies at U.S. airports.
•
Air Carrier Operations Division responsible for assessing and enforcing compliance with security regulations and policies at U.S. airports.
•
Investigations Division (PLACEHOLDER FOR DESCRIPTION OF ACTIVITIES— SUPERVISED BACKGROUND CHECKS)
•
Internal Security Division (PLACEHOLDER FOR DESCRIPTION OF ACTIVITIES)
•
Standards and Evaluation Division responsible for handling all external inspection testing, the K-9 Explosives Detection Program, and crisis management for headquarters and regional offices)
•
Information Systems Security Division (PLACEHOLDER FOR DESCRIPTION OF ACTIVITIES)
•
Dangerous Goods/Cargo Security Division. 123 (PLACEHOLDER FOR DESCRIPTION OF ACTIVITIES)
Office of Civil Aviation Security Policy and Planning (ACP) responsible for developing, reviewing and revising rules, regulations and policies concerning domestic and foreign air carrier and airport security. It's components included: •
Civil Aviation Security Division, responsible for developing policies and proposed legislation bearing on civil aviation security.
•
Security Division, responsible for developing and coordinating plans for FAA personnel and facilities security.
•
Technology Integration Division, responsible for establishing aviation security research and development requirements.124
DRAFT
FOR INTERNAL USE ONLY 39
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
Principal Security Inspectors (PSI) - FAA personnel assigned a PSI to each foreign and domestic air carrier required to adopt an FAA-approved security program. The PSI served as the liaison between the FAA and the air carrier and was responsible for approving and issuing amendments to the carrier's standard security program, providing guidance to the carrier with respect to regulatory actions, and approving and monitoring the carrier's security training programs.1 5 Field Elements - Each of the nine FAA Regional Offices housed a Civil Aviation Security Division headed by a Regional Security Division Manager who reported to and received direction from the Director of Operations in the FAA's Washington DC Headquarters. Civil Aviation Security Field Offices (CASFO) were responsible for carrying out FAA's security mission in a defined geographic area and were headed by a Manager who reported to the appropriate Regional Security Division Manager. Civil Aviation Security Field Units (CASFU) were smaller units usually assigned to focus on a particular airport and reported to CASFO's.126 Special Assessment Program — Additionally, a key component of the aviation security system in place on September 11,2001 was the "Special Assessments Team" also known as the "Red Team," which was created after the bombing of Pan Am Flight 103 in 1988. The main mission of the Red Team "was to conduct covert security penetration testing for the purpose of identifying both localized and systemic vulnerabilities and to help strengthen FAA's regulatory inspection capabilities."127 It was housed within the Special Activities Staff in the Office of the Associate Administrator for Civil Aviation Security.128 FAA Civil Aviation Security Budget and Manpower Its changing staffing and budgetary levels illustrate the evolving, and generally increasing, role of the FAA's security component. The Office of Civil Aviation Security had grown from a staff of 379 in FY 1986 to 852 in FY 1992 (in the wake of Pan Am 103), dropping off somewhat to a low of 743 in FY 1995, and then steadily rising after Bojinka and TWA 800 to a level of 1182 by FY 1999. Its budget rose from just under $40 million in FY 1986 to just under $300 million in FY 1999.129 (PLACEHOLDER FOR ADDITIONAL INFORMATION/ANALYSIS ON BUDGETING AND STAFFING) FAA Culture and Issues The institutional outlook and attitudes of the FAA with respect to security were heavily influenced by the fact that the FAA, and its predecessors, were tasked from the beginning with what has come to be called the "dual mandate" of both regulating and promoting civil aviation. Furthermore, this divided focus had implications for the agency's ability to carry out its security mission. From the Aeronautic Branch of the Department of DRAFT.
FOR INTERNAL USE ONLY 40
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
Commerce created by the Air Commerce Act of 1926 with responsibility for "fostering air commerce, issuing and enforcing air traffic rules, licensing pilots, certificating aircraft, establishing airways, and operating and maintaining aids to air navigation,"13 to its ultimate successor, the Federal Aviation Administration (FAA), the U.S. Government's lead civil aviation agency was confronted with what aviation security author Andrew Thomas called "two competing and divergent goals. How can it nurture both market forces and public safety at the same time? A formidable, if not almost impossible, task, to be sure."131 Thus, under this "dual mandate" the Federal Aviation Act of 1958, which created the FAA, described the FAA's security role as "to establish security provisions which will encourage and permit the maximum use of the navigable airspace by civil aircraft consistent with the national security."132 Former Department of Transportation Inspector General Mary Schiavo wrote in her 1997 book, Flying Blind, Flying Safe, The FAA's dual mission did not leap out at anyone in 1958 - or in most of the years following - as a glaring paradox. In those days, aviation was heavily regulated. The government controlled prices, routes, even the purchase of airplanes. The aviation industry thrived under the care and nurturing of the government. The government and the military were intrinsic to the development of aviation; the same people guided and assisted aviation on both sides. The aviation industry urged Congress to pass the very legislation that created the FAA. The FAA's mandate was essentially a national industrial policy designed to foster commercial aviation.133
As was customary in the civil aviation regulatory system, the impetus for a change in the dual mandate came in reaction to a disaster. In this case, it was the May 1 996 explosion of a ValuJet DC-9 over the Everglades. When the NTSB investigation revealed safety lapses by the FAA, the air carrier, and one of the carrier's contractors to be responsible for the crash, Transportation Secretary Pena announced on July 18, 1996 "that he would urge Congress to make safety FAA's single primary concern."13* -X In introducing legislation to implement the change advocated by Secretary Pena, Senator Olympia Snowe (R-ME) stated, "We cannot expect the FAA to regain the trust of the public while it maintains the mission to both ensure their safety while continuing to promote the growth of the carriers. The current mission of the FAA places it in the untenable position of being both the enforcer and the best friend of the airlines - no one can perform both roles and do them well."135 Though, as noted above, concerns about the appearance of a conflict between FAA's promotional and regulatory roles led Cnngregg tn formallyffliTninatPthf prnmntinn^l
Mandate in 1996,1 the FAA's legal authorities that were still in effect on September 11, 2001 included alTof the following: • •
Under Section 40 1 0 1 of 49 USC 449, the FAA was to consider a number of factors in carrying out its safety and security responsibilities, including "encouraging and developing civil aeronautics." Section 40104 provided that "The administrator of the Federal Aviation Administration shall encourage the development of civil aeronautics and safety of air commerce in and outside the United States."
DRAFT
FOR INTERNAL USE ONLY 41
DRAFT
DRAFT •
FOR INTERNAL USE ONLY
DRAFT
Section 44903 required that, in carrying out its authority to protect passengers "against an act of criminal violence or aircraft piracy," the FAA was to consider whether any proposed regulation was consistent with "protecting passengers; and the public interest in promoting air transportation and intrastate air transportation." Furthermore, "to the maximum extent practicable," the FAA was to "require a uniform procedure for searching and detaining passengers and property to ensure their safety; and courteous and efficient treatment" by the air carrier and any governmental personnel involved in the process.137
Kenneth Mead, who has served as Inspector General at the Department of Transportation since May of 1997, testified to the Commission as to the security implications arising out of FAA's dual role of promoting the industry while at the same time regulating it: Within that (aviation security) model there were strong, very strong, counter pressures to control security costs, because it was a cost center for the airlines, and to also limit the impact of security requirements on aviation operations, so that the industry could concentrate on its primary mission of moving passengers and aircraft. In our opinion, those counter pressures in turn manifested themselves as significant weaknesses in security that we, the GAO, others, including the FAA, found during audits and investigative work.138
~~)
v*-
U.S. Air Carriers (PLACEHOLDER ON A DESCRIPTION/NUMBER OF AIR CARRIERS IN THE U.S. -- FOR PROFIT ENTERPRISES) Federal Aviation Regulation 108139 sets forth the framework for the security responsibilities of commercial air carriers and other aircraft operators. Notably, this regulation was not issued until January of 1981, prior to which air carrier security had been subsumed under the general commercial aviation safety requirements in Part 121. Under the FAR 108 in effect on September 11,2001, airplane operators were to adopt and implement a security program to "provide for the safety of persons and property traveling in air transportation and intrastate air transportation against acts of criminal violence and air piracy." The plan, termed the Air Carrier Standard Security Program (ACSSP), which was subject to the approval of the FAA, had to cover the folio whig: • • • • • • • •
Screening of passengers and baggage Airplane and facilities control Law enforcement coordination X-ray system operations Bomb and air piracy threats Hijacking and sabotage attempts Training of personnel Explosive detection system operations
While a final rule revising the ACSSP was promulgated on July 21,2001 with an effective date of November 14,2001,14° the program in place on 9/11/01 had last been modified on May 31,2000 and its purpose was "to prevent or deter aircraft hijackings, sabotage, and related criminal acts."1 —— . —
DRAFT.
FOR INTERNAL USE ONLY 42
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
Screening. The airlines' screening responsibilities as prescribed in the FAA-approved ACSSP, were "designed to prevent or deter the carriage of any explosive, incendiary, or a deadly or dangerous weapon on a passenger or in their checked or carry-on bags." The program employed x-ray machines, explosives detection equipment and physical searches to carry out this function, with the work itself generally being contracted out by the airline to a private security company. The airline retained the responsibility for overseeing the contractor's compliance with FAA regulations.142 The April 2000 assessment of passenger and baggage screening by Gerald Dillingham of the GAO is representative of independent evaluations of that system's effectiveness right up through September 11,2001. FAA and the airline industry have made little progress in improving the effectiveness of airport checkpoint screeners. Screeners are not adequately detecting dangerous objects and long-standing problems affecting screeners' performance remain, such as the rapid screener turnover and the inattention to screener training. FAA's efforts to address these problems are behind schedule.143
Appendix I of the ACSSP provided FAA's "Deadly or Dangerous Weapons Guidelines" for use in determining what objects should not be allowed to be carried into the cabin of an aircraft. They were to be used by screeners "in making a reasonable determination of what property in the possession of a person should be considered a deadly or dangerous weapon. They are only guidelines, however, and common sense should always prevail." Within the list were the following relevant entries: Knives - Including sabers, swords, hunting knives, souvenir knives, martial arts devices, and such other knives with blades 4 inches long or longer and/or knives considered illegal by local law. —~^ Disabling or Incapacitating Items - All tear gas, mace, and similar chemicals and gases whether in pistol, canister, or other container, and other disabling devices such as electronic stunning/shocking devices. , Other Articles - Such items as ice picks, straight razors, and elongated scissors, even though not commonly thought of as a deadly or dangerous weapon, but could be used as a weapon, including toy or "dummy" weapons or grenades. 5
Specifically on the topic of box cutters, in his testimony to the Commission on behalf of the Air Transport Association (ATA), James May stated: Under pre-9/11 FAA regulations only "knives with blades four inches long or longer and/or considered illegal under local law" were prohibited. Under a non-regulatory Checkpoint Operations Guide, developed by the FAA, the Regional Airline Association and the ATA, with FAA approval interpreting the FAA regulations, box cutting devices were considered a restricted item posing a potential danger. This meant that if such a device was identified, it could be kept off the aircraft. The FAA mandated metaldetection walk-through systems, however, were designed and tested to detect metallic items about the size of a small handgun or larger. The pre-9/11 screening system was not designed to detect or prohibit these types of small items.146147
The Checkpoint Operations Guide (COG) was developed by the Air Transport Association (ATA) and the Regional Airline Association (RAA), with FAA approval, to DRAFT
FOR INTERNAL USE ONLY 43
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
implement the security checkpoint related provisions of the ACSSP. Under the COG in place on September 11,2001 (which had been revised one day earlier), "box cutters" were classified as "Restricted" items that "are not permitted in the passenger cabin of an aircraft. The (checkpoint) supervisor must be notified if an item in this category is encountered. Passengers may be given the option of having these items transported as checked baggage." "Mace" and "pepper spray" were categorized as "Hazardous Materials" and "passengers may not take items in this category on an airplane without the express permission of the airline." "Pocket utility knives (less than 4 inch blade)" were % listed as "approved items." The COG provided no further guidance on how to distinguish ' between "box cutters" and "pocket utility knives."148149 Other Security Responsibilities. While airport authorities had responsibility for most civil aviation access control issues, under FAR 108 and the ACSSP, air carriers were responsible for securing access to their aircraft150 and operations areas.151 In the immediate aftermath of 9/11, DOT Inspector General Kenneth Mead spoke of his office's findings on access control with respect to both airlines and airport operators. Controlling access to secure areas of the airport is critical to protecting the airport's infrastructure and aircraft from unauthorized individuals. During late 1998 and early 1999, we successfully accessed secure areas in 68 percent of our tests at eight major U.S. airports. Once we entered secure areas, we boarded aircraft 117 times. The majority of our aircraft boardings would not have occurred if employees had taken the prescribed steps, such as making sure doors closed behind them.152
The anti-hijacking training for civil aviation aircraft crews in place on September 11, 2001 was based on previous experiences with domestic hijacking, aimed at getting passengers, crew and hijackers safely landed, and offered little guidance for confronting a suicide hijacking.153154 : " *'•"' ; •'""'•
Air carrier responsibilities for security and anti-hijacking training for flight crews were set forth in Section XIII. J of the ACSSP. The program included the following elements: • •
•
8 hours of initial security training for all crew members on aircraft with more than 60-seats, which could be shortened to 4 hours with FAA approval Annual recurrent training of 4 hours for pilots in charge and other crew members on international flights, which could be shortened to 2 hours with FAA approval, and 2 hours for all other crew members An outline of "Inflight Hijacking Tactics" for both the cockpit and cabin crews, which, among other things advised "do not try to overpower hijacker(s), do not negotiate with hijackers, try to land the aircraft, relay specified information to ground about hijackers, and try delaying tactics.',,155
Air Carrier Security Organization The organization of security varied from airline to airline. Typically, though, the security function was handled separately from all other activities, including safety. Whereas the DRAFT.
