Dave Hoffman (law, Temple) over at the Conglomerate blog, has written a very thoughtful retort to a recent post of mine (cross-posted at PrawfsBlawg and Balkinization) regarding the searching of baggage on NYC subways. I argued that:
It is another big waste of money and time, as well as a needless invasion of civil liberties — all for a cosmetic security benefit. There are 4.5 million passengers each day on the NYC subways. What good could a few random checks do? The odds of the police finding the terrorist with a bomb this way are about as good as the odds of being hit by lightning. I doubt it will have much of a deterrent effect either.
Dave argues that I’m “underestimating the effect of random searches on public safety.” I am not much of an expert in behavioral law and economics and deterrence, so I’m straying far away from my turf. But I’ll try my best to defend the territory I’ve wandered onto.
Dave argues: “Terrorists are notoriously risk averse – they obey the law punctiliously until they attack. Thus, even a relatively minor risk of being caught will act as a very large deterrent, forcing terrorists to find other paths.” Really? Since when are terrorists risk adverse? Anybody willing to blow oneself up in the process of committing his or her crime is hardly risk adverse. And I just don’t see the relevance of the fact that terrorists obey the law prior to engaging in terrorism. However, suppose Dave were correct and the terrorists would “find other paths.” There are so many other targets that are even more dangerous and damaging. So we close off one target but leave the rest unguarded. Are we really any safer?
Dave also contends that if the police vary the number of searches, it will make it “hard for terrorists to intelligently evaluate the likelihood of being stopped on any given trip.” But unless the number of searches were really great in proportion to the number of subway riders (4.5 million each day), the variation would be relatively small. Wouldn’t the terrorists think that if three or four of them tried to bomb the subway on a given day, probably all (or at least most) would get through without being searched?
Dave argues that “there is a good argument that terrorists, subject to human behavioral tics, are likely to vastly overestimate the likelihood of being caught and therefore be more deterred than rational terrorists (what a contradiction in terms that is!) would be.” But Dave forgets that many terrorists are different from ordinary criminals in that terrorists are often on a suicide mission. They care about getting caught only because their mission might fail, not because of any potential legal sanction that might be imposed. If Dave is right, why on 9-11 did the terrorists try to use planes? Why not try some other means of terrorism? After all, planes involve a lot of security whereas other targets don’t. Wouldn’t the “risk-adverse” terrorist who might overestimate being caught attempt something else? Why did they go to flight school and expose themselves at many points to being detected when they could have tried something different? I’m certainly no expert on terrorist behavior, but I’m not very convinced by Dave’s theory.
Dave says: “Will terrorists then move on to other targets of opportunity? Probably. But forcing them to do so would be a victory.” I’m not so sure. This depends upon what the other targets are. Is it a victory to stop a terrorist from bombing a subway car and killing 40 people so that the terrorist decides instead to blow up a building or mall killing thousands?
Dave says I speak of two kinds of costs – law enforcement costs and civil liberties costs. For law enforcement costs, Dave argues that I neglect the other law enforcement benefits such as catching drug use and guns. True, the searching might help the police enforce other criminal laws, but I worry that the “special justifications” for fighting terrorism will then be used as a way to conduct general policing. The issue is whether we want ordinary crime policed at the same degree of invasiveness as terrorism.
The civil liberties costs are high, which Dave admits. There are also other costs as well, such as inconvenience and hassle, something which New Yorkers don’t like very much. Frankly, I wonder how long New Yorkers will be willing to put up with these searches.
Now, of course, let’s assume that the searches are not done using some kind of racial profiling – that they truly are random. If they’re not, then we need to address the profiling issue, which involves another cost Dave isn’t accounting for.
Finally, I’m a bit confused by Dave’s example. He uses a model of 1000 random searches per day, and calculates a “7% chance of being searched over the course of a year of weekdays.” I don’t know enough to say whether his rough calculations are correct, but I question the basic underlying assumption. Why look over the course of a year? Doesn’t this assume that a person rides the subway each and every day? Are terrorists likely to ride regularly each day and always be transporting materials for their plot on the subway each time?
Dave makes his arguments with humility, admitting that many of his points are made based on assumptions and models of behavior that he’s not entirely sure are correct. My arguments are made with a similar humility. I’m speculating a lot and am resting on a number of assumptions too.
There is one argument Dave doesn’t raise against my position that is worth thinking about. He might contend that even if I’m right that the searching provides mostly a “cosmetic” benefit, is there still a benefit worth considering? If a cosmetic but ineffective security measure makes people feel better, doesn’t making people feel better have value? So if Security Measure X is much less effective and more costly than Security Measure Y, but X makes people feel much better, to what extent should this attribute weigh in the balance? But even if we can placate people based on false perceptions, should we?
* * * *
This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics. Professor Solove also posts at his blog at LinkedIn. His blog has more than 1 million followers.
Professor Solove is the organizer, along with Paul Schwartz, of the Privacy + Security Forum and International Privacy + Security Forum, annual events designed for seasoned professionals.
If you are interested in privacy and data security issues, there are many great ways Professor Solove can help you stay informed:
* LinkedIn Influencer blog