FOR INTERNAL USE ONLY 44
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
safety function was accorded a "high priority" within the companies because "it is in their business interests" to do so,157 security was not similarly regarded. The security manager often reported to the airline's vice president for operations, since security was seen as having a "substantial impact" on operations, including schedules and passenger processing. The airline security office was generally responsible for interpreting FAA security guidelines, implementing measures to insure compliance with those regulations, conducting internal security audits, representing the carrier in all security-related forums, and handling internal security matters such as theft and fraud.158 There was a general feeling that airline security managers were not highly placed within the corporate decision-making structure. According to Admiral James Underwood, who was Director of Intelligence and Security for the U.S. Department of Transportation from May 2000 until April 2002, prior to the 9/11 hijackings, few security managers were known to their CEOs.159 And, as previously noted, the 1996 Baseline Working Group had specifically called for airports and air carriers to "designate a head of Security who should be a senior management official and shall be responsible for the direction and oversight of all aviation security activities" with the clear implication that this had not generally been the case.160
o
Since the early 1970s the major security role of the airlines had been to conduct preboarding screening of passengers and carry-on baggage, which the carriers had contracted out to private security companies. The carrier was responsible for making sure that these contractors and their employees met all FAA security regulations.161 A Ground Security Coordinator (GSC) was assigned by an airline for each of its flights and was responsible for monitoring all security requirements prior to takeoff, at which point the Pilot in Command (PIC) took over as the in-flight security coordinator.162 Another entity related to the ah" carriers' security operations is the Air Transport Association (ATA), which was founded hi 1936 and remains the sole trade association for the major U.S. airlines. It represents their interests before Congress, federal agencies (including the FAA), and state and local governments. The ATA seeks to coordinate industry and government safety programs, to help standardize industry practices and to enhance the efficiency of the air transportation system.163 Of particular relevance to this report, the ATA took the lead role for the airlines in the FAA rulemaking process, and hi developing - subject to FAA approval -the Checkpoint Operations Guide (COG) for passenger and carry-on baggage screening and the training materials for the "Common Strategy" for dealing in-flight with hijackings./ f ( A&r Carrier Security Spending
O
Information about security-related spending and personnel levels among the airlines has been somewhat difficult to ascertain. An August 2001 memorandum from the ATA hi response to a request from the General Accounting Office (GAO) estimated "costs to the entire industry to implement all federal security requirements and conduct required security programs at $1 billion." However, in communications with the Commission, the DRAFT
FOR INTERNAL USE ONLY 45
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
ATA stressed that this was a "very rough estimate" based on incomplete reporting from the airlines, as well as variations in data, descriptions and components submitted by individual airlines. An annual figure of $300 million for the airlines' estimated, aggregated security screening costs in 2000 was developed pursuant to the airlines' submissions hi response to the requirements of the Aviation Security Infrastructure Fee, 67 Fed. Reg. 7926, of February 20,2002. Subsequent efforts by ATA to "capture and project security costs" were unsuccessful.164 Air Carrier Culture and Issues Unlike the situation in many other countries where civil aviation is run directly or indirectly by national governments, in the United States the air carriers are privatelyowned, for-profit corporations. Their primary obligation to their shareholders was (and is) to maximize the rate of return on investment. Though the major carriers which existed on September 11,2001 (the three largest being Delta with 103 million passengers in 1997, United with 84 million, and American with 81 million)165 had been created in the era of extensive federal regulation of rates and schedules, these too had to compete with the lower-cost airlines which had emerged after the de-regulation of fares and routes in the 1970s. By the beginning,,of the 21st Century, the pressures caused by this competition, combined with other economic factors, had produced a climate in which the airlines were desperately seeking to cut costs. In a March 2003 report on the economic plight of the airline industry, the Air Transport Association (ATA) summed up the industry's outlook prior to the events of September 11,2001: By the spring of 2001, the U.S. airline industry was clearly entering a period of economic turbulence. The slowing economy and the bursting dot-corn bubbles suggested substantially slowed economic growth. Passenger traffic was expected
According to Kevin Murphy, an aviation analyst at Morgan Stanley, the airline industry had not generally earned a rate of return exceeding its capital costs in most of the years following the 1978 de-regulation of civil aviation. Even when the industry achieved its record high profit levels in the late 1990s, its rate of return was no higher than average among all companies on the Standard and Poor's 500 stock index.167 (PLACEHOLDER FOR CULTURAL ISSUES)
DRAFT
FOR INTERNAL USE ONLY 46
DRAFT
FOR INTERNAL USE ONLY
DRAFT
DRAFT
U.S. Airports (PLACEHOLDER FOR DESCRIPTION AND NUMBER OF COMMERCIAL AIRPORTS) Airports in the United States display diversity in both ownership (which can be either private or public) and management (which can be by city, county, state, regional or other specialized airport authorities). Airport operators seek to balance the objectives of producing revenue for the private or public owner, facilitating efficient movement of the traveling public, and fulfilling their security responsibilities.168 Airport security is regulated by Federal Aviation Regulations Part 107 (14 CFR 107),169 which establishes specific requirements for airport security programs, physical security, access control, and law enforcement support for all airports in the United States serving regularly scheduled passenger operations.170 The airport's security program was aimed at providing a secure environment for airplane operations, controlling the movement of people and ground vehicles to, from and within the airport, and preventing unauthorized access to air operations areas. Airport authorities were responsible for securing the airport perimeter, terminals and ramp areas. 171 Airport Security Organization Airport security is generally implemented by special security forces employed by the airport operator to provide physical security at the airport. Law enforcement is provided by the police force of the managing governmental authority (state, local, regional or special).172 As of September 11, 2001,458 U.S. airports were subject to FAA security regulation. These were divided into six categories, based primarily on size and potential threat level, with the largest and most potentially threatened facilities generally subject to greater security requirements.
AIRPORT CATEGORIES173 CATEGORY
o
# AIRPORTS
X
19
I II III
58 52 137
IV
168
V
24
DRAFT
DEFINING CHARACTERISTICS
25 million or more total passengers per year, OR 1 million or more international passengers per year, OR special threat circumstances Between 2 and 25 million passengers Between 500,000 and 2 million passengers Less than 500,000 passengers, but serve aircraft with 61 or more seats Smallest airports that perform screening of passengers, OR serve aircraft with less than 61 seats Do not perform passenger screening, AND serve aircraft between 3 1-60 seats
FOR INTERNAL USE ONLY 47
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
(PLACEHOLDER: ADD ADDITIONAL INFO ON AIRPORT SECURITY MANAGEMENT ORGANIZATION AND AIRPORT SECURITY MANPOWER AND BUDGETING) Airport Security Culture and Issues The most serious problem for airport security, as identified by the FAA's own testing, was access control for secure areas of the airport. From 1993-1999, between 80 and 85 percent of all airport security violations as determined by the FAA were related to this issue.174 Both the General Accounting Office175 and the Department of Transportation Inspector General176 conducted covert testing of airport access controls which demonstrated significant weaknesses in such controls. (PLACEHOLDER FOR ADDITIONAL INFORMATION)
U.S. Intelligence Community The U.S. Intelligence Community's mission is best described by Executive Order 12333 issued by the President of the United States in 1981: The U.S. intelligence effort shall provide the President and the National Security Council with the necessary information on which to base decisions concerning the conduct and development of foreign, defense, and economic policy, and the protection of the United States national interests from foreign security threats. All departments and agencies shall cooperate fully to fulfill this goal.
Intelligence Community Organization
:
v
Prior to September 11,2001, as it is today, the U.S. Intelligence Community was comprised of many agencies of the federal government Key Intelligence Community members included the Central Intelligence Agency (CIA), the Defense Intelligence Agency (DIA), the Federal Bureau of Investigation (FBI), Department of State, and the National Security Agency. Among the Intelligence Community's priority customers was the National Security Council, the President's principal forum for considering national security and foreign policy matters with his senior national security advisors and cabinet officials, and for coordinating these policies among the various government agencies. The FAA was not a member of the Intelligence Community, nor did the FAA's Office of Civil Aviation Security Intelligence (ACI) possess a raw intelligence collection capability. However the FAA was a "customer" of the Community. Beginning in 1986 the office possessed the capacity to receive a continuous stream of intelligence data from the Intelligence Community and analyzed the intelligence to determine its significance to civil aviation security.178 DRAFT
FOR INTERNAL USE ONLY 48
DRAFT
FOR INTERNAL USE ONLY
DRAFT
DRAFT
To enhance the volume and quality of the intelligence data to which the FAA had access, A<"^ established liaison officers with the CIA beginning in 1991 (in the reporting section under the Directorate of Operations), the FBI beginning in 1 996 (in the counter-terrorism unit at FBI headquarters), and with both the State Department and the NSC in the late (PLACEHOLDER: CLARIFY TIMING OF PLACEMENT OF STATE DEPARTMENT LIAISON; WE HAVE CONFLICTING INFORMATION.) ' Beginning in the 1990's the NSC empanelled a Counter Terrorism Sub-Group (CSG), (CHECK) made up of assistant secretary level representatives from key 1C agencies, as well as an Interagency Intelligence Committee on Terrorism (IICT) as a forum to discuss and coordinate issues and national policies regarding the terrorist threat to the United States. Neither the Department of Transportation nor the Federal Aviation Administration was a participating member of the CSG. However, both held membership on the IICT panel.180 (PLACEHOLDER: CLARIFY IF IICT OR IITC.) U.S. Intelligence Community Culture & Issues FAA intelligence officials testified to the Commission that they were "frustrated" by the limited volume and quality of intelligence data to which they had access. In the case of the Central Intelligence Agency, the officials believed that it was due to the agency's desire to protect methods and sources and to compartmentalize sensitive security information based on a "need to know." With respect to the FBI, FAA authorities testified that unlike the CIA the FBI had no "central collection" point for intelligence data to which a liaison could be assigned, and that the FBI's focus was on "criminal investigations," not domestic intelligence. 181 TX ,—Tv
T
•>»£»
U.S. Congress The U.S. Congress' responsibilities with respect to aviation security policy emanated from the lawmaking duties vested to it under Article I of the U.S. Constitution, and its responsibility to oversight implementation of the nation's laws and policies. Additionally Congress was responsible for funding the federal policy making, enforcement and operational responsibilities for civil aviation security. Congressional Organization Prior to September 11,2001 six committees possessed jurisdiction over key aspects of civil aviation security policy and funding. In the U.S. House of Representatives: •
House Committee on Transportation and Infrastructure, including its Subcommittee on Aviation.
DRAFT
FOR INTERNAL USE ONLY 49
DRAFT
DRAFT • •
FOR INTERNAL USE ONLY
DRAFT
House Committee on Appropriations, including its Subcommittee on Transportation. House Committee on Ways and Means.
In the U.S. Senate: •
Senate Committee on Commerce, Science and Transportation, including its Subcommittee on Aviation. • Senate Committee on Appropriations, including its Subcommittee on Transportation. • 'Senate Committee on Finance.
In addition to the legislative and oversight committees of Congress, the General Accounting Office (GAO), an investigative arm of Congress, conducted inquiries and reported upon various issues related to aviation security, issuing comprehensive reports on (PLACEHOLDER: LIST AND DATE).182 While in most cases investigations, audits and reports were produced by GAO at the specific request of Congressional members, particularly committee and subcommittee leadership, in some instances the agency would conduct inquiries at its own discretion. The Congressional Research Service produced informational reports on issues related to aviation security to keep members and Congressional staff up-to-date on key issues related to aviation and aviation security. Aviation Security in the 107th Congress Prior to September 11,2001, the 107th Congress held 25 hearings on aviation issues. None of thfif fhnifi^ nn t1™ fining nf aviation security. The Congressional spotlight on aviation was focused on issues related to air carriers' customer service and the economic 1 ft "5 health and commercial health of civil aviation. The Commission could find only three occasions on which Senators or Members of the House of Representatives cited the topic of aviation security in floor statements during the 107th Congress prior to September 11,2001. Only one bill was introduced on the topic in the same time period. Two of the three floor references and the sole bill introduced pertained to renaming an FAA facility after a former member of the Senate.184 The General Accounting Office issued a single aviation report in 2001 prior to 9/11. A major GAO report on Terrorism (PLACEHOLDER NAME OF REPORT) issued on (PLACEHOLDER INSERT), included a small section on transportation security. The GAO received (Number) of requests for investigations by Member of Congress on the topic.185 (PLACEHOLDER: GAO IS COLLECTING THE INFORMATION) The commission notes that while the aviation funding bill for FY 2002 had not been enacted prior to September 11,2001, Congressional funding for civil aviation security DRAFT-
FOR INTERNAL USE ONLY 50
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
had substantially increased over the preceding five years from $72 million in FY 1997 to $139 million in FY 2001, (though the amounts appropriated in 2000 and 2001 were each approximately $1 million below the president's request).186 The committee report accompanying the Transportation Appropriations bill for FY 2001, approved in the fall of 2000, did express ongoing frustration with the FAA on security matters. The Committee is extremely disappointed over management issues which continue to plague the civil aviation security program. Many of these issues have been unresolved for some time...the Committee has provided substantial budgetary increases for civil aviation security programs over the past few years, and is unsure whether these additional resources are paying off in significantly improved security.187
(PLACEHOLDER: CONGRESSIONAL CULTURE AND ISSUES; PUBLIC OPINION, ATTITUDES, PRIORITIES, ETC.)
Elements of the Aviation Security Security System on September 11.2001 ? Layered System The FAA's general approach to security prior to September 11, 2001 was summarized by the President's Commission on Aviation Security and Terrorism in its May 1990 report on the Pan Am 103 disaster. FAA's approach is based on interrelated security measures which are intentionally redundant. If any one security measure fails, another will support or replace it, according to this theory. For example, fencing and personnel identification systems alone are insufficient for the most sensitive airport areas, but the addition of lighting, law enforcement personnel, and vigilant aviation employees produce a more complete security system.188
On September 11,2001 the Civil Aviation Security System featured seven major layers of defense, including:
Q
• •
Intelligence Collection, Threat Assessment and Response Airport security area enforcement
DRAFT
FOR INTERNAL USE ONLY 51
DRAFT
FOR INTERNAL USE ONLY
DRAFT • • • • •
DRAFT
Passenger prescreening Passenger checkpoint screening for weapons Checked baggage screening for explosives Cargo and mail screening for explosives Aircraft and Onboard security
Intelligence Collection, Threat Assessment and Response Section 11 l(a) of the Aviation Security Improvement Act of 1990 (P.L. 101-604) required "the agencies of the intelligence community [to]... ensure that intelligence reports concerning international terrorism are made available . . . to ... the Department of Transportation and the Federal Aviation Administration." Under interagency memoranda of understanding the agencies of the U.S. intelligence community, including the Federal Bureau of Investigation (FBI), Central Intelligence Agency (CIA), National Security Agency (NSA), Defense Intelligence Agency (DIA); National Reconnaissance Office and the Department of State, among others, were responsible for collecting and analyzing intelligence data bearing on the security of the United States, and for routing pertinent information to FAA's Office of Civil Aviation Security Intelligence (ACI). To assist in coordinating the exchange of information and tasking, the FAA's Office of Civil Aviation Intelligence maintained )iwnn nffirprs with the FRJ I PTA Department and the NSA. The intelligence data provided to the FAA by the Intelligence Community was routed to the Intelligence Office's 24-hour watch, started in 1993, where an analyst would review the material and make a determination on whether to open an Intelligence Case File (ICF). The file would remain open pending the completion of certain follow-up tasks. These tasks were recorded in a log sheet to provide for tracking and supervision. The information received by the watch was rolled-up each day into a Daily Intelligence jjnrnrpary (Dig). Among those who received the DIS was the Associate Administrator of Civil Aviation Security and the FAA Administrator, as well as the Director of Security and Intelligence who would use the material to produce a more comprehensive security briefing for the Secretary of Transportation. If an analyst received information indicating a specific and credible threat, he or she, after consultation with the supervisor, would notify the air carrier of the threat directly. If the threat required the implementation of extraordinary counter-measures, the analyst, after consultation with the supervisor, would notify the Office of Civil Aviation S^^^ty ^ Operations.^ A(JU could thenrecommend that the Associate Administrative of Civil / AviatiorTSecurity issue a Security Directive to the industry legally requiring that particular counter measures be implemented.189
DRAFT-
FOR INTERNAL USE ONLY ( —V
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
Two other ACI products were used to alert the industry and government authorities to aviation security issues. Information Circulars were issued by ACI to inform airports and air carriers of security threats that were more general in nature. Often these were threats rand security trends that FAA believed did not require the imposition of specific ^extraordinary procedures. ACI also published Tnfplligpnpp Notes as a forum for expounding on security issues such as terrorist methods of operation. Predominantly ~These products were intended to help support regulatory and policy decision-making. 19° FAA Intelligence analysis was also used to establish the appropriate Aviation Security Alert level declared by the FAA. F.ach alert Wei was calibrated to a discrete set of security measures that the FAA required of airports and air carriers. The various alert levels represented the level of threat perceived by the FAA based on incidents and f intelligence estimates. (See additional information below.)191 CifCpPS Although the Office of Intelligence did not have investigative powers, if ACI deemed that certain intelligence information required some investigative follow-up, such follow-up would have to be conducted by the Federal Bureau of Investigation. Federal law also vested the FAA Administrator with the authority to cancel any flight for security purposes at his or her discretion.192 However, the Commission is not aware of any occasion on which that authority has been invoked. The Administrator and top officials were kept apprised of intelligence through a daily intelligence summary produced by the Office of Civil Aviation Security Intelligence. The summary was distributed to the Administrator of Civil Aviation Security; the FAA administrator and Deputy Administrator and Director of Security and Intelligence attached to the Office of the Secretary of Transportation.193 (PLACEHOLDER: JOINT VULNERABILITY ASSESSMENTS)"
Secure Area Designation and Enforcement Federal regulations and both the Airport and Air Carrier Standard Security Programs imposed responsibilities for designating and enforcing the integrity of secure areas necessary to protect aircraft and air operation areas from access by unauthorized personnel. FAA rules set forth the approved means of protecting secure areas, including control technologies such as keypad locks on access points, and completion of a background check and the issuance of credentials to personnel authorized to access sensitive areas. (PLACEHOLDER FOR DETAILED BACKGROUND CHECK DESCRIPTION) Air Carriers were responsible for controlling access to each of their "air operations areas," including their aircraft, baggage rooms, baggage transfer areas, and other nonpublic areas, as well as for training their employees hi proper access control procedures,
DRAFT
FOR INTERNAL USE ONLY 53
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
including the display of Secure Identification Display Area (SIDA) credentials, and the required challenge of individuals not properly displaying the appropriate credentials. Airports were responsible for identifying and controlling access to non-public areas Airports are required to provide law enforcement personnel to assure that access controls were properly protected, and to respond in the event that controls are breached by unauthorized individuals.194 (PLACEHOLDER FOR GREATER DETAIL ON THIS LAYER)
Passenger Pre-Screening The next vector of defense, passenger prescreening, was comprised of two main elements to help keep dangerous people and/or their weapons off of commercial aircraft. The first pre-screening element was the FAA listing of individuals known to pose a threat to commercial aviation. Based on information provided by the Intelligence Community, the FAA was authorized to issue directives to air carriers requiring them to prohibit listed individuals from boarding aircraft or, in designated cases, to assure that the passenger received enhanced screening before enplaning. The second element of prescreening was a program to identify those passengers on each flight who may pose more than a "minimal threat" to aviation. In 1998, the FAA issued a directive requiring air carriers to implement an FAA-approved computer-assisted passenger prescreening program (CAPPS) designed to identify the pool of passengers most likely to contain a terrorist. The program employed a customized, FAA-approved algorithm of "factors" and "weights," derived from each passenger's ticket purchase, passport and frequent flyer data, excluding the individual's race, creed, religion or national origin, to identify "selectees." ' The algorithm calculated a score based on the factors and weights to identify those deemed to be more than "minimal threat" to the aircraft and a grouping of other passengers chosen at random to be a "selectees." The air carrier was responsible for screening each selectee's checked baggage for explosives using an FAA approved method including an approved Explosive Detection System designed to detect explosives concealed in a bag; a trace detection system designed to identify the residue of explosives on the outside of the bag; examination by a bomb-sniffing canine; or physical search, "Selectees" were not required to undergo any additional screening of their person or carry-on baggage at the checkpoint.195 The automated system replaced a manual system under which airline personnel applied FAA approved criteria to determine which passengers would be "selectees" and as such were required to receive additional checkpoint scrutiny of their person and carry-on_ DRAFT.
FOR INTERNAL USE ONLY 54
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
belongings. Automation was considered to be fairer and more reliable than the manual system. It is worth noting that the issue of CAPPS was highly contentious at the time the developing program was considered by the Gore Commission, and has continued to be so to the present day. Gore Commission member and terrorism expert Brian Jenkins highlighted the key concerns in a 1999 article. Americans would prefer their security to be democratic and passive; that is, equally applied to everyone, and reactive only to behavior indicating criminal intent - such as attempting to smuggle a gun on board - rather than attempting to identify in advance the most likely smuggler. Criteria based on ethnic identity, national origin, gender, and religion are all out of bounds to civil libertarians. Nor should profiling provide airlines with access to personal information about travelers, including their criminal record if they have one. Arab-Americans, who have been subject to suspicion and in some cases mistreatment following terrorist incidents that were correctly or incorrectly blamed on Middle Eastern groups, have expressed particular concern.
While endorsing the "manual and automated profiling systems, such as the one under development by the FAA and Northwest Airlines," the latter of which became the CAPPS program, the Commission adopted a lengthy "augmenting recommendation" with respect to the subject. The Commission strongly believes the civil liberties that are so fundamentally American should not, and need not, be compromised by a profiling system. The Commission recommends the following safeguards: 1) no profile should contain or be based on material of a constitutionally suspect nature; 2) factors to be considered for elements of the profile should be based on measurable, verifiable data indicating that the factors chosen are reasonable predictors of risk; 3) passengers should be informed of airline security procedures and of their right to avoid any search of their person or luggage by electing not to board the aircraft; 4) searches arising from the use of an automated profiling system should be no more intrusive than search procedures that could be applied to all passengers; 5) neither the airlines nor the government should maintain permanent databases on selectees; 6) periodic independent reviews of profiling procedures should be made; 7) the Commission reiterates that profiling should last only until Explosive Detection Systems are reliable and fully deployed; and 8) the Commission urges that these elements be embodied in FAA standards that must be strictly observed.
Checkpoint Screening for Weapons Perceived by the FAA, the aviation industry and passengers as the most obvious and vital element of aviation security, federal rules required air carriers "to conduct screening., .to prevent or deter the carriage aboard airplanes of any explosive, incendiary, or a deadly or dangerous weapon on or about each individual's person or accessible property, and the carriage of any explosive or incendiary in check baggage." 198 Federal Aviation Regulation 108 and the Air Carrier Standard Security Program Air Carriers specified the means by which air carriers, or their designees, were to screen passengers and their carryon belongings.
DRAFT
FOR INTERNAL USE ONLY 55
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
Passengers were screened by government certified metal detectors operated and maintained according to FAA rules and calibrated to detect guns and large knives. Knives fewer than four inches in length were not prohibited primarily because FAA did not consider such items to be "menacing" and most state and local laws permitted them to be carried in a concealed fashion. Carry-on items were screened by government certified xray machines capable of detecting the shapes of items possessing a particular level of density. In most instances, screening operations were conducted by companies under contract with the responsible air carrier. Under the same regulation air carriers were required to screen carry-on baggage using FAA approved x-ray equipment to identify weapons and other prohibited items such as flammables, incendiaries, and prohibit them from being carried onto the aircraft. (PLACEHOLDER: CLARIFY HERE THE DISTINCTION BETWEEN FAR, ACSSP AND GOC STANDARDS) (PLACEHOLDER ON CONTRACTING PRACTICES) FAA rules also required screening personnel to have completed 15 hours of training, and the checkpoint screening of passengers and carry-on baggage was designed to prevent passengers from carrying onboard weapons with a metal content equal to or hi excess of a small handgun.199
Checked Baggage Screening for Explosives Air Carriers were responsible for screening the checked baggage of "selectees" for explosives using certified Explosives Detection System (EDS) equipment or a "suitable" alternative, in accordance with an FAA approved Air Carrier Standard Security Plan.200 Alternatives include trace detection screening, K-9 screening or physical search. In the absence of this capability, the air carrier was permitted to practice Positive Passenger Bag Match to assure that no bag was loaded into the hold without its owner on board the aircraft, under the presumption that a bomber would not commit suicide (PLACEHOLDER FOR MORE DETAILED EXPLANATION)
Cargo and Mail Screening Air Carriers were responsible for categorizing cargo between known and unknown shippers, and subjected the cargo to various tiers of inspection in accordance with an FAA approved Air Carrier Standard Security Program. (PLACEHOLDER FOR MORE DETAILED EXPLANATION)
Aircraft and On-Board Security
DRAFT.
FOR INTERNAL USE ONLY 56
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
Air Carriers were responsible for guarding and inspecting their aircraft; and for training aircrew on security procedures, in accordance with an FAA approved Air Carrier Standard Security Program.202 Federal Air Marshals The FAA was responsible for operating a Federal Air Marshal program placing armed and trained security officers on certain high-risk flights.203 204 (NOTE: DISCUSSION OF NUMBERS WILL HAVE TO BE IN A CLASSIFIED ANNEX.) Cockpit Doors In 1964 the FAA implemented a rule requiring the "closing and locking of crew compartment doors of scheduled air carriers and other large commercial aircraft in flight to deter passengers from entering the flight deck either intentionally or inadvertently."205 (PLACEHOLDER: ADD MFR INFORMATION) In-Jlight Emergency Response The Air Carrier Standard Security Program required air carriers to provide training to flight and cabin crews on how to handle security contingencies such as hijacking. James May, Executive Director of the ATA, described the industry's view of the FAA's hijacking policy as follows: In the event of a hijacking, the FAA's policy was one of cooperation: flight crew and cabin crew were to be trained not to overpower the hijacker, and cabin crew were to assure hijackers that crew would cooperate with their demands.206
The training of flight crew required by. the ACSSP consisted of (QUOTE ACSSP). Among the materials approved for this training was a video titled "The Common Strategy." (PLACEHOLDER: ADD ADDITIONAL DETAILS ON "COMMON STRATEGY," INCLUDING QUOTES ON THEORY BEHIND APPROACH)
Aviation Security Alert Levels Intelligence estimates were used to establish the alert level at which the FAA expected civil aviation security system to operate. Both the Air Carrier Standard Security Program and the Airport Operator Security Program contained an "Aviation Security Contingency Plan," which outlined specific threat levels and the accompanying required countermeasures "to ensure that the FAA, airport operators, and air carriers are able to respond on short notice to all civil aviation threats."207 Aviation Security Contingency Plan (AVSEC Plan)208 DRAFT
FOR INTERNAL USE ONLY 57
DRAFT
DRAFT
DRAFT
FOR INTERNAL USE ONLY
AVSEC ALERT LEVEL
AIRPORT OPERATOR MEASURES
AIR CARRIER MEASURES
Level I: Political tensions may provoke elements hostile to the U.S. to initiate demonstrations and/or low level attacks against symbols of the U.S.; or there is reason to believe that civil unrest could increase the risk to civil aviation
Inform airport, air carrier, and airport tenant management with an operational need to know of the increased threat and corresponding alert level.
Inform its employees working at the affected airport(s) who have an operational need to know of the increased threat and corresponding alert level.
Review and ensure adequacy of personnel and vehicle ID issuance and control procedures.
Review and test its contingency and emergency communications procedures.
Review and test its contingency and emergency communications procedures.
Establish liaison with each airport it serves to coordinate measures that may be necessary if the alert level increases. Deploy personnel to provide increased surveillance and prevent unauthorized access to checked baggage in baggage make-up areas.
Level II: Information suggests that groups previously known to attack civil aviation may be preparing actions against symbols of the U.S.; or civil disturbances with the potential to affect civil aviation are likely
Deployuniformed security patrols or law enforcement officers (LEOs) at airports to provide surveillance, act as a deterrent, and respond as necessary to security related incidents. Develop and implement a schedule for increasing the frequency of inspections in passenger terminals (both sterile and non-sterile public areas)
Search for weapons and explosives all vehicles left unattended outside of areas controlled under FAR 107.14 and used to transport passengers from a terminal building to a departing aircraft.
Discontinue service to and secure lockers located in non-sterile public areas of passenger terminals. Increase the number and frequency of random identification checks on the AOA and at controlled access points to the secured area. Advise Explosive Ordinance Disposal (EOD), tactical, and/or -9 units of the increased threat. Arrange for and deploy plainclothes security personnel or LEOs for surveillance in terminals and other locations as appropriate.
Level III: Information indicates a terrorist group or other hostile entity with a known capability of attacking civil aviation is likely to carry out attacks against U.S. targets; or civil disturbances with a direct impact on civil aviation icre available, request EOD have begun or are imminent 'and tactical teams to respond and/or utilize explosives detection measures such as K-9
DRAFT-
FOR INTERNAL USE ONLY 58
Apply the Contingency Passenger Profile Criteria, issued by the FAA, to all originating passengers and those passengers transferring from air carriers not subject to this requirement. The FAA will determine the profile criteria when it receives threat information, and the air carrier will take the following
DRAFT
DRAFT
AVSEC ALERT LEVEL
DRAFT
FOR INTERNAL USE ONLY AIRPORT OPERATOR MEASURES
AIR CARRIER MEASURES
or electronic sniffers.
countermeasures in conjunction with this requirement.
Post signs at each ticket counter and screening checkpoint or make routine public announcements that emphasize the need for all passengers to closely control baggage and packages to avoid transporting items without their knowledge.
PJmicallv search or screen. with_ an approved device specifically_ identified in the security directive, the carry-on property of those identified as selectees. and_ hand wand or pat down that person. Inspect by x-ray, physically search, or screen with an approved EDS or other appropriate device the checked property of selectees. Remove batteries from all electrical and electronic devices in the checked baggage of selectees, and place batteries separate from the devices except where the air carrier screens the baggage with an EDS or other approved device.
Level IV: Information confirms that terrorist organizations with demonstrated capability are planning an attack against U.S. civil aviation; or, in the estimation of the Asst. Administrator for CAS, the highest level of security possible is required to protect U.S. air travelers
Deploy uniformed security patrols or LEOs at airports to provide surveillance, act as a deterrent, and respond as necessary in monitoring vehicle traffic flow to the terminal areas. Reduce the number of operational access points to assist law enforcement personnel or security patrol personnel in monitoring individuals gaining access to sterile areas, restricted areas, AOA, or SID A of an airport. Increase random ID checks in the SIDA by security personnel, airport operations personnel, or LEO patrol.
DRAFT
FOR INTERNAL USE ONLY 59
Do not transport checked baggage of a selectee unless that person are aboard the same flight or a verifiable tracking system establishes the unaccompanied baggage is a result of circumstances beyond the selectee's control Discontinue curbside check-in. Screen the checked and carry-on baggage of all passengers by a physical searcl^of^-ray inspection, or by screening with an approved EDS or other device specifically identified in the security directive. Physically search, inspect by xray, inspect with FAA approved and USAF certified explosives detection K-9, or screen with an EDS or other approved device all cargo other than items from a known shipper. Either ensure that originating
DRAFT
DRAFT AVSEC ALERT LEVEL
FOR INTERNAL USE ONLY AIRPORT OPERATOR MEASURES
DRAFT AIR CARRIER MEASURES passenger checked baggage is not transported unless the passenger is aboard the same aircraft or screen all checked baggage with an EDS or other approved device. Search all service personnel and equipment permitted aboard the airplane, other than the carrier's direct employees).
SPECIAL CATEGORY: Countermeasures would require high operational and economic burdens on airports and air carriers, and FAA would consider limiting to specific threats, airports or flights.
Reduce restricted area access points to an operational minimum in coordination with air carriers and airport tenants. Limit individual access by time and date when appropriate. Remove any unattended, unauthorized vehicles parked within 300 feet of a terminal building where passengers load or unload, or where curbside checkin takes place.
Hand wand all personnel and passengers immediately before entering the aircraft (for international points only). Apply the Contingency Passenger Profile criteria issues by the FAA, using interview techniques, to each passenger. The FAA will develop a profile criteria, if possible, after it receives threat information. Physically search, inspect by xray, inspect with FAA approved and USAF certified explosives detection K-9, or screen with an EDS or other approved device all cargo (for cargo specific threats only). Inspect by x-ray, or screen with an EDS or other approved device, or physically search all small package shipments. For cargo received from new shippers, either apply FAA profiling criteria (with physical search of selectee shipments), screen with EDS or other approved device, or (for cargospecific threats) reject such shipments. Reject all cargo shipments, with limited exceptions (for cargospecific threats). Inspect mail parcels over 16 ounces by x-ray, or an EDS or other approved device unless screened by USPS.
DRAFT-
FOR INTERNAL USE ONLY 60
DRAFT
DRAFT AVSEC ALERT LEVEL
FOR INTERNAL USE ONLY AIRPORT OPERATOR MEASURES
DRAFT AIR CARRIER MEASURES Restrict access to boarding areas to ticketed passengers.
Weaknesses in the System (PENDING DECISION ON WHETHER TO TREAT THIS SECTION MORE EXHAUSTIVELY OR PUT INTO "DISCUSSION" SECTION FOLLOWING NARRATIVE PART II) While the aviation security system was intended to be a multi-layered, integrated system of protection, each of the layers had significant flaws that were recognized to varying degrees by Congress, the FAA and the industry. Intelligence: Although FAA's Office of Intelligence maintained liaisons with the FBI, CIA and Department of State, the agency unsuccessfully sought access th greater 1 of raw data from the Intelligence community and perceived a "blind intelligence that FAA officials attributed to the FBI's focus on criminal investigations rather than intelligence gathering. (PLACEHOLDER TO CONFIRM EITHER ADDITIONAL ANECDOTATEVIDENCE OR DOCUMENTARY EVIDENCE TO BE SURE THIS STATEMENT IS TRUE. MAY MOVE THIS TREATMENT TO THE "DISCUSSION SECTION" AFTER THE 9-11 NARRATIVE; PLACEHOLDER FOR OUR ANALYSIS OF THE ICF'S TO BEAR OUT THE PAUCITY OF DOMESTIC INFORMATION—AGAIN MAY RESERVE THIS TREATMENT FOR THE DISCUSSION SECTION) > ; Computer pre-screening was an inexact science that identified many individuals who posed no particular threat to aviation as "selectees" and operated without empirical evidence that it captured all of those who were. While the system was designed, hi part, using hijacker profiles, it was targeted only at those who checked bags, and the consequences of "selection" were limited to screening the selectees' baggage for explosives. This reflected FAA's view that non-suicide bombing was the most substantial risk to domestic aircraft and a confidence that the combination of checkpoint screening and on-board emergency procedures were sufficient to counter a moribund hijacking threat.
u
Checkpoint screening was the primary bulwark of the aviation security system. By 2001, however, any confidence that checkpoint screening was operating sufficiently was belied by numerous (PLACE HOLDER: ASCERTAINING AN EXACT NUMBER OF REPORTS) publicized studies by the General Accounting Office209 and the Department of Transportation's Office of Inspector General210 which over the previous twenty years had documented systemic and chronic weaknesses in the systems deployed to screen passengers and baggage for weapons or bombs. DRAFT
FOR INTERNAL USE ONLY 61
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
The poor performance of checkpoint screening operations was discerned using FAA tests designed only to evaluate the system's ability to detect prescribed "test items" used by government auditors. The test protocols did not reflect the wide range of prohibited weapons that the metal detectors and x-ray equipment in place were operationally incapable of detecting nor did it account for the weapons and operational tactics that a committed terrorist would most likely employ. Aircraft protection and emergency procedures were the final layer of protection in the concentric layers of aviation security. (SSI) By 2001, however, the Federal Air Marshal program had declined to a small fraction of its strength in the 1970's, and marshals were deployed only on high risk international flights. The domestic program withered because of the system's confidence in checkpoint screening, the absence of hijacking events and the cost of the program. Federal aviation regulations required that aircrew be trained in the tactics to address inflight emergencies including a hijacking protocol based on cooperation. Years of experience in dealing with "traditional," non-suicide hijacking in which the plane was commandeered either to provide transportation or to use for bargaining purposes resulted in a philosophy of appeasement and negotiation. Pilots and flight attendants were trained to refrain from any attempt to overpower hijackers.211 Aviation security commentator John Nance described the hijacking protocol as follows: To the extent that the politically-motivated hijacking was even considered, it was lumped with all the other whose perpetrators had not suicial intent, and thus could arguably be talked into a safe and non-lethal surrender, given enough time and aircrew patience.212
THE WORLD OF SEPTEMBER 11™ A great challenge in doing a post-mortem on a catastrophic and transformational event like the terrorist attacks of September 11,2001 is to try to recapture the reality of that time for the people who lived it, including those in policy-making positions. Hindsight usually confers not only enhanced understanding of the rush of past events, but, almost inevitably in the case of an occurrence like 9/11, provides a dramatically altered perspective. If we want to answer fully the question about the failure of the civil aviation system on that day, we have to try to recall "the world of September 11th." The then-Administrator of the FAA, Jane Garvey, testified on this point to the Commission.
DRAFT-
FOR INTERNAL USE ONLY 62
DRAFT
DRAFT
FOR INTERNAL USE ONLY
,^f
DRAFT
On September 10th, we were not a nation at war. On Septern1>£r 10th, we were a nation bedeviled by delays, concerned about congestion, and patienMo keep moving. On September 10th, aviation security was responsive to the_assessed threat based on information from intelligence and law enforcement agencies... And on September 10th, based on intelligence reporting, we saw explosive devices on aircraft as the most dangerous threat. We were also concerned about what we now think of as traditional hijacking, in which the hijacker seizes control of the aircraft for transportation, or in which passengers are held as hostages to further some political agenda.213
Aviation Priorities In the lead-up to September 11,2001, the aviation security system had been enjoying a period of relative peace. While there was an acknowledgement of a changing and continuing potential terrorist threat to civil aviation, those who looked at civil aviation security prior to September 11, 2001 could observe that there had not been a hijacking or bombing of a U.S. air carrier since 1991. Writing in 1999, aviation security expert and former Gore Commission member Brian Jenkins observed, Commercial aviation has long been a favorite target of terrorists, who have viewed airliners as nationally-labeled containers of hostages in the case of hijackers, or victims in the case of sabotage. This set off a deadly contest between terrorists and security which has continued for the past 30 years with security gradually gaining. In the early 1970s, more than 30 percent of international terrorist attacks were targeted against commercial aviation; it is less than 10 percent today.214
0
On September 11, 2001, most participants and expert observers of the aviation security system noted that: a) security for civil aviation in the United States is a daunting challenge under any circumstances;215 b) airline travel had been and continued to be a very safe mode of transportation,216 and c) there are other competing and compelling interests that necessarily have been, and should be, taken into account in the making of aviation security policy. ; v On this last point, terrorism expert and Gore Commission member Brian Jenkins detailed some of the factors that serve as "obstacles" to the implementation of aviation security measures, and that "may be inevitable in a democratic process:" Lack of consensus on the threat the highly competitive airline industry's resistance to spending money or increasing charges to passengers, effective lobbying at the White House and in Congress, efforts to achieve a balanced federal budget, a slow, often cumbersome rule-making process, and fleeting focus as other issues commanded immediate attention.217
Demand for air service was robust and beginning to outpace the capacity of the system. Heeding calls for improved service and increased capacity, Congress focused its legislative and oversight attention on measures to improve the capacity, efficiency and customer service of the aviation system, including a "passenger bill of rights" mainly to assure a more convenient and comfortable passenger experience.218
DRAFT
FOR INTERNAL USE ONLY 63
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
The FAA, as well, was centered on customer service, capacity and economic issues. Security efforts were focused on efforts to implement a three-year old mandate to deploy explosives detection equipment at all major airports and on attempts to complete a nearly three year rulemaking effort to mandate certification of checkpoint screening companies, increase screener training and impose stricter background checks on screeners and airport employees.219 Meanwhile, profit-challenged air carriers, feeling the effects of deregulated competition, increased fuel costs, and constrained spending by business travelers remained focused on their tenuous financial position, and responding to the public demand for improved customer service.
Perceived Aviation Security Threat On the national security front, the aviation security community perceived a heightened level of threat domestically. A security directive issued by the FAA in 1998 described the FAA's analysis of the threat: In recent years, the Unite4 States has become a more attractive target for terrorist attacks... the threat posed by foreign terrorists in the United States has increased, and the FAA believes that the threat will continue for the foreseeable future. ..Of specific concern are individuals, groups and states hostile to the United States which continue to threaten violence against America and American citizens in retaliation for U.S. policies. Iranian backed groups, such as Hizbollah, have supporters inside the United States who could be used to support an act of terrorism here. Hizbollah is known for its suicide attacks in Lebanon, and for some of the most sophisticated attacks against civil aviation in history. In addition a variety of other transnational radical Islamic terrorist groups have a presence in the United States. Among those are loosely affiliated extremists who operate outside the tight structures, centralized manner of traditional groups.. .The amorphous, ad hoc nature of these elements poses a new challenge to law enforcement in identifying, prediction, and interdicting their activities. The individuals responsible" for the bombing of the World Trade Center and those of convicted of the plan to attack several U.S. Air Carriers in East Asia in early 1995 are examples of the threat posed by loosely-affiliated terrorists. .Civil aviation has been a prominent target for these and other transnational terrorists. In the past several years, information has been received that individuals in the United States associated with loosely-affiliated extremists have discussed targeting commercial aircraft and civil aviation facilities T.nngply-affiliateH extremists have also shown a particular interest in media reporting regarding airline and airport security. Civil aviation is not the only possible target for terrorists operating in the United States and it may not even be the most likely one, but it remains a current target in the terrorist inventory... as such a terrorist attack in the United States could occur with little or no warning.
Ironically, this language accompanied an FAA Security Directive that, in part, implemented the automated pre-screening system (CAPPS I) which lowered the level of personal and carry-onscregning that "pre-screening selectees" were required to receive.
A
DRAFT
FOR INTERNAL USE ONLY 64
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
In this context, the FAA was aware of the increased chatter being picked up by U.S. intelligence agencies and the community's growing nervousness during the summer of 2001 that terrorist attacks were in the offing. The conviction of Ahmed Ressam for a plot to bomb the Los Angeles International Airport during the millennium and of the 1998 U.S. embassy bombings in Africa, heightened fears that Islamic radicals would seek retribution against U.S. targets. g iimr" pr i gnH '"^"ifri, °irir* (???) the domestic aviation system was operatingfiTSecuritvAlert Level III. jThis level indicated. . . .and required. . .(PLACEHOLDER: ADD AVSEC INFORMATION.)
While security analysts at FAA saw an increasing terrorist threat to U.S. civil aviation, the nature of that threat was considered to be against U.S. carriers operating overseas. To the extent that a domestic U.S. threat was perceived, it was considered to be most likely in the form of a non-suicide bombing.
o
Though civil aviation security authorities at the FAA received a steady stream of data from the intelligence community throughout the year leading up to September 11, 2001, an in-depth study of the FAA's Intelligence Case^Files, Intelligence Notes, security briefing documents, and supporting files, as well as interviews with key FAA intelligence and civil aviation security officials produced no documentation or other evidence tn .«aiggest that the FA A possessed intelligent prior tr> gpptftmlvr 1 1 J 7001 tW q plot tr> hijack commercial aviation and use them as weapons of mass destruction was in the offing. Nevertheless, the possibility of a suicide hijacking occurring in the United States was at least considered within the realm of possibility by civil aviation security authorities. Prior to September 11, 2001, the FAA produced a CD- ROM presentation for air carrier and airport authorities describing the increased threat to civil aviation. The presentation cited the possibility of suicide hijacking but stated "fortunately, we have no indication that any group is currently thinking in that direction." 221 Moreover the FAA was aware of previous threats to conduct suicide hijacking or use aircraft as a weapon of mass destruction both domestically and overseas. Numerous FAA documents, including agency account* published in th? FHml PLggiBt°r, wurity directives to air carriers and airports, and intelligence filpg pmrlnrpH hy th>. Office of Civil Aviation Intelligence clearly expryssf* tv»» F A A »g terrorist groups were active in the United States and maintained a historic interest in targeting aviation. In addition, FAA security authorities were aware of Usama Bin Laden's declaration of war against the United States in 1996 and 1998 and understood that this threat could have ramifications for civil aviation security.
DRAFT
FOR INTERNAL USE ONLY 65
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
As of September 11, 2001 eight FAA security directives, requiring air carriers and airports to take specific safety precautions, were in effect (seven were issued during the course of 2001 and one dated back to 2000). None specifically referenced the Al Qaeda organization, the 9-11 hijackers, or a threat to hijack a plane and use it as a guided missile. A Security Directive issued April 24,2000 did issue an alert regarding Al Qaeda operatives including Khalid Shaikh Mohammed, (who the FBI identifies as the main planner of the 9/11 attack) and five other individuals associated with Ramzi Ahmed Yousef and the 1995 Bojinka plot. (PLACEHOLDER: CHECK TO SEE IF LIST INCLUDED Al QAEDA MEMBERS; SEE WHAT WAS BEHIND THE MARCH 22 SD).222 FAA issued another SD on August 28,2001 Security Directive warning airports and air carriers about nine individuals who should receive extra security screening^ including physical search. At least six of the nine carried Pakistani passports. (PLACEHOLDER: SEE WHAT WAS BEHIND THIS SD AND 223 IF THE PEOPLE ARE KNOWN AL QAEDA).~~ Thirty-three FAA Information Circulars (IC's) alerting air carriers and airports to aviation security concerns had been issued dating back to 1993 and remained in effect as 224 of September 11, 2001.""
/ •)
Among the eight IC's issued in 2001 was a July 31 circular alerting the aviation community to "reports of possible near-term terrorist operations.,..particularly on the Arabian Peninsula and/or Israel." The circular stated that the FAA had no credible evidence of specific plans to attack U.S. civil aviation interests, "Nevertheless, some of the currently active groups are known to plan and train for hijackings and have the capability to construct sophisticated FED's concealed inside luggage and consumerproducts. The FAA encourages all U.S. Carriers to exercise prudence and demonstrate a high degree of aler Interviews with air carrier officials indicated that... (PLACEHOLDER: PENDING INTERVIEWS WITH AIRLINES; HOW DID THEY RESPOND TO THIS CALL TO BE PRUDENT AND ALERT) While the 1C seemed to focus attention on an overseas attack, the FAA issued a Security Directive on July 27.2001 cautioning the aviation community about the use of fake credentials to penetrate secure areas at facilities overseas. The Directive stated, "...one can be certain that terrorists who might be contemplating an attack against civil aviation in thrUSted States have taken note of the attractiveness of this modus operandi."226 Of theJC's issued in 2000 that were still in effect on September 11,2001, six raised warnings associated with the activities and threats of Usama Bin Laden. (PLACEHOLDER: PENDING LOOK AT THE DAILY INTELL SUMMARY AND SOME OF THE RAW DATA RECEIVED BY ACI; SEE WHAT PROMPTED THE JULY 311C AND WHAT CREDIBLE MEANS AND WHY THE FOCUS ON THE ARABIAN PENINSULA; SEE WHAT ATA; AAL; UAL
DRAFT.
FOR INTERNAL USE ONLY 66
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
DID TO EXERCISE PRUDENCE AND DEMONSTRATE A HIGH DEGREE OF ALERTNESS) Intelligence was the first line of defense against terrorist attack upon aviation, and the FAA perceived significant shortcomings in the intelligence system even before September 11th. The head of FAA's civil aviation intelligence office and other commission interviewees described frustration with the level of access to intelligence information produced by the Intelligence Community, particularly the CIA and the FBI, and with the dearth of intelligence on the domestic threat.227 One FAA official testified to the Commission that a "blind spot" in domestic intelligence was the result of the FBI's focus on criminal investigations rather than intelligence gathering. The interviewee stated that the FAA's complaint to the Intelligence Community was that "you can tell us what's happening on a street in Kabul, but you can't tell us what's going on in Atlanta." FAA officials cited efforts to obtain greater levels of intelligence from the Intelligence Community, including an offer to provide additional analysts in exchange for greater access to raw intelligence, were rebuffed by senior leadership at the CIA. In the absence of intelligence to uncover and interdict a terrorist plot in the planning stages or prior to the perpetrator gaming access to the aircraft, it would be up to the other layers of aviation security to counter the threat.
Prescreening
'
The first layer in this process was the CAPPS I program or the computer-assisted passenger pre-screening program. Prior to 1998 the pre-screening system was implemented manually by air carrier counter personnel who applied criteria approved by the FAA to identify individuals who may pose more than a "minimal risk" to the aircraft. The criteria did not include an individual's race, creed, religion or national origin. Those who met the criteria referred to as "selectees" were subject to additional security screening of their person, carry-on items and checked baggage. FAA automated the selection system with CAPS beginning in 1998. Under this program an algorithm of factors and weights was used to assign a score that would identify "selectees." This was perceived as fairer and more accurate than manual determinations.
! )
While the profile characteristics used by the computerized algorithm were based on both a hijacker and bomber profile, th<» FA A issnt-iH p nite stipulating that only peopje checking bags could be designated as "selectees" and that the consequences of tn "selection" would nf th<> individual's checked baggage for explosives. This reflected FAA's view that non-suicide bombing was the most substantial risk to domestic aircraft and a confidence that the combination of checkpoint FOR INTERNAL USE ONLY 67
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
screening and on-board emergency procedures were sufficient to counter the hijacking threat.22f Checkpoint screening In fact, the commission received testimony that one of the primary reasons that the consequences for "selection" were restricted, was the perception that checkpoint screening was being effective, and that the FAA did not want screening personnel to focus on "selectees" at the expense of examining passengers who were not selected by CAPPS.229 As of 2001 any confidence that checkpoint screening was operating sufficiently was belied by numerous publicized studies by the General Accounting Office230 and the Department of Transportation's Office of Inspector General231 which over the previous twenty years had documented systemic and chronic weaknesses in the systems deployed to screen passengers and baggage for weapons or bombs. FAA regulations required certified air carriers "to conduct screening...to prevent or deter the carriage aboard airplanes.of any explosive, incendiary, or a deadly or dangerous weapon on or about each individual's person or accessible property, and the carriage of any explosive or incendiary in check baggage."232 The screening systems were designed to detect firearms and large knives. Knives fewer than four inches in length were not prohibited. Even the FAA's own testing of the system demonstrated consistently poor rates of identifying weapons and other prohibited items by checkpoint screerters. Many of the government reports cited low pay, insufficient training and high-turnover rates that reached nearly 400% among screeners at the nation's airports.23:3 The poor performance of checkpoint screening operations was discerned through tests designed only to evaluate the system's ability to detect certain test items used by government auditors. The tests did not reflect the range of weapons that the equipment in place was simply unable to detect nor the tactics that a committed terrorist would most likely employ. In its final rulemaking action of July 17,2001, which aimed at updating the basic security requirements for airlines and airports, the FAA itself noted that, "publicity about problems with U.S. domestic civil aviation security measures increases the potential for attack here."234 Despite the shortcomings in the system, the fact that neither a hijacking nor a bombing had occurred domestically in quite sometime was perceived by many within the system as confirmation that it was working.235 This in part explains the view of the Department of Transportation's chief of intelligence and security who testified to the commission that "we thought we'd won" the battle against hijacking.236
DRAFT
FOR INTERNAL USE ONLY 68
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
Accordingly, most of the FAA's emphasis and resources were focused on the continuing effort to deploy explosives detection systems to screen checked bags, and where such equipment was unavailable to assure that no bags were loaded on an aircraft without a corresponding passenger on board. The practice of "Positive Passenger Bag Match" or PPBM was designed to stop a non-suicide bomber from introducing an explosive into the aircraft. Aircraft Protection Under the "layered" approach to aviation security, should a terrorist or criminal successfully defeat checkpoint screening, the back-up line of defense was on-board protection of the aircraft. Predominantly this vector included a Federal Air Marshal program that placed trained law enforcement personnel aboard U.S. flagged aircraft, and aircrew procedures for addressing in-flight emergencies. By 2001 the Federal Air Marshal program had declined to a small fraction of its strength in the 1970's, and marshals were deployed only to international flights.237 Flight crews were required to receive training in an FAA-approved "common strategy" for addressing in-flight emergencies including hijacking. Years of experience in dealing with "traditional," non-suicide hijacking in which the plane was commandeered for transportation or negotiation, produced procedures that included explicitly training flight crews to refrain from any attempt to overpower hijackers.238 1 •*'
Aviation security commentator John Nance described the hijacking protocol as follows: To the extent that the politically-motivated hijacking was even considered, it was lumped with all the other whose perpetrators had not suicidal intent, and thus could arguably be talked into a safe and non-lethal surrender, given enough time and aircrew patience.239
While flight standard rules implemented in the 1960's required that air crew keep the cockpit door closed and locked in-flight. This rule, however, was neither observed by flight crew, nor enforced by the Federal Aviation Administration. (PLACEHOLDER: PRO VE)E MORE ON THIS) On September 1 1, 200Ltbe-ehallenges for would-be hijackers of domestic flights of U.S. civil aviation air camereJioilfid-tojiypiding prior notice by the American intelligence and law enforcement communities, and employing weapons and tactics capable of defeating the screening and aircraft defense systems then in place. A review of publicly available literature and/or the use of "test runs" would likely have improved the odds of accomplishing the latter. July 2001 Rulemaking Many of the challenges facing the civil aviation security system were well illustrated by the final rule revising Federal Aviation Regulation, Part 108, through which the FAA set the security framework for the airlines. That particular rulemaking began in August of
DRAFT
FOR INTERNAL USE ONLY 69
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
1997, but the final rule was not promulgated until almost four years later, on July 17, 2001, with an effective date of November 14, 2001. Based on a threat assessment that estimated the potential threat to domestic civil aviation to be "equivalent to some portion" of the Bojinka plot ("12.. .explosions.. .that involve the loss of an entire aircraft and incur a large number of fatalities"),240 the rule sought to make improvements in a number of areas including FAA inspection authority and compliance enforcement, training requirements for certain security personnel, and the issuance of Security Directives. In addition, as was often the case, over the course of the rulemaking process, certain FAA proposals were dropped in response to comments received from the interested public. •
The FAA had proposed to prohibit persons "from carrying a deadly or dangerous weapon, explosive, or incendiary" but was dropped in the final rule because, "the FAA has determined that airport operators.. .are able to handle such occurrences through their local laws that control the presence of weapons and other deadly items on airport property.. .While the FAA will not take action at this time, it will continue to assess the need for any future comprehensive security enhancements regarding weapons and other destructive substances that may be detrimental to the flying public." FAA had initially included an accountability compliance element for air carriers, including penalties. In response to the original proposal, comments were received as follows: "The UPS, the Denver Airport and ATA agree that individuals should be held accountable, but strongly object to delegating enforcement authority to the ah" carrier." In the final rule, the compliance program was deleted, while the comment period on the proposal was reopened, and the FAA indicated that "the omission of security compliance programs from the final rule does not stop an aircraft operator from voluntarily adopting a compliance program at any time." Lastly, the FAA had proposed that the air carrier be required to "detect and prevent" the carrying of explosives or dangerous weapons onto an aircraft or into a secure area. Comments received included: "Alaska Airlines, FedEx, UPS, United Express, CAA, RAA and ATA state that the air carrier cannot "detect" introduction of deadly or dangerous items 100% of the time; they believe that "deter" should be substituted for "detect" In the final rule, "the FAA has decided to accept the commenters' suggestion so the language.. .remains "prevent or jleter."_ Both phrases adequately reflect the overall intent that aircraft operators must use the measures in their security programs to keep deadly or dangerous weapons, explosives or incendiaries off the aircraft and out of the sterile area."241
While the FAA perhaps saw little distinction in this last change, the airlines viewed things somewhat differently. In testimony to the Commission, the current head of the airlines' Air Transport Association indicated that, "This fpre-9/11 aviation security! system was specifically design^ ar.cnrHing tr> statute actiiqllv. as a "prevent or deter" 9 system and was not a more DRAFT-
FOR INTERNAL USE ONLY 70
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
Conclusion (PLACEHOLDER FOR CONCLUSION INCLUDING THE ELEMENTS BELOW) The President's Commission on Aviation Security and Terrorism 1990 report finding that the FAA was "a reactive agency - preoccupied with responses to events to the exclusion of adequate contingency planning in anticipation of future threats" continued to hold true through 9/11/01 and in the immediate response to that disaster. Furthermore this reactive nature was present not just at the FAA but throughout the entire civil aviation security system, including the air carriers, the airports and Congress. In addition, this feature was built into the very nature of the system - which was driven by either cumbersome and time consuming rulemaking which could be hastened only in the aftermath of disasters or event-driven Security Directives. The public's own "threat assessment" was generally sanguine with respect to commercial aviation safety and security in the period leading up to 9/11. hi an ABC Poll taken just after the 1999 EgyptAir crash off the East Coast of the United States, 58% of the respondents indicated their belief that flying was safer than driving, while 39% chose driving as the safer. In a Fox News/Opinion Dynamics survey conducted during the same period, fully 78% cited poor maintenance as "a greater threat to airline safety" than terrorism, while just 15% selected terrorism as the principal threat.243
D
With such perceptions - and realities - and with a security system that was largely paid for and carried out by an industry which was still struggling economically, it is perhaps somewhat easier to understand some of the constraints operating on the aviation security system on September 11, 2001. But, as observed previously, even under such limitations and even with a pre-9/11 mindset, the system's flaws were well-known. As DOT Inspector General Kenneth Mead testified to the Commission: I think that the system we had in place before September 11th had in fact undergone incremental improvements over the years, especially in the last five or six, and I believe in fact provided a deterrent value for certain types of threat. Overall, though, the model on which the system was based did not work very well, and there were significant weaknesses in the protections it provided, even for the types of threats the system was designed to prevent.244
Q
On September 11,2001, the prescreening of civil aviation passengers in the United States was solely designed to prevent individuals from placing explosives in their checked baggage. The screening checkpoints were, geared to preventing the carrying on board an airliner of weapons with a metal content equal to or greater than a small handgun. Any items with a lesser metal content, say box cutters or short-bladed knives, would not have been detected, barring an effective physical search by a security screening workforce whose performance difficulties had been publicly documented by the General Accounting Office and others for over a decade.
DRAFT
FOR INTERNAL USE ONLY 71
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
In the event such a weapon were discovered, security checkpoint rules in effect at that time would have caused the box cutters to be placed in checked baggage, while shortbladed knives would have been permitted to be carried into the passenger cabin. Once onboard, a would-be hijacker would have been confronted with flight crew tactics which were designed to avoid attempts to overpower the hijackers and which did not address the possibility of suicidal intent. And all of these design features were, at least to some degree, knowable to interested parties via a review of the public record and/or carefully planned "test-runs." Determined, highly motivated individuals who were largely immune to whatever "deterrent" value was possessed by the civil aviation security system, who escaped notice in FAA Security Directives (which essentially supplied the pre-9/11 "no fly" lists for the air carriers), who used weapons with a metal content less than a small handgun, and who did not conform to the traditional, non-suicide hijacking paradigm were likely to be successful in hijacking an aircraft. Civil Aviation Security Reference Handbook, May 1999, Appendix D, p. 1 [SSI] U.S. Centennial of Flight Commission, "The Federal Aviation Administration and Its Predecessor Agencies," http://www.centennialofflight.gov/essaY/Government Role/FAA Historv/POLS.htm) 3 Federal Aviation Act of 1958; Public Law 85-726; 72 Stat. 737; 49 U.S.C. App. 1301 et. seq. "14CFR108.9 5 Including, among others, Aviation Security: Additional Actions Needed to Meet Domestic and International Challenges (GAO/RCED-94-38, January 27, 1994); Aviation Security: Urgent Issues Need to Be Addressed (GAO/T-RCED/NSIAD-96-251, September 11,1996); Aviation Security: Slow Progress in Addressing Long-Standing Screener Performance Problems (GAO/T-RCED-00-125, March 16,2000); and Aviation Security: Long-standing Problems Impair Airport Screener-s' Performance (GAO/RCED-00-75, June 28, 2000 6 Including Audit Report on Deployment of Explosives Detection Systems, October 5,1998 (AV-1999001); Statement on Aviation Security by Alexis Stefani, Deputy Assistant Inspector General for Aviation, before House Subcommittee on Aviation, May 14,1998 (AV-1998-134); Statement on Aviation Security by Alexis Stefani, Deputy Assistant Inspector General for Aviation, before House Subcommittee on Aviation, March 10,1999 (AV-1999-068); and Statement on Aviation Security by Alexis Stefani, Deputy Assistant Inspector General for Aviation, before Senate Aviation Subcommittee, April 6,2000 (AV-2000°76). 7 Security Sensitive Information (SSI) 8 Air Carrier Standard Security Program, 6/28/99, Appendix XIH.4.b(2), pp. 7-8. [SSI] 9 John Nance, Denial of Access: Hardening our Defenses Against Terrorist Manipulation of Commercial Aircraft," CCH Inc. Issues in Aviation Law and Policy, September 28,2001, p. 1. 10 Federal Aviation Administration, 2001 CD-ROM Terrorism Threat Presentation to Aviation Security Personnel at Airports and Air Carriers, Slide 24. [SSI] 11 Federal Register, July 17,2001, p. 37331. 12 Testimony of James C. May, Chairman and CEO, Air Transport Association of America, to National Commission on Terrorist Attacks Upon the United States at Hearing on Civil Aviation Security, May 22, 2003 13 Security Sensitive Information (SSI) 1
2
15 Andrew R. Thomas, Aviation Insecurity: The New Challenges of Air Travel (Amherst, NY: Prometheus Books, 2003), p. 140. 16
17
18
Air Transport Association, Airlines in Crisis: The Perfect Economic Storm, May 2003, pp. 9,25.
DRAFT-
FOR INTERNAL USE ONLY 72
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
U.S. Statutes at Large, 69th Congress, 1925-1927, Vol. 44 Part II, USGPO, 1927, pg 569. U.S. Centennial of Flight Commission, "Aviation Security," http://www.centennialofflight.gov/essav/Government Role/security/POLl 8.htm) 21 Aviation Terrorism and Security, Wilkinson and Jenkins, p. 10. 22 Civil Aviation Security Reference Handbook, May 1999, p.2 [SSI] 23 President's Commission on Aviation Security and Terrorism, Report to the President, Washington, DC, May 15, 1990, p. 160. 24 Rochester, Stuart I., Takeoff at Mid-Century: Federal Civil Aviation Policy in the Eisenhower Years 1953-1961, U.S. Department of Transportation, Federal Aviation Administration, Washington, DC, 1976, pp. 262-263. U.S. Department of Transportation, Federal Aviation Administration, Study and Report to Congress on Civil Aviation Security Responsibilities and Funding, 1998, p. 19. 26 Alexander T. Wells, Commercial Aviation Safety, third edition, 2001 27 FAA Historical Chronology, 1926-1996, www.faa.gov 28 FAA Historical Chronology, 1926-1996, www.faa.gov 29 29 FAA Historical Chronology, 1926-1996, www.faa.gov 30 Civil Aviation Security Reference Handbook, May 1999, Appendix D, p. 1 [SSI] 31 Civil Aviation Security Reference Handbook, May 1999, p. 2 [SSI] 32 Civil Aviation Security Reference Handbook, May 1999, p. 2.[SSI] 33 Civil Aviation Security Reference Handbook, May 1999, p. 2 [SSI] 34 Civil Aviation Security Reference Handbook, May 1999, Appendix D, p. 2 [SSI] 35 CMl Aviation Security Reference Handbook, May 1999, p. 2 [SSI] 36 CMl Aviation Security Reference Handbook, May 1999, p. 79. [SSI] 37 Kent, Richard J., Jr., Safe, Separated and Soaring: A History of Federal CMl Aviation Policy 1961-1972, U.S. Department of Transportation, Federal Aviation Administration, Washington, DC, 1980, p. 338. 38 CMl Aviation Security Reference Handbook, May 1999, Appendix D, p. 3. [SSI] 39 U.S. Department of Transportation, Federal Aviation Administration, Study and Report to Congress on Civil Aviation Security Responsibilities and Funding, 1998, p. 20. 40 FAA Historical Chronology, 1926-1996, www.faa.gov 41 Testimony of Paul Busick to Senate Committee on Governmental Affairs, Hearing on "Weak Links: How Should the Federal Government Manage Airline Passenger and Baggage Screening?" September 25, 2001, S. Hrg. 107-208, p. 110; and CMl Aviation Security Reference Handbook, May 1999, Appendix D, p. 3 [SSI] /'. ;> 42 Congressional Quarterly, 1974 CQ Almanac, pp. 275-276 43 CMl Aviation Security Reference Handbook, May 1999, pp. 14,41 [SSI] 44 Congressional Quarterly, 1974 CQ Almanac, pp. 275-276 45 Congressional Quarterly, 1974 CQ Almanac, pp. 275-276 46 U.S. Department of Transportation, Federal Aviation Administration, Study and Report to Congress on Civil Aviation Security Responsibilities and Funding, 1998, p. 20. 47 CMl Aviation Security Reference Handbook, May 1999, p. 9 [SSI] 48 Rodney Wallis, "The Role of the International Aviation Organisations in Enhancing Security," in Wilkinson and Jenkins, eds., Aviation Terrorism and Security (London and Portland, OR: Frank Cass Publishers, 1999), pp. 87-88.. 49 CMl Aviation Security Reference Handbook, May 1999, p. 131 [SSI] 50 CMl Aviation Security Reference Handbook, May 1999, p. 131 [SSI] 51 CMl Aviation Security Reference Handbook, May 1999, Appendix D, p. 5 [SSI] 52 CMl Aviation Security Reference Handbook, May'l 999, p. 2 [SSI] 53 CMl Aviation Security Reference Handbook, May 1999, Appendix D, pp. 8-12 [SSI] 54 Alexander T. Wells, Commercial Aviation Safety, third edition (New York: McGraw-Hill, 2001), p. 303. 55 See attached indictment of Libyan terrorist convicted in the bombing, and the attached press story about the incident. 56 See Criminal Acts Against Aviation report, and testimony by Paul Bremer before House Foreign Relations Committee on February 9, 1989. 57 Alexander T. Wells, Commercial Aviation Safety, third edition (New York: McGraw-Hill, 2001), p. 303. 58 See floor statement by Sen. Robert Dole 19
20
DRAFT
FOR INTERNAL USE ONLY 73
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
59
Civil Aviation Security Reference Handbook, May 1999, p. 18 [SSI] See attached copy of the executive order, press accounts, and statements by Sen. Robert Dole. 62 Report of the President's Commission on Aviation Security and Terrorism, Washington, D.C., 1990, p. i 63 See attached list of Commission recommendations; copy of PL 204-604; 64 See copy of 104-604, and cross reference to commission recommendations. 65 Federal Aviation Administration, Criminal Acts Against Civil Aviation 1996, pp. 50-52,56-57. 66 Daniel Benjamin and Steven Simon, The Age of Sacred Terror (New York: Random House, 2002), pp. 20-26. 67 Interview of Patrick McDonnell, September 24, 2003. 68 Andrew R. Thomas, Aviation Insecurity: The New Challenges of Air Travel (Amherst, NY: Prometheus Books, 2003), note 10, p. 248. 69 Final Report of the White House Commission on Aviation Safety and Security, Washington, D.C., 1997 70 Letter from Claudio Manno to Joint Inquiry Chairs and Vice-Chairs, February 4, 2003, response to Question 12. [SSI] 71 Letter from Claudio Manno to Joint Inquiry Chairs and Vice-Chairs, February 4, 2003, response to Question 12. [SSI] 72 ASAC Security Baseline Working Group, Summary and Recommendations of the Final Report of the Baseline Working Group, December 12, 1996. 73 ASAC Security Baseline Working Group, Summary and Recommendations of the Final Report of the Baseline Working Group, December 12, 1996. 74 ASAC Security Baseline Working Group, Summary and Recommendations of the Final Report of the Baseline Working Group, December 12, 1996. 75 ASAC Security Baseline Working Group, Summary and Recommendations of the Final Report of the Baseline Working Group, December 12, 1996. 76 Baseline Working Group, Domestic Security Baseline Final Report, Washington, DC, December 12, 1996, Appendix A, p. 1. [SSI]; and U.S. Department of Transportation, Federal Aviation Administration, Study and Report to Congress on Civil Aviation Security Responsibilities and Funding, 1998, p. 47. 77 Executive Order 13015, August 22, 1996, FR Doc. 96-21996 78 Final Report of the White House Commission on Aviation Safety and Security, Washington, D.C., 1997 79 White House Commission on Aviation Safety and Security DOT Status Report, February 1998; White House Commission on Aviation Safety and Security DOT Status Report, February 1999; White House Commission on Aviation Safety and Security Status of Implementation of Recommendations: Public Version, October 2000. 80 Appendix I, "Commissioner Cummock Dissent Letter," in Final Report of the White House Commission on Aviation Safety and Security, Washington, D.C., 1997 81 NOTE: This point partially addresses Ae 9/11 Families' question: Why were timelines scrapped from the Gore Commission recommendations? 82 Final Report of the White House Commission on Aviation Safety and Security, Washington, D.C., 1997; White House Commission on Aviation Safety and Security DOT Status Report February 1998; White House Commission on Aviation Safety and Security February 1999; White House Commission on Aviation Safety and Security Status of Implementation of Recommendations October 2000: Public Version. 83 Federal Aviation Reauthorization Act of 1996; Public Law 104-264; 110 Stat. 3213 84 Airport Security Improvement Act of 2000; P.L. 106-528; 114 Stat. 2521 85 Final Report of the White House Commission on Aviation Safety and Security, Washington, D.C., 1997 86 Conference Report to accompany HR 3539, Federal Aviation Reauthorization Act of 1996, H. Report 104-848, p. 92 87 Jane Garvey Testimony to the Senate Committee on Commerce, Science and Transportation, Confirmation Hearing, June 24,1997, p.59. 88 Testimony of Kenneth Mead, Inspector General of DOT, to National Commission on Terrorist Attacks Upon the United States at Hearing on Civil Aviation Security, May 22,2003; and Andrew R. Thomas, Aviation Insecurity: The New Challenges of Air Travel (Amherst, NY: Prometheus Books, 2003), p. 44. 89 Alexander T. Wells, Commercial Aviation Safety, third edition (New York: McGraw-Hill, 2001), p. 307. 90 Final Report of the White House Commission on Aviation Safety and Security, Washington, DC, 1997.
60 61
DRAFT-
FOR INTERNAL USE ONLY 74
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
Steven Brill, After: How America Confronted the September 12 Era, (New York: Simon & Schuster, 2003), p. 31 92 Alexander T. Wells, Commercial Aviation Safety, third edition (New York: McGraw-Hill, 2001), pp. 302-303. 93 National Research Council, Making the Nation Safer: The Role of Science and Technology in Countering Terrorism (Washington, DC: The National Academies Press, 2002), p. 219. 94 U.S. Centennial of Flight Commission, "The Federal Aviation Administration and Its Predecessor Agencies," http://www.centennialofflight.gov/essay/Government_Role/FAAHistory/POLS.htm 95 Remarks of Carol B. Hallett, President, Air Transport Association, to the ALPA Safety Forum, Washington, DC, August 16, 2001 96 Interview of Cathal "Irish" Flynn, September 9,2003. 97 PBS NewsHour with Jim Lehrer, July 25, 1996. 98 Civil Aviation Security Reference Handbook, May 1999, p. 119. [SSI] 99 Andrew R. Thomas, Aviation Insecurity: The New Challenges of Air Travel (Amherst, NY: Prometheus Books, 2003), p. 115. 100 Alexander T. Wells, Commercial Aviation Safety, third edition (New York: McGraw-Hill, 2001), p. 308 101 Report of the President's Commission on Aviation Security and Terrorism, Washington, DC, 1990, p. i. 91
102 103 Letter from Susan O. Rork, Managing Director - Security, Air Transport Association, to Admiral Cathal Flynn, Associate Administrator for Civil Aviation Security, FAA, May 23, 1997. [SSI] 104
Title 49 USC Chapter 449 Subitle VII Part A subpart iii Section 44903 (b) Alexander T. Wells, Commercial Aviation Safety, third edition (New York: McGraw-Hill, 2001), p. 307 and Legal Information, US Code Collection, http://www4.law.cornell.edu/uscode/49/ 107 Legal Information Institute, US Code Collection, http://www4.law.cornell.edu/uscode/49/40101.html 10814 CFR yy. ^ Alexander T. Wells, Commercial Aviation Safety, third edition (New York: McGrawHill, 2001), pp. 220-223. 109 Steven Brill, After: How America Confronted the September 12 Era, (New York: Simon & Schuster, 2003), p. 63. ' 10 NOTE: This point partially addresses the 9/11 Families' question: Were box cutters prohibited items or not? 111 Alexander T. Wells, Commercial Aviation Safety, third edition (New York: McGraw-Hill, 2001), pp. 220-221. ?• .£ 112 Alexander T. Wells, Commercial Aviation Safety, third edition (New York: McGraw-Hill, 2001), p. 221. 113 Testimony of Mike Canavan, former FAA Associate Administrator for Civil Aviation Security, to National Commission on Terrorist Attacks Upon the United States at Hearing on Civil Aviation Security, May 23, 2003. 114 NOTE: This point partially addresses the 9/11 Families question: Why did screening contractors pay 10 cents on the dollar for fines imposed on them for violations? 115 Testimony of Mary Schiavo, former Inspector General of the department of Transportation, to National Commission on Terrorist Attacks Upon the United States at Hearing on Civil Aviation Security, May 23, 2003. us NOTE: This point partially addresses the 9/11 Families question: Why did screening contractors pay 10 cents on the dollar for fines imposed on them for violations? 117 Alexander T. Wells, Commercial Aviation Safety, third edition (New York: McGraw-Hill, 2001), p. 210. 118 Interview of Bruce Butterworth, September 29,2003. 105
106
^«*Uit*^
119
120 121 Alexander T. Wells, Commercial Aviation Safety, third edition (New York: McGraw-Hill, 2001), pp. 305-306; and Legal Information Institute, US Code Collection, http://www4.law.cornell.edu/uscode/49/44931 -44934.html) 122 Civil Aviation Security Reference Handbook, May 1999, pp. 64-68. [SSI] '\3 Civil Aviation Security Reference Handbook, May 1999, pp. 68-73. [SSI] " 124 Civil Aviation Security Reference Handbook, May 1999, pp. 74-76. [SSI] 125 Civil Aviation Security Reference Handbook, May 1999, pp. 82. [SSI]
DRAFT
FOR INTERNAL USE ONLY 75
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
Civil Aviation Security Reference Handbook, May 1999, pp. 64-77. [SSI] Andrew R. Thomas, Aviation Insecurity: The New Challenges of Air Travel (Amherst, NY: Prometheus Books, 2003), pp. 57-58. 128 Civil Aviation Security Reference Handbook, May 1999, p. 80. [SSI] 129 Federal Aviation Administration, Aviation Security 1950-2000 (internal document), pp. 27-28. 130 U.S. Centennial of Flight Commission, "The Federal Aviation Administration and Its Predecessor Agencies," http://www.centennialofflight.gov/essav/Govemment_Role/FAAHistorv/POLS.htm) 131 Andrew R. Thomas, Aviation Insecurity: The New Challenges of Air Travel (Amherst, NY: Prometheus Books, 2003), p. 42. 132 Federal Aviation Act of 1958; Public Law 85-726; 72 Stat. 737; 49 U.S.C. App. 1301 et. seq. 133 Mary Schiavo, Flying Blind, Flying Safe (Avon Books, 1997), p. 51. 134 Federal Aviation Administration, FAA Historical Chronology, 1926-1998, www.faa.gov '35http://thomas.loc.gov/cgi-bin/auerv/F?rl04:3:./temD/~rl04MKlDXY:e95670 136 Conference Report to accompany HR 3539, Federal Aviation Reauthorization Act of 1996, H. Report 104-848, p. 92. 137 Legal Information Institute, US Code Collection, http://www4.law.cornell.edu/uscode/49/40101 .html 138 Testimony of Kenneth Mead, Inspector General of DOT, to National Commission on Terrorist Attacks Upon the United States at Hearing on Civil Aviation Security, May 22,2003 139 14 CFR Part 108, 1-01-01 Edition 140 Federal Register, July 17,2001, p. 37335. 141 Air Carrier Standard Security Program, 6/28/99, p.10. [SSI] 142 Testimony of Robert W. Baker, Vice Chairman of American Airlines, to Senate Committee on Governmental Affairs Hearing on "Weak Links: How Should the Federal Government Manage Airline Passenger and Baggage Screening?" S. Hearing 107-208, September 25,2001, pp. 107-108. 143 Testimony of Gerald L. Dillingham, General Accounting Office, to Senate Aviation Subcommittee of the Committee on Commerce, Science and Transportation at Hearing on Vulnerabilities in Aviation Security System, April 6,2000 144 Air Carrier Standard Security Program, Appendix I [SSI] 145 NOTE: This point partially addresses the 9/11 Families' questions: Were box cutters prohibited items or not? And on the status of mace and pepper spray. 146 Testimony of James C. May, Chairman and CEO, Air Transport Association of America, to National Commission on Terrorist Attacks Upon the United States at Hearing on Civil Aviation Security, May 22, 2003 r -V 147 NOTE: This point partially addresses the 9/11 Families' question: Were box cutters prohibited items or not? 148 Checkpoint Operations Guide, Revision 007, September 10,2001, pp. 5-6 through 5-9 [SSI] 149 NOTE: This point partially addresses the 9/11 Families' questions: Were box cutters prohibited items or not? And on the status of mace and pepper spray. 150 Air Carrier Standard Security Program, Section V, Change 56, 5/1/2000, pp. 50-54. [SSI] 151 Air Carrier Standard Security Program, Section VI, Change 38,2/1/94, pp. 60-62. [SSI] 152 Testimony of Kenneth Mead, Inspector General, US Department of Transportation, to Senate Committee on Governmental Affairs at Hearing on Weak Links: How Should the Federal Government Manage Airline Passenger and Baggage Screening, September 25,2001, S. Hrg. 107-208, p. 80. 153 Testimony of Jane Garvey, former FAA Administrator, to National Commission on Terrorist Attacks Upon the United States, at Hearing on Civil Aviation Security, May 22,2003 15 NOTE: This point partially addresses the 9/11 Families' question: What tactics did pilots learn to respond to hijackers? Were these tactics followed? 155 Air Carrier Standard Security Program, Change 56, 5/1/2000 [SSI] "6 NOTE: This point partially addresses the 9/11 Families' question: What tactics did pilots learn to respond to hijackers? Were these tactics followed? 157 Alexander T. Wells, Commercial Aviation Safety, third edition (New York: McGraw-Hill, 2001), p. 210. 158 Civil Aviation Security Reference Handbook, May 1999, p. 133. [SSI] 159 Interview of Admiral James Underwood, September 17,2003. 160 ASAC Security Baseline Working Group, Summary and Recommendations of the Final Report of the Baseline Working Group, December 12, 1996. 126
127
DRAFT.
FOR INTERNAL USE ONLY
76
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
Civil Aviation Security Reference Handbook, May 1999, pp. 133-134. [SSI] Civil Aviation Security Reference Handbook, May 1999, p. 134. [SSI] 163 Civil Aviation Security Reference Handbook, May 1999, p. 131. [SSI] 164 Letter from James C. May, President and CEO, Air Transport Association, to National Commission on Terrorist Attacks Upon the United States, August 18, 2003, pp. 8-9. 165 Air Transport Association, Annual Report, 1998. 166 Air Transport Association, Airlines in Crisis: The Perfect Economic Storm, May 2003, p. 9. 167 Andrew R. Thomas, Aviation Insecurity: The New Challenges of Air Travel (Amherst, NY: Prometheus Books, 2003), p. 94. 158 Civil Aviation Security Reference Handbook, May 1999, pp. 114-115. [SSI] 169 On 9/11/01, the governing authority was 14 CFR Part 107,1-01-01 Edition. 170 Civil Aviation Security Reference Handbook, May 1999, p. 114. [SSI] 171 Civil Aviation Security Reference Handbook, May 1999, pp. 119-120, 125. [SSI] 172 Civil Aviation Security Reference Handbook, May 1999, p. 115. [SSI] 173 Civil Aviation Security Reference Handbook, May 1999, pp. 117-118. [SSI] 174 Civil Aviation Security Reference Handbook, May 1999, p. 120. [SSI] 175 Testimony of Gerald L. Dillingham, General Accounting Office, to Senate Aviation Subcommittee of the Committee on Commerce, Science and Transportation at Hearing on Weaknesses in Airport Security and Options for Assigning Screening Responsibilities, September 21,2001. 176 Testimony of Kenneth Mead, Inspector General, Department of Transportation, to Senate Committee on Governmental Affairs at Hearing on Weak Links: How Should the Federal Government Manage Airline Passenger and Baggage Screening, September 25, 2001, S. Hrg. 107-208, p. 80. 177 Executive Order 12333 issued by President Ronald Reagan on December 4, 1981 161
162
178 179 ISO
in
182 183 Derived from a search of the Congressional Daily Digest and a word search of the Congressional Record using the search words "aviation security." 184 Search of the Congressional record using the search words "aviation security." 185 GAOinfo....TBD
186
CRS memo on funding.
:
T
See House Rpt 106-622. 188 Report of the President's Commission on Aviation Security and Terrorism, Washington, D.C., 1990, p. 4189 0 . . . :. . • . - ' . 187
190 191
'
192 193 194
195
[SSI]
Brian Jenkins, "Aviation Security in the United States," in Wilkinson and Jenkins, eds., Aviation Terrorism and Security (London and Portland, OR: Frank Cass Publishers, 1999), p. 106. 196
Final Report of the White Commission on Aviation Safety and Security, Washington, DC, 1997. 14 CFR 108.9 199 [SSFJ
197
198
200 201 202 203
U
204
[SECRET]
Chronology; www.faa.gov 206 Letter from ATA to the Commission dated (See May letter). 205
DRAFT
FOR INTERNAL USE ONLY 77
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
207 Air
Carrier Standard Security Program, Appendix XV, Change 39, 3/15/94, pp. 1-9 [SSI] Carrier Standard Security Program, Appendix XV, Change 39, 3/15/94, pp. 1-9 [SSI] 209 Including, among others, Aviation Security: Additional Actions Needed to Meet Domestic and International Challenges (GAO/RCED-94-38, January 27, 1994); Aviation Security: Urgent Issues Need to Be Addressed (GAO/T-RCED/NSIAD-96-25 1 , September 11,1 996); Aviation Security: Slow Progress in Addressing Long-Standing Screener Performance Problems (GAO/T-RCED-00-125, March 16, 2000); and Aviation Security: Long-standing Problems Impair Airport Screeners ' Performance (GAO/RCED-00-75, June 28, 2000 210 Including Audit Report on Deployment of Explosives Detection Systems, October 5, 1998 (AV-1999001); Statement on Aviation Security by Alexis Stefani, Deputy Assistant Inspector General for Aviation, before House Subcommittee on Aviation, May 14, 1998 (AV-1998-134); Statement on Aviation Security by Alexis Stefani, Deputy Assistant Inspector General for Aviation, before House Subcommittee on Aviation, March 10, 1999 (AV-l 999-068); and Statement on Aviation Security by Alexis Stefani, Deputy Assistant Inspector General for Aviation, before Senate Aviation Subcommittee, April 6, 2000 (AV-2000076). 21 ' Air Carrier Standard Security Program, 6/28/99, Appendix XIII.4.b(2), pp. 7-8. [SSI] 212 John Nance, Denial of Access: Hardening our Defenses Against Terrorist Manipulation of Commercial Aircraft," CCH Inc. Issues in Aviation Law and Policy, September 28, 2001 , p. 1 . 213 Testimony of Jane Garvey, former FAA Administrator, to National Commission on Terrorist Attacks Upon the United States at Hearing on Civil Aviation Security, May 22, 2003. 21 Brian Jenkins, "Aviation Security in the United States," in Wilkinson and Jenkins, eds., Aviation Terrorism and Security (London and Portland, OR: Frank Cass Publishers, 1999), p. 104. 215 Testimony of Gerald L. Dillingham, General Accounting Office, to Senate Aviation Subcommittee of the Committee on Commerce, Science and Transportation at Hearing on Vulnerabilities in Aviation Security System, April 6, 2000 216 Brian Jenkins, "Aviation Security in the United States," in Wilkinson and Jenkins, eds., Aviation Terrorism and Security (London and Portland, OR: Frank Cass Publishers, 1999), pp. 104,108. 217 Brian Jenkins, "Aviation Security in the United States," in Wilkinson and Jenkins, eds., Aviation Terrorism and Security (London and Portland, OR: Frank Cass Publishers, 1999), pp. 1 10-1 11. 208 Air
218
219
220 FAA
Security Directive 97-0 1C issued on May 26th, 1998 ; Federal Aviation Administration, 2007 CD-ROM Terrorism Threat Presentation to Aviation Security Personnel at Airports and Air Carriers, Slide 24. [SSI] 222 [SSI] 223 See Security Directives as submitted by the FAA in Commission document request 224 See the Information Circulars as submitted by the FAA in Commission document request 221
Interview of Claudio Manno, October 1, 2003; and Interview of Patrick McDonnell, September 24, 2003. 228
229
230 Including, among others, Aviation Security: Additional Actions Needed to Meet Domestic and International Challenges (GAO/RCED-94-38, January 27, 1994); Aviation Security: Urgent Issues Need to Be Addressed (GAO/T-RCED/NSIAD-96-25 1 , September 11,1996); Aviation Security: Slow Progress in Addressing Long-Standing Screener Performance Problems (GAO/T-RCED-00-125, March 16, 2000); and Aviation Security: Long-standing Problems Impair Airport Screeners ' Performance (GAO/RCED-00-75, June 28, 2000 231 Including Audit Report on Deployment of Explosives Detection Systems, October 5, 1998 (AV-1999001); Statement on Aviation Security by Alexis Stefani, Deputy Assistant Inspector General for Aviation, before House Subcommittee on Aviation, May 14, 1998 (AV-1998-134); Statement on Aviation Security by Alexis Stefani, Deputy Assistant Inspector General for Aviation, before House Subcommittee on Aviation, March 10, 1999 (AV-l 999-068); and Statement on Aviation Security by Alexis Stefani, Deputy
DRAFT-
FOR INTERNAL USE ONLY
78
DRAFT
DRAFT
FOR INTERNAL USE ONLY
DRAFT
Assistant Inspector General for Aviation, before Senate Aviation Subcommittee, April 6, 2000 (AV-2000076). 232 14CFR108.9 233
Federal Register, July 17, 2001, p. 37331. Testimony of James C. May, Chairman and CEO, Air Transport Association of America, to National Commission on Terrorist Attacks Upon the United States at Hearing on Civil Aviation Security, May 22, 2003 236 Interview of James Underwood, September 17, 2003. 237 [SSI] 238 Air Carrier Standard Security Program, 6/28/99, Appendix XIII.4.b(2), pp. 7-8. [SSI] 239 John Nance, Denial of Access: Hardening our Defenses Against Terrorist Manipulation of Commercial Aircraft," CCH Inc. Issues in Aviation Law and Policy, September 28, 2001, p. 1. 240 Federal Register, July 17,2001, p. 37352 241 Federal Register, July 17, 2001, pp. 37335-37336, 37339,37340-37341. 242 Testimony of James C. May, President and CEO, Air Transport Association of America, to National Commission on Terrorist Attacks Upon the United States at Hearing on Civil Aviation Security, May 22, 2003 243 ABC News Poll by TNS Intersearch, November 1999, N=l,024, MoE +,- 3%: "Which do you feel is safer: flying in a commercial airplane or driving in a car?" Flying 58%, Driving 39%, No Opinion 8%; and Fox News/Opinion Dynamics Poll, Nov. 3-4,1999, N=900, MoE +,- 3%: "Which do you think is the greater threat to airline safety: terrorist attacks or poor maintenance?" Poor Maintenance 78%, Terrorist Attacks 15%, Not Sure 7%. 244 Testimony of Kenneth Mead, DOT IG, to National Commission on Terrorist Attacks Upon the United States at Hearing on Civil Aviation Security, May 22, 2003. 234
235
o
Q DRAFT
FOR INTERNAL USE ONLY 79
DRAFT